Technologies and Tools (1)

Question 1

John is looking for a new firewall for a small company. He is concerned about DoS attacks, particularly the SYN flood. Which type of firewall would give the best protection against the SYN flood?

Packet filter

Bastion

SPI

Answer 1

SPI

The correct answer is stateful packet inspection (SPI). SPI looks at the entire context of the conversation and will stop SYN floods

Question 2

You are responsible for network security at an insurance company. A lot of employees bring their own devices. You have security concerns about this. You have decided to implement a process whereby when users connect to your network, their devices are scanned. If a device does not meet your minimum security requirements, it is not allowed to connect. What best describes this?

NAC

SPI

IDS

Answer 2

NAC

The correct answer is NAC, or Network Access Control. NAC is a network management solution that defines and implements a policy that enables only compliant and trusted endpoint devices to access network resources

Question 3

Ahmed is responsible for VPN connections at his company. His company uses IPSec exclusively. He has decided to implement IPSec in a mode that encrypts the data of only the packet, not the headers. What is this called?

Tunneling

IKE

Transport

Answer 3

Transport

Transport mode is the mode wherein IPSec encrypts the data, but not the packet header

Question 4

Maria is responsible for monitoring IDS activity on her company’s network. Twice in the past month there has been activity reported on the IDS that investigation has shown was legitimate traffic. What best describes this?

False negative

Passive

False positive

Answer 4

False positive

When an IDS (or any security device) labels legitimate traffic as an attack, that is called a false positive

Question 5

Juanita is a network administrator for a large university. The university has numerous systems, each with logs she must monitor and analyze. What would be the best approach for her to view and analyze logs from a central server?

NAC

IDS

SIEM

Answer 5

SIEM

Security Information and Event Management (SIEM) systems are designed specifically for log aggregation and analysis

Question 6

Enrique is responsible for web application security at his company. He is concerned about attacks such as SQL injection. Which of the following devices would provide the best protection for web attacks on his web application server?

ACL

SPI

WAF

Answer 6

WAF

A web application firewall (WAF) is designed to provide firewall protection that also will protect against specific web attacks

Question 7

ACME Company has several remote offices. The CIO wants to set up permanent secure connections between the remote offices and the central office. What would be the best solution for this?

L2TP VPN

IPSEC VPN

Site-to-site VPN

Answer 7

Site-to-site VPN

A site-to-site VPN is a permanent VPN connection between sites. Connecting remote offices is a typical site-to-site VPN implementation

Question 8

Mary is responsible for network security at a medium-sized insurance company. She is concerned that the offices are too open to public traffic and someone could simply connect a laptop to an open RJ45 jack and access the network. Which of the following would best address this concern?

ACL

VLAN

Port security

Answer 8

Port security

By mapping network jacks to specific MAC addresses of machines, you can prevent a rogue machine from being connected

Question 9

You are the network administrator for an e-commerce company. You are responsible for the web server cluster. You are concerned about not only failover, but also load-balancing and using all the servers in your cluster to accomplish load-balancing. What should you implement?

Active-active

Active-passive

Affinity

Answer 9

Active-active

An active-active cluster has all servers working, rather than keeping a duplicate server in reserve

Question 10

Donald is working as a network administrator. He is responsible for the database cluster. Connections are load-balanced in the cluster by each new connection being simply sent to the next server in the cluster. What type of load-balancing is this?

Round-robin

Affinity

Weighted

Answer 10

Round-robin

Round-robin load balancing simply sends each new connection to the next server in the cluster

Question 11

Gerald is setting up new wireless access points throughout his company’s building. The wireless access points have just the radio transceiver, with no additional functionality. What best describes these wireless access points?

Fat

Thick

Thin

Answer 11

Thin

The term for this is thin wireless access point

Question 12

Mohaned is an IT manager for a hotel. His hotel wants to put wireless access points on each floor. The specifications state that the wireless access points should have minimal functionality, with all the configuration, authentication, and other functionality centrally controlled. What type of wireless access points should Mohaned consider purchasing?

Fat

Controller-based

Stand-alone

Answer 12

Controller-based

Controller-based wireless access points have minimal functionality, with most functions centrally controlled

Question 13

What IPSec protocol provides authentication and encryption?

AH

ESP

IKE

Answer 13

ESP

Encapsulating Security Payload provides both integrity and encryption

Question 14

Terrance is implementing IPSec. He wants to ensure that the packets are encrypted, and that the packet and all headers are authenticated. What should he implement?

AH

ESP

AH and ESP

Answer 14

AH and ESP

ESP provides encryption and AH provides complete authentication, including the header, so both are needed to meet the requirements

Question 15

You are responsible for security at your company. One of management’s biggest concerns is that employees might exfiltrate sensitive data. Which of the following would you implement first?

Routine audits of user machines

VLAN

USB blocking

Answer 15

USB blocking

USB blocking will prevent anyone from plugging in a USB and taking out data

Question 16

You are responsible for email server security in your company. You want to implement encryption of all emails, using third-party authenticated certificates. What protocol should you implement?

IMAP

S/MIME

SMTP-S

Answer 16

S/MIME

Secure Multipurpose Internet Mail Extensions (S/MIME) encrypts email using X.509 certificates that are created and authenticated by a trusted third party

Question 17

Joanne is responsible for all remote connectivity to her company’s network. She knows that administrators frequently log in to servers remotely to execute command-line commands and Linux shell commands. She wants to make sure this can only be done if the transmission is encrypted. What protocol should she use?

HTTPS

RDP

SSH

Answer 17

SSH

Secure Shell gives a remote command-line interface that is encrypted

Question 18

You are responsible for network management at your company. You have been using SNMP for many years. You are currently using SNMP v2. A colleague has recently suggested you upgrade to SNMP v3. What is the primary benefit of SNMP v3?

It is much faster.

It integrates with SIEM.

It is encrypted.

Answer 18

It is encrypted.

Earlier versions of SNMP sent all traffic in clear text. SNMP v3 sends all data encrypted

Question 19

Employees in your company are allowed to use tablets. They can select a tablet from four different models approved by the company but purchased by the employee. What best describes this?

BYOD

CYOD

COPE

Answer 19

CYOD

Choose Your Own Device (CYOD) allows employees to bring their own devices to work, but only if they are chosen from a list of approved models

Question 20

Mahmoud is considering moving all company desktops to a VDI deployment. Which of the following would be a security advantage of VDI?

Employees can work from any computer in the company.

VDI is more resistant to malware.

Patch management is centrally controlled.

Answer 20

Patch management is centrally controlled.

Virtual Desktop Infrastructure does have all patch management centrally controlled

Question 21

You have been assigned to select a backup communication method for your company to use in case of significant disasters that disrupt normal communication. Which option would provide the most reliability?

Cellular

WiFi

SATCOM

Answer 21

SATCOM

Satellite communications are most resistant to disasters that disrupt communications

Question 22

John is concerned about the security of data on smartphones and tablets that his company issues to employees. Which of the following would be most effective in preventing data loss, should a device be stolen?

Remote wipe

Geolocation

Strong PIN

Answer 22

Remote wipe

The most effective protection against data loss is the ability to remotely wipe the phone

Question 23

What does geofencing accomplish?

Provides the location for a mobile device.

Limits the range a mobile device can be used in.

Determines WiFi coverage areas.

Answer 23

Limits the range a mobile device can be used in.

Geofencing sets up geographic boundaries, beyond which a device won’t work

Question 24

What best describes mobile device content management?

Limiting how much content can be stored.

Limiting the type of content that can be stored.

Blocking certain websites.

Answer 24

Limiting the type of content that can be stored.

Content management for a mobile device involves limiting what content can be placed on the phone

Question 25

Frank believes there could be a problem accessing the DHCP server from a specific client. He wants to check by getting a new dynamic IP. What command will do this?

ipconfig /request

NETSTAT -renew

ipconfig /renew

Answer 25

ipconfig /renew

The ipconfig /renew command will request a new IP from the DHCP server

Question 26

Teresa is responsible for network administration at a health club chain. She is trying for find a communication technology that uses low power and can spend long periods in low-power sleep modes. Which of the following technologies would be the best fit?

WiFi

Cellular

ANT

Answer 26

ANT

ANT is a proprietary wireless network technology that provides low-power modes and is used in WiFi settings. It has been used in sports-related technologies

Question 27

What technology was first introduced in Windows Vista and still exists in Windows that helps prevent malware by requiring user authorization to run executables?

DEP

DLP

UTM

Answer 27

DEP

Date Execution Prevention (DEP) requires the user to authorize any executable to execute. It should be noted that this is the definition Microsoft used for its functionality. A more technical definition is that Data Execution Prevention is preventing software from accessing restricted memory such as the operating system’s memory

Question 28

John is responsible for security of his company’s new e-commerce server. He wants to ensure that online transactions are secure. What technology should he use?

L2TP

SSL

TLS

Answer 28

TLS

Transport Layer Security (TLS) is used to encrypt and secure web traffic

Question 29

Frank is a network administrator for a small college. The college has implemented a simple NIDS. However, the NIDS seems to only catch well-known attacks. What technology is this NIDS likely missing?

Heuristic scanning

Signature scanning

Passive scanning

Answer 29

Heuristic scanning

Heuristic scanning involves scanning for anomalous behavior that might indicate an attack, even if there is no known attack signature