SYO-401 Practice Questions
Change management
Before updating some production networking devices, you have been asked to first submit a an implementation plan and a roll-back plan. Which type of risk mitigation strategy is being used here? A. Routine audit B. Change management C. Rights and permissions review D. Configuration management
Document the results and report the findings according to the incident response plan.
Bob, a security officer, has been ordered to look into a possible vulnerability on a server. After investigating, he decides it was a false alarm. Which of these is the BEST action he should take here? A. Mark the finding as a false-negative and close the service request. B. Write up the findings and disable the vulnerability rule in future vulnerability scans. C. Document the results and report the findings according to the incident response plan. D. Refer the issue to the server administrator for resolution.
Port security
A group of visitors connect their laptops to your wired network and start using up a large chunk of your bandwidth. How can you prevent this situation in the future? A. Flood guards B. Port security C. VLAN configuration D. Loop protection
Social networking
A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following? A. Peer to Peer B. Mobile devices C. Social networking D. Personally owned devices
DMZ
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network? A. VLAN B. Subnet C. VPN D. DMZ
Metrics
A security team has established a security awareness program. Which of the following would BEST prove the success of the program? A. Policies B. Procedures C. Metrics D. Standards
Enforce authentication for network devices.
Each cubicle in your company needs to have a VoIP phone and a desktop computer. Which of these would be the best way to prevent users from connecting unauthorized devices to the network? A. Configure the phones on one VLAN and computers on another. B. Enable and configure port channels. C. Make users sign an Acceptable Use Agreement. D. Enforce authentication for network devices.
Calculate the ALE
How would you calculate the total monetary losses from a vulnerability that has been exploited? A. Calculate the TCO B. Calculate the ALE C. Calculate the ARO D. Calculate the MTBF
Increase the humidity in the room.
How would you reduce the chances of electric shocks when touching metal items in your server room? A. Implement EMI shielding. B. Utilize better hot/cold aisle configurations. C. Increase the humidity in the room. D. Decrease the room temperature.
Lessons learned
In which of the following steps of incident response does a team analyze the incident and determine steps to prevent a future occurrence? A. Mitigation B. Identification C. Preparation D. Lessons learned
Defense in depth
On your company systems, your admin has installed anti-virus software and then configure whitelisting controls to prevent malware and unauthorized application installation. What has he achieved by combining these two technologies? A. Defense in depth B. Anti-malware C. Application hardening D. Vulnerability scanning
Avoidance
One of your datacenters is handling some sensitive data, however, it is in an area with a volatile political situation. You decide to move that data to another datacenter in a more stable region. Which risk mitigation strategy did you adopt here? A. Acceptance B. Sharing C. Avoidance D. Transference E. Deterrence
Data analysis
One of your forensic analysts was handed a hard-drive to investigate. He used a log to capture events, then sent the evidence to the lawyers to be used in a court case. Which of these is being demonstrated? A. Order Of Volatility B. Data analysis C. Tracking man hours and expenses D. Chain of custody
VLAN Subnetting
Pick TWO ways to segment your network based on organizational groups: A. VPN B. DMZ C. VLAN D. NAT E. NAC F Subnetting
Anomaly based IDS
Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms? A. Signature based IPS B. Signature based IDS C. Application based IPS D. Anomaly based IDS
Separation of duties Change management policy
The same admin who approves patches also deploys them. Your company has no formal vetting process for installed patches, and there is no documented patch management process. Which TWO controls should you implement to reduce the risk involved with this situation? A. Least privilege B. IT contingency planning C. Dual control D. Separation of duties E. Mandatory job rotation F. Change management policy
software as a service
What is it called when you use a cloud infrastructure as your company's payment portal? A. software as a service B. platform as a service C. monitoring as a service D. infrastructure as a service
Session affinity
What's it called when a load-balancer can remember a user, and always send that user to the same server? A. URL filtering B. Behavior monitoring C. Cookie tracking D. Session affinity
RAM
When gathering evidence of a cyber-crime, in which of these system components should you capture data FIRST? A. TPM B. RAM C. NVRAM D. SSD
ISA
Which document would you need if you were going to share data between two companies, and you wanted to outline the data sensitivity, as well as the type and flow of the data? A. MOA B. BPA C. ISA D. SLA
To ensure that a personnel management plan is in place to ensure continued operation of critical processes during an incident
Which is the BEST description/objective of the term "succession planning"? A. To document the order that systems should be reinstated at the primary site after a failover to operation at the backup site B. To determine the appropriate order in which to contact internal resources, third party suppliers, and external customers during a disaster C. To ensure that a personnel management plan is in place to ensure continued operation of critical processes during an incident D. To identify and document the successive order in which critical systems should be reinstated following a disaster
Defense in depth
Which is the best reason to include several different elements like firewalls, IDS's, DMZ's, HIPs, and antivirus servers in your network? A. Defense in depth B. Load balancers C. UTM security appliance D. Network segmentation
Change management
Which is the best way to ensure that ad hoc changes aren't making their way into your live applications? A. Permissions reviews B. Incident management C. Change management D. Perform routine audits
VLAN
Which network design component would separate network traffic based on the logical location of users? A. IPsec B. NAC C. VLAN D. DMZ
RAID 5
Which of these uses disk striping with parity? A. RAID 0 B. RAID 1 C. RAID 2 D. RAID 5
Least privilege
Which of these would prevent users from installing unauthorized applications? A. Least privilege B. Antivirus C. Account lockout D. Job rotation
Disabling SSID broadcasting
You want to create a small wireless network for testing before you roll the network out company-wide. For now though, you don't want to tell employees about it yet. Which of these would offer the greatest obscurity about the new wireless network? A. Implementing WPA2 - TKIP B. Implementing WPA2 - CCMP C. Disabling SSID broadcasting D. Filtering test workstations by MAC address
Install a proxy server.
You want to monitor and limit users' access to external websites. Which of the following would BEST address this? A. Block all traffic on port 80. B. Implement NIDS. C. Use server load balancers. D. Install a proxy server.
Multicast
Your video application relies on IGMP to function. Which of these is your app most likely using? A. VoIP B. RTP C. Anycast D. Multicast
To create environmental hot and cold aisles
What would be the reason for having two racks of servers, one behind the other, facing in opposite directions? A. To eliminate the potential for electromagnetic interference B. To lower energy consumption by sharing power outlets C. To maximize fire suppression capabilities D. To create environmental hot and cold aisles
Data retention policy
What's the name of the policy that defines how long certain types of data should remain on company equipment? A. Data disposal policy B. Data wiping policy C. Data retention policy D. Data classification policy
First responders
When developing your incident response plan, who should be trained on Order Of Volatility, Chain of Custody, and forensics? A. Data custodians B. Security guards C. System owners D. First responders
Performance and service delivery metrics
When you audit your business partner and compare your findings to the SLA, you are trying to verify: A. Backups are being performed and tested B. Risk awareness is being adhered to and enforced C. Performance and service delivery metrics D. Data ownership is being maintained and audited
Succession planning
Which BCP aspect involves choosing new key personnel when there is a loss? A. Redundancy B. Succession planning C. Business impact analysis D. Removing single points of failure
MAC filtering Enable WPA2
Which TWO would prevent unauthorized devices from connecting to your wireless network? A. Implement 802.11n B. MAC filtering C. Enable WPA2 D. Configure DHCP reservations E. Creating a separate wireless VLAN
DLP
Which control should you use to reduce the risk of losing USB drives that contain confidential data? A. Asset tracking B. DLP C. Access control D. HSM
Proxies
Which device allows you to inspect network traffic by redirecting packets before sending them on to their final destination? A. Proxies B. Load balancers C. Protocol analyzer D. VPN concentrator
Perform routine user permission reviews.
Which of the following is the BEST approach to perform risk mitigation of user access control rights? A. Conduct surveys and rank the results. B. Perform routine user permission reviews. C. Implement periodic vulnerability scanning. D. Disable user accounts that have not been used within the last two weeks.
Switch Port Security
Which of these can ensure that only authorized devices can connect to your switch, based on MAC address? A.Flood guard B. Private VLANs C. Switch Port Security D. Implicit deny
NAC
Which of these can scan computers to make sure they have antivirus software, before the computer is allowed to access the network? A. NIDS B. MAC filtering C. Network port protection D. NAC
Placing a NIDS between the corporate firewall and ISP
Which of these configurations would give you the MOST information regarding threats while also minimizing the risk to the internal corporate network? A. Configuring the wireless access point to be unencrypted B. Increasing the logging level of internal corporate devices C. Allowing inbound traffic to a honeypot on the corporate LAN D. Placing a NIDS between the corporate firewall and ISP
SLA
Which of these documents contains information about how and when something will be done, as well as penalties for failure? A. BPA B. ISA C. MOU D. SLA
Port security
Which of these is the best way to prevent unauthorized devices from connecting to the corporate network? A. NIDS B. VLAN trunking C. Port security D. Loop protection E. Host hardening
Job rotation
Which of these risk mitigation techniques could help prevent collusion between users? A. Job rotation B. Least privilege C. Separation of duties D. Dual control
Escape routes
Which of these would BEST address physical safety concerns for your building? A. Escape routes B. Biometrics C. Reinforcements D. Access controls
Biometric access system
Which of these would be MOST relevant to logical security controls? A. Environmental system configuration B. Biometric access system C. CCTV monitoring D. Perimeter security lighting system
Security cameras
Which of these would be the BEST example of a deterrent security control? A. Continuous security monitoring software B. Rogue machine detection C. Security cameras D. Intrusion detection system
Personally owned devices might not be subjected to the same security controls as corporate devices.
Which of these would be the BEST reason to forbid employees from using their personal devices on the corporate network? A. Employees might not be properly trained to use their devices on the corporate network. B. Personal devices might contain personally owned media that could leave the company open to licensing issues. C. Devices connected to the corporate network become legally bound to company SLA's. D. Personally owned devices might not be subjected to the same security controls as corporate devices.
VLAN
Which of these would you use to separate different types of traffic through a switch? A. DMZ B. VLAN C. NAC D. Subnetting
Preparation
Which stage of the Incident Handling process involves developing procedures in order to respond to future incidents? A. Lessons Learned B. Eradication C. Recovery D. Preparation
Signature based
Which type of IDS detects intrusions based on a vendor-provided list? A. Behavior based B. Anomaly based C. Heuristic based D. Signature based
DMZ
Which would allow server access to external clients, while still allowing access from internal users? A. NAC B. VLAN C. DMZ D. Subnet
802.1x
Which would be the best way to prevent attacks from new devices introduced to the corporate network? A. Rogue detection B. 802.1x C. NIDS D. Domain log review
SRTP
Which would you use to encrypt voice data? A. VDSL B. VoIP C. SSLv3 D. SRTP
Signature based
While reviewing your vulnerability-scan log files, you find a vulnerability on your network with an assigned identification number. You research that number on the vendor's website, then apply their recommended fix for the vulnerability. Which type of vulnerability scanner was used? A. Network based B. IDS C. Signature based D. Host based
A MAC address
While scanning the network, you find an unauthorized smart-phone has been used to surf the internet. Which of these device attributes was used to figure out that the device was not authorized? A. A phone number B. An asset ID C. An IMEI address D. A MAC address
Preparation
After a security breach, you learn that not all of your incident-response team has the tools they need to do their job. You distribute those tools to your team, but when should this problem BEST be revisited? A. Preparation B. Mitigation C. Reporting D. Lessons learned
Console access to the router should have been disabled. Physical access to the router should have been restricted.
An attacker was able to connect to your router using a console cable. Which TWO should you have implemented to prevent this? A. Console access to the router should have been disabled. B. IP ACLs should have been enabled on the console port on the router. C. Virtual terminal access to the router should have been disabled. D. Passwords should have been enabled on the virtual terminal interfaces of the router. E. Physical access to the router should have been restricted.
Port security
An inside attacker has sent thousands of MAC addresses through one switch port in order to fill up the switch's CAM table (MAC address table). Which of these would prevent this type of attack in the future? A. Port security B. TACACS+ C. BPDU guard D. 802.1x
SSID broadcast
An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points? A. SSID broadcast B. MAC filter C. WPA2 D. Antenna placement
NAC
Corporate policy says that in order for new computers to be added to your network, they must have the corporate antivirus software loaded on them first. Which of these would send an alert if a computer is added to the network without the antivirus software? A. MAC filtering B. NIDS C. Network port protection D. NAC
Incident identification
Sally finds a thumb-drive in the parking lot and plugs it in to her computer. As soon as she does a command prompt opens up and a script starts running. She reports it to you, and you figure out that data on a server has been compromised. What is this scenario an example of? A. Incident identification B. Data disclosure C. Mitigation steps D. Device removal
Clustering
Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent? A. Warm site B. Load balancing C. Clustering D. RAID
Changes to program code and the ability to deploy to production
Separation of duties is often implemented between developers and administrators in order to separate which of the following? A. More experienced employees from less experienced employees B. Changes to program code and the ability to deploy to production C. Upper level management users from standard development employees D. The network access layer from the application access layer
Separation of duties
You are concerned that your database admins are also responsible for auditing database changes and backup logs. Which access control method would BEST help with this situation? A. Time of day restrictions B. Role-based access control C. Principle of least privilege D. Separation of duties
SLA
You are considering several options for internet service at your location. Which of these documents would be the most likely to contain information about latency levels and MTTR? A. ISA B. SLA C. BPA D. MOU
Proxy A network administrator
You are investigating an incident involving an internal host that has been communicating with a C&C server. You are having trouble determining the identity of the host. You discover that the flow of traffic from the host to the C&C server takes the following path: Switch A, Proxy A, Switch B, and Router A. Multiple departments also follow the same flow of traffic. You see one RFC1918 (private) address arriving at Router A. Which of the following administrator should be contacted FIRST in order to help aid in determining the identification of the compromised host? A. Router A network administrator B. Proxy A network administrator C. Switch A network administrator D. Switch B network administrator
DENY TCP FROM 192.168.5.5 TO 10.0.1.8
You are looking at the log file of an attack against your webserver. Here's a sample of what you find: 3:15:45 IP 192.168.5.5.4000 > 10.0.1.8.20 Flags[S] 3:15:45 IP 192.168.5.5.4001 > 10.0.1.8.21 Flags[S] 3:15:45 IP 192.168.5.5.4002 > 10.0.1.8.25 Flags[S] 3:15:45 IP 192.168.5.5.4003 > 10.0.1.8.53 Flags[S] Which of these ACL's would you implement to protect against this attack and future attacks by the same IP, while minimizing any service interruptions? A. DENY TCP FROM 192.168.5.5 TO 10.0.1.8 B. DENY UDP FROM 192.168.5.0/24 TO 10.0.1.0/24 C. DENY IP FROM 192.168.5.5/32 TO 0.0.0.0/0 D. DENY TCP FROM ANY TO 10.0.1.8
Physically separate the VoIP phones from the data network.
You are planning on adding a new VoIP phone system to your network, but you're worried about performance problems. The core switches on your data network are almost maxed-out with traffic already, so which of these would provide the best performance and availability for both your VoIP traffic as well as your existing data traffic? A. Put the VoIP network into a different VLAN than the existing data network. B. Upgrade the edge switches from 10/100 to 10/100/1000 to improve network speed. C. Physically separate the VoIP phones from the data network. D. Implement flood guards on the data network.
Replace the current antennae with Yagi antennae.
You asked your newb tech to connect two buildings' networks via wireless. He installs two ground plane antennaes on 802.11b bridges to transfer data between the buildings, which are 400 feet apart. It doesn't work. Which of these should you do to allow connectivity between the two buildings? A. Replace the 802.11 bridges with 802.11ac bridges. B. Configure both bridges to use 5Ghz instead of 2.4Ghz. C. Substitute wireless bridges for wireless access points. D. Replace the current antennae with Yagi antennae.
Implement access control lists Conduct user access reviews
You find that long-time employees have more system rights than they need to do their jobs. Which two should you implement to make sure employees only have the access they need to do their jobs? A. Prohibit password re-use B. Implement access control lists C. Conduct user access reviews D. Use role-based access E. Monitor logs F. Remove generic accounts
User account reviews
You find that some of your users have permissions to shares they should no longer have, because of department changes and promotions. Which of the following would mitigate this issue in the future? A. User account reviews B. Group based privileges C. Acceptable use policies D. Separation of duties
The system is now spoofing a MAC address.
You get an alert that an internal IP address is connecting to several unknown malicious domains. You connect to the switch and add a MAC filter to switch port 18 to block the system from the network. Before MAC Address VLAN Port 67A7.353B.5064 101 4 7055.4961.1F33 100 9 7513.77B9.4130 101 18 5A77.1816.3859 101 19 After MAC Address VLAN Port 67A7.353B.5064 101 4 7055.4961.1F33 100 9 0046.6419.5809 101 18 5A77.1816.3859 101 19 A few minutes later, the same malicious traffic starts again from a different IP. Which of the following is the MOST likely reason that the system was able to bypass the administrator's MAC filter? A. The system is now ARP spoofing a device on the switch B. The system is now VLAN hopping to bypass the switch port MAC filter. C. The system is now spoofing a MAC address. D. The system is now connecting to the switch.
Access control list
You have a VLAN that is dedicated to printers. This VLAN has more traffic than usual, which is causing congestion. You find out that someone has installed a bunch of new printers without your knowledge. Which of these could prevent this type of traffic congestion from happening again? A. Loop protection B. Log analysis C. Rule-based management D. Access control list
ICMP
You have a connectivity issue and you think that the router may be blocking traffic to a remote network. Which of these would confirm your theory by providing helpful feedback? A. DNS B. NAT C. NetBIOS D. ICMP
ARO = 0.25; SLE = $4,000; ALE = $1,000
You have a server that fails and needs to be replaced once every 4 years and costs $4,000. Which would be the valid factors in a risk calculation for this? A. ARO = 0.5; SLE = $4,000; ALE = $500 B. ARO = 0.25; SLE = $4,000; ALE = $1,000 C. ARO = 0.25; SLE = $1,000; ALE = $2,000 D. ARO = 4; SLE = $4,000; ALE = $1,000 E. ARO = 4; SLE = $2,000; ALE = $16,000
NAT
You have a server that is supposed to only be accessible from the inside of your network. Unfortunately, one of your admins made a configuration mistake, and now the server is accessible from the outside. Which one of these configurations was probably modified wrong? A. NAT B. IDS C. CRL D. VPN
HIPS
You have a user who must have local admin access on her laptop. Which is the BEST way to reduce the risk of her machine becoming compromised in this scenario? A. IDS B. Security log auditing C. HIPS D. Firewall
Disable WPS because the visitor is trying to crack the employee network.
You have both a secured, password-protected wireless network for employees, and an open, un-secured visitor network for guests. Walking by a guest's laptop, you notice this on her screen: Reaver -I mon0 -b 10:4A:7D:0F:6B:EA Starting... [+] Trying pin 12345678 [+] Trying pin 12345688 [+] Trying pin 12345698 What should you implement? A.Apply MAC filtering because the visitor already has the network password. B. Apply WPA or WPA2 encryption because the visitor is trying to crack the employee network that is enabled with WEP. C. Implement two-factor wireless authentication because the visitor will eventually brute force the network key. D. Initiate employee password changes because the visitor has captured passwords and is attempting offline cracking of those passwords. E. Disable WPS because the visitor is trying to crack the employee network.
Change management plan
You installed a new patch to a server which caused it to crash. You couldn't find system rollback procedures so you just restored the server from the last backup. What can you do to prevent future problems caused by the lack of rollback procedures? A. System testing plan B. Change management plan C. Incident response policy D. System audit log
The company implements a captive portal.
You just got a wireless music-streaming device for your birthday and while at home it works great. It connects to the internet and plays music through its speakers. At work though, it doesn't connect to the internet. It is associated with the AP, and did receive the expected network parameters. Also, other wireless devices work fine. Which is the most likely reason your device doesn't work while in the office? A. The device is using the incorrect encryption algorithm. B. The WPA2 shared key is incorrect. C. The company implements a captive portal. D. The company's DHCP server scope is full.
Daily incremental backup to tape
You need to be able to restore data with an RPO of 24 hours, but you also need your backups to happen within a restricted timeframe. You also want to be able to take backups offsite every week. Which of these should you do? A. Disk-to-disk hourly server snapshots B. Daily full backup to tape C. Daily incremental backup to tape D. Replication of the environment to a hot site E. Weekly differential backup to tape
Network segmentation
You need to build several different environments for application development and testing. What should you implement to create these new environments? A. Application firewalls B. Network segmentation C. Trusted computing D. Network address translation
Port security VLAN
You need to ensure that only authorized devices can connect to the wired and wireless networks. Unauthorized devices should be automatically placed on a guest network. Which TWO of these should you implement to achieve these goals? A. Port security B. 802.1x C. Proxy D. VLAN E. NAT
Conduct a wireless site survey
You need to find the source of a suspected attack that keeps disconnecting systems from the wireless network. You verify that there are no rogue wireless access points, unauthorized wireless clients, or de-authentication attacks occurring. Which would be BEST to identify the source of the outage? A. Perform a packet capture B. Deploy your wireless IDS C. Use of spectrum analyser D. Conduct a wireless site survey
Secure router configuration
You scan your company routers and find they haven't been changed from their default configuration. Which would address this? A. Secure router configuration B. Implementing 802.1x C. Enabling loop protection D. Configuring port security
Configure the ECS host-based firewall to block non-ECS application traffic.
You set up an ECS (Environmental Control System) to protect your data-center. You want to be able to manage and monitor this system from any part of the network. Which should you do to allow access, while also reducing the attack surface of the system? A. Implement an ACL that permits the necessary management and monitoring traffic. B. Configure the ECS host-based firewall to block non-ECS application traffic. C. Create an encrypted connection between the ECS and your computer. D. Install a firewall that only allows traffic to the ECS from a single management and monitoring network.
Firewall
You want to protect a group of servers. Which would be BEST to implement to prevent connections from unauthorized networks? A. HIDS B. Layer 2 switch C. Firewall D. NIDS
Implicit allow as the last rule
You're configuring your firewall to block traffic to-and-from a small list of specific IP addresses, while allowing all other traffic. Which of these firewall rules would then be necessary to implement in this scenario? A. Implicit allow as the first rule B. Implicit allow as the last rule C. Implicit deny as the first rule D. Implicit deny as the last rule
Install unidirectional antennas to focus coverage where needed.
You're setting up a new 5GHz wireless network, but you find that some areas of the building don't get very good coverage because you're using vertical antennas on your WAPs. Without moving any WAPs, which of these would fix this problem? A. Reorient the existing antennas in horizontal configuration. B. Convert all access points to models operating at 2.4GHz. C. Install antennas with lower front-to-back ratios to narrow the focus of coverage as needed. D. Install unidirectional antennas to focus coverage where needed.
The financial review indicates the company is a startup.
You're thinking about hosting data with a Cloud Service Provider (CSP) and you are evaluating a particular provider. Which of these would pose the biggest risk when choosing to go with that vendor? A. The financial review indicates the company is a startup. B. The CSP takes into account multinational privacy concerns. C. The CSP utilizes encryption for data at rest and in motion. D. SLAs state service tickets will be resolved in less than 15 minutes.
Tabletop exercise
You've created a Continuity Of Operations Plan and need to be sure that everyone knows what actions to perform in the event of a disaster. Which of the following can be performed instead of completing a full fail-over to validate this requirement? A. Tabletop exercise B. Sandboxing C. Business impact analysis D. Risk assessment
Disable responses to a broadcast probe request.
You've disabled the SSID broadcast on your WAP, but unauthorized users are still connecting to it. Which of these would further obscure the presence of your wireless network? A. Reroute wireless users to a honeypot. B. Disable responses to a broadcast probe request. C. Create a non-zero length SSID for the WAP. D. Upgrade the encryption to WPA or WPA2.
Hacker-Joe is able to capture the wired communication.
You've plugged a WAP in to your switch and configured WPA2-TKIP for security. Hacker Joe is somehow able to intercept clear-text HTTP communication between the wireless users and the internet. Why is Hacker Joe able to intercept and see the clear-text communication? A. Hacker-Joe is running a wireless sniffer. B. The users are using unencrypted hard drives. C. The WAP is broadcasting the SSID. D. Hacker-Joe is able to capture the wired communication.
Sniff and clone a MAC address
Your admin thinks that wireless MAC filtering is all he needs to protect the WLAN. Which of these would prove to him that he should also turn on WPA or WPA2? A. DNS poison the access point B. Sniff and clone a MAC address C. Deploy an evil twin with MAC filtering D. Flood the WAP with random MAC addresses
DMZ
Your company allows business partners to connect to several of your application servers located at the main office. What can the main office implement to protect the rest of the company from those business partners? A. VPN B. NAC C. IDS D. DMZ
Clean-desk policy
Your company often has guests who visit the office. Which of these would be a low-cost way to prevent those guests from viewing sensitive information? A. Clean-desk policy B. Strong passwords C. Mantraps D. Screen protectors
Change management controls
Your company webserver sometimes reboots in the middle of the day due to regular OS patches. This results in loss of sales while the system is rebooting. Which of these would reduce the chances of this happening in the future? A. Change management controls B. Data Loss Prevention implementation C. Routine system auditing D. Business Continuity Planning
The switch has the lowest MAC address.
Your network has been very slow, so you look at your Spanning-Tree setup. You find that an old, inferior switch has been made the root-bridge. Why could this be? A. The switch has the fastest uplink port. B. The switch has the lowest MAC address. C. The switch has spanning tree loop protection enabled. D. The switch also serves as the DHCP server.
DoS attack
Your users are having trouble reaching your intranet site. You sniff the traffic going to the site and you see the following packets: 09:15:25 192.168.3.12:52550 -> 172.16.10.10:80 SYN 09:15:25 192.168.3.12:52550 -> 172.16.10.10:80 SYN 09:15:25 192.168.3.12:52550 -> 172.16.10.10:80 SYN 09:15:25 192.168.3.12:52550 -> 172.16.10.10:80 SYN 09:15:25 192.168.3.12:52550 -> 172.16.10.10:80 SYN 09:15:25 192.168.3.12:52550 -> 172.16.10.10:80 SYN Which of these is happening here? A. Ping flood attack B. Smurf attack C. Replay attack D. Xmas attack E. DoS attack