Domain 2- Security
Question 146: Which type of authentication would require a user fingerprint or facial recognition for a user to get past the screen lock on a mobile device and gain access to the device? biometric authenticationIn
Explanation A biometric authentication system attempts to identify a person based on metrics, or a mathematical representation, of the subject's biological attributes, such as a fingerprint or a face recognition.
Question 35: While on a business trip, an employee accesses the company's internal network and transfer files using an encrypted connection. Which of the following digital security methods is being used? Access control list Firewall VPN DLP
Explanation A Virtual Private Network (VPN) is an encrypted tunnel between remote users and a private network. Data Loss Prevention (DLP) programs or devices monitors operations such as file transfers and email for user activities that could compromise data security. An access control list contains users and groups of users that are granted access to files, folders, and other resources. Firewalls are placed between the company network and the internet to filter network traffic at the IP level. VPNs are usually allowed to tunnel through these firewalls. In some cases, both functions may be available on one device.
Question 150: Joe, a mobile device user, is allowed to connect his personally owned tablet to a company's network. Which of the following policies defines how company data is protected on Joe's tablet? Trusted sources policy Remote backup policy BYOD policy Device encryption policy
Explanation A Bring Your Own Device (BYOD) policy addresses the issues of personal data privacy and the protection of corporate data along with corporate control versus individual control of the device. Trusted source refers to the approved location for obtaining mobile applications, Google Play Store, App Store, and Microsoft Store. The BYOD policy may require the full encryption of the device when storing corporate data. Some BYOD policies may not require encryption. Remote backup refers to applications that backup data on the mobile device. Usually, the backup data is stored in the cloud.
Question 44: A VPN is used primary for what purpose? Support the distribution of public Web documents Allow remote systems to save on long distance charges Allow the use of network-attached printers Support secured communications over an untrusted network
Explanation A VPN (Virtual Private Network) is used primarily to support secured communications over an untrusted network. A VPN can be used over a local area network, across a WAN connection, over the Internet, and even between a client and a server over a dial-up connection through the Internet. All of the other items listed in this question are benefits or capabilities that are secondary to this primary purpose.
Question 8: A public library has purchased a new laptop computer to replace their older desktop computers and is concerned that they are vulnerable to theft. Which of the following laptop features should be used to physically secure the laptop? Biometric authentication An external encryption device A multi-factor password policy A cable lock
Explanation A cable lock can be used to physically secure a laptop to deter theft. Biometric authentication does not physically secure a laptop. A multi-factor password policy does not physically secure a laptop. An external encryption device does not physically secure a laptop.
Question 145: Which of the following security measures is a form of biometrics? Chassis intrusion detection BIOS password Fingerprint scanner TPM
Explanation A fingerprint scanner is a type of biometrics. The fingerprint scanner uses the ridges of your skin known as ridge minutiae. A Trusted Platform Module (TPM) is a special chip on the motherboard that generates and stores cryptographic keys to verify that the hardware has not changed. This value can be used to prevent the system from booting if the hardware has changed. Chassis intrusion detection helps you identify when a system case has been opened. A BIOS password controls access to the BIOS setup program.
Question 31: A user can't make an RDP connection from outside the network to a server inside the network. Which network device will a network administrator MOST likely configure to allow this connection? Firewall Access point Switch Hub
Explanation A firewall filters network traffic based on a set of rules. The network administrator will most likely configure the firewall to allow RDP traffic. A switch maintains a table of MAC addresses by port and forwards network frames to only the port that matches the MAC address. An access point gives Wi-Fi access to a network. A hub transmits a data frame to every port except the port that received the data frame.
Question 32: Which of the following is the BEST device to deploy to protect your private network from a public, untrusted network? Firewall Hub Router Gateway
Explanation A firewall is the best device to deploy to protect your private network from a public, untrusted network. Firewalls are used to control traffic entering and leaving your trusted network environment. Firewalls can manage traffic based on source or destination IP address, port number, service protocol, application or service type, user account, and even traffic content. Routers offer some packet-based access control, but not as extensively as a firewall. Hubs and gateways are not sufficient for managing the interface between a trusted network and an untrusted network.
Question 3: An employee working from home accesses the company network using a VPN connection. When connecting, the employee is prompted for a PIN that changes at predetermined intervals. Which of the following will the employee MOST likely use to obtain the PIN? Key fob Fingerprint reader RFID badge Entry control roster
Explanation A key fob can be issued to the employee that presents a security code or PIN that changes at predetermined intervals. This PIN is synchronized to the master security system and provides authentication to initialize the VPN connection. Security personnel can grant access to a physical area using entry control roster. Only people on the roster will be granted access. It does not provide a PIN. When presented to a reader, an RFID badge can transmit a security token. Normally, this token is static and does not change. A fingerprint reader can be used for authentication, but does not normally provide a PIN.
Question 36: There are two main types of firewalls that you should be familiar with. Which of the following describes a feature of a network-based firewall? Is executed directly on the servers that need to be protected. Inspects traffic as it flows between networks. Works with a single network interface. Inspects traffic received by a specific host.
Explanation A network-based firewall inspects traffic as it flows between networks. A host-based firewall inspects traffic received by a specific host. Host-based is installed directly on a host and only requires a single interface. A network-based firewall requires two (or more) interfaces.
Question 152: While organizing a storage cabinet, a technician discovers a box of hard drives that are incompatible with current hardware and may contain sensitive data. Which of the following is the BEST method for disposing of these drives? Partitioning Shredding Formatting Overwriting
Explanation A physical method of destroying the hard drives is best. This includes shredding, drilling, pulverizing, degaussing, and incinerating. If not done repeatedly, overwriting may leave recoverable data on the disk. Formatting will leave recoverable data on the disk. Partitioning will leave recoverable data on the disk.
Question 1: During an airline flight, a laptop user makes last-minute changes to a presentation that contains sensitive company information. Which of the following would make it difficult for other passengers to view this information on the laptop display? Smart card Mantrap Privacy filter Cable lock
Explanation A privacy filter narrows the viewing angle of the laptop display so that only the person directly in front can see the display. A cable lock can be used to secure valuable items that can be easily removed from the workplace, like laptops. It would do nothing to prevent others from viewing the laptop display. Smart cards can provide authentication, but do nothing to prevent others from viewing the laptop display. A mantrap is used to control access between two areas that have different security levels. It helps prevent tailgating by requiring that the entry into the mantrap from one area close before entry to the second area is possible.
Question 4: Which of the following security technologies stores identification information in a magnetic strip, radio frequency transmitter, or hardware contact to authorize access to a computer? Smart card Biometric ID badge SSID Key fob
Explanation A smart card contains identification information stored on a magnetic strip, radio frequency transmitter, or hardware contact that allow it to interact with a smart card reader to authorize access. The reader uses information on the card to allow or deny access. A biometric is a physical characteristic of a human that can be scanned to control access. A key fob can be used for accessing an automobile, but is not used for computer access. An ID badge can be just a picture with a name on it and may or may not also be a smart card. In Windows, the Local Security Policy is a collection of settings that control how the system behaves. The SSID is the name of a wireless network.
Question 7: Which of the following is not a form of biometrics? Retina scan Face recognition Fingerprint Smart card
Explanation A smart card is used in token-based authentication, so it is not a form of biometrics. Biometrics rely on personal characteristics (such as fingerprints, facial recognition, or a retina scan) to prove identity. A smart card is an example of the something you have authentication factor.
Question 37: Which are examples of a strong password? (Select TWO). Morganstern TuxP3nguinsRn0v3l skippy NewYork il0ve2EatIceCr3am
Explanation A strong password is one that: · Is at least 6 characters long (longer is better) · Is not based on a word found in a dictionary · Contains both upper-case and lower-case characters · Contains numbers · Does not contain words that can be associated with you personally · Is changed frequently The passwords il0ve2EatIceCr3am and TuxP3nguinsRn0v3l both meet the above criteria. The password NewYork is long enough and includes upper- and lower-case letters, but it doesn't contain numbers and could be easily dissected into a dictionary word. The password skippy is probably a pet name. The password Morganstern is probably someone's last name (perhaps a spouse's name or a maiden name).
Question 38: Which of the following is an example of a strong password? Robert694 a8bT11$yi at9iov45a desktop#7
Explanation A strong password should not contain dictionary words or any part of the login name. They should include upper- and lower-case letters, numbers, and symbols. In addition, longer passwords are stronger than shorter passwords.
Question 43: Which of the following protocols establish a secure connection and encrypt data for a VPN? (Select THREE). IPSec PPTP FTP L2TP RDP
Explanation A virtual private network (VPN) uses an encryption protocol (such as IPSec, PPTP, or L2TP) to establish a secure communication channel between two hosts, or between one site and another site. Data that passes through the unsecured network is encrypted and protected. The Remote Desktop Protocol (RDP) is used by Windows Terminal Services based applications, including Remote Desktop. FTP is used for transferring files and will not establish a secure connection.
Question 173: A technician is installing a network-enabled smart home control system in a SOHO. To access the system from the internet, which of the following configurations is MOST likely required on the SOHO router? Port forwarding NAT QoS DHCP
Explanation Access to the smart home control system from the internet through the SOHO router is most likely gained using port forwarding. QoS gives priority to certain types of network traffic, such as VoIP phone traffic. DHCP dynamically assigns IP addresses to clients in the local network. NAT translates private IP addresses on the local network to public IP addresses on the internet.
Question 158: Which of the following forms of networking is highly susceptible to eavesdropping (data interception) and must be secured accordingly? Wireless Satellite DSL Dial-up ISDN
Explanation All forms of networking are potentially vulnerable to eavesdropping. Wireless networks by definition broadcast network transmissions openly and therefore can be detected by outsiders. Subsequently wireless networks should maintain data encryption to minimize the risk of transmitting information to unintended recipients.
Question 141: A technician suspects that an app on a tablet device may be surreptitiously using the camera without permission. Which of the following would be the BEST way to troubleshoot this issue? Check the results of a cell tower analyzer. Remove all Bluetooth pairings. Run an anti-malware scan. Perform a soft reset on the device.
Explanation An app that uses the phone camera without permission could be categorized as malware. A malware scan should detect this issue. Removing all Bluetooth pairings will not protect the camera from being used without permission. Checking the results of a cell tower analyzer will not prevent the camera being used without permission. Performing a soft reset on the device will stop all apps, but will not protect the camera from being used without permission.
Question 138: A company executive has just bought a new Android mobile device. She wants you to help her make sure it is protected from malware threats. What options are available and important to use to protect Android devices? (Select TWO.) Android operating system updates are sufficient to protect against malware threats. Anti-virus apps for Android have not been developed yet. Any Android anti-virus app will be about as effective as any other. App reviews and ratings will help you choose an effective anti-virus app. Android mobile devices, like iOS devices, are not susceptible to malware threats. Anti-virus apps are available for purchase from Android app stores.
Explanation Anti-virus apps are available for purchase from Android app stores, but many are not able to protect your Android device from more than 65% of the known malware threats. As you shop for an anti-virus app, be sure to refer to app reviews and ratings to help you choose an effective anti-virus app. Android devices can be infected by malware, so it is important to take steps to protect them.
Question 148: Applications for mobile devices fall into two categories. Some have been reviewed, approved, and signed with a certificate by the app service, and some have not. Which category do apps fall into if they have been signed with a certificate? TrustedIn What category do apps fall into if they have not been reviewed, approved, and signed with a certificate? UntrustedIn
Explanation Apps that have been reviewed, approved, and signed with a certificate by the app service are referred to as trusted apps. Apps that have not been reviewed, approved, or signed with a certificate by the app service are referred to as untrusted apps. Untrusted apps might be safe, but it is risky to install them, and most devices won't allow them to be installed by default.
Question 153: You have purchased new computers and will be disposing of your old computers. These computers were previously used for storing highly-sensitive customer order information, including credit card numbers. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers? Repartition the hard drives. Reinstall a fresh copy of Windows on the drives. Delete user data and applications from the hard drives. Reformat the hard drives. Physically destroy the hard drives with a hammer.
Explanation Because the hard drives contained very sensitive information (such as credit card numbers), the best solution in this scenario is to physically destroy the drives. For example, they could be rendered useless with a hammer or hard disk shredder. Reinstalling Windows, repartitioning the drives, or even reformatting them will not remove all data remnants. Deleting data and applications from the hard drives also will not permanently remove data from the system.
Question 18: Drag the group policy setting on the left to the appropriate description of how the setting is enforced on the right. Causes the policy to be enforced Enabled Does not change the current setting for the policy Not configured Prevents the policy from being enforced Disabled
Explanation Each policy can be configured using one of the following settings: · Not Configured has no value and does not change the current setting for this policy. · Enabled causes the policy to be enforced. · Disabled prevents the policy from being enforced.
Question 167: A user calls to report that she is experiencing intermittent problems while accessing the wireless network from her laptop computer. While talking to her, you discover that she is trying to work from the break room two floors above the floor where she normally works. Which of the following is the MOST likely cause of her connectivity problem? The user needs a new IP address because she is working on a different floor. The user is out of the effective range of the wireless access point on her floor. The user has not yet rebooted her laptop computer while at her new location. The user has not yet logged off and back on to the network while at her new location. The wireless network access point on the user's normal floor has failed.
Explanation Because the user is only experiencing intermittent problems, the most likely cause is that she is out of the effective range of the wireless network access point. All of the other answers listed may be appropriate if the user was unable to connect to the network at all. However, as the user is experiencing only intermittent problems, none of the other answers is likely to be the cause of the problem.
Question 9: You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Which of the following would MOST likely increase the security of this system? (Select TWO. Each option is a complete solution.) Make user accounts members of the Administrators group. Secure the computer system to the desk with a cable lock. Assign each user a simple password so they won't be tempted to write it down. Enable the Guest account. Install a privacy filter on the monitor.
Explanation Because this system is used in close proximity to customers, you should install a privacy filter on the monitor. The privacy filter prevents customers from viewing sensitive information displayed on the monitor (such as usernames, passwords, and account numbers). You should also secure this system to the desk with a cable lock. Securing the computer to the desk prevents a malicious person from stealing the computer and all of the sensitive information it contains. Enabling the Guest user account would decrease the security of the system as would assigning simple passwords to user accounts and making all users members of the Administrators group.
Question 128: Which of the following will improve the security of sensitive information on your device if it is lost or stolen? (Select THREE.) Anti-malware software A screen lock Remote wipe Locator applications Remote backup Keeping up to date with OS updates and patches
Explanation Being able to do a remote wipe of your device will keep sensitive information from falling into the wrong hands if your mobile device is lost or stolen. Having a screen lock will help keep casual users from getting access to your device, but determined hackers can find ways around a screen lock. Locator applications might help you find your device, before a determined hacker does, if you misplace it. Keeping the operating systems up to date with the latest updates and patches will not protect your device if it falls into a determined hacker's possession. A remote backup is an essential disaster recovery solution, but will not prevent hacker exploitation or virus infection. Being up to date and having anti-malware apps for Android devices will not protect your device if it is in a determined hacker's possession.
Question 142: Why is it important to have your mobile device charger plugged in while it is receiving an operating system update? If the battery dies during the update, the operating system could become corrupted. The device must be connected to and charging from a computer so the update can be performed from the app store. Downloads run faster when the charger is plugged in. It is not important for the charger to be plugged in, since the update can be received wirelessly.
Explanation Being plugged in to the charger does not affect the speed of the update, but if the battery dies during the update, the operating system could become corrupted. Mobile devices can receive their operating system updates wirelessly so the device is no longer required to be logged into the app store (for example, iOS devices are no longer required to be updated through iTunes).
Question 6: Employees currently access a data center using RFID badges. The company is concerned that an unauthorized person could gain access using a lost or stolen badge. Which of the following could be implemented to increase the physical security? Biometric locks Security tokens Smart cards Key fobs
Explanation Biometric locks require a user to authenticate with a unique personal attribute such as their iris, fingerprint, or voice. Smart cards can be lost or stolen as easily as any other badge. Key fobs contain a security code that changes at predetermined intervals. Like badges, they can be lost or stolen. Tokens are the security components used in devices to provide the holder of the token the proper access level. They can be transmitted via card readers, magnetic swipes, or wireless communication. The company's current RFID badges would include these tokens.
Question 144: What do biometrics use to authenticate identity? Biological attributes Knowledge of passwords Ability to perform tasks Possession of a device
Explanation Biometrics is based on biological attributes. Biometrics is a strong form of authentication because each person has unique characteristics. When these unique characteristics are used for authentication, they are more reliable and stronger than the best passwords. For example, no two people have the exact same fingerprint or retina pattern.
Question 41: You want a security solution that protects the entire hard drive, preventing access even when it is moved to another system. Which of the following is the BEST method for achieving your goals? IPsec VPN BitLocker EFS
Explanation BitLocker is a Microsoft security solution that encrypts the entire contents of a hard drive, protecting all files on the disk. BitLocker uses a special key, which is required to unlock the hard disk. You cannot unlock/decrypt a drive simply by moving it to another computer. EFS is a Windows file encryption option, but only encrypts individual files. Encryption and decryption is automatic and dependent upon the file's creator and whether other uses have read permissions. A virtual private network (VPN) uses an encryption protocol (such as IPsec, PPTP, or L2TP) to establish a secure communication channel between two hosts or between one site and another site. Data that passes through the unsecured network is encrypted and protected.
Question 29: Maisy reports that her machine is behaving erratically. She suspects something is wrong because a firewall alert keeps indicating that some programs are trying to access the internet. In addition, several files have disappeared or have been renamed. Which of the following is the MOST likely cause of Maisy's computer problems? Faulty network card Low system memory Incorrect drivers Malware infection
Explanation Both a firewall alert indicating programs are trying to access the internet and missing and renamed files are symptoms of a malware infection. Low system memory may also indicate a malware infection, but is not the cause of the symptoms. An incorrect driver may be to blame if a device does not work properly. A faulty network card would affect network communications, but would not affect files on the computer.
Question 126: You work for a large company as the IT administrator. With the many external attacks being perpetrated in the form of security breaches being found in applications, you are concerned that your Windows 10 computers may be vulnerable. You also want to ensure that Windows is using the latest features. Which of the following would BEST protect your computers? Scheduled disk maintenance Antivirus updates Scheduled backups Windows updates
Explanation By default, Windows 10 PCs automatically check for updates and install any updates it finds. Although this function can be disabled, Microsoft strongly encourages the use of automatic updates to find and install Windows update as well as to keep the computers up to date with the latest features. These updates often include patches to fix security issues found in applications. Automatic maintenance can be used to perform these checks. Scheduled backups are important to have and would be useful when a computer has a virus or the computer has been ransomed. They do not, however, keep the computer safe from application security leaks or update Windows with the latest features. Scheduled disk maintenance allows the system to diagnose and repair disk errors. It does not back up files. Antivirus software and updates are important when trying to protect your computer from viruses. However, addition steps should be taken to ensure that security leaks in applications are fixed. In addition, antivirus software does not update Windows with the latest features.
Question 155: You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them by placing an ad on the Internet. These computers were previously used for storing sensitive information. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers? Reformat the hard drives Delete user data and applications from the hard drives Use data wiping software to clear the hard drives Include the original operating system discs and product keys with the computers
Explanation Data wiping software will sanitize or clean a device by removing all data remnants. Sanitization is necessary because deleting, overwriting, and reformatting (even multiple times) does not remove all data remnants. Sanitization securely removes sensitive data from storage media and is designed to solve the data remanence problem for devices that will be reused. It is the best way to remove Personally Identifiable Information (PII) from a hard disk before reuse. Deleting data and applications from the hard drives or reformatting the drive will not permanently remove data from the system. Many tools can recover deleted files.
Question 165: Which of the following are antenna types that are commonly used in wireless networks? (Select TWO). Directional antenna Low EMI antenna Full-duplex antenna High EMI antenna Omnidirectional antenna Half-duplex antenna
Explanation Directional and omnidirectional are two types of antennae commonly used in wireless networks. A directional antenna: · Creates a narrow, focused signal in a particular direction, which increases the signal strength and transmission distance. · Provides a stronger point-to-point connection and is better equipped to handle obstacles. An omnidirectional antenna: · Disperses the RF wave in an equal 360-degree pattern. · Provides access to many clients in a radius.
Question 161: A small company hires a technician to review their wireless security. The technician discovers that the wireless signal is available outside of the building. Which of the following could the technician recommend to correct this problem? (Select TWO). Update firmware. Enable MAC filtering. Implement a directional antennae. Disable SSID broadcast. Decrease radio power levels.
Explanation Directional antennae can be positioned to point wireless signals toward more desired areas and away from less desired areas. Decreasing radio power levels can limit the radius of the effective wireless signal. MAC filtering can be used to block devices from connecting, but does not limit the wireless signal. Disabling SSID broadcast can make a wireless network more secure, but does not limit the wireless signal. Updating firmware is a good practice, but does not limit the wireless signal.
Question 154: A technician upgrades the hard drive on a computer in the accounting department and decides to donate the old drive to a local trade school. Which of the following is the BEST method to ensure that the accounting data can't be recovered? Degauss Standard format diskpart format Drive wipe
Explanation Drive wipe is a software-based method of overwriting the actual data that makes up files on the hard drive. The overwriting process is performed multiple times to remove the magnetic traces of previous data. The drive remains usable after a disk wipe. A standard format removes only the reference to files and does not remove the actual data that made up the files. Software tools can easily recover this data. Degaussing a disk removes the data, but also removes lower-level formatting making the disk unusable for the local trade school. Like a standard format, data from a disk that is repartitioned using diskpart can be recovered.
Question 42: Which of the following security solutions would prevent a user from reading a file which she did not create? VPN EFS BitLocker IPSec
Explanation EFS is a Windows file encryption option that encrypts individual files so that only the user who created the file can open it. Decryption is automatic when the file owner opens it. Other users cannot open the encrypted file unless specifically authorized. BitLocker is a Microsoft security solution which encrypts the entire contents of a hard drive, protecting all files on the disk. BitLocker uses a special key which is required to unlock the hard disk. You cannot unlock/decrypt a drive simply by moving it to another computer. A virtual private network (VPN) uses an encryption protocol (such as IPSec, PPTP, or L2TP) to establish a secure communication channel between two hosts, or between one site and another site. Data that passes through the unsecured network is encrypted and protected.
Question 130: A user has configured his mobile device to unlock using facial recognition. Which of the following methods for securing a mobile device is being used? Biometric authentication A locator application An antivirus application Trusted source
Explanation Facial recognition uses biometric data for authentication. A locator application can be used to find a lost or stolen device. An antivirus application is used to detect and remove malware. Trusted source refers to the approved location for obtaining mobile applications, Google Play Store, App Store, and Microsoft Store.
Question 34: In which of the following situations should you install a firewall? You want to improve internet performance by saving popular websites locally. You want internet users to see a single IP address when accessing your company network. You want to implement a password system for internet users who access your private website. You want to restrict internet users from accessing private data on your network.
Explanation Firewalls limit traffic by blocking connections that are initiated from an untrusted network, such as the internet, unless the traffic matches rules you configure in the firewall's access control list (ACL).
Question 33: Which of the following is a firewall function? Packet rearranging Protocol converting Packet filtering Encrypting FTP hosting
Explanation Firewalls often filter packets by checking each packet against a set of administrator-defined criteria. If the packet is not accepted, it is simply dropped.
Question 134: A mobile device user is comparing methods for securing the device. Which of the following methods for securing a mobile device can affect the device's performance? Remote backup applications Full device encryption Biometric authentication Locator applications
Explanation Full device encryption is an effective security method for mobile devices. However, it usually requires processing resources and will slow performance. Biometric authentication uses physical attributes such as a retinal, face, or fingerprint scan for authentication. Its drain on processing resources is minimal. A locator application can be used to find a lost or stolen device. Its drain on processing resources is minimal. Remote backup refers to applications that back up data on the mobile device. Usually, the backup data is stored in the cloud. While this can add a processing load, most backup applications will meter the processing so that it does not affect normal operations.
Question 50: Which of the following protocols provides authentication and encryption services for VPN traffic? IPsec TCP SSL L2TP
Explanation IPsec is a security implementation that provides security for all other TCP/IP based protocols. IPsec provides authentication through a protocol called IPsec Authentication Header (AH) and encryption services through a protocol called IPsec Encapsulating Security Payloads (ESP). The Transmission Control Protocol (TCP) is a transport layer connection-oriented protocol that provides data transmission services. It is not a secure protocol, and relies on other measures, such as IPsec, to provide security. The Secure Sockets Layer (SSL) is an application layer protocol that is designed to secure network traffic from certain other protocols, such as Hypertext Transfer Protocol (HTTP) and Post Office Protocol version 3 (POP3). It does not provide security for protocols lower in the TCP/IP protocol stack, such as TCP and UDP. The Layer 2 Tunneling Protocol (L2TP) is a protocol used to encapsulate Point-to-Point protocol (PPP) traffic.
Question 133: You have an executive user who keeps sensitive information about the company on a company-owned mobile device. You want to be prepared to keep company information secure if he loses this device or if it gets stolen. Which of the following solutions should you use? (Select TWO.) Mobile device management software that provides pop-up blocking. Mobile device management software that performs full device encryption. Mobile device management software that automatically detects network firewalls. Mobile device management software that performs remote wipes. Mobile device management software that allows automatic detection of unfamiliar networks.
Explanation If a mobile device with sensitive information gets lost, the best protection you can have is full encryption and the ability to remotely wipe the device's data storage.
Question 137: Bob calls and complains that he has suddenly started getting a lot of unwanted email. Which of the following is the BEST type of software to install to help solve Bob's problem? Anti-virus Anti-malware Anti-spam Anti-plagiarism
Explanation In computer terms, SPAM email (or junk email) is the unsolicited email users receive. One of the best ways to prevent receiving this type of email is to use anti-spam software. Anti-malware software helps protects a computer from software that is intentionally designed to cause harm or damage to your computer. Anti-virus software helps protect the infiltration and spread of malicious code that is designed to alter the way a computer operates. Anti-plagiarism software helps detect when someone has plagiarized someone else's material.
Question 166: A user on your network has been moved to another office down the hall. After the move, she calls you to complain that she has only occasional network access through her wireless connection. Which of the following is MOST likely the cause of the problem? An SSID mismatch between the client and the WAP. The client system has moved too far away from the access point. The client has incorrect WPA2 settings. An SSID mismatch between the client and the server. The encryption level has been erroneously set back to the default setting.
Explanation In this case, the wireless client system has had no problems accessing the wireless access point until the move to the new office. In some cases, moving a system will cause signal loss either from the increased distance away from the WAP or from unexpected interference by such things as concrete walls or steel doors. There are several ways to correct the problem, including reducing the physical distance to the client, using a wireless amplifier, upgrading the antennas on the wireless devices, or adding another WAP to the infrastructure. Because the client could previously access the WAP and still has occasional access, it is likely that the move was the cause of the problem, rather than any configuration setting on the client system.
Question 25 You manage a group of 20 Windows workstations that are currently configured as a workgroup. You have been thinking about switching to an Active Directory configuration. Which advantages would you gain by switching to Active Directory? (Select TWO.) Increased local control of workstation settings Centralized authentication Reduced need for specialized hardware Centralized configuration control Decreased implementation cost
Explanation Installing an Active Directory database provides several advantages: Improved scalability Centralized configuration control Reduced data backup complexity Centralized authentication Centrally applied security settings Active Directory also include some drawbacks: Increased cost Specialized hardware and software needed Increased planning time for implementation
Question 47: A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which of the following key steps should you take when implementing this configuration? (Select TWO. Each option is part of the complete solution.) Configure the VPN connection to use IPsec. Configure the browser to send HTTPS requests through the VPN connection. Configure the browser to send HTTPS requests directly to the Wi-Fi network without going through the VPN connection. Configure the VPN connection to use PPTP. Configure the VPN connection to use MS-CHAPv2.
Explanation It is generally considered acceptable to use a VPN connection to securely transfer data over an open Wi-Fi network. As long as strong tunneling ciphers and protocols are used, the VPN provides sufficient encryption to secure the connection even though the wireless network itself is not encrypted. It is recommended that you use IPsec or SSL to secure the VPN, as these protocols are relatively secure. You should also configure the browser's HTTPS requests to go through the VPN connection. To conserve VPN bandwidth and to improve latency, many VPN solutions automatically reroute web browsing traffic through the client's default network connection instead of through the VPN tunnel. This behavior would result in HTTP/HTTPS traffic being transmitted over the unsecure open wireless network instead of through the secure VPN tunnel. Avoid using PPTP with MS-CHAPv2 in a VPN over open wireless configuration, as these protocols are no longer considered secure.
Question 143: You are updating the operating system on your iPad. Your iPad is connected to your computer and you are using iTunes to install the update. Which of the following BEST describes what would happen to your iPad if you disconnect it before the operating system update is complete? Your iPad would revert to the previous version of the operating system, so you'd have to start the update again from the beginning to get the update. iTunes would pause the update process until you reconnect your iPad to your computer. If you disconnect during the update, the operating system could become corrupted. The update would continue wirelessly (if a wireless network is available).
Explanation It is very important that you not disconnect your iPad while the update is in progress. If you disconnect your iPad while the update is in progress, the operating system could become corrupted. The update will not pause if you disconnect; it will crash. It will not continue through a wireless connection. The iPad will not just revert to the previous version of the operating system.
Question 127: Which of the following are the BEST steps you can take to avoid having your mobile device exploited by a hacker or infected by a virus? (Select TWO). Keep your device in your possession. Avoid anti-virus apps. Keep the operating system up to date. Keep an up-to-date remote backup. Turn off location services. Lock the screen with some form of authentication.
Explanation Keeping the operating systems up to date with the latest updates and patches will help because they often contain fixes for known security issues. Configure the screen lock to require some sort of authentication to physically access your device. A remote backup is an essential disaster recovery solution, but will not prevent hacker exploitation or virus infection. Having your device always in your possession, it can still be hacked and infected by a virus if not protected. Anti-virus apps for Android devices will protect your device, but you should do some research to make sure you get the most effective one. Turning off locations services does not improve your device's security, and it would make it harder to find your device if you lose it.
Question 170: You are an IT technician for your company. Your boss has asked you to set up and configure a wireless network to service all of the conference rooms. Which of the following features lets you allow or reject client connections by hardware address? SSID DHCP WEP MAC address filtering
Explanation MAC address filtering allows or rejects client connections by hardware address. Wi-Fi Protected Access II (WPA2) provides encryption and user authentication for wireless networks. Wired Equivalent Privacy (WEP) also provides security, but WPA2 is considered more secure than WEP. The SSID is the network name or identifier.
Question 171: A technician is installing a new SOHO wireless router in a home office. The customer wants to secure the wireless network so only a smartphone, tablet, and laptop can connect. Which of the following router settings should the technician change? Disable SSID broadcast Enable MAC filtering Disable DHCP Enable port forwarding
Explanation MAC filtering can be used to limit connectivity to a list of MAC addresses. Disabling the SSID broadcast will increase security, but SSID can be easily captured using wireless analyzers and then used to connect to the wireless network. Disabling DHCP will require static IP addresses, but will not limit network connectivity. Enabling port forwarding allows the router to redirected on the internal network. It will not limit network connectivity.
Question 175: A technician receives notification from a SOHO router manufacturer of a specific vulnerability that allows attackers to exploit SNMP traps to take over the router. The technician verifies the settings outlined in the notification. Which of the following actions should the technician take NEXT? Disable DHCP. Enable MAC filtering. Enable content filtering. Check for and apply firmware updates.
Explanation Manufactures often accompany a vulnerability notification with firmware updates to address the vulnerability. These updates should be applied immediately. Parental controls or content filters restrict or block specific web traffic based on keywords, URLs, or the time of day, but do not address network hacker vulnerabilities. Disabling DHCP will require static IP addresses, but does nothing to address network hacker vulnerabilities. MAC filtering can be used to limit connectivity to a list of MAC addresses, but does nothing to address network hacker vulnerabilities.
Question 20: A user calls to report a problem. She is trying to install an application on her new Windows 10 system, but cannot. Her user account is a member of the Users group on the system. What do you suspect is causing the installation issue? The application is incompatible with Windows 10. She is not a member of the Power Users group. Her group membership does not allow her to install new software. Only apps from the Microsoft Store can be installed on a Windows 10 system.
Explanation Members of the Users group are not allowed to make system-wide changes to the system, such as installing new applications. Only users who are members of the Administrators group can install new applications. On modern versions of Windows, users who are members of Power Users are not allowed to install applications. In fact, the Power Users group is only included for backwards compatibility with older versions of Windows. Windows 10 can run traditional desktop applications as well as apps from the Microsoft Store.
Question 21: You need to create a user account on a Windows system that can create files, run applications, and install printers when the driver for the printer already exists on the computer. You want the user to have only the minimum rights necessary on the computer. Which group should this user be a member of? Remote Desktop Users Users Administrators Guests
Explanation Members of the Users group can use the computer, but they cannot perform system administration tasks. They also may not be able to run legacy applications. Members of the Users group can save files to their own directories and run installed applications. They cannot share directories or install printers if the driver is not yet installed. They also cannot view or modify system files. Making the user a member of the Administrators groups would give the user too many rights. Members of the Remote Desktop Users group are only allowed to access the system remotely using the Remote Desktop Client.
Question 132: Jose, a medical doctor, has a mobile device that contains sensitive patient information. He is concerned about unauthorized access to the data if the device is lost or stolen. Which of the following is the BEST option to prevent this from happening? Configure the device for multifactor authentication. Configure the device to wipe after a number of failed login attempts. Install a locator application on the device so that it can be traced. Configure the device to remote wipe as soon as it reported lost.
Explanation Mobile devices can be configured to be perform a factory reset or wipe when the device is reported lost or stolen. This is the BEST of the presented options. Configuring the device for multifactor authentication will make it harder to hack, but is not the best solution presented. Installing a locator application on the device makes it possible to trace, but is not the best solution presented. Configuring the device to wipe after a number of failed login attempts is a good solution, but not the best solution presented.
Question 26: A technician was tasked with implementing a solution that would allow the IT department to push OS updates to mobile devices in order to keep them updated and secure. Which of the following would provide that capability? Modifying the security profile on all devices. Installing an authenticator application. Using Mobile Device Management (MDM). Updating the firewall settings on the mobile device.
Explanation Mobile devices can be secured by using special Mobile Device Management (MDM) tools, which allow for remote management of multiple mobile devices. By using an MDM tool, an IT administrator can: · Push OS updates to devices. · Test configuration settings before deploying them. · Create and enforce mobile device security policies. · Remotely wipe mobile devices. The firewall, authenticator application, and security profile do not provide a way to push OS updates to a device.
Question 147: After entering a user id and password, an online banking user must enter a PIN that was sent as a text message to the user's mobile phone. Which of the following digital security methods is being used? Multifactor authentication Smart card DLP Firewall
Explanation Multifactor authentication is the process of authenticating a user by validating two or more claims presented by the user, each from a different category, such as a password and the possession of a mobile phone, or a password and a fingerprint. Data Loss Prevention (DLP) programs or devices monitors operations such as file transfers and email for user activities that could compromise data security. A smart card could be one authentication used in multifactor authentication, but it is not a password and does not validate the possession of a mobile phone. Firewalls are placed between the company network and the internet to filter network traffic at the IP level. They don't authenticate users.
Question 164: Which of the following locations will contribute the greatest amount of interference for a wireless access point? (Select TWO.) Near cordless phones Near DCHP servers Near backup generators Near exterior walls In the top floor of a two-story building
Explanation Other wireless transmitting devices (such as cordless phones or microwaves) and generators cause interference for wireless access points. In general, place access points high up to avoid the interference problems caused by going through building foundations. DHCP servers provide IP information for clients and do not cause interference.
Question 49: Which of the following protocols can your portable computer use to connect to your company's network via a virtual tunnel through the internet? (Select TWO). VNC PPTP PPPoE L2TP Remote Desktop Protocol (RDP)
Explanation PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer Two Tunneling Protocol) are two VPN (Virtual Private Networking) protocols that let you access your company's network through a public network, such as the internet. PPPoE is used for connecting to the internet through an Ethernet connection to include authentication and accounting. VNC and RDP are remote desktop protocols used for remote administration or remote device access.
Question 48: You want to use a protocol that can encapsulate other LAN protocols and carry the data securely over an IP network. Which of the following protocols is suitable for this task? PPP PPTP SLIP NetBEUI
Explanation PPTP is used with VPNs, which allow you to send data securely over a public network.
Question 174: A technician is installing a SOHO router at an after-school community center. The customer would like to keep children from accessing inappropriate while browsing the web. Which of the following actions would help accomplish this goal? Disable DHCP Update firmware Enable content filtering Disable SSID broadcast
Explanation Parental controls or content filters restrict or block specific web traffic based on keywords, URLs, or the time of day. Disabling the SSID broadcast would increase security, but does nothing to restrict web browsing results. Disabling DHCP would require static IP addresses, but does nothing to restrict web browsing results. Updating firmware may improve security by fixing vulnerabilities, but does nothing to restrict web browsing results.
Question 39: Which of the following is the most common form of authentication? Username and password Fingerprint Digital certificate on a smart card Photo ID
Explanation Passwords are the most common form of authentication. Most secure systems require only a username and password to provide users with access to the computing environment. Many forms of online intrusion attacks focus on stealing passwords. This makes using strong passwords very important. Without a strong password policy and properly trained users, the reliability of your security system is greatly diminished. Photo ID, fingerprint, and digital certificate on a smart card are not the most common forms of authentication.
Question 23: A small business hires an after-hours cleaning service that is known to have a high turnover of employees. They want to prevent unauthorized access to their computers, but do not want to spend money on new hardware. Which of the following is the BEST solution? Require strong passwords. Restrict user permissions. Set login time restrictions. Change the default account names and passwords.
Explanation Setting login time restrictions will allow logins during normal business hours. Restricting user permissions will do nothing to protect from unauthorized users. Requiring strong passwords with make it harder for unauthorized users to gain access, but is not the best solution in this scenario. Changing the default account names and passwords will make the computers more secure, but is not the best solution in this scenario.
Question 140: After Joe, a user, installs a new game app on his mobile phone, downloads and webpage loads become slower than usual. Which of the following actions would BEST address this issue? Reset to factory defaults. Force stop the new app. Uninstall the new app and scan for malware. Close the new app.
Explanation Slow data speeds can be an indication of malware, especially if the malware is consuming bandwidth to propagate. The best action is to uninstall the new app and use anti-malware apps and app scanners to inspect for malware. Force stopping the new app will help, but not all apps will respond to a force stop, especially if they are malware. This is not the best action in this scenario. Reset to factory defaults will uninstall all apps and remove data. This should be done as a last resort. A closed app may still run in the background. This is not the best action in this scenario.
Question 129: A user is choosing a method to secure a mobile device. Which of the following types of screen locks is LEAST secure? Fingerprint lock Face lock Swipe lock Passcode lock
Explanation Swipe lock is the least secure of the choices presented. It is relatively easy to duplicate the swipe pattern, even as far as six feet away. Face lock uses facial recognition that will become even more sophisticated in the future. Passcode lock is the most common lock method and is more effective when letters are mixed with digits. Fingerprint lock is the most secure of the choices presented.
Question 13: Match the Active Directory definition on the left with its corresponding term on the right. (Some definitions do not have an associated term on the right.) Domain Controller A server that holds a copy of the Active Directory database that can be written to. Site Represents a group of networks that are connected with high-speed links. Subnet Represents a physical network segment. Forest Root Domain The first domain created in an Active Directory forest. Tree Root Domain The highest-level domain in a tree.
Explanation The Active Directory structure contains the following components: · A tree is a group of related domains that share the same contiguous DNS namespace. · A forest is a collection of related domain trees. · A domain is an administratively-defined collection of network resources that share a common directory database and security policies. · An organizational unit is like a folder that subdivides and organizes network resources within a domain. · An object is a network resource as identified within Active Directory.
Question 12: Match each Active Directory term on the left with its corresponding definition on the right. Logical organization of resources Organizational unit Collection of network resources Domain Collection of related domain trees Forest Network resource in the directory Object Group of related domains Tree
Explanation The Active Directory structure includes the following components: · A tree is a group of related domains that share the same contiguous DNS namespace. · A forest is a collection of related domain trees. · A domain is an administratively-defined collection of network resources that share security policies and a common directory database. · An organizational unit is like a folder; it subdivides and organizes network resources within a domain. · An object is a network resource as identified within Active Directory.
Question 40: Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following are the BEST solutions for securing Joe's workstation? (Select TWO). Apply multifactor authentication. Set a strong password. Change the default account names and passwords. Configure the screen lock to be applied after short period of nonuse. Configure the screen saver to require a password.
Explanation The BEST solution is to configure the screen saver or screen lock to be applied after a short period of nonuse and to require a password to return to the desktop. Setting a strong password is a best practice, but is not the best solution in this scenario. Applying multifactor authentication will make it harder to hack the workstation, but is not the best solution in this scenario. Change the default account names and passwords will make the workstation more secure, but is not the best solution in this scenario.
Question 19: A new computer has been added to the Sales department and needs to be joined to the CorpNet domain. Which of the following System Properties settings MUST be used to make the change? System Properties > Advanced System Properties > System Protection System Properties > Remote System Properties > Computer Name
Explanation The Computer Name tab lets you view, change, or join a computer to a domain. The System Protection tab lets you configure and create system restore points. The Advanced tab lets you configure settings such as Performance, User Profiles, and Startup and Recovery. The Remove tab lets you configure Remote Assistance and Remote Desktop settings.
Question 15: You manage a large number of workstations that belong to a Windows domain. You want to prevent anyone that might try to gain access to a computer from guessing login information by trying multiple passwords. Which default GPO contains a policy you can enable to guard all computers in the domain against this security breach? Domain Security Policy Group Domain Policy Group Security Policy Default Domain Policy
Explanation The Default Domain Policy GPO contains a policy you can enable for all computers in a domain that prevents anyone from trying multiple passwords to see if they can guess login information. Group Domain Policy, Group Security Policy, and Domain Security Policy are not default GPOs in Active Directory.
Question 14: The Hide Programs option setting is configured for a specific user as follows: Policy Setting Local Group Policy Enabled Default Domain Policy GPO Not configured GPO linked to the user's organizational unit Disabled After logging in, the user is able to see the Programs option. Why does this happen? The GPO linked to the user's organizational unit is applied last, so this setting takes precedence. The Default Domain GPO is applied last. It is set to Not configured, so it doesn't change the configuration. The GPO linked to the user's organizational unit is applied first, so this setting takes precedence over settings that are applied later. The Local Group Policy is applied last. It is set to Enabled, which makes the Programs option visible.
Explanation The GPO linked to the user's organizational unit is applied last, so the setting that disables the policy to the hide the Programs and Features page takes precedence. In this question's scenario, Local Group Policy enables the policy to hide the Programs and Features page. When the Default Domain Policy GPO is applied, this policy is set to Not configured, so it doesn't change anything. When the GPO linked to the user's organizational unit is applied, the setting for this policy is disabled, which reverses the setting in the Local Group Policy and makes the Programs and Features page visible to the user. The Local Group Policy is applied first. GPOs linked to the user's domain are applied second and take precedence over settings in the Local Group Policy. GPOs linked to the user's organizational unit are applied last and take precedence over any preceding policy settings.
Question 17: You are managing a workstation that is not part of a Windows domain. Users on this computer should not be permitted to download applications from the Windows Store. Which administration tool can you use to enable a policy that turns off the Store application for all users on this computer? Local Group Policy Editor Windows Firewall Control Panel Programs Settings
Explanation The Local Group Policy Editor is the administration tool used to enable local computer behavior policies and the tasks users are allowed to perform. Therefore, the policy that turns off the Store application for all users on this computer would is found under computer configuration settings. Under Programs, you can uninstall, change, or repair applications that are already installed. Control Panel can be used to access many administration tools, but none that are used to edit group policies. Windows Firewall can be used to deny or allow network traffic access to the computer, but not to enable group policies. The Settings app does not provide group policy administration tools.
Question 28: You've just received an email message that indicates a new serious malicious code threat is spreading across the internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent the code from spreading further. Based on the email message, which of the following are the next BEST actions to complete? (Select TWO). Reboot the system. Verify the information on well-known malicious code threat management web sites. Perform a complete system backup. Delete the indicated files if present. Distribute the message to everyone in your address book. Run a full anti-malware scan.
Explanation The best first step to take after receiving an e-mail message about a new malicious code threat is to verify the information it contains. You can easily verify information by visiting two or more well-known malicious threat management websites. These sites can be your anti-malware vendor or a well-known and well-regarded internet security watch group. All too often, messages of this type are hoaxes. It is important not to fall prey to email hoaxes or spread them to others. If you are still concerned, you could run a full anti-malware scan on your system. Your first step should not be to follow any directions included in the e-mail, especially deleting files. You should never forward email warnings until you have firmly established the authenticity and validity of such information. Making a full backup is often a good idea, but it is not necessary in this instance.
Question 168: A technician is installing a new SOHO wireless router. Which of the following is the FIRST thing the technician should do to secure the router? Change the router's default password Adjust the radio power levels Disable SSID broadcast Press the WPS button
Explanation The first security configuration on the router should be to change the router's default password. Disabling the SSID broadcast may be desirable for added security, but it is not the first action you should take. Adjusting the radio power levels will limit the broadcast area and may be desirable for added security, but it is not the first action you should take. Pressing the WPS button temporarily broadcasts the SSID and passphrase, which would degrade security.
Question 136: Your iPad is configured to do remote backups everyday to iCloud. Which conditions are required for the iCloud backup to take place? (Select THREE.) The iPad has to be connected to your computer and logged into iTunes. The iPad has to be plugged into a power source. The iPad screen has to be unlocked with a password. The iPad screen has to be locked. The iPad has to have an internet connection. The iCloud Backup app has to be running.
Explanation The iCloud backup will happen everyday, as long as your iPad is plugged in and connected to the internet and its screen is locked.
Question 162: What is the least secure place to locate an omnidirectional access point when creating a wireless network? Above the third floor Near a window In common or community work areas In the center of the building
Explanation The least secure location for an omnidirectional wireless access point is against a perimeter wall. So, placement near a window would be the worst option from this list of selections. For the best security, omnidirectional wireless access points should be located in the center of the building. This will reduce the likelihood that the wireless network's access radius will extend outside of the physical borders of your environment. It is important to place wireless access points where they are needed, such as in a common or community work area.
Question 10: You have 5 salespersons who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the BEST protection to implement to address your concerns? Encrypt all company data on the hard drives. Use cable locks to chain the laptops to the desks. Require strong passwords in the local security policy. Implement screen saver passwords.
Explanation The main concern in this case is with laptops being stolen. The best protection against physical theft is to secure the laptops in place using a cable lock. Requiring strong passwords or using encryption might prevent unauthorized users from accessing data on the laptops, but does not prevent physical theft.
Question 135: What is the surest way to prevent the loss of important information on your mobile device if it is lost, stolen, destroyed, or there is a natural disaster? Configure your device to back up important data to your personal computer. Don't put important information on your mobile device. Only use apps, such as email apps, that store data on the app provider's servers. Configure your device to remotely back up important data to the Cloud.
Explanation The surest way to prevent the loss of important information on your mobile device is to configure your device to remotely back up important data to the Cloud. Backing up data to your personal computer is not a bad idea, but if there is a natural disaster your data is safer in the Cloud than it is on a single machine that could be damaged in the same disaster that affects your mobile device. Not putting important information on your mobile device is a practical impossibility, as is only using apps that store data (like messages in gmail) on the app provider's servers.
Question 11: A technician assists Joe, an employee in the sales department who needs access to the client database, by granting him administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated? Entry control roster Strong password policy Principle of least privilege Multifactor authenticationoq
Explanation The technician violated the principle of least privilege, the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Strong passwords are recommended to prevent unauthorized access, but in this scenario, the database is not password-protected. Multifactor authentication is the process of authenticating a user by validating two or more claims presented by the user, each from a different category, such as a password and the possession of a mobile phone, or a password and a fingerprint. Security personnel can grant access to a physical area using the entry control roster. A database is not normally protected by physical security.
Question 22: You want to create a new user account on a Windows system that can create and edit private files, start and stop the system, install applications, and add new device drivers. Which group should this user be a member of? Power Users Administrators Users Guests
Explanation The user should be a member of the Administrators group. No other group can add new device drivers or install new applications.
Question 151: You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to BEST prevent extracting data from the discs? Shredding Degaussing Write junk data over the discs 7 times Delete the data on the discs
Explanation To completely prevent reading data from discs, destroy them using a DVD shredder or crushing. Degaussing only works for magnetic media such as floppy and hard disk drives. Simply deleting data offers little protection. Overwriting the data multiple times is not efficient in this scenario as the discs can simply be destroyed.
Question 160: You have just installed a wireless access point (WAP) for your organization's network. You know that the radio signals used by the WAP extend beyond your organization's building and are concerned that unauthorized users outside may be able to access your internal network. Which of the following steps will BEST protect the wireless network? (Select TWO. Each option is a complete solution.) Install a radio signal jammer at the perimeter of your organization's property. Disable the spread-spectrum radio signal feature on the WAP. Disable SSID broadcast on the WAP. Configure the WAP to filter out unauthorized MAC addresses. Use the WAP's configuration utility to reduce the radio signal strength. Implement a WAP with a shorter range.
Explanation To increase the security of the wireless network, you can use the WAP's configuration utility to reduce the radio signal strength. This will reduce or even eliminate signal emanation outside of your building. You can also configure the WAP to filter out unauthorized MAC addresses. Enabling MAC address filtering denies access to unauthorized systems.
Question 159: You've just finished installing a wireless access point for a client. Which action best protects the access point from unauthorized tampering with its configuration settings? Changing the default administrative password Disabling SSID broadcast Disabling DHCP Implementing MAC address filtering
Explanation To prevent administrative access to the access point, change the default administrator password. If you do not change the password, users can search the internet for the default password and use it to gain access to the access point and make configuration changes. Disabling SSID broadcast, disabling DHCP, and using MAC address filtering helps prevent unauthorized access to the wireless network.
Question 131: You use productivity apps on your iPad tablet device while traveling between client sites. You're concerned that you may lose your iPad while on the road and want to protect the data stored on it from being compromised. Currently, your iPad uses a 4-digit PIN number for a passcode. You want to use a more complex alpha-numeric passcode. You also want all data on the device to be erased if the wrong passcode is entered more than 10 consecutive times. What should you do? (Select TWO. Each option is part of the complete solution.) Enable the Wipe Drive option. Enable the Restrictions option. Enable the Erase Data option. Enable the Require Passcode option. Enable the Complex Passcode option. Disable the Simple Passcode option.
Explanation To use a complex alpha-numeric passcode, you must disable the Simple Passcode option under Settings > General. To cause all data on the device to be erased if the wrong passcode is entered more than 10 consecutive times, you must enable the Erase Data option located in the same screen. The Require Passcode option is enabled automatically regardless of what type of passcode you have configured. The Restrictions option is used to restrict access to specific apps. There is no Complex Passcode or Wipe Drive option on an iPad.
Question 27: You have a computer that runs Windows 10. Where would you go to verify that the system has recognized the anti-malware software installed on the system? Windows Firewall Network and Sharing Center Security and Maintenance System
Explanation Use Security and Maintenance in Control Panel to check the current security status of your computer. Security and Maintenance displays whether you have anti-malware, firewall, and automatic updates configured. Use the firewall to open and close firewall ports. Use System to perform tasks such as viewing system information and enabling Remote Desktop. Use the Network and Sharing Center to view the status of your network connections.
Question 149: You want to be able to monitor and filter VM-to-VM traffic within a virtual network. What should you do? Route VM-to-VM traffic through a physical firewall and back to the virtual network. Define VLAN memberships on each VM. Implement a virtual firewall within the hypervisor. Create a virtual router with VRF technology.
Explanation Virtualized hosts are susceptible to the same network exploits as physical network hosts and need to be protected by a firewall. By implementing a virtual firewall within the hypervisor itself, you can monitor and filter traffic on the virtual network as it flows between virtual machines. While routing VM-to-VM traffic through a physical firewall would work, it is very inefficient. A virtual router with VRF is used to create multiple networks from a single router interface. Configuring VLAN membership would not allow you to monitor and filter traffic.
Question 139: Maria, a smartphone user, has recently installed a new app. She now experiences a weak signal and sometimes a complete signal loss at locations where she had a good cell signal in the past. Her phone battery is fully charged. Which of the following actions would BEST address this issue? Reset to factory defaults. Use a cell tower analyzer to determine normal signal strength. Uninstall the new app and scan for malware. Force stop the new app.
Explanation Weak or lost cell signals can be an indication of malware, especially if the location's signal has been good in the past. The best action is to uninstall the new app and use anti-malware apps and app scanners to inspect for malware. Force stopping the new app will help, but not all apps will respond to a force stop, especially if they are malware. This is not the best action in this scenario. Reset to factory defaults will uninstall all apps and remove data. This should be done as a last resort. A cell tower analyzer will confirm the strength of the cell signal, but will not explain the weak or lost cell signal. This is not the best action in this scenario.
Question 24: A home office user employs a technician to secure a Windows computer. To secure the local accounts, which of the following actions should the technician perform? (Select TWO). Move all accounts in the Administrators group to the Users group. Rename the Administrator account. Remove the Power Users group. Move all accounts in the Guests group to the Users group. Disable the Guest Account.
Explanation When securing a Windows computer that is in a home office and not part of a domain, a best practice is to rename the Administrator account and disable the Guest account. Beginning with Windows Vista, the Power Users group is only present for backwards compatibility with previous versions. It has no bearing on the security of a Windows computer. Moving all accounts in the Administrators group to the Users group will eliminate the ability of the accounts to perform administrative functions. Moving all accounts in the Guests group to the Users group may not change the effective security of the accounts, but the profiles for these accounts will not be deleted when the users sign out.
Question 45: Which of the following networking devices or services is LEAST likely to be compatible with VPN connections? NAT Firewall Switch Router
Explanation When using a VPN through a NAT device, check your NAT solution to make sure that the router can support VPN connections. Not all VPN solutions are compatible with NAT.
Question 30: Employees complain to the company IT division that they are spending considerable time and effort discarding unwanted junk email. Which of the following should be implemented? Email filtering Firewall Multifactor authentication Antivirus
Explanation While email filtering can be implemented by each user, it can also be enabled in incoming mail services to reduce spam and other unwanted email by blocking email based on the sender address or by content. Antivirus software can protect computers from viruses found in emails, but is not used to filter email content. Firewalls are placed between the company network and the internet to filter network traffic at the IP level. Normally, they do not filter email based on content. Multifactor authentication combines a strong password with at least one other form of authentication before granting access. It does not filter email.
Question 156: Which of the following measures will make your wireless network less visible to the casual attacker? Disable SSID broadcast Use a form of authentication other than Open authentication Implement WPA2 Personal Implement MAC address filtering Change the default SSID
Explanation Wireless access points are transceivers which transmit and receive radio signals on a wireless network. Each access point has a service set ID (SSID) which identifies the wireless network. By default, access points broadcast the SSID to announce their presence and make it easy for clients to find and connect to the wireless network. You can turn off the SSID broadcast to keep a wireless 802.11 network from being automatically discovered. When SSID broadcasting is turned off, users must know the SSID to connect to the wireless network. This helps to prevent casual attackers from connecting to the network, but any serious hacker with the right tools can still connect to the wireless network. Using authentication with WPA2 helps prevent attackers from connecting to your wireless network, but does not hide the network. Changing the default SSID to a different value does not disable the SSID broadcast. Implementing MAC address filtering prevents unauthorized hosts from connecting to your WAP, but it doesn't disable the SSID broadcast.
Question 46: Your organization employs a group of traveling salespeople who need to access the corporate home network through the internet while they are on the road. You want to funnel remote access to the internal network through a single server. Which of the following solutions would be BEST to implement? VPN concentrator Site-to-site VPN DMZ Host-to-host VPN
Explanation With a remote access VPN, a server on the edge of a network (called a VPN concentrator) is configured to accept VPN connections from individual hosts. Hosts that are allowed to connect using the VPN connection are granted access to resources on the VPN server or the private network. A demilitarized zone (DMZ), also called a screened subnet, is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the internet). With a host-to-host VPN, two hosts establish a secure channel and communicate directly with each other. With a site-to-site VPN, the routers on the edge of each site establish a VPN connection with the router at the other location.
Question 2: While reviewing video files from your organization's security cameras, you notice a suspicious person using piggy-backing to gain access to your building. The individual in question did not have a security badge. Which of the following would you MOST likely implement to keep this from happening in the future? Cable locks Lo-jack recovery service Door locks with card readers Mantraps
Explanation You could implement mantraps at each entrance to the facility. A mantrap is a specialized entrance with two doors that creates a security buffer zone between two areas. Once a person enters into the space between the doors, both doors are locked. To enter the facility, authentication must be provided. If authentication is not provided, the intruder is kept in the mantrap until authorities arrive. Cable locks are used to secure computer hardware. Lo-jack recovery services are used to locate stolen or misplaced computer hardware. Door locks with card readers were already circumvented in this scenario using the piggy-backing technique.
Question 172: You want to be able to access your home computer using Remote Desktop while traveling. You enable Remote Desktop, but you find that you cannot access your computer outside of your home network. Which of the following is the BEST solution to your problem? Open the Telnet and SSH ports in your firewall. Move your home computer outside of the firewall. Configure a VPN connection to your computer. Open the firewall port for the Remote Desktop protocol.
Explanation You need to open the firewall port for the Remote Desktop program. Firewalls prevent all traffic except authorized traffic. To allow a specific program, open the port that corresponds to the port used by that application. Placing your computer outside of the firewall leaves it open to attack. A VPN encrypts communications between two computers through the internet. However, the VPN will not allow a Remote Desktop connection. The Telnet and SSH ports do not apply to this scenario.
Question 169: Your organization is frequently visited by sales reps. While on-site, they frequently plug their notebook systems into any available wall jack, hoping to get internet connectivity. You are concerned that allowing them to do this could result in the spread of malware throughout your network. Which of the following would BEST protect you from guest malware infection? (Select TWO). Implement private IP addressing with a Network Address Translation (NAT) router facing the internet. Enable port analysis on your network switch. Implement MAC address filtering. Implement SNMP traps on your network switch. Implement static IP addressing.
Explanation You should consider enabling MAC address filtering. MAC filtering is configured on your network switches and is used to restrict network access to only systems with specific MAC addresses. You could also consider assigning static IP addresses to your network hosts. By not using DHCP, visitor laptops connected to a wired Ethernet jack won't receive a valid IP address and won't be able to communicate with other hosts on your network. Implementing SNMP traps, port analysis, or a NAT router will not prevent visitors from connecting to your network.
Question 16: A user has complained about not being able to remove a program that is no longer needed on a computer. The Programs option is not available in Control Panel. You suspect that a policy is enabled that hides this option from the user. But after opening the Local Group Policy Editor, you see that the policy to hide Programs is not configured. You know that other users in this domain can access the Programs option. To determine whether the policy is enabled, where should you look next? GPOs linked to the domain that contains this user.s object. The Default Domain Policy GPO. The Local Group Policy. GPOs linked to organizational units that contain this user's object.
Explanation You should look at GPOs linked to organizational units that contain this user's object to see where the Hide Programs and Features Page policy might be enabled. If the policy was enabled in a GPO linked to the domain, it would be applied to all users in the domain. The next level GPOs are applied from is GPOs linked to organizational units that contain the user's object.
Question 163: A small business named BigBikes, Inc. has hired you to evaluate their wireless network security practices. As you analyze their facility, you note the following: · They use an 802.11a wireless network. · The wireless network SSID is set to BWLAN. · The wireless network is not broadcasting the network SSID. · The wireless network uses WPA2 with AES security. · Omnidirectional access points are positioned around the periphery of the building. Which of the following would you MOST likely recommend your client do to increase their wireless network security? Upgrade to an 802.11g wireless network. Configure the wireless network to use WEP security. Change the SSID to something similar to BigBikeInc. Implement directional access points. Enable SSID broadcast.
Explanation You should recommend that they implement directional access points along the periphery of the building. Using omnidirectional APs in these locations can cause the wireless network radio signal to emanate outside the building, making it readily available to malicious individuals. Enabling SSID broadcasts and using an SSID that is easily identifiable reduces the security of the wireless network, as would switching to WEP security. Switching to an 802.11g network offers no speed or security benefits and would require retrofitting all wireless equipment in the organization.
Question 157: A small business named Widgets, Inc. has hired you to evaluate their wireless network security practices. As you analyze their facility, you note the following using a wireless network locator device: · They use an 802.11n wireless network. · The wireless network is broadcasting the SID Linksys. · The wireless network uses WPA2 with AES security. · Directional access points are positioned around the periphery of the building. Which of the following would you MOST likely recommend your client do to increase their wireless network security? (Select TWO). Change the SSID to something other than the default. Implement omnidirectional access points. Disable SSID broadcast. Configure the wireless network to use WPA with TKIP security. Upgrade to an 802.11g wireless network.
Explanation You should recommend the following: · Disable SSID broadcast. This makes the network harder (but not impossible) to locate. · Change the SSID to something other than the default. This obscures what type of AP is in use. Using WPA instead of WPA2 would decrease the security of the wireless network, as would implementing omnidirectional APs. Switching to an 802.11g network would dramatically reduce the speed of the network without providing any security enhancements.
Question 5: You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. Network jacks are provided in the reception area such that employees and vendors can access the company network for work-related purposes. Users within the secured work area have been trained to lock their workstations if they will be leaving them for any period of time. Which of the following recommendations are you MOST likely to make to this organization to increase their security? (Select TWO). Require users to use screensaver passwords Move the receptionist's desk into the secured area. Disable the network jacks in the reception area. Train the receptionist to keep her iPad in a locked drawer when not in use. Replace the biometric locks with smart cards.
Explanation You should recommend the following: · Disable the network jacks in the reception area. Having these jacks in an unsecured area allows anyone who comes into the building to connect to the company's network. · Train the receptionist to keep her iPad in a locked drawer when not in use. Tablet devices are small and easily stolen if left unattended. The receptionist's desk should remain where it is currently located because it allows her to visually verify each employee as they access the secured area. Biometric locks are generally considered more secure than smart cards because cards can be easily stolen. Training users to lock their workstations is more secure than screensaver passwords, although this may be a good idea as a safeguard in case a user forgets.