TestOut Security Pro Chapter 1 -5
Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government?
Hacktivist
An attacker has gained access to the administrator's login credentials. Which type of attack has most likely occurred?
Password cracking
By definition, what is the process of reducing security exposure and tightening security controls?
Hardening
Prepare to Document means establishing the process you will use to document your network. Which of the following makes this documentation more useful?
Have a printed hard copy kept in a secure location.
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?
Host-based firewall
What is Cisco's Network Access Control (NAC) solution called?
Identity Services Engine (ISE)
Which type of application allows users to share and access content without using a centralized server?
Peer-to-peer software
Which of the following items would be implemented at the Network layer of the security model?
Penetration testing
In which of the iptables default chains would you configure a rule to allow an external device to access the HTTPS port on the Linux server?
Input
The IT manager in your organization proposes taking steps to deflect a potential threat actor. The proposal includes the following: Create and follow onboarding and off-boarding procedures. Employ the principal of least privilege. Have appropriate physical security controls in place. Which type of threat actor do these steps guard against?
Insider
Which of the following is susceptible to social engineering exploits?
Instant messaging
An employee stealing company data could be an example of which kind of threat actor?
Internal threat
Which of the following could an employee also be known as?
Internal threat
Which of the following best describes spyware?
It monitors the actions you take on your machine and sends the information back to its originating source.
Which VPN protocol typically employs IPsec as its data encryption mechanism?
L2TP
At which layer of the OSI model do NAT routers operate?
Layer 3 (Network layer)
Which of the following controls is an example of a physical access control method?
Locks on doors
Which of the following is considered a major problem with instant messaging applications?
Loss of productivity
In which of the following zones would a web server most likely be placed?
Low-trust zone
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC flooding
Which of the following NAC agent types is the most convenient agent type?
Permanent
You walk by the server room and notice that a fire has started. What should you do first?
Make sure everyone has cleared the area.
In which milestone should you use a network scanner and then confirm the scan manually with a room-by-room walkthrough?v
Map Your Network
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers could pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches are installed. Which solution should you use?
NAC
You are configuring the security settings for your network. You have decided to configure a policy that requires any computer connecting to the network to run at least Windows 10 version 2004. Which of the following have you configured?
NAC
You have a file server named Srv3 that holds files used by the development department. You want to allow users to access the files over the network and control access to files accessed through the network or through a local logon. Which solution should you implement?
NTFS and share permissions
Which of the following BEST describes zero-trust security?
Only devices that pass both authentication and authorization are trusted.
Your network devices are categorized into the following zone types: No-trust zone Low-trust zone Medium-trust zone High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network?
Network segmentation
Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails?
Only the servers in the DMZ are compromised, but the LAN will stay protected.
By definition, which security concept uses the ability to prove that a sender undeniably sent an encrypted message?
Non-repudiation
Which of the following can make passwords useless on a router?
Not controlling physical access to the router
The IT manager has asked you to create four new VLANs for a new department. As you are going through the VLAN configurations, you find some VLANs numbered 1002-1005. However, they are not in use. What should you do with these VLANs?
Nothing. They are reserved and cannot be used or deleted.
You have placed a File Transfer Protocol (FTP) server in your DMZ behind your firewall. The FTP server is to be used to distribute software updates and demonstration versions of your products. However, users report that they are unable to access the FTP server. What should you do to enable access?
Open ports 20 and 21 for inbound and outbound connections.
A hacker scans hundreds of IP addresses randomly on the internet until they find an exploitable target. What kind of attack is this?
Opportunistic attack
Which device is often employed by power companies to protect cabling infrastructure from having cables added or removed and to prevent emissions from being retrieved from the air?
PDS
Which of the following VPN protocols is no longer considered secure?
PPTP
You want to use CCTV to increase your physical security, and you want the ability to remotely control the camera position. Which camera type should you choose?
PTZ
1.2.4
1.2.4
2.1.6
2.1.6
2.2.6
2.2.6
2.2.7
2.2.7
2.4.5
2.4.5
To transfer files to your company's internal network from home, you use FTP. The administrator has recently implemented a firewall at the network perimeter and disabled as many ports as possible. Now, you can no longer make the FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (Select two.)
20 21
How many network interfaces does a dual-homed gateway typically have?
3
3.1.3
3.1.3
3.1.4
3.1.4
3.2.5
3.2.5
3.3.5
3.3.5
4.2.7
4.2.7
4.2.9
4.2.9
To increase security on your company's internal network, the administrator has disabled as many ports as possible. However, now you can browse the internet, but you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
443
Which 802.1Q priority is IP phone traffic on a voice VLAN tagged with by default?
5
How many concurrent connections does NAT support?
5,000
5.11.12
5.11.12
5.2.3 Configure a DMZ
5.2.3
5.2.5
5.2.5
5.3.6
5.3.6
5.4.5
5.4.5
5.5.8
5.5.8
5.6.5
5.6.5
5.7.3
5.7.3
5.8.3
5.8.3
5.9.7
5.9.7
Which of the following is the BEST definition of the term hacker?
A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.
Which of the following describes a configuration baseline?
A list of common security settings that a group or all devices share
Which of the following is an appropriate definition of a VLAN?
A logical grouping of devices based on service need, protocol, or other criteria.
Which of the following is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device
Which of the following BEST describes a honeyfile?
A single file setup to entice and trap attackers.
Which of the following is an example of an internal threat?
A user accidentally deletes the new product designs.
Drag each description on the left to the appropriate switch attack type on the right.
ARP spoofing/poisoning The source device sends frames to the attacker's MAC address instead of to the correct device. Dynamic Trunking Protocol Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network. MAC flooding Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called Fail Open Mode. MAC spoofing Can be used to hide the identity of the attacker's computer or impersonate another device on the network.
Which of the following should be configured on the router to filter traffic at the router level?
Access control list
You are the security analyst for your organization and have discovered evidence that someone is attempting to brute-force the root password on the web server. Which classification of attack type is this?
Active
Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees. What should you do to help reduce problems?
Add a separate A/C unit in the server room.
Which of the following NAC agent types would be used for IoT devices?
Agentless
A computer or small network that is not connected to the rest of the network or the internet is known as:
Air gap
You have configured the following rules. What is the effect? sudo iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT
Allow SMTP traffic
Which of the following BEST describes an inside attacker?
An unintentional threat actor. This is the most common threat.
Which of the following defines all the prerequisites a device must meet in order to access a network?
Authentication
An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering?
Authority
Which of the following applies the appropriate policies in order to provide a device with the access it's defined to receive?
Authorization
An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later. Which type of attack is this an example of?
Backdoor
In an effort to increase the security of your organization, programmers have been informed they can no longer bypass security during development. Which vulnerability are you attempting to prevent?
Backdoor
While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. Which type of security weakness does this describe?
Backdoor
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Bastion or sacrificial host
If a fingerprint or retina scan is required to open a secured door, which kind of physical security has been implemented?
Biometric locks
A collection of zombie computers have been set up to collect personal information. Which type of malware do the zombie computers represent?
Botnet
Which of the following is a typical goal of MAC spoofing?
Bypass 802.1x port-based security
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID for access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a username of admin and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? (Select two.)
Change the default administrative username and password. Use an SSH client to access the router configuration.
A network device is given an IP address of 172.16.0.55. Which type of network is this device on?
Class B private network
Which of the following fire extinguisher types is best used for the electrical fires that might result when working with computer components?
Class C
When designing a firewall, what is the recommended approach for opening and closing ports?
Close all ports; open only ports required by applications inside the DMZ.
In 2001, a worm exploited vulnerabilities in Microsoft Internet Information Services (IIS) to infect over 250,000 systems in under nine hours. What was this worm called?
Code Red
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is most pressing?
Confidentiality
You have hired 10 new temporary workers who will be with the company for three months. You want to make sure that the user accounts cannot be used for login after that time period. What should you do?
Configure account expiration in the user accounts.
Which of the following do security templates allow you to do? (Select two.)
Configure consistent security settings between devices Quickly apply settings to multiple computers
Which type of update should be prioritized even outside of a normal patching window?
Critical updates
Which of the following items would be implemented at the Data layer of the security model?
Cryptography
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?
DMZ
What needs to be configured on a firewall to allow traffic directed to the public resource in the DMZ?
Packet filters
Which protocol should you disable on the user access ports of a switch?
DTP
Every ACME computer comes with the same account created at the factory. Which kind of vulnerability is this?
Default accounts and passwords
When setting up a new wireless access point, what is the first configuration change that should be made?
Default login
Which of the following can be used to stop piggybacking at a front entrance where employees should swipe smart cards to gain entry?
Deploy a mantrap
Which of the following best describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Which of the following actions should you take to reduce the attack surface of a server?
Disable unused services.
Which of the following NAC agent types creates a temporary connection?
Dissolvable
Documenting procedures and processes are part of which milestone in the NSA's Manageable Network Plan?
Document Your Network
Which area of focus helps to identify weak network architecture or design?
Documentation
Which action would you use in a rule to disallow a connection silently?
Drop
What should you consider security baselines?
Dynamic
You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. Which type of Network Address Translation (NAT) should you implement?
Dynamic
Which NAT implementation assigns two IP addresses to the public NAT interface, allowing traffic to flow in both directions?
Dynamic and static
In addition to Authentication Header (AH), IPsec is comprised of what other service?
Encapsulating Security Payload (ESP)
Travis is sending a highly confidential email to Craig that contains sensitive data. Which of the following should Travis implement to ensure that only Craig is able to read the email?
Encryption
Burning, pulping, and shredding are three ways to securely dispose of data in which form?
Paper
Which area of focus do public-facing servers, workstations, Wi-Fi networks, and personal devices fall under?
Entry points
Which option is a benefit of CCTV?
Expand the area visible by security guards
Which type of ACL should be placed as close to the source as possible?
Extended
Which of the following are functions of gateway email spam filters? (Select two.)
Filters messages containing specific content Blocks email from specific senders
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist?
Flag
Which device is NAT typically implemented on?
Gateway router
You are part of a committee that is meeting to define how Network Access Control (NAC) should be implemented in the organization. Which step in the NAC process is this?
Plan
A user is able to access privileged administrative features with an account that is not granted administrator rights. Which type of vulnerability is this?
Privilege escalation
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Put the web server inside the DMZ. Put the database server on the private network.
Which type of packet would the sender receive if they sent a connection request to TCP port 25 on a server with the following command applied? sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT
RST
A type of malware that prevents the system from being used until the victim pays the attacker money is known as what?
Ransomware
In which phase of an attack does the attacker gather information about the target?
Reconnaissance
After a security event that involves a breach of physical security, what is the term used for the new measures, incident review, and repairs meant to stop a future incident from occurring?
Recovery
Which kind of malware provides an attacker with administrative control over a target computer through a backdoor?
Remote Access Trojan (RAT)
Which of the following are characteristics of a rootkit? (Select two.)
Requires administrator-level privileges for installation. Resides below regular antivirus software detection.
Which of the following does a router use to determine where packets are forwarded to?
Routing table
Which of the following file transfer protocols use SSH to provide confidentiality during the transfer? (Select two.)
SCP SFTP
For Milestone 4 (Reach Your Network), which of the following would be considered a secure protocol to use to reach your network?
SSH
FTPS uses which mechanism to provide security for authentication and data transfer?
SSL
Which of the following is another name for a firewall that performs router functions?
Screening router
Section 1.1.4
Section 1.1.4
You have just installed a packet-filtering firewall on your network. Which options are you able to set on your firewall? (Select all that apply.)
Source address of a packet Destination address of a packet Port number
You are configuring web threat protection on the network and want to block emails coming from a specific sender. Which of the following should be configured?
Spam filter
You manage a single subnet with three switches. They are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning Tree Protocol
Which VPN tunnel style routes only certain types of traffic?
Split
You have configured your ACL to block outgoing traffic from a device with the IP address 192.168.1.52. Which type of ACL have you configured?
Standard
You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. What should you use to allow access?
Static NAT
Which of the following are features of an application-level gateway? (Select two.)
Stops each packet at the firewall for inspection Reassembles entire messages
The root account has all privileges and no barriers. Which of the following is another name for the root account?
Superuser account
A VPN is primarily used for which of the following purposes?
Support secured communications over an untrusted network
A virtual LAN can be created using which of the following?
Switch
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to?
Switch port
You have recently experienced a security incident with one of your servers. After some research, you determine that a new hotfix has recently been released, which would have protected the server. Which of the following recommendations should you follow when applying the hotfix?
Test the hotfix and then apply it to all servers.
Which statement BEST describes IPsec when used in tunnel mode?
The entire data packet, including headers, is encapsulated
Which problem does NAT help address?
The shortage of IPv4 addresses
A honeypot is used for which purpose?
To delay intruders in order to gather auditing data
Which of the following types of proxies can be used for web filtering?
Transparent
Which of the following is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously?
Trojan horse
When configuring VLANs on a switch, which type of switch ports are members of all VLANs defined on the switch?
Trunk ports
Which device is used to allow a USB device to charge but blocks the data transfer capabilities of the device?
USB data blocker
Which device is used to ensure power to a server or network device during short power outages?
Uninterruptible power supply
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You've configured the management interface with a username of admin and a password of password. What should you do to increase the security of this device?
Use a stronger administrative password.
Which of the following is the BEST solution to allow access to private resources from the internet? Correct Answer:
VPN
A group of salesmen would like to remotely access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?
VPN concentrator
Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two.)
WSUS Group Policy
Which command would you use to list all of the currently defined iptables rules?
sudo iptables -L
2.3.11
2.3.11
2.3.12
2.3.12
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
Development phase
Which of the following reduces the risk of a threat agent being able to exploit a vulnerability?
Countermeasures
In healthcare, regulations often dictate that important systems remain unpatched to maintain compliance. Which kind of vulnerability does this introduce?
Inherent vulnerabilities
Which of the following items would you secure in the Perimeter layer of the security model?
Firewalls
Most equipment is cooled by bringing cold air in the front and ducting the heat out of the back. What is the term for where the heat is sent in this type of scenario?
Hot aisle
Which impact of vulnerabilities occurs when an attacker uses information gained from a data breach to commit fraud by doing things like opening new accounts with the victim's information?
Identity theft
Having a legitimate reason for approaching someone to ask for sensitive information is called what?
Impersonation
Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, which protection does the hashing activity provide?
Integrity
Which of the following is an example of a vulnerability?
Misconfigured server
Which of the following is the BEST example of the principle of least privilege?
Wanda has been given access to the files that she needs for her job.
Which of the following is the correct definition of a threat?
Any potential danger to the confidentiality, integrity, or availability of information or systems
Power, heating, ventilation, air conditioning systems (HVAC), and utilities are all components of which term?
Infrastructure
Which of the following is one of the MOST common attacks on employees?
Phishing attack
A wireless access point configured to use Wired Equivalent Privacy (WEP) is an example of which kind of vulnerability?
Weak security configurations
The Application layer of the security model includes which of the following? (Select two.)
Web application security User management
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a third-party security consultant to review your organization's security measures. She has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you provide employees with access badges and implement access badge readers to prevent this from happening in the future. Click on the office locations where access badge readers would be most appropriate.
Access badge readers are typically implemented at building entrances to control access to a facility. Only individuals who have an authorized access badge are allowed to enter the facility. Individuals who do not have an access badge must be cleared and admitted by security personnel. Additional access badge readers can be implemented within the facility to further restrict access to sensitive areas, such as the server room. References TestOut Security Pro - 3.1 Physical Threats
You recognize that the threat of malware is increasing. As such, you would like to use Windows Virus & Threat Protection to protect your computer from malware. In this lab, your task is to enable and configure Windows Virus & Threat Protection as follows: Add a file exclusion for D:\Graphics\cat.jpg. Add a process exclusion for welcome.scr. Locate the current threat definition version number. Answer Question 1. Check for updates. Answer Question 2. Perform a quick scan.
Complete this lab as follows: Access the Virus & threat protection options. Right-click Start; then select Settings. Select Update & Security. From the left pane, select Windows Security. Select Virus & threat protection. Add a file exclusion for D:\Graphics\cat.jpg. Under Virus & threat protection settings, select Manage settings. Scroll down to Exclusions and then select Add or remove exclusions. Select Add an exclusion; then select File. From the left pane, browse to and select Data (D:) > Graphics > cat.jpg, and then select Open. Add a process exclusion for welcome.scr. From the Exclusions dialog, select Add an exclusion; then select Process. In the Enter process name field, type welcome.scr; then select Add. Check for protection updates. In the top left, select the back arrow twice to return to the Virus & threat protection page. Scroll down to Virus & threat protection updates and then select Check for updates to access the Protection updates page. In the top right, select Answer Questions. Answer Question 1. 1.229.426.0 Select Check for updates. Answer Question 2. 1.229.508.0 Perform a quick virus scan. In the top left of the Windows Security dialog, select the back arrow to return to the Virus & threat protection page. Select Quick scan. Wait for the scan to complete. From the Lab Questions dialog, select Score Lab.
The Policies, Procedures, and Awareness layer of the security model includes which of the following? (Select two.)
Employee onboarding User Education
Which of the following is the single greatest threat to network security?
Employees
Which security control, if not applied, can allow an attacker to bypass other security controls?
Physical access control
Which of the following includes all hardware and software necessary to secure data, such as firewalls and antivirus software?
Physical security
Which kind of virus operates only in memory and usually exploits a trusted application like PowerShell to circumvent traditional endpoint security solutions?
Fileless virus
Your networking closet contains your network routers, switches, bridges, and some servers. You want to make sure an attacker is not able to gain physical access to the equipment in the networking closet. You also want to prevent anyone from reconfiguring the network to set up remote access or backdoor access. Which of the following measures are the best ways to secure your networking equipment from unauthorized physical access? (Select two. Each measure is part of a complete solution.)
Place your networking equipment in a locked cage. Place your networking equipment in a room that requires key card entry.
Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for a name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack?
DNS cache poisoning
Identify Social Engineering You work as the IT security administrator for a small corporate network in the United States of America. The name of your site is www.corpnet.xyz. The company president has received several questionable emails that he is concerned may be malicious attacks on the company. He has asked you to determine whether the emails are hazardous and to handle them accordingly. In this lab, your task is to: Read each email and determine whether it is legitimate. Delete any emails that are attempts at social engineering. Keep emails that are safe.
Delete the Microsoft Windows Update Center phishing email Delete the Online Banking phishing email Delete the Grandma Jacklin forwarded email hoax Delete the Emily Smith spear phishing email Delete the Sara Goodwin malicious attachment email Delete the Grandma Jacklin forwarded email hoax Delete the Joe Davis malicious attachment email Delete the Executive Recruiting whaling email
Which of the following BEST describes a cyber terrorist?
Disrupts network-dependent institutions
Which of the following is a common social engineering attack?
Distributing hoax virus-information emails
Which of the following allows an easy exit of an area in the event of an emergency, but also prevents entry? (Select two.)
Double-entry door Turnstile
You have installed antivirus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.)
Educate users about malware. Schedule regular full-system scans.
A Faraday cage is used to prevent what from leaving an area?
Electromagnetic emissions
It is important to follow correct procedures when running electrical cables next to data cables in order to protect against which environmental concern?
Electromagnetic interference
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
Elictitation
Which of the following are examples of social engineering attacks? (Select three.)
Impersonation Keylogging Shoulder surfing
A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the BEST defense against script kiddie attacks?
Keep systems up to date and use standard security practices.
Which of the following is the most important thing to do to prevent console access to the router?
Keep the router in a locked room.
Which of the following is a security approach that combines multiple security controls and defenses?
Layered security
Match the general attack strategy on the left with the appropriate description on the right. (Each attack strategy may be used once, more than once, or not all.)
Stealing information. Exploitation Preparing a computer to perform additional tasks in the attack. Staging Crashing systems. Exploitation Gathering system hardware information. Reconnaissance Penetrating system defenses to gain unauthorized access. Breaching Configuring additional rights to do more than breach the system. Escalating privileges
Your company has five salesmen who work out of the office and frequently leave their laptops laying on their desks in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the BEST protection implementation to address your concerns?
Use cable locks to chain the laptops to the desks.
You want to close all ports associated with NetBIOS on your network's firewalls to prevent attacks directed against NetBIOS. Which ports should you close?
135, 137-139
4.2.5 You need to customize how Windows Update checks for and installs updates on the ITAdmin desktop system. In this lab, your task is to: Configure Windows Update to: Install updates for other Microsoft products when Windows is updated. Allow the installation of feature updates to be deferred 60 days. Allow quality updates to be deferred 30 days. Configure Windows to automatically download manufacturers' apps and custom icons for devices.
4.2.5 Configure the Windows Update settings. Right-click Start and then select Settings. Select Update & Security. From the right pane, select Advanced options. Under Update Options, turn on Receive updates for other Microsoft products when you update Windows by sliding the switch to On. Under Choose when updates are installed, configure each option as follows: A feature update includes new capabilities and improvements. It can be deferred for 60 days. A quality update includes security improvements. It can be deferred for this many days: 30 Close the Settings window. Configure Windows to automatically download the manufacture's apps and custom icons. In the search field on the Windows taskbar, type Control. From Best match, select Control Panel. Select System and Security. Select System. From the left pane, select Advanced system settings. Select the Hardware tab. Select Device Installation Settings. Select Yes and then select Save Changes. Select OK.
4.3.7
4.3.7
4.4.6
4.4.6
5.1.10 Configure QOS Access the pfSense management console: Username: admin Password: P@ssw0rd (zero) Create a firewall alias using the following specifications: Name: HighBW Description: High bandwidth users Assign the IP addresses of the high-bandwidth users to the alias: Vera's IP address: 172.14.1.25 Paul's IP address: 172.14.1.100 The Shaper must be configured for the GuestWi-Fi interface using: An upload bandwidth of 5 Mbits A download bandwidth of 45 Mbits Allow your voice over IP traffic to have priority with: An upload bandwidth of 15 Mbits A download bandwidth of 20 Mbits To limit the user stations most likely to hog bandwidth, use the alias created earlier to penalize the offending stations to 2% of the bandwidth. Give a higher priority to the following services and protocols: MSRDP VNC PPTP IPSEC Change the port number used on the floating rule created for MSRDP as follows: Interface: GuestWi-Fi Destination Port Range: 3391 Answer the question.
5.1.10
5.1.13
5.1.13
5.1.7 Configure a Security Appliance You are an IT security administrator for a small corporate network. To increase security for the corporate network, you have installed the pfSense network security appliance in your network. Now you need to configure the device. In this lab, your task is to configure pfSense as follows: Sign in to pfSense using the following case-sensitive information: URL: 198.28.56.18 Username: admin Password: pfsense Configure the DNS servers as follows: Primary DNS server: 163.128.78.93 - Hostname: DNS1 Secondary DNS server: 163.128.80.93 - Hostname: DNS2 Configure the WAN IPv4 information as follows: Enable the interface. Use a static IPv4 address of 65.86.24.136/8 Add a new gateway using the following information: Type: Default gateway Name: WANGateway IP address: 65.86.1.1
5.1.7 Complete this lab as follows: Access the pfSense management console. From the taskbar, select Google Chrome. Maximize the window for better viewing. In the address bar, type 198.28.56.18 and then press Enter. Sign in using the following case-sensitive information: Username: admin Password: pfsense Select SIGN IN or press Enter. Configure the DNS Servers. From the pfSense menu bar, select System > General Setup. Under DNS Server Settings, configure the primary DNS Server as follows: Address: 163.128.78.93 Hostname: DNS1 Gateway: None Select Add DNS Server to add a secondary DNS Server and then configure it as follows: Address: 163.128.80.93 Hostname: DNS2 Gateway: None Scroll to the bottom and select Save. Configure the WAN settings. From pfSense menu bar, select Interfaces > WAN. Under General Configuration, select Enable interface. Use the IPv4 Configuration Type drop-down to select Static IPv4. Under Static IPv4 Configuration, in the IPv4 Address field, enter 65.86.24.136. Use the IPv4 Address subnet drop-down to select 8. Under Static IPv4 Configuration, select Add a new gateway. Configure the gateway settings as follows: Default: Select Default gateway Gateway name: Enter WANGateway Gateway IPv4: 65.86.1.1 Select Add. Scroll to the bottom and select Save. Select Apply Changes.
5.10.4
5.10.4
5.11.10 Secure Access to a Switch You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the Networking Closet by restricting access management and by updating the switch's firmware. In this lab, your task is to: Create an access profile named MgtAccess and configure it with the following settings: Setting Value Access Profile Name MgtAccess Rule Priority 1 Management Method All Action Deny Applies to Interface All Applies to Source IP address All Add a profile rule to the MgtAccess profile with the following settings: Setting Value Rule Priority 2 Management Method HTTP Action Permit Applies to interface All Applies to Source IP address User definedIP Version: Version 4IP Address: 192.168.0.10Network Mask: 255.255.255.0 Set the MgtAccess profile as the active access profile. Save the changes to the switch's startup configuration file using the default settings. Update the firmware image to the latest version by downloading the firmware files found in C:\Sx300_Firmware\Sx300_FW-1.2.7.76.ros.
5.11.10
5.12.5
5.12.5
5.13.5 ACL You are in the process of configuring a new router. The router interfaces connect to the following networks: Interface Network FastEthernet0/0 192.168.1.0/24 FastEthernet0/1 192.168.2.0/24 FastEthernet0/1/0 192.168.3.0/24 Only Telnet and SSH access from these three networks should be allowed. In this lab, your task is to: Use the access-list command to create a standard numbered access list using number 5. Add a permit statement for each network to the access list. Use the access-class command to apply the access list to VTY lines 0-4. Use the in direction to filter incoming traffic. Save your changes in the startup-config file.
5.13.5 Enter the configuration mode for the router: From the exhibit, select the router. From the terminal, press Enter. Type enable and then press Enter. Type config term and then press Enter. From the terminal, create a standard numbered access list using number 5. Add a permit statement for each network to the access list. Type access-list 5 permit 192.168.1.0 0.0.0.255 and then press Enter. Type access-list 5 permit 192.168.2.0 0.0.0.255 and then press Enter. Type access-list 5 permit 192.168.3.0 0.0.0.255 and then press Enter. Apply the access list to VTY lines 0-4. Filter incoming traffic. Type line vty 0 4 and then press Enter. Type access-class 5 in and then press Enter. Press Ctrl + Z. Save your changes in the startup-config file. Type copy run start and then press Enter. Press Enter to begin building the configuration. Press Enter.
5.3.5 You work as the IT security administrator for a small corporate network. You recently placed a web server in the demilitarized zone (DMZ). You need to configure the perimeter firewall on the network security appliance (pfSense) to allow access from the WAN to the Web server in the DMZ using both HTTP and HTTPs. You also want to allow all traffic from the LAN network to the DMZ network. In this lab, your task is to: Access the pfSense management console: Username: admin Password: P@ssw0rd (zero) Create and configure a firewall rule to pass HTTP traffic from the WAN to the Web server in the DMZ. Create and configure a firewall rule to pass HTTPS traffic from the WAN to the Web server in the DMZ. Use the following table when creating the HTTP and HTTPS firewall rules: Parameter Setting Source WAN network Destination port/service HTTP (80), HTTPS (443) Destination A single host IP address for host 172.16.1.5 Descriptions For HTTP: HTTP from WAN to DMZFor HTTPS: HTTPS from WAN to DMZ Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network. Use the description LAN to DMZ Any.
5.3.5 Complete this lab as follows: Sign in to the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero). Select SIGN IN or press Enter. Create and configure a firewall rule to pass HTTP traffic from the WAN to the Web server in the DMZ. From the pfSense menu bar, select Firewall > Rules. Under the Firewall breadcrumb, select DMZ. Select Add (either one). Make sure Action is set to Pass. Under Source, use the drop-down to select WAN net. Under Destination, use the Destination drop-down to select Single host or alias. In the Destination Address field, enter 172.16.1.5. Using the Destination Port Range drop-down, select HTTP (80). Under Extra Options, in the Description field, enter HTTP from WAN to DMZ. Select Save. Select Apply Changes. Create and configure a firewall rule to pass HTTPS traffic from the WAN to the Web server in the DMZ. For the rule just created, select the Copy icon (two files). Under Destination, change the Destination Port Range to HTTPS (443). Under Extra Options, change the Description filed to HTTPS from WAN to DMZ. Select Save. Select Apply Changes. Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network. Select Add (either one). Make sure Action is set to Pass. For Protocol, use the drop-down to select Any. Under Source, use the drop-down to select LAN net. Under Destination, use the drop-down to select DMZ net. Under Extra Options, change the Description filed to LAN to DMZ Any. Select Save. Select Apply Changes.
5.4.3 Configure NAT You are the IT administrator for a small corporate network. One of your assignments is to manage several computers in the demilitarized zone (DMZ). However, your computer resides on the LAN network. To be able to manage these machines remotely, you have decided to configure your pfSense device to allow several remote control protocols to pass through the pfSense device using NAT port forwarding. In this lab, your task is to create NAT forwarding rules to: Access the pfSense management console: Username: admin Password: P@ssw0rd (zero) Allow the RDP/TCP Protocols from the LAN network to the administrator's PC located in the DMZ using the following guidelines: IP address for the administrator's PC: 172.16.1.100 Description: RDP from LAN to Admin Allow the SSH Protocol through the pfSense device to the Kali Linux server using the following guidelines: IP address for the Linux Kali server: 172.16.1.6 Description: SSH from LAN to Kali Allow the RDP/TCP Protocols from the LAN network to the web server located in the DMZ using the following guidelines: Destination and redirect port: Port 5151 IP address for the web server: 172.16.1.5 Description: RDP from LAN to web server using custom port
5.4.3 Complete this lab as follows: Sign into the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero). Select SIGN IN or press Enter. Configure NAT port forwarding for the administrator's PC. From the pfSense menu bar, select Firewall > NAT. Select Add (either one). Configure or verify the following settings: Interface: LAN Protocol: TCP Destination type: LAN address Destination port range (From and To): MS RDP Redirect target IP: 172.16.1.100 Redirect target port: MS RDP Description: RDP from LAN to Admin Select Save. Configure NAT port forwarding for the Kali Linux server. Select Add (either one). Configure or verify the following settings: Interface: LAN Protocol: TCP Destination type: LAN address Destination port range (From and To): SSH Redirect target IP: 172.16.1.6 Redirect target port: SSH Description: SSH from LAN to Kali Select Save. Configure NAT port forwarding for the web server. Select Add (either one). Configure or verify the following settings: Interface: LAN Protocol: TCP Destination type: LAN address Destination port range (From and To): Other Custom (From and To) 5151 Redirect target IP: 172.16.1.5 Redirect target port: MS RDP Description: RDP from LAN to web server using custom port Select Save. Select Apply Changes.
5.5.4 Configure a Remote Access VPN You work as the IT security administrator for a small corporate network. Occasionally, you and your co-administrators need to access internal resources when you are away from the office. You would like to set up a Remote Access VPN using pfSense to allow secure access. In this lab, your task is to use the pfSense wizard to create and configure an OpenVPN Remote Access server using the following guidelines: Sign in to pfSense using: Username: admin Password: P@ssw0rd (zero) Create a new certificate authority certificate using the following settings: Name: CorpNet-CA Country Code: GB State: Cambridgeshire City: Woodwalton Organization: CorpNet Create a new server certificate using the following settings: Name: CorpNet Country Code: GB State: Cambridgeshire City: Woodwalton Configure the VPN server using the following settings: Interface: WAN Protocol: UDP on IPv4 only Description: CorpNet-VPN Tunnel network IP: 198.28.20.0/24 Local network IP: 198.28.56.18/24 Concurrent Connections: 4 DNS Server 1: 198.28.56.1 Configure the following: A firewall rule An OpenVPN rule Set the OpenVPN server just created to Remote Access (User Auth). Create and configure the following standard remote VPN users: Username Password Full Name blindley L3tM31nNow Brian Lindley jphillips L3tM31nToo Jacob Phillips
5.5.4. Complete this lab as follows: Sign into the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero). Select SIGN IN or press Enter. Start the VPN wizard and select the authentication backend type. From the pfSense menu bar, select VPN > OpenVPN. From the breadcrumb, select Wizards. Under Select an Authentication Backend Type, make sure Local User Access is selected. Select Next. Create a new certificate authority certificate. For Descriptive Name, enter CorpNet-CA. For Country Code, enter GB. For State, enter Cambridgeshire. For City, enter Woodwalton. For Organization, enter CorpNet. Select Add new CA. Create a new server certificate. For Descriptive Name, enter CorpNet. Verify that all of the previous changes (Country Code, State/Providence, and City) are the same. Use all other default settings. Select Create new Certificate. Configure the VPN server. Under General OpenVPN Server Information: Use the Interface drop-down menu to select WAN. Verify that the Protocol is set to UDP on IPv4 only. For Description, enter CorpNet-VPN. Under Tunnel Settings: For Tunnel Network, enter 198.28.20.0/24. For Local Network, enter 198.28.56.18/24. For Concurrent Connections, enter 4. Under Client Settings, in DNS Server1, enter 198.28.56.1. Select Next. Configure the firewall rules. Under Traffic from clients to server, select Firewall Rule. Under Traffic from clients through VPN, select OpenVPN rule. Select Next. Select Finish. Set the OpenVPN server just created to Remote Access (User Auth). For the WAN interface, select the Edit Server icon (pencil). For Server mode, use the drop-down and select Remote Access (User Auth). Scroll to the bottom and select Save. Configure the following Standard VPN users. From the pfSense menu bar, select System > User Manager. Select Add. Configure the User Properties as follows: Username: Username Password: Password Full name: Fullname Scroll to the bottom and select Save. Repeat steps 8b-8d to created the remaining VPN users.
What is the recommended humidity level for server rooms?
50%
You are adding switches to your network to support additional VLANs. Unfortunately, the new switches are from a different vendor than the current switches. Which standard do you need to ensure that the switches are supported?
802.1Q
Which of the following describes a logic bomb?
A program that performs a malicious activity at a specific time or after a triggering event.
You connect your computer to a wireless network available at the local library. You find that you can access all of the websites you want on the internet except for two. What might be causing the problem?
A proxy server is blocking access to the websites.
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?
ARP spoofing/poisoning
You have a shared folder named Reports. Members of the Managers group have been given Write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but he should not have any access to the Confidential.xls file. What should you do?
Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.
What does the netstat -a command show?
All listening and non-listening sockets Correct Answer:
Which of the following happens by default when you create a new ACL on a router?
All traffic is blocked.
You are the office manager of a small financial credit business. Your company handles personal financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records, but the budget is an issue for your company. Which item would provide the BEST security for this situation?
All-in-one security appliance
Which of the following describes how access control lists can be used to improve network security?
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
You are investigating the use of website and URL content filtering to prevent users from visiting certain websites. Which benefits are the result of implementing this technology in your organization? (Choose two.)
An increase in bandwidth availability Enforcement of the organization's internet usage policy
As the security analyst for your organization, you have noticed an increase in emails that attempt to trick users into revealing confidential information. Which web threat solution should you implement to protect against these threats?
Anti-phishing software
What do application control solutions use to identify specific applications?
Application signatures
Which of the following devices can apply quality of service and traffic-shaping rules based on what created the network traffic?
Application-aware devices
Which of the steps in the Network Access Control (NAC) implementation process occurs once the policies have been defined?
Apply
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following actions should you take to increase its security? (Select two.)
Apply all patches and updates. Change default account passwords.
Which of the following are often identified as the three main goals of security? (Select three.)
Availability Confidentiality Integrity
Sometimes, an attacker's goal is to prevent access to a system rather than to gain access. This form of attack is often called a denial-of-service attack and causes which impact?
Availability loss
Which deviation in power is the longest in duration?
Blackout
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
Circuit-level gateway
When training your employees on how to identify various attacks, which of the following policies should you be sure to have and enforce? (Select two.)
Clean desk policies Password policies
To complete this lab, you need to allow the following service and programs through the firewall for the Public network profile only: A service named Key Management Service An application named Arch98 An application named Apconf
Complete this lab as follows: Access the Windows Firewall settings. Right-click Start and then select Settings. Select Network & Internet. From the right pane, scroll down and select Windows Firewall. From the Firewall & network protection dialog, under Public network, select Turn on. Allow applications to communicate through the firewall for the Public network only. Select Allow an app through firewall. Select Change settings. For Key Management Service, clear Domain and Private, and then select Public. Select Allow another app to configure an exception for an application not currently allowed through the firewall. Select the application from the list and then select Add. For the newly added application, clear Domain and Private, and then select Public. Repeat steps 3d - 3f for the remaining application. Select OK.
You work as the IT security administrator for a small corporate network. You need to secure access to your pfSense appliance, which is still configured with the default user settings. In this lab, your task is to: Change the password for the default pfSense account from pfsense to P@ssw0rd (use a zero). Create a new administrative user with the following parameters: Username: zolsen Password: St@yout! Full Name: Zoey Olsen Group Membership: admins Set a session timeout of 15 minutes for pfSense. Disable the webConfigurator anti-lockout rule for HTTP. Access the pfSense management console through Google Chrome using: http://198.28.56.18 Default username: admin Password: pfsense
Complete this lab as follows: Access the pfSense management console. From the taskbar, select Google Chrome. Maximize the window for better viewing. In the Google Chrome address bar, enter 198.28.56.18 and then press Enter. Enter the pfSense sign-in information as follows: Username: admin Password: pfsense Select SIGN IN. Change the password for the default (admin) account. From the pfSense menu bar, select System > User Manager. For the admin account, under Actions, select the Edit user icon (pencil). For the Password field, change to P@ssw0rd (use a zero). For the Confirm Password field, enter P@ssw0rd. Scroll to the bottom and select Save. Create and configure a new pfSense user. Select Add. For Username, enter zolsen. For the Password field, enter St@yout!. For the Confirm Password field, enter St@yout! For Full Name, enter Zoey Olsen. For Group Membership, select admins and then select Move to Member of list. Scroll to the bottom and select Save. Set a session timeout for pfSense. Under the System breadcrumb, select Settings. For Session timeout, enter 15. Select Save. Disable the webConfigurator anti-lockout rule for HTTP. From the pfSense menu bar, select System > Advanced. Under webConfigurator, for Protocol, select HTTP. Select Anti-lockout to disable the webConfigurator anti-lockout rule. Scroll to the bottom and select Save.
5.13.6 The Fiji router has been configured with Standard IP Access List 11. The access list is applied to the Fa0/0 interface. The access list must allow all traffic except traffic coming from hosts 192.168.1.10 and 192.168.1.12. However, you've noticed that it's preventing all traffic from being sent on Fa0/0. You remember that access lists contain an implied deny any statement. This means that any traffic not permitted by the list is denied. For this reason, access lists should contain at least one permit statement or all traffic is blocked. In this lab, your task is to: Add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic. Save your changes in the startup-config file.
Complete this lab as follows: Enter the configuration mode for the Fiji router: From the exhibit, select the Fiji router. From the terminal, press Enter. Type enable and then press Enter. Type config term and then press Enter. From the terminal, add a permit any statement to Access List 11 to allow all traffic other than the restricted traffic. Type access-list 11 permit any and press Enter. Press Ctrl + Z. Save your changes in the startup-config file. Type copy run start and then press Enter. Press Enter to begin building the configuration. Press Enter.
5.13.7 BLock Source Host You have a small business network connected to the internet through a single router as shown in the network diagram. You have noticed that three hosts on the internet have been flooding your router with unwanted traffic. As a temporary measure, you want to prevent all communication from these three hosts until the issue is resolved. In this lab, your task is to: Create a Standard Access List 25. Add statements to the access list to block traffic from the following hosts: 199.68.111.199 202.177.9.1 211.55.67.11 Add a statement to allow all other traffic from all other hosts. Apply Access List 25 to the Serial0/0/0 interface to filter incoming traffic. You can also use 199.68.111.199 0.0.0.0 (without the host parameter) to identify a specific host. You can also use 0.0.0.0 255.255.255.255 to identify any host. Because this is a temporary solution, you do not need to save your changes.
Complete this lab as follows: Enter the configuration mode for the router: From the exhibit, select the router. From the terminal, press Enter. Type enable and then press Enter. Type config term and then press Enter. From the terminal, create a standard numbered access list using number 25. Add statements to the access list to block traffic to the required hosts. Type access-list 25 deny host 199.68.111.199 and press Enter. Type access-list 25 deny host 202.177.9.1 and press Enter. Type access-list 25 deny host 211.55.67.11 and press Enter. From the terminal, add a statement to allow all other traffic from all other hosts, by typing access-list 25 permit any and pressing Enter. From the terminal, apply Access List 25 to the Serial0/0/0 interface to filter incoming traffic. Type int s0/0/0 and press Enter. Type ip access-group 25 in and press Enter. Type Ctrl + Z.
5.11.6 Spoof Mac Addresses with SMAC As an IT administrator, you need to know how security breaches are caused. You know that SMAC is used for MAC spoofing, so you are going to spoof your MAC address. In this lab, your task is to complete the following: On Office2, use ipconfig /all and find the IP address and MAC address. Using SMAC, spoof the MAC address on ITAdmin to match that of Office2. Refresh the IP address on ITAdmin. Verify the MAC and IP address now match Office2.
Complete this lab as follows: Find the MAC address for Office2. Right-click Start and then select Windows PowerShell (Admin). From the Command Prompt, type ipconfig /all and press Enter. Find the MAC address. Spoof the MAC address. From the top navigation tabs, select Floor 1 Overview. Under IT Administration, select ITAdmin. In the Windows search bar, type SMAC. Under Best match, right-click SMAC and select Run as administrator. In the New Spoofed Mac Address field, type 00:00:55:55:44:15 (the MAC address from Office2). Select Update MAC. Select OK to confirm the adapter restart. Renew the IP information for the ITAdmin computer. Right-click Start and select Windows PowerShell (Admin). From the Command Prompt, type ipconfig /renew to renew the IP address. Type ipconfig /all to confirm the MAC address and the IP address have been updated.
5.9.6 In this lab, your task is to: Create a new user account with the following settings: Username: ITSwitchAdmin Password: Admin$only1844 User Level: Read/Write Management Access (15) Edit the default user account as follows: Username: cisco Password: CLI$only1958 User Level: Read-Only CLI Access (1) Save the changes to the switch's startup configuration file.
Complete this lab as follows: Log in to the CISCO switch. From the taskbar, select Google Chrome. In the URL field, enter 192.168.0.2 and press Enter. Maximize the window for easier viewing. In the Username and Password fields, enter cisco (case sensitive). Select Log In. Create a new user account. From Getting Started under Quick Access, select Change Device Password. Select Add. For the username, enter ITSwitchAdmin (case sensitive). For the password, enter Admin$only1844 (case sensitive). For Confirm Password, enter Admin$only1844. For User Level, make sure Read/Write Management Access (15) is selected. Select Apply. Select Close. Edit the default user account. Under User Account Table, select cisco (the default user) and then select Edit. For the password, enter CLI$only1958. For Confirm Password, enter CLI$only1958. For User Level, select Read-Only CLI Access (1). Select Apply. Save the changes to the switch's startup configuration file. From the top of the switch window, select Save. Under Source File Name, make sure Running configuration is selected. Under Destination File Name, make sure Startup configuration is selected. Select Apply. Select OK. Select Done.
There are two groups of users who access the CorpFiles server, Marketing and Research. Each group has a corresponding folder: D:\Marketing Data D:\Research Data In this lab, your task is to: Disable permissions inheritance for D:\Marketing Data and D:\Research Data and convert the existing permissions to explicit permissions. For each of the above folders, remove the Users group from the access control list (ACL). Add the Marketing group to the Marketing Data folder ACL. Add the Research group to the Research Data folder ACL. Assign the groups Full Control to their respective folders. Do not change any other permissions assigned to other users or groups.
Complete this lab as follows: Open the Data (D:) drive. From the Windows taskbar, select File Explorer. From the left pane, expand and select This PC > Data (D:). Disable inheritance and convert inherited permissions to explicit permissions. From the right pane, right-click the applicable folder and then select Properties. Select the Security tab. Select Advanced to modify inherited permissions. Select Disable inheritance to prevent inherited permissions. Select Convert inherited permissions into explicit permissions on this object. Remove the Users group from the access control list. In Permission entries, select Users. Select Remove to remove the group from the access control list. Select OK. Add a new group to the access control list and allow Full Control. Select Edit to add a group to the access control list. Select Add. Enter the name of the group you want to add and then select Check Names. Select OK. With the newly added group selected, under the Allow column, select Full control and then select OK. Select OK to close the properties dialog. Repeat steps 2 - 4 to modify the permissions for the additional folder.
4.3.6 Confidential personnel data is stored on the CorpFiles file server in a shared directory named Personnel. You need to configure NTFS permissions for this folder so that only managers are authorized to access it. In this lab, your task is to perform the following: Grant the Managers group the Full Control permission to the D:\Personnel folder. Remove all inherited permissions that are flowing to the D:\Personnel folder.
Complete this lab as follows: Open the Data (E:) drive. From the Windows taskbar, select File Explorer. From the left pane, expand and select This PC > Data (D:). Configure NTFS permissions. From the right pane, right-click Personnel and select Properties. Select the Security tab. Select Edit. Select Add. Enter Managers as the group that will receive permission to the folder. Click OK. With the Managers group selected, select the appropriate Full control. Click OK. Prevent inherited permissions from parent. On the Security tab, select Advanced. Select Disable inheritance. Select Remove all inherited permissions from this object. Click OK to close the Advanced Security Settings for Personnel dialog. Click OK to close the Properties dialog.
5.2.3 Configure a DMZ You are the IT administrator for a small corporate network. You want to make a web server that runs services accessible from the internet. To help protect your company, you want to place this server and other devices in a demilitarized zone (DMZ). This DMZ and server need to be protected by the pfSense Security Gateway Appliance (pfSense). Since a few of the other devices in the DMZ require an IP address, you have also decided to enable DHCP on the DMZ network. In this lab, your task is to perform the following: Access the pfSense management console: Username: admin Password: P@ssw0rd (zero) Add a new pfSense interface that can be used for the DMZ. Name the interface DMZ. Use a static IPv4 address of 172.16.1.1/16 Add a firewall rule for the DMZ interface that allows all traffic from the DMZ. Use a description of Allow DMZ to any rule Configure and enable the DHCP server for the DMZ interface. Use a range of 172.16.1.100 to 172.16.1.200
Complete this lab as follows: Sign into the pfSense management console. In the Username field, enter admin. In the Password field, enter P@ssw0rd (zero). Select SIGN IN or press Enter. Configure an interface for the DMZ. From the pfSense menu bar, select Interfaces > Assignments. Select Add. Select OPT1. Select Enable interface. Change the Description field to DMZ. Under General Configuration, use the IPv4 Configuration Type drop-down menu to select Static IPv4. Under Static IPv4 Configuration, in the IPv4 Address field, enter 172.16.1.1. Use the subnet mask drop-down menu to select 16. Select Save. Select Apply Changes. (Optional) Verify the change as follows: From the menu bar, select pfsense COMMUNITY EDITION. Under Interfaces, verify that the DMZ is shown with the correct IP address. Add a firewall rule to the DMZ interface. From the pfSense menu bar, select Firewall > Rules. Under the Firewall breadcrumb, select DMZ. (Notice that no rules have been created.) Under the Firewall breadcrumb, select LAN. Under the Actions column, select the copy icon (two files) for the rule with a source of LAN net. For the Action field, make sure Pass is selected. For the Interface field, us the drop-down menu to select DMZ. For Protocol, make sure it's set to Any. Under Source, use the drop-down menu to select DMZ net. Under Destination, make sure it is configured for any. Under Extra Options, change the description to Allow DMZ to any rule. (Is case sensitive.) Scroll to the bottom and select Save. Select Apply Changes. Configure pfSense's DHCP server for the DMZ interface. From the menu bar, select Services > DHCP Server. Under the Services breadcrumb, select DMZ. Select Enable. Configure the Range field as follows: From: 172.16.1.100 To: 172.16.1.200 Scroll to the bottom and select Save.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch.
A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration? (Select two.)
Configure the browser to send HTTPS requests through the VPN connection Configure the VPN connection to use IPsec
Which of the following are characteristics of a complex password? (Select two.)
Consists of letters, numbers, and symbols Has a minimum of eight characters
Which of the following scenarios would typically utilize 802.1x authentication?
Controlling access through a switch
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the BEST way to accomplish this?
Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.
As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same network segment as the human resources department. Which of the following steps can be used to isolate these departments?
Create a separate VLAN for each department.
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
DDoS
Where should an organization's web server be placed?
DMZ
Which special network area is used to provide added protection by isolating publicly accessible servers?
DMZ
When confidential or protected data is exposed, either intentionally or accidentally, it is considered to be which of the following?
Data breach
DNS tunneling is a common method that allows an attacker to accomplish which attack?
Data exfiltration
Which of the following best describes the concept of a virtual LAN?
Devices on the same network logically grouped as if they were on separate networks.
Which IPSec subprotocol provides data encryption?
ESP
Which of the following are solutions that address physical security? (Select two.)
Escort visitors at all times Require identification and name badges for all employees
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities? Correct Answer:
Extranet
Which of the following are characteristics of a packet-filtering firewall? (Select two.)
Filters IP address and port Stateless
Which of the following types of proxies would you use to remain anonymous when surfing the internet?
Forward
Jessica needs to set up a firewall to protect her internal network from the internet. Which of the following would be the BEST type of firewall for her to use?
Hardware
You want to create a collection of computers on your network that appear to have valuable data but actually store fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the attacker's methods. Which feature should you implement?
Honeynet
You are an IT consultant. You are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: When you enter the facility, a receptionist greets you and escorts you through a locked door to the work area where the office manager sits. The office manager informs you that the organization's servers are kept in a locked closet. An access card is required to enter the server closet. She informs you that server backups are configured to run each night. A rotation of tapes are used as the backup media. You notice the organization's network switch is kept in the server closet. You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. The office manager informs you that her desktop system no longer boots and asks you to repair or replace it, recovering as much data as possible in the process. You take the workstation back to your office to work on it. Which security-related recommendations should you make to this client?
Implement a hardware checkout policy.
Which Microsoft tool can be used to review a system's security configuration against recommended settings?
Microsoft Baseline Security Analyzer
Social engineers are master manipulators. Which of the following are tactics they might use?
Moral obligation, ignorance, and threatening
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?
Move the router to a secure server room.
Which of the following does a NAT router use to identify where a host is connected on the switch?
PAT
Which classification of attack type does packet sniffing fall under?
Passive
Windows Server Update Services (WSUS) is used to accomplish which part of a manageable network?
Patch management
Which common design feature among instant messaging clients make them less secure than other means of communicating over the internet?
Peer-to-peer networking
Which of the following methods did Microsoft introduce in Windows 10 to help distribute OS updates?
Peer-to-peer software
Drag the network attack technique on the left to the appropriate description or example on the right. (Each technique may be used once, more than once, or not at all.)
Perpetrators attempt to compromise or affect the operations of a system. Active attack Unauthorized individuals try to breach a network from off-site. External attack Attempting to find the root password on a web server by brute force. Active attack Attempting to gather information without affecting the flow of information on the network. Passive attack Sniffing network packets or performing a port scan.Inside attack Passive attack
You have recently been hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a manageable network plan for the network. You have already completed the first and second milestones, in which documentation procedures were identified and the network was mapped. You are now working on the third milestone, which is identifying ways to protect the network. Which tasks should you complete as a part of this milestone? (Select two.)
Physically secure high-value systems. Identify and document each user on the network.
You maintain a network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting network availability. Which of the following should you implement?
Positive pressure system
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?
Privilege escalation
Travis and Craig are both standard users on the network. Each user has a folder on the network server that only they can access. Recently, Travis has been able to access Craig's folder. This situation indicates which of the following has occurred?
Privilege escalation
If Mark has a read-write permission to the share \\fileserver\securefiles and a read-only permission to the file coolstuff.docx on the NTFS file system shared by the file share, he is able to perform which action?
Read the file.
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the internet from the library's computers. The students use the computers to search the internet for research paper content. The school budget is limited. Which content filtering option would you choose?
Restrict content based on content categories.
A proxy server can be configured to do which of the following?
Restrict users on the inside of a network from getting out to the internet.
Which of the following is a benefit of P2P applications?
Shared resources
Which VPN implementation uses routers on the edge of each site?
Site-to-site VPN
Which kind of access control technology allows more than just the identity of an individual to be transmitted wirelessly to either allow or deny access?
Smart card
Any attack involving human interaction of some kind is referred to as what?
Social engineering
You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?
Static Correct Answer:
Which of the following is defined as an operating system that comes hardened and validated to a specific security level as defined in the Common Criteria for Information Technology Security Evaluation (CC)? Correct Answer:
TOS
You have implemented a new application control solution. After monitoring traffic and use for a while, you have noticed an application that continuously circumvents blocking. How should you configure the application control software to handle this application?
Tarpit
Match the general defense methodology on the left with the appropriate description on the right. (Each methodology may be used once, more than once, or not all.)
The constant change in personal habits and passwords to prevent anticipated events and exploitation. Randomness Diversifying layers of defense. Variety Giving users only the access they need to do their job and nothing more. Principle of least privilege Implementing multiple security measures to protect the same asset. Layering Eliminating single points of failure. Layering Giving groups only the access they need to do their job and nothing more. Principle of least privilege
You are deploying a brand new router. After you change the factory default settings, what should you do next?
Update the firmware.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?
Use SCP to back up the router configuration to a remote location.
You are the security analyst for your organization and have recently noticed a large amount of spim on the company mobile devices. Employees rely on the IM app to communicate with each other. Which of the following countermeasures should you implement?
Use an IM blocker.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?
Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the MOST important aspect of maintaining network security against this type of attack?
User education and training
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?
VLAN
Which of the following is commonly created to segment a network into different zones?
VLANs
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and internet access. Which feature should you implement?
VLANs
As the security analyst for your organization, you have noticed an increase in user computers being infected with malware. Which two solutions should you implement and configure to remedy this problem? (Select two.)
Virus scanner Spam filters
You are configuring web threat protection on the network and have identified a website that contains malicious content. Which of the following should you configure?
Web threat filtering
You are configuring web threat protection on the network and want to prevent users from visiting www.videosite.org. Which of the following needs to be configured?
Website filtering
5.11.9 Harden a switch You are the IT security administrator for a small corporate network. You need to increase the security on the switch in the networking closet. The following table lists the used and unused ports: Unused Ports Used Ports GE2GE7GE9-GE20GE25GE27-GE28 GE1GE3-GE6GE8GE21-GE24GE26 In this lab, your task is to: Shut down the unused ports. Configure the following Port Security settings for the used ports: Interface Status: Lock Learning Mode: Classic Lock Action on Violation: Discard
While completing this lab, use the following information: Unused Ports Used Ports GE2GE7GE9-GE20GE25GE27-GE28 GE1GE3-GE6GE8GE21-GE24GE26 Complete this lab as follows: Shut down the unused ports. Under Initial Setup, select Configure Port Settings. Select the GE2 port. Scroll down and select Edit. Under Administrative Status, select Down. Scroll down and select Apply. Select Close. With the GE2 port selected, scroll down and select Copy Settings. In the Copy configuration field, enter the remaining unused ports. Select Apply.From the Port Setting Table, in the Port Status column, you can see that all the ports are down now. Configure the Port Security settings. From the left menu, expand Security. Select Port Security. Select the GE1 port. Scroll down and select Edit. Under Interface Status, select Lock. Under Learning Mode, make sure Classic Lock is selected. Under Action on Violation, make sure Discard is selected. Select Apply. Select Close. Scroll down and select Copy Settings. Enter the remaining used ports Select Apply.
The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN?
You can control security by isolating wireless guest devices within this VLAN.
The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN?You can control security by isolating wireless guest devices within this VLAN.
You can control security by isolating wireless guest devices within this VLAN.
In which of the following situations would you most likely implement a demilitarized zone (DMZ)?
You want to protect a public web server from attack.
Which command should you use to display both listening and non-listening sockets on your Linux system? (Tip: enter the command as if in Command Prompt.)
netstat -a
Next You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports?
nmap
Which command should you use to scan for open TCP ports on your Linux system? (Tip: enter the command as if in Command Prompt.)
nmap -sT
You are creating a VLAN for voice over IP (VoIP). Which command should you use?
switchport voice vlan [number]
You want to make sure no unneeded software packages are running on your Linux server. Select the command from the drop-down list that you can use to see all installed RPM packages.
yum list installed