TestOut Security Pro Chapter 8-11
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
Bluejacking
Which device deployment model gives businesses significant control over device security while allowing employees to use their devices to access both corporate and personal data?
COPE
You've just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from using the access point (AP) configuration utility?
Change the administrative password on the AP.
You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.)
Check the MAC addresses of devices connected to your wired switch. Conduct a site survey.
Which of the following provides the network virtualization solution called XenServer?
Citrix
What is the on-premises, cloud-based software tool that sits between an organization and a cloud service provider called?
Cloud-access security broker
Which EAP implementation is MOST secure?
EAP-TLS
Which type of interference is caused by motors, heavy machinery, and fluorescent lights?
EMI
Which of the following mobile device management (MDM) solutions is hardware-agnostic and supports many different brands of mobile devices?
EMM
Which of the following are advantages of virtualization? (Select two.)
Easy migration of systems to different hardware Centralized administration
Which Amazon device can be used to control smart devices (such as lights) throughout a home using voice commands?
Echo
Which of the following DLP implementations can be used to monitor and control access to physical devices on workstations or servers?
Endpoint DLP
Which of the following is an exploit in which malware allows the virtual OS to interact directly with the hypervisor?
Escape
Which class of wireless access point (WAP) has everything necessary to manage clients and broadcast a network already built into its functionality?
Fat
DLP can be used to identify sensitive files in a file system and then embed the organization's security policy within the file. Which of the following DLP implementations travels with sensitive data files when they are moved or copied?
File-level DLP
Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sub-layer for security?
HTTPS
Which type of attack is WEP extremely vulnerable to?
IV attack
Which DLP method works by replacing sensitive data with realistic fictional data?
Masking
Which of the following is an advantage of a virtual browser?
Protects the host operating system from malicious downloads
Which of the following do Raspberry Pi systems make use of?
SoC
Network engineers have the option of using software to configure and control the network rather than relying on individual static configuration files that are located on each network device. Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network?
Software-defined networking (SDN)
Which APIs do individual networking devices use to communicate with the control plane from the Physical layer?
Southbound
Which type of hypervisor runs as an application on the host machine?
Type 2
You need to implement a solution to manage multiple access points in your organization. Which of the following would you most likely use?
WLC
IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)
ESP AH
As a network administrator, you are asked to recommend a secure method for transferring data between hosts on a network. Which of the following protocols would you recommend? (Select two.)
SFTP SCP
You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?
On a RADIUS server
Which of the following BEST describes the Platform as a Service (PaaS) cloud computing service model?
PaaS delivers everything a developer needs to build an application on the cloud infrastructure.
You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. Which type of wireless antenna should you use on each side of the link? (Select two.)
Parabolic High-gain
Which of the following is a network security service that filters malware from user-side internet connections using different techniques?
Secure web gateway
10.2.3
10.2.3
9.7.7
9.7.7
9.8.7
9.8.7
9.9.6
9.9.6
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on their personal tablets. The chief information officer worries that one of these users might also use their tablet to steal sensitive information from the organization's network. Your job is to implement a solution that prevents insiders from accessing sensitive information stored on the organization's network from their personal devices while still giving them access to the internet. Which of the following should you implement?
A guest wireless network that is isolated from your organization's production network
Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands. The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen. Which of the following should you implement?
A mobile device management (MDM) infrastructure
Which of the following could be an example of a malicious insider attack?
A user uses the built-in microphone to record conversations.
10.1.5 Allow SSL Connections You are the IT security administrator for a small corporate network. You currently run a website on the CorpWeb server. You want to allow SSL connections to this website. In this lab, your task is to add a binding to the CorpNet website using the following settings: Website: www.corpnet.xyz Protocol: HTTPS Port: 443 SSL certificate: www.corpnet.xyz
10.1.5 Complete this lab as follows: Open the IIS Manager to the CorpNet.xyz site. From the Server Manager's menu bar, select Tools > Internet Information Services (IIS) Manager. Expand CorpWeb(CorpNet.com\Administrator) > Sites. Select CorpNet.xyz. Add a binding to the CorpNet website. From the Actions pane (far right), select Bindings. Select Add. Using the Type drop-down menu, select HTTPS. Make sure the port is set to 443. Using the SSL certificate drop-down menu, select www.CorpNet.xyz and then select OK. Select Close.
What is the minimum number of users needed in a Windows Enterprise agreement for Intune to be included?
500
8.1.6
8.1.6
8.2.7
8.2.7
Which of the following is a policy that defines appropriate and inappropriate usage of company resources, assets, and communications?
Acceptable use policy (AUP)
Which type of RFID tag can send a signal over a long distance?
Active
Which of the following is the first phase of the Microsoft Intune application life cycle?
Add
What is the primary function of the IKE Protocol used with IPsec?
Create a security association between communicating partners.
Which of the following best describes an evil twin?
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.
Which of the following defines an acceptable use agreement?
An agreement that identifies employees' rights to use company property, such as internet access and computer equipment, for personal use.
Which of the following app deployment and update methods can be configured to make available to specific users and groups only the apps that they have rights to access?
App catalog
Your organization recently purchased 20 Android tablets for use by the organization's management team. To increase the security of these devices, you want to ensure that only specific apps can be installed. Which of the following would you implement?
App whitelisting
Which SDN layer would a load balancer that stops and starts VMs as resource use increases reside on?
Application
Which type of firewall operates at Layer 7 of the OSI model?
Application layer
Which of the following is an open-source hardware and software company that designs and manufactures single-board microcontrollers as well as kits to build digital devices?
Arduino
A group of small local businesses have joined together to share access to a cloud-based payment system. Which type of cloud is MOST likely being implemented?
Community
Which of the following can provide the most specific protection and monitoring capabilities?
Cloud-access security broker
Which of the following Intune portals is used by end users to manage their own account and enroll devices?
Company portal
9.8.7 You are a network technician for a small corporate network. You need to enable BYOD Guest Access Services on your network for guests and employees that have mobile phones, tablets, and personal computers. In this lab, your task is to perform the following: Access the Wireless Controller console through Google Chrome on http://192.168.0.6. Username: admin (case sensitive) password: password Set up Guest Access Services using the following parameters: Name: Guest_BYOD Authentication: Use guest pass authentication The guest should be presented with your terms of use statement and then allowed to go to the URL he or she was trying to access. Verify that 192.168.0.0/16 is on the list of restricted subnets. Create a guest WLAN using the following parameters: Network name: Guest ESSID: Guest_BYOD Type: Guest Access Authentication: Open Encryption Method: None Guest Access Service: Guest_BYOD Isolate guest wireless clients from other clients on the access point. Open a new Google Chrome window and request a guest pass using the BYODAdmin user as follows: URL: 192.168.0.6/guestpass Username: BYODAdmin (case sensitive) Password: P@ssw0rd (0 is a zero) Use any full name in the Full Name field. Make a note of or copy and paste the key in the Key field. Use the key from the guest pass request to authenticate to the wireless LAN Guest_BYOD from the Gst-Lap laptop computer in the Lobby.
Complete this lab as follows: Access and log into the Ruckus ZoneDirector. From the taskbar, select Google Chrome. In the URL field, enter 192.168.0.6 and then press Enter. Maximize the window for easier viewing. In the Admin field, enter admin (case sensitive). In the Password field, enter password as the password. Select Login. Set up Guest Access Services. Select the Configure tab. From the left menu, select Guest Access. Under Guest Access Service, select Create New. Change the Name field to Guest_BYOD. For Terms of Use, select Show terms of use. Expand Restricted Subnet Access. Verify that 192.168.0.0/16 is listed. Select OK. Create a Guest WLAN. From the left menu, select WLANs. Under WLANs, select Create New. Change the Name to Guest. Change the ESSID to Guest_BYOD. Under Type, select Guest Access. For Wireless Client Isolation, select Isolate wireless client traffic from other clients on the same AP. Select OK. Close Google Chrome. Request a Guest password. Open a new Google Chrome browser window. In the URL field, enter 192.168.0.6/guestpass and then press Enter. Maximize the window for easier viewing. In the Username field, enter BYODAdmin (case sensitive). Enter P@ssw0rd as the password (0 is a zero). Select Log In. In the Full Name field, enter any full name. In the Key field, highlight the key and press Ctrl + C to copy the key. Select Next. Access the wireless Guest Access Service from the guest laptop in the lobby. From the top menu, select Floor 1. Select Gst-Lap in the lobby. In the notification area, select the Network icon. Select Guest_BYOD. Select Connect. Select Yes. After Internet Explorer opens to the Guest Access login page, paste the key from the Key field. Select Log In.
9.8.4 9.8.4 Secure an iPad You work as the IT security administrator for a small corporate network. The receptionist uses an iPad to manage employees' schedules and messages. You need to help her secure the iPad because it contains all of the employees' personal information. In this lab, your task is to: View the current iOS version and then answer the applicable question. Apply the latest software update and then answer the applicable question. Configure Auto-Lock with a five-minute delay. Configure Passcode Lock using a passcode of C@sp3r Require the passcode after five minutes. Configure Data Erase to wipe all data after 10 failed passcode attempts. Require unknown networks to be added manually. Turn off Bluetooth.
Complete this lab as follows: Verify the current version of iOS installed on your iPad. Select Settings. From the Settings pane, select General. From the General pane, select About. In the top right, select Answer Questions. Answer Question 1. 11.4 Leave the question dialog open. Apply the latest software update. From the About pane's heading, select General. This returns you to the General settings. From the General pane, select Software Update. Select Download and Install. Select Agree. Select OK. The software is downloaded. Select Install. The installation automatically starts after 10 seconds. Slide the arrow to the right to unlock the iPad. Answer Question 2 11.4.1 and then minimize the question dialog. Configure Auto-Lock. From the Settings pane, select Display & Brightness. From the right pane, select Auto-Lock and then select 5 minutes. Configure Complex Passcode Lock and Data Erase. From the left menu, select Touch ID & Passcode. From the right pane, select Turn Passcode On. Enter the new passcode of C@sp3r Select Next. Re-enter C@sp3r. Select Done. Scroll down and then slide Erase Data to ON. Select Enable. Select Require Passcode. Select After 5 minutes. Require unknown networks to be manually added. From the left menu, select Wi-Fi. Slide Ask to Join Networks to OFF. Turn off Bluetooth as follows: From the left pane, select Bluetooth. Slide Bluetooth to OFF. In the top right, select Answer Questions. Select Score Lab.
You are replacing a wired business network with an 802.11g wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network has multiple wireless access points, and you want to use WPA2 on the network. What should you do to configure the wireless network? (Select two.)
Configure devices to run in infrastructure mode Install a RADIUS server and use 802.1x authentication
You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?
Configure the connection with a pre-shared key and AES encryption.
Which rights management category is applied to music, videos, and software that is sold to consumers?
DRM
Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?
Data loss prevention
10.3.10 Clear the Browser Cache You use Google Chrome as your web browser on the desktop computer in your dorm room. You are concerned about privacy and security while surfing the web. You are also concerned about exploits that harvest data from your Google Chrome browsing history. In this lab, your task is to delete the following items from your Google Chrome browser history for all time: Browsing history Download history Cookies and other site data Cached images and files Hosted app data
Delete all items from your Google Chrome history. From the Windows taskbar, select Google Chrome. In the upper right, select the ellipsis (three dots) and then select History > History. Maximize the window for easier viewing. Select Clear browsing data. Select Advanced. For the Time range field, use the drop-down menu to select All time. Make sure the following items are checked: Browsing history Download history Cookies and other site data Cached images and files Hosted app data
In which phase of the Microsoft Intune application life cycle would you assign an app to users and/or devices you manage and monitor them on the Azure portal?
Deploy
Why do attackers prefer to conduct distributed network attacks in static environments? (Select two.)
Devices are typically more difficult to monitor than traditional network devices. Devices tend to employ much weaker security than traditional network devices.
Your organization is having a third party come in and perform an audit on the financial records. You want to ensure that the auditor has access to the data they need while keeping the customers' data secure. To accomplish this goal, you plan to implement a mask that replaces the client names and account numbers with fictional data. Which masking method are you implementing?
Dynamic
Your organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the BEST approach to take to accomplish this? (Select two. Each option is part of a complete solution.)
Enroll the devices in a mobile device management (MDM) system. Configure and apply security policy settings in a mobile device management (MDM) system.
Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connection using the credentials assigned to a vice president in your organization. For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice president's home recorded someone rummaging through her garbage cans prior to the attack. The vice president admitted to writing her VPN login credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network. You've reviewed the vice president's social media pages. You found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smartphone was never misplaced prior to the attack. Which security weakness is the MOST likely cause of the security breach?
Geotagging was enabled on her smartphone.
Which of the following protocols uses port 443?
HTTPS
You have been offered a position as a security analyst for Acme, Inc. The position will be remote. Acme Inc. has sent you your employment contract using a system that only allows you to open and digitally sign the contract. Which rights management method is being used?
IRM
The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. She wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the internet. If a user does not provide the correct code, he or she should not be allowed to access the internet. What should you do?
Implement a captive portal
Your organization allows employees to bring their own devices into work, but management is concerned that a malicious internal user could use a mobile device to conduct an insider attack. Which of the following should be implemented to help mitigate this threat?
Implement an AUP that specifies where and when mobile devices can be possessed within the organization.
The IT manager has tasked you with configuring Intune. You have enrolled the devices and now need to set up the Intune policies. Where would you go to set up the Intune policies?
In the Admin portal, select Policy > Add Policy.
You manage the information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an internet connection. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly.
You notice that a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices?
Internet of Things (IoT)
Your organization recently purchased 20 Android tablets for use by the organization's management team. You are using a Windows domain. Which of the following should you use to push security settings to the devices?
Intune
Which of the following is the recommend Intune configuration?
Intune Standalone
Which of the following BEST describes dynamic data masking? (Select two.)
It replaces original information with a mask that mimics the original in form and function. It can be used to control which users can see the actual data.
Which of the following is a technique that disperses a workload between two or more computers or resources to achieve optimal resource utilization, throughput, or response time?
Load balancing
DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property?
Network DLP
The IT manager has tasked you with implementing a solution that ensures that mobile devices are up to date, have anti-malware installed, and have the latest definition updates before being allowed to connect to the network. Which of the following should you implement?
NAC
Which of the following does the Application layer use to communicate with the Control layer?
Northbound APIs
Which type of firewall protects against packets coming from certain IP addresses?
Packet-filtering
An attacker has intercepted near-field communication (NFC) data and is using that information to masquerade as the original device. Which type of attack is being executed?
Relay
Next Tokenization is another effective tool in data loss prevention. Tokenization does which of the following? (Select two.)
Protects data on its server with authentication and authorization protocols Replaces actual data with a randomly generated alphanumeric character set
Which of the following BEST describes a virtual desktop infrastructure (VDI)?
Provides enhanced security and better data protection because most of the data processing is provided by servers in the data center rather than on the local device.
Which of the following protocols can TLS use for key exchange? (Select two.)
RSA Diffie-Hellman
Which of the following serves real-time applications without buffer delays?
RTOS
Which of the following app deployment and update methods allows an administrator to remove apps and clear all data from a device without affecting the device itself?
Remote management
Which of the following app deployment and update methods allows updates to be uploaded onto Intune where they can be pushed out to users within 24 hours?
Remote management
A smartphone was lost at the airport. There is no way to recover the device. Which of the following ensures data confidentiality on the device?
Remote wipe
Mobile application management (MAM) provides the ability to do which of the following?
Remotely install and uninstall apps.
Which of the following methods can cloud providers implement to provide high availability?
Replication
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. Which type of security risk is this?
Rogue access point
Which of the following devices are special computer systems that gather, analyze, and manage automated factory equipment?
SCADA
Which type of wireless access point is generally used in a residential setting?
SOHO
SFTP uses which mechanism to provide security for authentication and data transfer?
SSH
Software defined networking (SDN) uses a controller to manage devices. The controller is able to inventory hardware components on the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make widespread configuration changes on just one device. Which of the following best describes an SDN controller?
THE SDN controller is software.
Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)
TLS SSL
Which of the following tools allow remote management of servers? (Select two.)
Telnet SSH
If a user's BYOD device (such as a tablet or phone) is infected with malware, that malware can be spread if that user connects to your organization's network. One way to prevent this event is to use a Network Access Control (NAC) system. How does an NAC protect your network from being infected by a BYOD device?
The NAC remediates devices before allowing them to connect to your network.
When using SSL authentication, what does the client verify first when checking a server's identity?
The current date and time must fall within the server's certificate-validity period.
The IT manager has tasked you with installing new physical machines. These computer systems are barebone systems that simply establish a remote connection to the data center to run the user's virtualized desktop. Which type of deployment model is being used?
Thin client
Which of the following mobile device management (MDM) solutions allows an organization to manage all devices, including printers, workstations, and even IoT devices?
UEM
What is the limit of virtual machines that can be connected to a virtual network?
Unlimited
Mobile device management (MDM) provides the ability to do which of the following?
Track the device.
Next Which formula is used to determine a cloud provider's availability percentage?
Uptime/uptime + downtime
What is a virtual LAN that runs on top of a physical LAN called?
VAN
Which of the following virtual devices provides packet filtering and monitoring?
VFA
Which of the following is an example of protocol-based network virtualization?
VLAN
Which of the following is used as a secure tunnel to connect two networks?
VPN
You manage information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over an internet connection using a mobile device app. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)
Verify that your network's existing security infrastructure is working properly. Install the latest firmware updates from the device manufacturer.
Which of the following devices facilitates communication between different virtual machines by checking data packets before moving them to a destination?
Virtual switch
Which of the following lets you make phone calls over a packet-switched network?
VoIP
You need to add security for your wireless network, and you would like to use the most secure method. Which method should you implement?
WPA2
Which of the following devices would you use to perform a site survey?
Wi-Fi analyzer
Which of the following is responsible for broadcasting information and data over radio waves?
Wireless access point
The IT manager has tasked you with installing the new wireless LAN controller (WLC). Where should you install the controller?
Network closet
8.3.10
8.3.10
You need to configure a wireless network using WPA2-Enterprise. Which of the following components should be part of your design? (Select two.)
802.1x AES encryption
9.1.8
9.1.8
9.2.7
9.2.7
9.3.4
9.3.4
9.4.6
9.4.6
9.5.6
9.5.6
9.6.7
9.6.7
Which of the following cloud storage access services acts as a gatekeeper, extending an organization's security policies into the cloud storage infrastructure?
A cloud-access security broker
Which of the following are disadvantages of server virtualization?
A compromised host system might affect multiple servers.
8.3.6 8.3.6 Harden a Wireless Network You are a network technician for a small corporate network. You need to increase the security of your wireless network. Your new wireless controller provides several security features that you want to implement. Access the Wireless Controller console through Chrome on http://192.168.0.6 with the username admin and the password password. The username and password are case sensitive. In this lab, your task is to: Change the admin username and password for the Zone Director controller to the following: Admin Name: WxAdmin Password: ZDAdminsOnly!$ (O is the capital letter O) Set up MAC address filtering (L2 Access Control) to create a whitelist called Allowed Devices that includes the following wireless devices: 00:18:DE:01:34:67 00:18:DE:22:55:99 00:02:2D:23:56:89 00:02:2D:44:66:88 Implement a device access policy called NoGames that blocks gaming consoles from the wireless network.
Access the Ruckus zone controller. From the taskbar, select Google Chrome. In the URL field, enter 192.168.0.6 and press Enter. Maximize the window for easier viewing. Log in to the wireless controller console. In the Admin field, enter admin (case sensitive). In the Password field, enter password as the password. Select Login. Change the admin username and password for the Zone Director controller. From the top, select the Administer tab. Make sure Authenticate using the admin name and password is selected. In the Admin Name field, enter WxAdmin. In the Current Password field, enter password. In the New Password field, enter ZDAdminsOnly!$. In the Confirm New Password field, enter ZDAdminsOnly!$. On the right, select Apply. Enable MAC address filtering. From the top, select the Configure tab. From the left menu, select Access Control. Expand L2-L7 Access Control. Under L2/MAC address Access Control, select Create New. In the Name field, enter Allowed Devices. Under Restriction, make sure Only allow all stations listed below is selected. Enter a MAC address. Select Create New. Repeat step 4g-4h for each MAC address you would like to add to the ACL. Select OK. Configure access controls. Under Access Control, expand Device Access Policy. Select Create New. In the Name field, enter NoGames. Select Create New. In the Description field, enter Games. Using the OS/Type drop-down list, select Gaming. In the Type field, select Deny. Under Uplink, make sure Disabled is selected. Under Downlink, make sure Disabled is selected. Select OK
Which of the following BEST describes the Physical SDN layer?
Also known as the Infrastructure layer.
Which of the following is a network device that is deployed in the cloud to protect against unwanted access to a private network?
Cloud-based firewall
Which of the following BEST describes the Application SDN layer?
Communicates with the Control layer through the northbound interface.
Which of the following tools allows the user to set security rules for an instance of an application that interacts with one organization and different security rules for an instance of the application when interacting with another organization?
Instance awareness
8.3.9 You have been hired by a small hotel to configure how their guests access the internet. You have chosen to use pfSense's captive portal feature. Guests must pass through this portal to access the internet. In this lab, your task is to: Access the pfSense management console: Username: admin Password: P@ssw0rd (zero) Add a captive portal zone named Guest_WiFi Use the description Zone used for the guest Wi-Fi Using the GuestWi-Fi interface, configure your portal as follows: Allow a maximum of 100 concurrent connections. Disconnect user from the internet if their connection is inactive for 30 minutes. Disconnect user from the internet after two hours regardless of their activity. Limit user's download and upload to 8000 and 2500 Kbit/s, respectively. Force to pass through your portal prior to authentication. Allow the following MAC and IP address to pass through the portal: MAC: 00:00:1B:12:34:56 IP: 198.28.1.100/16 Give the IP address the description Admin's Laptop
Complete this lab as follows: 1. Sign into the pfSense management console. a. In the Username field, enter admin. b. In the Password field, enter P@ssw0rd (zero). c. Select SIGN IN or press Enter. 2. Add a captive portal zone. a. From the pfSense menu bar, select Services > Captive Portal. b. Select Add. c. For Zone name, enter Guest_WiFi. d. For Zone description, enter Zone used for the guest Wi-Fi. e. Select Save & Continue. 3. Enable and configure the captive portal. a. Under Captive Portal Configuration, select Enable. b. For Interfaces, select GuestWi-Fi. c. For Maximum concurrent connections, select 100. d. For Idle timeout, enter 30. e. For Hard timeout, enter 120. f. Scroll down and select Per-user bandwidth restriction. g. For Default download (Kbit/s), enter 8000. h. For Default upload (Kbit/s), enter 2500. i. Under Authentication, use the drop-down menu to select None, don't authenticate users. j. Scroll to the bottom and select Save. 4. Allow a MAC address to pass through the portal. a. From the Captive Portal page, select the Edit Zone icon (pencil). b. Under the Services breadcrumb, select MACs. c. Select Add. d. Make sure the Action field is set to Pass. e. For Mac Address, enter 00:00:1B:12:34:56. f. Select Save. 5. Allow an IP address to pass through the portal. a. Under the Services breadcrumb, select Allowed IP Addresses. b. Select Add. c. For IP Address, enter 198.28.1.100. d. Use the IP address drop-down menu to select 16. This sets the subnet mask to 255.255.0.0. e. For the Description field, enter Admin's Laptop. f. Make sure Direction is set to Both. g. Select Save.
You are a network technician for a small corporate network. You want to take advantage of the self-healing features provided by the small enterprise wireless solution you've implemented. You're already logged in as WxAdmin on the Wireless Controller console from ITAdmin. In this lab, your task is to: Configure self-healing on the wireless network. Automatically adjust AP radio power to optimize coverage when interference is present. Set 2.4 GHz and 5 GHz radio channels to use the Background Scanning method to adjust for interference. Configure the background scanning needed for rogue device detection, AP locationing, and self-healing. Background scans should be performed on all radios every 30 seconds. Configure load balancing for all radios by adjusting the threshold to 40 dB. Configure band balancing to allow no more than 30% of clients to use the 2.4 GHz radios. Reduce the power levels to -3 dB for three access points in Building A to reduce RF emanations. Use the wireless survey results in the exhibit to identify the access points.
Complete this lab as follows: Configure self-healing. From the top, select the Configure tab. From the left menu, select Services. Under Self-Healing, select Automatically adjust AP radio power to optimize coverage when interference is present. Using the Automatically adjust 2.4GHz channels using drop-down menu, select Background Scanning from the drop-down menu. Using the Automatically adjust 5GHz channels using drop-down menu, select Background Scanning from the drop-down menu. On the right, select Apply. Configure background scanning. Select Run a background scan on 2.4GHz radio. Enter 30 seconds. Select Run a background scan on 5GHz radio. Enter 30 seconds. On the right, select Apply. Configure load balancing. Select Run load balancing on 2.4GHz radio. In the Adjacent radio threshold(dB) field, enter 40. Select Run load balancing on 5GHz radio. In the Adjacent radio threshold(dB) field, enter 40. On the right, select Apply. Configure band balancing. Select Percent of clients on 2.4GHz radio. Enter the 30. On the right, select Apply. Adjust the AP power level. From the left menu, select Access Points. From the top right, select Exhibit to determine which access points to adjust. Select Edit next to the access point to be modified. Under Radio B/G/N(2.4G) next to TX Power, make sure Override Group Config is selected. From the TX Power drop-down list, select -3dB (1/2). Under Radio A/N/AC(5G) next to TX Power, make sure Override Group Config is selected. From the TX Power drop-down list, select -3dB (1/2). Select OK.
You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems' versions and editions. Currently, all of your virtual machines used for testing are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent issues, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do? (Select two. Both responses are part of the complete solution.)
Connect the virtual network interfaces in the virtual machines to the virtual switch. Create a new virtual switch configured for host-only (internal) networking.
Which of the following are true concerning virtual desktop infrastructure (VDI)? (Select two.)
Correct Answer: In the event of a widespread malware infection, the administrator can quickly reimage all user desktops on a few central servers. User desktop environments are centrally hosted on servers instead of on individual desktop systems.
What is the system that connects application repositories, systems, and IT environments in a way that allows access and exchange of data over a network by multiple devices and locations called?
Integration
Cloud storage is a virtual service, so the infrastructure is the responsibility of the storage provider. Access control should be set as a local file system would be, with no need for the provider to have access to the stored data. You are implementing the following measures to secure your cloud storage: Verify that security controls are the same as in a physical data center. Use data classification policies. Assign information into categories that determine storage, handling, and access requirements. Assign information classification based on information sensitivity and criticality. Which of the following is another security measure you can implement?
Dispose of data when it is no longer needed by using specialized tools.
Which of the following is generated after a site survey and shows the Wi-Fi signal strength throughout the building?
Heat map
Which of the following is a network virtualization solution provided by Microsoft?
Hyper-V
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?
Hypervisor
You are the security analyst for your organization. Clients are complaining about being unable to connect to the wireless network. After looking into the issue, you have noticed short bursts of high-intensity RF signals are interfering with your wireless network's signal. Which type of attack are you most likely experiencing?
Jamming
Which of the following do switches and wireless access points use to control access through a device?
MAC address filtering
Which of the following is a solution that pushes security policies directly to mobile devices over a network connection?
Mobile device management (MDM)
Which of the following is an advantage of software-defined networking (SDN)?
More granular control
Which of the following statements about virtual networks is true? (Select two.)
Multiple virtual networks can be associated with a single physical network adapter. A virtual network is dependent on the configuration and physical hardware of the host operating system.
Google Cloud, Amazon Web Services (AWS), and Microsoft Azure are some of the most widely used cloud storage solutions for enterprises. Which of the following factors prompt companies to take advantage of cloud storage? (Select two.)
Need to bring costs down Growing demand for storage
Which of the following types of site surveys should be performed first?
Passive
Match each description on the left with the appropriate cloud technology on the right.
Public cloud Provides cloud services to just about anyone. Private cloud Provides cloud services to a single organization. Community cloud Allows cloud services to be shared by several organizations. Hybrid cloud Integrates one cloud service with other cloud services.
Which of the following mobile device security considerations disables the ability to use the device after a short period of inactivity?
Screen lock
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk. Which of the following actions would BEST protect your system?
Run the browser within a virtual environment.
Which of the following is a disadvantage of software defined networking (SDN)?
SDN standards are still being developed.
You are the security administrator for your organization. You have implemented a cloud service to provide features such as authentication, anti-malware, intrusion detection, and penetration testing. Which cloud service have you most likely implemented?
SECaaS
Which of the following is used on a wireless network to identify the network name?
SSID
You have physically added a wireless access point to your network and installed a wireless networking card in two laptops that run Windows. Neither laptop can find the network. You have come to the conclusion that you must manually configure the access point (AP). Which of the following values uniquely identifies the network AP?
SSID
Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network?
SaaS
What is isolating a virtual machine from the physical network to allow testing to be performed without impacting the production environment called?
Sandboxing
8.3.7 You are a network technician for a small corporate network. You would like to enable Wireless Intrusion Prevention on the wireless controller. You are already logged in as WxAdmin. Access the Wireless Controller console through Chrome on http://192.168.0.6. In this lab, your task is to: Configure the wireless controller to protect against denial-of-service (DOS) attacks as follows: Protect against excessive wireless requests. Block clients with repeated authentication failures for two minutes (120 seconds). Configure Intrusion Detection and Prevention as follows: Report all rogue devices regardless of type. Protect the network from rogue access points. Enable Rogue DHCP Server Detection.
Task SummaryConfigure Denial of Service protection Hide DetailsProtect against excessive wireless requestsBlock clients with repeated authentication failuresBlock clients for two minutes (120 seconds)Enable Wireless Intrusion Protection Hide DetailsEnable Rogue Device ReportingReport all rogue devices regardless of typeProtect the network from rogue access pointsEnable Rogue DHCP Server DetectionExplanationIn this lab, you perform the following tasks:• Configure the wireless controller to protect against denial of service (DOS) attacks as follows:o Protect against excessive wireless requests.o Block clients with repeated authentication failures for two minutes (120 seconds).• Configure Intrusion Detection and Prevention as follows:o Report all rogue devices regardless of type.o Protect the network from rogue access points.• Enable rogue DHCP server detection.Enable Wireless Intrusion Prevention on the wireless controller as follows:1. Select the Configure tab.2. From the left menu, select WIPS.3. Configure Denial of Service protection as follows:a. Select Protect my wireless network against excessive wireless requests.b. Select Temporarily block wireless clients with repeated authentication failures.c. Enter the threshold in seconds.d. On the right, click Apply.4. Configure Intrusion Detection and Prevention as follows:a. Select Enable report rogue devices.b. Select Report all rogue devices.c. Select Protect the network from malicious rogue access points.d. On the right, click Apply.5. Select Enable rogue DHCP server detection; then click Apply.
Drag the software defined networking (SDN) layer on the left to the appropriate function on the right. (Each SDN layer may be used once, more than once, or not at all.)
This layer receives its requests from the Application layer. Control layer This layer is also known as the Infrastructure layer. Physical layer This layer communicates with the Control layer through what is called the northbound interface. Application layer This layer provides the Physical layer with configuration and instructions. Control layer On this layer, individual networking devices use southbound APIs to communicate with the control plane. Physical layer
Which of the following best describes Bluesnarfing?
Viewing calendar, emails, and messages on a mobile device without authorization
Which load balancing method distributes a workload across multiple computers?
Workload balancing