17 & 18 Building Real World Network & Managing Risks

(LS 12_1 Design Q07): Which of the following types of information are you likely to find in a policy document? Steps for completing and validating nightly backups. Average performance statistics for a router. The IP address assigned to a router interface. A requirement for using encrypted communications for Web transactions

A requirement for using encrypted communications for Web transactions A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. In this question, a policy might contain a requirement that encrypted communications are required for Web transactions. The policy does not state the method that will be deployed, but just that encryption is a requirement.The type of encryption to be used along with the process for implementing encryption, would be included in a receipt your document. A procedure is a step-by-step process outlining how to implement a specific action as another example, a procedure document might include steps for completing a validating nightly backup.The IP address of an interface for a device might be found in configuration documentation or a network diagram. A baseline is a snapshot of the performance statistics of the network or devices, and would include the average performance information for a router.

(MMv3C19Q19): Which of the following is NOT a consideration when considering electrical and environmental issues in equipment rooms? temperature humidity electrical load capacity data

data

(MMv3C19Q03): Which of the following steps determines the requirements for the network? define the network's needs determine external connections determine internal connections plan security

define the network's needs The requirements are determined when you define the network needs. Why are you installing the network? What feature will you need?

(MMv4 Ch17_Q13): When talking about QoS for medianets, an administrator needs to develop the concept of __________. industrial control systems (ICS) differentiated Services (DiffServ) distributed control systems (DCS) human machine interfaces (HMI)

differentiated Services (DiffServ) DiffServ framework classifies each packet passing through a device. Router policies can then be defined to use the packet classification to prioritize delivery. Without QoS, switches and routers would forward traffic on the basis of best effort or first in first out, meaning that frames of packets are forwarded in the order in which they arrived. A QoS system identifies the packets or traffic streams belonging to a particular application, such as VoIP and prioritizes them over other applications such as file transfer. DiffServ is the underlying architecture that makes all of the QoS work.

(MMv4 Ch17_Q05): In most QoS setups using differentiated services code point (DSCP) there are only __________ levels of priority. two four six eight

four In a QoS set up using DSCP, there are only 4 levels of priority.

(MMv4 Ch17_Q04): What could you do for some or all server resources, so that you can reduce your power usage and increase uptime. Which of the following terms would you use to describe what you could do? local logical physical virtual

virtual Virtualization means that multiple operating systems can be installed and run simultaneously on a single computer.

(MMv3C19Q32): What switch is added to the ping command to prevent the system from fragmenting packets? -l -t -f -d

-f

(MMv3C19Q26): What is the Maximum Transmission Unit (MTU) for Ethernet? 1000 bytes 1400 bytes 2500 bytes 1500 bytes

1500 bytes The maximum MTU for Ethernet is 1500 bytes, which is the largest size of the data packet.In computer networking, the maximum transmission unit (MTU) of a communications protocol of a layer is the size (in bytes) of the largest protocol data unit that the layer can pass onwards. MTU parameters usually appear in association with a communications interface (NIC, serial port, etc.). Standards (Ethernet, for example) can fix the size of an MTU; or systems (such as point-to-point serial links) may decide MTU at connect time.A larger MTU brings greater efficiency because each packet carries more user data while protocol overheads, such as headers or underlying per-packet delays, remain fixed; the resulting higher efficiency means a slight improvement in bulk protocol throughput. A larger MTU also means processing of fewer packets for the same amount of data. In some systems, per-packet-processing can be a critical performance limitation.However, this gain is not without some downside. Large packets can occupy a slow link for some time, causing greater delays to following packets and increasing lag and minimum latency. For example, a 1500-byte packet, the largest allowed by Ethernet at the network layer (and hence over most of the Internet), ties up a 14.4k modem for about one second.Large packets are also problematic in the presence of communications errors. Corruption of a single bit in a packet requires that the entire packet be retransmitted. At a given bit error rate larger packets are more likely to be corrupted. Retransmissions of larger packets take longer.

(MMv4 Ch17_Q11): Which TCP/IP port does Unified Communication use if using H.323? 1720 2427 5004 5061

1720 keep in mind that unified communication leans heavily on SIP and RTP protocols, but can also use H.323 or MGCP. H.323 is the most commonly use video presentation protocol (or Codec) and it runs on TC ports 1720.

(MMv4 Ch17_Q12): Which ports numbers does MGCP use? 1720 and 1721 2427 and 2727 5004 and 5005 5060 and 5061

2427 and 2727 the Media Gateway Control Protocol (MGCP) provides similar functionality to SIP in establishing and controlling sessions, but uses a more centralized architecture in which the bulk of the card processing is performed at the central media Gateway controller, known as a call agent. The call agent uses MGCP to communicate with and control one or more media gateways. These media gateways provide an interface between the VoIP network and external voice networks. MGCP uses UDP port 24274 packets from the call agent to the Gateway and UDP port 27274 packets from the Gateway to the call agent.

(LS 12_2 Safety Q11): What is the recommended humidity level for server rooms? 10% or lower 70% or higher 30% 50%

50% You should keep humidity between 40 and 60% to prevent electrostatic discharge (ESD) ESD causes electrical changes that can damage computer components.

(MMv4 Ch17_Q08): Which TCP/IP ports does the Real-time Transport Protocol (RTP) use for VoIP systems? 2427 and 2727 5004 and 5005 5030 and 5031 5060 and 5061

5004 and 5005 The voice carry a stream consists of Real-time Transport Protocol (RTP) packets that contain the actual voice samples. It uses TCP ports 5004 and 5005.

(MMv4 Ch17_Q09): Which TCP/IP ports does the Session Initiation Protocol (SIP) use for VoIP systems? 2427 and 2727 5004 and 5005 5030 and 5031 5060 and 5061

5060 and 5061 SIP is one of the most widely used session control protocols. It uses TCP ports 5060 and 5061. Some vendors can actually implement SIP over UDP. Although there are claims that this means less overhead than with TCP implementations, there are reliability issues relating to using UDP. Sip can also be implemented over TLS providing security for the link.

(LS 12_3 Risk Q18): Which of the following is an example of an internal threat? A server backdoor allows an attacker on the Internet to gain access to the intranet site. A delivery man is able to walk into a controlled area and steal a laptop. A water pipe in the server room breaks. A user accidentally deletes the new product designs

A user accidentally deletes the new product designs Internal threats are intentional or accidental acts by employees which would include: * Malicious acts such as theft, fraud, or sabotage. * Intentional or unintentional actions that destroy all the data. * Disclosing sensitive mission through snooping or espionage. External threats of those events originating outside of the organization that typically focus on compromising the organization's information assets. Examples are hackers, fraud perpetrators, and viruses. Natural events are those events that may reasonably be expected to occur over time. Examples are a fire or a broken water pipe

(LS 14_2 Penetration Q04): A security administrator is conducting a penetration test on a network. He connects a notebook system running Linux to the wireless network and then uses NMAP to probe various network hosts to see which operating system they are using.Which process did the administrator use in the penetration test in this scenario? Passive fingerprinting. Firewalking. Network enumeration. Active fingerprinting

Active fingerprinting Active fingerprinting was used by the administrator in this scenario. Active fingerprinting is a form of system enumeration that is designed to gain as much information about a specific computer as possible. It identifies operating systems based upon ICMP message quoting characteristics. Portions of an original ICMP request are repeated, or quoted within the response, and each operating system quotes this information back in a slightly different manner. Active fingerprinting can determine the operating system and even the patch level Passive fingerprinting works in much the same manner as active fingerprinting. However, it does not utilize active probes of specific systems. Network enumeration (also called network mapping) involves a thorough and systematic discovery of as much of the corporate network as possible using such things as social engineering; war driving; war dialing; banner grabbing; and firewalking. Firewalking uses trace route techniques to discover which services can pass through a firewall or a router. Common firewalking tools are Hyping and Firewalk.

(MMv4 Ch17_Q20): Which industrial control system (ICS) device makes changes that modify a characteristic such as temperature? Actuator Sensor Controller Interface

Actuator

(MMv4 Ch17_Q23): Which term refers to the physical separation of your network from every other network? Secure Web Isolation Black hole Air gap

Air gap And physically separating your network from every other network takes place at Layer 1.

(LS 12_3 Risk Q24): If an organization shows sufficient due care, which burden is limited in the event of a security breach? Asset loss. Liability Negligence. Investigation

Asset loss. An organization with sufficient due care has shown that they have taken every reasonable effort to protect their assets and environment. If a security breach occurs, then the organization is not held negligent for the losses.Even with a strong security solution, asset loss is always possible. Even with strong due care, and organizations still liable to damages incurred. Due care does not remove the requirement to investigate security breaches.

(LS 14_2 Penetration Q02): Which of the following activities are typically associated with a penetration test? Select two answers only. Attempting social engineering. Running a port scanner. Creating a performance baseline. Running a vulnerability scanner on network servers. Interviewing employees to verify the security policy is being followed

Attempting social engineering. Running a port scanner. Penetration testing is the attempt by an organization to circumvent security controls to identify vulnerabilities in their information systems. It simulates an actual attack on the network and is conducted from outside the organization security perimeter. Penetration testing helps assure the effectiveness of an organization's security policy, security mechanism implementations, and deployed countermeasures. Penetration testing typically uses tools and methods that are available to attackers. Penetration testing might start with attempts at "social engineering" or other reconnaissance activities, (such as running a port scanner) followed by more active scans of systems, followed by actual attempts to access secure systems. A vulnerability scanner checks a system for weaknesses. Vulnerability scanners typically require administrative access to a system, and are performed internally to check for weaknesses but do not test system security. Penetration testers typically will not be able to run a vulnerability scanner unless they have been able to gain unauthorized access to a system. A performance baseline is created by an administrator to identify normal network and system performance. Auditing might include interviewing employees to make sure that security policies are being followed>

(LS 14_4 IncidentResponse Q31): Which of the following is an important aspect of evidence gathering? Backing up all log files and audit trails. Monitoring user access to compromise systems. Restoring damaged data from backup media. Purging transaction logs

Backing up all log files and audit trails. When gathering evidence, it is important to make backup copies of all log files and audit trails. These files will help reconstruct the events leading up to the security violation. They often include important clues as to the identity of the attacker or intruder.Users should not be granted access to compromise systems while evidence gathering is taking place. Damage data should not be restored and transaction logs should not be purged while evidence gathering is taking place.

(LS 14_4 IncidentResponse Q30): After an intrusion has occurred and the intruder has been removed from the system, which of the following is the next best step or action to take? Update the security policy. Restore and repair any damage. Deploy new countermeasures. Backup all logs and audits regarding the incident

Backup all logs and audits regarding the incident The first step after an intrusion is to retain the documentation about the incident. Making backups of the logs and audits will ensure that future investigations will have sufficient information regarding the incident. If you were unable to discover the identity of the perpetrator or means of attack, future review of the evidence or comparison with other incidents may reveal important details or patterns. After audit trails are secured, then repairing damage, deploying new countermeasures, and even updating the security policy are reasonable activities to perform.

(LS 12_3 Risk Q27): In business continuity planning, (BCP) what is the primary focus of the scope? Human life and safety. Recovery time objective. Company assets. Business processes

Business processes Business processes are the primary focus of the scope of BCP.Company assets are the focus of risk assessment for security policy development, not BCP. Human life and safety are considerations for emergency response, but are not the focus for the BCP scope. Recovery time objective is a consideration in the development of emergency response, not an aspect of the BCP scope.

(LS 12_2 Safety Q16): Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components? Dry powder. Water-based. Soda acid. Carbon dioxide

Carbon dioxide For electrical fires, you should choose a Class C fire extinguisher. Class C fire extinguishers use a gas such as CO2 or Halon to remove oxygen from the fire. When purchasing a fire extinguisher, you should purchase the type of extinguisher that is best suited for the type of fires that are likely to occur in the area.

(LS 14_4 IncidentResponse Q26): You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court.What type of document is this? FIPS-140 CPS (certificate practice statement) Rules of evidence. Chain of custody

Chain of custody The chain of custody is a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court.A CPS (certificate practice statement) is a document written by a certificate authority outlining their certificate handling, management, and administration procedures. FIPS-140 is a government standard that defines procedures, hardware, and software that can be employed when performing forensic investigations of cybercrime. The rules of evidence are the restrictions that must be adhered to in order to ensure the admissibility of collected evidence.

(LS 14_4 IncidentResponse Q25): What is the most important element related to evidence in addition to the evidence itself? Photographs of the crime scene. Chain of custody document. Witness testimony. Completeness

Chain of custody document. The chain of custody document is the most important item related to the evidence in addition to the evidence itself.Nothing is more important than the chain of custody document, including photographs. Witness testimony can be helpful, but it is not more important than the chain of custody documents. Completeness of the evidence is beneficial, but not as beneficial as a reliable chain of custody document.

(LS 12_1 Design Q01): You are troubleshooting a workstation connection to the network. During your troubleshooting, you replace the drop cable connecting the computer to the network. What type of document should you update? Network diagram. Wiring diagram. Configuration documentation. Change documentation

Change documentation In this scenario update the change documentation for the device to reflect that a part was replaced. In this scenario, you have not altered the network connection or design, but simply replace the drop cable. In the future, knowing that the drop cable was recently replaced might help in troubleshooting new or recurring problems with the device.The configuration document identifies specific configuration information for a device. It might include information about the connection to the network. A network diagram might include the location of the workstation on your site and its connection to the network. A wiring schematic might include information about how the device connects to the punch down blocks or patch panels. For each of these documents, simply changing the drop cable does not alter the information that would be in each document, so no change would be required.

(LS 12_4 SctyPolicy Q42): You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? SLA Acceptable Use Resource allocation. Change management

Change management A Change and Configuration Management policy provides a structured approach to secure company assets and to make changes. Change Management has responsibilities for:* Establishing hardware, software, and infrastructure configurations that are to be deployed universally throughout the Corporation.* Tracking and documenting significant changes to the infrastructure.* Assesses the risk of implementing new processes, hardware, or software.* Ensuring that proper testing and approval processes are follow before changes are allowed.An acceptable use policy (AUP) identifies the employee's rights to use company property such as Internet access and computer equipment for personal use. A resource allocation policy outlines how resources are allocated. Resources could include staffing, technology, or budgets. Service Level Agreements (SLAs), sometimes called maintenance contracts, guarantee the quality of a service to a subscriber by a network service provider.

(LS 12_1 Design Q03): You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? Acceptable use. Resource allocation. Change management. SLA

Change management. A change and configuration management policy provides a structured approach to secure company assets and to make changes. Change management:* Establishes hardware, software, and infrastructure configurations that are to be deployed universally throughout the Corporation.* Tracks and document significant changes to the infrastructure.* Assesses the risk of implementing new processes, hardware, or software.* Ensures that proper testing and approval processes are followed before changes are allowed.An acceptable use policy (AUP) identifies the employee's rights to use company property such as Internet access and computer equipment for personal use. A resource allocation policy outlines how resources are allocated. Resources could include staffing, technology, or budgets. Service Level Agreements (SLAs) sometimes called maintenance contracts, guarantee the quality of a service to a subscriber by a network service provider.

(MMv4 Ch17_Q07): Which company is leading the cutting edge of the unified communication (UC) field? Oracle Adobe Microsoft Cisco

Cisco

(LS 12_2 Safety Q15): Which of the following fire extinguisher types is best used for electrical fires that might result when working with computer components? Class A Class B Class C Class D

Class C For electrical fires, you should choose a Class C fire extinguisher. Class C fire extinguishers use a gas (C02 or Halon) to remove oxygen from the fire. When purchasing a fire extinguisher, purchased the type of a single shared that is best suited for the type of fires that are likely to occur in that area.Class A fire extinguishers use water or soda acid and is best for fires using typical combustible types of material. Class B fire extinguishers use either CO2 of FM200 but is best suited for petroleum, oil, solvent, or alcohol fires. And a Class D fire extinguisher would use a dry powder, and is best for sodium and potassium fires.

(LS 14_4 IncidentResponse Q24): A Service Level Agreement (SLA) defines the relationship between, and the contractual responsibilities of, providers and recipients of services.Which of the following characteristics are most important when designing an SLA? Select two answers only. Industry-standard templates are used, without deviation, for all SL A's to ensure corporate compliance. Employee vetting procedures use are never applied to contract labor Clear and detailed descriptions of penalties if the level of service is not provided. Detailed provider responsibilities for all continuity and disaster recovery mechanisms.

Clear and detailed descriptions of penalties if the level of service is not provided. Detailed provider responsibilities for all continuity and disaster recovery mechanisms. A Service Level Agreement (SLA) should define, with sufficient detail, any penalties incurred if the level of service is not maintained. In the information security realm, it is also vital that the provider's role in disaster recovery operations and continuity planning is clearly defined. Industry-standard templates are frequently used as starting points for SLA design, but must be tailored to the specific project or relationship to be effective.

(LS 12_3 Risk Q29): Which of the following network strategies connects multiple servers together such that if one server fails, the others immediately take over its task, preventing a disruption in service? Adopter bonding. Clustering. Storage Area Networks (SANs) Mirroring

Clustering. Clustering connects multiple servers together using special software. If one of the servers in the cluster fails, the other servers immediately take over the tasks the failed server was working on; resulting in no downtime for the end-user. Adopter bonding increases fault tolerance of a single server system by implementing multiple network boards in the system to function as a single adapter. Mirroring also increases fault tolerance by creating a mirror copy of the server hard drive on one or more other hard drives. Storage area networks are usually used in conjunction with clustering to provide a common disk system that all servers in the cluster share.

(LS 14_4 IncidentResponse Q36): In which stage of the evidence lifecycle does the eDiscovery process occur? Storage. Presentation in court. Collection and identification. Transportation and processing

Collection and identification. The eDiscovery process occurs during the first stage (collection and identification) of the evidence lifecycle. During this stage, evidence is gathered and a chain of custody document is created. During the storage stage of the evidence lifecycle, evidence is stored in a manner that will protect integrity. During the transportation and processing stage, measures are taken to ensure that evidence is in the same condition when it arrives at the courtroom as it was when it left the lab or investigation site. During the presentation stage, evidence is evaluated to determine whether it is admissible in court.

(LS 14_4 IncidentResponse Q35): You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker.You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do? Implement training for employees who handle personal information. Delete personally identifiable information from your computers. Contact your customers to let them know of the security breach. Perform additional investigations to identify the attacker

Contact your customers to let them know of the security breach. After you have analyzed the attack and gathered evidence, be aware that in some states you will be required to notify individuals if their personal information might have been compromised. For example, if an incident involves the exposure of credit card numbers, identifying information (such as Social Security numbers) or medical information, you might be legally obliged to notify potential victims and take measures to help protect their information from further attack.

(MMv4 Ch17_Q18): Which industrial control system (ICS) device knows enough to manage a process? Actuator Sensor Controller Interface

Controller The controller, some sort of computer, knows enough to manage the process such as keeping the temperature between certain degrees. The operator on the other hand watches some kind of monitor, perhaps the interface, and intervenes if necessary.

(LS 12_4 SctyPolicy Q40): A security administrator logs onto a Windows server in his organization's network. He then runs a vulnerability scan on that server.What type of scan was conducted in this scenario? Ping scan. TCP SYN scan Credentialed scan Non-Credentialed scan

Credentialed scan In a credentialed scan, the security administrator authenticates to the system prior to starting the scan. A credentialed scan usually provides more detailed information about potential vulnerabilities. For example, a credentialed scan of a Windows workstation allows the registry to be probed for security vulnerabilities.In a non-credentialed scan, the security administrator does not authenticate to the system prior to running the scan. A TCP SYN scan is a common type of port scan. A ping scan sends ICMO echo/request packets to one or multiple IP addresses.

(LS 12_3 Risk Q19): Which of the following is an example of privilege escalation? Mandatory vacations Creeping privileges. Separation of duties Principle of least privilege

Creeping privileges. Creeping privileges is what occurs when a user's job position changes and they are granted a new set of access privileges for their new work tasks, however their previous access privileges are not removed. As a result, the user accumulates privileges over time that are not necessary for their current work tasks. This is a form of privilege escalation.Principle of least privilege and separation of duties are countermeasures against privilege escalation. Mandatory vacations are used to perform peer reviewing. It requires cross train personnel and helps detect mistakes and fraud.

(MMv4 Ch17_Q02): When designing and building a network, which requirements help in determining how to organize the network? List of requirements Equipment limitations Compatibility requirements Device types/requirements

Device types/requirements In this area you could talk about what equipment you need to build your network and also how should you organize your network. Normally this is the area where you would identify what an user devices will be used to access the network.

(MMv3C19Q40): What type of electrical setup is ideal for a network closet? Circuits shared with no more than two other locations. Dedicated circuits. High-voltage circuits. Any circuit will do fine

Dedicated circuits.

(LS 12_3 Risk Q23): Which of the following is NOT a valid response to a risk discovered during a risk analysis? Assignment. Acceptance. Denial. Mitigation

Denial. Denial or ignoring risk is not a valid response. Denying risk rather than properly addressing risk is a negligent activity that can be used against an organization in court if a security breach occurs that causes damage is affecting investors or the public.Valid responses to risk are acceptance, assignment, and mitigation.

(LS 12_1 Design Q08): Which of the following types of information are you likely to find in a procedure document? An inventory of the hardware components in a specific device. A record of the repairs made to a specific device. Details on how to test and deploy patches. The relationship of routers to other routers on the network

Details on how to test and deploy patches. A procedure is a step-by-step process outlining how to implement a specific action. For example, you might have a procedure document that identifies how patches are tested and applied within your network. So in this question it could include details on how to test and apply or deploy patches.Change or history documentation keeps track of changes to the configuration of a device or the network. For example, you might record a change in a network interface card in a device, or repair to a WAN linkConfiguration documentation identifies specific configuration information for a device. For example, the document might identify the hardware components within a device.A network diagram shows the logical and/or physical layout of your network. The network diagram could be a collection of diagrams showing the location and IP addresses of hubs, switches, routers, firewalls.

(LS 14_4 IncidentResponse Q33): During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first in order to protect your network, while still preserving evidence? See who is connecting to the access point to try and find the attacker. Run a packet sniffer to monitor traffic to and from the access point. Disconnect the access point from the network. Connect to the access point and examine his logs information

Disconnect the access point from the network. The first step in responding to an incident should be to take actions to stop the attack and contain or limit the damage. For example, if the attack involves a computer system attached to the network, the first step might be to disconnect it from the network. Although you want to preserve as much information as possible to assist in later investigations, it might be better to stop the attack, even if doing so alerts the attacker or results in the loss of evidence regarding the attack.After containing a threat, forensic investigation can be performed on computer systems to gather evidence and identify the methods used in the attack.

(LS 12_3 Risk Q30): You manage the website for your company. The Web1 server hosts the website and has the following configuration: Dual core processor. Dual power supplies. RAID 5 volume. One RAID controller Two 1000 Mbps network adapters. Which component is a single point of failure for this website? Disk storage. Power supply. Disk controller. Network adapter

Disk controller. A single point of failure means that failure in one component will cause the entire website to be unavailable. In this scenario, the disk controller is a single point of failure. If the disk controller fails, content for the website will be unavailable.

(LS 14_4 IncidentResponse Q32): When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first? Turn off the system. Stop all running processes. Remove the hard drive. Document what's on the screen

Document what's on the screen Preserving evidence while conducting a forensic investigation is a trade-off. Any attempt to collect evidence may actually destroy the very data needed to identify an attack or attacker. Of the choices given, documenting what's on the screen is the least intrusive and the least likely to destroy critical evidence. Halter ring, disassembling, or stopping running processes may erase the data needed to track the intruder.

(LS 12_2 Safety Q13): You have just started a new job as a network team leader for a small company. You are responsible for overseeing the work of Help Desk technicians, as well as doing your own share of the administrative work.To improve the safety of your organization, you decide to assemble Material Safety Data Sheets (MSDS) for all chemicals used in your organization. How should you get them? Write them yourself after researching the chemicals. Download them from the chemical manufacturers websites. Request them from your local workforce safety and insurance office. Ask your manager for them

Download them from the chemical manufacturers websites.

(LS 12_2 Safety Q17): Which of the following statements about ESD are not correct? ESD damage is more likely to occur in low humidity. ESD is much more likely to occur when the relative humidity is above 50%. Measuring the moisture content in the air can be helpful in avoiding ESD. One of the greatest threats to computer equipment is ESD

ESD is much more likely to occur when the relative humidity is above 50%. ESD is much more likely to occur in environments where the relative humidity is below 50%. A hydrometer measures relative humidity and is a valuable monitoring tool for your computing equipment environment.

(MMv4 Ch17_Q14): Within the Differentiated Services (DiffServ) architecture, how many classes of service (CoS) are there? Two Four Six Eight

Eight There are 8 classes of service. A class of service (CoS) is just a value that you may use to apply to services, ports, or whatever your QoS device might use. There is a 3-bit priority field which is set to a value between 0 and 7.

(LS 14_2 Penetration Q09): Which of the following penetration test characteristics best describe a single blind test? The tester has no prior knowledge of the target system. The tester has detailed information about the target system prior to starting the test. The tester has the same amount of information that would be available to a typical insider in the organization. The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed. Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed.

Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed.

(LS 12_4 SctyPolicy Q43): Which component of a Change and Configuration Management policy identifies technical and budgetary considerations associated with a repost change and also identifies any potential impacts to the network? Feasibility analysis. Rollback. Authorized downtime. Change request

Feasibility analysis. A feasibility analysis identifies technical and budgetary considerations associated with a proposed change. It should also identify any potential impacts to the network.In the event that a change unintentionally causes problems, your Change and Configuration Management process should include provisions for a rollback. A rollback makes it possible to revert the system back to the state it was in before the change was put into effect. Authorized downtime defines a maintenance window during which the system will be unavailable while the changes made. A change request identifies the need for change.

(LS 14_4 IncidentResponse Q27): Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence? File directory listing. Hashing Serial number notation. Photographs

Hashing Hashing is the method used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence.File directory listings, photographs, and serial number notation are not sufficient methods to verify a hard drive cloning.

(MMv4 Ch17_Q19): In a modern DCS each of the local controllers connects (eventually) to a centralized controller-what CompTIA calls the __________-where global changes can be made managed. ICS loader ICS interface ICS workstation ICS server

ICS server

(LS 12_4 SctyPolicy Q32): Your organization is in the process of negotiating and Interoperability Agreement (IA) with another organization. As a part of this agreement, the partner organization proposes that a federated trust be established between your domain and their domain. This configuration will allow users in their domain to access resources in your domain and vice versa.As a security administrator, which tasks should you complete during this phase. Select two answers only. Verify compliance with IA documents Identify how data will be shared. Conduct security audits on the partner organization. Identify how data ownership will be determined. Reset all password used by the third-party to access data or applications on your network

Identify how data will be shared. Identify how data ownership will be determined. During the on boarding phase of a third-party relationship, several issues need to be considered and a plan formulated to address them which would include: * How data ownership will be determined. * How data will be shared. The security and compliance audits should be conducted during the ongoing operations phase of the relationship. Partner password should be reset during the off boarding process.

(LS 14_2 Penetration Q11): Which of the following best describes Banner grabbing? Identifying phone numbers with modems. Scanning for wireless access points. Identifying operating system type and version number. Identifying services that can pass through a firewall.

Identifying operating system type and version number. Banner grabbing (capturing information transmitted by the remote host including the application type, application version, and even operating system type and version)

As you are helping a user with a computer problem you notice that the user has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: Minimum password length = 10 Minimum password age = 4 Maximum password age = 30 Password history = 6 Require complex passwords that include numbers and symbols. Account lockout clipping level = 3 Which of the following is the best action to take to make remembering passwords easier so that the user no longer has to write the password down? Decrease the minimum password length Increase the maximum password age. Implement end-user training. Remove the complex password requirement. Increase the account lockout clipping level

Implement end-user training. The best solution is to implement end-user training. Instruct users on the importance of security and teach them how to create and remember complex passwords. Make any other changes would violate the security policy and reduce the overall security of the passwords.

(LS 14_2 Penetration Q01): You have decided to perform a double-blind penetration test. Which of the following actions would you perform first? Run system fingerprinting software. Inform senior management. Engages social engineering. Perform operational reconnaissance

Inform senior management. Before starting a penetration test (also called a pen test) it is important to define the Rules of Engagement (ROE) or the boundaries of the test. Some important actions to take would include: * Obtain a written and signed authorization from the highest possible senior management. * Delegate personnel who are experts in the areas being tested. * Gain approval from the Internet provided to perform the penetration test. * Make sure that all tools or programs used in the testing are legal and ethical. * Establish the scope and timetable. * Identify systems that will not be included in the test. Performing reconnaissance, social engineering, or system scanning are all actions performed during a penetration test. However, no action should be taken before approval to conduct the test is obtained.

(LS 12_4 SctyPolicy Q33): What is the most common failure of the security policy in an environment? Lack of user awareness. Failure to assign responsibilities. Overlooked critical assets. Improperly outlined procedures

Lack of user awareness. The most common failure the security policy in an environment is the lack of user awareness. If users are not aware of the policies to follow or procedures to comply with, they will not know how to perform their work tasks securely. When an organization makes the effort to produce a security policy, improperly outlined procedures are rarely a problem. This issue is usually discovered and corrected early in the security policy development process. Overlooking critical assets is not a common problem. During the asset identification stage of risk analysis and security policy development, every asset of an organization is examined for importance. A security policy is not complete unless it assigns specific tasks and responsibilities to roles and individuals within the organization.

(MMv4 Ch17_Q01): When designing and building a network, which requirements define the network's needs? List of requirements Equipment limitations Environment limitations Compatibility requirements

List of requirements When planning a campus or enterprise network installation or even upgrade project, the first task is to not only try and establish the customers list of requirements. Customer requirements will usually be to support business goals.

(MMv3C19Q27): What is an MTU compatibility issue that can occur when an Ethernet network connects to an ISP's WAN connection? MTU mismatch Path MTU Discovery MTU black hole MTU fragmentation

MTU mismatch

(LS 14_4 IncidentResponse Q29): You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first? Fire the employee who uses the computer. Make a bit level copy of the disk. Run forensic tools to examine the hard drive contents. Obtain a search warrant

Make a bit level copy of the disk. Before conducting an investigation of data on a disk, you should create a hash of the disk, create a bit level copy of the disk, then create a hash of your copy of the disk. Perform any investigative activities on your copy of the disk, and not on the original disk. The hash of the original disk allows you to retain the original disk and prove that the original has not been altered, either by yourself during investigations, or by someone else after the disk was discovered. The hash of your copy of the disk proves that your copy is the same as the original. For computers within a business, you do not need a search warrant before examining the disk, although you should have a written policy that lets users know that you have this right for company property. Firing an employee should only be done after evidence has been gathered, and even then it will be difficult to do without legal repercussions.

(LS 12_2 Safety Q14): You walk by the server room and notice a fire has started. What should you do first? Grab a fire extinguisher and try to put out the fire. Make sure everyone has cleared the area. Call the fire department. Turn on the overhead sprinklers

Make sure everyone has cleared the area. Your first action should be to ensure the safety of others. Make sure that people are out of the area. Files and other hazards can quickly spread, so fast action is required to make sure that everyone is safe.Call the fire department after you have taken steps to worn people who might be in danger. In most cases, you should not try to put out fires on your own as they can quickly get out of control.

(LS 12_4 SctyPolicy Q34): Which business document is a contract that defines a set of terms that will govern future agreements between two parties? Statement of Work. Interconnection Security Agreement. Memorandum of Understanding. Master Service Agreement

Master Service Agreement A Master Service Agreement is a contract that defines terms that will govern future agreements between two parties. The purpose of this document is to allow the parties to quickly negotiate future agreements without having to repetitively renegotiate the same terms over and over. A Statement of Work is a contract that defines the tasks, timeframe, and deliverables that a vendor must perform for a client. A Memorandum of Understanding provides a brief summary of which party in the relationship is responsible for performing specific tasks. An Interconnection Security Agreement documents how the information systems of each party in the relationship will be connected and how they will share data.

(LS 12_3 Risk Q26): When recovery is being performed due to a disaster, which services are to be stabilized first? Least business critical. Mission-critical. Financial support. Outside communications

Mission-critical. The services to be restored first our mission critical services. If mission critical services are not restored within their maximum tolerable downtime, the organization is no longer viable.Least business critical services are to be restored last. Financial support and outside communications are restored only after all other services with a higher level of criticality have been restored.

(LS 12_1 Design Q06): In troubleshooting a router, you want to identify which other devices are connected to the router, as well as the subnet addresses of each connected subnet.Which type of document would most likely have this information? Wiring schematic. Procedure. Baseline. Network diagram. Policy

Network diagram. A network diagram shows the logical and/or physical layout of your network. The network diagram could be a collection of diagrams showing the following types of information: * The location and IP addresses of hubs, switches, routers, and firewalls. * The relationship of remote locations and the WAN links that connect remote locations. * Subnets within your network, including the subnet addresses and routers connecting each subnet. You should also be able to distinguish between policy, baselines, procedures, and wiring schematics. Make sure you know the following definitions: * A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. Policies are often written in response to regulations. * A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but go beyond policy by identifying specific steps that are to be implemented. The use of consistent procedures ensures that the goals defined in a policy are met, and provides consistency of action by multiple administrators. * A baseline is a snapshot of the performance statistics of the network or devices. The baseline is used as a logical basis for future comparison. Baselines enable you to effectively monitor the performance of your system to determine when changes negatively impact performance or when systems need upbraiding or replacing. * A wiring schematic is a type of network diagram the focuses on the physical connections between devices. The wiring diagram typically shows the location of drop cables imports within offices or cubicles and a labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punch down block locations

(LS 14_2 Penetration Q05): A security administrator is conducting a penetration test on a network. He connects a notebook system to a mirror port on a network switch. He then uses a packet sniffer to monitor network traffic to try and determine which operating systems are running on network hosts.Which process did the administrator use in the penetration test in this scenario? Firewalking. Network enumeration. Active fingerprinting. Passive fingerprinting

Passive fingerprinting In this case passive fingerprinting was used by the administrator.Passive fingerprinting is a form of system enumeration that is designed to gain as much information about network computers as possible. It passively listens to network traffic generated by network hosts and attempts to identify which operating systems are in use based upon the ICMP message quoting characteristics they use.Active fingerprinting works in much the same manner as passive fingerprinting. However, in active fingerprinting in utilizes active probes of specific systems instead of passive monitoring. Firewalking uses trace route techniques to discover which services can pass through a firewall or a router. Common firewalking tools are hyping and Firewalk.

(LS 14_4 IncidentResponse Q34): You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack. What should you do next? Stop all running processes. Make a hash of the hard drive. Cloned the hard drive. Perform a memory dump

Perform a memory dump Some evidence might exist in active memory, and could be lost if the computer is shut down. Save the contents of memory by taking one of the following actions: * Save an extract of the page file. * Do a complete memory dump to save the contents of physical RAM. The page file will be lost but the physical memory will be preserved.Stopping running processes, if necessary, making a hash of the hard drive, and cloning the hard drive should be done after volatile data (information that is in memory) is captured.

(LS 12_4 SctyPolicy Q41): A network utilizes a Network Access Control (NAC) solution to protect against malware.When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied.What is this process called? Port security. Quarantine. Posture assessment. Remediation

Posture assessment. When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied. This is called a posture assessment. The agent that submits the results of the assessment to a Statement of Health (SoH) to the System Health Validator (SHV).If the host does not meet the client health requirements configured in the NAC system, then it is placed on a quarantine network where it is remediated. Port security is configured on a switch to restrict connections to hosts with specific MAC addresses.

(LS 14_4 IncidentResponse Q37): In which stage of the evidence lifecycle is the forensic report created? Collection and identification. Presentation in court. Preservation and analysis. Transportation and processing

Preservation and analysis. The forensics report is created during the preservation and analysis stage of the evidence lifecycle. During this stage, each piece of evidence is thoroughly analyzed and documented. The eDiscovery process occurs during the first stage (collection and identification) of the evidence lifecycle. During the transportation and processing stage, measures are taken to ensure that evidence is in the same condition when it arrives at the courtroom as it was when it left the lab or investigation site. During the presentation stage, evidence is evaluated to determine whether it is admissible in court.

(MMv4 Ch17_Q06): Which device is an example of a peripheral device? Server rack Cable box WAP Printer

Printer

(LS 12_3 Risk Q21): When analyzing assets, which analysis method assigns financial values to assets? Qualitative Quantitative Transfer Acceptance

Quantitative Quantitative analysis assigns a financial value or assignment of real numbers to an asset and the cost required to recover from a lost to the asset.Qualitative analysis seeks to identify costs that cannot be concretely defined using quantitative analysis. Transfer and acceptance are responses to risk, not risk analysis methods.

(LS 14_4 IncidentResponse Q28): The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence? Copying the contents of memory to removable media. Disconnecting the system from the network. Rebooting the system. Restricting physical access to the system.

Rebooting the system. Rebooting or shutting down a compromised system will erase the memory contents. An attacker may load and run a memory resident program and immediately erase it from the disk. Rebooting the system will destroy all evidence of the malicious program

(LS 12_1 Design Q05): You need to find out what kind of laws might apply to the design and operation of your network. Which type of document would you consult? Baseline. Procedure. Regulation. Policy

Regulation. You would consult with a regulation. A regulation is a requirement published by a government or other licensing body that must be followed. While you are not responsible for writing regulations, you are responsible for knowing which regulations apply to your organization, and making sure that the regulations are understood and adhere to. You should be able to distinguish between regulations, baselines, procedures, and they policy. Make sure you know the following definitions: *A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. Policies are often written in response to regulations. *A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but go beyond policy by identifying specific steps that are to be implemented. The use of consistent procedures ensures that the goals defined in a policy are met, and provides consistency of action by multiple administrators. * A baseline is a snapshot of the performance statistics of the network or devices. The baseline is used as a logical basis for future comparison. Baselines enable you to effectively monitor the performance of your system to determine when changes negatively impact performance or when systems need upbraiding or replacing.

(LS 12_4 SctyPolicy Q36): A user by the name of Harry Jones has been assigned a new desktop workstation to complete his day-to-day work. The computer running Windows 7.When provisioning Harry's user account in your organization's domain, you assign an account name of HJones with an initial password of by3Ls5d.On first logon, Harry's prompted to change his password, so he changes it to Doggy, which is the name of his dog.What should you do to increase the security of Harry's account? Select two answers only. Configure user account names that are not easy to guess. Do not allow users to change their own passwords. Upgrade the workstation to Windows 8. Require stronger initial password when creating user accounts. Train users not to use passwords that are easy to guess

Require stronger initial password when creating user accounts. Train users not to use passwords that are easy to guess In this scenario a weak password that is easy to guess has been used. In order to prevent this from happening you should:* Require strong passwords on user accounts. In this example, Doggy is a weak password because it is short and doesn't contain numbers or any other non-alphabet characters.* Train users not to use passwords that are easy to guess. In this example, the user's password could very likely be guest using basic reconnaissance techniques on social media websites.You should allow users to set their own passwords. If you don't, then both the administrator and the new user know the password, which is a poor security practice. Using a stronger initial password will not prevent the user from using a weak password if the appropriate Group Policy settings are in force. Using the type of user account names that are shown in this scenario is generally considered an acceptable security practice. The security provided by Windows 7 is comparable to that provided by Windows 8 or 10.

(LS 12_3 Risk Q22): Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called? Exposure Loss Risk Residual risk

Residual risk Residual risk is the portion of risk that remains after the implementation of a countermeasure. There will almost always be some residual risk.Exposure is the vulnerability of losses from a threat agent. Risk is the likelihood of a vulnerability being exploited. A loss is the real damages to an asset that reduces its confidentiality integrity or availability.

(MMv4 Ch17_Q10): Unified communication leans heavily on which of the following protocols for transportation? UDP and TCP SIP and RTP STP and RIP RIP and OSPF

SIP and RTP SIP will establish the connection and RTP will carry the transmission data

(MMv4 Ch17_Q17): Which industrial control system (ICS) device monitors characteristics like temperature? Actuator Sensor Controller Interface

Sensor Sensors monitor things like temperature for example and the actuator makes changes that modify that temperature.

(MMv4 Ch17_Q05): How do many small networks avoid using a full-blown file server? Small networks format their hard drives using a large block size. Small networks avoid large data sets. Small networks take advantage of network attached storage (NAS). Small networks eliminate distributed processing.

Small networks take advantage of network attached storage (NAS). Network Attached Storage is a self-contained storage appliance designed to allow clients to store and share files over the network. It can also be used for backups and media streaming. A NAS device is essentially a pared down file server that has been optimized to store files for network users.

(LS 12_4 SctyPolicy Q39): What is the primary purpose of penetration testing? Infiltrate a competitor's network. Evaluate newly deployed firewalls. Assess the skill level of new IT security staff. Test the effectiveness of your security perimeter

Test the effectiveness of your security perimeter The primary purpose of penetration testing is to test the effectiveness of your security perimeter. Only by attempting to break into your own secured network can you be assured that your security policy, security mechanism implementations, and deployed countermeasures are effective. It is important to obtain senior management approval before starting a penetration testing or vulnerability scanning project. Often, penetration testing or vulnerability scanning is performed by an external consultant or security outsourcing agency that is hired by your organization.

(LS 14_2 Penetration Q10): Which of the following penetration test characteristics best describe a double blind test? The tester has no prior knowledge of the target system. The tester has detailed information about the target system prior to starting the test. The tester has the same amount of information that would be available to a typical insider in the organization. The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed. Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed.

The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed.

(LS 14_2 Penetration Q06): Which of the following penetration test characteristics best describe a white box test? The tester has no prior knowledge of the target system. The tester has detailed information about the target system prior to starting the test. The tester has the same amount of information that would be available to a typical insider in the organization. The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed. Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed.

The tester has detailed information about the target system prior to starting the test.

(LS 14_2 Penetration Q08): Which of the following penetration test characteristics best describe a black box test? The tester has no prior knowledge of the target system. The tester has detailed information about the target system prior to starting the test. The tester has the same amount of information that would be available to a typical insider in the organization. The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed. Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed.

The tester has no prior knowledge of the target system.

(LS 14_2 Penetration Q07): Which of the following penetration test characteristics best describe a gray box test? The tester has no prior knowledge of the target system. The tester has detailed information about the target system prior to starting the test. The tester has the same amount of information that would be available to a typical insider in the organization. The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed. Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed.

The tester has the same amount of information that would be available to a typical insider in the organization.

(LS 12_3 Risk Q25): Purchasing insurance is what type of response to risk? Rejection. Acceptance. Deployment of countermeasures. Transference

Transference An organization can transfer risks (transference) through the purchase of insurance. When calculating the cost of insurance and the deductible, balance the cost against the expected loss from the incident.Risk acceptance is the decision that the level of risk is acceptable. Risk rejection is choosing not to respond to the risk even though the risk is not at an acceptable level. The deployment of countermeasures and tales choosing and putting into practice those countermeasures that reduce the risk to an acceptable level.

(MMv4 Ch17_Q24): In a well-developed UC environment, what will individual phones be called? UC servers US gateways UC nodes UC devices

UC devices UC devices provide and user access. Different devices may provide different communication capabilities. For example, more options may be available to user on a desktop PC with headset then to a smart phone user

(LS 12_4 SctyPolicy Q37): You have installed antivirus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, the user says that she did install some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it.What should you add to your security measures to help prevent this from happening again? User awareness training Account lockout. Proxy server. Close unused firewall ports

User awareness training Many anti-virus prevention measures are ineffective if users take actions that put their computers at risk (such as downloading and running files are copied on scanned files to their computers). If users are educated about malware and about the dangers of downloading software, the overall security of the environment improves.A proxy server controls access to the Internet-based on username, URL, or other criteria. Account lockout helps prevent attackers from guessing passwords. Firewall ports might be used by some malware, but will not prevent malware introduced by downloading and installing a file.

(MMv3C19Q21): Which of the following switch features can be used to prevent broadcasts from spanning networks? WANs placement VLANs encryption

VLANs A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements, which communicate as if they were attached to the same broadcast domain, regardless of their physical location. So it broadcasts in its own domain, and does not go outside of the VLAN boundary for broadcasting. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if not on the same network switch. VLAN membership can be configured through software instead of physically relocating devices or connections. Most enterprise-level networks today use the concept of virtual LANs (VLAN). Without VLANs, a switch considers all interfaces on the switch to be in the same broadcast domain.

(LS 12_1 Design Q10): Which of the following terms describes a test lab environment that does not require the use of physical hardware? Network as a Service (NaaS) Virtual sandbox VLAN Offsite virtual storage

Virtual sandbox A virtual sandbox is a virtual environment that can be used to test new deployments and software updates without affecting the production environment.Offsite virtual storage is used to store files and documents on a remote network. Network as a Service (NaaS) is a network implementation contracted by a third-party. NaaS virtualizes the entire network infrastructure of a production environment. VLANs are used by switches to create separate logical LANs

(LS 12_4 SctyPolicy Q38): What is the main difference between vulnerability scanning and penetration testing? Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. Vulnerability scanning is performed with a detailed knowledge of the system; penetration testing starts with no knowledge of the system. Vulnerability scanning uses approved methods and tools; penetration testing uses hacking tools. The goal of vulnerability scanning is to identify potential weaknesses; the goal of penetration testing is to attack a system.

Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. Penetration testing simulates an actual attack on the network and is conducted from outside the organization security perimeter. Vulnerability scanning is typically performed internally by users with administrative access to the system.The goal of both vulnerability scanning and penetration testing is to identify the effectiveness of security measures, and to identify weaknesses that can be fixed. While some penetration testing is performed with no knowledge of the network, penetration testing could be performed by testers with detailed information about the systems. Both vulnerability scanning and penetration testing can use similar tools, although illegal tools should be avoided in both activities.

(LS 12_3 Risk Q31): You manage a website for your company. The website uses three servers configured in a cluster. Incoming requests are distributed automatically between the three servers. All servers use a shared storage device that holds the website contents. Each server has a single network connection and a single power supply.Considering the availability of your website, which component represents a single point of failure? Network adapter. Web server. Website storage. Power supply

Website storage. In this scenario, the shared storage is a single point of failure. A single point of failure means that failure in one component will cause the entire website to be unavailable. If the storage unit fails, then the website content will be unavailable. Failure in a single network card, power supply, or even a single server will not make the website unavailable. All of these failures will take one server off-line, but because of the server cluster, other servers will still be available to process incoming requests.

(LS 12_3 Risk Q20): When would choosing to do nothing about an identified risk be acceptable? When the cost of protecting the asset is greater than the potential loss. When the asset is an intangible asset instead of a tangible asset. When the threat is likely to occur less than once a year. When the threat is most likely to come from an internal source instead of an external source

When the cost of protecting the asset is greater than the potential loss. You might choose to accept a risk and do nothing if the cost associated with a threat is acceptable, or if the cost of protecting the assets from the threat is unacceptable. For example, if the cost of protecting the asset is greater than the cost associated with the threat, you would decide to accept the potential loss rather than spend money to protect the asset. In this case, you would plan for how to recover from the threat, but not implement any measures to avoid.An intangible asset is a resource that has value and may be saleable even though it is not physical or material. While assessing a value to intangible assets can be difficult, this does not mean that they cannot or should not be protected. The likely frequency of a threat occurring affects the annual loss expectancy, which will also affect the comparison of the cost of countermeasures to the cost associated with a successful attack, but does not immediately rule out implementing countermeasures.

(MMv4 Ch17_Q03): When designing and building a network, which requirements help in determining how to connect to the Internet? Security Wired/wireless considerations Compatibility requirements Equipment limitations

Wired/wireless considerations What type of structured cabling do you need? And does the network need wireless. How do you connect to the Internet?

(LS 12_1 Design Q04): Which type of documentation would you consult to find the location of RJ-45 wall jacks and their endpoints in the intermediate distribution closet? Wiring schematic. Policy. Procedure. Baseline

Wiring schematic. A wiring schematic is a type of network diagram that focuses on the physical connection between devices. The wiring diagram typically shows: * The location of drop cables imports within offices or cubicles. * The path that wires take between wiring closets and offices. * A labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punch down block locations.A baseline is a record that shows normal network statistics. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. A procedure is a step-by-step process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but go beyond the policy by identifying specific steps that are to be implemented.

(LS 12_1 Design Q09): Which of the following documents would likely identify that drop cables on your network use the T568A standard? Baseline. Change log. Wiring schematic. Network diagram. Policy

Wiring schematic. A wiring schematic is a type of network diagram that focuses on the physical connections between devices. In this example, the wiring schematic would include the pin connector standard to use. This information might also be included in a procedure document. A procedure is a step-by-step process outlining how to implement a specific action.A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. In this example, the policy might state that a consistent wiring scheme should be used, but the specific scheme to be used would be detailed in the procedure document or a wiring schematic.A network diagram shows the logical and/or physical layout of your network. Change or history documentation keeps track of changes to the configuration of a device or the network. And a baseline is a snapshot of the performance statistics of the network or devices.

(LS 12_1 Design Q02): You are troubleshooting a workstation connection to the network. During your troubleshooting, you move the cable in the wiring closet to a different port on the patch panel.Which type of document should you update? Baseline. Procedure. Wiring schematic. Logical network diagram

Wiring schematic. In this scenario you have modify the wiring by moving the cable from one patch panel port to another. This type of information is typically included in a wiring schematic.A logical network diagram shows the relationship of devices, would not typically include detail such as patch panel ports and wall jacks connecting the device to the network. A baseline is a snapshot of the performance statistics of the network or devices. A procedure is a step-by-step process outlining how to implement a specific action.

(LS 12_2 Safety Q12): The power supply in a tower service system has malfunctioned. To get the server back online, you decide to open the server case. You place the server on a static Matt, ground the service case to the mat, and then ground yourself to the mat with a wristband. Next, you remove the power supply unit from the server and open it. To identify which component has failed, you plug in the power supply to the wall outlet and then use a multi meter to test the various components within.Which safety rules were violated in this scenario? Select two answers only. You should never use a static wristband when working on computer systems. You should never open a computer power supply. You should unplug a device from the wall outlet before connecting yourself to it with a static wristband. A toner probe should be used to test a power supply, and not a multimeter. You should never use a static mat when working on computer systems

You should never open a computer power supply. You should unplug a device from the wall outlet before connecting yourself to it with a static wristband. In this scenario, two key safety related mistakes were made: Never wear an ESD bracelet strap if the equipment is connected to an AC power source. Avoid servicing devices that use AC power, such as monitors and computer power supplies. Treat these devices as Field Replaceable Units (FRUs). You should simply replace an entire failed unit instead of opening it and trying to make repairs. Toner probes are used to trace network cable runs. Static mats and wristbands should be used when working on computer equipment to prevent ESD. However, the device should be unplugged from the wall outlet first.

(LS 14_2 Penetration Q03): Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack? Split Knowledge team. Partial Knowledge team. Zero Knowledge team. Full Knowledge team

Zero Knowledge team. A zero knowledge team is a penetration testing team which most closely simulates a real world hacker attack as they must perform all of the initial blind reconnaissance.A full knowledge team is least likely a real world hacker as they already know everything about the environment. A partial knowledge team is closer to a real world hacker than a full knowledge team, but not as close as a zero knowledge team. There is no standard name of a penetration testing team known as a split knowledge team. Split knowledge refers to a separation of duties concept.

(MMv3C19Q14): Compatibility issues stemming from newer equipment or applications when integrated with older or legacy ones are called: frontward compatibility data compatibility connector compatibility backward compatibility

backward compatibility

(MMv4 Ch17_Q21): A supervisory control and data acquisition (SCADA) system is a subset of the __________. industrial control system (ICS) distributed control system (DCS) remote terminal unit (RTU) programmable logic controller (PLC)

industrial control system (ICS)

(MMv3C19Q04): Structured cabling is a design consideration related to which of the following? compatibility external connections security internal connections

internal connections

(MMv4 Ch17_Q16): In the early days of automation, you might have a single person, known as a(n) __________, monitoring a machine that produced something. leader technician operator server

operator Operators at the ICS server for example could direct the controllers managing the robots to change production from green widgets to blue widgets. Operators interact with controllers through a control or computer called a human machine interface (HMI)

(MMv4 Ch17_Q22): ICS/DCS/SCADA and other networks are traditionally good candidates for network __________. segmentation consolidation interference expansion

segmentation While security is one major reason for segmenting networks it may not be the only reason. You also need to reduce network congestion and limit network problems through segmentation so we can segment in order to optimize performance. You must segment also to be in compliance with standards, laws, or best practices. Segmentation can also be used to help in troubleshooting. One of the best tools in order to help understand that were segmentation is the OSI seven layer model and in particular layers 1, 2, and 3. Physically separating your network from every other network is known as an air gap. You can think of VLANs at Layer 2. And at layer 3 you can use separate broadcast domains by blocking IP routes.