Security+

To increase response time to your public web site, you decide to purchase three network load-balancing appliances to match your three web servers. Your web site is registered with the name www.faroutwidets.com using IP address 216.76.0.55. What IP addresses should the public interface of each load balancer assume?

216.76.0.55, 216.76.0.55, 216.76.0.55 is correct. Network load balancers (NLBs) should accept client requests to the requested service (216.76.0.55); thus, they must all be configured to listen on the same virtual IP address. Incoming client requests are then distributed to the least busy backend web servers. When multiple load balancers are used, active/active configurations mean all load balancers are active simultaneously. Active/passive means only one load balancer is active; the passive node becomes active when the active node goes down.

While discussing incident response policies during a meeting, your boss requests a dollar figure and the amount of downtime the company would suffer if a worm infected the corporate LAN. What type of study should you conduct?

Business impact analysis is correct. Studying the effect of unfavorable events (such as a computer worm) upon business operations is referred to as a business impact analysis.

Your manager asks you to identify the amount of time and personnel required to address a worm virus infection on the corporate WAN. You estimate it would take six technicians two days to remove the infection, at a total cost of $2800. Which type of analysis would this dollar figure best relate to?

Business impact analysis: A business impact analysis studies the impact (financial in this case) that an incident presents to a business.

You notice excessive network traffic when client stations connect to Windows Update to download patches and hotfixes. You would like to minimize network utilization. What should you do?

Configure an internal patch update server is correct. Internal patch update servers (such as Microsoft WSUS—Windows Server Update Services) deploy software updates to internal stations instead of their each downloading the updates, thus minimizing network utilization.

You need to implement a solution that can help prevent sensitive data from being leaked out of the company via e-mail, texting, file copying, and social media file sharing. What type of solution should you consider?

DLP is correct. Data loss prevention (DLP) solutions can be implemented to limit data leakage outside of the organization. This could be achieved with embedded watermarks on photos and videos and the limited ability to send e-mail file attachments only to users within the organization.

Which technique can easily reveal internal business procedures and computing configurations?

Dumpster diving: Dumpster diving involves analyzing discarded documentation to learn about a company's operations, view employee names and e-mail addresses, and so on.

Which of the following are considered benefits of server virtualization? (Choose two.)

Efficient application of software updates and centralized data storage are correct. Because virtualized servers could be running on the same physical host, patch deployment is efficient. Virtualized servers often use shared disk storage, thus centralizing data and making backups quicker and easier.

A technician connects to an Internet SMTP host using the telnet command and issues the following commands: ``` Helo smtp1.acme.ca Mail from:[email protected] Rcpt to:[email protected] Data:Subject:Linux versus Windows Hi Bill. Please take note that open source software is set to achieve world dominance. Thanks. - The Pres ``` How can these two users prevent this type of attack? (Choose two.)

Exchange public keys and digitally sign e-mails using private keys: A private key is used by the sender to generate a unique signature for an e-mail message. The recipient uses the related sender public key to verify the validity of the signature. Spoofed SMTP messages cannot have a valid digital signature, since hackers will not have access to the sender's private key.

In the near future your company will be using a PKI for IT systems and for building access. As the IT security director, you must decide where user PKI information will be stored. Which two storage options from the following list are valid?

File and smart card are correct: User PKI information, potentially including the private key, could be stored in a password-protected file or written to the chip in a smart card using the proper hardware.

You must determine which TCP port a custom seismic activity application uses in order to configure a firewall rule allowing access to the program. The application is running on a host named ROVER that also runs other custom network applications. Users connect to an internal web site, which in turn connects to ROVER to use the custom application. How can you find out which TCP port the custom application uses?

Generate activity to the seismic activity app and capture the traffic is correct. Using a protocol analyzer (packet sniffer) such as Wireshark or the Linux tcpdump command to capture the relevant network traffic from the web site to ROVER will reveal the TCP port being used by examining the TCP packet header. This enables technicians to use the port number to configure application or network-based firewall rules correctly.

Which item offloads the cryptographic processing responsibilities of a host computer?

HSM: HSM devices perform cryptographic calculations, thus eliminating this task from the host computer system.

A technician is researching new rack mount servers to determine the maximum BTU value of all servers in the server room. Which related item should the technician consider?

HVAC is correct. HVAC (heating, ventilation, air conditioning) must be considered when discussing server BTUs (British thermal units). BTUs measure thermal energy (heat), and your server room air conditioning must be able to displace the BTUs generated by your computing equipment; otherwise, the server room will be much too warm for your equipment.

What can be done to harden a public e-commerce web server, assuming default ports are being used? (Choose two.)

Install a PKI certificate and enable TLS and Do not use an administrative account to run the web server. are correct. You can enable TLS and install a PKI certificate on a web server. Web servers run with a user account, and this should be a limited account with limited system privileges in case the web server is compromised by an attacker.

What term describes a trusted third party possessing decryption keys?

Key escrow: Certificate revocation list is correct. A key escrow holds decryption keys in trust and is not related to the company, institution, or government agency that issued the keys. The keys can be used in the event of a catastrophe or because of legal requirements.

Your company must have the ability to examine outbound Internet traffic to ensure that attempts to access inappropriate web sites are blocked. What should you configure?

Layer 7 firewall is correct. Layer 7 (Application) of the OSI model refers to application-specific functionality, such as a web browser connecting to a specific URL.

Which security principle enables the discovery of potentially inappropriate or fraudulent activity committed by employees?

Mandatory vacations: Mandatory vacations enable the potential discovery of irregularities in a job role by whoever fills that role while an employee is on vacation. The new person can audit previous activities or compile associated reports that uncover fraudulent activity.

What can an administrator configure to prevent users from reusing old passwords within a short period of time? (Choose two.)

Minimum password age and password history are correct. Minimum password age is the amount of time that must pass before users can reset their passwords again. Combined with password history, this can prevent users from changing their passwords multiple times (password history) to the point where they can reuse old passwords within a short period of time.

Which of the following statements regarding capturing wireless network traffic with a packet sniffer are true? (Choose two.)

Most wireless routers behave as hubs do; all wireless clients exist in a single collision domain and wireless router administrative credentials sent over HTTP are vulnerable are correct: Most wireless routers do not isolate wireless client connections; this means once you have connected to the wireless network and begun a network capture, you will see all wireless client traffic. Newer wireless routers support isolation mode, which behaves much like an Ethernet switch (each port is its own collision domain). Most wireless routers use HTTP to transmit administrative credentials. Capturing this traffic means the credentials can easily be learned; HTTPS should be configured so that administrative credentials are encrypted.

You are installing a wireless router on the first floor of a commercial building. What should you do to minimize the possibility of Wi-Fi users connecting from the street? (Choose two.)

Place the wireless router in the center of the building and disable DHCP on the wireless router are correct: Placing the wireless router in the center of the building reduces the signal strength outside of the building. Disabling DHCP (Dynamic Host Configuration Protocol) means connecting clients must manually configure an appropriate IP address, subnet mask, default gateway, and DNS server.

Which network component can commonly be configured as a NAT (network address translation) device?

Router is correct. Routers are OSI layer 3 (Network) devices that have at least two interfaces connecting to different networks. NAT normally runs on a router and can be configured to allow devices on an internal network with private TCP/IP addresses to gain access to a public network using the NAT router's public IP address.

A user would like to use FTP to transfer a file to an FTP server. Other users who download the same file from the FTP server must have a way to ensure that the file has not been tampered with. Which protocol can perform this function?

SHA-3: SHA-3 is correct. SHA-3 is a hashing algorithm used to calculate a unique hash value. Changes to the source data (the file transferred to the FTP [File Transfer Protocol] server in this case) would invalidate the unique hash value when it is calculated again.

Which TCP/IP protocol can be used to manage and monitor all types of network devices?

SNMP is correct Simple Network Management Protocol (SNMP) is an industry standard for managing and monitoring printers, servers, workstations, routers, switches, IP phones, and so on. SNMP version 3 should be used because it provides encryption and integrity functionality.

Which type of tool is commonly used to automate incident response?

SOAR: Security orchestration, automation, and response (SOAR) solutions use runbooks to automate incident response thus reducing incident response time.

Which type of SOC report focuses on the efficacy of security controls required to meet trust principles?

SOC 2 Type 1: SOC 2 Type 1 documents IT systems and business processes to ensure compliance with security trust requirements.

Which items would be found in an IP header? (Choose two.)

Source IP address and TTL value are correct. Among other fields, the IP header in a packet contains the source IP address and the TTL (time-to-live) value. The TTL value on newer Windows operating systems (such as 7, 8, and 10) is normally set to 128. This value determines how many routers (hops) the packet can travel though before being discarded.

Two users agree on a passphrase that is used to encrypt communications between their cell phones. Which of the following best describes this type of key?

Symmetric: When the same key is used to encrypt and decrypt, this is called symmetric encryption.

An attacker enters an office building and plugs his laptop into an unused network jack behind a plant in the reception area. He is then connected to the LAN, where he initiates an ARP poisoning attack. How could this have been prevented? (Choose two.)

Use a strict IPSec policy for all LAN computers and disable unused switch ports are correct. IPSec can be used to ensure that network traffic is accepted only from appropriate computers. For example, a LAN could use PKI certificates with IPSec—traffic from computers without a trusted PKI certificate would simply be dropped. Switch ports not in use should be disabled to prevent unauthorized network connectivity.

Which of the following is an example of high availability?

Web server cluster is correct. A cluster consists of two or more servers working together to ensure that a service is always available, such as a web site.

A router is configured to allow outbound TCP ports 80, 443, and 25. You would like to use the Remote Desktop Protocol to access a server at another location. Which of the following statements is correct, assuming default ports are being used?

You will not be able to RDP to the external server because the router is implicitly denying RDP packets is correct. RDP (Remote Desktop Protocol) uses TCP port 3389, and this is implicitly denied because only ports 80, 443, and 25 allow traffic out.