D315

Question 1

A network is being created for an office, and there is a need for a router that manages internal network connections with no contact with the internet.

Which type of router is needed?

Answer 1

Core router

Question 2

An IT manager is designing a new network and needs a device that connects multiple networks.

Which device is needed?

Answer 2

Router

Question 3

A network in a small office building connects all devices using wired connections with a star topology.

Which type of network is described?

Answer 3

LAN (Local Area Network)

Question 4

An executive uses Bluetooth to connect a laptop, a mobile phone, and a headset.

Which type of network is described?

Answer 4

PAN (Personal Area Network)

Question 5

A city uses fiber optic cable to connect smaller networks throughout the whole city.

Which type of network is described?

Answer 5

MAN (Metropolitan Area Network)

Question 6

Users of a network have been experiencing issues. In the course of troubleshooting, an administrator wants to view a list of network addresses and port numbers.

Which command in Linux should be used for this purpose?

Answer 6

netstat

Question 7

Users of a network have been experiencing issues. In the course of troubleshooting, an administrator wants to determine which ports have an active connection.

Which command in Windows should be used for this purpose?

Answer 7

netstat -an

Question 8

In the process of setting up a Linux-based network system, a technician needs to view network interfaces and their settings.

Which command should be used?

Answer 8

ifconfig

Question 9

A person is troubleshooting a network issue and needs to test DNS connectivity.

Which Linux command should be used?

Answer 9

nslookup

Question 10

What is the TCP/IP layer that includes the Transmission Control Protocol (TCP)?

Answer 10

Transport Layer

Question 11

Which layer of the TCP/IP model includes the Internet Message Access Protocol (IMAP)?

Answer 11

Application Layer

Question 12

Which OSI model layer creates, maintains, and disconnects process communications over the network?

Answer 12

Session Layer

Question 13

Which OSI model layer is responsible for breaking data into packets?

Answer 13

Transport Layer

Question 14

Which layer of the OSI reference model includes all computer programs that interact with the network?

Answer 14

Application Layer

Question 15

What is the OSI model layer that includes the IPX?

Answer 15

Network Layer, Layer 3

Question 16

What is the layer of the OSI model that is responsible for logical addressing?

Answer 16

Network Layer, Layer 3

Question 17

What is the layer of the OSI model that translates binary computer language into the language of the transmission medium?

Answer 17

Physical Layer

Question 18

A company uses cloud service to manage its IT resources. The underlying hardware resources are shared by other companies as well.

What is the cloud deployment model described in the scenario?

Answer 18

Public

Question 19

An organization uses one cloud service provider for data management and another service provider for development platforms.

What is the cloud deployment model described in the scenario?

Answer 19

Multi-Cloud Model

Question 20

A company needs to maximize the number of virtual machines that can run on each host.

Which hypervisor should be used?

Answer 20

Type 1

Question 21

A developer has an existing computer with an operating system. The developer wants to use a hypervisor to have access to several virtual machines for a specific project.

Which form of hypervisor fits the need described in the scenario?

Answer 21

Type 2

Question 22

An attacker gains unauthorized access to a computer and modifies browser security settings.

What is the purpose of the attack?

Answer 22

Data modification

Question 23

An attacker uses a trojan horse to forward usernames and passwords to an anonymous email address.

What is the purpose of the attack?

Answer 23

Data export

Question 24

A hacker purposefully breaks IT security to gain unauthorized access to systems and publish sensitive data.

Which term describes the given hacker?

Answer 24

Black-hat

Question 25

A hacker acts as an information system security professional who is hired to perform penetration testing. Which term best describes the given hacker?

Answer 25

White-hat

Question 26

An organization is the victim of an attack in which an attacker uses a software program to try all possible combinations of a password and user ID. What is the type of cyberattack described in this scenario?

Answer 26

Brute-force attack

Question 27

A data breach exposed usernames and passwords to customer accounts of an online retailer. An attacker uses the exposed data to attempt to access accounts of another online retailer. Which malicious attack strategy is represented in the scenario?

Answer 27

Credential stuffing

Question 28

An attacker uses a list of commonly used access credentials to attempt to gain access to an online account. Which type of cyberattack is described?

Answer 28

Dictionary attack

Question 29

An organization is the victim of an attack in which an attacker tries to gain access to a system by disguising their computer as another computer. What is the type of cyberattack described in this scenario?

Answer 29

IP address spoofing

Question 30

An attacker intercepts messages between two parties before transferring them on to the correct destination. Which type of cyberattack is described?

Answer 30

Man-in-the-middle attack

Question 31

An organization is the victim of an attack in which an attacker uses a program to take control of a connection by pretending to be each end of the connection. What is the type of cyberattack described in this scenario?

Answer 31

Session hijacking

Question 32

An attacker uses a false identification to gain physical access to IT infrastructure. Which malicious attack strategy is represented in the scenario?

Answer 32

Social engineering

Question 33

An attacker sends emails claiming that an online account has been locked. The email provides a fake link with the goal of tricking the users into providing login credentials. Which type of cyberattack is described?

Answer 33

Phishing

Question 34

An organization is the victim of an attack in which an attacker uses a DNS poisoning strategy to direct users from a legitimate website to the attacker's website. What is the type of cyberattack described in this scenario?

Answer 34

Pharming

Question 35

A company is implementing network security components to ensure a higher level of data trustworthiness. What is the CIA triad component targeted in the scenario?

Answer 35

Integrity

Question 36

Which CIA triad component is a driver for enabling data encryption?

Answer 36

Confidentiality

Question 37

Which component of the IT security CIA triad is a driver for implementing audit and monitoring controls?

Answer 37

Confidentiality

Question 38

What is the component of the CIA triad for IT security that requires that IP packets be retransmitted if the receiving host has an invalid checksum value?

Answer 38

Integrity

Question 39

What is an example of a violation of the CIA triad component confidentiality?

Question 40

What is an example of a violation of the CIA triad component availability?

Question 41

A company uses hash value comparisons to determine if the data in a database has changed. What is the CIA triad component targeted in the scenario?

Answer 41

Integrity

Question 42

A company is updating the devices it provides to employees to ensure that each employee has consistent network access. What is the CIA triad component targeted in the scenario?

Answer 42

Availability

Question 43

A development team is designing a web application. The team is considering possible errors and exceptions. The team is committed to protecting sensitive information above all else in the event of an error or exception. What is the security principle implemented in this scenario?

Answer 43

Fail-safe

Question 44

An organization is designing an information system dashboard that can be customized for various departments. The goal is to make the dashboard intuitive, user-friendly, and secure. Which design principle for security is being incorporated?

Answer 44

Human-centeredness

Question 45

After discovering that employees have been circumventing session timeouts for a company's internal network, the company is holding meetings to inform employees of the motivation behind the timeouts and risks involved in the workaround. Which security principle is demonstrated in this scenario?

Answer 45

Psychological acceptability

Question 46

An organization needs to define a data classification standard and designate the assets that are critical to the organization's mission. Which type of policy should be used?

Answer 46

Asset classification study

Question 47

A company needs to specify security operations and management of all IT assets within the seven domains of the IT infrastructure. Which type of policy should be used?

Answer 47

Asset management policy

Question 48

An organization has experienced war chalking in the past and wants to take actions to mitigate this type of attack. What should this organization do?

Answer 48

Use Wi-fi Protected Access 2

Question 49

A company is specifically worried about DoS/DDoS attacks. Which strategy should be used as a mitigation against this type of attack?

Answer 49

Monitor normal traffic patterns

Question 50

An organization uses an access control in which employees working in similar categories are grouped together and given the same permissions. What is the form of access control involved in this scenario?

Answer 50

Role-based Access Control

Question 51

An organization's network has been the target of several cyberattacks. Which strategy should the organization use for Wi-Fi hardening?

Answer 51

Configure the Wi-Fi signal strength to reduce range

Question 52

A company set up a firewall to analyze network traffic, considering each packet and how groups of packets are used. What is the form of access control involved in this scenario?

Answer 52

Context-based Access Control

Question 53

A company is developing a data protection methodology in order to improve data protection measures. What is a strategy that should be used?

Answer 53

Implement authentication methodologies

Question 54

After a series of attacks, an organization needs to bolster its data protection measures. Which strategy should be used to increase data protection?

Answer 54

Use transport level encryption

Question 55

When assigned to a new project, a user is given temporary permissions as an editor. Which network security concept does this scenario address?

Answer 55

Authorization

Question 56

A financial company requires a manager to verify any changes made to a client's electronic profile made by an employee. What is the principle used to address accounting in this situation?

Answer 56

Segregation of duties

Question 57

In order to reduce the risk of insider attacks, a company assigned role-based permissions to its users. Which network security concept does this scenario address?

Answer 57

Authorization

Question 58

An organization is updating its information security policies in order to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). What should this organization expect to be required to do under this legislation?

Answer 58

Disclose how personal identifiable information is used.

Question 59

An organization is updating its information security policies in order to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). What should this organization expect to be required to do under this legislation?

Answer 59

Implement appropriate security safeguards for stored personal data

Question 60

A company is creating an information security policy document with many sub-policies. Which information should be included for each sub-policy to ensure the policy is clear and comprehensive?

Answer 60

Compliance requirements the sub-policy is designated to meet