Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
PT 4
| Question | Answer |
|---|---|
| You have been hired as a security expert to implement a security solution to protect an organization from external threats. The solution should provide packet filtering, VPN support, network monitoring, and deeper inspection capabilities that give the organization a superior ability to identify attacks, malware, and other threats. Which of the following security solutions will you implement to meet the requirement? Antivirus Anti-malware Next-generation firewall (NGFW) Endpoint detection and resp | Next-generation firewall (NGFW) |
| Which of the following statements are true regarding Cloud-based security vulnerabilities? (Choose all the apply) Secure APIs Misconfigured Cloud Storage Poor Access Control Shared Tenancy | Misconfigured Cloud Storage Poor Access Control Shared Tenancy |
| You have been tasked to implement a solution to send product offers to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store. What solution will you implement in order to achieve that? Push notifications Remote wipe Geofencing Geolocation | Geofencing |
| You have been tasked to implement a solution to increase the security of your companys local area network (LAN). All of the companys external-facing servers (Web server, Mail server, FTP server) should be placed in a separate area in order to be accessible from the internet, but the rest of the internal LAN to be unreachable. Which of the following techniques will you implement to meet the requirement? DNS VLAN VPN DMZ | DMZ |
| One of the features of SNMPv3 is called message integrity. TRUE FALSE | TRUE |
| As a security expert of your company you are responsible for preventing unauthorized (rogue) Dynamic Host Configuration Protocols servers offering IP addresses to the clients. Which of the following security technology will you implement to meet the requirement? Jump server DHCP snooping BPDU guard MAC filtering | DHCP snooping |
| You have been tasked to access a remote computer for handling some administrative tasks over an unsecured network in a secure way. Which of the following protocols will you use to access the remote computer to handle the administrative tasks? SSH LDAPS SRTP HTTPS | SSH |
| It has been noticed the Wi-Fi of your company is slow and sometimes not operational. After investigation, you noticed this caused by channel interference. Which of the following solutions will you implement to avoid problems such as channel interference when you build your WLAN? Captive portal You can't avoid channel interference WiFi Protected Setup Heat maps | Heat maps |
| Your manager trying to understand the difference between SFTP and FTPS. So, he asked you to explain the difference between those. Which of the following statements are correct? (Choose all that apply.) FTPS, also known as FTP Secure or FTP-SSL FTPS authenticates your connection using a user ID and password or SSH Keys SFTP protocol is packet-based as opposed to text-based making file and data transfers faster SFTP authenticates your connection using a user ID and password, a certificate, or both | FTPS, also known as FTP Secure or FTP-SSL SFTP protocol is packet-based as opposed to text-based making file and data transfers faster SFTP, also known as SSH FTP, encrypts both commands and data while in transmission |
| A _____________ certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). These certificates are created, issued, and signed by the company or developer who is responsible for the website or software being signed. Code signing certificates Wildcard Self-signed Subject alternative name | Self-signed |
| Which of the following options are authentication protocols? (Choose all the apply) WPA2 EAP WPA3 PEAP RADIUS | EAP PEAP RADIUS |
| WiFi ____________ Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster, easier, and more secure. Protected Secured Faster Easier | Protected |
| Which of the following authentication protocols allows you to use an existing account to sign in to multiple websites, without needing to create new passwords? Kerberos TACACS+ OpenID OAuth | OpenID |
| In the form of Rule-Based Access Control, data are accessible or not accessible based on the users IP address. FALSE TRUE | TRUE |
| You have been tasked to implement a solution to encrypt data as it is written to the disk and decrypt data as it is read off the disk. Which of the following solution will you implement to meet the requirement? Trusted Platform Module Self-encrypting drive (SED) / full-disk encryption (FDE) Sandboxing Root of trust | Self-encrypting drive (SED) / full-disk encryption (FDE) |
| For security and monitoring purposes your company instructed you to implement a solution so that all packets entering or exiting a port should be copied and then should be sent to a local interface for monitoring. Which of the following solution will you implement in order to meet the requirement? Quality of service (QoS) File Integrity Monitoring Port mirroring Access control list (ACL) | Port mirroring |
| The network administrator from your company notices that the network performance has been degraded due to a broadcast storm. Which of the following techniques will you recommend to the network administrator in order to reduce broadcast storms? (Choose all that apply) Split up your broadcast domain Check how often ARP tables are emptied Check for loops in switches Allow you to rate-limit broadcast packets Split up your collision domain | Split up your broadcast domain Check how often ARP tables are emptied Check for loops in switches Allow you to rate-limit broadcast packets |
| Which of the following options are cryptographic protocols? (Choose all the apply) | SAE WPA2 CCMP WPA3 |
| Which of the following tools can you use to perform manual DNS lookups? Assuming you are working on a Linux environment. (Choose all that apply) pathping ifconfig route dig nslookup | dig nslookup |
| You have been noticed that the email server doesnt work. Your manager said that someone from the company changed the DNS records (MX) of the email server. Which of the following commands will you type to find the new MX records of the server? tracert nslookup ping ipconfig | nslookup |
| Natalie is responsible for the security of web servers and is configuring the WAF to allow only encrypted traffic to and from the web server, including from administrators using the command-line interface. What should she do? A. Open port 80 and 23, block port 443 B. Open port 443 and 23, block port 80 C. Open port 443 and 22 and block 80 and 23 D. Open port 443 and block all other ports | C. Open port 443 and 22 and block 80 and 23 |
| Trent noticed that a web application used by his company doesn’t handle multithreading properly. This could allow an attacker to exploit this vulnerability and crash the server. What type of error was discovered? A. Buffer overflow B. Logic bomb C. Race conditions D. Improper error handling | C. Race conditions |
| Lamar manages the account management for his company. He’s worried about hacking tools that use rainbow tables. Which of the following is the most beneficial for mitigating this threat? A. Password complexity B. Password age C. Password expiration D. Password length | D. Password length |
| Which of the following provides an example of stream cipher? A. AES B. DES C. 3DES D. RC4 | D. RC4 |
| You work for Macy’s. The web server certificate has been revoked and you have some customers receiving errors when they connect to the website. What is the corrective action you must take? A. Renew the certificate B. Create and use a self-signed certificate C. Request a certificate from the key escrow D. Generate a new key pair and a new certificate | D. Generate a new key pair and a new certificate |
| Nate is the network administrator responsible for the database cluster at his company. His connections are load-balanced in the cluster with each new connection being sent to the next server in the cluster. What type of load-balancing is being implemented? A. Round-robin B. Affinity C. Weighted D. Rotating | A. Round-robin |
| Which one uses two mathematically-related keys to secure the data during transmission? A. Twofish B. 3DES C. RC4 D. RSA | D. RSA |
| f the following cloud service models, which service gives the consumer the ability to use applications provided by the cloud service provider over the Internet? A. SaaS B. PaaS C. IaaS D. CaaS | A. SaaS |
| Lonnie has been assigned the task of choosing a backup communication method for his company in the case of a disaster that disrupts normal communication. Which option provides the most reliability? A. Cellular B. WiFi C. SATCOM D. VoIP | C. SATCOM |
| Scott is using smart cards for authentication into his company network. He’s working to classify the type of authentication for a report that’s due to his CIO. What type of authentication is Scott using? A. Type I B. Type II C. Type III D. Strong | B. Type II |
| Of the listed principles, which one is typically included in a BPA? A. Clear statements that detail customer and service provider's expectations B. An agreement that specific functions/services will be delivered at an agreed-upon level of performance C. Profit sharing/losses and the addition/subtraction of a partner D. Security requirements associated with interconnecting IT systems | C. Profit sharing/losses and the addition/subtraction of a partner |
| Tanner has been given permission to run a vulnerability scan on the company’s wireless network infrastructure. During the scan, he finds that ports 20 and 21 are open on most of the devices. What protocol is usually assigned to these ports? A. FTP B. SMTP C. ICMP D. DNS | A. FTP |
| Lamar manages the account management for his company. He’s worried about hacking tools that use rainbow tables. Which of the following is the most beneficial for mitigating this threat? A. Password complexity B. Password age C. Password expiration D. Password length | D. Password length |
| You are the security administrator for a large company where occasionally, a user needs to access certain resources that the user doesn’t have permission to access. Which method would be the most beneficial? A. Mandatory Access Control B. Discretionary Access Control C. Role-based Access Control D. Rule-based Access Control | D. Rule-based Access Control |
| Michael manages the secure communications at his company and would like to give administrators the option to log in remotely and execute command-line functions. He would like for this to only be possible via a secure encrypted connection. What action should be taken on the firewall? A. Block port 23 and allow ports 20 and 21. B. Block port 22 and allow ports 20 and 21. C. Block port 22 and allow port 23. D. Block port 23 and allow port 22. | D. Block port 23 and allow port 22. |
| You are a network security technician at a mid-sized company. Your employer is planning for significant growth and the CIO has tasked you with implementing a system to consolidate all critical network device logs to a central location. The system should support logs from all routers, firewalls, switches and business critical servers and should send alerts in the event of security issues. What type of solution would best meet these requirements? A. Hardware security module B. SIEM C. Central log poin | B. SIEM |
| What type of attack is based on sending more data to a target than the target can hold? A. Bluesnarfing B. Buffer overflow C. Bluejacking D. DDoS | B. Buffer overflow |
| Alissa has deployed session tokens on her network. What would these tokens be the most effective in protecting against? A. DDoS B. Replay C. SYN flood D. Malware | B. Replay |
| You’re the network administrator for a large university which has numerous systems that require you to monitor the logs and analyze the activity. What is the best approach to view and analyze logs from a central server? A. NAC B. Port Forwarding C. IDS D. SIEM | D. SIEM |
| Which of the following types of firewalls will examine the context of each packet it encounters? A. Packet filtering firewall B. Stateful packet filtering firewall C. Application layer firewall D. Gateway firewall | B. Stateful packet filtering firewall |
| Which of the following works like stream ciphers? A. One-time pad B. RSA C. AES D. DES | A. One-time pad |
| What type of certificate can be used for a list of explicitly given domains, IP addresses or sub domains? A. SAN B. Code signed C. Self signed D. Wildcard | A. SAN |
| Which of the following statements is true about symmetric algorithms? A. They hide data within an image file. B. They use one key to encrypt and another key to decrypt data C. They use a single key to encrypt/decrypt D. They use a single key to create a hashing value | C. They use a single key to encrypt/decrypt |
| Of the following, which provides the best examples of the drawback of symmetric key systems? A. You must use different keys for encryption/decryption B. The algorithm is more complex C. The system works much more slowly than an asymmetric system D. The key must be delivered in a secure manner | D. The key must be delivered in a secure manner |
| Larry is a network administrator for a small accounting firm and has heard some of his users complaining of slow connectivity. When he started investigating the firewall logs, he saw a large number of half-open connections. What best describes his findings? A. DDoS B. SYN flood C. Buffer overflow D. ARP poisoning | B. SYN flood |
| Of the listed users, which is a role-based position that should receive training on how to manage particular systems? A. Users B. Privileged users C. Executive users D. System owners | D. System owners |
| You need to record packet data being sent to and from a server running a Linux operating system. After recording the network traffic you want to view the data in a visualization tool like Wire shark. What command line tool is best suited for this task? A. Nmap B. Tracert C. Netstat D. Tcpdump | D. Tcpdump |
| You are responsible for the web application security for your company’s e-commerce server. You’re especially concerned with XSS and SQL injection. Of the following, which technique would be the most effective at mitigating these attacks? A. Proper error handling B. The use of stored procedures C. Proper input validation D. Code signing | C. Proper input validation |
| You are observing an outage of your employers website. While investigating the cause of the outage you learn that there is a large-scale DDOS attack that has caused network outages for large percentages of the internet. The attack is targeting key infrastructure of major web service providers. According to news sources the attackers are sending huge numbers of requests to open DNS servers with spoofed IP addresses. The responses from the DNS servers are sent to the spoofed IP addresses which have resulted i | C. DNS amplification |
| You currently have web developers in your company who have direct access to production servers and can deploy code to it. These actions can lead to insecure code and code flaws being deployed to directly into the live environment. Currently, your company only has one server available (the production server). What is the best change that can be made to mitigate this risk? A. Implement sandboxing B. Implement virtualized servers C. Implement a staging server D. Implement deployment policies | C. Implement a staging server |
| Olivia manages wireless security in her company and wants completely different WiFi access (ie different SSID, different security levels, different authentication methods) in different parts of the company. What’s the best choice for Olivia to select in WAPs? A. Fat B. Thin C. Repeater D. Full | A. Fat |
| Isaac is looking for a physical access solution for his company. He needs the solution to use asymmetric cryptography or public-key cryptography to authorize users. What type of solution is he seeking? A. Asynchronous password token B. Challenge response token C. TOTP token D. Static password token | B. Challenge response token |
| You have been presented with the task of implementing a solution that ensures data stored on a removable USB drive hasn’t been tampered with or changed. Which should be implemented? A. Key escrow B. File backup C. File encryption D. File hashing | D. File hashing |
| Caleb was tasked with setting up access control for a server. The requirements state that lower privileged users should not be able to see or access files or data that is meant for higher privileged users. What access control model is best suited to fit these requirements? A. MAC B. DAC C. RBAC D. SAML | A. MAC |
| Sharon is responsible for the security on web applications. She’s looking to see if all applications have input validation. What is the best way to implement validation? A. Server-side validation B. Client-side validation C. Validate in trust D. Client-side and server-side validation | D. Client-side and server-side validation |
Created by:
bgray8