Security Pro 4-6
Microprobing
Accesses the chip's surface directly to observe, manipulate, and interfere with a circuit.
Collection of network resources
Domain
Software attacks
Exploits vulnerabilities in a card's protocols or encryption methods.
Which of the following is the correct acronym to remember the order in which Group Policy Objects (GPOs) are applied?
LSDOU LSDOU (Local, Site, Domain, Organizational Unit) is correct. The order of application is Local, Site, Domain, and Organizational Unit.
Network resource in the directory
Object
Logical organization of resources
Organizational unit
Which of the following is the MOST common form of authentication?
Password Passwords are the most common form of authentication. Most secure systems require only a username and password to provide users with access to the computing environment. Many forms of online intrusion attacks focus on stealing passwords. This makes using strong passwords very important. Without a strong password policy and properly trained users, the reliability of your security system is greatly diminished.
The IT department at a small company is revamping its password policies to bolster security. The company wants to ensure employees follow best practices for creating and managing passwords. The department aims to promote a secure environment by implementing password expiration policies. Which method for password management is BEST to promote a secure environment by requiring users to change their passwords after a certain period?
Password expiration Implementing a password expiration policy requires users to change their passwords after a set period. This practice helps reduce the risk of unauthorized access from compromised passwords obtained in the past.
A leading online retail company wants to improve user experience and security for its customers. The security team aims to eliminate the need for users to remember or input complex passwords, reducing the risk of password breaches. Instead, they propose a solution where users can access their accounts seamlessly through a secure link sent to their verified email or via a push notification on a trusted device. This approach should not involve traditional passwords, fingerprint scans, or multiple validation steps. Which authentication method is the security team planning to implement for users?
Passwordless authentication Passwordless authentication eliminates traditional passwords and relies on other factors like biometrics, security keys, or mobile push notifications for user verification.
The Hide Programs and Features page setting is configured for a specific user as follows: Policy Setting Local Group Policy Enabled Default Domain Policy GPO Not configured GPO linked to the user's organizational unit Disabled After logging in, the user is able to see the Programs and Features page. Why does this happen?
The GPO linked to the user's organizational unit is applied last, so this setting takes precedence. The GPO linked to the user's organizational unit is applied last. With this in mind, the setting that disables the policy to hide the Programs and Features page takes precedence.
You have configured a security device in your network to fail-closed. Which of the following will happen when an attack occurs?
The device will block access or enter the most secure state available when it fails. In a fail-closed configuration, the system prioritizes confidentiality and integrity over availability. If a failure occurs, access is blocked or the system enters the most secure state available.
A hospital has implemented a security device that processes sensitive patient information. The hospital wants to ensure that in the event of a failure, the confidentiality and integrity of the patient data take priority over the system's availability. What should the hospital set as the failure mode configuration for this security device?
The security device should be configured to fail-closed. A fail-closed configuration prioritizes confidentiality and integrity over availability. In the event of a failure, a fail-closed device would block access or enter the most secure state available, protecting patient data.
What is the main role of a load balancer in network security?
To distribute network traffic across multiple servers. A load balancer distributes client requests across available server nodes in a farm or pool, optimizing performance and providing fault tolerance.
Which of the following is a privilege or action that can be taken on a system?
User rights On a Microsoft system, a user right is a privilege or action that can be taken on a system: such as logging on, shutting down, backing up, or modifying the date and time. User rights apply to the entire system.
A global pharmaceutical company's IT team needs a secure solution for remote employees to access internal company resources from home. The solution must require user authentication, encapsulate and encrypt all traffic between the user and the internal network, and establish a secure tunnel. Which solution should the team choose?
Virtual Private Network (VPN) A VPN creates a secure private connection between the remote user's device and the company's internal network that requires authentication and uses a network tunnel.
Which of the following commands creates a new group and defines the group password?
groupadd -p
Which of the following commands is used to change the current group ID during a login session?
newgrp The newgrp command is used to change the current group ID during a login session. If the optional - flag is given, the user's environment is reinitialized as though the user had logged in. Otherwise, the current environment (including the current working directory) remains unchanged. You can use this when working in a directory in which all the files must have the same group ownership.
Which of the following commands assigns a user to a primary group?
usermod -g The usermod -g command assigns a user to a primary group.
Which of the following BEST describes the domain controller component of Active Directory?
A domain controller is a server that holds a copy of the Active Directory database that can be written to and is responsible for copying changes to Active Directory between the domain controllers. A domain controller is a server that holds a writable copy of the Active Directory database. It is responsible for managing changes to the database and replicating these changes to other domain controllers to ensure consistency across the network.
You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control should the access list use?
Explicit allow, implicit deny The access list should use explicit allow--users who are allowed access are specifically identified. The access list should also use implicit deny--users who are not explicitly allowed access are denied access.
Collection of related domain trees
Forest
Which of the following objects identifies a set of users with similar access needs?
Group A group is an object that identifies a set of users with similar access needs. Microsoft systems have two kinds of groups, distribution groups and security groups. Only security groups can be used for controlling access to objects.
You are configuring the Local Security Policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again. Which policies should you configure? (Select two.)
Minimum password age & Enforce password history
Which account type in Linux can modify hard limits using the ulimit command?
Root Only the root user in Linux can modify hard limits using the ulimit command.
Which type of group can be used for controlling access to objects?
Security Only security groups can be used for controlling access to objects.
Which of the following defines the crossover error rate for evaluating biometric systems?
The point where the number of false positives matches the number of false negatives in a biometric system. The crossover error rate, or the equal error rate, is the point where the number of false positives matches the number of false negatives in a biometric system.
You are attempting to delete the temp group but are unable to. Which of the following is the MOST likely cause?
The primary group of an existing user cannot be deleted. You cannot remove the primary group of any existing user. You must remove the user before you remove the group.
Which of the following protocols is primarily used for secure remote access to a network by creating an encrypted tunnel over the internet?
Transport Layer Security (TLS) Transport Layer Security (TLS) is the correct answer. TLS is a protocol that provides privacy and data integrity between two communicating applications. It's used to create an encrypted tunnel for secure remote access to a network over the internet.
Which of the following commands would you use to view the current soft limits on a Linux machine?
ulimit -a The ulimit -a command displays the current limits. The default shows soft limits.
An employee named Bob Smith, whose username is bsmith, has left the company. You have been instructed to delete his user account and home directory. Which of the following commands would produce the required outcome? (Select two.)
userdel bsmith;rm -rf /home/bsmith & userdel -r bsmith The userdel -r command deletes a user's home directory and user account. The userdel command by itself does not delete a user's home directory and user account. Executing rm -rf on the user's home directory after executing userdel removes the home directory.
How many network interfaces does a dual-homed gateway typically have?
3 A dual-homed gateway is a firewall device that typically has three network interfaces: one connected to the internet, one connected to the public subnet, and one connected to the private network.
Which of the following ports are used with TACACS?
49 Terminal Access Controller Access Control System (TACACS) uses port 49 for TCP and UDP.
What is mutual authentication?
A process by which each party in an online communication verifies the identity of the other party. Mutual authentication is the process by which each party in an online communication verifies the identity of the other party. Mutual authentication is most common in VPN links, SSL connections, and e-commerce transactions. In each of these situations, both parties in the communication want to ensure that they know with whom they are interacting.
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?
Access token When a security principal logs on, an access token is generated. The access token is used to control access to resources and contains the following information:
What is the name of the service included with the Windows Server operating system that manages a centralized database containing user account and security information?
Active Directory Active Directory (AD) is a centralized database that is included with the Windows Server operating system. Active Directory is used to store information about a network. It stores such things as user accounts, computers, printers, and security policies.
You are the office manager of a small financial credit business. Your company handles personal financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records, but the budget is an issue for your company. Which item would provide the BEST security for this situation?
All-in-one security appliance An all-in-one security appliance would provide the best overall protection. All-in-one security appliances take up the least amount of space and require the least amount of technical assistance for setup and maintenance. Security functions in an all-in-one security appliance can include the following: Spam filter URL filter Web content filter Malware inspection Intrusion detection system (IDS) In addition to security functions, all-in-one security appliances can include the following: Network switch Router Firewall Tx uplink (integrated CSU/DSU) Bandwidth shaping
Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject?
Attribute-based access control (ABAC) The ABAC model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject.
RADIUS is primarily used for what purpose?
Authenticating remote clients before access to the network is granted Remote Authentication Dial-In User Service (RADIUS) is primarily used for authenticating remote clients before access to a network is granted.
What is the process of controlling access to resources such as computers, files, or printers called?
Authorization Authorization is the process of controlling access to resources such as computers, files, or printers.
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Bastion or sacrificial host A bastion or sacrificial host is one that is unprotected by a firewall. The term bastion host is used to describe any device fortified against attack (such as a firewall). A sacrificial host might be a device intentionally exposed to attack, such as a honeypot.
The IT manager of a medium-sized organization is designing a new network infrastructure to secure its enterprise infrastructure by implementing an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS). The manager is considering different deployment methods for the IPS/IDS to optimize their effectiveness. The organization's network includes multiple security zones, a virtual private network (VPN) for remote access, and a web application firewall (WAF). Which deployment method provides the MOST comprehensive protection in this scenario?
Deploy the IPS/IDS devices in inline mode at the network perimeter. Deploying the IPS/IDS devices in inline mode at the network perimeter allows for real-time analysis and reaction to potential threats, providing comprehensive protection for all inbound and outbound network traffic.
A small start-up has recently launched its first web application. To ensure high availability and to handle potential traffic spikes, the start-up decides to implement a load balancer in its network infrastructure. The network technician must secure the load balancer against basic threats. What is the fundamental step the network technician should take to secure the load balancer?
Disable unnecessary services on the load balancer. Disabling unnecessary services on the load balancer is a fundamental step in reducing the attack surface and enhancing security.
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
Discretionary access control (DAC) This is an example of a discretionary access control list (DACL), which uses the discretionary access control (DAC) model. With DAC, individuals use their own discretion (decisions or preferences) for assigning permissions and allowing or denying access.
A large multinational corporation has multiple domains that share the same contiguous DNS namespaces, as well as domains with different DNS namespaces. The IT department is tasked with organizing these domains. Which of the following options best describes how the domains should be grouped?
Domains with the same contiguous DNS namespaces should be grouped into a tree, and all trees should be grouped into a forest. Domains with the same contiguous DNS namespaces should be grouped into a tree, and all trees should be grouped into a forest. In Active Directory, a tree is a group of related domains that share the same contiguous DNS namespaces. A forest, on the other hand, is the highest level of the organization hierarchy and is a collection of related domain trees. The forest establishes the relationship between trees that have different DNS namespaces.
Which of the following is another name for a firewall that performs router functions?
Dual-homed gateway A firewall performing router functions is considered a screening router. A screening router is the router that is most external to your network and closest to the internet. It uses access control lists (ACLs) to filter packets as a form of security.
Which of the following is a characteristic of TACACS+?
Encrypts the entire packet, not just authentication packets TACACS+ was originally developed by Cisco for centralized remote access administration. TACACS+: Provides three protocols (one each for authentication, authorization, and accounting). This allows each service to be provided by a different server. Uses TCP port 49. Encrypts the entire packet contents, not just authentication packets. Supports more protocol suites than RADIUS.
An organization implements a new network infrastructure and plans to use an intrusion prevention system (IPS) for security. The IT manager wants to ensure that the IPS will continue to let traffic flow if it fails. Which failure mode should the IT manager configure the IPS?
Fail-open In a fail-open mode, if the IPS fails, it will still allow traffic to pass through, maintaining network connectivity
A manufacturing company recently bought out another similar company. They need to link each company's directory systems together to access their resources without merging the two. How can they link the two directory systems together?
Federation Federation directories allow two different subsets of accounts to work together for permissions and access.
Your financial planning company is forming a partnership with a real estate property management company. One of the requirements is that your company open up its directory services to the property management company to create and access user accounts. Which of the following authentication methods will you be implementing?
Federation In this scenario, you would be implementing a federation authentication method. Federation is the notion that a network needs to be accessible to more than just a well-defined group of employees, such as trusting user accounts created and managed by a different network.
You are a security consultant tasked with implementing a biometric authentication system for a small business. The business owner wants a system that is cost-effective, non-intrusive, and relatively simple for employees to use. Which biometric authentication method would you recommend?
Fingerprint recognition Fingerprint recognition is cost-effective, non-intrusive, and simple to use, making it the most suitable option for a small business. The technology required for scanning and recording fingerprints is relatively inexpensive and straightforward.
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon?
Gap analysis The CISO would be preparing a gap analysis report. This report shows the defects in the company's current security posture against the NIST Cybersecurity Framework (or any other baseline security framework).
Which of the following statements correctly describe the characteristics of generic containers in Active Directory? (Select two.)
Generic containers are used to organize Active Directory objects & Generic containers cannot hold other organizational units. Like organizational units, generic containers are used to organize Active Directory objects.
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
Have Marcus log off and log back in. On a Microsoft system, an access token is only generated during authentication. Changes made to group memberships or user rights do not take effect until the user logs in again and a new access token is created.
Lori, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages. However, she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is MOST likely preventing her from accessing this system?
Her user object has been assigned an explicit Allow permission to the performance management system, but she inherited the Deny permission assigned to the Project Management group (which she still belongs to). Inherited Deny permissions override explicit Allow permissions. The most likely cause of this problem is that Lori is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.
A tech company is developing a new software product. The development team is distributed across different locations and needs to securely access and work on specific systems located in the company's main office. The team members need to establish secure communication channels between their individual devices and the specific systems in the office. Which remote access architecture would be the most suitable for this scenario?
Host-to-host tunnel topology Host-to-host tunnel topology is the correct answer. In a host-to-host tunnel topology, individual devices establish a secure tunnel between each other over a public network. This type of VPN is typically used for secure communication between specific hosts or endpoints, which is exactly what the team members need in this scenario.
You are a network architect for a large organization. The organization is planning to upgrade its network infrastructure to support a new business application. The application requires high availability, secure data transfer, and efficient handling of large data volumes. Which of the following network design considerations best aligns with the requirements of the new business application?
Implementing a layered network design based on the OSI model with appropriate security controls at each layer. A layered network design based on the OSI model is the correct answer. The OSI model allows for the implementation of appropriate security controls at each layer, from the physical layer up to the application layer. This design also supports high availability and efficient handling of large data volumes by allowing for network segmentation and the use of specialized devices and protocols at each layer.
You are the IT security manager for a rapidly growing tech company. The company has been using simple password authentication for all systems. However, with the increasing number of employees and the sensitivity of the data being handled, you decide it's time to harden the authentication methods. Which of the following steps would be the MOST effective in achieving this goal?
Implementing multifactor authentication (MFA) for all systems. Implementing multifactor authentication (MFA) is the most effective option. MFA requires users to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. It adds an additional layer of security, reducing the likelihood of successful cyber attacks.
You are a cybersecurity specialist for a financial institution that is planning to enhance its network security. The institution has decided to adopt a defense in depth strategy. Which of the following approaches would BEST align with a defense in-depth strategy?
Implementing multiple security measures at different network layers, including firewalls, intrusion detection systems, and regular patch management. Implementing multiple security measures at different network layers aligns with the defense in-depth strategy is the correct answer. This approach ensures that if one security measure fails, others are in place to provide protection.
A company wants to set up a private network that employs internet information services for internal use only, including web servers and email servers that are used by company employees. What type of network is the company planning to set up?
Intranet An intranet is a private network (LAN) that employs internet information services for internal use only. For example, a company network might include web servers and email servers that are used by company employees. This matches the scenario described in the question.
You are a network administrator for a large multinational corporation. The corporation has offices in multiple countries and uses various software products from different vendors. The CEO wants to implement a system that stores information about users, computers, security groups/roles, and services, and allows for interoperability between different vendors' products. Which directory service would you recommend?
Lightweight Directory Access Protocol (LDAP) Lightweight Directory Access Protocol (LDAP) is the correct answer. LDAP is a protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information. Most directory services, including those from different vendors, are based on LDAP, which allows for interoperability.
Group Policy Objects (GPOs) are applied in which of the following orders?
Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (highest to lowest). Group Policy Objects (GPOs) are applied in the following order: The Local Group Policy on the computer. GPOs linked to the site. GPOs linked to the domain that contains the User or Computer object. GPOs linked to the organizational unit (OU) that contains the User or Computer object (from the highest-level OU to the lowest-level OU).
You are configuring the Local Security Policy of a Windows system. You want to require users to create passwords that are at least ten characters in length. You also want to prevent login after three unsuccessful login attempts. Which policies should you configure? (Select two.)
Minimum password length & Account lockout threshold Set the Minimum password length policy to require a password equal to or longer than the specified length. Set the Account lockout threshold policy to lock an account after the specified number of incorrect login attempts.
A company wants to set up single sign-on (SSO) without passing credentials through to each piece of software and cloud service. Which protocol would meet this requirement?
OAuth The Open Authorization (OAuth) protocol is a system that facilitates sharing of information (resources) within a user profile between sites. The user can link that identity to an OAuth consumer site without giving the password to the consumer site.
In a company, different departments actively access various cloud-based applications and services to perform their tasks efficiently. The company's security team has concerns about the growing complexity and risks of managing user credentials across multiple platforms. To address this concern proactively, the team implements a modern authentication solution that actively provides single sign-on (SSO) capabilities, ensuring enhanced user convenience and security. In this scenario, which technology should the organization proactively employ for federation and enabling SSO capabilities effectively across the diverse range of cloud-based applications?
Open Authorization (OAuth) In this scenario, the organization uses Open Authorization (OAuth) for federation, allowing secure authorization and delegation of user access to third-party applications without exposing user credentials.
What needs to be configured on a firewall to allow traffic directed to the public resource in the screened subnet?
Packet filters Packet filters on the firewall allow traffic directed to the public resources inside the screened subnet. Packet filters also prevent unauthorized traffic from reaching the private network.
Which of the following identifies the type of access that is allowed or denied for an object?
Permissions Permissions define the rights and access users and groups have with objects. Permissions are applied to objects such as files and folders.
Which of the following are examples of something you have authentication controls? (Select two.)
Photo ID & Smart card Something you have authentication controls include physical items that you have on your possession, such as a smart card, photo ID, token device, or swipe card.
A corporation's IT department is integrating a new framework that permits, ascertains, and applies various resources in accordance with established company policies. Which principle should the department incorporate?
Policy-driven access control Policy-driven access control uses policies to control access to resources, allowing the organization to systematically enforce rules about who can access which resources under which conditions.
What is the primary purpose of separation of duties?
Prevent conflicts of interest. The primary purpose of separation of duties is to prevent conflicts of interest by dividing administrative powers between several trusted administrators. This prevents a single person from having all of the privileges over an environment, which would create a primary target for attack and a single point of failure.
Which technology is primarily used by smart cards to store digital signatures, cryptography keys, and identification codes?
Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) is the technology primarily used by smart cards. It allows for the storage of digital signatures, cryptography keys, and identification codes, providing secure and encrypted communication.
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to BEST protect the servers? (Select two.)
Put the database server inside the screened subnet & Put the database server on the private network. Publicly accessible resources (servers) are placed inside the screened subnet. Examples of publicly accessible resources include web, FTP, or email servers. Devices that should not be accessible to public users are placed on the private network.
Which of the following are differences between RADIUS and TACACS+?
RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers. TACACS+ provides three protocols (one each for authentication, authorization, and accounting). This allows each service to be provided by a different server. In addition, TACACS+: Uses TCP Encrypts the entire packet contents Supports more protocol suites than RADIUS
Which of the following are the access levels that are generally granted on the directory in LDAP? (Select two.)
Read/write access & Read-only access Read-only access (query) - This level of access allows users to view and query the data in the directory but not modify it. It's essential for users who need to retrieve information but should not change it. Read/write access (update) - This level of access allows users to both view and modify the data in the directory. It's necessary for users who need to update or change the information in the directory.
A multinational corporation wants to enable its IT support team to provide remote assistance to employees across various locations. The support team needs to be able to take control of the employees' computers to troubleshoot and resolve issues. The corporation primarily uses Windows-based systems. Which technology would be the MOST suitable for this purpose?
Remote Desktop Protocol (RDP) Remote Desktop Protocol (RDP) is the correct answer. RDP is a proprietary protocol developed by Microsoft that allows a user to connect to another computer over a network connection in a graphical interface. This makes it ideal for IT support teams to remotely control and troubleshoot issues on employees' computers.
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the internet from the library's computers. The students use the computers to search the internet for research paper content. The school budget is limited. Which content filtering option would you choose?
Restrict content based on content categories. Restricting content based on categories would provide the most protection with the least amount of research and involvement.
A proxy server can be configured to do which of the following?
Restrict users on the inside of a network from getting out to the internet. Proxies can be configured to: Restrict users on the inside of a network from getting out to the internet. Restrict access by user or by specific website. Restrict users from using certain protocols. Use access controls to control inbound or outbound traffic. Shield or hide a private network to provide online anonymity and make it more difficult to track web surfing behavior. Cache heavily accessed web content to improve performance.
You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is being used?
Role-based access control (RBAC) Role-based access control (RBAC) allows access based on a role in an organization, not individual users. Roles are defined based on job description or a security-access level. Users are made members of a role and receive the permissions assigned to the role.
Which of the following is an example of rule-based access control?
Router access control lists that allow or deny traffic based on the characteristics of an IP packet. A router access control list that allows or denies traffic based on the characteristics of an IP packet is an example of rule-based access control.
Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object?
SACL A system access control list (SACL) is used by Microsoft for auditing in order to identify past actions performed by users on an object.
A real estate investment firm wants to implement single sign-on (SSO) for its dozens of services and software. The firm found a vendor to implement that request using the eXtensible Markup Language (XML) standard. What solution does this vendor use for SSO?
SAML Security Assertion Markup Language (SAML) allows for federating a network or cloud system. SAML assertions and claims between the principal, the relying party, and the identity provider use eXtensible Markup Language as their structure.
You are a network security engineer for a large corporation. The company is planning to launch a new software product and wants to provide customer access to this product over the internet. The company also wants to ensure that the internal production network remains secure. Which type of common security zone would be the MOST appropriate to implement in this scenario?
Screened Subnet Screened subnet is the correct answer. A screened subnet is used as a public-facing accessible network. It acts as a buffer and a barrier to the internal production network, which is accessible from the internet. It can be configured using either one or two firewalls and acts as the middleman between the internet and the internal network. This makes it the most appropriate choice for this scenario.
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?
Screened subnet A screened subnet (or DMZ) is a network placed between a private secured network and the untrusted internet to grant external users access to internally controlled services. The screened subnet serves as a buffer network.
The IT security team at a large tech company is strengthening its authentication methods to protect sensitive company data and systems. The team considered implementing various security measures and understood that each authentication method has distinct features and benefits. However, they must choose the MOST suitable option that aligns with the organization's security requirements and user convenience. Which authentication method utilizes a physical device or software to generate secure, unique codes and offers convenience and strong security?
Security keys Security keys are authentication devices, either physical hardware or software-based, that generate secure, unique codes for authentication purposes.
The IT administrator for a large university uses an LDAP directory service to manage user access to various computing resources. To ensure the directory's security, which of the following measures should the administrator implement?
Set up LDAP Secure (LDAPS) with a digital certificate on port 636 for secure user credential exchange. Setting up LDAP Secure (LDAPS) with a digital certificate on port 636 for secure user credential exchange encrypts data and ensures the protection of user credentials during transmission by providing a secure tunnel.
You are the cybersecurity lead at a large corporation. Recently, your organization has been experiencing an increase in SMTP-based attacks such as open relay, DDoS, and spam attacks. You need to devise a strategy to not only mitigate these attacks but also gather information about the attackers' tactics. Which of the following would be the BEST solution?
Set up an email honeypot designed to attract and trap these types of attacks. In this scenario, an email honeypot is the best solution. It is designed to attract SMTP-based attacks. While it's distracting the attacker, the cybersecurity team can monitor the malicious activity to learn what the attacker is trying to do, which can be used to strengthen the company's defenses.
You are a cybersecurity specialist at a large corporation. Your company has been experiencing an increase in cyber attacks recently. To better understand the tactics and techniques of the attackers, you have decided to set up a honeynet. Which of the following is the BEST way to set up and use a honeynet?
Set up the honeynet with decoy systems and monitor it for attacker activity. A honeynet should be set up with decoy systems that mimic real systems. Monitoring the honeynet allows the cybersecurity team to gather information about the attackers' tactics and tools, which can be used to strengthen the company's defenses.
What is the effect of the following command? chage -M 60 -W 10 jsmith
Sets the password for jsmith to expire after 60 days and gives a warning 10 days before expiration. Using chage -M 60 -W 10 jsmith sets the password for jsmith to expire after 60 days and gives a warning 10 days before expiration.
You are a network engineer for a multinational corporation. The corporation is planning to expand its operations to a new location and you are tasked with designing the network for the new site. The network should be robust, scalable, and secure. Which of the following approaches to setting up network nodes at the new site would best meet these requirements?
Setting up multiple network nodes, each dedicated to a specific function such as routing, switching, and firewalling. Setting up multiple network nodes, each dedicated to a specific function, is the correct answer and allows for better performance, scalability, and security. Each node can be optimized for its specific function, and if one node fails, the impact on the overall network is minimized.
You are the IT security manager for a large corporation. The company has been using shared accounts for certain systems due to ease of access and convenience. However, you are considering implementing a policy to prohibit the use of shared accounts. Which of the following are valid reasons for this decision? (Select two.)
Shared accounts can lead to accountability issues & shared accounts can compromise the principle of least privilege. making it difficult to track who did what. If an issue arises, it's nearly impossible to hold the appropriate person accountable because multiple people have access to the same account & The principle of least privilege states that users should only have access to the resources they need to do their jobs and nothing more. Shared accounts often have broad access rights, which can lead to unauthorized access to sensitive information.
An educational institution's systems administrator is responsible for securing the LDAP directory service for the organization's computing resources. Which authentication method should the systems administrator implement to ensure secure access?
Simple Authentication and Security Layer (SASL) SASL allows the client and server to negotiate a supported authentication mechanism and provides the option to use the command STARTTLS for encryption and message integrity. This feature is a secure way to access the Lightweight Directory Access Protocol (LDAP) directory.
After finding a corporate phone unattended in a local mall, an organization decides to enhance its multi-factor authentication (MFA) procedures. What MFA philosophy applies a location-based factor for authentication?
Somewhere you are Somewhere you are means the system applies a location-based factor to an authentication decision. Location-based authentication measures some statistics about where you are.
Which of the following is the MOST likely to happen if the firewall managing traffic into the screened subnet fails?
The LAN is compromised, but the screened subnet stays protected. If the firewall managing traffic into the screened subnet fails, only the servers in the screened subnet are subject to compromise. The LAN is protected by default.
In a Kerberos authentication system, how does the Ticket Granting Service (TGS) contribute to the single sign-on (SSO) process?
The TGS issues service tickets to clients for accessing specific services. The TGS issues service tickets to clients after they have been authenticated. These service tickets allow clients to access specific services without having to re-authenticate.
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user's identity to the target system?
Ticket The tokens used in Kerberos authentication are known as tickets. Tickets perform a number of functions, including notifying the network service of the user who has been granted access and authenticating the identity of that person when he or she attempts to use the network service.
What is the primary function of an AAA server in a network?
To handle user requests for access to computer resources To handle user requests for access to computer resources is the correct answer. An AAA server (authentication, authorization, and accounting) handles user requests for access to computer resources. It typically controls client access to remote systems and can centralize the administration of remote access policies.
You are a network engineer for a global company that is implementing a new real-time data processing system. This system requires efficient and reliable data transfer between different network segments. Which of the following network components would be most critical in ensuring the efficient and reliable transfer of real-time data in this scenario?
Transport protocols Transport protocols is the correct answer. Transport protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP), operate at the transport layer (Layer 4) of the OSI model. They are responsible for the end-to-end transfer of data between systems and can provide mechanisms for ensuring reliable data transfer, which is critical for real-time data processing systems.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?
Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet. A screened subnet (or DMZ) is a buffer network (or subnet) that sits between the private network and an untrusted network such as the internet. A common configuration uses two firewalls, one connected to the public network and one connected to the private network. Publicly-accessible resources (servers) are placed inside the screened subnet. Examples of publicly-accessible resources include web, FTP, or email servers. Private resources that are not accessible from the internet are placed behind the screened subnet (behind the inner firewall).
You are a system administrator and you notice that a particular user's processes are consuming an unusually high amount of system resources, causing performance issues for other users. You decide to use the ulimit command to limit the resources available to this user's processes. Which of the following options would be the MOST effective solution and why?
Use the -t option to limit the amount of CPU time a process can use. Limiting the amount of CPU time a process can use would be the most effective solution in this case. This would prevent any single process run by the user from consuming too much CPU time and causing performance issues for other users.
Which security mechanism uses a unique list that meets the following specifications: The list is embedded directly in the object itself. The list defines which subjects have access to certain objects. The list specifies the level or type of access allowed to certain objects.
User ACL A user ACL (user access control list) is a security mechanism that defines which subjects have access to certain objects and the level or type of access allowed. This security mechanism is unique for each object and embedded directly in the object itself.
Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system?
Username The username is typically the least protected identification and authentication factor. Therefore, usernames are often well known or easy to discover, especially by others on the same network or system. The key to maintaining a secure environment is to keep authentication factors secret. Often, usernames are constructed using a standard naming convention, such as first and middle initials plus the full last name, or the first name and last name separated by a period. If these simple construction conventions are known, building usernames from an employee list is very simple.
You have just configured the password policy and set the minimum password age to 10. What is the effect of this configuration?
Users cannot change the password for 10 days. The minimum password age setting prevents users from changing the password too frequently. After the password is changed, it cannot be changed again for at least 10 days.
You are a network engineer for a large corporation that is planning to implement a new intrusion detection system (IDS). The corporation has a high volume of network traffic and requires real-time monitoring for potential security threats. Which of the following approaches to integrating the IDS into the corporation's network would best meet these requirements?
Using a Test Access Point (TAP) device to provide the IDS with a copy of the network traffic. Using a Test Access Point (TAP) device is the correct answer. A TAP device allows the IDS to receive a copy of all network traffic without impacting network performance. This approach enables real-time monitoring and is suitable for networks with high traffic volumes.
Which of the following is the BEST solution to allow access to private resources from the internet?
VPN A VPN provides a secure outside connection to an internal network's resources. A VPN server can be placed inside the screened subnet. Internet users can be required to authenticate to the VPN server and then allowed communications from the VPN server to the private network. Only communications coming through the VPN server are allowed through the inner firewall.
In which of the following situations would you MOST likely implement a screened subnet?
You want to protect a public web server from attack. Use a screened subnet to protect public hosts on the internet, such as a web server, from attack. The screened subnet uses an outer firewall that prevents internet attacks. All publicly-accessible hosts are inside the screened subnet. A second firewall protects the private network from the internet.
You are the administrator for a small company, and you need to add a standard new group of users to the system. The group's name is sales. Which command accomplishes this task?
groupadd sales Use the groupadd utility to add a group to the system. By default, the group is added with an incrementing number above those reserved for system accounts.
You have a group named temp_sales on your system. The group is no longer needed, so you should remove it. Which of the following commands should you use?
groupdel temp_sales
You want to see which primary and secondary groups the dredford user belongs to. Enter the command you would use to display group memberships for dredford.
groups dredford To display the primary and secondary group membership for a specified user account, use the groups command. In this case, you would enter:
Which of the following commands removes a user from all secondary group memberships?
usermod -G "" usermod - G "" removes the user from all secondary group memberships. Do not include a space between the quotes.
You have performed an audit and found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable this account?
usermod -L joer Use usermod -L joer to lock the user's password. Doing so disables the account.
You have a group named Research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use?
gpasswd Research Use gpasswd Research to be prompted to enter a new password for the Research group.
Group of related domains
Tree
You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain, but you want users in the Administrators OU to have a different set of internet options. What should you do?
Create a GPO user policy for the Administrators OU. Internet options are configured in the User Policies section of a GPO. Linking this policy to the Administrators OU only applies it to users in that OU because GPOs linked to OUs are applied last.
John, a security analyst, is using a smart card to gain access to a secure server room. He simply waves his card near the card reader and the door unlocks. Later, he uses the same card to log into his computer by inserting it into a card reader. Based on this information, is John using a contact or contactless smart card?
Both a contact and contactless smart card, because he used the card both by inserting it into a reader and by waving it near a reader. John is using a smart card that has both contact and contactless capabilities. This type of card is known as a dual-interface smart card. It can be used by inserting it into a card reader (contact) and by waving it near a reader (contactless).
Eavesdropping
Captures transmission data produced by a card as it is used.
Which of the following is a limitation of using a DNS sinkhole as a cybersecurity measure?
DNS sinkholes are ineffective if the malware uses a public DNS server or its own DNS server. If the malware uses a public DNS server or its own DNS server, a DNS sinkhole will not be effective because it won't be able to intercept and redirect the DNS queries.
Fault generation
Deliberately induces malfunctions in a card.
A company is planning to implement a remote access architecture to allow its employees to work from home. The company has a central office where all its servers and applications are located. The employees need to access these resources securely from their home computers. Which remote access architecture would be the most suitable for this scenario?
Client-to-site VPN technology Client-to-site VPN technology is the correct answer. Client-to-site VPN technology allows individual users to securely connect to a private network from a remote location. It establishes a secure tunnel between the user's device (the client) and the network's gateway (the site). This enables users to access resources, applications, and services within the private network as if they were physically present at the site. Client-to-site VPNs are commonly used for remote work.
You are a cybersecurity expert implementing a zero trust model in a large organization. You are tasked with designing the control and data planes. Which of the following strategies should you prioritize and why?
Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency. Balancing your focus between the control and data planes is the most effective strategy. In a zero trust model, both planes play crucial roles. The control plane ensures proper network configuration and management, while the data plane handles data traffic. Ensuring both are optimized for security and efficiency can prevent breaches and ensure smooth network operations.
You have hired ten new temporary employees to be with the company for three months. How can you make sure that these users can only log on during regular business hours?
Configure day/time restrictions in user accounts. Use day/time restrictions to limit the days and hours when users can log on.
You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which action should you take?
Create a GPO computer policy for the computers in the Development OU. Network communication security settings are configured in the Computer Policies section of a GPO.
Which of the following chage option keeps a user from changing their password every two weeks?
-m 33 Using chage -m 33 forces a user to keep his or her password for 33 days. This sets the minimum number of days that must pass after a password change before a user can change the password again.
Using the groupadd -p command overrides the settings found in which file?
/etc/login.defs Using the groupadd command with the -p option overrides the default settings found in the /etc/login.defs file. The file is not located in the /root/ directory.
You are a network architect for a rapidly growing startup. The startup is planning to expand its operations and is considering a major upgrade to its network architecture. Which of the following factors should be your primary consideration when designing the new network architecture?
Balancing costs, compute and responsiveness, scalability, availability, and resilience. Balancing costs, compute and responsiveness, scalability, availability, and resilience is the best approach to network architecture design. This approach ensures that the network can meet the startup's current and future needs, while also considering cost-effectiveness and the ability to recover from potential failures.
Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?
Need to know Need to know is used with mandatory access control environments to implement granular control over access to segmented and classified data.
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones with no other values changed. Which of the following commands would accomplish this?
usermod -l kjones kscott Use the usermod command to modify user settings. Use the -l flag to signal a change to the username. The correct syntax requires the new username value be given, followed by the old username.