Technologies and Tools Practice Test
Reverse proxy, inspect
I have installed a _________ ________ is my DMZ so that it will decrypt incoming traffic so that my firewall or inline NIPS can __________ the traffic.
Mail gateway, DLP
A _____ ________ could be used as a spam filter and a ____ solution to prevent PII and sensitive information from leaving the company.
SIEM, WORM
A _____ system correlates security logs from various devices such as servers and firewalls. The security administrator has decided to store the logs into a _______ drive so that they can be read but not tampered with as they may be needed as evidence at a later date.
The biometric authentication failure acceptance rate allows the incorrect authentication method to gain access to a network.
A security administrator has discovered that the incorrect authentication information has been used to access the network. What type of technology is the attacker using?
As most of the security has been circumvented without detection, it looks like a malicious insider threat has been carried out.
A security administrator has found that many company devices have been tampered with over the past week. When they have looked into the security log files, they found that nothing out of the ordinary had been recorded. What has been tampering with the equipment?
Once a remote user has been authenticated, if the security administrator implements Network Access Control (NAC), it would check that the device was fully patched before it was allowed onto the network.
A security administrator has found that remote users have been infecting the company network with viruses. What tool do they need to implement to mitigate this risk?
Site-to-site, always-on
A company could use a ____-__-____ VPN instead of an expensive lease line or even more expensive dark fiber, but it must be set to _______ - ___ mode.
SRTP
A company has decided that instead of the sales staff traveling to the head office for weekly meetings, they will use videoconferencing. The videoconferencing should be secure, therefore they will use the _________ protocol.
A thin wireless controller pushes out new configuration files to all wireless access points from a central location.
A company has over twelve wireless access points that need to be configured centrally. How will this be achieved with the minimum amount of effort?
NAC
A company has recently started using _______ to check the health of the remote user's laptop to ensure that they cannot spread a virus to the company's network.
Remote wipe
A company has set a policy of using mobile device management (MDM) to _______ ______ lost or stolen machine to mitigate the risk of data falling into the wrong hands.
SIEM, correlation
A company has set up account lockout with three attempts. An attacker tries to log in once to three separate hosts but finds himself locked out. This is because a ______ system has a ______ engine.
If the company implemented geofencing, it would prevent the high-end laptops from going outside of the boundaries set.
A company has suffered from an increase in the theft of its high-end laptops. What technology can be implemented to prevent such laptops from being stolen?
TLS is used in the Security+ exam for the encryption of mail between mail servers. The encryption of mail between two people uses PGP.
A cyber security team has carried out an audit of the mail server and has recommended that mail between the mail servers must not be monitored or captured by protocol analyzers. The mail must remain confidential. Which of the following protocols should the auditor recommend?
Port security disables the ports and reduces the functionality of the switch, however, 802.1x authenticates the device, so the ports remain open with rogue devices being prevented access.
A network administrator is configuring a switch and is unsure whether to enable port security or 802.1x. What can you advise on both of these technologies?
DHCP snooping
A network team has rolled out ______ __________ to prevent unauthorized rogue DHCP servers from operating on the company network.
Load balancer, DNS round robin
A new company has an increasing amount of people coming to its website; therefore, it can use a ______ _________ or ___ ______ _____ to ensure that incoming web requests were dealt in a timely manner.
When the certificate was installed, it must have been valid and then added to the Trusted Root Certification Authorities store. The new employee must have deleted the local cache, removing the certificate from the Trusted Root Certification Authorities store.
A new employee was given a company laptop with the correct certificates installed. Two weeks later, they report to the IT team that they are getting trust errors with the certificates. What has the new employee done to cause this error?
Split tunneling is where someone first launches a secure session to their company's LAN and then makes another session that is unsecure. The attacker then gains access to the company's network via the unsecure session.
A sales person logged into the company VPN to download some files. During the download, the sales person went online to look at the availability for flights for next month. During this session, the company network was hacked by someone gaining access via the web browser. What was the vulnerability that caused the attack?
When a laptop gets its internet connection via phone, this is known as tethering.
A salesperson cannot get internet access on their laptop, so they connect their 4G phone to the laptop to provide internet access. What technique have they just used?
Username, password, MAC
A security administrator changes the default _________ and _________, disables the SSID, and enables ______ filtering to make a wireless access point more secure.
Using IPSec between servers uses transport mode, but when IPSec is used over the internet, it uses tunnel mode.
A security administrator is enabling IPSec on the file server that hosts the financial server. They are then going to enable IPSec between the server and all of the desktops being the financial users. What mode of IPSec will be adopted?
The role of the VPN concentrator is to set up a secure session for the VPN connection.
A security administrator is enabling an L2TP/IPSec on a virtual private network. What will be the role of a VPN concentrator?
WPS, brute-force
A security administrator sets up a wireless access point by inserting a password that will be used by ____. The user can now access the WAP by simply pushing a button; however, this could be subject to a ______-______ password attack.
ANT is a bespoke, low-power Bluetooth technology.
A security administrator wants to implement a Bluetooth type of technology that uses low power. What technology should he implement?
The all-in-one firewall device is called Unified Threat Management (UTM); this provides firewall, anti-malware, and anti-spam protection as well as content and URL filtering.
A small company is going to purchase a firewall and needs to ensure that the firewall is an all-in-one device providing more protection than just simply being a firewall. What type of firewall would you recommend that they purchase?
Inline, passive
An ________ NIPS has traffic flowing through it; however, the NIDS is known as ________ and relies on sensors and collectors to discover new attacks.
If the company has used more licenses than it originally purchased, this is called a license compliance violation and could result in a regulatory fine.
An audit has been carried out against the assets held by the IT team and the auditor has found that the company owns 300 Windows 10 licenses, but the software has been installed on 302 laptops. What is this violation known as?
Low-power directional
An auditor reports to a security administrator that the company's wireless network could be detected on the footpath outside of the premises. The security administrator then uses ___ ______ __________ antenna to mitigate the risk of being attacked by an external threat actor.
POP 3
An exchange engineer has recommended that the mail server is upgraded as the current mail protocol does not keep a copy on the server. What mail protocol is being used?
DNSSEC, RRSIG
An organization was suffering from DNS poisoning and decided to use _________ to encrypt the DNS traffic with TLS. This produced both DNSKEY and ________ records.
Nmap, telnet, and netcat
Banner grabbing uses tools such as Dimitri, _____, ________, and ________.
Nmap, NIDS
Both ____ and a ______ can detect when new hosts have been added to your internal network.
Router, firewall
Both the _______ and _________ use ACLs to block traffic by port, protocol, or IP address.
To capture commands going across the network, we need to use a packet sniffer, also known as a protocol analyzer.
How can I capture the commands going to a network-based gaming application?
To keep your business data separate from your personal data, you would storage segmentation, also known as containerization, to isolate the data from other data. This could be in the format of installing a micro SD card into the phone.
If I am using my personal phone as a BYOD device, what can be done to keep business data separate from my personal data?
Wireless packet sniffer, decloak
If I disable the SSID on my wireless access point, it can be discovered by a ___________ _________ _________ as the SSID is included in the packet or an SSID _______ device.
Context-aware authentication
If I want to restrict a user's ability to log in to ensure that they can only authenticate when they are in the United States of America and ensure that they cannot authenticate from any other location. This form of authentication is known as ________-_______ _______________.
You would first of all have to carry out carrier unlocking, known as rooting, and then use a technique called sideloading to load the third-party software.
If I want to use a third-party application on my carrier-locked Android phone, what two stages should I perform to enable the application to run?
You would first of all have to carry out carrier unlocking, known as jailbreaking, and then use a technique called sideloading to load the third-party software. This would not prevent you from using the Apple Store.
If I want to use a third-party application on my carrier-locked iOS phone, what two stages should I perform to enable the application to run?
Password age, Time-Based One-Time Password (TOTP)
If a company was to use weak passwords, they would set them with a low minimum _________ _____ to mitigate the risk of being attacked or could use a _____ _____ ____-_______ ___________ as a compensating control.
Whitelist
If an application cannot run on a desktop, it could well be that the application is just not on the _________. It does not necessarily need to be on the blacklist. It may not be on any list.
You would only remote wipe a mobile device if it was lost or stolen to prevent the data from falling into the wrong hands.
In what circumstances would I remote-wipe a device using the mobile device management system; (name two)?
Rooting/jailbreaking, sideloading
One of the company's employees uses ________/_____________ so that they can unlock a mobile phone. They now want to install a third-party application. This is known as ___________.
Input filters
One of the reasons why a SIEM system records a false positive is because the wrong ______ _________ were being used, therefore it was monitoring the wrong type of attack.
Full disk encryption, screen locks
Recently, data has been compromised from a mobile phone, and the CEO has asked the security team to come up with a solution to protect data at rest. The security team are going to use _____ _____ ____________ to protect the data at rest and ________ ______ to prevent access to the mobile phones.
Group policy
Security administrators can use ______ _________ to prevent anyone using a CD ROM or any other form of removable media to mitigate the risk of spreading a virus or stealing data.
To fulfill the policy, the security should store the security logs in a WORM drive (Write Once Read Many); this allows files to be copied to the drive but not altered or deleted.
The CEO has written a new policy stating that all of the security logs on domain controllers are to be copied to a central location daily. These log files need to be secured to ensure that they have not been tampered with after collection. What action should the security administrator take to fulfill this policy?
FTPS
The CEO of a publishing company has told the IT team that they can no longer use FTP to download books as they need to adopt a protocol that can download large books securely. The chosen protocol was ______ as it is encrypted and uses two ports to download data.
Shredding, pulp
The best method for sanitizing a hard drive is by ___________ it. However, the best way of disposing of paper documents containing PII information is to ________ them.
Containerization, segmentation
The company has decided to keep the employees' personal data separate from the business data by using either __________________ or storage _______________.
Context-aware authentication can be set up so that the devices only operate in the UK and if someone tried to use them in another country, the device would be disabled.
The cyber security team wish to prevent mobile devices from operating outside of the United Kingdom. What is the best way to achieve this?
To diagnose the problems with a wireless access point, the network administrator would use a wireless packet sniffer to see the packets come from and to the wireless access point.
The network administrator has been receiving support calls relating to the wireless access point. What tool should they use to diagnose the problem?
Secure tunnel
The role of the VPN concentrator is to set up the _________ ________ before the exchange of data.
Nmap and NIDS can both identify when a new host enters your network.
The security administrator has noticed a rise in the number of unauthorized hosts appearing on your network. What two tools can be implemented so that they are notified when someone attaches a new host?
If a company has an account lockout policy of three failed logins and they used a SIEM system, it would identify three failed logins, even if it was only one failed login on three separate machines. It also works in real time.
The security team has discovered that an attacker has been logging in twice to each machine but a security alert has not been logged as the company has an account lockout threshold of three attempts. What type of system should the company implement to alert them of any re-occurrence of this event?
HIPS
There have been attacks on the company's virtual machine network, therefore, the security administrator has installed a _____ on each machine to protect them.
Valid, trusted root
There have been certificate trust errors for the company website. The security team is going to check that the certificate is _______ and has been added to the _________ ______ certification authorities store on the web server.
A proxy filter has a URL filter to block access to certain websites, content filter to stop access to gaming websites, and web page caching to provide faster and more secure access to web pages. It cannot cache the stock exchange as the data is too volatile.
What are the three main components of a proxy server?
Downloading unauthorized software would reduce both the amount of available bandwidth and the amount of free disk space available.
What common security issue reduces the amount of bandwidth available to the company coupled with reducing the amount of disk space available on a computer?
Security monitoring tools cannot analyze data if it is in an encrypted format.
What data format cannot be analyzed by any of the company's monitoring tools?
A smartphone could be used to record a conversation and take videos and pictures of sensitive and private information.
What is the danger of someone taking an unauthorized smartphone into a research and development laboratory?
DNS round-robin can be used to balance web traffic as it rotates through the A records. The pitfall is that it does not know the status of the webserver.
What is the purpose of DNS round-robin, and what are the pitfalls of using it?
A reverse proxy authenticates incoming connections and decrypts incoming traffic so that the inline NIPS can monitor it.
What is the purpose of a reverse proxy?
Push notification services inform a user that mail has arrived at their inbox.
What is the purpose of push notification services?
A Host-based Intrusion Prevention System (HIPS) could be installed inside a virtual machine to prevent attacks.
What security technology can be implemented on a virtual machine to protect it against attacks?
An application whitelist lays out what application can be installed on a system. You can do this by adding the application name, the name of the .msi or .exe files or .dll binaries.
What security technology only allows approved applications to run on a system? How does it work?
A mobile telephone uses over-the-air updates where, ideally, the phone should have a full battery or be connected to a power socket.
What technique does an iPhone use to send software updates to the phone?
A stateful firewall inspects incoming traffic down to the commands used and packet sizes and would realize that the three-way handshake is not being established and would prevent the SYN flood attack.
What type of firewall is best suited to deal with an incoming SYN flood attack?
If the security administrator implemented Data Execution Prevention (DEP), any remote session would be limited to areas such as temporary internet files and not access the management of the system.
What type of security technology can prevent a hacker from accessing a computer's registry remotely?
A security administrator would use a web application firewall to protect a web server's application and data from attack.
What type of security technology would an administrator implement to protect a web server's applications and data?
To prevent PII or sensitive information leaving the company by email, the administrator should implement a Data Loss Prevention (DLP) system. It uses a pattern match and if the information matches the pattern, it is prevented from leaving the network.
What type of system does the security administrator need to implement to prevent anyone from emailing out credit card information?
To discover information such as the patch level version of a web server, we would use banner grabbing. Common tools for banner grabbing include telnet, nmap, or netcat (nc).
What type of tool can we use to determine the patch level version of a web server? Name three tools that can be used for this technique.
Using a download manager would state how many connections are allowed and the amount of bandwidth that they are allowed to use.
What would I need to use in conjunction with a mobile device to limit the bandwidth being used when I download applications to the device?
Using a Virtual Desktop Infrastructure (VDI) environment, the contractors would have an isolated desktop, depending on the network connections assigned to it. If they were to test applications, they could be sandboxed inside of their virtual machines.
What would be a safe, restricted, and contained environment that an IT team could provide to contractors to use?
GPS tagging inserts the location when a picture is taken.
When I was on holiday in Las Vegas, all of the pictures I submitted to Facebook had the location where the picture was taken. Which tool carried out the labeling of photographs?
Two tools that can identify an established session is the Windows command-line tool netstat and the Linux tool called netcat, also known as nc.
When an attack on a host is made, a connection is established. Which two tools can capture the established connection so that the attacker can be identified?
Off-boarding, exit interview
When people decide to leave the company for a highly paid job, we should carry out ___ __________ to ensure that the company CYOD equipment has been returned, followed by an _____ ____________ by the human resources department.
Tunnel, transport
When setting up IPSec across the internet, it is used in _________ mode but when it is used in the LAN between client and server or server to server, it is known as ___________ mode.
The administrator must first of all check the certificate to see whether it is still valid and then check whether it has been added to the Trusted Root Certification Authorities store on the local machine.
When setting up certificates on a mobile device, the administrator is receiving certificate trust errors. What two actions should the administrator carry out first?
You can either use a wireless packet sniffer as the SSID is inside the packet destination for the wireless access point or an SSID de-cloak device to discover the disabled SSID.
When the SSID of a wireless access point has been disabled, what two types of devices can be used to discover the SSID?
Unauthorized software
When the bandwidth coming into your company is being reduced and the space on one of your company servers is being aggressively reduced, this is a sign of downloading ____________ ____________.
S/MIME, encryption
When two people wish to send digitally signed and encrypted emails, they could use _________ for email integrity and PGP for ___________.
Implicit deny
Where the router or firewall has no allow rule for a particular type of traffic, the traffic is blocked by a technique called ________ ____.
A file integrity checker such as Microsoft's System File Checker (SFC) can determine whether the DLL files have been tampered with.
Which tools can I use to see if the DLL files of an application have been altered or tampered with?
Storing information on a WORM drive prevents the deletion or amendment of the data stored there.
Why would a security administrator archive security logs onto a WORM drive?
A UDP port needs to be used for streaming video; TCP would be far too slow as it uses a three-way handshake.
Your company provides internet access to films. What type of port should we use to ensure that the films run smoothly?
Port security, 802.1x
_____ ___________ is used to prevent someone plugging a laptop into my network; however, ________ is used to prevent a rogue access point being plugged into my network as it authenticates the user or device itself.
SSH
_____ is a secure protocol that can be used to run remote commands securely on routers or directory services. It can also use a graphical user interface.
UTM, malware filtering
_____ is first and foremost a firewall, but it can also carry out the functions of URL and content inspection and _________ ___________.
DLP
_______ can be used to stop PII and sensitive information from leaving the company via email or being exported onto a USB drive.
Banner grabbing, packet sniffer
_________ __________ inspects traffic going to a website, whereas a _______ ________ inspects traffic across the network.
Netstat, netcat
__________ shows established connections in a Windows environment, whereas _________ shows established connections in a Linux/Unix environment.