Chap 4 - Network Security

Question 1

DMZ

Answer 1

Demilitarized Zone

DMZ: Network buffer zone between an internal network and the Internet.
Purpose: Enhances security by isolating public services from the internal network.
Hosts: Web, email, DNS servers accessible from the Internet.
Implementation: Uses two firewalls for external and internal protection.
Benefit: Reduces risk of external attacks reaching the internal network.

Also known as a Perimeter Network or Screened Subnet

Question 2

4-1: Which of the following are terms for an area of an enterprise network, separated by firewalls, which contains servers that must be accessible from both the Internet and the internal network? (Choose all that apply)

Intranet
DMZ
EGP
Stateless network
Perimeter network
Screened Subnet

Answer 2

DMZ

Perimeter network

Screened Subnet

Question 3

EAP

Answer 3

EAP (Extensible Authentication Protocol)

A framework for various authentication mechanisms to secure data transmission, primarily used in network access authentication

Question 4

MS-CHAPv2

Answer 4

MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2)

An enhanced version of CHAP developed by Microsoft. It offers improved security features and is the most common authentication method for dial-up connections.

MS-CHAPv2 is supported by modern operating systems for its security advantages over previous versions.

Question 5

PAP

Answer 5

PAP (Password Authentication Protocol)

An authentication method that sends a username and password in plaintext over the network. This simplicity poses a security risk as it allows potential interception of the credentials

Question 6

CHAP

Answer 6

CHAP (Challenge Handshake Authentication Protocol)

A more secure method than PAP, CHAP uses a challenge-response mechanism based on hashes of a shared secret (usually a password).

It periodically re-authenticates to prevent man-in-the-middle attacks, ensuring that the password itself is never sent over the network

Question 7

4-9: Which of the follow security protocols can authenticate users without transmitting their passwords over the network?

Kerberos
802.1X
TKIP
LDAP

Answer 7

Kerebos

Employees a series of tickets to authenticate users and other network devices without the need to transmit credentials over the network

Question 8

4-13: Which of the following terms describes a system that prevetns computers from logging on to a network unless they have the latest updates and antimalware software installed?

NAC
LDAP
RADIUS
TKIP-RC4

Answer 8

NAC

Question 9

NAC

Answer 9

Network Access Control

mechanism that defines standards of equipment and configuration that systems must meet before they can connect to the network

Question 10

4-14: Which of the following describes the primary difference between SSO and Same Sign-On?

• SSO enables users to access different resources with one set of credentials , whereas same sign-on requires users to have mutliple credential sets
• SSO credentials consist of one username and one password, whereas same sign-on credentials consist of one username and multiple passwords
• SSO requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatly
• SSO requires MFA, such as a password and a smartcard, whereas same sign-on requires only a password for authentication

Answer 10

SSO requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatly

Question 11

4-17: Which of the following statements best describes the primary scenario for the use of TACACS+?

• TACACS+ was designed to provide authentication, authorization and accounting services for wireless networks
• TACACS+ was designed to provide authentication, authorization and accounting services for Active Directory services
• TACACS+ was designed to provide authentication, authorization and accounting services for remote dial-up users
• TACACS+ was designed to provide authentication, authorization and accounting services for network routers and switches

Answer 11

TACACS+ was designed to provide authentication, authorization and accounting services for network routers and switches

Question 12

TACACS+

Answer 12

Terminal Access Controller Access Control System Plus

• Developed by Cisco for AAA (Authentication, Authorization, and Accounting) support.
• Designed for complex networks with many routers and switches.
• Centralizes access control for network devices.
• Separates authorization, authentication, and accounting processes for enhanced control.
• Uses TCP port 49 by default.
• Supports PAP, CHAP, MD5 hashes, and Kerberos for authentication

Question 13

802.1X

Answer 13

• IEEE 802.1X: Standard for port-based network access control
• Provides secure authentication for devices on LAN or WLAN networks
• Uses an authentication server like RADIUS for user credential verification
• Components include client, access-point/switch, RADIUS server, and identity provider
• Ensures encrypted network access through EAP over LANs for enhanced security
• Basic implementation of NAC

Question 14

4-23: Which of the following is an implementation of NAC?

RADIUS
802.1X
LDAP
TACACS+

Answer 14

802.1X

Question 15

4-24: Which of the following is not one of the roles involved in an 802.1X transaction?

Supplicant
Authentication Server
Authorizing Agent
Authenticator

Answer 15

Authorizing Agent

Question 16

4-25: In an 802.1X transaction, what is the function of the supplicant?

• The supplicant is the service that issues certificats to clients attempting to connect to the network
• The supplicant is the service that verifies the credentials of the client attempting to access the network
• The supplicant is the network device to which the client is attempting to connect
• The supplicant is the client user or computer attemping to connect to the network

Answer 16

The supplicant is the client user or computer attemping to connect to the network

Question 17

4-26: In an 802.1X transaction, what is the function of the authenticator?

• The authenticator is the service that issues certificates to clients attempting to connect to the network
• The authenticator is the service that verifies the credentials of the client attempting to access the network
• The authenticator is the network device to which the client is attempting to connect
• The authenticator is the client user or computer attemping to connect to the network

Answer 17

The authenticator is the network device to which the client is attempting to connect

Question 18

Parts of 802.1X standard

Answer 18

• Supplicant: client attempting to connect to the network
• Authenticator: switch or AP to which the supplicant is requesting access
• Authentication Server: typically a RADIUS implementation that verifies the supplicant’s identity

Question 19

4-28: Which of the following are standards that define combined AAA services? (Choose all that apply)

802.1X
RADIUS
TACACS+
LDAP

Answer 19

RADIUS

TACACS+

Question 20

4-30: Which of the following statements about RADIUS and TACACS+ are correct?

By default, RADIUS uses UDP, and TACACS+ uses TCP
By default, RADIUS uses TCP, and TACACS+ uses UDP
By default, both RADIUS and TACACS+ use TCP
By default, both RADIUS and TACACS+ use UDP

Answer 20

By default, RADIUS uses UDP, and TACACS+ uses TCP

Question 21

TACACS+ port and protocol

Answer 21

TCP 49

Question 22

4-46: Which of the following is the best description of a software product with a zero-day vulnerability?

• A product with a vulnerability that has just been addressed by a newly released fix
• A product with a vulnerability that has just been addressed by a fix, which nearly all users have applied
• A vulnerability in a newly-released product for which no fix has yet been developed
• A vulnerability in a product which no attackers have yet discovered or exploited

Answer 22

A vulnerability in a newly-released product for which no fix has yet been developed

Nick note: This answer is partially incorrect as a zero-day can be found in an existing product. CompTIA doesn’t know wtf they are talking about sometimes…

Question 23

Defense in Depth

Answer 23

The use of multiple security mechanisms to provide additional protection

Question 24

4-52: As a part of her company’s new risk management initative, Alice has been assigned the task of performing a threat assessment for the firm’s data resources. For each potential threat, she discovers, which of the following elements should Alice estimate? (Choose all that apply)

Severity
Mitigation
Likelihood
Posture

Answer 24

Severity

Likelihood

Question 25

War Driving

Answer 25

Attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks

Question 26

War Chalking

Answer 26

When a war driver locates a wireless network and marks it for other attackers

Question 27

Bluesnarfing

Answer 27

attack in which an intruder connects to a wireless device using Bluetooth for the purpose of steeling information

Question 28

Bluejacking

Answer 28

process of sending unsolicited messages to a device using Bluetooth

Question 29

Permanent DoS

Answer 29

A type of DoS attack where the attacker actually damages the target system and prevents it from functioning

Question 30

Amplified Dos

Answer 30

a DoS attack where the messages sent by the attacker required an extended amount of processing by the target server(s) increasing the burden on them more than simplier messages would

Can be mulitple attack machines, but CompTIA seems to define it as using only one

Question 31

Reflective DoS

Answer 31

a DoS attack where the attacker sends requests containing the target server’s IP address to legitimate servers on the internet, causing them to sent a flood of responses to the target

Question 32

4-63: Which of the following types of attacks require no additional hardware or software components (Choose all that apply)

Brute-force
Social Engineering
Denial-of-Service
Phishing

Answer 32

Brute-force
Social Engineering
Denial-of-Service

Nick: this question and answer makes no sense to me….

Question 33

4-67: In which of the following ways is VLAN hopping a potential threat?

• VLAN hopping enables an attacker to scramble a switch’s patch panel connections
• VLAN hopping enables an attacker to rename the default VLAN on a switch
• VLAN hopping enables an attacker to access different VLANs using 801.2q spoofing
• VLAN hopping enables an attacker to change the native VLAN on a switch

Answer 33

VLAN hopping enables an attacker to access different VLANs using 801.2q spoofing

Question 34

VLAN Hopping

Answer 34

method for sending commands to switches to transfer a port from one VLAN to another, enabling attacker to connect to a different VLAN

Question 35

Smurf attack

Answer 35

Short: a DDoS attack in which an attacker attempts to flood a targeted server with Internet control message protocol (ICMP) packets

Long:A Smurf attack is a type of DDoS attack that exploits IP and ICMP protocols by sending ping messages with a fake IP address to create a flood of traffic, overwhelming the victim’s network.

These attacks can render networks inoperable by generating an excessive amount of traffic through IP broadcasting, leading to disruption and downtime.

Smurf attack relies on routers to forward broadcast traffic, which they no longer do, so this kind of attack is no longer an issue

Question 36

4-83: Which of the following are not considered to be Denial-of-Service (DoS) attacks? (Choose all that apply)

• An intruder breaks into a company’s datacenter and smashes their web servers with a sledgehammer
• An attacker uses the ping command with the -t parameter to send a continuous stream of large ICMP packets to a server
• An attacker captures the packets transmitted to and from a domain controller to obtain encrypted passwords
• An attacker connects a rogue access point to a company’s wireless network using their SSID in the hopes of attracting their users

Answer 36

• An attacker captures the packets transmitted to and from a domain controller to obtain encrypted passwords
• An attacker connects a rogue access point to a company’s wireless network using their SSID in the hopes of attracting their users

Question 37

4-94: Which of the following EAP variants utilize tunneling to provide security for the authentication process? (Choose all that apply)

PEAP
EAP-FAST
EAP-TLS
EAP-PSK

Answer 37

PEAP
EAP-FAST

Question 38

PEAP

Answer 38

Protected Extended Authentication Protocol

encapsulates EAP inside of a TLS tunnel

Question 39

EAP-FAST

Answer 39

Extended Authentication Protocol - Flexible Authentication via Secure Tunnel

establishes a TLS tunnel to protect user credential transmission

Question 40

EAP-TLS

Answer 40

Extended Authentication Protocol - Transport Layer Security

Uses TLS for encryption, but not for tunneling

Question 41

EAP-PSK

Answer 41

Extended Authentication Protocol - PreShared Key

Uses a PreShared Keyto provide an authentication process, but does not use encryption

Question 42

Geofencing

Answer 42

Mechanism intended to prevent unauthorized clients outside of a facility from connecting to a network. Can be done using:
* Signal strength requirement
* Power level requirement
* GPS location requirement
* Or done via strategic placement of antenna

Question 43

4-97: Which of the following elements associates a public and private key pair to the identity of a specific person or computer?

Exploit
Signature
Certificate
Resource Record

Answer 43

Certificate

Question 44

4-103: On which of the following types of devices should you consider disabling unused ports as a security precaution? (Choose all that apply)

Hubs
Servers
Switches
WAPs

Answer 44

Servers

Switches

Why? -
Hub ports cannot be disabled
WAPs usually only have one port

Question 45

4-104: For which of the following reasons is disabling the SSID broadcast of a wireless network to prevent unauthorized access a relatively weak method of device hardening?

• Attackers have ways of connecting to the network without the SSID
• Attacks can capture packets transmitted over the network and read the SSID from them
• Every access point’s SSID is printed on a label on the back of the device
• Attackers have software that can easily guess a network’s SSID

Answer 45

Attacks can capture packets transmitted over the network and read the SSID from them

Question 46

4-105: Which of the following cannot be considered to be a server hardening policy?

Disabling unnecessary services
Disabling unused TCP and UDP ports
Upgrading firmware
Creating privileged user accounts

Answer 46

Upgrading firmware

Question 47

4-106: Which of the following are valid reasons not to disable unused switch ports? (Choose all that apply)

The datacenter is secured from unauthorized access
The unused ports are not patched into wall jacks
The unused ports are left open to facilite the onboarding of new users
The switch is configured to use a MAC-based ACL

Answer 47

The datacenter is secured from unauthorized access

The switch is configured to use a MAC-based ACL

Question 48

4-111: Which of the following are network segmentation methods that can prevent intruders from gaining full access to a network? (Choose all that apply)

ACL
VLAN
NAC
DMZ

Answer 48

VLAN

DMZ

Question 49

DHCP Snooping

Answer 49

• DHCP Snooping prevents rogue DHCP server issues.
• Creates a DHCP snooping binding database of MAC addresses for: Known DHCP servers (trusted ports); Clients (untrusted ports).
• Blocks DHCP messages from systems on untrusted ports.
• Stops unauthorized DHCP traffic and alerts appropriate personnel

Question 50

Role Separation

Answer 50

Practice of creating a different virtual server for each server role or application

Question 51

4-114: Which of the following terms decribes the threat mitigation technique of deploying individual applications and services on virtuasl servers so that no more than one is endangered at any one time, rather than deploying multiple applications on a single server?

Geofencing
Network segmentation
Role separation
VLAN hopping

Answer 51

Role separation

Question 52

4-116: A server’s firewall is configured using a default policy that does not allow any users remote access to the server unless an administrator creates a rule granting them access. Which of the following terms describes this default policy?

Explicit allow
Explicit deny
Implicit allow
Implicit deny

Answer 52

Implicit deny

Question 53

4-118: Which of the followng statements about DHCP snooping is not true?

• DHCP snooping detects rogue DHCP servers
• DHCP snooping is implemented in network switches
• DHCP snooping drops DHCP messages arriving over the incorrect port
• DHCP snooping prevents DNS cache poisoning

Answer 53

DHCP snooping prevents DNS cache poisoning

Question 54

4-119: At which layer of the OSI model does DHCP snooping operate?

Data link
Network
Transport
Application

Answer 54

Data link

Question 55

4-117: Dynamic ARP Inspection (DAI) is a feature in some network switches that prevents on-path (man-in-the-middle) atacks facilitied by ARP poisoning, the deliberate insertion of fradulent information into the ARP cache. A swicth with DAI inspects incoming ARP packets and rejects those that contain incorrect pairs of IP addresses and MAC addresses. Which of the following is the means by which the switch complies a table of correct ARP information with the incoming packets?

DHCP snooping
Secure SNMP
DNS name resolution
NDP

Answer 55

DHCP snooping

Question 56

DAI

Answer 56

Dynamic ARP Inspection

• Utilizes DHCP snooping data.
• Identifies and discards dubious ARP messages.
• Prevents ARP cache poisoning and similar malicious activities

Question 57

NDP

Answer 57

Neighbor Discovery Protocol

• IPv6 protocol
• Performs functions similar to ARP in IPv4
• Involved in Stateless Address Autoconfiguration (SLAAC)
• consists of five ICMP control message types:
• neighbor solicitation
• neighbor advertisement
• router solicitation
• router advertisement
• and redirect

Question 58

4-121: Which of the following protocols is a root guard designed to affect?

EAP
STP
LDAP
ARP

Answer 58

STP

Question 59

4-122: Which of the following mitigation techniques help organizations maintain compliance to standard such as HIPAA and FISMA

File integrity monitoring
Role Separation
Deauthentication
Tamper detection
Router Advertisement guard

Answer 59

File integrity monitoring

Question 60

4-128: Unlike individual users who usually have their OS patches downloaded and installed automatically, corporate IT departments typically evaluate new patches before deploying them. Which of the following is not a common step in this evaluation process?

Testing
Researching
Rolling back
Backing up

Answer 60

Rolling back

Question 61

4-133: Which of the following technologies utilize ACLs to limit access to network resources? (Choose all that apply)

NTFS
LDAP
WAP
Kerebos

Answer 61

NTFS

WAP

Question 62

Whats another term for Port Isolation

Answer 62

Private VLAN

a feature in some switches that enables admins to restrict selected ports to a given uplink, essentially creating a separate, secondary VLAN that is isolated from the switch’s default primary VLAN

Question 63

4-138: (Abbreivated) - Which of the following are potentially viable methods for securing all IoT devices against attack? (Choose all that apply)

Network segmentation
NAC
Security Gateways
Firewalls

Answer 63

NAC
Security Gateways

the reasoning is that because IoT devices are mobile they cannot be protected by Network Segmentation nor Firewalls. But in order to be IoT they connect to the LAN, so they can be. Another exam of CompTIA being full of shit

Question 64

4-139: Which of the following statements about a switch’s default VLAN are true? (Choose all that apply)

Admins must create a default VLAN when configuring a new switch
The default VLAN on a switch cannot be deleted
The default VLAN on most switches is designated as VLAN 0
The default VLAN on a switch cannot be renamed

Answer 64

The default VLAN on a switch cannot be deleted

The default VLAN on a switch cannot be renamed

Question 65

4-140: Control plane policing (CPP or CoPP) is a feature on some routers and switches that limits the rate of traffic on the device’s processor, to prevent DoS and reconnaisse attacks, using which of the following technologies?

IPSec
802.1X
RA Guard
QoS
VLAN Hopping

Answer 65

QoS

Question 66

CPP (or CoPP)

Answer 66

Control Plane Policing (CoPP)

• allows users to configure a filter to manage the traffic flow of control plane packets
• QoS feature
• provides security and prioritization for critical network functions

Question 67

4-141: Which of the following technologies enables VPN clients to connect directly to each other as well as to the VPN server at the home site?

VPN concentrator
DMVPN
SIP Trunk
MPLS
Clientless VPN

Answer 67

DMVPN

Question 68

DMVPN

Answer 68

Dynamic Multipoint Virtual Private Network

creates a mesh technology between multiple VPN sites, enabling remote sites to connect directly to each other instead of the home site

Question 69

SIP Trunk

Answer 69

Session Initiation Protocol Trunk

provides a communication domain between public and private domains of a network

Question 70

4-142: Which of the following VPN protocols is generally considered to be obselete?

IPSec
L2TP
PPTP
SSL/TLS

Answer 70

PPTP

Question 71

4-143: Which of the following VPN protocols does not provide encryption within the tunnel?

PPTP
IPSec
L2TP
SSL

Answer 71

L2TP

Question 72

L2TP

Answer 72

Layer 2 Tunneling Protocol (L2TP)

• a VPN protocol developed from the combination of Cisco’s Layer 2 Forwarding (L2F) and Microsoft’s Point-to-Point Tunneling Protocol (PPTP)
• L2TP operates without native encryption or authentication, making it typically used in conjunction with IPsec to ensure security.

Question 73

4-144: Which of the following elements must be identical in both the client and server computers to establish a remote WAN connection? (Choose all that apply)

The WAN Type
The data link layer protocol
The authentication method
The OS

Answer 73

• The WAN Type
• The data link layer protocol
• The authentication method

Question 74

4-146: Which of the following types of VPN connection is the best solution for allowing clients limited access to your corporate network?

Host-to-site
Site-to-site
Host-to-host
Extranet

Answer 74

Extranet

Question 75

Extranet

Answer 75

VPn designed to provide clients, vendors, and other outside partners with the ability to connect to your coportate network with limited access

Question 76

4-147: Which of the following protocols is not used for remote control of computers?

RDP
TFTP
SSH
Telnet

Answer 76

TFTP

Question 77

4-150: Ralph is a network admin for a firm that is allowing employees to telecommute for the first time, and he is responsible for designing a remote access solution that will enable users to access network resources, such as company email and databases securely. All of the remote users have been issued smartcards and will be connecting using VPN connections on company supplied laptops running Win10 and equipped with card readers. The users will be logging on to the company network using their standard Active Directory Domain Services accounts, so it is important for Ralph to design a solution that provides maximum protection for their passwords, both inside and outside of the office. Which of the following authentication protocols should Ralph configure the remote access servers and laptop computers to use?

PAP
CHAP
EAP
MSCHAPv2

Answer 77

EAP

only protocol with Win10 that supports hardware based authentication

Question 78

4-151: Ralph has come across the term virtual desktop, and he is not exactly sure what it means. After performing some internet searches, he finds multiple definitions. Which of the following is not one of the technologies that uses the term virtual desktop?

• A 3D realization of a computer display using a VR hardware device
• A computer display with a virtual OS desktop that is larger than can be displayed on a monitor
• A cloud based Win10 deployment that enables users to access their desktops using any remote device
• A hardware device that projects a computer desktop on a screen, rather than displaying on a monitor

Answer 78

• A hardware device that projects a computer desktop on a screen, rather than displaying on a monitor

Question 79

4-155: Which of the following types of traffic are carried by Telnet? (Choose all that apply)

Keystrokes
Mouse movements
Display information
Application data

Answer 79

Keystrokes

Display information

Question 80

4-156: Which of the following describes the primary function of a Remote Desktop Gateway?

• Provides multiple users with Remote Desktop client access to one workstation
• Provides a single Remote Desktop client with simultaneous access to multiple workstations
• Enables remote users outside the network to access network workstations
• Enables remote users to access workstations without the need for a Remote Desktop client

Answer 80

Enables remote users outside the network to access network workstations [without the need for a VPN]

Question 81

4-157: WHich of the following statements about in-band management and out-of-band management are true? (Choose all that apply)

• Out-of-band management tools do not provide access to the remote system’s BIOS or UEFI firmware
• Out-of-band management tools enable you to reinstall the OS on a remote computer
• Telnet, SSH, and VNC are in-band management tools
• To perform out-of-band managemen on a device, it must have an IP address

Answer 81

• Out-of-band management tools enable you to reinstall the OS on a remote computer
• Telnet, SSH, and VNC are in-band management tools

Out-of-band uses a dedicated channel to devices on the network, which provides access to the BIOS or UEFI

Question 82

4-158: Which of the following statements best describes out-of-band management?

• Out-of-band management is a method for accessing network devices from a remote location
• Out-of-band management is a method for accessing network devices using a direct cable connection
• Out-of-band management is a method for accessing network devices using a connection to the system other than the production network to which the device is connected
• Out-of-band management is a method for accessing network devices using any tool that operates over the production network to which the device is connected

Answer 82

Out-of-band management is a method for accessing network devices using a connection to the system other than the production network to which the device is connected

Question 83

4-159: What four components are required for a computer to establish a remote TCP/IP connection?

Common Protocols
Remote Access Services (RAS)
A physical layer connection
TCP/IP configuration
Point-to-Point Tunneling Protocol (PPTP)
Host and remote software

Answer 83

Common Protocols [from data link layer and above]

A physical layer connection [WAN connection]

TCP/IP configuration

Host and remote software

Question 84

4-160: Which of the following statements explains why web broswing over a client-to-site VPN connection is usually much slower than browsing locally?

The browser application is running on the VPN server
The browser is using the remote network’s Internet connection
The VPN tunnel restricts the amount of bandwidth available
VPN encryption is processor intensive

Answer 84

The browser is using the remote network’s Internet connection

Question 85

4-163: Which of the following are the two most common types of TLS/SSL VPN connections? (Choose all that apply)

TLS/SSL client
TLS/SSL portal
TLS/SSL tunnel
TLS/SSL gateway

Answer 85

TLS/SSL portal
TLS/SSL tunnel

Question 86

4-166: Which of the following statements about running a site-to-site VPN connection to join two distant LANs together, rather than using a WAN connection, are generally true? (Choose all that apply)

The VPN is cheaper
The VPN is slower
The VPN is less secure
The VPN is harder to maintain

Answer 86

The VPN is cheaper
The VPN is slower

Question 87

4-167: Which of the following are examples of out-of-band device management? (Choose all that apply)

Logging on remotely from a network workstation
Plugging a laptop into a console port
Establishing a point-to-point modem connection
Connecting dedicated ports on each device to a separate switch

Answer 87

Plugging a laptop into a console port
Establishing a point-to-point modem connection
Connecting dedicated ports on each device to a separate switch

Question 88

4-168: Which of the following is not an advantage of VNC terminal emulation product over its competitors?

VNC is free
VNC runs on many OSes
VNC runs faster than the competition
VNC can run through a web browser

Answer 88

VNC runs faster than the competition

Question 89

4-170: Which of the following techniques do VPNs use to secure the data they transmit over the internet? (Choose all that apply)

Tunneling
Socketing
Message integrity
Authentication

Answer 89

Tunneling
Socketing

Authentication

Question 90

4-171: VPNs use tunneling, which is the process of encapsulating a data packet within other packet for transmission over a network connection, typically using the internet. The system encrypts the entire encapsulated data packet for protection. Split tunneling is a variation of this method that provides which of the following advantages (CHoose all that apply)

Conservation of VPN bandwith
Access to the LAN devices while connected to the VPN
Additional data integrity protection
Faster data transmission through multiplexing

Answer 90

Access to the LAN devices while connected to the VPN

Additional data integrity protection

Question 91

VPN Split Tunneling

Answer 91

variation of VPN where only part of the systems traffic is directed over the VPN connection, the rest is transmitted over the normal manner. VPN admins can decide which applications and devices will use the VPN

Question 92

Fail open

Answer 92

door lock reverts to its unsecure state (open) when an emergency occurs (fail)

Question 93

4-183: Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail open?

The door remains in its current state in the event of an emergency
The door locks in the event of an emergency
The door unlocks in the event of an emergency
The door continues to function using battery power in the event of an emergency

Answer 93

The door unlocks in the event of an emergency

Question 94

4-185: Which of the following are means of preventing unauthorized individuals from entering a sensitive location, such as a datacenter? (Choose all that apply)

Biometric scans
Identification badges
Key fobs
Motion detection

Answer 94

Biometric scans
Identification badges
Key fobs

Question 95

4-187: Which of the following physical security devices can use passive RFIDs to enable an authorized user to enter a secured area? (Choose all that apply)

Key fob
Keycard lock
Proximity card
Cypher lock
Smart locker

Answer 95

Key fob

Proximity card

Smart locker

Question 96

4-196: Which of the following are not a means of detecting intruders in a network datacenter? (Choose all that apply)

Motion detection
Video surveillance
Biometrics
Smartcards

Answer 96

Biometrics
Smartcards

Question 97

4-197: Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail closed?

The door remains in its current state in the event of an emergency
The door locks in the event of an emergency
The door unlocks in the event of an emergency
The door continues to function using battery power in the event of an emergency

Answer 97

The door locks in the event of an emergency

Question 98

Fail Closed

Answer 98

door lock reverts to its secure state (closed) when an emergency occurs (fail)

Question 99

4-199: Ralph’s company has purchased new computers to replace some of the older workstations currently in use. Ralph has been assigned the task of preparing the older computers for disposal. They will be sold to a local secondhand dealer. For the dealer to accept the computers, they must have a functional OS. Company policy also dictates that the computers be permanently wiped of all applications and data before disposal. Which of the following task will Ralph have to perform before the computers are sold? (Choose all that apply)

Reinstall the OS
Uninstall all applications
Delete all data files
Run a disk wipe utility
Perform a factory reset

Answer 99

Reinstall the OS

Run a disk wipe utility