Chapter One (WRONG)
What is a virtual firewall?
A firewall that runs in an endpoint virtual machine
Which of the following does NOT describe an area that separates threat actors from defenders?
Air gap
Who verifies the authenticity of a CSR?
Certificate authority
Which of the following is NOT a NAC option when it detects a vulnerable endpoint?
Connect to a quarantine network.
Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use?
Data Object Obfuscation (DOO)
Which of the following is not a basic configuration management tool?
Diagrams
Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use?
Download only vetted libraries.
Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need?
Extended validation
Which firewall rule action implicitly denies all other traffic unless explicitly allowed?
Force Deny
Sofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose?
Full tunnel
Which of the following is NOT correct about L2TP?
It does not offer encryption.
Which of the following is NOT true about VBA?
It is included in select non-Microsoft products.
Which of the following is NOT a reason that threat actors use PowerShell for attacks?
It leaves behind no evidence on a hard drive.
Which of the following functions does a network hardware security module NOT perform?
Key management
What is the result of an ARP poisoning attack?
MAC addresses are altered
Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this?
MAC overflow attack
Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack?
Network
Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this?
Packet filtering firewall
Which of these is NOT used in scheduling a load balancer?
The IP address of the destination packet
Which of the following can a digital certificate NOT be used for?
To verify the identity of clients and servers on the Web
Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior?
Wireshark
Which of the following is a third-party OS penetration testing tool?
theHarvester