Security + Exam 2

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

What is the minimum number of load balancers needed to configure active/active load balancing?

2

What is a virtual firewall?

A firewall that runs in the cloud

Which is an IPsec protocol that authenticates that packets received were sent from the source?

AH

In which of the following configurations are all the load balancers always active?

Active-active

which choice identifies attributes required for an x.509 compliant digital certificate?

All of these

Which firewall rule action implicitly denies all other traffic unless explicitly allowed?

Allow

Which feature of Windows 10 establishes a persistent virtual private network (VPN) connection when there is Internet connectivity?

Always On VPN

Which type of monitoring methodology looks for statistical deviations from a baseline?

Anomaly monitoring

Which of the following is NOT a means by which a newly approved root digital certificate is distributed?

Application updates

Which of the following can be used to detect malicious activities? [Choose all that apply]

CCTV Cameras Alarms

What is the name of the device protected by a digital certificate?

CN

Which block cipher mode of operating requires that both the message sender and receiver access a counter that computes a new value whenever a ciphertext block is exchanged?

CTR

What is the name of the fields in an X.509 digital certificate that are used when the parties negotiate a secure connection?

Certificate attributes

A centralized directory of digital certificates is called a(n) _____.

Certificate repository (CR)

Which of the following should be mentioned by a network diagram? [Choose all that apply.]

Connectivity between the devices Devices present on the network IP addresses and names of the devices

Which of the following does NOT describe an area that separates threat actors from defenders?

Containment space

Which of the following relates to the term Data Sovereignty?

Country specific laws and regulations

What entity calls in crypto modules to perform cryptographic tasks?

Crypto service provider

Which of the DLP sensor choices requires communication with the DLP server?

DLP agent

Which of the following attack is also known as DNS spoofing?

DNS poisoning

Tomaso is explaining to a colleague the different types DNS attacks. Which DNS attack would only impact a single user?

DNS poisoning attack

Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider?

DNS sinkhole

Which of these is NOT used in scheduling a load balancer?

Data within the application message itself

One way to secure data is through Data Loss Prevention (DLP). Which of the choices is not a data type protected by DLP?

Data-to-disclose

In an organization, in which of the following places would you avoid installing a fire suppression system? [Choose all that apply]

Datacenter Server Room

Which of the following type of security controls involves installing bollards?

Deterrent

Which of the following type of security control are CCTV cameras? [Choose all that apply]

Deterrent Detective

What is the strongest technology that would assure Alice that Bob is the sender of a message?

Digital certificate

What does the arp -a command do?

Displays arp cache

What is the difference between a DoS and a DDoS attack?

DoS attacks use fewer computers than DDoS attacks.

Juan needs a certificate that must only authenticate that a specific organization has the right to use a particular domain name. What type of certificate does he need?

Domain validation

How is confidentiality achieved through IPsec?

ESP

When setting up a data center in a particular geography, which of the following points must be considered? [Choose all that apply]

Fiber backbone availability Type of connectivity available Internet service provider's presence Locations of the customers Power availability

Which of the following functions does a network hardware security module NOT perform?

Fingerprint authentication

Which device intercepts internal user requests and then processes those requests on behalf of the users?

Forward proxy server

Which of the following contains honeyfiles and fake telemetry?

High-interaction honeypot

Calix was asked to protect a system from a potential attack on DNS. What are the locations he would need to protect?

Host table and external DNS server

In the lab, which of the choices was installed?

Host-based firewall

Which of the following term relates to the accuracy and consistency of data?

Integrity

Which of the following is NOT a reason that threat actors use PowerShell for attacks?

It can be invoked prior to system boot.

Which statement regarding a demilitarized zone (DMZ) is NOT true?

It contains servers that are used only by internal network users.

How does BPDU guard provide protection?

It detects when a BPDU is received from an endpoint.

Which of the following is NOT true about VBA?

It is being phased out and replaced by PowerShell.

Which of the following is NOT correct about L2TP?

It must be used on HTML5 compliant devices.

Which refers to a situation in which keys are managed by a third party, such as a trusted CA?

Key escrow

Which of the following is globally unique in the system?

MAC address

Which of the following is not a basic configuration management tool?

MAC address schema

Deacon has observed that the switch is broadcasting all packets to all devices. He suspects it is the result of an attack that has overflowed the switch MAC address table. Which type of attack is this?

MAC flooding attack

Which of the following can be triggered when a document opens?

Macro

Which of the following offerings can be provided by a Cloud Access Service Broker (CASB)? [Choose all that apply]

Malware prevention Threat prevention Cloud governance Data Loss Prevention (DLP) Identity and Access Management (IAM)

Which attack intercepts communications between a web browser and the underlying OS?

Man-in-the-browser (MITB)

Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use?

Masking

Which of the following tools can be used to conduct a Distributed Denial-of-Service (DDoS) attack? [Choose all that apply]

Nemesy UDP Flooder HTTP Unbearable Load King (HULK) DAVOSET

Which of the following can be used to detect if a Trojan has infected a system?

Netstat

You want to view the arp cache. Which command would you use?

None of these

Elton needs his application to perform a real-time lookup of a digital certificate's status. Which technology would he use?

Online Certificate Status Protocol (OCSP)

You want the latest status of a digital certificate. Which technology or protocol would you use?

Online Certificate Status Protocol (OCSP)

Theo uses the Python programming language and does not want his code to contain vulnerabilities. Which of the following best practices would Theo NOT use?

Only use compiled and not interpreted Python code.

Which of the following is an open source toolkit used to implement the SSLv3 and TLS v1 protocols?

OpenSSL

Proteus has been asked to secure endpoints that can be programmed and have an IP address so that they cannot be used in a DDoS attack. What is the name for this source of DDoS attack?

Operational Technology

What is the file extension for a Cryptographic Message Syntax Standard based on PKCS#7 that defines a generic syntax for defining digital signature and encryption?

P7B

Which device is connected to a port on a switch in order to receive network traffic?

Passive IDS

Which of the following are ways of configuring access control lists (ACL)? [Choose all that apply]

Per-group basis Per-user basis Using an effective right mask

Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need?

Policy-based firewall

If you are using a USB data blocker, which type of security control are you using?

Preventive

Which of the following sensors can detect an object that enters the sensor's field?

Proximity

Who verifies the authenticity of a CSR?

Registration authority

A mail gateway can have many functions. Which choice is NOT one of those functions?

Require full tunnel

Which of the following is used to target SSL-enabled sessions and non-SSL-enabled links to sniff their contents?

SSL Strip

Of the choices listed, which is the correct protocol to access a remote computer and execute commands?

Secure Shell (SSH)

Which is a protocol for securely accessing a remote computer in order to issue a command?

Secure Shell (SSH)

_____ are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity

Session keys

Sofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose?

Split tunnel

Which of the following is not a basic configuration management tool?

Split tunnel

Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this?

Stateful packet filtering

Which of the following is a tool for editing packets and then putting the packets back onto the network to observe their behavior?

Tcpreplay

What is the result of an ARP poisoning attack?

The ARP cache is compromised.

Which of the following statements describe the implications of IPv6? [Choose all that apply]

The adoption of IPv6 is still missing with many organizations Devices and operating systems need to be upgraded Networks need to be upgraded or redesigned IPv6 addresses are long and difficult to remember

What is Bash?

The command-language interpreter for Linux/UNIX OSs

Olivia is explaining to a friend about digital certificates. Her friend asks what two entities a digital certificate associates or binds together. What would Olivia say?

The user's identity with their public key

Which is the first step in a key exchange?

The web browser sends a message ("ClientHello") to the server.

What is the purpose of certificate chaining?

To group and verify digital certificates

Which of the following can a digital certificate NOT be used for?

To verify the authenticity of the CA

Which of the following is NOT a Microsoft defense against macros?

Trusted domain

Estevan has recommended that the organization hire and deploy two security guards in the control room to limit the effect if one of the guards has been compromised. What is Estevan proposing?

Two-person integrity/control

Which of these appliances provides the broadest protection by combining several security functions?

UTM

Which of the following is NOT a NAC option when it detects a vulnerable endpoint?

Update Active Directory to indicate the device is vulnerable.

Which of the following tasks can be performed using the out-of-band management feature in network devices? [Choose all that apply]

Upgrade the firmware Perform maintenance Power-on the network device Reinstall the operating system Reboot the network device

Which of the following is NOT a firewall rule parameter?

Visibility

Which of the following tool can be used to automate the setup of an evil twin?

Wi-Fi Pineapple

You want to clear the arp cache. Which command would you use?

arp -d

You want to add an entry to the ARP table. Which command would you use?

arp -s (IP address and MAC address)

Eros wants to change a configuration file on his Linux computer. He first wants to display the entire file contents. Which tool would he use?

cat

Which utility sends custom TCP/IP packets?

hping

Which of the following nmap command is used for file-exclusion?

nmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt

Which of the following command is used to detect OS on a target?

nmap -o

Which of the following command is used to perform FIN scan?

nmap -sF

Which of the following command is used to perform xmas tree scan?

nmap -sX -v

Which of the following is a third-party OS penetration testing tool?

sn1per

Gregory wants to look at the details about the patch a packet takes from his Linux computer to another device. Which Linux command-line utility will he use?

traceroute


Set pelajaran terkait

AP Psychology - ULTIMATE AP REVIEW

View Set