Test Out Security Domain 3
Switch
A virtual LAN can be created using which of the following?
Load balancing
Which of the following is a technique that disperses a workload between two or more computers or resources to achieve optimal resource utilization, throughput, or response time?
A logical grouping of devices based on service need, protocol, or other criteria.
Which of the following is an appropriate definition of a VLAN?
Screening router
Which of the following is another name for a firewall that performs router functions?
VLANs
Which of the following is commonly created to segment a network into different zones?
TOS
Which of the following is defined as an operating system that comes hardened and validated to a specific security level as defined in the Common Criteria for Information Technology Security Evaluation (CC)?
Input validation
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?
S/MIME PGP
Which of the following mechanisms can you use to add encryption to email? (Select two.)
Peer-to-peer software
Which of the following methods did Microsoft introduce in Windows 10 to help distribute OS updates?
IPsec
Which of the following network layer protocols provides authentication and encryption services for IP-based network traffic?
SSH
Which of the following protocols can be used to securely manage a network device from a remote connection?
HTTPS
Which of the following protocols uses port 443?
Citrix
Which of the following provides the network virtualization solution called XenServer?
Bastion or sacrificial host
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Telnet SSH
Which of the following tools allow remote management of servers? (Select two.)
WSUS Group Policy
Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two.)
636 389
Which ports does LDAP use by default? (Select two.)
HTTPS
Which protocol is used to securely browse a website?
Specific user service account Default machine account
Which two types of service accounts must you use to set up event subscriptions?
Peer-to-peer software
Which type of application allows users to share and access content without using a centralized server?
RST
Which type of packet would the sender receive if they sent a connection request to TCP port 25 on a server with the following command applied? sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT
Critical updates
Which type of update should be prioritized even outside of a normal patching window?
GPG
Which utility would you MOST likely use on OS X to encrypt and decrypt data and messages?
Generation-based
ich fuzz testing program type defines new test data based on models of the input?
DMZ
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?
SSH
SFTP uses which mechanism to provide security for authentication and data transfer?
Fuzzing
Which of the following enters random data to the inputs of an application?
SFTP SCP
Which of the following file transfer protocols use SSH to provide confidentiality during the transfer? (Select two.)
Create a hash of system components
Which of the following functions are performed by a TPM?
Shared resources
Which of the following is a benefit of P2P applications?
Extranet
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
FTPS
Which of the following is a secure alternative to FTP that uses SSL for encryption?
SFTP SCP
As a network administrator, you are asked to recommend a secure method for transferring data between hosts on a network. Which of the following protocols would you recommend? (Select two.)
Host-based IDS
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Pop-up blocker
As you browse the internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?
Create a separate VLAN for each department.
As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same network segment as the human resources department. Which of the following steps can be used to isolate these departments?
Hardening
By definition, what is the process of reducing security exposure and tightening security controls?
SSL
FTPS uses which mechanism to provide security for authentication and data transfer?
SSH
For Milestone 4 (Reach Your Network), which of the following would be considered a secure protocol to use to reach your network?
Runtime Status
For some reason, your source computers are not communicating properly with the collector. Which tool would you use to verify communications?
Group Policy
For source-initiated subscriptions, which tool do you use to configure event forwarding?
3
How many network interfaces does a dual-homed gateway typically have?
AH ESP
IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)
You want to protect a public web server from attack.
In which of the following situations would you most likely implement a demilitarized zone (DMZ)?
SSH
Telnet is inherently insecure because its communications is in plaintext and easily intercepted. Which of the following is an acceptable alternative to Telnet?
Web application security Correct Answer: User management
The Application layer of the security model includes which of the following? (Select two.)
Whitelisting
This application endpoint-protection rule implicitly denies unless added to the rule. Which of the following processes describes this?
443
To increase security on your company's internal network, the administrator has disabled as many ports as possible. However, now you can browse the internet, but you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
20 21
To transfer files to your company's internal network from home, you use FTP. The administrator has recently implemented a firewall at the network perimeter and disabled as many ports as possible. Now, you can no longer make the FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (Select two.)
Auditing capabilities
What do host-based intrusion detection systems often rely upon to perform detection activities?
Remote access policies
What does a remote access server use for authorization?
Van
What is a virtual LAN that runs on top of a physical LAN called?
Sandboxing
What is isolating a virtual machine from the physical network to allow testing to be performed without impacting the production environment called?
IDEA
What is the default encryption algorithm used by SSH (Secure Shell) to protect data traffic between a client and the controlled server?
Generate and store cryptographic keys
What is the main function of a TPM hardware chip?
Antivirus software
What is the most common form of host-based IDS that employs signature or pattern-matching detection methods?
Create a security association between communicating partners.
What is the primary function of the IKE Protocol used with IPsec?
Switch port
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to?
Trunk ports
When configuring VLANs on a switch, which type of switch ports are members of all VLANs defined on the switch?
Close all ports; open only ports required by applications inside the DMZ.
When designing a firewall, what is the recommended approach for opening and closing ports?
HTTPS
Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sub-layer for security?
Drop
Which action would you use in a rule to disallow a connection silently?
Peer-to-peer networking
Which common design feature among instant messaging clients make them less secure than other means of communicating over the internet?
Workload balancing
Which load balancing method distributes a workload across multiple computers?
It monitors emails that originate from an organization.
Which of the following BEST describes an email security gateway?
Only devices that pass both authentication and authorization are trusted.
Which of the following BEST describes zero-trust security?
Endpoint DLP
Which of the following DLP implementations can be used to monitor and control access to physical devices on workstations or servers?
Disable unused services.
Which of the following actions should you take to reduce the attack surface of a server?
Remote management
Which of the following app deployment and update methods allows an administrator to remove apps and clear all data from a device without affecting the device itself?
Remote management
Which of the following app deployment and update methods allows updates to be uploaded onto Intune where they can be pushed out to users within 24 hours?
Start Windows Remote Management service on both the source and collector computers. Start Windows Event Collector service on collector computer. Create a Windows firewall exception for HTTP or HTTPS on all source computers.
Which of the following are required to configure Event Subscription for event forwarding? (Select three.)
Devices on the same network logically grouped as if they were on separate networks.
Which of the following best describes the concept of a virtual LAN?
Implementing client-side validation Implementing server-side validation
While using a web-based order form, an attacker enters an unusually large value in the Quantity field. The value he or she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practices would have prevented this exploit? (Select two.)
Patch management
Windows Server Update Services (WSUS) is used to accomplish which part of a manageable network?
Computer group
You are configuring a source-initiated subscription on the collector computer in Event Viewer. Which of the following do you need to specify?
Flag
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist?
Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?
Source-initiated
You have a large number of source computers in your IT environment. Which subscription type would be most efficient to employ?
Host-based firewall
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?
Add kenyan.msn.pl to the email blacklist.
You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl. You want to make sure that these emails never reach your inbox, but you also want to make sure that emails from other senders are not affected. What should you do?
Allow SMTP traffic
You have configured the following rules. What is the effect? sudo iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPTsudo iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT
Apply all patches and updates Change default account passwords.
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following actions should you take to increase its security? (Select two.)
Open ports 20 and 21 for inbound and outbound connections.
You have placed a File Transfer Protocol (FTP) server in your DMZ behind your firewall. The FTP server is to be used to distribute software updates and demonstration versions of your products. However, users report that they are unable to access the FTP server. What should you do to enable access?
Test the hotfix and then apply it to all servers. Correct Answer:
You have recently experienced a security incident with one of your servers. After some research, you determine that a new hotfix has recently been released, which would have protected the server. Which of the following recommendations should you follow when applying the hotfix?
Put the web server inside the DMZ. Put the database server on the private network.
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Open SMTP relay
You install a new Linux distribution on a server in your network. The distribution includes a Simple Mail Transfer Protocol (SMTP) daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages. Which type of email attack is this server susceptible to?
VLANs
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and internet access. Which feature should you implement?
Remote access
You often travel away from the office. While traveling, you would like to use your laptop computer to connect directly to a server in your office and access files. You want the connection to be as secure as possible. Which type of connection do you need?
VLAN
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?
Define a filter
You set up Event Subscription, but you are getting an overwhelming amount of events recorded. What should you do?
BitLocker
You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose?
636
You want to deploy SSL to protect authentication traffic with your LDAP-based directory service. Which port does this action use?
Implement BitLocker without a TPM.
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do?
Run wecutil qc on the collector computer. Run winrm qc -q on the source computer.
You want to set up a collector-initiated environment for event subscriptions. Which commands would you run? (Select two.)
Event Viewer
You wish to configure collector-initiated event subscriptions. On the collector computer, in which program do you configure a subscription?
Enable the TPM in the BIOS
You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do?
Use SCP to back up the router configuration to a remote location. Correct Answer:
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?
Change the default administrative username and password. Use an SSH client to access the router configuration.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID for access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a username of admin and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? (Select two.)
Use SSL
Your LDAP directory-services solution uses simple authentication. What should you always do when using simple authentication?
Network segmentation
Your network devices are categorized into the following zone types: