final 2

Which of the following prevents access based on website ratings and classifications?

Content filtering

Which of the following is a valid security measure to protect e-mail from viruses?

Use blockers on e-mail gateways.

Drag the Web threat protection method on the left to the correct definition on the right.

Prevents visiting malicious Web sites. Web threat filtering. Prevents outsided attempts to access confidential information. Antiphishing software. Identifies and disposes of infected content. Virus blockers. Prevents unwanted email from reaching your network. Gateway email spam blockers. Prevents visiting restricted Web sites. URL content filtering.

You are investigating the use of Web site and URL content filtering to prevent users from visiting
certain Web sites.
Which benefits are the result of implementing this technology in your organization? (Choose
two.)

Enforcement of the organization's Internet usage policy. An increase in bandwidth availability.

Which of the following is the best countermeasure against man-in-the-middle
attacks?

IPSec

What is modified in the most common form of spoofing on a typical IP packet?

Source address

Which type of Denial of Service (DoS) attack occurs when a name server receives malicious or
misleading data that incorrectly maps host names and IP addresses?

DNS poisoning

Which of the following describes a man-in-the-middle
attack?

A false server intercepts communications from a client by impersonating the intended server.

Capturing packets as they travel from one host to another with the intent of altering the contents
of the packets is a form of which security concern?

Man-in-the-middle attack

When the TCP/IP session state is manipulated so that a third party is able to insert alternate
packets into the communication stream, what type of attack has occurred?

Hijacking

What is the goal of a TCP/IP hijacking attack?

Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access

Which of the following is not a protection against session hijacking?

DHCP reservations

Which of the following is the most effective protection against IP packet spoofing on a private
network?

Ingress and egress filters

While using the Internet, you type the URL of one of your favorite sites in the browser. Instead
of going to the correct site, however, the browser displays a completely different website. When
you use the IP address of the Web server, the correct site is displayed.
Which type of attack has likely occurred?

DNS poisoning.

Which of the following attacks tries to associate an incorrect MAC address with a known IP
address?

ARP poisoning

What are the most common network traffic packets captured and used in a replay attack?

Authentication

When a malicious user captures authentication traffic and replays it against the network later,
what is the security problem you are most concerned about?

An unauthorized user gaining access to sensitive resources

A router on the border of your network detects a packet with a source address that is from an
internal client but the packet was received on the Internetfacing
interface. This is an example of
what form of attack?

Spoofing

An attacker uses an exploit to push a modified hosts file to client systems. This hosts file
redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and
financial information.
What kind of exploit has been used in this scenario? (Choose two. Both responses are different
names for the same exploit.)

Pharming DNS poisoning

Which of the following features on a wireless network allows or rejects client connections based on the hardware address

MAC address filtering

Which remote access authentications protocol allows for the use of smart cards for authentication?

EAP

You are concerned about sniffing attacks on your wireless network. Which of the following implementations offers the best countermeasure to sniffing?

WPA2 and AES

How does WPA2 differ from WPA?

WPA2 uses AES for encryption; WPA uses TKIP

You've just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from accessing the access point (AP) configuration utility?

Change the administrative password on the AP

Which of the following recommendations should you follow when placing access points to provide wireless access for users within your company building?

Place access points above where most clients are.

Which of the following features are supplied by WPA on a wireless network?

Encryption

You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?

on a RADIUS driver

Which of the following measures will make your wireless network invisible to the casual attacker performing war driving?

Disable SSID broadcast

Which of the following locations will contribute the greatest amount of interference for a wireless access point. (select two)

Near cordless phones AND near backup generators

Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?

WEP, WPA Personal, and WPA2 personal

You need to configure the wireless network card to connect to your network at work. The connections should use a user name and password for authentication with AES Encryption. What should you do?

Configure the connection to use WPA2-Enterprise

What purposes does a wireless site survey serve? (Choose two)

1. Identify existing or potential sources of interference 2. To identify the coverage area and preferred placement of access points.

You need to add security for your wireless network. You would like to use the most secure method. Which method should you implement?

WPA2

WiMax is an implementation of which IEEE committee?

802.16

Which of the following measures will make your wireless network invisible to the casual attacker performing war driving?

Disable SSID broadcast

Which remote access authentication protocol allows for the use of smart cards for authentication?

EAP

Which of the following do switches and wireless access points use to control access through the device?

MAC Filtering

You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?

On a RADIUS Server

You are the wireless network admin for your org. As the size of the org has grown, you've decided to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. You've decided to use LEAP to authenticate wireless clients. To do this, you configured a Cisco RADIUS server and installed the neccessary Cisco client software on each RADIUS client. Which of the following is true concerning this implementation?

The system is vulnerable because LEAP is susceptible to dictionary attacks.

You are the wireless network admin for your org. As the size of the org has grown, you've decided to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. To do this, you need to configure a RADIUS Server and RADIUS clients. You want the server and the clients to mutually authenticate with each other. What should you do? (Select two. Each response is part of the complete solution)

Configure the RADIUS server with a server certificate and Configure all wireless access points with client certificates.

Which implementation is most secure?

EAP-TLS

Which of the following features on a wireless network allows or rejects client connections based on the hardware address?

MAC address filtering

You've just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from accessing the access point (AP) configuration utility?

Change the administrative password on the AP.

You are concerned about sniffing attacks on your wireless network. Which of the following implementations offers the best countermeasure to sniffing?

WPA2 and AES

What is the least secure place to locate an access point with an omni-directional antenna when creating a wireless cell?

Near a window

What purpose does a wireless site survey serve? (Choose two)

To identify existing or potential sources of interference. To identify the coverage area and preferred placement of access points.

You need to place a wireless access point in your two story building. While trying to avoid interference, which of the following is the best location for the access point?

In the top floor

You are designing a wireless network implementation for a small business. the business deals with sensitive customer information, so data emanation must be reduces as much as possible. The floor plan of the office is shown below. Match each type of access point antenna with the appropriate location on the floorplan.

Location = type A= Directional B= Directional C=Omnidirectional D= Directional E= Directional F= Directional G= Directional

The owner of a hotel has contracted with you to implement a wireless network to provide Internet access for guests. The owner has asked that you implement security controls such that only paying guests are allowed to use the wireless network. She wants guests to be presesnted with a loging page when they initially connect to the WLAN. After entering a code provided at check in, guests should then be allowed full access to the Internet. If a user does not provide the correct code, they should not be allowed access to the internet. What should you do?

Implement a captive portal

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?

A rogue access point

Which of the following describes marks that attackers place outside a building to identify an open wireless network?

Warchalking

The process of walking around an office building with an 802.11 signal detector is known as what?

Wardriving

Which of the following describes Bluesnarfing?

Unauthorized viewing calendar, emails, and messages on a mobile device

Which of the following sends unsolicited business cards and messages to a Bluetooth device?

Bluejacking

Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?

Disable Bluetooth on the phone

You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using?(Select two)

Bluetooth and 802.11g

Your organization uses an 802.11g wireless network. Recently, other tenants installed the following equipment in your building:....since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?

The wireless TV system

Which of the following best describes an evil twin?

An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information

Network packet sniffing is often used to gain the information needed to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?

Encryption

Which of the following common network monitoring or diagnostic activity can be used as a passive malicious attack?

Sniffing

You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.

Check the MAC addresses of devices connected to your wired switch and conduct a site survey

Match the malicious interference type with the appropriate characteristic.

Spark Jamming = Repeatedly blasts receiving equipment with high-intensity, short-duration RF bursts at a rapid pace Random Noise Jamming = Produces RF signals using random amplitudes and frequencies Random Pulse Jamming = uses radio pulses of random amplitude and frequency

The attacker has hidden an NFC reader behind an NFC-based kiosk in an airport. The attacker uses the device to capture NFC data in transit between end-user devices and the reader in the kiosk. She then uses that information later on to masquerade as the original end-user device and establish an NFC connection to the kiosk. What kind of attack has occurred in this scenario?

NFC Relay Attack

You are implementing a wireless network in a dentist's office. The dentist's practice is small, so you choose an inexpensive, consumer grade access point. While reading the documentation, you notice that the access point supports Wi-Fi protected Setup (WPS) using a PIN. You are concerned about the security implications of this functionality. What should you do to reduce the risk?

Disable WPS in the access point's configuration

Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?

WEP, WPA Personal, and WPA2 Personal

Which of the following offers the weakest form of encryption for an 802.11 wireless network?

WEP

Which of the following features are supplied by a WPA2 on a wireless network?

Encryption

You need to secure your wireless network. Which security protocol would be the best choice?

WPA2

You need to configure a wireless network. You want to use WPA2 Enterprise. Which of the following components will be a part of your design? (select two)

AES encryption 802.1x

Which of the following locations will contribute the greatest amount of interference for a wireless access point?

near a cordless phone and near backup generators

You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. What type of wireless antenna should you use on each side of the link? (select two)

High-gain and Parabolic

How does WPA2 differ from WPA?

WPA2 uses AES for encryption; WPA uses TKIP

You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption. What should you do?

Configure the connection to use WPA2 Enterprise

Match the wireless networking security standard with its associated characteristics

WEP = Short initialization vector makes key vulnerable WPA2 = Uses AES for encryption WEP = Uses RC4 for encryption WPA = Uses TKIP for encryption WPA2 = Uses CBC-MAC for data integrity WPA2 = Uses CCMP for key rotation

You need to add security for your wireless network. You would like to use the most secure method. Which method should you implement?

WPA2

Which of the following is used on a wireless network to identify the network name?

SSID

Which of the following are true about Wi-Fi Protected Access 2 (WPA2)? (Select two)

Uses AES for encryption Upgrading from a network using WEP typically requires installing new hardware.

WiMAX is an implementation of which IEEE Committee?

802.16

You want to connect a laptop computer running Windows 7 to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?

Configure the connection with a preshared key and AES encryption.

You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download. Which of the following components will be part of your solution?(Select two)

Remediation servers AND 802.1x authentication

Which step is required to configure a NAP on a Remote Desktop(RD) Gateway server?

Edit the properties for the server and select Request clients to send a statement of health.

In a NAP system, what is the function of the System Health Validator?

Compare the statement of health submitted by the client to the health requirements

How does IPsec NAP enforcement differ from other NAP enforcement methods?

Clients must be issued a valid certificate before a connection to the private network is allowed.

Which of the following is NOT an advantage when using an internal auditor to examine security systems and relevant documentation?

Findings in which the audit and subsequent summations are viewed as objective.

Properly configured passive IDS and System Audit Logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment?

Periodic reviews must be conducted to detect malicious activity or policy violations

Which of the following describes Privilege Auditing?

Rights and privileges of users and groups are checked to guard against creeping privileges.

Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?

auditing

What is the purpose of audit trails?

Detect security-violation events

Which of the following is a collection of recorded data that may include details about logons, object access and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?

audit trail

A recreation of historical events is made possible through?

audit trails

The process of walking around an office building with an 802.11 signal detector is known as what?

War Driving

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?

Rogue Access Point

Which of the following sends unsolicited business cards and messages to a Bluetooth device?

Bluejacking

Which of the following best describes Bluesnarfing?

Unauthorized viewing calendar, emails, and messages on a mobile device

Which of the following describes marks that attackers place outside a building to identify an open wireless network?

War chalking

Network packet sniffing is often used to gain the information needed to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?

Encryption

A user calls to report that she is experiencing intermittent problems while accessing the wireless network from her laptop computer. While she normally works from her office, today she is trying to access the wireless network from a conference room which is across the hall and next to the elevator. What is the most likely cause of her connectivity problem?

Interference is affecting the wireless signal.

You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using?(Select two)

Bluetooth AND 802.11b

Which of the following best describes an evil twin?

An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information

Your organization uses an 802.11b wireless network. Recently, other tenants installed the following equipment in your building:....since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?

The wireless TV system

Which of the following common network monitoring or diagnostic activity can be used as a passive malicious attack?

Sniffing

Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?

Disable Bluetooth on the phone

Which IPsec subprotocol provides data encryptions?

ESP

PPTP is quickly becoming obsolete because of what VPN protocol?

L2TP

You have a group of salesmen who would like to access your private network through the Internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?

VPN concentrator

Which VPN protocol typically employs IPsec as its data encryption mechanism?

L2TP

Which of the following is NOT a VPN tunnel protocol?

RADIUS

A VPN is used primary for what purpose?

Support secured communications over an untrusted network.

Which is the best countermeasure for someone attempting to view your network traffic?

VPN

What is the primary use of tunneling?

Supporting private traffic through a public communication medium

Which statement best describes IPsec when used in tunnel mode?

The entire data packet, including headers is encapsulated.

In addition to Authentication Header (AH), IPsec is comprised of what other service?

Encapsulating Security Payload (ESP)

A salesperson in your organization spends most of her time traveling between customer sites.
After a customer visit, she must complete various managerial tasks, such as updating your
organization's order database.
Because she rarely comes back to your home office, she usually accesses the network from her
notebook computer using WiFi
access provided by hotels, restaurants, and airports.
Many of these locations provide unencrypted public WiFi
access, and you are concerned that
sensitive data could be exposed. To remedy this situation, you decide to configure her notebook
to use a VPN when accessing the home network over an open wireless connection.
Which key steps should you take when implementing this configuration? (Select two.

Configure the VPN connection to use IPsec. Configure the browser to send HTTPS requests through the VPN connection.

You have a small network at home that is connected to the internet. On your home network you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow Internet hosts to contact the server to browse a persona Web site. What should you use to allow access?

Static NAT

Which of the following in NOT one of the ranges of IP addresses define in RFC 1918 that are commonly used behind a NAT server?

169.254.0.0-169.254.255.255

You are the network administrator for a small company that implements NAT to access the Internet. However, you recently acquired 5 servers that must be accessible from outside your network. Your ISP has provided you with 5 additional registered IP addresses to support these new servers but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these 5 servers?

Static

Which of the following network devices or services prevent the use of IPsec in most cases?

NAT

YOU want to connect your small company network to the Internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of NAT should you implement?

Dynamic

Which of the following is NOT a benefit of NAT?

Improving the throughput rate of traffic

Which of the following is the best device to deploy to protect your private network from a public untrusted network?

Firewall

Which of the following are true of a circuit proxy filter firewall?(Select two)

Operates at the Session Layer AND Verifies sequencing of session packets

You have just installed a packet-filtering firewall on your network. What options will you be able to set on your firewall? Select all that apply.

Source address of a packet, Destination address of a packet, AND Port Number

When designing a firewall, what is the recommended approach for opening and closing ports?

Close all ports; open only ports required by applications inside the DMZ

You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?

IP address

Which of the following are characteristics of a packet filtering firewall?(Select two)

Stateless AND Filters IP address and port

You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-bases attacks. What solution should you use?

Host based firewall

Which of the following functions are performed by proxies?(Select two)

Block employees from accessing certain Web sites AND Cache web pages

You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?

Circuit-level

You connect your computer to a wireless network available at the local library. You find that you can access all web sites you want on the Internet except two. What might be causing the problem?

A proxy server is blocking access to the web sites

Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?

ACL

Which of the following are characteristics of a circuit-level gateway?(Select two)

Filters based on sessions AND Stateful

Which of the following is a firewall function?

Packet filtering

Which of the following firewall types can be a proxy between servers and clients?(Select two)

Application layer firewall AND Circuit proxy filtering firewall

You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?

Application level

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?

Bastion or sacrificial host

Your company has a connection tot he Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?

Network based firewall

Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet?

DMZ

In which of the following situations would you most likely implement a demilitarized zone(DMZ)?

You want to protect a public Web server from attack

You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use?

Use firewalls to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ.

Which of the following is likely to be located in a DMZ?

FTP Server

Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the Internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed. Which solution should you use?

NAC

You have used firewalls to create a demilitarized zone. You have a Web server that needs to be accessible to Internet users. The Web server must communicate with a database server for retrieving product, customer and order information. How should you place devices on the network to best protect the servers?(Select two.)

Put the database server on the Private network AND put the Web server inside the DMZ

Which type of active scan turns off all flags in a TCP header?

Null

Which of the following is the main difference between a DoS attack and a DDoS attack?

The DDoS attack uses zombie computers.

Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?

Spam

You need to enumerate the devices on your network and display the configuration details of the
network.
Which of the following utilities should you use?

nmap

You suspect that an Xmas tree attack is occurring on a system. Which of the following could
result if you do not stop the attack? (Select two.)

The threat agent will obtain information about open ports on the system. The system will unavailable to respond to legitimate requests.

Which of the following Denial of Service (DoS) attacks uses ICMP packets and will only be successful if the victim has less bandwidth than the attacker?

Ping Flood

Which of the following Denial of Service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot?

Teardrop

An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing? (#2)

Browsing the organization's website.

What are the most common network traffic packets captured and used in a replay attack?

Authentication

A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received in the Internet-facing interface. This is an example of what form of attack? (#1)

Spoofing

Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf

Which of the following best describes the ping of death?

An ICMP packet that is larger than 65,536 bytes

A SYN attack or a SYN flood exploits or alters which element of the TCP three-way handshake?

ACK

A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?

Land Attack

When a SYN flood is altered so that the SYN packets are spoofed in order to define the source
and destination address as a single victim IP address, the attack is now called what?

Land attack

Which of the following is a form of denial of service attack that subverts the TCP threeway
handshake process by attempting to open numerous sessions on a victim server but intentionally
failing to complete the session by not sending the final required packet?

SYN flood

A Smurf attack requires all but which of the following elements to be implemented?

Padded cell

You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack?(Select two)

The system will be unavailable to respond to legitimate requests AND the threat agent will obtain information about open ports on the system

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attacks?

DDoS

Which of the following best dedscribes a man-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server

Which of the following attacks tried to associate an incorrect MAC address with a known IP address?

ARP Poisoning

How would you prevent your browser from running JavaScript commands that are potentially harmful?

Client-side scripts

What is the main difference between a DoS attack and a DDoS attack?

DDoS uses zombie computers DDoS - distributed DoS

What could easily result in a denial of service attack if the victimized system had too little free storage capacity?

Spam

Fraggle

DoS attack - similar to Smurf but uses UDP packets directed to port 7 (echo) and port 19 (chargen)

Smurf

DoS attack - spoofs the source address in ICMP packets and sends the packets to an amplification network (bounce site). The site responds to the victim site w/thousands of messages.

What is the best protection measure during a Smurf attack?

Communicate with your upstream provider

Xmas tree attack

Conducts recon by scanning for open ports. Also conducts a DoS attack if sent in large amounts

Pharming

legitimate traffic is redirected to incorrect sites for phishing purposes - usually used with DNS pharming

Domain name kiting

spammers exploit domain registration by taking advantage of the five-day grace period w/out paying for the registration

What is the most common attack waged against Web servers?

buffer overflow

Data diddling

Changing or corrupting of data

TOC/TOU

logon session replay attack

What is the goal of a TCP/IP hijacking attack?

Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access

What is the best way to protect log files (accessed and/or deleted)?

Use syslog to send entries to another server

PTZ

Pan Tilt Zoom camera

C-Mount

Camera w/interchangable lenses

bullet

camera round in shape

dome

protected by glass/plastic dome

resolution

number of lines in an image higher = sharper image

focal length

magnification of a lens higher = greater distance

lux

sensitivity to light lower = less light needed for clear image

What type of scan does not complete the full three-way handshake of TCP, but listens for either SYN/ACK or RST/ACK packets?

TCP SYN scan

You want to be able to identify the services running on a set of servers on your network. What tool would best give you the info you need?

Vulnerability scanner

Wireshark

protocol analyzer (sniffer) that allows a user to copy and few frame contents - can also view source/destination info

OVAL

Open Vulnerablity and Assessment Language - international standard for testing, analyzing, and reporting

Retina

vulnerability scanner

Nessus

vulnerability scanner

MBSA

Microsoft Baseline Security Analyzer (MBSA) vulnerability scanner Checks for these weaknesses: Open ports Active IP addresses Running applications/services Missing critical patches Active default user accounts Default, blank, or common passwords

You need to enumerate the devices on your network and display the config details. What utility should you use?

nmap

samspade

identify the source of spam emails

active fingerprinting

form of system enumeration that is designed to gain as much info about a specific computer as possible

passive fingerprinting

goal is the same as active fingerprinting but does not utilize active probes of systems.

Granular password policies

Use to force different password policy requirements for different users

Password and account lockout policies

enforced in GPO linked to the domain - not individual OUs

Steps for granular passwords

1) create the password settings object w/necessary settings 2) edit the msDS-PSOAppliesTo property in the PSO to identify users or global security groups 3) If policy was applied to a group, add members to group

Linux command to display listening/non-listening sockets

netstat -a

How would you identify rogue WAPs?

1) conduct a site survey 2) check the MAC addresses of devices connected to your wire switch

Spark Jamming

Repeatedly blasts receiving equipment with high-intensity, short-duration RF bursts at a rapid pace

Random Noise Jamming

Produces RF signals using random amplitudes and frequencies

Random Pulse Jamming

uses radio pulses of random amplitude and frequency

NFC relay attack

an attacker captures NFC data in transit and then later uses that info to masquerade as the original device

How would you reduce the risk of a WAP with Wi-Fi Protected Setup using a PIN?

Disable WPS in the access point's configuration

Manageable Network Plan (1-4)

1) Prepare to document - establish the process to be used to document your network. Include timestamped documents 2) Map your network - list used protocols, list devices 3) Protect your network - identify choke points, segregate/isolate networks, physically secure high-value systems, identify users 4) Reach your network - ensure remote access connections are secure, remove insecure protocols

Manageable Network Plan (5-8)

5) Control Your Network - least privilege 6) Manage Your Network 1 - update management process 7) Manage Your Network 2 - establish baselines 8) Document Your Network

What is not a protection against session hijacking?

DHCP reservations

What can a packet sniffer do?

1) ID types of network traffic 2) view packet exchange between devices 3) analyze packets 4) view packet contents

Fingerprinting

identifies an OS or network service based on response to ICMP messages

Which type of active scan turns off all flags in a TCP header?

Null

Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?

Spam

Which of the following Denial of Service (DoS) attacks uses ICMP packets and will only be successful if the victim has less bandwidth than the attacker?

Ping Flood

Which of the following Denial of Service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot?

Teardrop

An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing? (#2)

Browsing the organization's website.

What are the most common network traffic packets captured and used in a replay attack?

Authentication

A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received in the Internet-facing interface. This is an example of what form of attack? (#1)

Spoofing

Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf

Which of the following best describes the ping of death?

An ICMP packet that is larger than 65,536 bytes

A SYN attack or a SYN flood exploits or alters which element of the TCP three-way handshake?

ACK

A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?

Land Attack

You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack?(Select two)

The system will be unavailable to respond to legitimate requests AND the threat agent will obtain information about open ports on the system

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attacks?

DDoS

Which of the following best dedscribes a man-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server

Which of the following attacks tried to associate an incorrect MAC address with a known IP address?

ARP Poisoning

Which of the following will enter random data to the inputs of an application?

Fuzzing

Which of the following is specifically meant to ensure that a program operates on clean, correct
and useful data?

Input validation

During the application development cycle, an application tester creates multiple virtual machines
on a hypervisor, each with a different version and edition of Windows installed. She then installs
the latest build of the application being developed on each virtual machine and evaluates them
for security vulnerabilities.
Which assessment technique was used in this scenario?

Configuration testing

During the application development cycle, a developer asks several of his peers to assess the
portion of the application he was assigned to write for security vulnerabilities.
Which assessment technique was used in this scenario?

Code review

You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in
your organization.
You've downloaded an Open Source NoSQL database from the Internet and installed it on a test
system in an isolated lab environment.
Which of the following are likely to be true about this test system? (Select two.)

The database admin user has no password assigned. Data will be stored in the database in unencrypted format.

You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in
your organization.
You've downloaded an Open Source NoSQL database from the Internet and installed it on a test
system in an isolated lab environment.
What should you do to harden this database before implementing it in a production
environment? (Select two.)

Implement an Application layer protocol to encrypt data prior to saving it in the database. Disable anonymous access.

Flexibility

Performing a physical-to-virtual migration (P2V).

Testing

Verifying that security controls are working as designed.

Server consolidation

Isolating a virtual machine from the physical network

Sandboxing

Moving virtual machines between hypervisor hosts.

You are implementing a iSCSI SAN that will be used by the file servers in your organization. You are concerned about security, so your design specifies that iSCSI initiators and targets must authenticate with each other before connection over the SAN will be allowed. In addition, you want data being transferred over the SAN to be encrypted. Which of the following are true in the scenario? (select two)

- The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit.
- The Challenge-Handshake Authentication Protocol (CHAP) and Reverse CHAP can be used to mutually authenticate SAN hosts.
- The Fibre Channel Authentication Protocol (FCAP) can be used to mutually authenticate SAN hosts.
- The Internet Protocol Security (IPSec) protocol can be used to encrypt the data in transit.
- The Diffie-Hellman Challenge Handshake Authentication Protocol (DC-CHAP) can be used to mutually authenticate SAN hosts.

- The Challenge-Handshake Authentication Protocol (CHAP) and Reverse CHAP can be used to mutually authenticate SAN hosts. - The Internet Protocol Security (IPSec) protocol can be used to encrypt data in transit.

Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (select two)

-Link the Group Policy Object to the container where the tablets' computer objects reside.
- Manually configure security settings using the Local Group Policy Editor.
- Configure security settings in a Group Policy Object.
- Enroll the devices in a mobile device management system.
- Configure and apply security policy settings in a mobile device management system.
- Join the tablets to your domain.

- Enroll the devices in a mobile device management system. - Configure and apply security policy settings in a mobile device management system.

You are designing a Fibre Channel SAN Implementation that will be used to file servers in your organization. Multiple volumes will be configured on the SAN, each used by different departments in your organization. It's very important that only the appropriate server be able to connect to a given volume on the SAN. For example, the Sales and Marketing server must not be allowed to connect to the SAN volume used by Human Resources.
To enable this, you decided to use LUN Masking.
Which of the following is true of this scenario?

- LUN Masking provides weak security as it only obscures volumes on the disk.
- LUN masking is enforced by the SAN switch using ACLs.
- Encryption protocols such as ESP are not compatible with LUN masking.
- Authentication protocols such as DH-CHAP are not compatible with LUN masking.

- LUN Masking provides weak security as it only obscures volumes on the disk.

You manage the Information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an Internet connection. You are concerned about the security of these devices. What can you do to increase their security posture?

-Enroll each device in a mobile device management system.
- Install a network monitoring agent on each device.
- Verify that your network's existing security infrastructure is working properly.
- Install anti-malware software on each device.
- Install the latest firmware updates from the device manufacturer.

- Verify that your network's existing security infrastructure is working properly. - Install the latest firmware updates from the device manufacturer.

You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix?

- Test the hotfix, then apply it to the server that had the problem.
- Test the hotfix, then apply it to all servers.
- Apply the hotfix immediately to the server; apply the hotfix to other devices only as the security threat manifests itself.
- Apply the hotfix immediately to all servers.

- Test the hotfix, then apply it to all servers.

You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment. Which of the following are likely to be true about this test system?

- Data will be stored in the database in unencrypted format.
- The database is more susceptible to SQL injection attacks than traditional SQL databases.
- The database admin user has no password assigned.
- The default admin user password is admin.
- Data will be stored in the database in encrypted format by default.

- Data will be stored in the database in unencrypted format. - The database admin user has no password assigned.

You have a development machine that contains sensitive Information relative to your business. You are concerned that spyware and malware might get installed while browsing websites and could compromise your system or pose a confidentially risk. Which of the following would best protect your system?

- Run the browser within a virtual environment.
- Run the browser in protected mode.
- Change the security level for the Internet zone to High.
- Configure the browser to block all cookies and pop-ups.

- Run the browser within a virtual environment.

Which of the following is specifically meant to ensure that a program operates on clean, correct and useful data?

- Error and exception handling
- Application hardening
- Input validation
- Process spawning

- Input validation

What is the main function of a TPM hardware chip?

- Generate and store cryptographic keys
- Perform bulk encryption in a hardware processor
- Provide authentication credentials on a hardware device
- Control access to removable media

- Generate and store cryptographic keys

Your organization has recently purchased 20tablet devices for the Human Resources department to use for training sessions.
You are concerned that these device could represent a security risk to your network and want to strengthen their security profile as much as possible. Which actions should you take? (select two)

- Install the devices in your organization's directory services tree.
- Join the devices to your organization's domain.
- Configure a Group Policy object (GPO) contain mobile device-specific security settings.
- Implement storage segmentation
- Enable device encryption.

- Implement storage segmentation - Enable device encryption

You are implementing a Fibre Channel SAN that will be used by the database servers in your organization. You are concered about security, so your design specifies that SAN hosts must authenicate with each other before a connection over the SAN will be allowed. In addition, you want data being transferred over the SAN to be encrypted. Which of the following are true in this scenario?

- The Internet Protocol Security (IPSec) protocol can be used to encrypt data in transit.
- The Challenge-Handshake Authentication Protocol (CHAP) and reverse CHAP can be used to mutually authenticate SAN hosts.
- Kerberos can be used to mutually authenticate SAN hosts.
- The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit.
- The Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) can be used to mutually authenticate SAN hosts.

- The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit. - The Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) can be used to mutually authenticate SAN hosts.

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files.
What should you do?

-Implement BitLocker without a TPM
-Implement BitLocker with a TPM
-Have each user encrypt the entire volume with EFS
- Have each user encrpyt user files with EFS

-Implement BitLocker with a TPM

Preventing Malware infections

Implement a network access control (NAC) solution

Supporting mobile device users

Specify who users can call for help with mobile device apps in your acceptable use policy

Preventing loss of control of sensitive data

Enroll devices in a mobile device management system.

Preventing malicious insider attacks

Specify where and when mobile devices can be possessed in your acceptable use policy.

Applying the latest anti-malware definitions

Implement a network access control (NAC) solution

You manage the information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology allowing them to be managed using a mobile device app over an Internet connection. You are concerned about the security of these devices. What can you do to increase their security posture?

-Rely on the device manufacture to maintain device security with automated firmware updates.
- Verify that your network's existing security infrastructure is working properly.
- Install anti-malware software on each device.
- Enroll each device in a mobile device management system.

- Verify that your network's existing security infrastructure is working properly.

Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations?

-Group Policy
-WSUS
-Security Templates
-Security Configuration and Analysis

-Group Policy -WSUS Windows Software Update Services (WSUS) is a patch management tool that allows clients on a network to download software updates from a WSUS server internal to their organization.

You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the
following would you restrict to accomplish this?

client-side scripts

A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of
common attack?

buffer overflow

Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or
gather personal information?

xss

when you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is.

drive-by download

Having poor software development practices and failing to program input validation checks during development of
custom software can result in a system vulnerable to which type of attack?

buffer overflow

Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute
arbitrary code on a target?

buffer overflow

an attacker inserts SQL database commands into a data input field of an order form used by a web-based application

implementing client-side validation

while using a web-based order form, an attacker enters an unusually large value in the quantity field. the value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application.

integer overflow

flash explotation

lso exploit

Use of which of the ff. is a possible violation of privacy?

cookies

Which of the ff. is not true regarding cookies?

they operate within a security sandbox

Which of the ff. is a text file provided by a Web site to client that is stored on a user's hard drive in order to track and record information about the user?

cookie

You want to allow e-commerce Web site that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?

Allow first party cookies but block third-party cookies

To help prevent browser attacks, users of public computers should do which of the ff.?

clear the browser cache

You manage several Windows systems. Deskstop users access an in-house application that is hosted on you intranet Web server. When a user clicks a specific option in the application, they receive an error message that the popup was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do?

Add the URL of the Web site to the Local Intranet zone.

you manage several windows systems. all computers are members of domain. you use an internal website that uses integrated windows authentication. you attempt to connect the website and are promted for authentication

add the internal website to the local intranet zone

You have been getting a lot of phishing e-mails sent from the domain Kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl

You want to make sure that these e-mails never reach your Inbox, but the e-mails from other senders are not affected. What should you do?

Add Kenyan.msn.pl to the e-mail blacklist.

Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims?

spamming

an attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware

spam

you want to use a protocol for encrypting e-mails that uses a PKI with x.509 certificates. which method should you choose

S/MIME

What is the most common means of virus distribution

e-mail

you install a new linux distribution on a server in your network.

open SMTP relay

users in your organization receive email messages informing them that suspicious activity has be detected on their bank account

phishing

What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?

peer-to-peer networking

What type of attack is most likely to succeed against communications between Instant Messaging clients?

SNIFFING

Instant Messaging does not provide which of the ff.?

privacy

Which of the ff. are disadvantages to server virtualization?

a compromise of the host system might affect multiple servers;

You have a development machine contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidentiality risk. Which of the ff. would best protect your system?

Run the browser within a virtual environment

Which of the ff. is an advantage of virtual browser?

Protects the operating system from malicious downloads

Which of the ff. will enter random data to the inputs of an application?

fuzzing

Which of the ff. is specifically meant to ensure that a program operates on clean, correct and useful data?

input validation

during the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version

configuration testing

during the application dev cycle, a developer asks serveral of his peers to asses the portion of the application he was assigned to write

code review

You are implementing security at a local high school that is concerned with students accessing inappropriate material on the Internet from the library's computers. The students will use the computers to search the Internet for research paper content. The school budget is limited. Which content filtering option would you choose?

Restrict content based on content categories

Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?

Extranet

You are the office manager of a small financial credit business. Your company handles personal, financial information for clients seeking small loans over the Internet. You are aware of your obligation to secure clients records, but budget is an issue. Which item would provide the best security for this situation?

All-in-one security appliance

You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?

Implement version 3 of SNMP

You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. What protocol should you implement?

DNS

Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery?

ICMP

You are configuring a network firewall to allow SMTP outbound email traffic, and POP3 inbound email traffic. Which of the following TCP/IP ports should you open on the firewall? (Select Two)

25, 110

Which port number is used by SNMP?

161

Which of the following ports does FTP use to establish sessions and manage traffic?

20, 21

Using the Netstat command you notice that a remote system has made a connection to your Windows server 2003 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing ?

Downloading a file

To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the Internet, you are unable to perform some secure credit card transactions.

443

Which of the following network services or protocols uses TCP/IP port 22?

SSH

Matching ports to associated services

SNMP = 161 TCP and UDP SSH = 22 TCP and UDP TFTP = 69 UDP SCP = 22 TCp and UDP Telnet = 23 TCP HTTPS = 443 TCP and UDP HTTP = 80 TCP FTP = 20 TCP SMTP = 25 TCP POP3 = 110 TCP

Which of the following lists accurately describes TCP and UDP?

TCP: connection-oriented, reliable, sequenced, high overhead UDP: connectionless, unreliable, unsequenced, low overhead

You are an application developer creating applications for a wide variety of customers. In which two of the following situations would you select a connectionless protocol?(Select 2)

A gaming company wants to create a networded version fo its latest game AND A company connects two networks through an expensive WAN link. The communication media is reliable, but very expensive. They want to minimize connection times.

You want to maintain tight security on your internal network so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable?

53

Your company's network provides HTTP, HTTPS, and SSH access to remote employees. Which ports must be opened on the firewall to allow this traffic to pass?

80, 443, 22

Your network recently experienced a series of attacks at the Telnet and FTP services. You have rewritten the security policy to abolish the unsecured services, and now you must secure the network using your firewall and routers. Which ports must be closed to prevent traffic directed to these two services?

23, 21

Which of the following best describes the purpose of using subnets?

Subnets divide an IP address into multiple addresses.

Which of the following is NOT a reason to use subnets of a network?

Combine different media type on the same subnet.

Which of the following IPv6 addresses is the equivalent of IPv4 loop-back address of 127.0.0.1?

::1

Which of the following describes an IPv6 address? (select two)

128-bit address; eight hexadecimal quartets

Which of the following correctly describe the most common format for expressing IPv6 addresses? (select two)

Hexadecimal numbers; 32 nubmers, grouped using colons

Which of the following are valid IPv6 addresses? (select two)

6384:1319:7700:7631:446A:5511:8940:2552 AND 141:0:0:0:15:0:0:1

Which of the following is a valid IPv6 address?

FEC0::AB;9007

Routers operate at which level of the OSI model?

Network layer OR layer 3

You've decided to use a subnet mask of 255.255.192.0 on the 172.17.0.0 network to create four separate subnets. Which network IDs will be assigned to these subnets in this configuration? (selec two)

172.17/128.0 AND 172.17.0.0

Which of the following are improvements to SNMP that are included within SNMP version 3?

Authentication for agents and managers. Encryption of SNMP messages.

Which protocol does HTTPS use to offer greater security for Web transactions?

SSL.

Talnet is inherently insecure because its communication is in plain text and is easily interpreted. Which of the following is an acceptable alternative to Talnet?

SSH.

Which of the protocols is used for securely browsing a Web site?

HTTPS

You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration.
What should you do?

Implement version 3 of SNMP.

Which of the following protocols can be used to securely manage a network device from a remote connection?

SSH.

Which of the following protocols are often added to other protocols to provide secure transmission of data?

TLS. SSL.

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the Web site. The two hashes match. What do you know about the file

Your copy is the same as the copy posted on the website.

Which of the following is the strongest hashing algorithm

SHA-1

Which of the following best describes high amplifications when applied to hashing algorithms

A small change in the message results in a big change in the hash value.

Which of the following is the weakest hashing algorithm

MD-5

When two different messages produce the same hash value, what has occurred

Collision

Hashing algorithms are used to perform what activity

Create a message digest

Your company system is a participant in an asymmetric cryptography system. You've crafted a message to be sent another user. Before transmission, you hash the message, then encrypt the hashing using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide

Integrity

Which of the following is used to verify that a downloaded file has not been altered

Hash

By definition, which security concept uses the ability to prove that a sender sent an encrypted message

Non-repudiation

You create a new document and save it to a hard drive on a file server on your company's network. Then, you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing what security goal

Confidentiality

By definition, which security concept ensures that only authorized parties can access data

Confidentiality

What is the cryptography mechanism which hides secret communications within various forms of data

Steganography

Which of the following encryption methods combines a random value with the plaintext to produce the cipher text

One-time pad

By definition, which security concept uses the ability to prove that a sender sent an encrypted message?

Non-repudiation

Which of the following is not a valid example of steganography

Encrypting a data file with an encryption key

When a cryptographic system is used to protect confidentiality of data, what is actually protected

Unauthorized users are prevented from viewing or accessing the resource.

What form of cryptography is best suited for bulk encryption because it is so fast

Symmetric key cryptography

Which of the following is not true concerning symmetric key cryptography

Key management is easy when implemented on a large scale.

Which of the following algorithms are used in symmetric encryption (Select three.)

Blowfish, AES, 3DES

What type of key or keys are used in symmetric cryptography

A shared private key

Which of the following is the weakest symmetric encryption method

DES

You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible

AES

How many keys are used with symmetric key cryptography

One

Which of the following is used for secure exchange of symmetric encryption keys

Diffie-Hellaman

Which of the following algorithms are used in asymmetric encryption (Select two.)

Diffie-Hellman, RSA

Which of the following are characteristics of ECC (Select two.)

Asymmetric encryption, Uses a finite set of values within an algebraic field.

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. What must the receiver use to access the hashing value to the verify the integrity of the transmission

Sender's public key

How many keys are used with asymmetric or public key cryptography

Two

Which of the following is the employment of two separate key pairs in order to separate the security functions of confidentiality and integrity in a communication system

Dual key pair

A PKI is a method for managing which type of encryption

Asymmetric

Which of the following protocols are most likely used with digital signatures (Select two.)

ECC, RSA

What is the purpose of key escrow

To provide a means to recover from a lost private key

Which of the following is an entity that accepts and validates information contained within a request for certificate

Registration authority

What is a PKI

A hierarchy of computers for issuing certificates

What is the most obvious means of providing non-repudiation in a cryptography system

Digital signatures

Which of the following items are contained in a digital certificate

Validity period, public key

Which of the following generates the key pair used in asymmetric cryptography

CSP

Which of the following would you find on a CPS

A declaration of security that the organization is implementing for all certificates

Which of the following best describes the content of the CRL

A list of all revoked certificates

Certificate revocation should occur under all but which of the following conditions

The certificate owner has held the certificate beyond the established lifetime timer

Which of the following security measures encrypts the entire contents of a hard drive

Drive Lock

You want to protect data on hard drives for users with laptops. You want to drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do

Implement BitLocker with a TPM

You want to implement BitLocker to encrypt data on a hard disk even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do

Enable the TPM in the BIOS

Which of the following would require that a certificate be placed on the CRL

The private key is compromised.

Which of the following is the best countermeasure for man-in-the-middle attacks

Public Key Infrastructure (PKI)

What action is taken when the private key associated with a digital certificate becomes compromised

The certification is revoked and added to the Certificate Revocation List

When a sender encrypts a message using their own private key, what security service is being provided to the recipient

Non-repudiation

A private key has been stolen. What action should be taken to deal with this crisis

Add the digital certificate to the CRL

Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature

Mary's private key

Which of the following statements is true when comparing symmetric and asymmetric cryptography

Asymmetric key cryptography is used to distribute symmetric keys.

You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server

Obtain a certificate from a public PKI

Mary wants to send a message to Sam so the only Sam can read it. Which key would be used to encrypt the message

Sam's public key

What is the main function of a TPM hardware chip

Generate and store cryptographic keys

Which of the following security solutions would prevent a user from reading a file which she did not create

EFS

Which of the following network layer protocols provides authentication and encryption services of IP based network traffic

IPSec

Which protocol is used for securely browsing a Web site

HTTPS

Which IPSec sub protocol provides data encryption

Encapsulating Security Payload (ESP)

You are purchasing a hard disk over the Internet from an online retailer. What does your browser use to ensure the other cannot see your credit card number on the Internet

SSL

Which of the following can be used to encrypt Web, e-mail, telnet, file transfer, and SNMP traffic

IPSec (Internet protocol security)

Which of the following technologies is based upon SSL (Secure Socket Layer)

TLS (Transport Layer Security)

Which of the following is the best countermeasure against man-in-the-middle attacks

IPSec

You want to allow traveling users to connect to your private network through the Internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the Internet in these locations.

SSL

Which of the following protocols can be used to securely manage a network device from a remote connection?

SSH

Which standard is most widely used for certificates?

X.509

What's the primary function of the IKE protocol use with IPSec?

Create a security association between communicating partners

The session keys employed by SSL (Secure Socket Layer) are available in what bit lengths?

128 bit and 40 bit

Which of the following protocols can TLS for key exchange?

RSA, Diffie- Hellman

Telnet is inherently insecure its communications is in plain text and easily intercepted. Which of the following is an acceptable alternative to Telnet?

SSH

Which of the following are characteristics of MLPS?(Select Two)

Adds labels to data units, Supports variable-length data units

Which of the following is WAN technology that allows for interoperability of vendor hardware for fiber optic networking?

SONET

Which type of network establishes a dedicated connection between two hosts who need to communicate on the network, not allowing any other host to use the medium until the communication is complete?

Circuit-switched

Which of the following terms identifies the network of dial-up telephone and the long-distance lines?

PSTN

Which of the following are characteristics of ATM?(Select Two)

Uses fixed-length cells of 53-bytes

If the SONET (OC-1) base data rate is 51.84 Mbps, how much data can the Optical Carrier level 12 (OC-12) transfer in one second?

622.08 Mb

You have a site in your network that is connected to multiple other sites. A single virtual circuit is used to connect to all other sites.

Point-to-multipoint

What must install between your network and a T1 line for your network to use the T1 line?

CSU/DSU

Which of the following describes the lines used in local loop for dial-up telephone access?

POTS

Which type of network divides data to be transmitted into small units and routes these units from the originating system to the destination system, allowing multiple, concurrent communications on the network medium?

Packet-switched

What is the speed of an OC-3 connection?

155 mbps

Which of the following correctly describes the T1 carrier system?(select two)

A single T1 channel can transfer data at 64 Kbps, T1 lines use pairs of copper wire

You are implementing Internet connectivity for a new start-up company. Your client will provide on-line storefronts for retailers. To do this, they have calculated that their Internet connection must provide a data rate of at least 20 - 30 Mbps. Which type of service should you implement?

T3

Which of the following technologies uses variable-length packets and adds labels to packets as they enter the WAN cloud, with the labels being used to switch packets and prioritize traffic?

MPLS

Which of the following are characteristics of SONET? (Select Two)

Transport protocol used for other traffic types, dual counter-rotating fiber optic rings

You have a series of WAN links that connects your site to multiple other sites. Each remote site is connected to your site using a dedicated link What type of connection is being used?

Point-to-point

Which of the following devices is used on a WAN to convert synchronous serial signals into digital signals?

CSU/DSU

You are traveling throughout North America to many metropolitan and rural areas. Which single form of Internet connectivity provides the greatest potential connectivity wherever you travel?

PSTN

Which of the following is the most susceptible to interference related to atmospheric conditions?

Satellite

Which of the following services are available regardless of whether the telephone company network is available?

Cable modem

What is the maximum data rate of an ISDN BRI line?

128 Kbps

Which of the following are characteristics of VDSL? (Select Two)

Unequal download and upload speeds, Supports both data and voice at the same time

Which of the following is a characteristic of SDSL?

Supports data traffic only (no voice)

Which of the following Internet connection technologies requires that the location be within a limited distance of the telephone company central office?

DSL

Which two of the following describe the channels and the data transfer rates used for ISDN BRI(Select Two)

One D channel operating at 16 Kbps, Two B channels operating at 64 Kbps each

To access the Internet through the PSTN, what kind of connectivity device must you use?

Modem

Which of the following Internet services provides equal upload and download bandwidth?

SDSL

Which WAN connection types use digital communications over POTS?(Select two)

ISDN, DSL

A healthcare organization provides mobile clinics throughout the world. Which network technology should you select to transfer patient statistical data to a central database via the Internet to ensure network connectivity for any clinic located anywhere in the world, even remote areas?

Satellite

Which three of the following are characteristics of ISDN?

It provides enough bandwidth to transmit data at much higher speeds than standard modems and analog lines, It is a dial-up service that uses existing copper wires for the local loop, It lets you transmit voice, video, and data over the same lines.

You want to set up a service to allow multiple users to dial into the office server from modems on their home computers. What service should you implement?

RAS

Which of the following is a platform independent authentication system that maintains a database of user accounts and passwords that centralizes the maintenance of those accounts?

RADIUS

Which of the following protocols of services is commonly used on cable Internet connections for user authentication?

PPPoE

You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files on that server that you need. You want the connection to be as secure as possible. Which type of connection will you need?

Remote access

Which of the following are characteristics TACACS+?(Chose Two)

Uses TCP, Allows for a possible of three different servers, one each for authentication, authorization, and accounting

You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization.

Configure the remote access servers as RADIUS servers.

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two)

TACACS+, RADIUS

You have just signed up for Internet access using a local provider that gives you a fiber optic line into your house. From there, Ethernet and wireless connections are used to create a small network within your home. Which of the following protocols would be used to provide authentication, authorization, and accounting for the Internet connection?

PPPoE

Which of the following are differences between RADIUS and TACACS+?

RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.

You are configuring your computer to dial up to the Internet. What protocol should you use?

PPP

Users on your network report that they have received an email stating that the company has just launched a new website for employees, and to access the Web site they need to go there and enter their user name and password information. No one in your company has sent this email. What type of attack is this?

Phishing

Which of the following statements about the use of anti-virus software is correct?

Anti-virus software should be configured to download updated virus definition files as soon as they become available.

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?

Denial of Service

A Smurf attack requires all but which of the following elements to be implemented?

Padded cell

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network office. What type of security risk is this?

Rouge access point

Which of the following describes a man-in-the -middle?

A false server intercepts communications from a client by impersonating the intended server.

What is the primary countermeasure to social engineering?

Awareness

Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?

Denial of Service attack

Which of the following is a form of denial of service attack that uses spoofed ICMP PACKETS TO FLOOD A VICTIM WITH ECHO REQUESTs USING A BOUNCE/AMPLIFICATION network?

Smurf

What is the main difference between a worm and a virus?

A worm can replicate itself and does not need a host for distribution.

How can an organization help prevent social engineering attacks?(Select Two)

Educate employees on the risks and countermeasures, Publish and enforce clearly written security policies.

Capturing packets as they travel from one host to another with the with the intent of altering the contents of the packets is a form of which security concern?

Man-in-the-middle attack

What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it found?

Virus

You have worked as the network administrator for a company for seven months. One day all picture files on the server become corrupted. You discover that user download a virus from the Internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss is adamant that this situation doe not occur. What should you do?

Install a network virus detection software solution.

Which of the following measures are you most likely to implement in order to protect against a worm or a Trojan horse?

Anti-virus software

Which of the following is the best countermeasure against man-in-the-middle attacks?

IPSec

Which of the following is NOT a primary characteristic of a worm?

It infects the MBR of a hard drive

Which of the following are examples of social engineering? (Select Two)

Dumpster diving, Shoulder surfing

Which of the following are characteristics of a circuit-level gateway? (Select Two)

Filters based on sessions, Stateful

How does a proxy server differ from a packet filtering firewall?

A proxy server operates at the Application layer, while a packet filtering firewall operates at the Network layer.

Which port number is used by SNMP?

161

You are the administrator for a secure network that uses firewall filtering. Several network users have requested to access Internet Usenet groups but are unable. What needs to be done to allow users to access the newsgroups?

Open port 119 to allow NNTP service.

You administer a Web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the Web site as follows: IP address: 192.168.23.8, HTTP Port: 1030, SSL Port: 443. Users complain that they can't connect to the web site when they type www.westsim.com. What is the most likely source of the problem?

The HTTP port should be changed to 80.

Which of the following functions are performed by proxies? (select two)

Cache web pages, Block employees from accessing certain websites.

Your company leases a very fast Internet connection and pays for it based on usage. You have been asked by the company president to reduce Internet line lease costs. You want to reduce the amount of web pages that are downloaded over the leased connection, without decreasing performance. What is the best way to do this?

Install a proxy server.

Which protocol and port number is used by BOOTP/DHCP?

UDP 67

Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?

ACL

Using the Netstat command you notice that a remote system has made a connection to your Windows server 2003 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing ?

Downloading a file

You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?

Circuit-level

Haley configures a Web site using Windows 2000 default values. What are the HTTP port and SSL port settings?

80 for HTTP; 443 for SSL

You are configuring a network firewall to allow SMTP outbound email traffic, and POP3 inbound email traffic. Which of the following TCP/IP ports should you open on the firewall? (Select Two)

25, 110

Which of the following are characteristics of a packet filtering firewall? (Select Two)

Filters IP address and port, Stateless

You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to implement scanning of emails for all users. You want to scan the emails and prevent any emails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?

Network based firewall

You have a company network that is connected to the internet. You want all users to have internet access, but need to protect your private network and users. You also need to make private network and users. You also need to make a Web server publicly available to Internet users. Which solution should use?

Use firewalls to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ

Which protocol and port number is used by TFTP?

UDP 69

Your company has a connection to the Internet that allows users to access the Internet. You also have a web server and an email server that you want to make available to Internet users. You want to create a DMZ for these servers. Which type of device should you use to create the DMZ?

Network based firewall

You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use?

Host based firewall

You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets.

IP address

IPsec is implemented through two separate protocols. What are these protocols called? (Select Two)

AH, ESP

A VPN is used primarily for what purpose?

Support secured communications over an untrusted network.

You are in the middle of a big project at work. All of your work files are on a server at the office. You want to be able to access the server desktop, open and edit files, save files on the server, and print files to a printer connected to a computer at home. Which protocol should you use?

RDP

You have a group of salesman who would like to access your private network through the Internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?

VPN concentrator

You want to use a protocol that can encapsulate other LAN protocols and carry the data securely over an IP network.

PPTP

You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the Internet in these locations. Which of the following protocols would be most likely to be allowed through the widest number of firewalls?

SSL

Which of following network layer protocols provides authentication and encryption services for IP based network traffic?

IPSec

Which of the following protocols can your portable computer use to connect to your company's network via a tunnel through the Internet? (Select two)

L2TP

You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature allows the switches to pass VLAN traffic between the switches?

Trunking

You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement?

VLANs

When configuring VLANs on a switch, what is used to identify VLANs on a switch, what is used to identify VLAN membership of a device?

Switch port

Which of the following do switches and wireless access points use to control access through the device?

MAC filtering

Which of the following best describes the concept of a virtual LAN?

Devices on the same network logically grouped as if they were grouped on separate networks.

Which switch features are typically used with VoIP? (Select Two)

PoE, VLAN

Which of the following connectivity hardware is used to create a LAN?

Switch

You manage a private network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1, and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch also in VLAN 1. What should you configure to allow communication between these two devices through the switches?

Trunking

When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?

Trunk ports

Which type of devices is required to implement port authentication through the switch?

RADIUS server

Your company is a small start-up company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?

VLAN

You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure?

Port authentication

You manage a network with two switches. The switches are connected together through their Gigabit uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in the VLAN 1 needs to communicate with a device on the same switch which is in VLAN 2. What should you configure so that the two devices can communicate?

Routing

You run a small network for your business that has a single router connected to the Internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?

VLAN

When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?

Ticket

Which of the following are used when implementing Kerberos for authentication and authorization? (Select Two)

Time server, Ticket granting

You want to implement an authentication method that uses public and private key pairs. Which authentication method should you use?

EAP

You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch? Which one of the following should you implement?

802.1x

Which of the following applications typically use 802.1x authentication? (Select Two)

Controlling access through a switch, Controlling access though a wireless access point

You have been contracted by a firm to implement a new remote access solution based on a Windows Server 2003 system. The customer wants to purchase and install a smart card system to provide a high level of security to the implementation. Which of the following authentication protocols are you most likely to recommend to the client?

EAP

Which of the following authentication protocols uses a three-way handshake to authenticate users to the network? (Choose two)

CHAP, MS-CHAP

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Mutual authentication

Which of the following is a mechanism for granting and validating certificates?

PKI

Which of the following authentication methods uses tickets to provide single sign on?

Kerberos

You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server?

Obtain a certificate from public PKI

Which of the following protocols can be used to securely manage a network device from a remote connection?

SSH

You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?

Implement version 3 SNMP

Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two)

SSL, TLS

Which protocol does HTTPS use to offer greater security in Web transactions?

SSL

which protocol is used for securely browsing a Web site?

HTTPS

Which of the following are improvements to SNMP that are included within SNMP version 3? (Select two)

Authentication for agents and managers, Encryption of SNMP messages

Telenet is inherently insecure because its a communication is in plain text and is easily intercepted. Which of the following is an acceptable alternative to Telnet?

SSH

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?

Host based IDS

What actions can a typical passive Intrusion Detection System (IDS) take when it detects an attack? (Select two)

The IDS logs all pertinent data about the intrusion, An alert is generated and delivered via Email, the console, or an SNMP trap.

Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?

IDS

You are concerned about protecting your network from network based attacks from the Internet. Specifically, you are concerned about "zero day" attacks (attacks that have not yet been identified or that do not have prescribed protections).

Anomaly based IDS

You want to make sure that a set of servers will only accept traffic for specific network services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?

Port scanner

What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?

IDS

Which of the following functions can a port scanner provide?

Discover unadvertised servers, Determining which ports are open on a firewall

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack. Which tool should you use?

IPS

Which of the following devices can monitor a network and detect potential security attacks?

IDS

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities list in a database?

Signature based

What is the most common form of host based IDS that employs signature or pattern matching detection methods?

Anti-virus software

Which of the following devices is capable of detecting and responding to security threats?

IPS

Your organization recently purchase 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them. To increase the security of these devices, you wan to apply a default set of security related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is a part of a complete solution)

Enroll the devices in a mobile device management (MDM) system AND Configure and apply security policy settings in a mobile device management system

MATCHING:
Jailbreaking = allows apps to be installed from sources other than the app store

Jailbreaking = allows apps to be installed from sources other than the app store

MATCHING:
Sideloading = Allows apps to be installed from sources other than the Windows Store.

Sideloading = Allows apps to be installed from sources other than the Windows Store.

MATCHING:
Sandboxing = prevents a running app from accessing data stored by other running apps

Sandboxing = prevents a running app from accessing data stored by other running apps

MATCHING:
Assigned Access = Defines a whitelist of Windows Store applications

Assigned Access = Defines a whitelist of Windows Store applications

Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connections using the credentials assigned to a vice president in your organization. For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice presidents home recorded someone rummaging through her garbage cans prior to the attack. The VP admitted to writing her VPN log in credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network. You've reviewed the VP's social media pages and found pictures of her home posted, but you didn't notice anything in he photos that would give away her home address. She assure you that her smart phone was never misplaced prior to the attack. Which security weakness is the most likely cause of the security breach?

Geo-tagging was enabled on her smart phone

Your organization is formulating a bring your own device (BYOD) security policy for mobile devices. Which of the following statements should be considered as you formulate your policy?

You can't use domain-based group policies to enforce security settings on mobile devices.

Your organization's security policy specifies that any mobile device (regardless of ownership) that connects to your internal network must have remote wipe enabled. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it. Your organization recently purchased several Windows RT tablets. Which should you do?

sign up for a Windows Intune account to manage the tablets.

Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in your cloud-based Windows Intune account. Once of your sales reps left her tablet in an airport. The device contains sensitive information and you need to remove it in case the device is compromised. Which Intune portal should you use to perform a remote wipe?

Admin Portal

Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in your cloud-based Windows Intune account. Once of your sales reps left his notebook at a customer's site. The device contains sensitive information and you want to change the password to prevent the data from being compromised. Which Intune portal should you use to remotely change the password?

Admin Portal

On your way into the back entrance of the building at work one morning, a man dressed as pluber asks you to let him in so he can "fix the restroom". What should you do?

Direct him to the front entrance and instruct him to check in with the receptionist.

Which of the following are solutions that address physical security? (Select two)

Require identification and name badges for all employees. Escort visitors at all times.

Which of the following can be used to stop piggybacking that has been occurring at a front entrance where employees should swipe their smart cards to gain entry?

Deploy a mantrap

What is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment but which actively prevents re-entrance through the exit portal?

Turnstiles

You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which type of camera type should you choose?

PTZ (Pan Tilt Zoom)

you want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions?

500 resolution, 50mm, .05L UX

Which of the following CCTV camera types lets you adjust the distance that the camera can see (i.e. zoom in or out) ?

Varifocal

Which of the following CCTV types would you use in areas with little or no light?

Infrared

Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry?(Select two)

Double -entry door. Turnstile.

Which of the following controls is an example of a physical access control method?

Locks on doors

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You've hired a 3rd-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement cable locks to prevent theft of computer equipment.
Click on the office location where cable locks would be most appropriate.

At the lobby

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You've hired a 3rd-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement mantraps to prevent this from happening in the future.
Click on the office location where a mantrap would be most appropriate.

At the lobby

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You've hired a 3rd-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you provide employees with access badges and implement access badges readers to prevent this from happening in the future.
Click on the office location where a mantrap would be most appropriate.

Building entrance in the lobby. Sensitive areas as server room.

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You've hired a 3rd-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement closed-circuit TV (CCTV) surveillance cameras to prevent this from happening in the future.
Click on the office location where a mantrap would be most appropriate.

Building entrance. Sensitive areas as the server room.

Hardened carrier.
Biometric authentication.
Barricades.
Emergency escape plans.
Alarmed carrier.
Anti-passback system.
Emergency lighting.
Exterior floodlights.

Protected cable distribution. Door locks. Perimeter barrier. Safety. Protected cable distribution. Physical access control. Safety. Perimeter barrier.

Which of the following is the most important thing to do to prevent console access to the router?

Keep the router in a locked room

You have 5 salesmen who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns?

Use cable locks to chain the laptop to the desks

You are an IT consultant and are visiting a ne client's site to become familiar with their network. As you walk around their facility, you note the following:
-When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with cable lock.
-The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet.
-She informs you that the server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media.
-You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace.
-You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks.
Which security-related recommendations should you make to this client? (Select two)

Control access to the work area with locking doors and card readers. Relocate the switch to the locked server closet.

You are an IT consultant and are visiting a ne client's site to become familiar with their network. As you walk around their facility, you note the following:
-When you enter the facility, a receptionist greets you and escorts you through a locked door to the work area where the office manager sits .
-The office manager informs you that the organization's servers are kept in a locked closet. An access card is required to enter the server closet.
-She informs you that the server backups are configured to run each night. A rotation of tapes are used as the backup media.
-You notice the organization's network switch is kept in the server closet.
-You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks.
-The office manager informs you that her desktop system will no longer boot and asks you to repair or replace it, recovering as much data as possible in the process. You carry the workstation out to your car and bring it back to your office to work on it.

Which security-related recommendations should you make to this client? (Select two)

Implement a hardware checkout policy

You walk by the server room and notice a fire has started. What should you do first?

Make sure everyone has cleared the area

Which of the following fire extinguisher types is best used for electrical fires that might result when working with computer components?

Class C

Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components?

Carbon dioxide (CO2)

Which of the following fire extinguisher types poses a safety risk to users in the area? (Select two)

Halon CO2

Users are complaining that sometimes network communications are slow. You use a protocol analyzer and find that packets are being corrupted as they pass through a switch. You also notice that this only seems to happen when the elevator is running.
What should you do?

Install shielded cables near the elevator

What is the recommended humidity level for server rooms?

50%

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees.
What should you do?

Add a separate A/C unit in the server room

You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into the server components and affecting the ability of the network.
Which of the following should you implement?

Positive pressure system

Which of the following statements about ESD is not correct?

ESD is much more likely to ocurre when the relative humidity is above 50%

Which of the following is the/least effective power loss protection for computer systems?

Surge protector

Besides protecting a computer from under voltages, a typical UPS also performs which 2 actions:

Protects from over voltages. Conditions the power signal.

A smart phone was lost at the airport. There is no way to recover the device. Which of the following will ensure data confidentiality on the device?

Remote Wipe

Which of the following are not reasons to remote wipe a mobile device?

When the device is inactive for a period of time

Which of the following mobile device security consideration will disable the ability to use the device after a short period of inactivity?

Screen lock

Most mobile device management (MDM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate.

Most accurate- GPS More accurate- WI-FI triangulation Less accurate- cell phone tower triangulation Least accurate- IP address resolution

Your organization has recently purchases 20 tablets devices for the Human Resources department to use for training sessions.
You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible.
Which actions should you take? (select 2)

Implement storage implementation. Enable service device encryption.

Over the last several years, the use of mobile devices within your organization has increased dramatically.
Unfortunately, many department heads circumvented your Information Systems procurement policies and directly purchased tablets and smartphones for their employees without authorization. As a result there is a proliferation of devices within your organization without accountability.
You need to get things under control and begin tracking the devices that are owned by your organization.
How should you do this?

Implement a mobile device management (MDM) solution

Match each bring your own device (BOYD) security issue on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all.

Preventing malware infections- Implement a network acces control (NAC) solution. Supporting mobile device users-Specify who users can call for help with mobile devices apps in your acceptable use policy. Preventing loss of control of sensitive data- Enroll devices in a mobile device management. Preventing malicious insider attacks-Specify where and when mobile devices can be possessed in your acceptable use policy. Applying the latest anti-malware definitions- Implement a network access control (NAC) solution.

Match each bring your own device (BOYD) security concern on the right with a possible remedy on the left. Each remedy may be used once, more than once, not at all.

Users take pictures of proprietary processes and procedures- Specify where and when mobile devices can be possessed in your acceptable use policy. Devices with a data plan can e-mail stole data- Specify where and when mobile devices can be possessed inyour

Which of the ff. is the single best rule to enforce when designing complex passwords?

longer passwords

For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do?

configure account lockout policies in group policy

You want to make sure that all users have passwords over 8 character and that passwords must be changed every 30 days. What should you do?

Configure account policies in Group policy

You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do?

configure time and day restrictions

You are configuring the local security policy of a Windows 7 system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (Select two.)

enforce password history; minimum password age

You are configuring the local security policy of a Windows 7 system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attemps. Which policies should you configure? (Select two.)

minimum password length; account lockout threshold

You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration?

User cannot change the password for 10 days

You have implemented lockout with a clipping level of 4. What will be the effect of this setting?

the account will be locked for 4 incorrect attempts

Which of the ff. is not important aspect of password management?

enable account lockout

You are teaching new users about security and passwords. Which example of the passwords would be the most secure password?

T1a73gZ9!

Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company's customer database. Which action should you take? (2)

Delete the account that the sales employees are currently using. Train some employees to use their own accounts to update the customer database

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do???????

implement a granular password policy for the users in the Directors OU

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You would like to define a granular password policy for these users. Which tool should you use?

ADSI edit

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do?

create a granular password policy. apply the policy to all users in the director's OU

Yo manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer. He would like his account to have even more strict password policies than is required for other members of the Directors OU. What should you do?

create a granular password policy for Matt. apply the new policy directly to Matt's user account.

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access?

TACACKS+, Radius

You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization.
Which of the following would be a required part of your configuration?

configure the remote access servers as RADIUS clients

Which of the following are characteristics of TACACS +?

allows for a possible of three different servers, one for each authentication, authorization, and account; uses TCP

Which of the following are differences between RADIUS and TACACS+?

Radius combines authentication and authorization into a single function. TACAS+ allows these services to be split between different servers.

Which of the ff. protocols can be used to centralize remote access authentication?

TCACS

RADIUS is primarily used for what purpose?

authenticating remote clients before access to the network is granted

Which of the ff. is a characteristic of TACACS+?

it encrypts the entire packet, not just authentication packets

Which of the ff. ports are used with TACACS?

49

What does a remote access server use for authorization?

Remote access policies

Which of the ff. is the best example of remote access authentication?

user establishes a dialup connection to a server to gain access to shared resources

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP

Mutual authentication

CHAP performs which of the following security functions?

periodically verifies the identity of a peer using a three-way handshake

Which of the following authentication protocols transmits passwords in clear text, and is therefore considered too insecure for modern networks

PAP

Which remote access authentication protocol periodically and transparently re-authenticates during logon session by default

CHAP

which of the following authentication protocols uses a three-way handshake to authenticate users to the network? (choose 2)

MS-CHAP & CHAP

When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?

ticket

Which of the following are used when implementing Kerberos for authentication and authorization? (Select Two)

ticket granting server; time synchronization

Which of the ff. are requirements to deploy Kerberos on a network? (Select two.)

A centralized database of users and password, Time synchronization between devices

Which ports does LDAP use by default? (Select two.)

389 & 636

You want to deploy SSL to protect authentication traffic with you LDAP-based directory service. Which port would this use?

636

Your LDAP directory service solution uses simple authentication. What should you always do when using simple authentication?

Use SSL

You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?

SASL

A user has just authenticated using Kerberos. What object is issued to the user immediately following logon?

ticket granting ticket

What protocol uses port 88?

kerberos

Which of the ff. authentication mechanisms is designed to protect a 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?

LANMAN

what is mutual authentication?

A process by which each party in an online communication verifies the identity of the other party

A manage has told you she is concerned about her employees writing their passwords for Web sites, network files, and databases resources on sticky notes. Your office runs exclusively in a Windows environment.
Which tool could be used to prevent this?

credential manager

KWalletManger is a Linux based credential management system that stores encrypted account credentials for network resources.
Which encryption methods can KWalletManager use to secure account credentials?(Two)

blowfish & GPG

You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive.
What option would you hit?

back up credentials

In an identity Management System, what is the function of the Authoritative Source?

specify the owner of a data item

In an identity Management System, what is the function of the Identity Vault?

ensure that each employee has the appropriate level of access in each system

You are the network administrator for a small company. Your organization currently uses the following server systems:
• A Windows server that functions as a domain controller and a file server.
• A Novell Open Enterprise Server that functions as a GroupWise e-mail server.
• A Linux server that hosts your organization's NoSQL database server that is used for big data analysis.

Because each of these systems uses its own unique set of authentication credentials, you must spend a considerable amount of time each week keeping user account information updated on each system.In addition, if a user changes his or her password on one system, it is not updated for the user's accounts on the other two systems.

implement an identity vault. implement password synchronization

final 2 - Subjecto.com

final 2

Your page rank:

Total word count: 19470
Pages: 71

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

Which of the following prevents access based on website ratings and classifications?

Content filtering

Which of the following is a valid security measure to protect e-mail from viruses?

Use blockers on e-mail gateways.

Drag the Web threat protection method on the left to the correct definition on the right.

Prevents visiting malicious Web sites. Web threat filtering. Prevents outsided attempts to access confidential information. Antiphishing software. Identifies and disposes of infected content. Virus blockers. Prevents unwanted email from reaching your network. Gateway email spam blockers. Prevents visiting restricted Web sites. URL content filtering.

You are investigating the use of Web site and URL content filtering to prevent users from visiting
certain Web sites.
Which benefits are the result of implementing this technology in your organization? (Choose
two.)

Enforcement of the organization’s Internet usage policy. An increase in bandwidth availability.

Which of the following is the best countermeasure against man-in-the-middle
attacks?

IPSec

What is modified in the most common form of spoofing on a typical IP packet?

Source address

Which type of Denial of Service (DoS) attack occurs when a name server receives malicious or
misleading data that incorrectly maps host names and IP addresses?

DNS poisoning

Which of the following describes a man-in-the-middle
attack?

A false server intercepts communications from a client by impersonating the intended server.

Capturing packets as they travel from one host to another with the intent of altering the contents
of the packets is a form of which security concern?

Man-in-the-middle attack

When the TCP/IP session state is manipulated so that a third party is able to insert alternate
packets into the communication stream, what type of attack has occurred?

Hijacking

What is the goal of a TCP/IP hijacking attack?

Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access

Which of the following is not a protection against session hijacking?

DHCP reservations

Which of the following is the most effective protection against IP packet spoofing on a private
network?

Ingress and egress filters

While using the Internet, you type the URL of one of your favorite sites in the browser. Instead
of going to the correct site, however, the browser displays a completely different website. When
you use the IP address of the Web server, the correct site is displayed.
Which type of attack has likely occurred?

DNS poisoning.

Which of the following attacks tries to associate an incorrect MAC address with a known IP
address?

ARP poisoning

What are the most common network traffic packets captured and used in a replay attack?

Authentication

When a malicious user captures authentication traffic and replays it against the network later,
what is the security problem you are most concerned about?

An unauthorized user gaining access to sensitive resources

A router on the border of your network detects a packet with a source address that is from an
internal client but the packet was received on the Internetfacing
interface. This is an example of
what form of attack?

Spoofing

An attacker uses an exploit to push a modified hosts file to client systems. This hosts file
redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and
financial information.
What kind of exploit has been used in this scenario? (Choose two. Both responses are different
names for the same exploit.)

Pharming DNS poisoning

Which of the following features on a wireless network allows or rejects client connections based on the hardware address

MAC address filtering

Which remote access authentications protocol allows for the use of smart cards for authentication?

EAP

You are concerned about sniffing attacks on your wireless network. Which of the following implementations offers the best countermeasure to sniffing?

WPA2 and AES

How does WPA2 differ from WPA?

WPA2 uses AES for encryption; WPA uses TKIP

You’ve just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from accessing the access point (AP) configuration utility?

Change the administrative password on the AP

Which of the following recommendations should you follow when placing access points to provide wireless access for users within your company building?

Place access points above where most clients are.

Which of the following features are supplied by WPA on a wireless network?

Encryption

You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?

on a RADIUS driver

Which of the following measures will make your wireless network invisible to the casual attacker performing war driving?

Disable SSID broadcast

Which of the following locations will contribute the greatest amount of interference for a wireless access point. (select two)

Near cordless phones AND near backup generators

Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?

WEP, WPA Personal, and WPA2 personal

You need to configure the wireless network card to connect to your network at work. The connections should use a user name and password for authentication with AES Encryption. What should you do?

Configure the connection to use WPA2-Enterprise

What purposes does a wireless site survey serve? (Choose two)

1. Identify existing or potential sources of interference 2. To identify the coverage area and preferred placement of access points.

You need to add security for your wireless network. You would like to use the most secure method. Which method should you implement?

WPA2

WiMax is an implementation of which IEEE committee?

802.16

Which of the following measures will make your wireless network invisible to the casual attacker performing war driving?

Disable SSID broadcast

Which remote access authentication protocol allows for the use of smart cards for authentication?

EAP

Which of the following do switches and wireless access points use to control access through the device?

MAC Filtering

You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?

On a RADIUS Server

You are the wireless network admin for your org. As the size of the org has grown, you’ve decided to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. You’ve decided to use LEAP to authenticate wireless clients. To do this, you configured a Cisco RADIUS server and installed the neccessary Cisco client software on each RADIUS client. Which of the following is true concerning this implementation?

The system is vulnerable because LEAP is susceptible to dictionary attacks.

You are the wireless network admin for your org. As the size of the org has grown, you’ve decided to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. To do this, you need to configure a RADIUS Server and RADIUS clients. You want the server and the clients to mutually authenticate with each other. What should you do? (Select two. Each response is part of the complete solution)

Configure the RADIUS server with a server certificate and Configure all wireless access points with client certificates.

Which implementation is most secure?

EAP-TLS

Which of the following features on a wireless network allows or rejects client connections based on the hardware address?

MAC address filtering

You’ve just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from accessing the access point (AP) configuration utility?

Change the administrative password on the AP.

You are concerned about sniffing attacks on your wireless network. Which of the following implementations offers the best countermeasure to sniffing?

WPA2 and AES

What is the least secure place to locate an access point with an omni-directional antenna when creating a wireless cell?

Near a window

What purpose does a wireless site survey serve? (Choose two)

To identify existing or potential sources of interference. To identify the coverage area and preferred placement of access points.

You need to place a wireless access point in your two story building. While trying to avoid interference, which of the following is the best location for the access point?

In the top floor

You are designing a wireless network implementation for a small business. the business deals with sensitive customer information, so data emanation must be reduces as much as possible. The floor plan of the office is shown below. Match each type of access point antenna with the appropriate location on the floorplan.

Location = type A= Directional B= Directional C=Omnidirectional D= Directional E= Directional F= Directional G= Directional

The owner of a hotel has contracted with you to implement a wireless network to provide Internet access for guests. The owner has asked that you implement security controls such that only paying guests are allowed to use the wireless network. She wants guests to be presesnted with a loging page when they initially connect to the WLAN. After entering a code provided at check in, guests should then be allowed full access to the Internet. If a user does not provide the correct code, they should not be allowed access to the internet. What should you do?

Implement a captive portal

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?

A rogue access point

Which of the following describes marks that attackers place outside a building to identify an open wireless network?

Warchalking

The process of walking around an office building with an 802.11 signal detector is known as what?

Wardriving

Which of the following describes Bluesnarfing?

Unauthorized viewing calendar, emails, and messages on a mobile device

Which of the following sends unsolicited business cards and messages to a Bluetooth device?

Bluejacking

Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?

Disable Bluetooth on the phone

You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using?(Select two)

Bluetooth and 802.11g

Your organization uses an 802.11g wireless network. Recently, other tenants installed the following equipment in your building:….since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?

The wireless TV system

Which of the following best describes an evil twin?

An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information

Network packet sniffing is often used to gain the information needed to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?

Encryption

Which of the following common network monitoring or diagnostic activity can be used as a passive malicious attack?

Sniffing

You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.

Check the MAC addresses of devices connected to your wired switch and conduct a site survey

Match the malicious interference type with the appropriate characteristic.

Spark Jamming = Repeatedly blasts receiving equipment with high-intensity, short-duration RF bursts at a rapid pace Random Noise Jamming = Produces RF signals using random amplitudes and frequencies Random Pulse Jamming = uses radio pulses of random amplitude and frequency

The attacker has hidden an NFC reader behind an NFC-based kiosk in an airport. The attacker uses the device to capture NFC data in transit between end-user devices and the reader in the kiosk. She then uses that information later on to masquerade as the original end-user device and establish an NFC connection to the kiosk. What kind of attack has occurred in this scenario?

NFC Relay Attack

You are implementing a wireless network in a dentist’s office. The dentist’s practice is small, so you choose an inexpensive, consumer grade access point. While reading the documentation, you notice that the access point supports Wi-Fi protected Setup (WPS) using a PIN. You are concerned about the security implications of this functionality. What should you do to reduce the risk?

Disable WPS in the access point’s configuration

Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?

WEP, WPA Personal, and WPA2 Personal

Which of the following offers the weakest form of encryption for an 802.11 wireless network?

WEP

Which of the following features are supplied by a WPA2 on a wireless network?

Encryption

You need to secure your wireless network. Which security protocol would be the best choice?

WPA2

You need to configure a wireless network. You want to use WPA2 Enterprise. Which of the following components will be a part of your design? (select two)

AES encryption 802.1x

Which of the following locations will contribute the greatest amount of interference for a wireless access point?

near a cordless phone and near backup generators

You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. What type of wireless antenna should you use on each side of the link? (select two)

High-gain and Parabolic

How does WPA2 differ from WPA?

WPA2 uses AES for encryption; WPA uses TKIP

You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption. What should you do?

Configure the connection to use WPA2 Enterprise

Match the wireless networking security standard with its associated characteristics

WEP = Short initialization vector makes key vulnerable WPA2 = Uses AES for encryption WEP = Uses RC4 for encryption WPA = Uses TKIP for encryption WPA2 = Uses CBC-MAC for data integrity WPA2 = Uses CCMP for key rotation

You need to add security for your wireless network. You would like to use the most secure method. Which method should you implement?

WPA2

Which of the following is used on a wireless network to identify the network name?

SSID

Which of the following are true about Wi-Fi Protected Access 2 (WPA2)? (Select two)

Uses AES for encryption Upgrading from a network using WEP typically requires installing new hardware.

WiMAX is an implementation of which IEEE Committee?

802.16

You want to connect a laptop computer running Windows 7 to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?

Configure the connection with a preshared key and AES encryption.

You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download. Which of the following components will be part of your solution?(Select two)

Remediation servers AND 802.1x authentication

Which step is required to configure a NAP on a Remote Desktop(RD) Gateway server?

Edit the properties for the server and select Request clients to send a statement of health.

In a NAP system, what is the function of the System Health Validator?

Compare the statement of health submitted by the client to the health requirements

How does IPsec NAP enforcement differ from other NAP enforcement methods?

Clients must be issued a valid certificate before a connection to the private network is allowed.

Which of the following is NOT an advantage when using an internal auditor to examine security systems and relevant documentation?

Findings in which the audit and subsequent summations are viewed as objective.

Properly configured passive IDS and System Audit Logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment?

Periodic reviews must be conducted to detect malicious activity or policy violations

Which of the following describes Privilege Auditing?

Rights and privileges of users and groups are checked to guard against creeping privileges.

Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?

auditing

What is the purpose of audit trails?

Detect security-violation events

Which of the following is a collection of recorded data that may include details about logons, object access and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?

audit trail

A recreation of historical events is made possible through?

audit trails

The process of walking around an office building with an 802.11 signal detector is known as what?

War Driving

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?

Rogue Access Point

Which of the following sends unsolicited business cards and messages to a Bluetooth device?

Bluejacking

Which of the following best describes Bluesnarfing?

Unauthorized viewing calendar, emails, and messages on a mobile device

Which of the following describes marks that attackers place outside a building to identify an open wireless network?

War chalking

Network packet sniffing is often used to gain the information needed to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?

Encryption

A user calls to report that she is experiencing intermittent problems while accessing the wireless network from her laptop computer. While she normally works from her office, today she is trying to access the wireless network from a conference room which is across the hall and next to the elevator. What is the most likely cause of her connectivity problem?

Interference is affecting the wireless signal.

You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using?(Select two)

Bluetooth AND 802.11b

Which of the following best describes an evil twin?

An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information

Your organization uses an 802.11b wireless network. Recently, other tenants installed the following equipment in your building:….since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?

The wireless TV system

Which of the following common network monitoring or diagnostic activity can be used as a passive malicious attack?

Sniffing

Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?

Disable Bluetooth on the phone

Which IPsec subprotocol provides data encryptions?

ESP

PPTP is quickly becoming obsolete because of what VPN protocol?

L2TP

You have a group of salesmen who would like to access your private network through the Internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?

VPN concentrator

Which VPN protocol typically employs IPsec as its data encryption mechanism?

L2TP

Which of the following is NOT a VPN tunnel protocol?

RADIUS

A VPN is used primary for what purpose?

Support secured communications over an untrusted network.

Which is the best countermeasure for someone attempting to view your network traffic?

VPN

What is the primary use of tunneling?

Supporting private traffic through a public communication medium

Which statement best describes IPsec when used in tunnel mode?

The entire data packet, including headers is encapsulated.

In addition to Authentication Header (AH), IPsec is comprised of what other service?

Encapsulating Security Payload (ESP)

A salesperson in your organization spends most of her time traveling between customer sites.
After a customer visit, she must complete various managerial tasks, such as updating your
organization’s order database.
Because she rarely comes back to your home office, she usually accesses the network from her
notebook computer using WiFi
access provided by hotels, restaurants, and airports.
Many of these locations provide unencrypted public WiFi
access, and you are concerned that
sensitive data could be exposed. To remedy this situation, you decide to configure her notebook
to use a VPN when accessing the home network over an open wireless connection.
Which key steps should you take when implementing this configuration? (Select two.

Configure the VPN connection to use IPsec. Configure the browser to send HTTPS requests through the VPN connection.

You have a small network at home that is connected to the internet. On your home network you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow Internet hosts to contact the server to browse a persona Web site. What should you use to allow access?

Static NAT

Which of the following in NOT one of the ranges of IP addresses define in RFC 1918 that are commonly used behind a NAT server?

169.254.0.0-169.254.255.255

You are the network administrator for a small company that implements NAT to access the Internet. However, you recently acquired 5 servers that must be accessible from outside your network. Your ISP has provided you with 5 additional registered IP addresses to support these new servers but you don’t want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these 5 servers?

Static

Which of the following network devices or services prevent the use of IPsec in most cases?

NAT

YOU want to connect your small company network to the Internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of NAT should you implement?

Dynamic

Which of the following is NOT a benefit of NAT?

Improving the throughput rate of traffic

Which of the following is the best device to deploy to protect your private network from a public untrusted network?

Firewall

Which of the following are true of a circuit proxy filter firewall?(Select two)

Operates at the Session Layer AND Verifies sequencing of session packets

You have just installed a packet-filtering firewall on your network. What options will you be able to set on your firewall? Select all that apply.

Source address of a packet, Destination address of a packet, AND Port Number

When designing a firewall, what is the recommended approach for opening and closing ports?

Close all ports; open only ports required by applications inside the DMZ

You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?

IP address

Which of the following are characteristics of a packet filtering firewall?(Select two)

Stateless AND Filters IP address and port

You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-bases attacks. What solution should you use?

Host based firewall

Which of the following functions are performed by proxies?(Select two)

Block employees from accessing certain Web sites AND Cache web pages

You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?

Circuit-level

You connect your computer to a wireless network available at the local library. You find that you can access all web sites you want on the Internet except two. What might be causing the problem?

A proxy server is blocking access to the web sites

Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?

ACL

Which of the following are characteristics of a circuit-level gateway?(Select two)

Filters based on sessions AND Stateful

Which of the following is a firewall function?

Packet filtering

Which of the following firewall types can be a proxy between servers and clients?(Select two)

Application layer firewall AND Circuit proxy filtering firewall

You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?

Application level

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?

Bastion or sacrificial host

Your company has a connection tot he Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?

Network based firewall

Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet?

DMZ

In which of the following situations would you most likely implement a demilitarized zone(DMZ)?

You want to protect a public Web server from attack

You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use?

Use firewalls to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ.

Which of the following is likely to be located in a DMZ?

FTP Server

Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the Internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed. Which solution should you use?

NAC

You have used firewalls to create a demilitarized zone. You have a Web server that needs to be accessible to Internet users. The Web server must communicate with a database server for retrieving product, customer and order information. How should you place devices on the network to best protect the servers?(Select two.)

Put the database server on the Private network AND put the Web server inside the DMZ

Which type of active scan turns off all flags in a TCP header?

Null

Which of the following is the main difference between a DoS attack and a DDoS attack?

The DDoS attack uses zombie computers.

Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?

Spam

You need to enumerate the devices on your network and display the configuration details of the
network.
Which of the following utilities should you use?

nmap

You suspect that an Xmas tree attack is occurring on a system. Which of the following could
result if you do not stop the attack? (Select two.)

The threat agent will obtain information about open ports on the system. The system will unavailable to respond to legitimate requests.

Which of the following Denial of Service (DoS) attacks uses ICMP packets and will only be successful if the victim has less bandwidth than the attacker?

Ping Flood

Which of the following Denial of Service (DoS) attacks does the victim’s system rebuild invalid UDP packets, causing the system to crash or reboot?

Teardrop

An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing? (#2)

Browsing the organization’s website.

What are the most common network traffic packets captured and used in a replay attack?

Authentication

A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received in the Internet-facing interface. This is an example of what form of attack? (#1)

Spoofing

Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf

Which of the following best describes the ping of death?

An ICMP packet that is larger than 65,536 bytes

A SYN attack or a SYN flood exploits or alters which element of the TCP three-way handshake?

ACK

A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?

Land Attack

When a SYN flood is altered so that the SYN packets are spoofed in order to define the source
and destination address as a single victim IP address, the attack is now called what?

Land attack

Which of the following is a form of denial of service attack that subverts the TCP threeway
handshake process by attempting to open numerous sessions on a victim server but intentionally
failing to complete the session by not sending the final required packet?

SYN flood

A Smurf attack requires all but which of the following elements to be implemented?

Padded cell

You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack?(Select two)

The system will be unavailable to respond to legitimate requests AND the threat agent will obtain information about open ports on the system

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attacks?

DDoS

Which of the following best dedscribes a man-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server

Which of the following attacks tried to associate an incorrect MAC address with a known IP address?

ARP Poisoning

How would you prevent your browser from running JavaScript commands that are potentially harmful?

Client-side scripts

What is the main difference between a DoS attack and a DDoS attack?

DDoS uses zombie computers DDoS – distributed DoS

What could easily result in a denial of service attack if the victimized system had too little free storage capacity?

Spam

Fraggle

DoS attack – similar to Smurf but uses UDP packets directed to port 7 (echo) and port 19 (chargen)

Smurf

DoS attack – spoofs the source address in ICMP packets and sends the packets to an amplification network (bounce site). The site responds to the victim site w/thousands of messages.

What is the best protection measure during a Smurf attack?

Communicate with your upstream provider

Xmas tree attack

Conducts recon by scanning for open ports. Also conducts a DoS attack if sent in large amounts

Pharming

legitimate traffic is redirected to incorrect sites for phishing purposes – usually used with DNS pharming

Domain name kiting

spammers exploit domain registration by taking advantage of the five-day grace period w/out paying for the registration

What is the most common attack waged against Web servers?

buffer overflow

Data diddling

Changing or corrupting of data

TOC/TOU

logon session replay attack

What is the goal of a TCP/IP hijacking attack?

Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access

What is the best way to protect log files (accessed and/or deleted)?

Use syslog to send entries to another server

PTZ

Pan Tilt Zoom camera

C-Mount

Camera w/interchangable lenses

bullet

camera round in shape

dome

protected by glass/plastic dome

resolution

number of lines in an image higher = sharper image

focal length

magnification of a lens higher = greater distance

lux

sensitivity to light lower = less light needed for clear image

What type of scan does not complete the full three-way handshake of TCP, but listens for either SYN/ACK or RST/ACK packets?

TCP SYN scan

You want to be able to identify the services running on a set of servers on your network. What tool would best give you the info you need?

Vulnerability scanner

Wireshark

protocol analyzer (sniffer) that allows a user to copy and few frame contents – can also view source/destination info

OVAL

Open Vulnerablity and Assessment Language – international standard for testing, analyzing, and reporting

Retina

vulnerability scanner

Nessus

vulnerability scanner

MBSA

Microsoft Baseline Security Analyzer (MBSA) vulnerability scanner Checks for these weaknesses: Open ports Active IP addresses Running applications/services Missing critical patches Active default user accounts Default, blank, or common passwords

You need to enumerate the devices on your network and display the config details. What utility should you use?

nmap

samspade

identify the source of spam emails

active fingerprinting

form of system enumeration that is designed to gain as much info about a specific computer as possible

passive fingerprinting

goal is the same as active fingerprinting but does not utilize active probes of systems.

Granular password policies

Use to force different password policy requirements for different users

Password and account lockout policies

enforced in GPO linked to the domain – not individual OUs

Steps for granular passwords

1) create the password settings object w/necessary settings 2) edit the msDS-PSOAppliesTo property in the PSO to identify users or global security groups 3) If policy was applied to a group, add members to group

Linux command to display listening/non-listening sockets

netstat -a

How would you identify rogue WAPs?

1) conduct a site survey 2) check the MAC addresses of devices connected to your wire switch

Spark Jamming

Repeatedly blasts receiving equipment with high-intensity, short-duration RF bursts at a rapid pace

Random Noise Jamming

Produces RF signals using random amplitudes and frequencies

Random Pulse Jamming

uses radio pulses of random amplitude and frequency

NFC relay attack

an attacker captures NFC data in transit and then later uses that info to masquerade as the original device

How would you reduce the risk of a WAP with Wi-Fi Protected Setup using a PIN?

Disable WPS in the access point’s configuration

Manageable Network Plan (1-4)

1) Prepare to document – establish the process to be used to document your network. Include timestamped documents 2) Map your network – list used protocols, list devices 3) Protect your network – identify choke points, segregate/isolate networks, physically secure high-value systems, identify users 4) Reach your network – ensure remote access connections are secure, remove insecure protocols

Manageable Network Plan (5-8)

5) Control Your Network – least privilege 6) Manage Your Network 1 – update management process 7) Manage Your Network 2 – establish baselines 8) Document Your Network

What is not a protection against session hijacking?

DHCP reservations

What can a packet sniffer do?

1) ID types of network traffic 2) view packet exchange between devices 3) analyze packets 4) view packet contents

Fingerprinting

identifies an OS or network service based on response to ICMP messages

Which type of active scan turns off all flags in a TCP header?

Null

Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?

Spam

Which of the following Denial of Service (DoS) attacks uses ICMP packets and will only be successful if the victim has less bandwidth than the attacker?

Ping Flood

Which of the following Denial of Service (DoS) attacks does the victim’s system rebuild invalid UDP packets, causing the system to crash or reboot?

Teardrop

An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing? (#2)

Browsing the organization’s website.

What are the most common network traffic packets captured and used in a replay attack?

Authentication

A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received in the Internet-facing interface. This is an example of what form of attack? (#1)

Spoofing

Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf

Which of the following best describes the ping of death?

An ICMP packet that is larger than 65,536 bytes

A SYN attack or a SYN flood exploits or alters which element of the TCP three-way handshake?

ACK

A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?

Land Attack

You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack?(Select two)

The system will be unavailable to respond to legitimate requests AND the threat agent will obtain information about open ports on the system

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attacks?

DDoS

Which of the following best dedscribes a man-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server

Which of the following attacks tried to associate an incorrect MAC address with a known IP address?

ARP Poisoning

Which of the following will enter random data to the inputs of an application?

Fuzzing

Which of the following is specifically meant to ensure that a program operates on clean, correct
and useful data?

Input validation

During the application development cycle, an application tester creates multiple virtual machines
on a hypervisor, each with a different version and edition of Windows installed. She then installs
the latest build of the application being developed on each virtual machine and evaluates them
for security vulnerabilities.
Which assessment technique was used in this scenario?

Configuration testing

During the application development cycle, a developer asks several of his peers to assess the
portion of the application he was assigned to write for security vulnerabilities.
Which assessment technique was used in this scenario?

Code review

You’ve been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in
your organization.
You’ve downloaded an Open Source NoSQL database from the Internet and installed it on a test
system in an isolated lab environment.
Which of the following are likely to be true about this test system? (Select two.)

The database admin user has no password assigned. Data will be stored in the database in unencrypted format.

You’ve been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in
your organization.
You’ve downloaded an Open Source NoSQL database from the Internet and installed it on a test
system in an isolated lab environment.
What should you do to harden this database before implementing it in a production
environment? (Select two.)

Implement an Application layer protocol to encrypt data prior to saving it in the database. Disable anonymous access.

Flexibility

Performing a physical-to-virtual migration (P2V).

Testing

Verifying that security controls are working as designed.

Server consolidation

Isolating a virtual machine from the physical network

Sandboxing

Moving virtual machines between hypervisor hosts.

You are implementing a iSCSI SAN that will be used by the file servers in your organization. You are concerned about security, so your design specifies that iSCSI initiators and targets must authenticate with each other before connection over the SAN will be allowed. In addition, you want data being transferred over the SAN to be encrypted. Which of the following are true in the scenario? (select two)

– The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit.
– The Challenge-Handshake Authentication Protocol (CHAP) and Reverse CHAP can be used to mutually authenticate SAN hosts.
– The Fibre Channel Authentication Protocol (FCAP) can be used to mutually authenticate SAN hosts.
– The Internet Protocol Security (IPSec) protocol can be used to encrypt the data in transit.
– The Diffie-Hellman Challenge Handshake Authentication Protocol (DC-CHAP) can be used to mutually authenticate SAN hosts.

– The Challenge-Handshake Authentication Protocol (CHAP) and Reverse CHAP can be used to mutually authenticate SAN hosts. – The Internet Protocol Security (IPSec) protocol can be used to encrypt data in transit.

Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (select two)

-Link the Group Policy Object to the container where the tablets’ computer objects reside.
– Manually configure security settings using the Local Group Policy Editor.
– Configure security settings in a Group Policy Object.
– Enroll the devices in a mobile device management system.
– Configure and apply security policy settings in a mobile device management system.
– Join the tablets to your domain.

– Enroll the devices in a mobile device management system. – Configure and apply security policy settings in a mobile device management system.

You are designing a Fibre Channel SAN Implementation that will be used to file servers in your organization. Multiple volumes will be configured on the SAN, each used by different departments in your organization. It’s very important that only the appropriate server be able to connect to a given volume on the SAN. For example, the Sales and Marketing server must not be allowed to connect to the SAN volume used by Human Resources.
To enable this, you decided to use LUN Masking.
Which of the following is true of this scenario?

– LUN Masking provides weak security as it only obscures volumes on the disk.
– LUN masking is enforced by the SAN switch using ACLs.
– Encryption protocols such as ESP are not compatible with LUN masking.
– Authentication protocols such as DH-CHAP are not compatible with LUN masking.

– LUN Masking provides weak security as it only obscures volumes on the disk.

You manage the Information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization’s automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an Internet connection. You are concerned about the security of these devices. What can you do to increase their security posture?

-Enroll each device in a mobile device management system.
– Install a network monitoring agent on each device.
– Verify that your network’s existing security infrastructure is working properly.
– Install anti-malware software on each device.
– Install the latest firmware updates from the device manufacturer.

– Verify that your network’s existing security infrastructure is working properly. – Install the latest firmware updates from the device manufacturer.

You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix?

– Test the hotfix, then apply it to the server that had the problem.
– Test the hotfix, then apply it to all servers.
– Apply the hotfix immediately to the server; apply the hotfix to other devices only as the security threat manifests itself.
– Apply the hotfix immediately to all servers.

– Test the hotfix, then apply it to all servers.

You’ve been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You’ve downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment. Which of the following are likely to be true about this test system?

– Data will be stored in the database in unencrypted format.
– The database is more susceptible to SQL injection attacks than traditional SQL databases.
– The database admin user has no password assigned.
– The default admin user password is admin.
– Data will be stored in the database in encrypted format by default.

– Data will be stored in the database in unencrypted format. – The database admin user has no password assigned.

You have a development machine that contains sensitive Information relative to your business. You are concerned that spyware and malware might get installed while browsing websites and could compromise your system or pose a confidentially risk. Which of the following would best protect your system?

– Run the browser within a virtual environment.
– Run the browser in protected mode.
– Change the security level for the Internet zone to High.
– Configure the browser to block all cookies and pop-ups.

– Run the browser within a virtual environment.

Which of the following is specifically meant to ensure that a program operates on clean, correct and useful data?

– Error and exception handling
– Application hardening
– Input validation
– Process spawning

– Input validation

What is the main function of a TPM hardware chip?

– Generate and store cryptographic keys
– Perform bulk encryption in a hardware processor
– Provide authentication credentials on a hardware device
– Control access to removable media

– Generate and store cryptographic keys

Your organization has recently purchased 20tablet devices for the Human Resources department to use for training sessions.
You are concerned that these device could represent a security risk to your network and want to strengthen their security profile as much as possible. Which actions should you take? (select two)

– Install the devices in your organization’s directory services tree.
– Join the devices to your organization’s domain.
– Configure a Group Policy object (GPO) contain mobile device-specific security settings.
– Implement storage segmentation
– Enable device encryption.

– Implement storage segmentation – Enable device encryption

You are implementing a Fibre Channel SAN that will be used by the database servers in your organization. You are concered about security, so your design specifies that SAN hosts must authenicate with each other before a connection over the SAN will be allowed. In addition, you want data being transferred over the SAN to be encrypted. Which of the following are true in this scenario?

– The Internet Protocol Security (IPSec) protocol can be used to encrypt data in transit.
– The Challenge-Handshake Authentication Protocol (CHAP) and reverse CHAP can be used to mutually authenticate SAN hosts.
– Kerberos can be used to mutually authenticate SAN hosts.
– The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit.
– The Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) can be used to mutually authenticate SAN hosts.

– The Encapsulating Security Payload (ESP) protocol can be used to encrypt data in transit. – The Diffie-Hellman Challenge Handshake Authentication Protocol (DH-CHAP) can be used to mutually authenticate SAN hosts.

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files.
What should you do?

-Implement BitLocker without a TPM
-Implement BitLocker with a TPM
-Have each user encrypt the entire volume with EFS
– Have each user encrpyt user files with EFS

-Implement BitLocker with a TPM

Preventing Malware infections

Implement a network access control (NAC) solution

Supporting mobile device users

Specify who users can call for help with mobile device apps in your acceptable use policy

Preventing loss of control of sensitive data

Enroll devices in a mobile device management system.

Preventing malicious insider attacks

Specify where and when mobile devices can be possessed in your acceptable use policy.

Applying the latest anti-malware definitions

Implement a network access control (NAC) solution

You manage the information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology allowing them to be managed using a mobile device app over an Internet connection. You are concerned about the security of these devices. What can you do to increase their security posture?

-Rely on the device manufacture to maintain device security with automated firmware updates.
– Verify that your network’s existing security infrastructure is working properly.
– Install anti-malware software on each device.
– Enroll each device in a mobile device management system.

– Verify that your network’s existing security infrastructure is working properly.

Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations?

-Group Policy
-WSUS
-Security Templates
-Security Configuration and Analysis

-Group Policy -WSUS Windows Software Update Services (WSUS) is a patch management tool that allows clients on a network to download software updates from a WSUS server internal to their organization.

You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the
following would you restrict to accomplish this?

client-side scripts

A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of
common attack?

buffer overflow

Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or
gather personal information?

xss

when you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is.

drive-by download

Having poor software development practices and failing to program input validation checks during development of
custom software can result in a system vulnerable to which type of attack?

buffer overflow

Which type of attack is the act of exploiting a software program’s free acceptance of input in order to execute
arbitrary code on a target?

buffer overflow

an attacker inserts SQL database commands into a data input field of an order form used by a web-based application

implementing client-side validation

while using a web-based order form, an attacker enters an unusually large value in the quantity field. the value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application.

integer overflow

flash explotation

lso exploit

Use of which of the ff. is a possible violation of privacy?

cookies

Which of the ff. is not true regarding cookies?

they operate within a security sandbox

Which of the ff. is a text file provided by a Web site to client that is stored on a user’s hard drive in order to track and record information about the user?

cookie

You want to allow e-commerce Web site that you visit to keep track of your browsing history for shopping carts and other information, but want to prevent that information from being tracked by sites linked to the sites you explicitly visit. How should you configure the browser settings?

Allow first party cookies but block third-party cookies

To help prevent browser attacks, users of public computers should do which of the ff.?

clear the browser cache

You manage several Windows systems. Deskstop users access an in-house application that is hosted on you intranet Web server. When a user clicks a specific option in the application, they receive an error message that the popup was blocked. You need to configure the security settings so that users can see the pop-up without compromising overall security. What should you do?

Add the URL of the Web site to the Local Intranet zone.

you manage several windows systems. all computers are members of domain. you use an internal website that uses integrated windows authentication. you attempt to connect the website and are promted for authentication

add the internal website to the local intranet zone

You have been getting a lot of phishing e-mails sent from the domain Kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl

You want to make sure that these e-mails never reach your Inbox, but the e-mails from other senders are not affected. What should you do?

Add Kenyan.msn.pl to the e-mail blacklist.

Which type of malicious activity can be described as numerous unwanted and unsolicited e-mail messages sent to a wide range of victims?

spamming

an attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware

spam

you want to use a protocol for encrypting e-mails that uses a PKI with x.509 certificates. which method should you choose

S/MIME

What is the most common means of virus distribution

e-mail

you install a new linux distribution on a server in your network.

open SMTP relay

users in your organization receive email messages informing them that suspicious activity has be detected on their bank account

phishing

What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?

peer-to-peer networking

What type of attack is most likely to succeed against communications between Instant Messaging clients?

SNIFFING

Instant Messaging does not provide which of the ff.?

privacy

Which of the ff. are disadvantages to server virtualization?

a compromise of the host system might affect multiple servers;

You have a development machine contains sensitive information relative to your business. You are concerned that spyware and malware installed while browsing websites could compromise your system or pose a confidentiality risk. Which of the ff. would best protect your system?

Run the browser within a virtual environment

Which of the ff. is an advantage of virtual browser?

Protects the operating system from malicious downloads

Which of the ff. will enter random data to the inputs of an application?

fuzzing

Which of the ff. is specifically meant to ensure that a program operates on clean, correct and useful data?

input validation

during the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version

configuration testing

during the application dev cycle, a developer asks serveral of his peers to asses the portion of the application he was assigned to write

code review

You are implementing security at a local high school that is concerned with students accessing inappropriate material on the Internet from the library’s computers. The students will use the computers to search the Internet for research paper content. The school budget is limited. Which content filtering option would you choose?

Restrict content based on content categories

Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?

Extranet

You are the office manager of a small financial credit business. Your company handles personal, financial information for clients seeking small loans over the Internet. You are aware of your obligation to secure clients records, but budget is an issue. Which item would provide the best security for this situation?

All-in-one security appliance

You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?

Implement version 3 of SNMP

You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. What protocol should you implement?

DNS

Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery?

ICMP

You are configuring a network firewall to allow SMTP outbound email traffic, and POP3 inbound email traffic. Which of the following TCP/IP ports should you open on the firewall? (Select Two)

25, 110

Which port number is used by SNMP?

161

Which of the following ports does FTP use to establish sessions and manage traffic?

20, 21

Using the Netstat command you notice that a remote system has made a connection to your Windows server 2003 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing ?

Downloading a file

To increase security on your company’s internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the Internet, you are unable to perform some secure credit card transactions.

443

Which of the following network services or protocols uses TCP/IP port 22?

SSH

Matching ports to associated services

SNMP = 161 TCP and UDP SSH = 22 TCP and UDP TFTP = 69 UDP SCP = 22 TCp and UDP Telnet = 23 TCP HTTPS = 443 TCP and UDP HTTP = 80 TCP FTP = 20 TCP SMTP = 25 TCP POP3 = 110 TCP

Which of the following lists accurately describes TCP and UDP?

TCP: connection-oriented, reliable, sequenced, high overhead UDP: connectionless, unreliable, unsequenced, low overhead

You are an application developer creating applications for a wide variety of customers. In which two of the following situations would you select a connectionless protocol?(Select 2)

A gaming company wants to create a networded version fo its latest game AND A company connects two networks through an expensive WAN link. The communication media is reliable, but very expensive. They want to minimize connection times.

You want to maintain tight security on your internal network so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable?

53

Your company’s network provides HTTP, HTTPS, and SSH access to remote employees. Which ports must be opened on the firewall to allow this traffic to pass?

80, 443, 22

Your network recently experienced a series of attacks at the Telnet and FTP services. You have rewritten the security policy to abolish the unsecured services, and now you must secure the network using your firewall and routers. Which ports must be closed to prevent traffic directed to these two services?

23, 21

Which of the following best describes the purpose of using subnets?

Subnets divide an IP address into multiple addresses.

Which of the following is NOT a reason to use subnets of a network?

Combine different media type on the same subnet.

Which of the following IPv6 addresses is the equivalent of IPv4 loop-back address of 127.0.0.1?

::1

Which of the following describes an IPv6 address? (select two)

128-bit address; eight hexadecimal quartets

Which of the following correctly describe the most common format for expressing IPv6 addresses? (select two)

Hexadecimal numbers; 32 nubmers, grouped using colons

Which of the following are valid IPv6 addresses? (select two)

6384:1319:7700:7631:446A:5511:8940:2552 AND 141:0:0:0:15:0:0:1

Which of the following is a valid IPv6 address?

FEC0::AB;9007

Routers operate at which level of the OSI model?

Network layer OR layer 3

You’ve decided to use a subnet mask of 255.255.192.0 on the 172.17.0.0 network to create four separate subnets. Which network IDs will be assigned to these subnets in this configuration? (selec two)

172.17/128.0 AND 172.17.0.0

Which of the following are improvements to SNMP that are included within SNMP version 3?

Authentication for agents and managers. Encryption of SNMP messages.

Which protocol does HTTPS use to offer greater security for Web transactions?

SSL.

Talnet is inherently insecure because its communication is in plain text and is easily interpreted. Which of the following is an acceptable alternative to Talnet?

SSH.

Which of the protocols is used for securely browsing a Web site?

HTTPS

You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration.
What should you do?

Implement version 3 of SNMP.

Which of the following protocols can be used to securely manage a network device from a remote connection?

SSH.

Which of the following protocols are often added to other protocols to provide secure transmission of data?

TLS. SSL.

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the Web site. The two hashes match. What do you know about the file

Your copy is the same as the copy posted on the website.

Which of the following is the strongest hashing algorithm

SHA-1

Which of the following best describes high amplifications when applied to hashing algorithms

A small change in the message results in a big change in the hash value.

Which of the following is the weakest hashing algorithm

MD-5

When two different messages produce the same hash value, what has occurred

Collision

Hashing algorithms are used to perform what activity

Create a message digest

Your company system is a participant in an asymmetric cryptography system. You’ve crafted a message to be sent another user. Before transmission, you hash the message, then encrypt the hashing using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide

Integrity

Which of the following is used to verify that a downloaded file has not been altered

Hash

By definition, which security concept uses the ability to prove that a sender sent an encrypted message

Non-repudiation

You create a new document and save it to a hard drive on a file server on your company’s network. Then, you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing what security goal

Confidentiality

By definition, which security concept ensures that only authorized parties can access data

Confidentiality

What is the cryptography mechanism which hides secret communications within various forms of data

Steganography

Which of the following encryption methods combines a random value with the plaintext to produce the cipher text

One-time pad

By definition, which security concept uses the ability to prove that a sender sent an encrypted message?

Non-repudiation

Which of the following is not a valid example of steganography

Encrypting a data file with an encryption key

When a cryptographic system is used to protect confidentiality of data, what is actually protected

Unauthorized users are prevented from viewing or accessing the resource.

What form of cryptography is best suited for bulk encryption because it is so fast

Symmetric key cryptography

Which of the following is not true concerning symmetric key cryptography

Key management is easy when implemented on a large scale.

Which of the following algorithms are used in symmetric encryption (Select three.)

Blowfish, AES, 3DES

What type of key or keys are used in symmetric cryptography

A shared private key

Which of the following is the weakest symmetric encryption method

DES

You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible

AES

How many keys are used with symmetric key cryptography

One

Which of the following is used for secure exchange of symmetric encryption keys

Diffie-Hellaman

Which of the following algorithms are used in asymmetric encryption (Select two.)

Diffie-Hellman, RSA

Which of the following are characteristics of ECC (Select two.)

Asymmetric encryption, Uses a finite set of values within an algebraic field.

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. What must the receiver use to access the hashing value to the verify the integrity of the transmission

Sender’s public key

How many keys are used with asymmetric or public key cryptography

Two

Which of the following is the employment of two separate key pairs in order to separate the security functions of confidentiality and integrity in a communication system

Dual key pair

A PKI is a method for managing which type of encryption

Asymmetric

Which of the following protocols are most likely used with digital signatures (Select two.)

ECC, RSA

What is the purpose of key escrow

To provide a means to recover from a lost private key

Which of the following is an entity that accepts and validates information contained within a request for certificate

Registration authority

What is a PKI

A hierarchy of computers for issuing certificates

What is the most obvious means of providing non-repudiation in a cryptography system

Digital signatures

Which of the following items are contained in a digital certificate

Validity period, public key

Which of the following generates the key pair used in asymmetric cryptography

CSP

Which of the following would you find on a CPS

A declaration of security that the organization is implementing for all certificates

Which of the following best describes the content of the CRL

A list of all revoked certificates

Certificate revocation should occur under all but which of the following conditions

The certificate owner has held the certificate beyond the established lifetime timer

Which of the following security measures encrypts the entire contents of a hard drive

Drive Lock

You want to protect data on hard drives for users with laptops. You want to drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do

Implement BitLocker with a TPM

You want to implement BitLocker to encrypt data on a hard disk even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do

Enable the TPM in the BIOS

Which of the following would require that a certificate be placed on the CRL

The private key is compromised.

Which of the following is the best countermeasure for man-in-the-middle attacks

Public Key Infrastructure (PKI)

What action is taken when the private key associated with a digital certificate becomes compromised

The certification is revoked and added to the Certificate Revocation List

When a sender encrypts a message using their own private key, what security service is being provided to the recipient

Non-repudiation

A private key has been stolen. What action should be taken to deal with this crisis

Add the digital certificate to the CRL

Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature

Mary’s private key

Which of the following statements is true when comparing symmetric and asymmetric cryptography

Asymmetric key cryptography is used to distribute symmetric keys.

You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server

Obtain a certificate from a public PKI

Mary wants to send a message to Sam so the only Sam can read it. Which key would be used to encrypt the message

Sam’s public key

What is the main function of a TPM hardware chip

Generate and store cryptographic keys

Which of the following security solutions would prevent a user from reading a file which she did not create

EFS

Which of the following network layer protocols provides authentication and encryption services of IP based network traffic

IPSec

Which protocol is used for securely browsing a Web site

HTTPS

Which IPSec sub protocol provides data encryption

Encapsulating Security Payload (ESP)

You are purchasing a hard disk over the Internet from an online retailer. What does your browser use to ensure the other cannot see your credit card number on the Internet

SSL

Which of the following can be used to encrypt Web, e-mail, telnet, file transfer, and SNMP traffic

IPSec (Internet protocol security)

Which of the following technologies is based upon SSL (Secure Socket Layer)

TLS (Transport Layer Security)

Which of the following is the best countermeasure against man-in-the-middle attacks

IPSec

You want to allow traveling users to connect to your private network through the Internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won’t be able to configure the firewalls that might be controlling access to the Internet in these locations.

SSL

Which of the following protocols can be used to securely manage a network device from a remote connection?

SSH

Which standard is most widely used for certificates?

X.509

What’s the primary function of the IKE protocol use with IPSec?

Create a security association between communicating partners

The session keys employed by SSL (Secure Socket Layer) are available in what bit lengths?

128 bit and 40 bit

Which of the following protocols can TLS for key exchange?

RSA, Diffie- Hellman

Telnet is inherently insecure its communications is in plain text and easily intercepted. Which of the following is an acceptable alternative to Telnet?

SSH

Which of the following are characteristics of MLPS?(Select Two)

Adds labels to data units, Supports variable-length data units

Which of the following is WAN technology that allows for interoperability of vendor hardware for fiber optic networking?

SONET

Which type of network establishes a dedicated connection between two hosts who need to communicate on the network, not allowing any other host to use the medium until the communication is complete?

Circuit-switched

Which of the following terms identifies the network of dial-up telephone and the long-distance lines?

PSTN

Which of the following are characteristics of ATM?(Select Two)

Uses fixed-length cells of 53-bytes

If the SONET (OC-1) base data rate is 51.84 Mbps, how much data can the Optical Carrier level 12 (OC-12) transfer in one second?

622.08 Mb

You have a site in your network that is connected to multiple other sites. A single virtual circuit is used to connect to all other sites.

Point-to-multipoint

What must install between your network and a T1 line for your network to use the T1 line?

CSU/DSU

Which of the following describes the lines used in local loop for dial-up telephone access?

POTS

Which type of network divides data to be transmitted into small units and routes these units from the originating system to the destination system, allowing multiple, concurrent communications on the network medium?

Packet-switched

What is the speed of an OC-3 connection?

155 mbps

Which of the following correctly describes the T1 carrier system?(select two)

A single T1 channel can transfer data at 64 Kbps, T1 lines use pairs of copper wire

You are implementing Internet connectivity for a new start-up company. Your client will provide on-line storefronts for retailers. To do this, they have calculated that their Internet connection must provide a data rate of at least 20 – 30 Mbps. Which type of service should you implement?

T3

Which of the following technologies uses variable-length packets and adds labels to packets as they enter the WAN cloud, with the labels being used to switch packets and prioritize traffic?

MPLS

Which of the following are characteristics of SONET? (Select Two)

Transport protocol used for other traffic types, dual counter-rotating fiber optic rings

You have a series of WAN links that connects your site to multiple other sites. Each remote site is connected to your site using a dedicated link What type of connection is being used?

Point-to-point

Which of the following devices is used on a WAN to convert synchronous serial signals into digital signals?

CSU/DSU

You are traveling throughout North America to many metropolitan and rural areas. Which single form of Internet connectivity provides the greatest potential connectivity wherever you travel?

PSTN

Which of the following is the most susceptible to interference related to atmospheric conditions?

Satellite

Which of the following services are available regardless of whether the telephone company network is available?

Cable modem

What is the maximum data rate of an ISDN BRI line?

128 Kbps

Which of the following are characteristics of VDSL? (Select Two)

Unequal download and upload speeds, Supports both data and voice at the same time

Which of the following is a characteristic of SDSL?

Supports data traffic only (no voice)

Which of the following Internet connection technologies requires that the location be within a limited distance of the telephone company central office?

DSL

Which two of the following describe the channels and the data transfer rates used for ISDN BRI(Select Two)

One D channel operating at 16 Kbps, Two B channels operating at 64 Kbps each

To access the Internet through the PSTN, what kind of connectivity device must you use?

Modem

Which of the following Internet services provides equal upload and download bandwidth?

SDSL

Which WAN connection types use digital communications over POTS?(Select two)

ISDN, DSL

A healthcare organization provides mobile clinics throughout the world. Which network technology should you select to transfer patient statistical data to a central database via the Internet to ensure network connectivity for any clinic located anywhere in the world, even remote areas?

Satellite

Which three of the following are characteristics of ISDN?

It provides enough bandwidth to transmit data at much higher speeds than standard modems and analog lines, It is a dial-up service that uses existing copper wires for the local loop, It lets you transmit voice, video, and data over the same lines.

You want to set up a service to allow multiple users to dial into the office server from modems on their home computers. What service should you implement?

RAS

Which of the following is a platform independent authentication system that maintains a database of user accounts and passwords that centralizes the maintenance of those accounts?

RADIUS

Which of the following protocols of services is commonly used on cable Internet connections for user authentication?

PPPoE

You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files on that server that you need. You want the connection to be as secure as possible. Which type of connection will you need?

Remote access

Which of the following are characteristics TACACS+?(Chose Two)

Uses TCP, Allows for a possible of three different servers, one each for authentication, authorization, and accounting

You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization.

Configure the remote access servers as RADIUS servers.

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two)

TACACS+, RADIUS

You have just signed up for Internet access using a local provider that gives you a fiber optic line into your house. From there, Ethernet and wireless connections are used to create a small network within your home. Which of the following protocols would be used to provide authentication, authorization, and accounting for the Internet connection?

PPPoE

Which of the following are differences between RADIUS and TACACS+?

RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.

You are configuring your computer to dial up to the Internet. What protocol should you use?

PPP

Users on your network report that they have received an email stating that the company has just launched a new website for employees, and to access the Web site they need to go there and enter their user name and password information. No one in your company has sent this email. What type of attack is this?

Phishing

Which of the following statements about the use of anti-virus software is correct?

Anti-virus software should be configured to download updated virus definition files as soon as they become available.

An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?

Denial of Service

A Smurf attack requires all but which of the following elements to be implemented?

Padded cell

Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network office. What type of security risk is this?

Rouge access point

Which of the following describes a man-in-the -middle?

A false server intercepts communications from a client by impersonating the intended server.

What is the primary countermeasure to social engineering?

Awareness

Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?

Denial of Service attack

Which of the following is a form of denial of service attack that uses spoofed ICMP PACKETS TO FLOOD A VICTIM WITH ECHO REQUESTs USING A BOUNCE/AMPLIFICATION network?

Smurf

What is the main difference between a worm and a virus?

A worm can replicate itself and does not need a host for distribution.

How can an organization help prevent social engineering attacks?(Select Two)

Educate employees on the risks and countermeasures, Publish and enforce clearly written security policies.

Capturing packets as they travel from one host to another with the with the intent of altering the contents of the packets is a form of which security concern?

Man-in-the-middle attack

What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it found?

Virus

You have worked as the network administrator for a company for seven months. One day all picture files on the server become corrupted. You discover that user download a virus from the Internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss is adamant that this situation doe not occur. What should you do?

Install a network virus detection software solution.

Which of the following measures are you most likely to implement in order to protect against a worm or a Trojan horse?

Anti-virus software

Which of the following is the best countermeasure against man-in-the-middle attacks?

IPSec

Which of the following is NOT a primary characteristic of a worm?

It infects the MBR of a hard drive

Which of the following are examples of social engineering? (Select Two)

Dumpster diving, Shoulder surfing

Which of the following are characteristics of a circuit-level gateway? (Select Two)

Filters based on sessions, Stateful

How does a proxy server differ from a packet filtering firewall?

A proxy server operates at the Application layer, while a packet filtering firewall operates at the Network layer.

Which port number is used by SNMP?

161

You are the administrator for a secure network that uses firewall filtering. Several network users have requested to access Internet Usenet groups but are unable. What needs to be done to allow users to access the newsgroups?

Open port 119 to allow NNTP service.

You administer a Web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the Web site as follows: IP address: 192.168.23.8, HTTP Port: 1030, SSL Port: 443. Users complain that they can’t connect to the web site when they type www.westsim.com. What is the most likely source of the problem?

The HTTP port should be changed to 80.

Which of the following functions are performed by proxies? (select two)

Cache web pages, Block employees from accessing certain websites.

Your company leases a very fast Internet connection and pays for it based on usage. You have been asked by the company president to reduce Internet line lease costs. You want to reduce the amount of web pages that are downloaded over the leased connection, without decreasing performance. What is the best way to do this?

Install a proxy server.

Which protocol and port number is used by BOOTP/DHCP?

UDP 67

Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?

ACL

Using the Netstat command you notice that a remote system has made a connection to your Windows server 2003 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing ?

Downloading a file

You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?

Circuit-level

Haley configures a Web site using Windows 2000 default values. What are the HTTP port and SSL port settings?

80 for HTTP; 443 for SSL

You are configuring a network firewall to allow SMTP outbound email traffic, and POP3 inbound email traffic. Which of the following TCP/IP ports should you open on the firewall? (Select Two)

25, 110

Which of the following are characteristics of a packet filtering firewall? (Select Two)

Filters IP address and port, Stateless

You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to implement scanning of emails for all users. You want to scan the emails and prevent any emails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?

Network based firewall

You have a company network that is connected to the internet. You want all users to have internet access, but need to protect your private network and users. You also need to make private network and users. You also need to make a Web server publicly available to Internet users. Which solution should use?

Use firewalls to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ

Which protocol and port number is used by TFTP?

UDP 69

Your company has a connection to the Internet that allows users to access the Internet. You also have a web server and an email server that you want to make available to Internet users. You want to create a DMZ for these servers. Which type of device should you use to create the DMZ?

Network based firewall

You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use?

Host based firewall

You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets.

IP address

IPsec is implemented through two separate protocols. What are these protocols called? (Select Two)

AH, ESP

A VPN is used primarily for what purpose?

Support secured communications over an untrusted network.

You are in the middle of a big project at work. All of your work files are on a server at the office. You want to be able to access the server desktop, open and edit files, save files on the server, and print files to a printer connected to a computer at home. Which protocol should you use?

RDP

You have a group of salesman who would like to access your private network through the Internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?

VPN concentrator

You want to use a protocol that can encapsulate other LAN protocols and carry the data securely over an IP network.

PPTP

You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won’t be able to configure the firewalls that might be controlling access to the Internet in these locations. Which of the following protocols would be most likely to be allowed through the widest number of firewalls?

SSL

Which of following network layer protocols provides authentication and encryption services for IP based network traffic?

IPSec

Which of the following protocols can your portable computer use to connect to your company’s network via a tunnel through the Internet? (Select two)

L2TP

You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature allows the switches to pass VLAN traffic between the switches?

Trunking

You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement?

VLANs

When configuring VLANs on a switch, what is used to identify VLANs on a switch, what is used to identify VLAN membership of a device?

Switch port

Which of the following do switches and wireless access points use to control access through the device?

MAC filtering

Which of the following best describes the concept of a virtual LAN?

Devices on the same network logically grouped as if they were grouped on separate networks.

Which switch features are typically used with VoIP? (Select Two)

PoE, VLAN

Which of the following connectivity hardware is used to create a LAN?

Switch

You manage a private network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1, and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch also in VLAN 1. What should you configure to allow communication between these two devices through the switches?

Trunking

When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?

Trunk ports

Which type of devices is required to implement port authentication through the switch?

RADIUS server

Your company is a small start-up company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?

VLAN

You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure?

Port authentication

You manage a network with two switches. The switches are connected together through their Gigabit uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in the VLAN 1 needs to communicate with a device on the same switch which is in VLAN 2. What should you configure so that the two devices can communicate?

Routing

You run a small network for your business that has a single router connected to the Internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?

VLAN

When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?

Ticket

Which of the following are used when implementing Kerberos for authentication and authorization? (Select Two)

Time server, Ticket granting

You want to implement an authentication method that uses public and private key pairs. Which authentication method should you use?

EAP

You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch? Which one of the following should you implement?

802.1x

Which of the following applications typically use 802.1x authentication? (Select Two)

Controlling access through a switch, Controlling access though a wireless access point

You have been contracted by a firm to implement a new remote access solution based on a Windows Server 2003 system. The customer wants to purchase and install a smart card system to provide a high level of security to the implementation. Which of the following authentication protocols are you most likely to recommend to the client?

EAP

Which of the following authentication protocols uses a three-way handshake to authenticate users to the network? (Choose two)

CHAP, MS-CHAP

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Mutual authentication

Which of the following is a mechanism for granting and validating certificates?

PKI

Which of the following authentication methods uses tickets to provide single sign on?

Kerberos

You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server?

Obtain a certificate from public PKI

Which of the following protocols can be used to securely manage a network device from a remote connection?

SSH

You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?

Implement version 3 SNMP

Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two)

SSL, TLS

Which protocol does HTTPS use to offer greater security in Web transactions?

SSL

which protocol is used for securely browsing a Web site?

HTTPS

Which of the following are improvements to SNMP that are included within SNMP version 3? (Select two)

Authentication for agents and managers, Encryption of SNMP messages

Telenet is inherently insecure because its a communication is in plain text and is easily intercepted. Which of the following is an acceptable alternative to Telnet?

SSH

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?

Host based IDS

What actions can a typical passive Intrusion Detection System (IDS) take when it detects an attack? (Select two)

The IDS logs all pertinent data about the intrusion, An alert is generated and delivered via Email, the console, or an SNMP trap.

Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?

IDS

You are concerned about protecting your network from network based attacks from the Internet. Specifically, you are concerned about "zero day" attacks (attacks that have not yet been identified or that do not have prescribed protections).

Anomaly based IDS

You want to make sure that a set of servers will only accept traffic for specific network services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?

Port scanner

What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?

IDS

Which of the following functions can a port scanner provide?

Discover unadvertised servers, Determining which ports are open on a firewall

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack. Which tool should you use?

IPS

Which of the following devices can monitor a network and detect potential security attacks?

IDS

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities list in a database?

Signature based

What is the most common form of host based IDS that employs signature or pattern matching detection methods?

Anti-virus software

Which of the following devices is capable of detecting and responding to security threats?

IPS

Your organization recently purchase 18 iPad tablets for use by the organization’s management team. These devices have iOS pre-installed on them. To increase the security of these devices, you wan to apply a default set of security related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is a part of a complete solution)

Enroll the devices in a mobile device management (MDM) system AND Configure and apply security policy settings in a mobile device management system

MATCHING:
Jailbreaking = allows apps to be installed from sources other than the app store

Jailbreaking = allows apps to be installed from sources other than the app store

MATCHING:
Sideloading = Allows apps to be installed from sources other than the Windows Store.

Sideloading = Allows apps to be installed from sources other than the Windows Store.

MATCHING:
Sandboxing = prevents a running app from accessing data stored by other running apps

Sandboxing = prevents a running app from accessing data stored by other running apps

MATCHING:
Assigned Access = Defines a whitelist of Windows Store applications

Assigned Access = Defines a whitelist of Windows Store applications

Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connections using the credentials assigned to a vice president in your organization. For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice presidents home recorded someone rummaging through her garbage cans prior to the attack. The VP admitted to writing her VPN log in credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network. You’ve reviewed the VP’s social media pages and found pictures of her home posted, but you didn’t notice anything in he photos that would give away her home address. She assure you that her smart phone was never misplaced prior to the attack. Which security weakness is the most likely cause of the security breach?

Geo-tagging was enabled on her smart phone

Your organization is formulating a bring your own device (BYOD) security policy for mobile devices. Which of the following statements should be considered as you formulate your policy?

You can’t use domain-based group policies to enforce security settings on mobile devices.

Your organization’s security policy specifies that any mobile device (regardless of ownership) that connects to your internal network must have remote wipe enabled. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it. Your organization recently purchased several Windows RT tablets. Which should you do?

sign up for a Windows Intune account to manage the tablets.

Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in your cloud-based Windows Intune account. Once of your sales reps left her tablet in an airport. The device contains sensitive information and you need to remove it in case the device is compromised. Which Intune portal should you use to perform a remote wipe?

Admin Portal

Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customer sites. You manage these devices by enrolling them in your cloud-based Windows Intune account. Once of your sales reps left his notebook at a customer’s site. The device contains sensitive information and you want to change the password to prevent the data from being compromised. Which Intune portal should you use to remotely change the password?

Admin Portal

On your way into the back entrance of the building at work one morning, a man dressed as pluber asks you to let him in so he can "fix the restroom". What should you do?

Direct him to the front entrance and instruct him to check in with the receptionist.

Which of the following are solutions that address physical security? (Select two)

Require identification and name badges for all employees. Escort visitors at all times.

Which of the following can be used to stop piggybacking that has been occurring at a front entrance where employees should swipe their smart cards to gain entry?

Deploy a mantrap

What is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment but which actively prevents re-entrance through the exit portal?

Turnstiles

You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which type of camera type should you choose?

PTZ (Pan Tilt Zoom)

you want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions?

500 resolution, 50mm, .05L UX

Which of the following CCTV camera types lets you adjust the distance that the camera can see (i.e. zoom in or out) ?

Varifocal

Which of the following CCTV types would you use in areas with little or no light?

Infrared

Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry?(Select two)

Double -entry door. Turnstile.

Which of the following controls is an example of a physical access control method?

Locks on doors

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You’ve hired a 3rd-party security consultant to review your organization’s security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement cable locks to prevent theft of computer equipment.
Click on the office location where cable locks would be most appropriate.

At the lobby

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You’ve hired a 3rd-party security consultant to review your organization’s security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement mantraps to prevent this from happening in the future.
Click on the office location where a mantrap would be most appropriate.

At the lobby

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You’ve hired a 3rd-party security consultant to review your organization’s security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you provide employees with access badges and implement access badges readers to prevent this from happening in the future.
Click on the office location where a mantrap would be most appropriate.

Building entrance in the lobby. Sensitive areas as server room.

You are the security administrator for a small business. The floor plan for your organization is shown in the figure below.
You’ve hired a 3rd-party security consultant to review your organization’s security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement closed-circuit TV (CCTV) surveillance cameras to prevent this from happening in the future.
Click on the office location where a mantrap would be most appropriate.

Building entrance. Sensitive areas as the server room.

Hardened carrier.
Biometric authentication.
Barricades.
Emergency escape plans.
Alarmed carrier.
Anti-passback system.
Emergency lighting.
Exterior floodlights.

Protected cable distribution. Door locks. Perimeter barrier. Safety. Protected cable distribution. Physical access control. Safety. Perimeter barrier.

Which of the following is the most important thing to do to prevent console access to the router?

Keep the router in a locked room

You have 5 salesmen who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns?

Use cable locks to chain the laptop to the desks

You are an IT consultant and are visiting a ne client’s site to become familiar with their network. As you walk around their facility, you note the following:
-When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager’s cubicle. The receptionist uses a notebook system that is secured to her desk with cable lock.
-The office manager informs you that the organization’s servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet.
-She informs you that the server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media.
-You notice the organization’s network switch is kept in an empty cubicle adjacent to the office manager’s workspace.
-You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks.
Which security-related recommendations should you make to this client? (Select two)

Control access to the work area with locking doors and card readers. Relocate the switch to the locked server closet.

You are an IT consultant and are visiting a ne client’s site to become familiar with their network. As you walk around their facility, you note the following:
-When you enter the facility, a receptionist greets you and escorts you through a locked door to the work area where the office manager sits .
-The office manager informs you that the organization’s servers are kept in a locked closet. An access card is required to enter the server closet.
-She informs you that the server backups are configured to run each night. A rotation of tapes are used as the backup media.
-You notice the organization’s network switch is kept in the server closet.
-You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks.
-The office manager informs you that her desktop system will no longer boot and asks you to repair or replace it, recovering as much data as possible in the process. You carry the workstation out to your car and bring it back to your office to work on it.

Which security-related recommendations should you make to this client? (Select two)

Implement a hardware checkout policy

You walk by the server room and notice a fire has started. What should you do first?

Make sure everyone has cleared the area

Which of the following fire extinguisher types is best used for electrical fires that might result when working with computer components?

Class C

Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components?

Carbon dioxide (CO2)

Which of the following fire extinguisher types poses a safety risk to users in the area? (Select two)

Halon CO2

Users are complaining that sometimes network communications are slow. You use a protocol analyzer and find that packets are being corrupted as they pass through a switch. You also notice that this only seems to happen when the elevator is running.
What should you do?

Install shielded cables near the elevator

What is the recommended humidity level for server rooms?

50%

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees.
What should you do?

Add a separate A/C unit in the server room

You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into the server components and affecting the ability of the network.
Which of the following should you implement?

Positive pressure system

Which of the following statements about ESD is not correct?

ESD is much more likely to ocurre when the relative humidity is above 50%

Which of the following is the/least effective power loss protection for computer systems?

Surge protector

Besides protecting a computer from under voltages, a typical UPS also performs which 2 actions:

Protects from over voltages. Conditions the power signal.

A smart phone was lost at the airport. There is no way to recover the device. Which of the following will ensure data confidentiality on the device?

Remote Wipe

Which of the following are not reasons to remote wipe a mobile device?

When the device is inactive for a period of time

Which of the following mobile device security consideration will disable the ability to use the device after a short period of inactivity?

Screen lock

Most mobile device management (MDM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate.

Most accurate- GPS More accurate- WI-FI triangulation Less accurate- cell phone tower triangulation Least accurate- IP address resolution

Your organization has recently purchases 20 tablets devices for the Human Resources department to use for training sessions.
You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible.
Which actions should you take? (select 2)

Implement storage implementation. Enable service device encryption.

Over the last several years, the use of mobile devices within your organization has increased dramatically.
Unfortunately, many department heads circumvented your Information Systems procurement policies and directly purchased tablets and smartphones for their employees without authorization. As a result there is a proliferation of devices within your organization without accountability.
You need to get things under control and begin tracking the devices that are owned by your organization.
How should you do this?

Implement a mobile device management (MDM) solution

Match each bring your own device (BOYD) security issue on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all.

Preventing malware infections- Implement a network acces control (NAC) solution. Supporting mobile device users-Specify who users can call for help with mobile devices apps in your acceptable use policy. Preventing loss of control of sensitive data- Enroll devices in a mobile device management. Preventing malicious insider attacks-Specify where and when mobile devices can be possessed in your acceptable use policy. Applying the latest anti-malware definitions- Implement a network access control (NAC) solution.

Match each bring your own device (BOYD) security concern on the right with a possible remedy on the left. Each remedy may be used once, more than once, not at all.

Users take pictures of proprietary processes and procedures- Specify where and when mobile devices can be possessed in your acceptable use policy. Devices with a data plan can e-mail stole data- Specify where and when mobile devices can be possessed inyour

Which of the ff. is the single best rule to enforce when designing complex passwords?

longer passwords

For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do?

configure account lockout policies in group policy

You want to make sure that all users have passwords over 8 character and that passwords must be changed every 30 days. What should you do?

Configure account policies in Group policy

You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do?

configure time and day restrictions

You are configuring the local security policy of a Windows 7 system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (Select two.)

enforce password history; minimum password age

You are configuring the local security policy of a Windows 7 system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attemps. Which policies should you configure? (Select two.)

minimum password length; account lockout threshold

You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration?

User cannot change the password for 10 days

You have implemented lockout with a clipping level of 4. What will be the effect of this setting?

the account will be locked for 4 incorrect attempts

Which of the ff. is not important aspect of password management?

enable account lockout

You are teaching new users about security and passwords. Which example of the passwords would be the most secure password?

T1a73gZ9!

Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company’s customer database. Which action should you take? (2)

Delete the account that the sales employees are currently using. Train some employees to use their own accounts to update the customer database

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do???????

implement a granular password policy for the users in the Directors OU

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You would like to define a granular password policy for these users. Which tool should you use?

ADSI edit

You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. What should you do?

create a granular password policy. apply the policy to all users in the director’s OU

Yo manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer. He would like his account to have even more strict password policies than is required for other members of the Directors OU. What should you do?

create a granular password policy for Matt. apply the new policy directly to Matt’s user account.

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access?

TACACKS+, Radius

You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization.
Which of the following would be a required part of your configuration?

configure the remote access servers as RADIUS clients

Which of the following are characteristics of TACACS +?

allows for a possible of three different servers, one for each authentication, authorization, and account; uses TCP

Which of the following are differences between RADIUS and TACACS+?

Radius combines authentication and authorization into a single function. TACAS+ allows these services to be split between different servers.

Which of the ff. protocols can be used to centralize remote access authentication?

TCACS

RADIUS is primarily used for what purpose?

authenticating remote clients before access to the network is granted

Which of the ff. is a characteristic of TACACS+?

it encrypts the entire packet, not just authentication packets

Which of the ff. ports are used with TACACS?

49

What does a remote access server use for authorization?

Remote access policies

Which of the ff. is the best example of remote access authentication?

user establishes a dialup connection to a server to gain access to shared resources

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP

Mutual authentication

CHAP performs which of the following security functions?

periodically verifies the identity of a peer using a three-way handshake

Which of the following authentication protocols transmits passwords in clear text, and is therefore considered too insecure for modern networks

PAP

Which remote access authentication protocol periodically and transparently re-authenticates during logon session by default

CHAP

which of the following authentication protocols uses a three-way handshake to authenticate users to the network? (choose 2)

MS-CHAP & CHAP

When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?

ticket

Which of the following are used when implementing Kerberos for authentication and authorization? (Select Two)

ticket granting server; time synchronization

Which of the ff. are requirements to deploy Kerberos on a network? (Select two.)

A centralized database of users and password, Time synchronization between devices

Which ports does LDAP use by default? (Select two.)

389 & 636

You want to deploy SSL to protect authentication traffic with you LDAP-based directory service. Which port would this use?

636

Your LDAP directory service solution uses simple authentication. What should you always do when using simple authentication?

Use SSL

You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?

SASL

A user has just authenticated using Kerberos. What object is issued to the user immediately following logon?

ticket granting ticket

What protocol uses port 88?

kerberos

Which of the ff. authentication mechanisms is designed to protect a 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?

LANMAN

what is mutual authentication?

A process by which each party in an online communication verifies the identity of the other party

A manage has told you she is concerned about her employees writing their passwords for Web sites, network files, and databases resources on sticky notes. Your office runs exclusively in a Windows environment.
Which tool could be used to prevent this?

credential manager

KWalletManger is a Linux based credential management system that stores encrypted account credentials for network resources.
Which encryption methods can KWalletManager use to secure account credentials?(Two)

blowfish & GPG

You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive.
What option would you hit?

back up credentials

In an identity Management System, what is the function of the Authoritative Source?

specify the owner of a data item

In an identity Management System, what is the function of the Identity Vault?

ensure that each employee has the appropriate level of access in each system

You are the network administrator for a small company. Your organization currently uses the following server systems:
• A Windows server that functions as a domain controller and a file server.
• A Novell Open Enterprise Server that functions as a GroupWise e-mail server.
• A Linux server that hosts your organization’s NoSQL database server that is used for big data analysis.

Because each of these systems uses its own unique set of authentication credentials, you must spend a considerable amount of time each week keeping user account information updated on each system.In addition, if a user changes his or her password on one system, it is not updated for the user’s accounts on the other two systems.

implement an identity vault. implement password synchronization

Share This
Flashcard

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more

NCLEX 300-NEURO

A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message
sending