4312 Cybersecurity Final (Ch. 6,7,8,9)
A) self-replication
What is the primary distinguishing characteristics between a worm and a logic bomb? A) self-replication B) Incidental damage to resources C) Masquerades as a useful program D) Spreads via email
B) Test the effectiveness of your security perimeter
What is the primary purpose of penetration testing? A) Evaluate newly deployed firewalls B) Test the effectiveness of your security perimeter C) Assess the skill level of new IT security scan D) Infiltrate a competitor's network
C) Sniffing
What type of attack is most likely to succeed with communications between instant messaging clients? A) denial of service B) brute force password attack C) sniffing D) DNS poisoning
A) Switch Port
When configuring VLANs on a switch, what is used to identify which VLANs a device belongs to? A) Switch port B) Host name C) MAC address D) IP address
C) hypervisor
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines? A) virtual switch B) virtual firewall C) hypervisor D) virtual router
C and D
Which of the following functions can a port scanner provide? (pick two) A) auditing IPsec encryption algorithm configuration B) testing virus definitions design for false positives C) determining which ports are open on a firewall D) discovering unadvertised servers
A) Fingerprinting
Which of the following identifies an operating system or network service based on its response to ICMP messages? A) Fingerprinting B) Firewalking C) Port scanning D) Social engineering
A) OVAL
Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities? A) OVAL B) MBSA C) OSSTMM D) Retina
D) FIndings in the audit and subsequent summations are viewed objectively
Which of the following is NOT an advantage when using an internal auditor to examine security systems and relevant documentation? A) An internal auditor has knowledge of the inner workings of the organizations B) Orientation time is minimized C) An internal auditor is familiar with organizational goals D) FIndings in the audit and subsequent summations are viewed objectively
D) Auditing
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance? A) Scanning B) Phishing C) CompSec D) Auditing
B) Zero knowledge team
Which of the following types of penetration test teams will provide you information that is most revealing of a real world hacker attack? A) Partial knowledge team B) Zero knowledge team C) Split knowledge team D) Full knowledge team
C) Penetration testing
Which of the following uses hacking techniques to proactively discover internal vulnerabilities? A) Passive reconnaissance B) Inbound scanning C) Penetration testing D) Reverse engineering
B) virtual switch
Which part of the following devices facilitates communication between different virtual machines by checking data packets before moving them to a destination? A) virtual firewall B) virtual switch C) virtual router D) hypervisor
D) reconnaissance
Which phrase or step of a security assessment is a passive activity? A) enumeration B) privilege escalation C) vulnerability mapping D) reconnaissance
C and D
Which ports does LDAP use by default? (pick two) A) 110 B) 161 C) 636 D) 389 E) 69
C) DTP
Which protocol should you disable on the user access ports of a switch? A) IPsec B) TCP C) DTP D) PPTP
D) CHAP
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default? A) EAP B) PAP C) Certificates D) CHAP
B) Spamming
Which type of malicious activity can be described as numerous unwanted and unsolicited email messages sent to a wide range of victims? A) Brute force B) Spamming C) Trojan horse D) Hijacking
B) Stealth
Which type of virus conceals its presence by intercepting system requests and altering service outputs? A) Retro B) Stealth C) Polymorphic D) Slow
A) Backdoor
While developing a network application, a programmer adds functionality that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. What type of security weakness does this represent? A) backdoor B) Weak passwords C)Privilege escalation D)Buffer overflow
D) botnet
A collection of zombie computers have been set up to collect personal information. What type of malware do the zombie computers represent? A) trojan horse B) spyware C) logic bomb D) botnet
B) To delay intruders in order to gather auditing data
A honeypot is used for which purpose? A) to entrap intruders B) to delay intruders in order to gather auditing data C) to disable an intruder's system D) to prevent sensitive data from being accessed
A) credential manager
A manager has told you she is concerned about her employees writing their passwords for websites, network files, and databases resources on sticky notes. Your office runs exclusively in a Windows environment. Which tool could you use to prevent this behavior? A) credential manager B) local users and groups C) computer management D) key management service
C. Privilege escalation
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred? A) Man in the middle attack B) Social engineering C) Privilege escalation D) Smurf Attack
D) Active fingerprinting
A security admin is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses NMAP to probe various hosts to see which operating system they are running. Which process did the admin use in the penetration test in this scenario? A) Passive fingerprinting B) Network enumeration C) Firewalking D) Active fingerprinting
D) Passive fingerpainting
A security admin is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try to determine which operating systems are running on network hosts. Which process did the admin use in the penetration test in this scenario? A) Active fingerpainting B) Network enumeration C) Firewalking D) Passive fingerpainting
A) Credential scan
A security admin logs on to a Windows server on her organization's network. She then runs a vulnerability scan on that server. What type of scan was conducted in this scenario? A) Credential scan B) TCP SYN scan C) Ping Scan D) Non credentialed scan
C) Non credentialed scan
A security admin needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside? What type of scan should he use? A) Network mapping scan B) Credentialed scan C) Non credentialed scan D) Port scan
B) ticket granting ticket
A user has just authenticated using Kerberos. Which object is issued to the user immediately following login? A) digital certificate B) ticket granting ticket C) client to server D) digital server
B) Switch
A virtual LAN can be created using which of the following? A) router B) switch C) hub D) gateway
D. Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions? A) Social engineering B) Impersonation C) Replay D) Privilege escalation
C) spam
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware. What kind of attack has occurred in this scenario? A) Repudiation attack B) Open SMTP relay C) Spam D) Phishing
B) Host based IDS
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? A) Protocol analyzer B) Host based IDS C) Network based IDS D) Port scanner E) VPN concentrator
C) Hardening
By definition, what is the process of reducing security exposure and tightening security controls? A) Active scanning B) Social engineering C) Hardening D Passive reconnaissance
B) periodically verifies the identity of a peer using a three way handshake
CHAP performs which of the following security functions? A) links remote systems together B) periodically verifies the identity of a peer using a three way handshake C) allows the use of biometric devices D) protects user names
A) SSL
FTPS uses which mechanism to provide for authentication and data transfer? A) SSL B) Multi-factor authentication C) Token devices D) IPsec
D) Spamming
If an SMTP server is not properly and securely configured, it can be hijacked and used maliciously as a SMTP relay agent. Which activity could result if this happens? A) Salami attack B) Data diddling C) Virus Hoax D) Spamming
C) Update your virus detection software
If your anti-virus software does not detect and remove a virus, what should you try first? A) Search for and delete the file you believe to be infected B) Set the read-only attribute of the file you believe to be infected C) Update your virus detection software D) Scan the computer using another virus detection program
D) A strong password policy
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of common user names and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue? A) VLANs B) 3DES encryption C) AES encryption D) A strong password policy
A) You want to restrict the devices that could connect through a switch port.
In which of the following situations would you use port security? A) You want to restrict the devices that could connect through a switch port B) You want to prevent sniffing attacks on the network. C) You want to prevent MAC address spoofing D) You want to control the packets sent and received by a router
D) Privacy
Instant messaging does NOT provide which of the following? A) indication of when you are online B) ease of file transfers C) real-time communications D) Privacy
B and D
KWalletManager is a Linux-based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials? (pick two) A) Twofish B) Blowfish C) HMAC-SHA1 D) GPG D) Kerberos
1. Active Attack 2. External Attack 3. Active Attack 4. Passive Attack 5. Passive Attack
Match the description to the network attack technique. (Active, External, Passive, Inside) 1. Perpetrators attempt to compromise or affect the operations of a system. 2. Unauthorized individuals try to breach a network from off-site. 3. Attempting to find the root password on a web server. 4. Attempting to gather information without affecting the flow of information on the network. 5. Sniffing network packets or performing a port scan.
1. B 2. A 3. B 4. A 5. C
Match the management options with its descriptions. 1. SSL 2. HTTP 3. SSH 4. Telnet 5. Console port a. transfers data in cleartext b. uses public key cryptography c. cannot be sniffed
White Box Test - D Grey Box Test - E Black Box Test - B Single Blind Test - C Double Blind Test - A
Match the term with the characteristic. (White box test, Grey box test, Black box test, Single blind test, and Double blind test) A) The tester does not have prior information about the system and the admin has no knowledge that the test is being performed B) The tester has no prior knowledge of the target system C) Either the attacker has prior knowledge about the target system, or the admin knows that the test is being performed D) The tester has detailed info about the target system prior to starting the test E) The tester has the same amount of information that would be available to a typical insider in the organization
A) Allowing NetBIOS traffic outside of your secured network
Many popular operating systems allow quick and easy file and printer sharing with other network members. Which of the following is NOT a means by which file and printer sharing is hardened? A) Allowing NetBIOS traffic outside of your secured network B) Imposing granular access control via ACLs C) Hosting all shared resources on a single centralized and secured server D) Logging all activity
1. Inherent vulnerabilities 2. Documentation 3. Entry points 4. Inherent vulnerabilities 5. Network baseline
Match the area of focus to the example. 1. IoT and SCADA devices 2. Used to identify a weak network architecture or design 3. Public-facing servers, workstations, Wi-Fi networks, and personal devices 4. An older version of Windows that is used for a particular application 5. What activity looks like in normal day-to-day usage
1. MAC Spoofing 2. ARP Spoofing/Poisoning 3. MAC Flooding 4. Dynamic Trunking Protocol
Match the description to the appropriate switch attack type. (ARP Spoofing/Poisoning, Dynamic Trunking Protocol, MAC Flooding, MAC Spoofing) 1.Can be used to hide the identity of the attacker's computer or impersonate another device on the network. 2. The source device sends frames to the attacker's MAC address instead of the correct device. 3. Causes packets to fill up the forwarding table and consumers so much of the switch's memory that it enters a state called fail open mode. 4. Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network .
B) Bandwidth based denial of service
Network based intrusion detection is most suited to detect and prevent which types of attacks? A) Application implementation flaws B) Bandwidth based denial of service C) Buffer overflow exploitation of software D) Brute force password attack
A) Bandwidth based denial of service
Network based intrusion detection is most suited to detect and prevent which types of attacks? A) bandwidth based denial of service B) application implementation flaw C) brute force password attack D) buffer overflow exploitation of software
C) software defined networking
Network engineers have the option of using software to configure and intelligently control the network rather than relying on the individual static configuration files that are located on each network device. Which of the following is relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network? A) control layer networking B) load balancing software C) software defined networking D) infrastructure software networking
A) periodic reviews must be conducted to detect malicious activity or policy violations
Properly configured passive IDS and system audit logs are an integral part of of a comprehensive security plan. Which step must be taken to ensure that the information is useful in maintaining a secure environment? A) periodic reviews must be conducted to detect malicious activity or policy violations B) all files must be verified with the IDS checksum C) all logs should be deleted and refreshed monthly D) the accounting department must compress the logs on a quarterly basis
A) Authenticating remote clients before access to the network is granted
Radius is primarily used for what purpose? A) Authenticating remote clients before access to the network is granted B) Managing access to a network over VPN C) Managing RAID fault-tolerant drive configurations D) controlling entry gate access using proximity sensors
C) SDN controller is software
Software defined networking (SDN) uses a controller to manage the devices. The controller is able to inventory hardware components in the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make wide-spread configuration changes on just one device. Which of the following best describes an SDN controller? A) SDN controller is a virtual networking device B) SDN controller is a networking protocol C) SDN controller is software D) SDN controller is hardware
D) You can control security by isolating wireless guest devices within this VLAN
The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN? A) You can load balance wireless guest network traffic to have a lower priority than the rest of the traffic on the network B) You can create a wireless guest network more affordably with a VLAN than you can with a router C) You can control broadcast traffic and create a collision domain for just the wireless guest devices D) You can control security by isolating wireless guest devices within this VLAN
E) Move the router to a secure room
The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with the user name admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? A) Use the TFTP to back up the router configuration to a remote location B) Change the default administrative user name and password C) Use encrypted type 7 passwords D) use a Telnet client to access the router configuration E) Move the router to a secure room
A) Use SCP to back up the router configuration to a remote location.
The router is physically located in a locked server closet. You use FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the user name admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? A) Use SCP to back up the router configuration to a remote location. B) Use encrypted type passwords C) Use an SSH client to access the router configuration D) Move the router to a secure data center
A) Change the user name and create a more complex password
The router is physically located in a server room that can only be accessed with an ID card. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration from your notebook computer by connecting it to the console port on the router. The web-based management interface uses the default user name of cusadmin and a password of highspeed. What should you do to increase the security of this device? A) change the user name and create a more complex password B) create a more complex password C) remove any backdoors that might have been created by a programmer. D)change the user name
A and C
The router is physically located in a server room that requires an ID for access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a user name of admin and a password of admin. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? (select two) A) Use an SSH client to access the router configuration B) Use a web browser to access the router configuration using an HTTP connection C) Change the default administrative user name and password D) Use encrypted type 7 passwords E) Use TFTP to back up the router configuration to a remote location
D) 443
To increase security on your company's internal network, the admin has disabled as many ports as possible. Now, however, though you can browse the internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions? A) 69 B) 21 C) 23 D) 443 E) 80
D) Configure the software to automatically download the virus detection files as soon as they become available
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again? A) Switch to a more reliable anti-virus software B) Create a scheduled task to run sfc.exe daily C) Carefully review open firewall ports and close any unnecessary ports D) Configure the software to automatically download the virus detection files as soon as they become available
D) Phishing
Users in your organization receive email messages informing them that suspicious activity has been detected on their bank accounts. They are directed to click a link in the email to verify their online banking user name and password. The URL in the link is the .ru top-level DNS domain. What kind of attack has occurred? A) Virus B) Open SMTP relay C) Buffer overflow D) Phishing
B) Email
What is the most common means of virus distribution? A) Floppy disks B) Email C) Music downloaded from the internet D) Commercial software CDs
A) Peer-to-peer networking
What common design feature among instant messaging clients make them less secure than other means of communication over the internet? A) peer-to-peer networking B) freely available for use C) real-time communication D) transfer of text and files
A) Host system auditing capabilities
What do host based intrusion detection systems often rely upon to perform detection activities? A) Host system auditing capabilities B) Remote monitoring tools C) External sensors D) Network traffic
C) Asynchronous attack
What is another name for a logic bomb? A) DNS poisoning B) Trojan horse C) Asynchronous attack D) Pseudo flaw
B) a process by which each party in an online communication verifies the identity of each party
What is mutual authentication? A) the use of two or more authentication factors B) a process by which each party in an online communication verifies the identity of each other party C) using a CA to issue certificates D) deploying CHAP and EAP on remote connections
C) A worm can replicate itself, while a virus requires a host for distribution
What is the main difference between a worm and a virus? A) A worm requires an execution mechanism to star, while a virus can start itself B) A worm is restricted to one system; while a virus can spread from system to system C) A worm can replicate itself, while a virus requires a host for distribution D) A worm tries to gather information, while a virus tries to destroy data
B) Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter
What is the main difference between vulnerability scanning and penetration testing? A) The goal of vulnerability scanning is to identify potential weaknesses; the goal of penetration testing is to attack the system B) Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter C) Vulnerability scanning uses approved methods and tools; penetration testing uses hacking tools D) Vulnerability scanning is performed with a detailed knowledge of the system; penetration testing begins with no knowledge of the system
E) Trunk ports
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch? A) gigabit and higher ethernet ports B) Any port not assigned to a VLAN C) Each port can only be a member of a single VLAN D) Uplink ports E) Trunk ports
B) determine unneeded services and their dependencies before altering the system
When securing a newly deployed server, which of the following rules of thumb should be followed? A) disable all services not associated with supporting shared network services B) determine unneeded services and their dependencies before altering the system C) disable all unused services D) disable each service in turn and then test the system for negative effects
C) ticket
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user's identity to the target system? A) voucher B) coupon C) ticket D) hashkey
B and D
Which actions can a typical passive intrusion detection system (IDS) take when it detects an attack? (Pick two) A) LAN side clients are halted and removed from the domain B) The IDS logs all pertinent data about the intrusion C) The IDS configuration is changed dynamically, and the source IP address is banned. D) An alert is generated and delivered via email, the console, or an SNMP trap
B) Trojan horse
Which is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously? A) ActiveX control B) Trojan horse C) Worm D) Outlook Express
C) Bypassing 802.1x port-based security
Which is a typical goal of MAC spoofing? A) causing a switch to enter fail open mode B) rerouting local switch traffic to a specified destinations C) bypassing 802.1x port-based security D) causing incoming packets to broadcast to all ports
A) Disable unused services
Which of the following actions should you take to reduce the attack surface of a server? A) Disable unused services B) Install a host based IDS C) Install anti-malware software D) Install the latest patches and hotfixes
B and C
Which of the following activities are considered passive in regards to the function of an intrusion detection system? (Pick two) A) Disconnecting a port being used by a zombie B) Listening to network traffic C) Monitoring the audit trails on a server D) Transmitting FIN or RES packets to an external host
D and E
Which of the following activities are typically associated with a penetration test? (pick two) A) Running a vulnerability scanner on network servers B) Create a performance baseline C) Interviewing employees to verify that the security policy is being followed D) Attempting social engineering E) Running a port scanner
Controlling access through a switch & controlling access through a wireless access point
Which of the following applications typically use 802.1x authentication? (chose two) Controlling access through a switch Controlling access through a wireless access point Authentication remote access clients Authenticating VPN users through the Internet Controlling access through a router
A and C
Which of the following are characteristics of TACACS+? (pick two) A) allows three different servers, one each for authentication, authorization, and accounting B) Uses UDP C) Uses TCP D) Allows of two different servers, one for authentication, and another for accounting
B) RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers
Which of the following are differences between RADIUS and TACACS+? A) RADIUS encrypts the entire packet contents; TACACS+ only encrypts the password B) RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers C) RADIUS uses TCP; TACACS+ uses UDP D) RADIUS supports more protocols than TACACS
C and D
Which of the following are included in an operations penetration test? (pick two) A) duplicating captured packets without altering or interfering with flow of traffic on that medium B) sneaking into a building without authorization C) eavesdropping or obtaining sensitive information from items that are not properly stored D) looking through discarded papers or media for sensitive information E) scanning various ports on remote hosts looking for well known services
B and C
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (pick two) A) 802.1x B) RADIUS C) TACACS+ D) EAP E) AAA F) PKI
B, C, and E
Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool? (pick three.) A) analyze packets for evidence of an attack B) check for missing patches C) check for open ports D) gather performance statistics for setting a baseline E) check user accounts for weak passwords
D and E
Which of the following are required when implementing Kerberos for authentication and authorization? (pick two) A) PPPoE B) PPP C) RADIUS or TACACS+ server D) Time synchronization E) Ticket granting server
A and C
Which of the following are requirements to deploy Kerberos on a network? A) time synchronization between devices B) a directory service C) a centralized database of users and passwords D) blocking of remote connectivity E) use of token devices and one time passwords
B and D
Which of the following are security devices that perform stateful inspection of packet data and look for patterns that indicates malicious code? (Pick two) A) ACL B) IPS C) Firewall D) IDS E) VPN
D) MAC flooding
Which of the following attacks, if successful, causes a switch to function like a hub? A) ARP poisoning B) MAC spoofing C) Replay D) MAC flooding
D) LANMAN
Which of the following authentication mechanisms is designed to protect a nine character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash? A) LDAP B) NTLM C) NTLMv2 D) LANMAN
B) PAP
Which of the following authentication protocols transmits passwords in cleartext and is therefore considered too insecure for modem networks? A) EAP B) PAP C) CHAP D) RADIUS
B) It monitors the actions you take on your machine and sends the information back to its originating source
Which of the following best describes spyware? A) It monitors user actions that denote personal preferences, then sends pop-ups and ads to the user that match their tastes B) It monitors the actions you take on your machine and sends the information back to its originating source C) It is a program that attempts to damage a computer system and replicate itself to other computer systems D) It is a malicious program disguised as legitimate software
D) PaaS delivers everything a developer needs to build an application onto the cloud infrastructure
Which of the following best describes the Platform as a service (PaaS) cloud computing service model? A) PaaS delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments B) PaaS stores and provides data from a centralized location without the need for local collection and storage C) PaaS delivers software applications to the client either over the internet or on a local area network D) PaaS delivers everything a developer needs to build an application onto the cloud infrastructure
B) devices on the same network logically grouped as if they were on separate networks
Which of the following best describes the concept of a virtual LAN? A) devices connected by a transmission medium other than cable B) devices on the same network logically grouped as if they were on a separate networks C) devices in separate networks logically grouped as if they were in the same network D) devices on different networks that can receive multicast packets E) devices connected through the internet that can communicate without using a network address
C) Not controlling physical access to the router
Which of the following can make passwords useless on a router? A) Using the MD5 hashing algorithm to encrypt the password B) Storing the router configuration file to a secure location C) Not controlling physical access to the router D) Using SSH to connect to a router remotely
C) SaaS
Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network? A) PaaS B) IaaS C) SaaS D) DaaS
A) Spam
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity? A) Spam B) Sniffing C) Replay attack D) Impersonation
B) Users' and groups' rights and privileges are checked to guard against creeping privileges
Which of the following describes Privilege auditing? A) An employee is granted the minimum privileges required to perform the duties of her position B) Users' and groups' rights and privileges are checked to guard against creeping privileges C) Users' activities are logged to document incidents for security investigations and incident response D) No single user is granted sufficient privileges to compromise the security of an entire environment
A) A list of common security settings that a group or all devices share
Which of the following describes a configuration baseline? A) A list of common security settings that a group or all devices share B) A collection of security settings that can be automatically applied to a device C) A set of performance statistics that identifies normal operating performance D) The minimum services required for a server to function
A) Legitimate traffic being flagged as malicious
Which of the following describes a false positive when using an IPS device? A) Legitimate traffic being flagged as malicious B) The source address identifying a non-existent host C) Malicious traffic masquerading as legitimate traffic D) The source address matching the destination address E) Malicious traffic not being identified
D) the system identified harmful traffic as harmless and allowed it to pass without generating any alerts
Which of the following describes the worst possible action by an IDS? A) the system correctly deemed harmless traffic as inoffensive and let it pass B) the system identified a harmless traffic as offensive and generated an alarm C) the system detected a valid attack and the appropriate alarms and notifications were generated D) the system identified harmful traffic as harmless and allowed it to pass without generating any alerts
D) IDS
Which of the following devices can monitor a network and detect potential security attacks? A) CSU/DSU B) Proxy C) DNS Server D) IDS E) Load balancer
A) IPS
Which of the following devices is capable of detecting and responding to security threats? A) IPS B) IDS C) Multi-layer switch D) DNS server
D) Cloud computing requires end user to have knowledge of the physical location and configuration of the system that delivers the services
Which of the following is NOT true regarding cloud computing? A) Typical cloud computing providers deliver common business applications online that are accessed from another web service or software like a web browser B) Cloud computing is software, data access, computation, and storage services provided to clients through the internet C) The term cloud's is used as a metaphor for the internet D) Cloud computing requires end user to have knowledge of the physical location and configuration of the system that delivers the services
A) Encrypts the entire data packet, not just authentication packets
Which of the following is a characteristic of TACACS+? A) Encrypts the entire data packet, not just authentication packets B) Uses UDP ports 1812 and 1813 C) Supports only TCP/IP D) Requires that authentication and authorization are combined in a single server
A) SDN standards are still being developed
Which of the following is a disadvantage of software defined networking (SDN)? A) SDN standards are still being developed B) SDN creates centralized management C) SDN facilitates communication between hardware from different vendors D) SDN gathers network information and statistics
B) A logical grouping of devices based on service need, protocol, or other criteria
Which of the following is an appropriate definition of a VLAN? A) A device used to filter WAN traffic B) A logical grouping of devices based on service need, protocol, or other criteria C) A physical collection of devices that belong together and are connected to the same wire or physical switch D) A device used to route traffic between separate networks
B) mutual authentication
Which of the following is feature of MS-CHAP v2 that is not included in CHAP? A) three way handshake B) mutual authentication C) certificate based authentication D) hashed shared secret
D) password authentication
Which of the following is most vulnerable to a brute force attack? A) Challenge response token authentication B) Biometric authentication C) Two-factor authentication D) Password authentication
B) You can simplify routing traffic between separate networks
Which of the following is not an administrative benefit of implementing VLANs? A) You can simplify device moves B) You can simplify routing traffic between separate networks C) You can control broadcast traffic and create collision domains based on logical criteria D) You can control security by isolating traffic within a VLAN E) You can load balance network traffic
A) a user establishes a dial up connection to a server to gain access to shared resources
Which of the following is the best example of remote access authentication? A) a user establishes a dial up connection to a server to gain access to shared resources B) a user accesses a shared folder on a server C) a user connects to a computer on the LAN using Remote Desktop D) a user logs on to an e-commerce site that use SSL
A) Apply only the hotfixes that affect to software running on your systems
Which of the following is the best recommendation for applying hotfixes to your servers? A) Apply only the hotfixes that affect to software running on your systems B) Wait until a hotfix becomes a patch, then apply it C) Apply hotfixes before applying the corresponding service pack D) Apply hotfixes immediately as they are released
A) TCP SYN scan
Which of the following is the type of port scan that does not complete the full three-way TCP handshake, but rather listens only for either SYN/ACK or RST/ACK packets? A) TCP SYN scan B) TCP connect scan C) TCP FIN scan D) TCP ACK scan
C) rootkit
Which of the following is undetectable software that allows admin level access? A) trojan horse B) spyware C) rootkit D) logic bomb E) worm
B) SSH
Which of the following network services or protocols uses TCP/IP port 22? A) NNTP B) SSH C) TFTP D) IMAP4
C) Rainbow table
Which of the following password attacks uses preconfigured matrices of hashed dictionary words? A) Dictionary B) Brute force C) Rainbow table D) Hybrid
B) 49
Which of the following ports are used with TACACS? A) 22 B) 49 C) 50 and 51 D) 1812 and 1813 E) 3389
C) 20, 21
Which of the following ports does FTP use to establish sessions and manage traffic? A) 135-139 B) 25, 110 C) 20, 21 D) 80, 443
B) TACACS
Which of the following protocols can be used to centralize remote access authentication? A) SESAME B) TACACS C) CHAP D) EAP E) Kerberos
D) Kerberos
Which of the following protocols uses port 88? A) LDAP B) TACACS C) PPTP D) Kerberos E) L2TP
D) Spanning tree
Which of the following solutions would you implement to eliminate switching loops? A) auto-duplex B) inter-vlan routing C) CSMA/CD D) Spanning tree
A) Anti-virus should be configured to download updated virus definition files as they become available
Which of the following statements about the use of anti-virus is correct? A) Anti-virus should be configured to download updated virus definition files as they become available B) If you install anti-virus software, you no longer need a firewall on your network C) Once installed, anti-virus software installed, workstations do not need anti-virus software installed
B) Add random bits to the password before hashing takes place
Which of the following strategies can protect against a rainbow table password attack? A) Enforce strict password restrictions B) Add random bits to the password before hashing takes place C) Educate users to resist social engineering attacks D) Encrypt the password file with one way encryption
B) ARP spoofing/poisoning
Which of the following switch attacks associates he attacker's MAC address with the IP address of the victim's devices? A) MAC spoofing B) ARP spoofing.poisoning C) Cross-site scripting D) DNS poisoning
C) hotfix
Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short term, periodic basis? A) Service pack B) Targeted software path C) hotfix D) kernel fix kit
A and C
You are an application developer. You user a hypervisor with multiple virtual machines installed to test your applications on various operating systems versions and editions. Currently, all of your testing virtual machines are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent issues, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do? A) Connect the virtual network interfaces in the virtual machines to the virtual switch B) Disable the switch port the hypervisors network interface is connected to C) Create a new virtual switch configured for host only networking D) Create a new virtual switch configured for bridged networking E) Create a MAC address filters on the network switch that block each virtual machine's virtual network interfaces F) disconnect the network cable from the hypervisors network interface
B) Packet sniffer
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use? A) system log B) packet sniffer C) throughput tester D) load tester E) event log
A) IPS
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? A) IPS B) Packet sniffer C) Port scanner D) IDS
B and C
You are configuring a dial up connection to remote access server. Which protocols would you choose to establish the connection and authenticate, providing the most secure connection possible? (pick two) A) PPPoE B) CHAP C) PPP D) PAP E) SLIP
D) Flag
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist? A) drop B) block C) tarpit D) flag
A) Configure port security on the switch
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do? A) Configure port security on the switch B) Remove the hub and place each library computer on its own access port C) Create a static MAC addresses for each computer and associate it with a VLAN D) Create a VLAN for each group of four computers
B) definition
You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could be present on a system? A) threat agent B) definition C) library D) asset risk E) repository
C) Mirroring
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to the same switch this is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure? A) Spanning tree B) Promiscuous mode C) Mirroring D) Bonding
A) promiscuous mode
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device, which is connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation, not to other devices. Which feature should you configure? A) promiscuous mode B) spanning tree C) bonding D) mirroring
D) NTFS and share permissions
You have a file server named Srv3 that holds files used by the development department. You want to allow users to access the files over the network and control access to files accessed through the network or a local logon. Which solution should you implement? A) NTFS permissions B) Share permissions and quotas C) Share permissions and file screens D) NTFS and share permissions
B) On the RADIUS server used for authentication and authorization
You have a network with three remote access servers, a RADIUS server used for authentication and authorization, and a second RADIUS server used for accounting. Where should you configure remote access policies? A) On each of the remote access servers B) On the RADIUS server used for authentication and authorization C) On the RADIUS server used for accounting D) On on of the remote access servers
D) Add Mark Mangum to the ACL for the Confidential.xls file.
You have a shared folder named Reports. Members of the Managers group have been given write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do? A) Add Mark Mangum to the ACL for the Reports directory with Deny permissions B) COnfigure NFTS permissions for Confidential.xls to allow Read only C) Remove Mark Mangum from the Managers group D) Add Mark Mangum to the ACL for the Confidential.xls file.
D) configure port mirroring
You have a small network of devices connected using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B. What should you do? A) Connect hosts A and B together on the same switch port through a hub B) configure the default gateway address on hosts A and B with the IP address of Host C C) manually set the MAC address of Host C to the MAC address of Host A D) configure port mirroring
B) Add kenyan.msn.pl to the email blacklist
You have been receiving a lot of phishing emails sent from the domain kenyan.sn.pl. Links within these emails open new browser windows at youneedit.com/pl. You want to make sure that these emails never reach your inbox, but you want to make sure that emails from other senders are not affected. What should you do? A) Add youneedit.com.pl to the email blacklist B) Add kenyan.msn.pl to the email blacklist C) Add msn.pl to the email blacklist D) Add pl to the email blacklist
B) False positive
You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device? A) False negative B) False positive C) Negative D) Positive
B) Group policy
You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply them to multiple computers. Which tool is your best choice for accomplishing this task? A) Security templates B) Group policy C) WSUS D) Security Configuration an Analysis
B) Inform senior management
You have decided to perform a double blind penetration test. Which of the following actions would you perform first? A) Perform operational reconnaissance B) Inform senior management C) Engage in social engineering D) Run system fingerprinting software
A) rootkit
You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has admin access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain admin access to the computer. Which of the following terms best describes this software? A) rootkit B) spyware C) privilege escalation D) botnet E) trojan horse
A) It has been moved to a secure folder on your computer
You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file? A) It has been moved to a secure folder on your computer B) The file extension has been charged to prevent it from running C) It has been deleted from your system D) The infection has been removed, and the file has been saved to a different location
C) control layer removes the control plane from networking devices and creates a single control plane
You have opted to use software-defined networking (SDN) to manage, control, and make changes to your network. You want to be able to use software to configure and intelligently control the network, rather than relying on the individual static configuration files that are located on each network device. SDN consists of three layers: Application Layer Control Layer Physical Layer Which of the following describes what the SDN layer does to networking devices that compromise the physical layer? A) the control layer interfaces with the control plane in each networking device and creates a virtual control plane B) the control layer removes the control plane from networking devices and creates a virtual control plane for each device C) control layer removes the control plane from networking devices and creates a single control plane D) control layer uses southbound APIs to communicate with the control plane in each networking device and creates a single control plane
A) Open ports 20 and 21 for inbound and outbound connections
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do? A) Open ports 20 and 21 for inbound and outbound connections B) Define user accounts for external visitors C) Move the FTP outside of the firewall D) Install a VPN
C) Test the hotfix and then apply it to all servers
You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix? A) Test the hotfix and then apply it to the server that had the problem B) Apply the hotfix immediately to the server; apply the hotfix to other devices only as the security threat manifests itself. C) Test the hotfix and then apply it to all servers D) Apply the hotfix immediately to all servers
D) Protocol analyzer
You have recently reconfigured FTP to require encryption of both passwords and data transfers. You would like to check network traffic to verify that all FTP passwords and data are encrypted. Which tool should you use? A) Systems monitor B) Vulnerability scanner C) Performance monitor D) Protocol analyzer
A) run the vulnerability assessment again
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches? A) run the vulnerability assessment again B) update the vulnerability scanner definition files C) document your actions D) use a port scanner to check for open ports
D) Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder
You have two folders that contain documents used by various departments: -The development group has been given the write permission to the design folder -the sales group has been given the write permission to the products folder No other permissions have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do? A) Make Mark a member of the Development and Sales group B) Make Mark a member of the Development group; add Mark's user account directly to the ACL for the Products folder C) Add Mark's user account directly to the ACL for both the Design and Products folders D) Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder
A) Open SMTP delay
You install a new Linux distribution on a server in your network. The distribution includes an SMTP daemon that is enabled by default when the system oots. The SMTP daemon does not require authentication to send email messages. Which type of email attack is this server susceptible to? A) Open SMTP delay B) Phishing C) Sniffing D) Viruses
C) VLANs
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement? A) NAT B) Port authentication C) VLANs D) DMZ
D) Spanning tree
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. Which feature should your switch support? A) PoE B) OSPF C) Trunking D) Spanning tree E) Mirroring
E) Port authentication
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What features should you configure? A) Mirroring B) Spamming tree C) Bonding D) VLANs E) Port authentication
A) Spanning tree
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches? A) Spanning tree B) 802.1x C) PoE D) Trunking E) Bonding
a) create a VLAN to use as a low-trust network zone for these static systems to connect to
You notice that over the last few months more and more static systems, such as the office environment control system, the security system, and lighting controls, are connecting to your network. You know that these devices can be a security threat. Which of the following measures can you take to minimize the damage these devices can cause if the are compromised? a) create a VLAN to use as a low-trust network zone for these static systems to connect to b) create a VLAN to use as a no-trust network zone for these static systems to connect to c) create a VLAN to use as a medium-trust network zone for theses static systems to connect to d) create a VLAN to use as a high-trust network zone for these static systems to connect to
B) Remote access
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files. You want the connection to be as secure as possible. Which type of connection will you need? A) Intranet B) Remote access C) Internet D) Virtual private network
B) VLAN
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you do for this situation? A) Port security B) VLAN C) Spanning tree D) VPN
A) vulnerability scanner
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need? A) vulnerability scanner B) protocol analyzer C) network mapper D) port scanner
D) John the Ripper
You want to check a server for user accounts that have weak passwords. Which tool should you use? A) OVAL B) Retina C) Nessus D) John the Ripper
B) 135, 137-139
You want to close all ports associated with NetBIOS on your network firwalls to prevent attacks directed against NetBIOS. Which ports should you close? A) 67, 68 B) 135, 137-139 C) 161, 162 D) 389, 636
E) 636
You want to deploy SSL to protect authentication traffic with your LDAP based directory service. Which port does this action use? A) 60 B) 80 C) 389 D) 443 E) 636 F) 2208
C) Create a security group for the managers. Add all user's as members of the group. Add the group to the file's DACL
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this? A) Create a distribution group for the managers. Add all users as members of the group. Add the group to the file's DACL B) Add one manager to the DACL that grants all permissions. Have this user add other managers as required C) Create a security group for the managers. Add all user's as members of the group. Add the group to the file's DACL D) Add each user account to the file's DACL
D) Network mapper
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? A) OVAL B) Ping scanner C) Port scanner D) Network mapper
C) Protocol analyzer
You want to identify traffic that is generated and sent through the network by a specific application running on a device. Which tool should you use? A) Multimeter B) TDR C) Protocol analyzer D) Toner probe E) Certifier
D) 802.1x
You want to increase the security of your network by allowing only authenticated users to access network devices through a switch. Which of the following should you implement? A) Port security B) spanning tree C) IPsec D) 802.1x
E) Packet sniffer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use? A) throughput tester B) IPS C) Port scanner D) IDS E) Packet sniffer
C) Port scanner
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use? A) IDS B) IPS C) Port scanner D) Packet sniffer E) System logs
A) RAS
You want to set up a service to allow multiple users to dial in the office server from modems on their home computers. What services should you implement? A) RAS B) RIP C) PPP D) ISDN
C) SASL
You want to use Kerberos to protect LDAP authentication. Which authentication method should you choose? A) Mutual B) EAP C) SASL D) Simple
C) S/MIME
You want to use a protocol for encrypting emails that uses a PKI with X.509 certificates. WHich method should you choose? A) AES B) IPsec C) S/MIME D) SSH
A and D
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tools should you use? (pick two) A) Retina B) Wireshack C) OVAL D) Nessius E) LC4
A) Wireshark
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use? A) Wireshark B) Nmap C) OVAL D) Nessus
D) update the scanner definition files
You want to use a vulnerability scanner to check a system for known security risks. What should you do first? A) Perform a port scan B) apply all known patches to the system C) update the scanner definition files D) update the scanner definition files E) inform senior management
D. Use a stronger administrative password
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. ou configured the management interface with a user name of ADMIN an a password of PASSWORD. What should you do to increase the security of this device? A) move device to a secure data center B) use a web browser to access the router configuration using an HTTP connection C) use an SSH client to access the router configuration D) Use a stronger administrative password
B) Use SSL
Your LDAP directory services solution uses simple authentication. What should you always do when using simple authentication? A) Add SASL and use TLS B) Use SSL C) Use Kerberos D) Use IPsec and certificates
D) VLAN
Your company is a small start-up company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which features should you request to have implemented? A) VPN B) Spanning tree C) Port security D) VLAN
d) Network segmentation
Your network devices are categorized into the following zone types: -No-trust zone -Low-Trust zone -Medium-trust zone -High-Trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network? a) Virtual local area networking b) Trust zone networking c) Network firewalling d) Network segmentation
User education and training
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the most important aspect of maintaining network security against this type of attack?
D) You cant use domain based group policies to enforce security settings on mobile devices
Your organization is formulating a bring your own device (BYOD) security policy for mobile devices. Which of the following statements should be considered as you formulate your policy? A) It is difficult for users to connect personal mobile devices to your organization's corporate network. B) Mobile devices are immune to malware threats C) Anti-malware software isnt available for most mobile device operating systems. D) You cant use domain based group policies to enforce security settings on mobile devices
D) implement an application aware IPS in front of the web server
Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do? A) implement a packet-filtering firewall in front of the web server B) install an anti malware scanner on the web server C) implement a stateful firewall in front of the web server D) implement an application aware IPS in front of the web server E) Implement an application aware IDS in front of the web server
A) Implement an application control solution
Your organization's security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received an anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work. You research BitTorrent and find that it uses TCP ports 6881-6889 by default. WHen you check your perimeter firewall configuration, only ports 80 and 443 are open. When you check your firewall logs, you find that no network traffic using ports 6881-6889 has been blocked. What should you do? A) Implement an application control solution B) block all outbound ports in the perimeter firewall C) call human resources and have the employee fired for violation of the security policy D) determine that the accused employee is innocent and being framed
A) Sign up for WIndows Intune account to manage the tablets
Your organizations security policy specifies that any mobile device that connects to your internal network must have Remote Wipe enabled, regardless of ownership. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it. Your organization recently purchased several Windows RT tablets. Which should you do? A) Sign up for WIndows Intune account to manage the tablets B) Enable Remote Wipe local group policies on each drive C) Go to Settings Charm > Change PC settings > Privacy and enable the Remote Wipe settign D) Implement Remote WIpe group policies in your domain