N10-007 Domain 3: Network Operations

Consider the following log message generated on a router: *Aug 8 11:18:12.081: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down What facility generated this message? -5- %LINEPROTO UPDOWN FastEthernet0/0

%LINEPROTO EXPLANATION The default log message format is as follows: *Aug 8 11:18:12.081: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down The components that comprise the log message include the following: Timestamp - Indicates when the message was generated. In this example: *Aug 8 11:18:12.081: Facility - Identifies the facility that created the message. In this example: %LINEPROTO Severity Level - Indicates the severity level of the message. In this example: -5- Mnemonic - Provides a mnemonic to help the administrator quickly identify the nature of the message. In this example: UPDOWN: Message Text - Provides a description of the event. In this example: Line protocol on Interface FastEthernet0/0, changed state to down

You've just installed a new 16U wall-mounted rack in your data center. You need to install the following equipment in this rack: A 4U redundant power supply A 4U server A 4U switch A 2U router Which of the following equipment will also fit in this rack along with the above equipment? 3U server 4U firewall 2U UPS 4U UPS

2U UPS EXPLANATION The height of a rack is measured in rack units (Us). A rack unit (1U) is 1.75 inches tall and represents one slot in the rack. When purchasing rack-mounted network devices, you'll notice that their height is specified in rack units. For example, a 2U server is 3.5" tall and fills 2 slots in a server rack. In this scenario, the 16U rack already has 14U of equipment installed. Therefore, only a device 2U (or less) can be installed.

What is a service level agreement (SLA)? An agreement to support another company in the event of a disaster. A contract with an ISP for a specific level of bandwidth. A guarantee of a specific level of service. A contract with a legal entity to limit your asset loss liability.

A guarantee of a specific level of service. EXPLANATION An SLA is a guarantee of a specific level of service from a vendor. That service may be communication links, hardware, or operational services. An SLA is a form of insurance against disasters or security intrusions that may affect your organization's mission critical business functions. An agreement to support another company in the event of a disaster is known as a mutual aid agreement. A contract with a legal entity to limit your asset loss liability is an insurance policy. A contract with an ISP for a specific level of bandwidth is a service contract.

Which of the following pieces of information are you likely to find in a policy document? Steps for completing and validating nightly backups. The IP address assigned to a router interface. Average performance statistics for a router. A requirement for using encrypted communications for web transactions.

A requirement for using encrypted communications for web transactions. EXPLANATION A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. In this question, a policy might contain a requirement that encrypted communications are required for web transactions. The policy does not state the method that will be deployed, just that encryption is a requirement. The type of encryption to be used, along with the process for implementing encryption, would be included in a procedure document. A procedure is a step-by-step process outlining how to implement a specific action. As another example, a procedure document might include steps for completing and validating nightly backups. The IP address of an interface for a device might be found in configuration documentation or a network diagram. A baseline is a snapshot of the performance statistics of the network or devices and would include the average performance information for a router.

Which of the following is an example of an internal threat? A server backdoor allows an attacker on the internet to gain access to the intranet site. A delivery man is able to walk into a controlled area and steal a laptop. A user accidentally deletes the new product designs. A water pipe in the server room breaks.

A user accidentally deletes the new product designs. EXPLANATION Internal threats are intentional or accidental acts by employees, including: Malicious acts such as theft, fraud, or sabotage. Intentional or unintentional actions that destroy or alter data. Disclosing sensitive information through snooping or espionage. External threats are the events originating outside of the organization that typically focus on compromising the organization's information assets. Examples are hackers, fraud perpetrators, and viruses. Natural events are the events that may reasonably be expected to occur over time. Examples are a fire or a broken water pipe.

Which of the following is a policy that defines appropriate and inappropriate activities and usage for company resources, assets, and communications? Business continuity plan (BCP) Business impact analysis (BIA) Acceptable use policy (AUP) Disaster recovery plan (DRP)

Acceptable use policy (AUP) EXPLANATION An acceptable use policy defines appropriate and inappropriate activities and usage for company resources, assets, and communications. The business impact analysis (BIA) identifies critical processes/assets and the effect of their loss on the company. The disaster recovery plan (DRP) addresses how the corporation will respond to a disaster. The business continuity plan (BCP) addresses how the corporation will respond to the disruption of critical systems.

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60%, and the temperature is 80 degrees. What should you do to help reduce problems? Add a separate A/C unit in the server room. Add a de-humidifier to the server room. Add a humidifier to the server room. Add line conditioners in the server room.

Add a separate A/C unit in the server room. EXPLANATION Keep the server room temperature between 70 and 74 degrees to prevent components from overheating. In many cases, the server room is the hottest location in your building because of the heat generated by the computer components. In most cases, you need a separate A/C unit in the server room so that you can maintain its temperature without adversely affecting the rest of the building. Keep humidity between 40 and 60 percent to prevent electrostatic discharge (ESD). Line conditioners (also known as power conditioners) are used to improve the quality of the power by performing one or more of the following: Removing noise caused by EMI and RFI. Providing small amounts of additional power to defend against power dips or sags. Preventing damage from spikes and surges.

Which of the following defines an acceptable use agreement? An agreement that outlines the organization's monitoring activities. An agreement that is a legal contract between the organization and the employee that specifies that the employee is not to disclose the organization's confidential information. An agreement that identifies the employee's rights to use company property, such as internet access and computer equipment, for personal use. An agreement that prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization.

An agreement that identifies the employee's rights to use company property, such as internet access and computer equipment, for personal use. EXPLANATION The acceptable use agreement identifies the employee's rights to use company property, such as internet access and computer equipment, for personal use. The non-compete agreement prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization. The employee monitoring agreement outlines the organization's monitoring activities. The non-disclosure agreement is a legal contract between the organization and the employee that specifies that the employee is not to disclose the organization's confidential information.

You have installed a new application on a network device. During testing, it appears as if the software is causing other services running on the device to stop responding. Which tool should you consult to identify the problem? Application log Packet sniffer Load tester Throughput tester

Application log EXPLANATION Logs contain a record of events that have happened on a system. Logging capabilities are built into operating systems, services, and applications. Log entries are generated in response to configuration changes, changes in system state, or network condition variations. A packet sniffer is special software that captures (records) frames that are transmitted on the network. A load tester simulates a load on a server or service. A throughput tester measures the amount of data that can be transferred through a network or processed by a device (such as the amount of data that can be retrieved from disk in a specific period of time).

Which of the following is the best recommendation for applying hotfixes to your servers? Apply hotfixes immediately as they are released. Apply all hotfixes before applying the corresponding service pack. Wait until a hotfix becomes a patch, then apply it. Apply only the hotfixes that apply to software running on your systems.

Apply only the hotfixes that apply to software running on your systems. EXPLANATION Be sure to test patches before applying patches within your organization. A common strategy is to: Apply and test patches in a lab environment. Deploy patches to a set of systems, such as a single department. Deploy patches system-wide. You do not necessarily need to install every hotfix, patch, or service pack that is released. For example, if a hotfix applies to a service that you have disabled on your servers, applying that hotfix is not required. Service packs typically include all hotfixes and patches that have been released up to that point in time.

You provide IT support for a dentist's office. The office has a limited number of wireless clients, so a simple wireless router is used to provide Wi-Fi access. On your latest visit, you check the manufacturer's website and discover that an update has been released by the wireless router manufacturer. You decide to download and install the update. Click the option you should use in the wireless router's configuration interface to prepare the device for the update.

Backup Configurations EXPLANATION Prior to applying the update, you should back up the wireless router's existing configuration. That way, you can restore the device to a working state in the event the update causes more problems than it solves. It's not necessary to disable wireless access to the device's web-based configuration interface prior to loading the update. Enabling the remote access option would allow the configuration interface to be accessed from the internet side of the router, which isn't necessary, and could introduce a significant security risk.

You are in the habit of regularly monitoring performance statistics for your devices. You find that this month, a specific server has averaged a higher number of active connections than last month. Which type of document should you update to reflect this change? Change log Configuration documentation Network diagram Wiring schematic Baseline

Baseline EXPLANATION A baseline is a snapshot of the performance statistics of the network or devices. The baseline is used as a logical basis for future comparison. Baselines enable you to effectively monitor the performance of your system to determine when changes negatively impact performance or when systems need upgrades or replacement. It is important to measure network performance at subsequent intervals to see how your server is performing compared to the baseline. Change or history documentation keeps track of changes to the configuration of a device or the network. For example, you might record a change in a network interface card in a device or a repair to a WAN link. Change documentation is useful for troubleshooting to identify what has been done to the device and keeps track of changes in the configuration, as well as the rationale behind those changes. Configuration documentation identifies specific configuration information for a device. For example, a configuration document for a firewall might include information about the IP addresses assigned to each interface and opened firewall ports. A wiring schematic is a type of network diagram that focuses on the physical connections between devices. A network diagram shows the logical and/or physical layout of your network.

You are concerned about the amount of traffic that passed through a router on your network. You want to see how the amount of traffic has changed over time. Which document would help you identify past average network traffic? Event log History log Baseline Network diagram

Baseline EXPLANATION A baseline is a snapshot of the performance statistics of the network or devices. The baseline is used as a logical basis for future comparison. Baselines enable you to effectively monitor the performance of your system to determine when changes negatively impact performance or when systems need upgrades or replacement. It is important to measure network performance at subsequent intervals to see how your server is performing compared to the baseline. Logs contain a record of events that have happened on a system. Logging capabilities are built into operating systems, services, and applications. Log entries are generated in response to configuration changes, changes in system state, or in response to network conditions. A network diagram shows the logical and/or physical layout of your network. The network diagram could be a collection of diagrams showing the location and IP addresses of hubs, switches, routers, and firewalls.

In business continuity planning, what is the primary focus of the scope? Human life and safety Company assets Recovery time objective Business processes

Business processes EXPLANATION Business processes are the primary focus of the scope of BCP. Company assets are the focus of risk assessment for security policy development, not BCP. Human life and safety are considerations for emergency response, but are not the focus of the BCP scope. Recovery time objective is a consideration in the development of emergency response, not an aspect of BCP scope.

You are troubleshooting a workstation connection to the network. During your troubleshooting, you replace the drop cable connecting the computer to the network. Which type of document should you update? Change documentation Configuration documentation Wiring schematic Network diagram

Change documentation EXPLANATION In this scenario, update the change documentation for the device to reflect that a part was replaced. In this scenario, you have not altered the network connection or design--you simply replaced the drop cable. In the future, knowing that the drop cable was recently replaced might help you troubleshoot new or recurring problems with the device. The configuration document identifies specific configuration information for a device. It might include information about the connection to the network. A network diagram might include the location of the workstation on your site and its connection to the network. A wiring schematic might include information about how the device connects to the punch down blocks or patch panels. For each of these documents, simply changing the drop cable does not alter the information in each document, so no change is required.

You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? Resource allocation Acceptable use SLA Change management

Change management EXPLANATION A change and configuration management policy provides a structured approach to secure company assets and make changes to company assets. Change management: Establishes hardware, software, and infrastructure configurations that are to be deployed universally throughout the corporation. Tracks and documents significant changes to the infrastructure. Assesses the risk of implementing new processes, hardware, or software. Ensures that proper testing and approval processes are followed before changes are allowed. An acceptable use policy (AUP) identifies the employees' rights to use company property, such as internet access and computer equipment, for personal use. A resource allocation policy outlines how resources are allocated. Resources could include staffing, technology, or budgets. Service level agreements (SLAs), sometimes called maintenance contracts, guarantee a network client a certain quality of a service from the provider.

You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? SLA Resource allocation Change management Acceptable use

Change management EXPLANATION A change and configuration management policy provides a structured approach to secure company assets and make changes. Change management: Establishes hardware, software, and infrastructure configurations that are to be deployed universally throughout the corporation. Tracks and documents significant changes to the infrastructure. Assesses the risk of implementing new processes, hardware, or software. Ensures that proper testing and approval processes are followed before changes are allowed. An acceptable use policy (AUP) identifies the employees' rights to use company property such as internet access and computer equipment for personal use. A resource allocation policy outlines how resources are allocated. Resources could include staffing, technology, or budgets. service level agreements (SLAs), sometimes called maintenance contracts, guarantee a client a certain quality of service from a network service provider.

Which component of a change and configuration management policy identifies the need for a proposed change? Feasibility analysis Authorized downtime Rollback Change request

Change request EXPLANATION A change request identifies the need for a change. It also documents the specific change to be made. A feasibility analysis identifies technical and budgetary considerations associated with a proposed change. It should also identify any potential impacts to the network. In the event that a change unintentionally causes problems, your change and configuration management process should include provisions for a rollback. A rollback makes it possible to revert the system back to the state it was in before the change was put into effect. Authorized downtime defines a maintenance window during which the system will be unavailable while the change is made.

You just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card for access. You backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with the username admin and the password admin. You used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? (Select two.) Use a web browser to access the router configuration using an HTTP connection. Use TFTP to back up the router configuration to a remote location. Change the default administrative user name and password. Use an SSH client to access the router configuration. Use encrypted type 7 passwords.

Change the default administrative user name and password. Use an SSH client to access the router configuration. EXPLANATION In this scenario, two key security issues need to be addressed: You should use an SSH client to access the router configuration. Telnet transfers data over the network connection in clear text, exposing sensitive data to sniffing. You should change the default administrative username and password. Default usernames and passwords are readily available from websites on the internet. Encrypted type 7 passwords on a Cisco device are less secure than those protected with MD5. Using HTTP and TFTP to manage the router configuration could expose sensitive information to sniffers, as they transmit data in clear text.

A code of ethics accomplishes all but which of the following? Clearly defines courses of action to take when a complex issue is encountered. Establishes a baseline for managing complex situations. Serves as a reference for the creation of acceptable use policies. Improves the professionalism of your organization as well as your profession.

Clearly defines courses of action to take when a complex issue is encountered. EXPLANATION A code of ethics does not provide clear courses of action when faced with complex issues and situations. That's the whole problem with ethical dilemmas--a right or wrong answer is not always easily determined. A code of ethics describes best practices and helps steer intentions to allow individuals and organizations to respond to complex situations in the most appropriate manner. A code of ethics does establish a baseline for managing complex situations, improve professionalism, and serve as a reference for the creation of acceptable use policies.

Which of the following network strategies connects multiple servers together so that if one server fails, the others immediately take over its tasks, preventing a disruption in service? Clustering Adapter bonding Storage area networks (SANs) Mirroring

Clustering EXPLANATION Clustering connects multiple servers together using special software. If one of the servers in the cluster fails, the other servers immediately take over the tasks the failed server was working on, resulting in no downtime for the end user. Adapter bonding increases the fault tolerance of a single server system by implementing multiple network boards that function as a single adapter. Mirroring also increases fault tolerance by creating a mirror copy of the server hard drive on one or more other hard drives. Storage area networks are usually used in conjunction with clustering to provide a common disk system that all servers in the cluster share.

Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all. Drag: Unmanaged switch Managed switch Drop: Commonly sold at retail stores. Provides port security features. Supports VLANs. Provides very few configuration options. Can be configured over a network connection. Can be configured over a dedicated communication channel.

Commonly sold at retail stores. - Unmanaged switch Provides port security features. - Managed switch Supports VLANs. - Managed switch Provides very few configuration options. - Unmanaged switch Can be configured over a network connection. - Managed switch Can be configured over a dedicated communication channel. - Managed switch EXPLANATION The low-end switches available from many retail stores cannot be configured. These are called unmanaged switches. To implement an unmanaged switch, you simply plug it in to a power outlet and connect your network devices with UTP cables. While unmanaged switches are convenient and easy to implement, they lack many of the advanced management and security features available on managed switches. For example, managed switches provide port security and support VLANs.

Match each third-party integration phase on the left with the tasks that need to be completed during that phase on the right. Each phase may be used once, more than once, or not at all. Drag: Onboarding Ongoing operations Off-boarding Drop: Communicate vulnerability assessment findings with the other party. Disable VPN configurations that allow partner access to your network. Compare your organization's security policies with the partner's policies. Disable the domain trust relationship between networks. Identify how privacy will be protected. Draft an ISA. Conduct regular security audits.

Communicate vulnerability assessment findings with the other party. - Ongoing operations Disable VPN configurations that allow partner access to your network. - Off-boarding Compare your organization's security policies with the partner's policies. - Onboarding Disable the domain trust relationship between networks. - Off-boarding Identify how privacy will be protected. - Onboarding Draft an ISA. - Onboarding Conduct regular security audits. - Ongoing operations EXPLANATION During the onboarding phase of a relationship you should take steps to ensure that the integration process maintains the security of each party's network by completing tasks, such as: Comparing your organization's security policies and infrastructure against each partner organization's policies and infrastructure. Identifying how privacy will be protected. Drafting an ISA to document how the information systems of each party in the relationship will be connected and how they will share data. During the ongoing operations phase of the relationship you need to verify that all parties are abiding by the Interoperability Agreement documents. To do this, you should: Conduct regular security audits to ensure that each party in the relationship is following the security-related aspects of the IA documents. Communicate vulnerability assessment and security audit findings with all of the parties in the relationship to maintain risk awareness. When the relationship with the third party ends, you need to ensure that all of the doors that were opened between organizations during the onboarding phase are closed by completing tasks, such as: Disabling any VPN, firewall, router, or switch configurations that allowed access to your network from the third-party network. Disabling any domain trust relationships that were established between the organizations.

Match each switch management method on left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all. Drag: In-band management Out-of-band management Drop: Competes with normal network traffic for bandwidth. Uses a dedicated communication channel. Must be encrypted to protect communications from sniffing. Does not compete with normal network traffic for bandwidth. Affected by network outages.

Competes with normal network traffic for bandwidth. - In-band management Uses a dedicated communication channel. - Out-of-band management Must be encrypted to protect communications from sniffing. - In-band management Does not compete with normal network traffic for bandwidth. - Out-of-band management Affected by network outages. - In-band management EXPLANATION Switch management tasks can be performed using the management utilities through a network connection. Such management is called in-band management because it uses a normal network connection with the switch for performing these tasks. For example, tools such as Telnet or SSH provide in-band management. Using the same network connection for both data and management has several drawbacks: You must compete with normal network traffic for bandwidth. The network traffic created by the management utilities must be protected from sniffing to ensure that hackers cannot capture sensitive configuration information. If the network connection is unavailable or if the switch is unresponsive to network communications, management tasks cannot be performed. Out-of-band management, on the other hand, overcomes these problems using dedicated communication channels that separate server management traffic from normal network traffic. With network switches (and routers), you can use console redirection to redirect console output to a built-in serial or USB console port.

Your organization entered into an interoperability agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain. The partnership has been in the ongoing operations phase for almost nine months now. As a security administrator, which tasks should you complete during this phase? (Select two.) Conduct periodic vulnerability assessments. Disable user and group accounts that the partner organization used to access your organization's data. Negotiate the BPO agreement. Verify compliance with the IA documents. Draft an MOU document.

Conduct periodic vulnerability assessments. Verify compliance with the IA documents. EXPLANATION During the ongoing operations phase of the relationship, you should: Regularly verify compliance with the IA documents. Conduct periodic vulnerability assessments to verify that the network interconnections created by the relationship have not exposed or created security weaknesses. BPO negotiations and MOU drafting should have taken place during the onboarding phase of the relationship. User and group accounts should have been disabled during the off-boarding phase.

What is the most effective means of improving or enforcing security in any environment? Enforcing account lockout Requiring two-factor authentication Disabling internet access Conducting user awareness training

Conducting user awareness training EXPLANATION The most effective means of improving and enforcing security in any environment is user awareness training. If users are educated about security and how to perform their work tasks securely, the overall security of the environment improves. Enforcing account lockout, using two-factor authentication, and disabling internet access are all valid security countermeasures or improvements but they don't have as much of a positive impact on overall security as user awareness training.

You want to make sure that the correct ports on a firewall are open or closed. Which document should you check? Policy Configuration documentation Wiring schematic Baseline

Configuration documentation EXPLANATION Configuration documentation identifies specific configuration information for a device. For example, a configuration document for a firewall might include information about the IP addresses assigned to each interface and opened firewall ports. Configuration documentation has two goals: Document the configuration so that the device can be restored to the original configuration. Document the configuration so that the current configuration can be compared to the desired configuration. A wiring schematic is a type of network diagram that focuses on the physical connections between devices. A baseline is a snapshot of the performance statistics of the network or devices. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached.

Which of the following enterprise wireless configuration strategies best keeps public wireless access separate from private wireless access? Configure a guest access WLAN that uses open authentication and isolates guest WLAN traffic from other clients on the same access point. Establish shared key authentication that uses one passphrase for guest users and another passphrase for private users. Deploy independent stand-alone access points throughout your enterprise and configure each to use the same SSID, the same channel, and the same IP subnet. Implement MAC address filtering to restrict connections to the private access point only to MAC addresses that are explicitly allowed.

Configure a guest access WLAN that uses open authentication and isolates guest WLAN traffic from other clients on the same access point. EXPLANATION Configuring a guest access WLAN that uses open authentication and isolates guest WLAN traffic from other clients on the same access point is the best solution. Using MAC address filtering would be very difficult to manage, especially if dozens of devices need to be connected. In addition, MAC filtering can be easily bypassed using MAC spoofing techniques. Deploying independent APs would require manual configuration and management of each device. Devices could also have issues when roaming between APs. Using two different shared keys only provides separate authentication and does not properly separate the two networks.

Your organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is a part of a complete solution.) Configure and apply security policy settings in a mobile device management system. Enroll the devices in a mobile device management system. Configure and distribute security settings in a configuration profile. Join the tablets to a Windows domain. Configure security settings in a Group Policy object. Require uses to install the configuration profile.

Configure and apply security policy settings in a mobile device management system. Enroll the devices in a mobile device management system. EXPLANATION You can implement a mobile device management (MDM) solution that pushes security policies directly to each tablet device over a network connection. This option enables policies to be remotely enforced and updated without any action by the end user. The tablet devices must be enrolled in the MDM system before the policy settings can be applied. One of the key problems associated with managing mobile devices is the fact that they can't be joined to a Windows domain. This means Group Policy can't be used to automatically push security settings to mobile devices. For devices running Apple's iOS operating system, security settings can be distributed in a configuration profile. The profile can be defined such that only an administrator can delete the profile, or you can lock the profile to the device so that it cannot be removed without completely erasing the device. However, this option relies on the end user to install the profile, which can be problematic. It's also not a dynamic strategy; even the smallest change to your mobile device security policies would require a great deal of effort to implement.

Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is part of a complete solution.) Link the Group Policy object to the container where the tablets' computer objects reside. Join the tablets to your domain. Configure and apply security policy settings in a mobile device management system. Manually configure security settings using the Local Group Policy Editor program. Configure security settings in a Group Policy object. Enroll the devices in a mobile device management system.

Configure and apply security policy settings in a mobile device management system. Enroll the devices in a mobile device management system. EXPLANATION You can implement a mobile device management (MDM) solution that pushes security policies directly to each tablet device over a network connection. This option enables policies to be remotely enforced and updated without any action by the end user. The tablet devices must be enrolled in the MDM system before the policy settings can be applied. One of the key problems associated with managing mobile devices is the fact that they can't be joined to a Windows domain. This means Group Policy can't be used to automatically push security settings to mobile devices. Security settings could be manually configured on each individual device. However, this would be a time-consuming task for the administrator, especially given the number of mobile devices in this scenario. In addition, any changes that need to be made in the future will have to be manually applied to one device at a time.

A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration? (Select two.) Configure the browser to send HTTPS requests through the VPN connection. Configure the browser to send HTTPS requests directly to the Wi-Fi network without going through the VPN connection. Configure the VPN connection to use PPTP. Configure the VPN connection to use IPsec. Configure the VPN connection to use MS-CHAPv2.

Configure the browser to send HTTPS requests through the VPN connection. Configure the VPN connection to use IPsec. EXPLANATION It is generally considered acceptable to use a VPN connection to securely transfer data over an open Wi-Fi network. As long as strong tunneling ciphers and protocols are used, the VPN provides sufficient encryption to secure the connection, even though the wireless network itself is not encrypted. It is recommended that you use IPsec or SSL to secure the VPN, as these protocols are relatively secure. You should also configure the browser's HTTPS requests go through the VPN connection. To conserve VPN bandwidth and to improve latency, many VPN solutions automatically reroute web browsing traffic through the client's default network connection instead of through the VPN tunnel. This behavior would result in HTTP/HTTPS traffic being transmitted over the unsecure open wireless network instead of through the secure VPN tunnel. Avoid using PPTP with MS-CHAPv2 in a VPN over open wireless configuration, as these protocols are no longer considered secure.

You manage the website for your company. The website uses a cluster of two servers with a single shared storage device. The shared storage device uses a RAID 1 configuration. Each server has a single connection to the shared storage and a single connection to your ISP. You want to provide redundancy so that a failure in a single component does not cause the website to become unavailable. What should you add to your configuration to accomplish this? Connect one server to the internet through a different ISP . On each server, add a second network connection to connect the server to the shared storage device. Reconfigure the disk array in a RAID 1+0 configuration. On each server, add a second network connection to the internet.

Connect one server to the internet through a different ISP . EXPLANATION In this scenario, the ISP is the single point of failure. If the ISP connection goes down, then the website is unavailable. Connecting one server to a different ISP or both servers to two ISPs provides redundancy for the connection. Adding multiple network connections to the shared storage or the same ISP is unnecessary because if the single network connection on one server fails, the other server will still be available. Reconfiguring the storage as a RAID 1+0 allows multiple disk failures, but RAID 1 can sustain a failure in a single disk.

Match the Cisco device password type on the left with its function on the right. Drag: VTY Console SDM Drop: Controls the ability to log on through a LAN or WAN interface configured on the device. Controls the ability to connect to the device using a web browser using HTTPS. Controls the ability to connect to the device using a direct connection.

Controls the ability to log on through a LAN or WAN interface configured on the device. - VTY Controls the ability to connect to the device using a web browser using HTTPS. - SDM Controls the ability to connect to the device using a direct connection. - Console EXPLANATION The following table lists three of the most common password types that you can configure on Cisco devices, including switches and routers: Console - Controls the ability to log on to the device through a console connection. VTY - Controls the ability to log on to the device using a virtual terminal (VTY) connection. EXEC mode - Controls the ability to switch to configuration modes.

Which of the following information are you likely to find in a procedure document? The relationship of routers to other routers on the network. Details on how to test and deploy patches. A record of the repairs made to a specific device. An inventory of the hardware components in a specific device.

Details on how to test and deploy patches. EXPLANATION A procedure is a step-by-step process outlining how to implement a specific action. For example, you might have a procedure document that identifies how patches are tested and applied within your network. Change, or history, documentation keeps track of changes to the configuration of a device or the network. For example, you might record a change in a network interface card in a device, or a repair to a WAN link. Configuration documentation identifies specific configuration information for a device. For example, the document might identify the hardware components within a device. A network diagram shows the logical and/or physical layout of your network. The network diagram could be a collection of diagrams showing the location and IP addresses of hubs, switches, routers, and firewalls.

Which of the following functions can a port scanner provide? Determining which ports are open on a network. Auditing IPsec encryption algorithm configuration. Automatically close open ports on the network. Testing virus definition design for false positives.

Determining which ports are open on a network. EXPLANATION Port scanners can determine which TCP/UDP ports are open on a network . Many port scanners provide additional information, including the host operating system and version of any detected servers. Hackers use port scanners to gather valuable information about a target. System administrators should use the same tools for proactive penetration testing and to ensure compliance with all corporate security policies.

Many of the end users in your organization are bringing their own personal mobile devices to work and are storing sensitive data on them. To prevent the data from being compromised, you create a cloud-based Microsoft Intune account and configure mobile device security policies. You now need to apply those security policies to the end users' mobile devices. What should you do? (Select two. Each response is a part of the complete solution.) Download and install the Intune client software on the mobile device. Perform a clean install of the mobile operating system on each user's device. Enroll the devices with the Intune service. Join each device to your organization's domain. Configure mobile device security policies using gpedit.msc.

Download and install the Intune client software on the mobile device. Enroll the devices with the Intune service. EXPLANATION To manage mobile devices with Windows Intune, you must complete the following: Create a user account for each user who has a managed mobile device. Enroll the devices with the Intune service. The enrollment process will copy down and install the Intune management agent to the device. It is not necessary to reinstall the mobile operation system on each device. Most mobile devices, with the exception of Windows-based notebooks, cannot be joined to a Windows domain; therefore, Group Policy cannot be used to apply security settings.

IPsec is implemented through two separate protocols. What are these protocols called? (Select two.) L2TP ESP SSL EPS AH

ESP AH EXPLANATION IPsec is implemented through two separate protocols, IP Authentication Header and IPsec Encapsulating Security Payload. IPsec AH provides authentication and non-repudiation services to verify that the sender is genuine and the data has not been modified in transit. IPsec ESP provides data encryption services for the data within the packet. IPsec SSL and IPsec EPS are not protocols associated with IPsec.

Your organization has recently purchased 20 tablet devices for the Human Resource department to use for training sessions. You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible. Which actions should you take? (Select two. Each response is a separate solution.) Enable device encryption. Join the devices to your organization's domain. Implement storage segmentation. Install the devices in your organization's directory services tree. Configure a Group Policy object (GPO) containing mobile device-specific security settings.

Enable device encryption. Implement storage segmentation. EXPLANATION When deploying new mobile devices, there are many things you should do to increase their overall security, including the following: Enable device encryption. Data encryption ensures data confidentiality on the device. Segment personal data from organizational data on mobile devices. This storage strategy allows encryption to be applied only to sensitive organizational data on the device. It also allows only organizational data to be removed during a remote wipe, preserving personal data. Mobile devices can't be joined to a domain, so there is no way to apply Group Policy settings from a GPO to a mobile device. Most directory services, such as OpenLDAP, do not support mobile devices, so it probably isn't possible to install the new tablets in your organization's directory services tree.

Which of the following are improvements to SNMP that are included within SNMP version 3? (Select two.) Use of SFTP for transferring SNMP data Hashing of the community name Encryption of SNMP messages Authentication for agents and managers

Encryption of SNMP messages Authentication for agents and managers EXPLANATION SNMP v3 adds the following improvements for security: Authentication for agents and managers Encryption of SNMP information Message integrity to ensure that data is not altered in transit

Which of the following statements about SSL VPN are true? (Select two.) Encrypts the entire communication session. Provides message integrity using HMAC. Uses port 443. Uses UDP port 500. Uses pre-shared keys for authentication. Encapsulates packets by adding a GRE header.

Encrypts the entire communication session. Uses port 443. EXPLANATION SSL VPN uses the SSL protocol to secure communications. SSL VPN: Authenticates the server to the client using public key cryptography and digital certificates. Encrypts the entire communication session. Uses port 443, which is already open on most firewalls. Pre-shared keys are used by IPsec to provide authentication with other protocols. IPsec also uses HMAC to provide message integrity checks. GRE headers are used exclusively by the GRE tunneling protocol. UDP port 500 is used by the Layer 2 tunneling protocol (L2TP).

You manage a firewall that connects your private network to the internet. You would like to see a record of every packet that has been rejected by the firewall in the past month. Which tool should you use? Throughput tester Packet sniffer Load tester Event log

Event log EXPLANATION Use the event logs to see a record of past events. Logging capabilities are built into operating systems, services, and applications. Log entries are generated in response to configuration changes or actions taken by the system. Depending on the device, there might be multiple logs with different names, so the exact log you consult might vary depending on the device. A packet sniffer is special software that captures (records) frames that are transmitted on the network. A packet sniffer would tell you the frames and packets sent to the device, but would not identify the actions the firewall took in response to those packets. A load tester simulates a load on a server or service. A throughput tester measures the amount of data that can be transferred through a network or processed by a device (such as the amount of data that can be retrieved from disk in a specific period of time).

Which component of a change and configuration management policy identifies technical and budgetary considerations associated with a proposed change and also identifies any potential impacts to the network? Feasibility analysis Authorized downtime Change request Rollback

Feasibility analysis EXPLANATION A feasibility analysis identifies technical and budgetary considerations associated with a proposed change. It should also identify any potential impacts to the network. In the event that a change unintentionally causes problems, your change and configuration management process should include provisions for a rollback. A rollback makes it possible to revert the system back to the state it was in before the change was put into effect. Authorized downtime defines a maintenance window during which the system will be unavailable while the change is made. A change request identifies the need for a change.

Which of the following can route Layer 3 protocols across an IP network? GRE SSL IPsec PPTP

GRE EXPLANATION Generic routing encapsulation (GRE) is a tunneling protocol that creates a tunnel between two routers. It does this by adding a GRE header and a new IP header to the original packet. IPsec, PPTP, and SSL are all authentication protocols that are used to secure communications.

Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)? Kernel fix kit Targeted software patch Hotfix Service pack

Hotfix EXPLANATION A hotfix is an operating system patch that corrects a specific known problem. Microsoft typically releases hotfixes monthly. Service packs include a collection of hotfixes and other system updates. Service packs are not released as often, but contain all hotfixes released up to that point in time.

You manage a server at work that has just been configured with a new application. Consequently, the server has crashed several times during the last week. You think you have resolved the problem, but you would like to be able to manage the server remotely just in case more issues occur. Which of the following protocols would you use for remote management? (Select two.) L2TP PPPoE ICA PPP PPTP VNC

ICA VNC EXPLANATION Use a remote desktop protocol to remotely manage devices. The remote desktop protocol allows you to interact with the computer's desktop without being present at the console. There are multiple protocols that you can use for remote desktop connections. Virtual Network Computing (VNC) was originally developed for UNIX. Applications using VNC include RealVNC, TightVNC, UltraVNC, and Vine Server. Independent Computing Architecture (ICA) is the protocol used by Citrix products (WinFrame and MetaFrame/XenApp). The Remote Desktop Protocol (RDP) is the protocol developed by Microsoft and used in Microsoft's Terminal Services, Remote Desktop, and Remote Assistance solutions. Aqua Connect has licensed RDP and created a version for Mac OS X as a server. PPP and PPPoE are protocols that are used to control remote access. Both allow the authentication, authorization, and accounting of remote access connections. PPTP and L2TP are VPN protocols that provide a secure connection to a destination host or network through the internet .

Which of the following network layer protocols provides authentication and encryption services for IP-based network traffic? SSL L2TP TCP IPsec

IPsec EXPLANATION IPsec is a security implementation that provides security for all other TCP/IP based protocols that operate above the network layer. IPsec provides authentication through a protocol called IPsec authentication header (AH) and encryption services through a protocol called IPsec encapsulating security payloads (ESP) The transmission control protocol (TCP) is a transport layer connection-oriented protocol that provides data transmission services. It is not a secure protocol and relies on other measures, such as IPsec, to provide security. The Secure Sockets Layer (SSL) is an application layer protocol that is designed to secure network traffic from certain other protocols, such as hypertext transfer protocol (HTTP) and post office protocol version 3 (POP3). It does not provide security for protocols lower in the TCP/IP protocol stack, such as TCP and UDP. The Layer 2 tunneling protocol (L2TP) is a protocol used to encapsulate point-to-point protocol (PPP) traffic.

Your organization is in the process of negotiating an interoperability agreement (IA) with another organization. As a part of this agreement, the partner organization proposes that a federated trust be established between your domain and their domain. This configuration will allow users in their domain to access resources in your domain and vice versa. As a security administrator, which tasks should you complete during this phase? (Select two.) Identify how data will be shared. Conduct security audits on the partner organization. Verify compliance with the IA documents. Reset all passwords the third party uses to access data or applications on your network. Identify how data ownership will be determined.

Identify how data will be shared. Identify how data ownership will be determined. EXPLANATION During the onboarding phase of a third-party relationship, several issues need to be considered and a plan formulated to address them, including: How data ownership will be determined. How data will be shared. Security and compliance audits should be conducted during the ongoing operations phase of the relationship. Partner passwords should be reset during the off-boarding phase.

The owner of a hotel has contracted you to implement a wireless network to provide internet access for patrons. The owner has asked that you implement security controls so that only paying patrons are allowed to use the wireless network. She wants them to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, they should then be allowed full access to the internet. If a patron does not provide the correct code, they should not be allowed to access the internet. Under no circumstances should patrons be able to access the internal hotel network where sensitive data is stored. What should you do? Implement 802.1x authentication using a RADIUS server. Implement a guest network. Implement pre-shared key authentication. Implement MAC address filtering.

Implement a guest network. EXPLANATION A guest network that is isolated from the hotel's network would be the best choice in this scenario. The guest network could be configured to require wireless network users to abide by certain conditions before they are allowed access to the wireless network using a captive portal. For example, it could require them to: Agree to an acceptable use policy. Provide a PIN or password. Pay for access to the wireless network. View information or advertisements about the organization providing the wireless network (such as an airport or hotel). When a wireless device initially connects to the wireless network, all traffic to or from that device is blocked until the user opens a browser and accesses the captive portal web page. After providing the appropriate code, traffic is unblocked and the host can access the guest network. MAC address filtering and 802.1x authentication would work from a technical standpoint, but would be completely unmanageable in a hotel scenario where guests constantly come and go every day. Using a pre-shared key would require a degree of technical expertise on the part of the hotel guests. It could also become problematic if the key were to be leaked, allowing non-guests to use the wireless network.

You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do? Implement version 3 of SNMP. Implement a RADIUS solution. Use SSH instead of SNMP. Combine SNMP with SSL.

Implement version 3 of SNMP. EXPLANATION Simple Network Management Protocol (SNMP) is a protocol designed for managing complex networks. SNMP lets network hosts exchange configuration and status information. The original version of SNMP has several vulnerabilities. For added security, implement version 3 of SNMP. SSH allows secure interactive control of remote systems, but does not provide the same features as SNMP. RADIUS is used to control remote access authentication, authorization, and accounting from a centralized server.

Over the last month, you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment? Initiate stronger auditing. Reduce all employee permissions and privileges. Terminate all offenders. Improve and hold new awareness training.

Improve and hold new awareness training. EXPLANATION The best response in this situation is to improve and hold new awareness sessions. If everyone is being lax in avoiding inappropriate behavior, either they have forgotten what is appropriate or a new trend has started that needs to be diverted. Either way, new awareness training should greatly reduce occurrences. Termination should only be considered after repeated attempts to re-train and warn the offenders. Firing staff based on initial trend the data of inappropriate activities is too severe a response. Reducing permissions and privileges is a step to take after re-training. Otherwise, it could severely interfere with the staff's ability to accomplish their work tasks. Initiating stronger auditing will not directly address the problem--it will just uncover more evidence of the trend of increasing inappropriate activity.

You have been hired by a startup company to install a new data center. The company is small, so they have elected to use an unused employee break room as the data center. You are concerned about the physical security of the servers that will be installed in the data center. What should you do? (Select two.) Install a biometric lock on the data center door. Install racks with locking doors. Install two-post 48U racks. Install two-post 24U racks. Install a humidifier within the data center.

Install a biometric lock on the data center door. Install racks with locking doors. EXPLANATION To physically protect the servers within the new data center, you should: Install rack enclosures with locking doors. Install a biometric lock on the data center door. By doing this, you implement a defense in depth strategy. Even if an intruder were to defeat the biometric lock on the data center door, they would still have to defeat the lock on the rack enclosure. Two-post racks typically do not provide security features such as locks or alarms. Installing a humidifier in the data center would have no impact on the physical security of the systems within it.

You have purchased a solar backup power device to provide temporary electrical power to critical systems in your data center should the power provided by the electrical utility company go out. The solar panel array captures sunlight, converts it into direct current (DC), and stores it in large batteries. The power supplies in the servers, switches, and routers in your data center require alternating current (AC) to operate. Which electrical device should you implement to convert the DC power stored in the batteries into AC power that can be used in the data center? Transistor Capacitor Transformer Inverter

Inverter EXPLANATION A power inverter changes direct current (DC) power to alternating current (AC) power. In this scenario, a power inverter can be used to convert the DC power stored in the batteries to AC power that your servers, switches, and routers can use in an emergency. A transformer is typically used to increase or decrease the voltage of AC power. A capacitor temporarily stores an electrical charge. Capacitors are used with the chips on a computer memory module that store data. A transistor is used to amplify and switch electrical signals.

Which of the following statements is true? A system image backup: Is the only type of backup supported by the backup and restore console. Can be saved to a Bitlocker-enabled volume. Is saved as a .vhd file. Does not include user profile settings.

Is saved as a .vhd file. EXPLANATION A system image backup consists of an entire volume backed up to a .vhd file. It contains everything on the system, including the operating system, installed programs, drivers, and user data files.

Which of the following protocols can your portable computer use to connect to your company's network via a virtual tunnel through the internet? (Select two.) L2TP PPTP PPPoE VNC ICA

L2TP PPTP EXPLANATION PPTP (point-to-point tunneling protocol) or L2TP (layer two tunneling protocol) are two VPN (virtual private networking) protocols that let you access your company's network through a public network such as the internet. PPPoE is used for connecting to the internet through an Ethernet connection to include authentication and accounting. VNC and ICA are remote desktop protocols used for remote administration or remote access.

What is the most common security policy failure? Overlooked critical assets Failure to assign responsibilities Improperly outlined procedures Lack of user awareness

Lack of user awareness EXPLANATION The most common security policy failure is a lack of user awareness. If users are not aware of the policies to follow or procedures to comply with, they do not know how to perform their work tasks securely. When an organization makes the effort to produce a security policy, improperly outlined procedures are rarely a problem. This issue is usually discovered and corrected early in the security policy development process. Overlooking critical assets is not a common problem. During the asset identification stage of risk analysis and security policy development, every asset is examined for importance. A security policy is not complete unless it assigns specific tasks and responsibilities to roles and individuals within the organization.

What is the primary goal of business continuity planning? Minimizing the risk of delays and interruptions in services Minimizing decision-making during the development process Maintaining business operations with reduced or restricted infrastructure capabilities or resources Protecting an organization from major computer services failure

Maintaining business operations with reduced or restricted infrastructure capabilities or resources EXPLANATION The primary goal of BCP is maintaining business operations with reduced or restricted infrastructure capabilities or resources. Minimizing the risk to the organization from delays and interruptions in providing services is a goal of DRP. If your organization cannot provide services, it is experiencing a disaster. Minimizing decision-making during the development process is not a valid goal of BCP or DRP; decisions should be made during development. The correct DRP goal is to minimize decisions during an emergency. Protecting an organization from major computer services failure is a goal of DRP, not BCP. If computer services fail, business continuity is interrupted, which is considered a disaster.

Which business document is a contract that defines a set of terms that will govern future agreements between two parties? Master service agreement Memorandum of understanding Interconnection security agreement Statement of work

Master service agreement EXPLANATION A master service agreement is a contract that defines terms that will govern future agreements between two parties. The purpose of this document is to allow the parties to quickly negotiate future agreements without having to repetitively renegotiate the same terms over and over. A statement of work is a contract that defines the tasks, time frame, and deliverables that a vendor agrees to with a client. A memorandum of understanding provides a brief summary of which party in the relationship is responsible for performing specific tasks. An interconnection security agreement documents how the information systems of each party in the relationship will be connected and how they will share data.

Most mobile device management (MDM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate. Drag: Wi-Fi triangulation Cell phone tower triangulation IP address resolution GPS Drop: Most accurate More accurate Less accurate Least accurate

Most accurate - GPS More accurate - Wi-Fi triangulation Less accurate - Cell phone tower triangulation Least accurate - IP address resolution EXPLANATION Most mobile device management (MDM) solutions can leverage the following technologies on enrolled mobile devices to track their physical location: The Global Position System (GPS) can track the location of GPS-enabled devices to within a meter. Wi-Fi triangulation can track the location of devices in heavily-populated urban areas to within a few meters, depending on the number of networks in range and the accuracy of their signal strength data. Cell phone tower triangulation can track the location of devices to within a kilometer, depending on the signal strength and number of cell towers within range. IP address resolution is much less accurate than the other options, tracking the location of devices to within roughly 20 kilometers.

Which of the following networking devices or services prevents the use of IPsec in most cases? NAT Router Switch Firewall

NAT EXPLANATION IPsec cannot typically be used when static IP addresses are not used by both communication partners. NAT proxy performs network address translation on all communications. For this reason, the IP address seen for a system outside of the proxied network is not the real IP address of that system. This prevents the use of IPsec. IPsec can be deployed without problems with the presence of firewalls, routers, and switches. However, in the case of firewalls, special access ports will need to be configured to allow IPsec traffic to pass.

If an organization shows sufficient due care, which burden is eliminated in the event of a security breach? Negligence Liability Asset loss Investigation

Negligence EXPLANATION An organization with sufficient due care has shown that they have taken every reasonable effort to protect their assets and environment. If a security breach occurs, then the organization is not held negligent for the losses. Even with a strong security solution, asset loss is always possible. Even with strong due care, an organization is still liable for damages incurred. Due care does not remove requirement to investigate security breaches.

Which of the following media types can you save backup files on? (Select two.) Tape drives The system disk Network attached storage (NAS) External hard drives

Network attached storage (NAS) External hard drives EXPLANATION Backups can be saved to: Secondary internal hard drives External hard drives Optical drives USB flash drives Network shares .vhd files Network attached storage (NAS) or storage area network (SAN). Backup files cannot be saved to: The same disk being backed up A system disk A Bitlocker-enabled volume A tape drive

When troubleshooting a router, you want to identify which other devices are connected to the router, as well as the subnet addresses of each connected subnet. Which type of document would most likely have this information? Wiring schematic Policy Baseline Procedure Network diagram

Network diagram EXPLANATION A network diagram shows the logical and/or physical layout of your network. The network diagram could be a collection of diagrams showing the following information: The location and IP addresses of hubs, switches, routers, and firewalls. The relationship of remote locations and the WAN links that connect remote locations. Subnets within your network, including the subnet addresses and routers connecting each subnet. A wiring schematic is a type of network diagram that focuses on the physical connections between devices. The wiring diagram typically shows the location of drop cables and ports within offices or cubicles and a labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punch down block locations. A baseline is a snapshot of the performance statistics of the network or devices. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but goes beyond the policy by identifying specific steps that are to be implemented.

You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for virtualization. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a straight-through UTP cable that will run across the floor of the data center. To protect equipment from power failures, you also plan to install a UPS in the rack along with redundant power supplies for the server. Will this configuration work? Yes. This configuration complies with data center best practices. No. You should not use blade servers for virtualization. No. You should not run a cable across the floor of the data center. No. You must use a cross-over cable to connect the two switches together. No. You must implement the UPS and power supplies to the rack externally.

No. You should not run a cable across the floor of the data center. EXPLANATION In this scenario, running a cable across the floor of the data center represents a tripping hazard. It also represents a point of failure, as the cable will be walked on constantly, resulting in it being kicked out of one or both jacks. It will also likely fail prematurely due to the excessive wear. A better option would be to run the through the ceiling plenum. Blade servers work well for virtualization as long as they meet the system requirements for the hypervisor software. In the early days of networking, cross-over cables were required to uplink two hubs or switches together. However, most modern switches implement Auto MDI-X, which detects whether cross-over is required and automatically configures the interface for you, making a crossover cable unnecessary. Rack-mounted power supplies and UPS devices are commonly used in data centers.

Your 24U rack currently houses two 4U server systems. To prevent overheating, you've installed a rack-mounted environment monitoring device within the rack. Currently, the device shows that the temperature within the rack is 70 degrees Fahrenheit (21 degrees Celsius). What should you do? Install a humidifier to increase the humidity within the server room. Re-orient the cold aisle within the server room so that it is directed toward the air conditioner's return duct. Install an additional air conditioning unit for the server room. Nothing. The temperature within the rack is within acceptable limits.

Nothing. The temperature within the rack is within acceptable limits. EXPLANATION The ideal temperature for computing equipment is around 68 degrees Fahrenheit (20 degrees Celsius). Therefore, a reading of 70 degrees Fahrenheit (21 degrees Celsius) within a server rack is not an issue of concern. Under the current environmental conditions, installing an additional air conditioning unit isn't necessary and would be very expensive. Installing a humidifier in the server room would have no effect on the temperature within the room and is not warranted given the data in the scenario. Reorienting the cold aisle within the server room so that it is directed toward the air conditioner's return duct would likely cause the temperature within the server room to increase.

Consider the network diagram shown below. Click on the item in the diagram that does not follow a standardized labeling scheme.

PC2 EXPLANATION By reviewing this diagram, you can see that the following labeling convention is used: Workstations = WSxx Notebooks = NBxx Servers = FSxx Switches = SWxx Routers = RTRxx The workstation labeled PC2 does not conform to this labeling standard.

You want to use a protocol that can encapsulate other LAN protocols and carry the data securely over an IP network. Which of the following protocols is suitable for this task? PPP NetBEUI SLIP PPTP

PPTP EXPLANATION PPTP is used with VPNs, which allow you to send data securely over a public network.

You suspect that your web server has been the target of a denial-of-service attack. You would like to view information about the number of connections to the server over the past three days. Which log would you most likely examine? Performance System Security Firewall

Performance EXPLANATION A performance log records information about the use of system resources. For example, the performance log records processor, memory, disk, and network utilization. In addition, the performance log can record information related to the performance of a specific service, such as the number of connections to a web server. You might also find this information in an application log for the service. A security log records information related to logons, such as incorrect passwords being used, and the use of user rights. A system log records operating system, system, and hardware events. A firewall log identifies traffic that has been allowed or denied through a firewall.

A new law was recently passed that states that all businesses must keep a history of the emails sent between members of the board of directors. You need to ensure that your organization complies with this law. Which document type would you update first in response to this new law? Change documentation Configuration documentation Procedure Policy

Policy EXPLANATION Based on the new law, you would likely need to update your policy statement first. A policy is a document that describes the overall goals and requirements for a network. Policies are often written in response to regulations. After you have updated the policy to identify that the new law will be followed, you would likely need to update procedure documents to identify how the policy (and the law) will be implemented. Next, you might make the necessary changes on specific devices and then update the configuration and change documents for those devices to reflect the new configuration and the actions you took.

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use? System logs Port scanner IDS IPS Packet sniffer

Port scanner EXPLANATION Use a port scanner to check for open ports on a system or a firewall. Compare the list of opened ports with the list of ports allowed by your network design and security policy. Typically, a port is opened when a service starts or is configured on a device. Open ports for unused services expose the server to attacks directed towards that port. Use a packet sniffer to examine packets on the network. With a packet sniffer, you can identify packets directed towards specific ports, but you won't be able to tell if those ports are open. Examine system logs to look for events that have happened on a system, which might include a service starting, but would not likely reflect open ports. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A passive IDS monitors, logs, and detects security breaches, but takes no action to stop or prevent the attack. An active IDS (also called an intrusion protection system or IPS) performs the functions of an IDS, but can also react when security breaches occur.

You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting the availability of the network. Which of the following should you implement? Positive pressure system Backup generator UPS Negative pressure system Line conditioner

Positive pressure system EXPLANATION Use positive pressure systems. Positive pressure systems protect the air quality in the facility by causing air to be forced out through doors, windows, and other openings. Negative pressure systems draw air in, potentially bringing in airborne particles such as dust, smoke from a fire, or contamination from a chemical leak. Positive pressure systems are more energy effective. Line conditioners (also known as power conditioners) are used to improve the quality of the power by performing one or more of the following: Removing noise caused by EMI and RFI. Providing small amounts of additional power to protect equipment from power dips or sags. Protecting equipment from spikes and surges. Most UPS systems include line conditioners.

Beside protecting a computer from under-voltages, a typical UPS also performs which two actions? Protects from over-voltages Conditions the power signal Prevents ESD Prevents electric shock

Protects from over-voltages Conditions the power signal EXPLANATION A typical UPS protects a computer from over-voltages as well as under-voltages. Also, because the quality of the electrical signal provided by a UPS battery is not as good as the AC power from the wall outlet, UPS devices often have built-in line conditioners.

When analyzing assets, which analysis method assigns financial values to assets? Acceptance Qualitative Quantitative Transfer

Quantitative EXPLANATION Quantitative analysis assigns a financial value, or a real number, and the cost required to recover from a loss to each asset. Qualitative analysis seeks to identify costs that cannot be concretely defined using quantitative analysis. Transfer and acceptance are responses to risk, not risk analysis methods.

You want to set up a service that allows multiple users to dial in to the office server from modems on their home computers. What service should you implement? PPP ISDN RIP RAS

RAS EXPLANATION RAS stands for Remote Access Service, which enables users to dial in to a server from remote locations. ISDN is a digital communications network that uses existing phone lines. PPP is a remote access protocol. You will likely configure your RAS server to accept PPP connections. RIP stands for routing information protocol and allows routers to share information.

Which of the following protocols or services would you associate with Window's Remote Desktop Services network traffic? WPA NNTP RDP WTSP

RDP EXPLANATION The Remote Desktop Protocol (RDP) is used by Window's Remote Desktop Services applications, including Remote Desktop Connection. WTSP is not a recognized protocol used on networks. The network news transport protocol (NNTP) is used to access newsgroups and download messages. It is not associated with Windows Terminal Services. Wi-Fi Protected Access (WPA) is a security mechanism designed to provide protection on wireless networks. It is not associated with Windows Terminal Services.

You are in the middle of a big project at work. All of your work files are on a server at the office. You want to be able to access the server desktop, open and edit files, save the files on the server, and print files to a printer connected to a computer at home. Which protocol should you use? FTP TFTP SSH Telnet RDP

RDP EXPLANATION To access the desktop of a remote computer or server, use a remote desktop protocol. RDP is Microsoft's remote desktop protocol, but other protocols include VNC and ICA. With the remote desktop solution, you can access the device's desktop and work with applications and files on that device. Device redirection allows you to redirect sound, drives, or printing at the remote computer to your local computer. Telnet and SSH are command-line utilities used for remote management. FTP and TFTP are used for file transfer. While you might use either protocol to transfer files, they do not give you access to the remote computer's desktop.

In addition to performing regular backups, what must you do to protect your system from data loss? Restrict restoration privileges to system administrators. Write-protect all backup media. Regularly test restoration procedures. Store the backup media in an on-site fireproof vault.

Regularly test restoration procedures. EXPLANATION The only way to ensure that you have protection against data loss is to regularly test your restoration procedures. This activity reveals whether or not your backup process functions properly and your restoration and recovery procedures are accurate. It's a good idea to store backup media in a fireproof vault, but it is a better idea to store it off site. Restoration privileges should be restricted to trusted staff to prevent confidentiality violations (but this does not address the issue of data loss protection). Write-protecting backup media provides little real security for the stored data because anyone can flip the switch on the media to remove the protection.

You need to find out what kind of laws might apply to the design and operation of your network. Which type of document would you consult? Policy Baseline Procedure Regulation

Regulation EXPLANATION A regulation is a requirement published by a government or other licensing body that must be followed. While you are not responsible for writing regulations, you are responsible for knowing which regulations apply to your organization and making sure that those regulations are understood and adhered to. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. Policies are often written in response to regulations. A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but go beyond the policy by identifying specific steps that are to be implemented. The use of consistent procedures ensures that the goals defined in a policy are met and provides consistency in actions performed by multiple administrators. A baseline is a snapshot of the performance statistics of the network or devices. The baseline is used as a logical basis for future comparison. Baselines enable you to effectively monitor the performance of your system to determine when changes negatively impact performance or when systems need upgrades or replacement.

You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files on that server that you need. You want the connection to be as secure as possible. Which type of connection will you need? Remote access Intranet Internet Virtual private network

Remote access EXPLANATION Use a remote access connection to connect directly to a server at a remote location. You could use a VPN connection through the internet to connect to the server security. However, the connection would involve connecting to the internet through a local ISP, then establishing a VPN connection to the server. While the VPN connection through the internet is secure, it is not as secure as a direct remote connection to the server. An intranet is an internal network that only internal users can access.

A smart phone was lost at the airport. There is no way to recover the device. Which if the following will ensure data confidentiality on the device? Remote wipe TPM GPS Screen lock

Remote wipe EXPLANATION Remote wipe, also known as sanitization, remotely clears specific sensitive data on the mobile device. This ensures that whoever has the device is not able to see the sensitive data. This task is also useful if you are assigning the device to another user or after multiple incorrect entries of the password or PIN. Data encryption also ensures data confidentiality on the device. Voice encryption on mobile phones ensures data confidentiality during transit. Global Positioning System (GPS) tracking can assist in the recovery of the device by displaying its current location. A lockout (or screen lock) disables the ability to use the device after a short period of inactivity. The correct password or personal identification number (PIN) unlocks the device. The Trusted Platform Module (TPM) is a hardware chip on the motherboard that can generate and store cryptographic keys for integrity checking startup files and components.

Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called? Exposure Residual risk Risk Loss

Residual risk EXPLANATION Residual risk is the portion of risk that remains after a countermeasure is implemented. There will almost always be some residual risk. Exposure is the vulnerability of losses from a threat agent. Risk is the likelihood of a vulnerability being exploited. A loss is the real damages to an asset that reduces its confidentiality, integrity, or availab

Which component of a change and configuration management policy specifies options for reverting a system back to the state it was in before a change was made? Change request Authorized downtime Rollback Feasibility analysis

Rollback EXPLANATION In the event that a change unintentionally causes problems, your change and configuration management process should include provisions for a rollback. A rollback makes it possible to revert the system back to the state it was in before the change was put into effect. Authorized downtime defines a maintenance window during which the system will be unavailable while the change is made. A change request identifies the need for a change. A feasibility analysis identifies technical and budgetary considerations for a change. It also identifies any potential impacts to the network.

Because of an unexplained slowdown on your network, you decide to install monitoring software on several key network hosts to locate the problem. You will then collect and analyze the data from a central network host. Which protocol will the software use to detect the problem? The primary protocol of your network TCP/IP SMTP IPX SNMP

SNMP EXPLANATION SNMP (Simple Network Management Protocol) is used to track network statistics. SNMP operates over UDP and IP. However, by themselves, those protocols do not provide network monitoring support.

Which protocol uses traps to send notifications from network devices? SMTP SNMP IGMP IMAP4 ICMP

SNMP EXPLANATION The Simple Network Management Protocol (SNMP) lets network hosts exchange configuration and status information. This information can be gathered by management software and used to monitor and manage the network. A trap is an event configured on an agent. When the event occurs, the agent logs details regarding the event. SMTP and IMAP4 are used for sending email. ICMP is an echo/response protocol that is used for exchanging simple requests between devices, but ICMP does not use traps. IGMP is used to send packets to hosts that are a member of a group.

Which protocol does HTTPS use to offer greater security in web transactions? Kerberos SSL Username and password authentication IPsec

SSL EXPLANATION HTTPS uses secure sockets layer (SSL) to offer greater security in web transactions.

Which of the following mobile device security consideration disables the ability to use the device after a short period of inactivity? TPM GPS Remote wipe Screen lock

Screen lock EXPLANATION A lockout (or screen lock) disables the ability to use the device after a short period of inactivity. The correct password or personal identification number (PIN) unlocks the device. Remote wipe, also known as sanitization, remotely clears specific, sensitive data on the mobile device. This task is also useful if you are assigning the device to another user, or after multiple incorrect entries of the password or PIN. Data encryption also ensures data confidentiality on the device. Voice encryption (on mobile phones) ensures data confidentiality during transit. Global Positioning System (GPS) tracking can assist in the recovery of the device by displaying its current location. The Trusted Platform Module (TPM) is a hardware chip on the motherboard that can generate and store cryptographic keys to check the integrity of of startup files and components.

Which of the following is defined as a contract that prescribes the technical support or business parameters that a provider will bestow to its client? Certificate practice statement Service level agreement Mutual aid agreement Final audit report

Service level agreement EXPLANATION A service level agreement is defined as a contract that prescribes the technical support or business parameters that a provider will bestow to its client. A mutual aid agreement is an agreement between two organizations to support each other in the event of a disaster. A final audit report is the result of an external auditor's inspection and analysis of an organization's security status. A certificate practice statement defines the actions and promises of a certificate service authority.

Consider the following output generated by the show interface fa0/0 command generated on a router: FastEthernet0/0 is up, line protocol is up [...] Auto-duplex, 100Mb/s, 100BaseTX/FX [...] Input queue: 0/75/1771/0 (size/max/drops/flushes); Total output drops: 0 [...] 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15387 packets input, 1736263 bytes, 0 no buffer Received 15241 broadcasts, 0 runts, 0 giants 0 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 watchdog, 0 multicast 0 input packets with dribble condition detected 607 packets output, 6141 bytes, 0 underruns 4 output errors, 10 collisions, 3 interface resets, 0 restarts 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Which of the following statements are true about the fa0/0 interface? (Select three.) Several collisions have occurred. One cyclic redundancy check error has occurred. The interface is dropping incoming packets. There have been no interface resets. The interface is running in half-duplex mode. No input or output errors have occurred.

Several collisions have occurred. One cyclic redundancy check error has occurred. The interface is dropping incoming packets. EXPLANATION The show interface command can help you identify problems that have occurred on an interface. Consider the following output generated by the show interface fa0/0 command generated on a router: FastEthernet0/0 is up, line protocol is up [...] Auto-duplex, 100Mb/s, 100BaseTX/FX [...] Input queue: 0/75/1771/0 (size/max/drops/flushes); Total output drops: 0 [...] 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 15387 packets input, 1736263 bytes, 0 no buffer Received 15241 broadcasts, 0 runts, 0 giants 0 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 watchdog, 0 multicast 0 input packets with dribble condition detected 607 packets output, 6141 bytes, 0 underruns 4 output errors, 10 collisions, 3 interface resets, 0 restarts 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Based on the output, the following information can be identified: 1771 packets have been dropped. Auto-duplex mode is selected. One CRC error has occurred. Three interface resets have occurred. Zero input errors have occurred, but there have been four output errors. 10 collisions have occurred.

You are considering using Wi-Fi triangulation to track the location of wireless devices within your organization. However, you have read on the internet that this type of tracking can produce inaccurate results. What is the most important consideration for getting reliable results when implementing this type of system? Wireless standard in use Signal strength WAP placement Wireless encryption in use

Signal strength EXPLANATION Wi-Fi triangulation works by configuring wireless devices to sniff for wireless networks in range and then measuring each network's signal strength. The results are compared with a signal strength database, and basic geometry identifies the device's location. The wireless device doesn't actually have to connect to any of these networks; it simply scans them to determine their signal strength. For this to work, the administrators of all Wi-Fi networks used for triangulation must perform periodic site surveys to populate and maintain the signal strength database. WAP placement is a consideration in Wi-Fi triangulation, but the signal strength database is the key to determining a device's location. Only a small amount of physical displacement between access points is necessary to triangulate. The wireless standard or encryption in use has little effect on Wi-Fi triangulation.

Match each interoperability agreement document on the left with the appropriate description on the right. Each document may be used once, more than once, or not at all. Drag: BPO SLA MOU ISA Drop: Specifies exactly which services will be performed by each party. Binds a vendor in an agreement to provide services on an ongoing basis. Provides a summary of which party is responsible for performing specific tasks. Documents how the networks will be connected. Defines how disputes will be managed. Specifies a preset discounted pricing structure.

Specifies exactly which services will be performed by each party. - SLA Binds a vendor in an agreement to provide services on an ongoing basis. - BPO Provides a summary of which party is responsible for performing specific tasks. - MOU Documents how the networks will be connected. - ISA Defines how disputes will be managed. - SLA Specifies a preset discounted pricing structure. - BPO EXPLANATION Several key documents that may be included within an interoperability agreement (IA): A service level agreement (SLA) specifies exactly which services will be performed by the third party and what level of performance they guarantee. An SLA may also provide warranties, specify disaster recovery procedures, define how disputes will be managed, and specify when the agreement will be terminated. A blanket purchase order (BPO) is an agreement with a third party vendor that the vendor will provide services on an ongoing basis. BPOs are typically negotiated to take advantage of a preset discounted pricing structure. A memorandum of understanding (MOU) is a very important document that provides a brief summary of which party in the relationship is responsible for performing specific tasks. In essence, the MOU specifies who is going to do what and when. An interconnection security agreement (ISA) documents how the information systems of each party in the relationship will be connected and how they will share data.

Which business document is a contract that defines the tasks, time frame, and deliverables that a vendor must perform for a client? Statement of work Master service agreement Interconnection security agreement Memorandum of understanding

Statement of work EXPLANATION A statement of work is a contract that defines the tasks, time frame, and deliverables that a vendor agrees to before it provides services to a client. A statement of work usually includes specific requirements and a pricing structure for the work performed. A master service agreement is a contract that defines terms that will govern future agreements between two parties. A memorandum of understanding provides a brief summary of which parties in the relationship are responsible for performing specific tasks. An interconnection security agreement documents how the information systems of each party in the relationship will be connected and how they will share data.

Arrange the steps in the change and configuration management process on the left into correct completion order on the right. Drag: Conduct a feasibility analysis. Define the procedure for implementing the change. Test the implementation. Document the change. Implement the change. Identify the need for a change. Notify affected parties of the pending change. Drop: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7

Step 1 - Identify the need for a change. Step 2 - Conduct a feasibility analysis. Step 3 - Define the procedure for implementing the change. Step 4 - Notify affected parties of the pending change. Step 5 - Implement the change. Step 6 - Test the implementation. Step 7 - Document the change. EXPLANATION The change and configuration management processes used in most organizations include the following steps: Identify the need for a change. Conduct a feasibility analysis that includes technical and budgetary considerations. Identify any potential impacts to the network. Define a procedure for implementing the change. Notify all affected parties of the pending change. Implement the change. This includes identifying a maintenance window when the system will be unavailable. Test the implementation to make sure it conforms to the plan and does not adversely affect the network. Document the change.

Your organization's security policy specifies that, regardless of ownership, any mobile device that connects to your internal network must have remote wipe enabled. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it. Which of the following should you implement to ensure organizational data can be remote wiped while preserving personal data? Storage segmentation Asset tracking and inventory control Lockout or screen Lock Reporting system

Storage segmentation EXPLANATION Storage segmentation for mobile devices lets you segment the personal data from the organization's data. Storage segmentation also allows: Encryption to be applied only to sensitive organizational data on the device. Only organizational data to be removed during a remote wipe, preserving personal data. Asset tracking and inventory control only track devices owned by the organization. Lockout or screen lock only protect the device access and do not have remote wipe capability. Reporting systems provide a way to disable the device, but not remote wipe only organization data.

A VPN is used primarily for which purpose? Support the distribution of public web documents. Allow remote systems to save on long-distance charges. Allow the use of network-attached printers. Support secured communications over an untrusted network.

Support secured communications over an untrusted network. EXPLANATION A VPN (virtual private network) is used primarily to support secured communications over an untrusted network. A VPN can be used over a local area network, across a WAN connection, over the internet, and even between a client and a server over a dial-up connection through the internet. All of the other items listed in this question are benefits or capabilities that are secondary to this primary purpose.

Which of the following is the least effective power loss protection for computer systems? Secondary power source Uninterruptible power supply Backup power generator Surge protector

Surge protector EXPLANATION A surge protector provides no power loss protection. A UPS, a secondary power source, and a backup power generator all provide reasonable protection from power loss.

Which of the following is a standard for sending log messages to a central logging server? LC4 Nmap OVAL Syslog

Syslog EXPLANATION Syslog is a protocol that defines how log messages are sent from one device to a logging server on an IP network. The sending device sends a small text message to the syslog receiver (the logging server). The Open Vulnerability and Assessment Language (OVAL) is an international standard for testing, analyzing, and reporting the security vulnerabilities of a system. LC4 (previously called LOphtcrack) is a password cracking tool. Nmap is a network mapping tool that performs ping and port scans.

Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.) SMTP TLS HTTPS SSL SNMP

TLS SSL EXPLANATION Both Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols that are used with other protocols to add security. In addition, Secure Shell (SSH) can be used to add security when using unsecure protocols. HTTPS is the secure form of HTTP that uses SSL. SMTP is used for sending e-mail. SNMP is a network management protocol.

Which of the following are typically associated with human resource security policies? (Select two.) Termination Change management Password policies Background checks SLA

Termination Background checks EXPLANATION Human resource policies related to security might include the following: Hiring policies, which identify processes to follow before hiring. For example, the policy might specify that pre-employment screening include a background check. Termination policies and procedures, which identify processes to be implemented when terminating employees. A requirement for job rotation, which cross-trains individuals and rotates users between positions on a regular basis. A requirement for mandatory vacations, which require employees to take vacations of specified length. Service level agreements (SLAs), sometimes called maintenance contracts, guarantee a subscriber a certain quality of a service from a network service provider. Password policies detail passwords requirements for the organization. A change and configuration management policy provides a structured approach to securing company assets and making changes.

You have recently experienced a security incident with one of your servers. After some research, you determine that the hotfix #568994 that has recently been released would have protected the server. Which of the following recommendations should you follow when applying the hotfix? Apply the hotfix immediately to the server; apply the hotfix to other devices only as the security threat manifests itself. Test the hotfix, then apply it to the server that had the problem. Apply the hotfix immediately to all servers. Test the hotfix, then apply it to all servers.

Test the hotfix, then apply it to all servers. EXPLANATION In this scenario, you should test the hotfix and, following a successful test, apply the hotfix to all other servers. Applying it only to the server that was compromised will not protect other servers with the same vulnerability. A common testing strategy is to: Apply and test patches in a lab environment. Deploy patches to a set of systems, such as a single department. Deploy patches system-wide.

Which of the following are not reasons to remote wipe a mobile device? The device is stolen or lost. The device is locked, and someone has entered multiple incorrect entries of the password or PIN. The device is inactive for a period of time. The device is being assigned to another user.

The device is inactive for a period of time. EXPLANATION Device inactivity is not a reason to remotely wipe a mobile device. Remote wipe, also known as sanitization, remotely clears specific sensitive data on stolen, misplaced, or lost mobile devices. This ensures that whoever has the device is not able to see the sensitive data. This task is also useful if you are assigning the device to another user or after multiple incorrect entries of the password or PIN.

You have been struggling to keep the temperature in your server room under control. To address this issue, you have decided to reconfigure the room to create hot and cold aisles. Which of the following are true concerning this configuration? (Select two.) The front of your servers should face the hot aisle. The rear of your servers should face the hot aisle. The rear of your servers should face the cold aisle. The front of your servers should face the cold aisle. The hot aisle should face the air conditioner's output ducts. The cold aisle should face the air conditioner's return duct.

The rear of your servers should face the hot aisle. The front of your servers should face the cold aisle. EXPLANATION The use of hot and cold aisles within the server room is an effective method for reducing the temperature. The front of your servers should face the cold aisle. This allows them to draw in cooler air to reduce the temperature of system components. The rear of your servers should face the hot aisle. This ensures the hot air is directed away from other server systems. The hot aisle should face the air conditioner's return duct. This allows the heated air to be cooled by the AC system. The cold aisle should face the air conditioner's output ducts. This ensures cool air is drawn into servers to cool their components.

Why should you store backup media off site? To prevent the same disaster from affecting both the network and the backup media. To make the restoration process more efficient. To comply with government regulations. To reduce the possibility of theft.

To prevent the same disaster from affecting both the network and the backup media. EXPLANATION Backup media should be stored off site to prevent the same disaster from affecting the network and the backup media. If your primary facility is destroyed by fire, your only hope of recovery is off site data storage. Off site storage does not significantly reduce the possibility of media theft because it can be stolen while in transit or at your storage location. Off site storage is not a government regulation. Off site storage does not make the restoration process more efficient because additional time is spent retrieving backup media from its off site storage location.

Purchasing insurance is what type of response to risk? Rejection Transference Deployment of a countermeasure Acceptance

Transference EXPLANATION An organization can transfer risk through the purchase of insurance. When calculating the cost of insurance and the deductible, balance the cost against the expected loss from the incident. Risk acceptance is the decision that the level of risk is acceptable. Risk rejection is choosing not to respond to the risk even though the risk is not at an acceptable level. The deployment of countermeasures entails choosing and putting into practice countermeasures that reduce the risk to an acceptable level.

Which security protocols use RSA encryption to secure communications over an untrusted network? (Select two.) Point-to-point tunneling protocol Internet security association and key management protocol Transport layer security Secure sockets layer

Transport layer security Secure sockets layer EXPLANATION Transport layer security (TLS) and its predecessor secure sockets layer (SSL) are cryptographic protocols that secure communications over untrusted IP networks such as the internet using RSA encryption. They use asymmetric cryptography to first verify the identity of both communicating parties and then to exchange a symmetric encryption key. This symmetric key is then used to encrypt data being sent between both hosts. The point-to-point tunneling protocol (PPTP) does not provide an encryption mechanism and must be used with other protocols to secure communications. The internet security association and key management protocol (ISAKMP) is used to manage security keys, not to directly encrypt data communications.

What is the greatest threat to theft of data in most secure organizations? Malware USB devices Hacker intrusion Operator error

USB devices EXPLANATION The greatest threat to the confidentiality of data in most secure organizations is portable devices (including USB devices). There are so many devices that can support file storage that stealing data has become easy, and preventing data is very difficult.

You are the network administrator for a growing business. When you were hired, the organization was small, and only a single switch and router were required to support your users. During this time, you monitored log messages from your router and switch directly from each device's console. The organization has grown considerably in recent months. Now you manage eight individual switches and three routers. It's becoming more and more difficult to monitor these devices and stay on top of issues in a timely manner. What should you do? Consolidate network resources down to one or two switches. Use a remote access utility such as SSH to access router and switch consoles remotely. Hire additional resources to help monitor and manage your network infrastructure. Use syslog to implement centralized logging.

Use syslog to implement centralized logging. EXPLANATION In this scenario, a cost-effective option would be to implement centralized logging using syslog. By default, routers and switches send all log messages for all severity levels directly to the console. If a network contains a small number of devices, this default configuration is usually manageable. However, on a growing network, it quickly becomes impractical to visit each device to view log messages. Instead, you can configure your network devices to redirect logging to a syslog server somewhere in the network. By doing this, all log messages from all devices can be consolidated and viewed from a single location. Reducing the number of switches on a growing network is generally not advisable. Using a remote access utility can help alleviate the issue to an extent. However, you still have to manually connect to and monitor each individual system. If the network continues to grow, this option will quickly become unviable. It's not necessary to hire additional administrators in this scenario.

You have installed anti-virus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the computer's user, she says she did install some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should you add to your security measures to help prevent this from happening again? Account lockout User awareness training Proxy server Close unused firewall ports

User awareness training EXPLANATION Many anti-virus prevention measures are ineffective if users take actions that put their computers at risk (such as downloading and running files or copying unscanned files to their computers). If users are educated about malware and about the dangers of downloading software, the overall security of the environment improves. A proxy server controls access to the internet based on username, URL, or other criteria. Account lockout helps prevent attackers from guessing passwords. Firewall ports might be used by some malware, but will not prevent malware introduced by downloading and installing a file.

Match each bring your own device (BYOD) security concern on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all. Drag: Implement a network access control (NAC) solution. Specify where and when mobile devices can be possessed in your acceptable use policy. Specify who users can call for help with mobile device apps in your acceptable use policy. Enroll devices in a mobile device management system. Drop: Users take pictures of proprietary processes and procedures. Devices with a data plan can email stolen data. Devices have no PIN or password configured. Anti-malware software is not installed. A device containing sensitive data may be lost.

Users take pictures of proprietary processes and procedures. - Specify where and when mobile devices can be possessed in your acceptable use policy. Devices with a data plan can email stolen data. - Specify where and when mobile devices can be possessed in your acceptable use policy. Devices have no PIN or password configured. - Enroll devices in a mobile device management system. Anti-malware software is not installed. - Implement a network access control (NAC) solution. A device containing sensitive data may be lost. - Enroll devices in a mobile device management system. EXPLANATION Even though it entails a host of security risks, bring your own device (BYOD) is a very common practice in modern work environments. Security administrators need to keep the following BYOD security issues in mind: If a user is so inclined, they could use their mobile device to conduct a malicious insider attack. For example, they could use the built-in camera, which nearly all modern mobile devices have, to take pictures of sensitive internal information. They could also use the device's mobile broadband connection to transfer stolen data to parties outside the organization, bypassing the organization's network security mechanisms. To defend against this, implement an acceptable use policy that specifies where and when mobile devices can be possessed within the organization. For example, the possession of mobile devices may be prohibited in high-security areas. If a user copies sensitive data to their device, your organization could potentially lose control of that information. For example, the user may not have implemented appropriate security settings on their device, allowing anyone who gains access to the device to view the sensitive data. In addition, the user may lose the device, allowing anyone who finds it to access the sensitive data. To address these issues, require personal devices to be enrolled with a mobile device management infrastructure, such as Windows Intune, to enforce mobile device security policies. To ensure anti-malware software is installed, consider implementing a network access control (NAC) solution that remediates devices before allowing them to connect to your network.

A group of salesmen in your organization would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement? VPN concentrator IPS RADIUS IDS DMZ

VPN concentrator EXPLANATION With a remote access VPN, a server on the edge of a network (called a VPN concentrator) is configured to accept VPN connections from individual hosts. Hosts that are allowed to connect using the VPN connection are granted access to resources on the VPN server or the private network. A demilitarized zone (DMZ), also called a screened subnet, is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the internet). A RADIUS server is used to centralize authentication, authorization, and accounting for multiple remote access servers. However, clients still connect to individual remote access servers. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A passive IDS monitors, logs, and detects security breaches, but takes no action to stop or prevent attacks. An active IDS (also called an intrusion protection system, or IPS) performs the functions of an IDS, but can also react when security breaches occur.

When is choosing to do nothing about an identified risk acceptable? When the threat is most likely to come from an internal source instead of an external source. When the threat is likely to occur less than once a year. When the cost of protecting the asset is greater than the potential loss. When the asset is an intangible asset instead of a tangible asset.

When the cost of protecting the asset is greater than the potential loss. EXPLANATION You might choose to accept a risk and do nothing if the cost associated with a threat is acceptable or if the cost of protecting the asset from the threat is unacceptable. For example, if the cost of protecting the asset is greater than the cost associated with the threat, you would decide to accept the potential loss rather than spend money to protect the asset. In this case, you would plan for how to recover from the threat, but not implement any measures to avoid it. An intangible asset is a resource that has value and may be saleable even though it is not physical or material. While assigning a value to intangible assets can be difficult, this does not mean that they cannot or should not be protected. The likely frequency of a threat occurring affects the annual loss expectancy, which will also affect the comparison of the cost of countermeasures to the cost associated with a successful attack, but does not immediately rule out implementing countermeasures.

Which of the following documents would likely identify that drop cables on your network use the T568A standard? Baseline Change log Policy Network diagram Wiring schematic

Wiring schematic EXPLANATION A wiring schematic is a type of network diagram that focuses on the physical connections between devices. In this example, the wiring schematic would include the pin connector standard to use. This information might also be included in a procedure document. A procedure is a step-by-step process that outlines how to implement a specific action. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. In this example, the policy might state that a consistent wiring scheme should be used, but that scheme would be detailed in the procedure document or a wiring schematic. A network diagram shows the logical and/or physical layout of your network. Change or history documentation keeps track of changes to the configuration of a device or the network. A baseline is a snapshot of the network or device performance statistics.

Which type of documentation would you consult to find the location of RJ45 wall jacks and their endpoints in the intermediate distribution closet? Wiring schematic Baseline Policy Procedure

Wiring schematic EXPLANATION A wiring schematic is a type of network diagram that focuses on the physical connections between devices. The wiring diagram typically shows: The location of drop cables and ports within offices or cubicles. The path that wires take between wiring closets and offices. A labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punch down block locations. A baseline is a record that shows normal network statistics. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but go beyond the policy by identifying specific steps that are to be implemented.

You are troubleshooting the connection of a computer in an office to the punch down block in the distribution closet. Which document would you consult to identify the termination of the cable on the punch down block based on the wall jack location in the office? Wiring schematic Regulation Procedure Logical network diagram

Wiring schematic EXPLANATION A wiring schematic is a type of network diagram that focuses on the physical connections between devices. The wiring diagram typically shows: The location of drop cables and ports within offices or cubicles. The path that wires take between wiring closets and offices. A labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punch down block locations. A logical network diagram shows the relationship of devices on the network, but often does not include specific details, such as the wall jacks and punch down locations for drop cables. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but goes beyond the policy by identifying specific steps that are to be implemented.

You are troubleshooting a workstation connection to the network. During your troubleshooting, you move the cable in the wiring closet to a different port on the patch panel. Which type of document should you update? Wiring schematic Baseline Logical network diagram Procedure

Wiring schematic EXPLANATION In this scenario, you have modified the wiring by moving the cable from one patch panel port to another. This type of information is typically included in a wiring schematic. A logical network diagram shows the relationship of devices, but would not typically include details such as patch panel ports and wall jacks connecting the device to the network. A baseline is a snapshot of the performance statistics of the network or devices. A procedure is a step-by-step process outlining how to implement a specific action.

You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for file storage and a database server. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a cross-over UTP plenum cable that will run through the suspended tile ceiling of the data center. To provide power for the new devices, you had an electrician install several new 20-amp wall outlets near the new rack. Each device in the rack will be plugged directly into one of these new wall outlets. What is wrong with this configuration? (Select two.) You should not connect networking equipment to a 20-amp wall circuit. You should implement redundant power supplies for the network devices. You must use a straight-through cable to connect the two switches together. You should not run a plenum cable through a suspended tile ceiling. You should implement a UPS between the wall outlet and the network devices.

You should implement redundant power supplies for the network devices. You should implement a UPS between the wall outlet and the network devices. EXPLANATION In this scenario, all devices in the new rack will go down if the power from the wall outlet fails for some reason (such as a power outage). To prevent this from happening, a UPS should be implemented between the wall outlets and the network devices. In addition, the power supplies used by computing equipment have finite life spans and fail frequently. Because these are mission-critical devices, you should consider implementing redundant power supplies. Plenum network cabling is specifically designed to run through a suspended tile ceiling. The space between the suspended tile and the physical ceiling is called a ceiling plenum. In the early days of networking, cross-over cables were required to uplink two hubs or switches together. Most modern switches implement Auto MDI-X, which detects whether cross-over is required and automatically configures the interface, allowing you to use either a cross-over or straight-through cable. Using a 20-amp circuit for networking equipment is considered a data center best practice. Connecting too many devices to a standard 15-amp wall circuit can overload it and trip its breaker.

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file? You will be the only one able to open the downloaded file. Your copy is the same as the copy posted on the website. You can prove the source of the file. No one has read the file contents as it was downloaded.

Your copy is the same as the copy posted on the website. EXPLANATION A hash is a function that takes a variable-length string (message) and compresses and transforms it into a fixed-length value. Hashes ensure the data integrity of files and messages in transit. The sender and the receiver use the same hashing algorithm on the original data. If the hashes match, then the data can be assumed to be unmodified. Hashes do not ensure confidentiality (in other words, hashes are not used to encrypt data). Non-repudiation proves the source of a file and is accomplished using digital signatures.