CompTIA Security+ Chapter 3: Implementation (25%)
In which of the following load balancer mode, two or more servers aggregate the network traffic load and work as a team distributes it to the network servers? (A) Active/active (B) Active/passive (C) Passive/active (D) Passive/passive
A Example : In Active/active mode two or more servers aggregate the network traffic load and work as a team distributes it to the network servers. The load balancers can also remember information requests from users and keep this information in the cache.
Which of the following Public key infrastructure (PKI) terms is known as an organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates? (A) Certificate authority (CA) (B) Registration authority (RA) (C) Online Certificate Status Protocol (OCSP) (D) Certificate signing request (CSR)
A Explanation : A Certificate authority (CA) also sometimes referred to as a certification authority, is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates. A digital certificate provides: 1. Authentication, by serving as a credential to validate the identity of the entity that it is issued to. 2. Encryption, for secure communication over insecure networks such as the Internet. 3. Integrity of documents signed with the certificate so that they cannot be altered by a third party in transit.
It has been noticed the Wi-Fi of your company is slow and sometimes not operational. After investigation, you noticed this caused by channel interference. Which of the following solutions will you implement to avoid problems such as 162 channel interference when you build your WLAN? (A) Heat maps (B) WiFi Protected Setup (C) Captive portal (D) You can't avoid channel interference
A Explanation : A WiFi heatmap is a map of wireless signal coverage and strength. Typically, a WiFi heatmap shows a real map of a room, floor, or even a city overlaid by a graphical representation of a wireless signal. The purpose of creating a WiFi heatmap is to obtain accurate information about the quality of coverage of a WiFi network. As you may know, WiFi coverage is affected by many different factors, including: 1. Your WiFi router 2. Other WiFi networks 3. Physical obstacles 4. RF interference
A _____________ certificate is a digital certificate that's not signed by a publicly trusted certificate authority (CA). These certificates are created, issued, and signed by the company or developer who is responsible for the website or software being signed. (A) Self-signed (B) Wildcard (C) Subject alternative name (D) Code signing certificates
A Explanation : A self-signed certificate is a digital certificate that's not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/ MIME certificates. The reason why they're considered different from traditional certificate-authority signed certificates is that they've created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
As a security expert of your company you are responsible for preventing unauthorized (rogue) Dynamic Host Configuration Protocols servers offering IP addresses to the clients. Which of the following security technology will you implement to meet the requirement? (A) DHCP snooping (B) BPDU guard (C) MAC filtering (D) Jump server
A Explanation : DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients. Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes. However, the most common DoS scenario is that of an end-user plugging in a consumer-grade router at their desk, ignorant that the device they plugged in is a DHCP server by default.
You have been tasked to implement a solution to increase the security of your company's local area network (LAN). All of the company's external-facing servers (Web server, Mail server, FTP server) should be placed in a separate area in order to be accessible from the internet, but the rest of the internal LAN to be unreachable. Which of the following techniques will you implement to meet the requirement? (A) DMZ (B) VLAN (C) VPN (D) DNS
A Explanation : In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a physical or logical subnet that separates an internal local area network (LAN) from other untrusted networks — usually the public internet. External-facing servers, resources, and services are located in the DMZ. Therefore, they are accessible from the internet, but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts a hacker's ability to directly access internal servers and data through the internet.
In the form of Rule-Based Access Control, data are accessible or not accessible based on the user's IP address. (A) TRUE (B) FALSE
A Explanation : In the form of Rule-Based Access Control (RBAC), you're focusing on the rules associated with the data's access or restrictions. These rules may be parameters, such as allowing access only from certain IP addresses, denying access from certain IP addresses, or something more specific. In a more specific instance, access from a specific IP address may be allowed unless it comes through a certain port (such as the port used for FTP access). When dealing with Role-based access controls, data is protected in exactly the way it sounds like it is: by user roles. Users are sorted into groups or categories based on their job functions or departments, and those categories determine the data that they're able to access. Human Resources team members, for example, might be permitted to access employee information while no other role-based group is permitted to do so.
What technique is used for IP address conservation by making private IP addresses to connect to the Internet? (A) NAT (B) UTM (C) WAF (D) ACL
A Explanation : Network Address Translation (NAT) is designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses before packets are forwarded to another network. As part of this capability, NAT can be configured to advertise only one address for the entire network to the outside world. This provides additional security by effectively hiding the entire internal network behind that address. NAT offers the dual functions of security and address conservation and is typically implemented in remote-access environments
You have been hired as a security expert to implement a security solution to protect an organization from external threats. The solution should provide packet filtering, VPN support, network monitoring, and deeper inspection capabilities that give the organization a superior ability to identify attacks, malware, and other threats. Which of the following security solutions will you implement to meet the requirement? (A) Next-generation firewall (NGFW) (B) Endpoint detection and response (EDR) (C) Anti-malware (D) Antivirus
A Explanation : Next-generation firewall (NGFW) filters network traffic to protect an organization from external threats. Maintaining features of stateful firewalls such as packet filtering, VPN support, network monitoring, and IP mapping features, NGFWs also possess deeper inspection capabilities that give them a superior ability to identify attacks, malware, and other threats. Next-generation firewalls provide organizations with application control, intrusion prevention, and advanced visibility across the network. As the threat landscape continues to develop rapidly, traditional firewalls fall further behind and put your organization at risk. NGFWs not only block malware, but also include paths for future updates, giving them the flexibility to evolve with the landscape and keep the network secure as new threats arise.
Which of the following authentication protocols allows you to use an existing account to sign in to multiple websites, without needing to create new passwords? (A) OpenID (B) Kerberos (C) TACACS+ (D) OAuth
A Explanation : OpenID is the correct answer. The OpenID allows you to use an existing account to sign in to multiple websites, without needing to create new passwords. With OpenID, your password is only given to your identity provider, and that provider then confirms your identity to the websites you visit.
Which of the following technologies will you use in order to send instant notifications to your subscribed users each time you publish a new blog post on your website? (A) Push notifications (B) Geofencing (C) Geolocation (D) Remote wipe
A Explanation : Push notifications are clickable pop-up messages that appear on your users' browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices. Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Which of the following VPN solutions is used to connect a personal user device to a remote server on a private network? (A) Remote Access (B) Site-to-site (C) Split tunnel (D) Proxy server
A Explanation : Remote Access (Personal) VPN is used to connect a personal user device to a remote server on a private network. Once a remote access VPN is connected, a user's internet activity will go through the encrypted VPN tunnel to the remote server and access the internet from that remote server. That means that the internet website or application sees the remote server's IP address instead of your personal device's IP address - which provides a layer of privacy.
________________________ Assertions Markup Language is an important component of many SSO systems that allow users to access multiple applications, services, or websites from a single login process. It is used to share security credentials across one or more networked systems. (A) Security (B) Single (C) Sign (D) Service
A Explanation : Security Assertions Markup Language is an important component of many SSO systems that allow users to access multiple applications, services, or websites from a single login process. It is used to share security credentials across one or more networked systems.
One of the features of SNMPv3 is called message integrity. (A) TRUE (B) FALSE
A Explanation : Simple Network Management Protocol (SNMP) is a way for different devices on a network to share information with one another. It allows devices to communicate even if the devices are different hardware and run different software. Without a protocol like SNMP, there would be no way for network management tools to identify devices, monitor network performance, keep track of changes to the network, or determine the status of network devices in real-time. Simple Network Management Protocol (SNMP) provides a message format for communication between what are termed, managers, and agents. An SNMP manager is a network management application running on a PC or server, with that host typically being called a Network Management Station (NMS). As for the SNMP protocol messages, all versions of SNMP support a basic clear-text password mechanism, although none of those versions refer to the mechanism as using a password. SNMP Version 3 (SNMPv3) adds more modern security as well. The following are SNMPv3 features: 1. Message integrity: This mechanism, applied to all SNMPv3 messages, confirms whether or not each message has been changed during transit. 2. Authentication: This optional feature adds authentication with both a username and password, with the password never sent as clear text. Instead, it uses a hashing method like many other modern authentication processes. 3. Encryption (privacy): This optional feature encrypts the contents of SNMPv3 messages so that attackers who intercept the messages cannot read their contents.
Your manager trying to understand the difference between SFTP and FTPS. So, he asked you to explain the difference between those. Which of the following statements are correct? (Choose all that apply.) (A) SFTP, also known as SSH FTP, encrypts both commands and data while in transmission (B) FTPS, also known as FTP Secure or FTP-SSL (C) SFTP protocol is packet-based as opposed to textbased making file and data transfers faster (D) FTPS authenticates your connection using a user ID and password or SSH Keys (E) SFTP authenticates your connection using a user ID and password, a certificate, or both
A, B, C Explanation : The correct statements are: 1. SFTP, also known as SSH FTP, encrypts both commands and data while in transmission. 2. FTPS, also known as FTP Secure or FTP-SSL. 3. SFTP protocol is packet-based as opposed to text-based making file and data transfers faster.
The network administrator from your company notices that the network performance has been degraded due to a broadcast storm. Which of the following techniques will you recommend to the network administrator in order to reduce broadcast storms? (Choose all that apply) (A) Check for loops in switches (B) Split up your broadcast domain (C) Allow you to rate-limit broadcast packets (D) Check how often ARP tables are emptied (E) Split up your collision domain (F) Check the routing tables
A, B, C, D Explanation : A broadcast storm is an abnormally high number of broadcast packets within a short period of time. A broadcast storm can overwhelm switches and endpoints as they struggle to keep up with processing the flood of packets. When this happens, network performance degrades. How to reduce broadcast storms: 1. Storm control and equivalent protocols allow you to ratelimit broadcast packets. If your switch has such a mechanism, turn it on. 2. Ensure IP-directed broadcasts are disabled on your Layer 3 devices. There's little to no reason why you'd want broadcast packets coming in from the internet going to a private address space. If a storm is originating from the WAN, disabling IP-directed broadcasts will shut it down. 3. Split up your broadcast domain. Creating a new VLAN and migrating hosts into it will load balance the broadcast traffic to a more acceptable level. Broadcast traffic is necessary and useful, but too much of it eventually leads to a poor network experience. 4. Check how often ARP tables are emptied. The more frequently they're emptied, the more often ARP broadcast requests occur. 5. Sometimes, when switches have a hardware failure, their switchports begin to spew out broadcast traffic onto the network. If you have a spare switch of the same or similar model, clone the config of the active switch onto the spare and swap 195 the hardware and cables during a maintenance window. Does the storm subside? If it does, it was a hardware issue. If not, then you've gotta keep digging. 6. Check for loops in switches. Say there was an unmanaged Layer 2 switch connected upstream to an unmanaged switch, and someone's connected a cable between two ports on the same unmanaged switch (let's say ports 1 and 2). The unmanaged switch will respond to all broadcasts multiple times and flood the broadcast domain with packets, causing a denial of service attack on the network.
Which of the following options are cryptographic protocols? (Choose all the apply) (A) WPA2 (B) WPA3 (C) CCMP (D) SAE (E) EAP (F) PEAP
A, B, C, D Explanation : WPA2 is the correct answer. Short for Wi-Fi Protected Access 2, WPA2 is the security method added to WPA for wireless networks that provide stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. WPA3 is the correct answer. WPA3 is the latest version of WiFi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. The primary enhancement to WPA3 Personal is in the authentication process, where WPA3 makes brute-force dictionary attacks much more difficult and time-consuming for an attacker. CCMP is the correct answer. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard for wireless local area networks (WLANs), particularly those using WiMax technology. CCMP offers enhanced security compared with similar technologies such as Temporal Key Integrity Protocol (TKIP). CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks. SAE is the correct answer. In cryptography, Simultaneous Authentication of Equals (SAE) is a secure password-based authentication and password-authenticated key agreement method. SAE is resistant to passive attack, active attack, and dictionary attack. It provides a secure alternative to using certificates or when a centralized authority is not available. It is a peer-to-peer protocol, has no asymmetry, and supports simultaneous initiation. It is therefore well-suited for use in mesh networks.
Which of the following options are authentication protocols? (Choose all the apply) (A) EAP (B) PEAP (C) WPA2 (D) WPA3 (E) RADIUS
A, B, E Explanation : EAP is the correct answer. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet. In EAP, a user requests a connection to a wireless network 208 through an access point. The access point requests identification (ID) data from the user and transmits that data to an authentication server. The authentication server asks the access point for proof of the validity of the ID. After the access point obtains that verification from the user and sends it back to the authentication server, the user is connected to the network as requested. PEAP is the correct answer. PEAP (Protected Extensible Authentication Protocol) is a version of EAP. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control. PEAP authenticates the server with a public key certificate and carries the authentication in a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN stations and the authentication server can authenticate themselves. RADIUS is the correct answer. Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point.
Application whitelisting prevents undesirable programs from executing, while application blacklisting is more restrictive and allows only programs that have been explicitly permitted to run. (A) TRUE (B) FALSE
B Explanation : Application blacklisting prevents undesirable programs from executing, while application whitelisting is more restrictive and allows only programs that have been explicitly permitted to run. Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabilities but also those that are deemed inappropriate within a given organization. Blacklisting is the method used by most antivirus programs, intrusion prevention/detection systems and spam filters. Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. The 184 goal of whitelisting is to protect computers and networks from potentially harmful applications.
You have been tasked to implement a security solution so all the network events from your company should be recorded in a central database for further analysis. Which of the following security solutions will you implement to meet the requirement? (A) Next-generation firewall (NGFW) (B) Endpoint detection and response (EDR) (C) Anti-malware (D) Antivirus
B Explanation : Endpoint detection and response (EDR) is an emerging technology that addresses the need for continuous monitoring and response to advanced threats. Endpoint detection and response tools work by monitoring endpoint and network events and recording the information in a central database where further analysis, detection, investigation, reporting, and alerting take place. A software agent installed on the host system provides the foundation for event monitoring and reporting.
In the form of Role-Based Access Control, data are accessible or not accessible based on the user's IP address. (A) TRUE (B) FALSE
B Explanation : In the form of Role-Based Access Control, the data is accessible or not accessible based on the user's IP address. When dealing with role-based access controls, data is protected in exactly the way it sounds like it is: by user roles. Users are sorted into groups or categories based on their job functions or departments, and those categories determine the data that they're able to access. Human Resources team members, for example, might be permitted to access employee information while no other role-based group is permitted to do so. In the form of Rule-Based Access Control (RBAC), you're focusing on the rules associated with the data's access or restrictions. These rules may be parameters, such as allowing access only from certain IP addresses, denying access from certain IP addresses, or something more specific. In a more specific instance, access from a specific IP address may be allowed un less it comes through a certain port (such as the port used for FTP access).
For security and monitoring purposes your company instructed you to implement a solution so that all packets entering or exiting a port should be copied and then should be sent to a local interface for monitoring. Which of the following solution will you implement in order to meet the requirement? (A) Access control list (ACL) (B) Port mirroring (C) Quality of service (QoS) (D) File Integrity Monitoring
B Explanation : Port mirroring copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface for local monitoring or to a VLAN for remote monitoring. Use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on. Port mirroring is needed for traffic analysis on a switch because a switch normally sends packets only to the port to which the destination device is connected. You configure port mirroring on the switch to send copies of unicast traffic to a local interface or a VLAN and run an analyzer application on a device connected to the interface or VLAN.
Which of the following features will you use to remotely clear your phones' data in the event of losing your phone? (A) Geofencing (B) Remote wipe (C) Geolocation (D) Push notifications
B Explanation : Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Which of the following VPN solutions is used to connect two local area networks (LANs) utilized by businesses large and small that want to provide their employees with secure access to network resources? (A) Remote access (B) Site-to-site (C) Split tunnel (D) Proxy server
B Explanation : The Site to Site VPN, known as point to point VPN, is used to connect two local area networks (LANs). Site to site VPNs are usually utilized by businesses large and small that want to provide their employees or business partners secure access to network resources. Usually, these network resources are files or access to programs that need to be protected.
The main goal of performing a wireless site ________________ is to reveal areas of channel interference and dead zones, helping you avoid problems as you build the network and prevent obstacles for network users. (A) Inspection (B) Survey (C) Check (D) Scan
B Explanation : The main goal of performing a wireless site survey is to reveal areas of channel interference and dead zones, helping you avoid problems as you build the network and prevent obstacles for network users. A wireless site survey is used to determine two things. First, you want to determine the feasibility of building a wireless network on your site. Once you have established it's feasible, you'll need to determine the best place for access points and other equipment such as antennas and cables. A site survey also helps you to determine what type of equipment you will need, where it will go, and how it needs to be installed
Assuming you have the domain yourcompany. com with the following sub-domains: www.yourcompany.com mail.yourcompany.com intranet.yourcompany.com secure.yourcompany.com me.yourcompany.com Which of the following types of certificates will you choose to secure all the first-level sub-domains on a single domain name? (A) Subject alternative name (B) Code signing certificates (C) Wildcard (D) Self-signed
C Explanation : A Wildcard SSL Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.yourcompany.com and you can use it on all of the following without errors: www.yourcompany.com mail.yourcompany.com intranet.yourcompany.com secure.yourcompany.com me.yourcompany.com
Access _________________ List is a network traffic filter that controls incoming or outgoing traffic. It works on a set of rules that define how to forward or block a packet at the router's interface. (A) Security (B) Filter (C) Control (D) Service
C Explanation : Access Control List is a network traffic filter that controls incoming or outgoing traffic. It works on a set of rules that define how to forward or block a packet at the router's interface.
Which of the following types of certificates will you use to digitally sign your apps as a way for end-users to verify that the code they receive has not been altered or compromised by a third party? (A) Wildcard (B) Subject alternative name (C) Code signing certificates (D) Self-signed
C Explanation : Code signing certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your company's name, and if desired, a timestamp.
In cloud computing, the ability to scale up and down resources based on the user's needs is known as: (A) Virtual private cloud (B) Network segmentation (C) Dynamic resource allocation (D) Public subnet
C Explanation : Dynamic resource allocation is the correct answer. Dynamic resource allocation is the ability to scale up and down resources based on the user's needs.
You have been tasked to implement a solution to encrypt data as it is written to the disk and decrypt data as it is read off the disk. Which of the following solution will you implement to meet the requirement? (A) Root of trust (B) Trusted Platform Module (C) Self-encrypting drive (SED) / full-disk encryption (FDE) (D) Sandboxing
C Explanation : Full-disk encryption (FDE) and self-encrypting drives (SED) encrypt data as it is written to the disk and decrypt data as it is read off the disk. FDE makes sense for laptops, which are highly susceptible to loss or theft. But FDE isn't suitable for the most common risks faced in data center and cloud environments. The advantages of full-disk encryption/self-encrypting drives (FDE/SED) include: 1. Simplest method of deploying encryption 2. Transparent to applications, databases, and users. 3. High-performance, hardware-based encryption The limitations of full-disk encryption/self-encrypting drives (FDE/SED) include: 1. Addresses a very limited set of threats (protects only from physical loss of storage media) 2. Lacks safeguards against advanced persistent threats (APTs), malicious insiders, or external attackers 3. Meets minimal compliance requirements 4. Doesn't offer granular access audit logs
You have been tasked to implement a solution to send product offers to consumers' smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store. What solution will you implement in order to achieve that? (A) Geolocation (B) Push notifications (C) Geofencing (D) Remote wipe
C Explanation : Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area. Companies send product offers or specific promotions to consumers' smartphones when they trigger a search in a particular geographic location, enter a mall or neighborhood.
You have been tasked to configure the Wi-Fi of your company's LAN to allow certain computers to have access to the Internet and the rest computers need to be blocked. Which of the following security technology will you implement to meet the requirement? (A) DHCP snooping (B) BPDU guard (C) MAC filtering (D) Jump server
C Explanation : MAC filtering is a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you don't want on your Wi-Fi. It helps in preventing unwanted access to the network. In a way, we can blacklist or white list certain computers based on their MAC address.
You have been tasked to access a remote computer for handling some administrative tasks over an unsecured network in a secure way. Which of the following protocols will you use to access the remote computer to handle the administrative tasks? (A) SRTP (B) LDAPS (C) SSH (D) HTTPS
C Explanation : SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network. Secure Shell provides strong password authentication and public key authentication, as well as encrypted data communications between two computers connecting over an open network, such as the internet. In addition to providing strong encryption, SSH is widely used by network administrators for managing systems and applications remotely, enabling them to log in to another computer over a network, execute commands and move files from one computer to another.
WiFi ____________ Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster, easier, and more secure. (A) Faster (B) Easier (C) Protected (D) Secured
C Explanation : WiFi Protected Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster, easier, and more secure. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols.
The type of network hardware appliance that protects networks against security threats (malware, attacks) that simultaneously target separate parts of the network by integrating multiple security services and features is known as: (A) Network address translation (NAT) (B) Web application firewall (WAF) (C) Content/URL filter (D) Unified threat management (UTM)
D Explanation : A Unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features. UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.
