15.4.7 - Practice Questions

Which of the following enterprise wireless configuration strategies best keeps public wireless access separate from private wireless access? - Configure a guest access WLAN that uses open authentication and isolates guest WLAN traffic from other clients on the same access point. - Established shared key authentication that uses one passphrase for guest users and another passphrase for private users. - Implement MAC address filtering to restrict connections to the private access point only to MAC addresses that are explicitly allowed. - Deploy independent stand-alone access points throughout your enterprise and configure each to use the same SSID, the same channel, and the same IP subnet.

Configure a guest access WLAN that uses open authentication and isolates guest WLAN traffic from other clients on the same access point.

Which of the following mobile device security consideration disables the ability to use the device after a short period of inactivity? - Remote wipe - TPM - Screen lock - GPS

Screen lock

You are considering using Wi-Fi triangulation to track the location of wireless devices within your organization. However, you have read on the internet that this type of tracking can produce inaccurate results. What is the most important consideration for getting reliable results when implementing this type of system? - WAP placement - Wireless encryption in use - Wireless standard in use - Signal strength

Signal strength

Match each bring your own device (BYOD) security concern on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all. Drag - Implement a network access control (NAC) solution. - Specify where and when mobile devices can be possessed in your acceptable use policy. - Specify who users can call for help with mobile device apps in your acceptable use policy. - Enroll devices in a mobile device management system. Drop - Users take pictures of proprietary processes and procedures. - Devices with a data plan can email stolen data. - Devices have no PIN or password configured. - Anti-malware software is not installed. - A device containing sensitive data may be lost.

Users take pictures of proprietary processes and procedures. - Specify where and when mobile devices can be possessed in your acceptable use policy. Devices with a data plan can email stolen data. - Specify where and when mobile devices can be possessed in your acceptable use policy. Devices have no PIN or password configured. - Enroll devices in a mobile device management system. Anti-malware software is not installed. - Implement a network access control (NAC) solution. A device containing sensitive data may be lost. - Enroll devices in a mobile device management system.

Your organization's security policy specifies that, regardless of ownership, any mobile device that connects to your internal network must have remote wipe enabled. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it. Which of the following should you implement to ensure organizational data can be remote wiped while preserving personal data? - Storage segmentation - Lockout or screen Lock - Reporting system - Asset tracking and inventory control

Storage segmentation

The owner of a hotel has contracted you to implement a wireless network to provide internet access for patrons. The owner has asked that you implement security controls so that only paying patrons are allowed to use the wireless network. She wants them to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, they should then be allowed full access to the internet. If a patron does not provide the correct code, they should not be allowed to access the internet. Under no circumstances should patrons be able to access the internal hotel network where sensitive data is stored. What should you do? - Implement pre-shared key authentication. - Implement MAC address filtering. - Implement 802.1x authentication using a RADIUS server. - Implement a guest server.

Implement a guest server.

Most mobile device management (MDM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate Drag - Wi-Fi triangulation - Cell phone tower triangulation - IP address resolution - GPS Drop - Most accurate - More accurate - Less accurate - Least accurate

Most accurate - GPS More accurate - Wi-Fi triangulation Less accurate - Cell phone tower triangulation Least accurate - IP address resolution

A smart phone was lost at the airport. There is no way to recover the device. Which of the following will ensure data confidentiality on the device? - Screen lock - Remote wipe - TPM - GPS

Remote wipe

You organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is a part of a complete solution.) - Configure and apply security policy settings in a mobile device management system. - Configure security settings in a Group Policy object. - Configure and distribute security settings in a configuration profile. - Join the tablets to a Windows domain. - Enroll the devices in a mobile device management system. - Require uses to install the configuration profile.

- Configure and apply security policy settings in a mobile device management system. - Enroll the devices in a mobile device management system.

Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the best approach to take to accomplish this? (Select two. Each option is part of a complete solution.) - Link the Group Policy object to the container where the tablets' computer objects reside. - Join the tablets to your domain. - Manually configure security settings using the Local Group Policy Editor program. - Enroll the devices in a mobile device management system. - Configure security settings in a Group Policy object. - Configure and apply security policy settings in a mobile device management system.

- Enroll the devices in a mobile device management system. - Configure and apply security policy settings in a mobile device management system.

Many of the end users in your organization are bringing their own personal mobile devices to work and are storing sensitive data on them. To prevent the data from being compromised, you create a cloud-based Microsoft Intune account and configure mobile device security policies. You now need to apply those security policies to the end users' mobile devices. What should you do? (Select two. Each response is a part of the complete solution.) - Join each device to your organization's domain. - Configure mobile device security policies using gpedit.msc. - Enroll the devices with the Intune service. - Download and install the Intune client software on the mobile device. - Perform a clean install of the mobile operating system on each user's device.

- Enroll the devices with the Intune service. - Download and install the Intune client software on the mobile device.

Your organization have recently purchased 20 tablet devices for the Human Resource department to use for training sessions. You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible. Which actions should you take? (Select two. Each response is a separate solution.) - Configure a Group Policy object (GPO) containing mobile device-specific security settings. - Implement storage segmentation. - Join the devices to your organization's domain. - Enable device encryption. - Install the devices in your organization's directory services tree.

- Implement storage segmentation. - Enable device encryption.

Which of the following are not reasons to remote wipe a mobile device? - The device is locked, and someone has entered multiple incorrect entries of the password or PIN. - The device is inactive for a period of time. - The device is being assigned to another user. - The device is stolen or lost.

- The device is inactive for a period of time.