CS4451 Module 9

A company has adopted the policy of placing servers in different VLANs. What security benefit can they derive from this practice? Select two.

Allows for sensitive data to only be transported to members of the VLAN. Can be used to enforce firewall or IDS inspection during communications between servers.

Which of the following represents security criteria a NAC system is most likely to enforce? Select two.

Anti-malware software Operating system patches

A router connects networks A, B, and C. A threat actor is successful in breaching the security protocols and breaks into network A. From network A, the threat actor spoofs the source IP address as if it is originating from network C and sends traffic to network B. How can this condition be mitigated?

Apply an inbound ACL on the router.

You are responsible for ensuring the company's servers are secure. Which of the following policies should you implement?

Apply patches. Monitor the server. Remove unnecessary software. Physically secure the server

Karim is promoted and told he is being given permission to access a secure server. However, as soon he attempts to log in, the host-based IPS on the server issues an alert and prevents him from logging in. Why did the IPS deny access?

Because Karim logging into the secure server is not an activity regularly seen on the network

A company has multiple branches. They use a VPN to encrypt all traffic to and from the central office. As they continue to grow, they've noticed a reduction in performance at the central office. Which of the following represents a possible short-term solution? Select two.

Do not encrypt web-surfing traffic. Use a split-funnel implementation

Alula is exploring the implementation of a ZTA framework at his organization. Which of the following best represents considerations he is most likely to keep in the forefront? Select two.

Focus on authentication and authorization. Do not implicitly trust internal entities.

Heba configures a firewall rule to prevent traffic from Network A. However, some network services from Network A should be permitted but because of their source IP address they will be blocked by default. What type of firewall rule action should Heba apply?

Force Allow

A company launched a digital product that is selling so well that their web server is unable to keep up with the requests. They are evaluating the possibility of adding a second web server along with a load balancer. What type of load balancer should they add, and what security benefit can it provide?

Layer 7 load balancer; it can detect and stop attacks directed at an application.

An associate is hired by a close friend to learn information technology (IT) administration skills on the job. The associate finds a 24-port hub in a cabinet and is considering using it in a small network setting for a lab environment that will be accessed using Telnet. If the associate uses the hub, which mitigation principle would be violated?

Segmentation

A cyberthreat agency concludes traffic is being sent to an attacker's server based on the characteristics of the traffic. They notify the authorities who then orchestrate a plan to redirect the traffic away from the attacker's server for further analysis. Which of the following most likely represents the strategy the authorities implemented to redirect traffic?

Sinkhole

An employee fully recovers from an accident and returns to their previous position after 12 months. However, when the employee tries to connect to the network using their wireless laptop, access is not granted. Which of the following most likely describes why access was not granted?

The company implemented a NAC system, so the laptop needs a NAC agent.

A security company deliberately creates an Internet-facing network containing some servers with a few vulnerabilities. Why would the company do this?

To study the methods used by attackers.

Which one of the two-part answers best completes the statement? Security appliances and software are __________ while a secure infrastructure design is __________.

reactive; proactive

Mosa owns a small business. One of his employees spends at least 4 hours a day searching for wholesale products to sell in the store and through the website. In the short term, Mosa wants to implement a quick, inexpensive, and easy-to-install solution to help filter and block potentially suspicious websites. What would you recommend?

Browser scanning

A company is growing and now has 200 procurement agents who buy a wide variety of products on behalf of many large corporations. They often access a series of approved vendor websites, but access speeds seem to be deteriorating with every new agent they hire. Which of the following can they implement to help improve performance and security?

A forward proxy server

Which of the following statements are true regarding software firewalls versus hardware firewalls? Select two.

A hardware firewall provides less of a target for attackers. A hardware firewall is more expensive than a software firewall.

A network administrator specifies a statement that reads "Deny management traffic from untrusted networks to Network B." What type of firewall is the network administrator most likely configuring?

A policy-based firewall

Lakia needs to implement a web filtering solution that will also filter traffic from remote users. Which of the following options is Lakia most likely to implement?

Cloud scanning

Which of the following mitigation principles used to secure information is a true statement? Select two.

Comparing the current state of information security with recommended controls is gap analysis. Applying security measures to reduce unnecessary vulnerabilities is configuration enforcement.

A company implements a web filtering solution. However, they notice that some websites contain suspicious pages that are not being blocked. As a result, they adopt a solution that blocks all the pages for a given website. What solution did the company most likely implement?

DNS filtering

A network administrator is implementing a DMZ with input from a consultant. The consultant recommends using two firewalls instead of one. Why would this recommendation be made? Select three.

It helps reduce the restrictions imposed by a potential single point of failure. It is more difficult for an attacker to breach two separate firewalls than just one.

Gino needs to procure a networking appliance that will filter traffic to permit or deny certain packets. At the very least, Gino should buy a firewall that is capable of filtering traffic based on which of the following parameters? Select three.

Protocol IP address Port number

Two switches, S1 and S2, are connected to each other. To realize segmentation and greater security, each switch has three VLANs configured (students, faculty, and IT). When a faculty endpoint connected to S1 communicates with a faculty endpoint connected to S2, how does S2 know the message belongs to the faculty VLAN?

S1 tags the message, indicating it belongs to the faculty VLAN when sending it to S2.

A junior technician configures a firewall. The network administrator then runs tests and analyzes the traffic to verify the firewall was configured as expected. The network administrator notices that the only traffic allowed to enter the internal network is return traffic that was requested from an internal source. Which of the following best describes this type of packet filtering?

Stateful packet filtering

Budgetary constraints are preventing a small company from upgrading their faulty wireless access points until the following month. An employee needs to synchronize the password on their company-issued laptop, so they disconnect the Ethernet cable from the desktop computer and plug it into the laptop. However, no connectivity is established with the laptop. What is the most likely reason?

The switch port has port security enabled.

A company decided to remove their FIM installation for reasons that could be justified and opted to deploy an alternative solution. Which of the following represents the most likely reason why they removed their FIM installation?

The system was generating more information than could be effectively analyzed.

The security team of a large company is debating the type of security devices they should deploy. They have a limited budget and cannot buy all the devices stipulated by the requirements of the individual attendees. If they agree on one device capable of performing several security functions, what type of device are they most likely to deploy?

UTM

You are asked to design a network for a medium-sized company with three tiers of security requirements for the IT staff. Which of the following statements are you most likely to agree with?

Where applicable, use automated provisioning to simplify the configuration of networks.

Which of the following are true statements regarding the differences or similarities between EDR and XDR? Select two.

XDR tools aggregate data from endpoints, network appliances, and cloud repositories. XDR gives a higher level of visibility and context to incidences.