Security 3200 Chapters 9-11

What is the minimum number of users needed in a Windows Enterprise agreement for Intune to be included?

500

Which of the following cloud storage access services acts as a gatekeeper, extending an organization's security policies into the cloud storage infrastructure?

A cloud-access security broker

Which of the following are disadvantages of server virtualization?

A compromised host system might affect multiple servers.

Which of the following accurately describes what a protocol analyzer is used for? (Select two.)

A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack). A passive device that is used to copy frames and allow you to view frame contents.

Which of the following describes a man-in-the-middle attack?

A false server intercepts communications from a client by impersonating the intended server.

Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on their personal tablets. The chief information officer worries that one of these users might also use their tablet to steal sensitive information from the organization's network. Your job is to implement a solution that prevents insiders from accessing sensitive information stored on the organization's network from their personal devices while still giving them access to the internet. Which of the following should you implement?

A guest wireless network that is isolated from your organization's production network

Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands. The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen. Which of the following should you implement?

A mobile device management (MDM) infrastructure

In a variation of the brute force attack, an attacker may use a predefined list of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?

A strong password policy

Which of the following could be an example of a malicious insider attack?

A user uses the built-in microphone to record conversations.

IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)

AH ESP

Which of the following attacks tries to associate an incorrect MAC address with a known IP address?

ARP poisoning

Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network?

ARP poisoning

Which of the following is a policy that defines appropriate and inappropriate usage of company resources, assets, and communications?

Acceptable use policy (AUP)

Which of the following is the first phase of the Microsoft Intune application life cycle?

Add

Which of the following strategies can protect against a rainbow table password attack?

Add random bits to the password before hashing takes place

Which application development model approaches software development as a continuous, changing process with never-ending versions, bug fixes, and enhancements?

Agile

Which of the following BEST describes the Physical SDN layer?

Also known as the Infrastructure layer.

Which of the following defines an acceptable use agreement?

An agreement that identifies employees' rights to use company property, such as internet access and computer equipment, for personal use.

You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?

Anomaly-based IDS

What is the most common form of host-based IDS that employs signature or pattern-matching detection methods?

Antivirus software

Which of the following app deployment and update methods can be configured to make available to specific users and groups only the apps that they have rights to access?

App catalog

Your organization recently purchased 20 Android tablets for use by the organization's management team. To increase the security of these devices, you want to ensure that only specific apps can be installed. Which of the following would you implement?

App whitelisting

Which SDN layer would a load balancer that stops and starts VMs as resource use increases reside on?

Application

Which type of firewall operates at Layer 7 of the OSI model?

Application layer

Which of the following is an open-source hardware and software company that designs and manufactures single-board microcontrollers as well as kits to build digital devices?

Arduino

Which of the following activities are typically associated with a penetration test?

Attempt social engineering.

You have been hired as part of the team that manages an organization's network defense. Which security team are you working on?

Blue

You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?

Brute force attack

Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?

Buffer overflow attack

Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?

Buffer overflow attack

Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?

Buffer overflow attack

As part of a special program, you have discovered a vulnerability in an organization's website and reported it to the organization. Because of the severity, you are paid a good amount of money. Which type of penetration test are you performing?

Bug bounty

Which device deployment model gives businesses significant control over device security while allowing employees to use their devices to access both corporate and personal data?

COPE

Which of the following are network-sniffing tools?

Cain and Abel, Ettercap, and TCPDump

You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Which of the following can you use to simplify this process?

Capture filters

Which of the following are advantages of virtualization? (Select two.)

Centralized administration Easy migration of systems to different hardware

Which of the following provides the network virtualization solution called XenServer?

Citrix

What is the on-premises, cloud-based software tool that sits between an organization and a cloud service provider called?

Cloud-access security broker

Which of the following can provide the most specific protection and monitoring capabilities?

Cloud-access security broker

Which of the following is a network device that is deployed in the cloud to protect against unwanted access to a private network?

Cloud-based firewall

You have just finished developing a new application. Before putting it on the website for users to download, you want to provide a checksum to verify that the object has not been modified. Which of the following would you implement?

Code signing

Which of the following are the two main causes of software vulnerabilities? (Select two.)

Coding errors Design flaws

Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?

Collectors

Which of the following BEST describes the Application SDN layer?

Communicates with the Control layer through the northbound interface.

A group of small local businesses have joined together to share access to a cloud-based payment system. Which type of cloud is MOST likely being implemented?

Community

Which of the following Intune portals is used by end users to manage their own account and enroll devices?

Company portal

What does an IDS that uses signature recognition use to identify attacks?

Comparisons to known attack patterns

Your organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them. To increase the security of these devices, you want to apply a default set of security-related configuration settings. What is the BEST approach to take to accomplish this? (Select two. Each option is part of a complete solution.)

Configure and apply security policy settings in a mobile device management (MDM) system. Enroll the devices in a mobile device management (MDM) system.

You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic?

Configure the network interface to use promiscuous mode.

You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems' versions and editions. Currently, all of your virtual machines used for testing are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent issues, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do? (Select two. Both responses are part of the complete solution.)

Create a new virtual switch configured for host-only (internal) networking. Connect the virtual network interfaces in the virtual machines to the virtual switch.

What is the primary function of the IKE Protocol used with IPsec?

Create a security association between communicating partners.

A security administrator logs onto a Windows server on her organization's network. Then she runs a vulnerability scan on that server. Which type of scan was conducted in this scenario?

Credentialed scan

An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. Which kind of exploit has been used in this scenario?

DNS poisoning

Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?

DNS poisoning

While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. Which type of attack has likely occurred?

DNS poisoning

Which rights management category is applied to music, videos, and software that is sold to consumers?

DRM

Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?

Data loss prevention

In which phase of the Microsoft Intune application life cycle would you assign an app to users and/or devices you manage and monitor them on the Azure portal?

Deploy

Why do attackers prefer to conduct distributed network attacks in static environments? (Select two.)

Devices are typically more difficult to monitor than traditional network devices. Devices tend to employ much weaker security than traditional network devices.

Which of the following protocols can TLS use for key exchange? (Select two.)

Diffie-Hellman RSA

Cloud storage is a virtual service, so the infrastructure is the responsibility of the storage provider. Access control should be set as a local file system would be, with no need for the provider to have access to the stored data. You are implementing the following measures to secure your cloud storage: Verify that security controls are the same as in a physical data center. Use data classification policies. Assign information into categories that determine storage, handling, and access requirements. Assign information classification based on information sensitivity and criticality. Which of the following is another security measure you can implement?

Dispose of data when it is no longer needed by using specialized tools.

You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?

Dumpster diving

You are performing a security test from the outside on a new application that has been deployed. Which secure testing method are you MOST likely using?

Dynamic

Your organization is having a third party come in and perform an audit on the financial records. You want to ensure that the auditor has access to the data they need while keeping the customers' data secure. To accomplish this goal, you plan to implement a mask that replaces the client names and account numbers with fictional data. Which masking method are you implementing?

Dynamic

Which of the following mobile device management (MDM) solutions is hardware-agnostic and supports many different brands of mobile devices?

EMM

Which Amazon device can be used to control smart devices (such as lights) throughout a home using voice commands?

Echo

Which of the following DLP implementations can be used to monitor and control access to physical devices on workstations or servers?

Endpoint DLP

Which of the following is an exploit in which malware allows the virtual OS to interact directly with the hypervisor?

Escape

In your role as a security analyst, you ran a vulnerability scan, and several vulnerabilities were reported. Upon further inspection, none of the vulnerabilities actually existed. Which type of result is this?

False positive

DLP can be used to identify sensitive files in a file system and then embed the organization's security policy within the file. Which of the following DLP implementations travels with sensitive data files when they are moved or copied?

File-level DLP

Which of the following processes identifies an operating system based on its response to different types of network traffic?

Fingerprinting

Which of the following enters random data to the inputs of an application?

Fuzzing

Which fuzz testing program type defines new test data based on models of the input?

Generation-based

Recently, a serious security breach occurred in your organization. An attacker was able to log in to the internal network and steal data through a VPN connection using the credentials assigned to a vice president in your organization. For security reasons, all individuals in upper management in your organization have unlisted home phone numbers and addresses. However, security camera footage from the vice president's home recorded someone rummaging through her garbage cans prior to the attack. The vice president admitted to writing her VPN login credentials on a sticky note that she subsequently threw away in her household trash. You suspect the attacker found the sticky note in the trash and used the credentials to log in to the network. You've reviewed the vice president's social media pages. You found pictures of her home posted, but you didn't notice anything in the photos that would give away her home address. She assured you that her smartphone was never misplaced prior to the attack. Which security weakness is the MOST likely cause of the security breach?

Geotagging was enabled on her smartphone.

Google Cloud, Amazon Web Services (AWS), and Microsoft Azure are some of the most widely used cloud storage solutions for enterprises. Which of the following factors prompt companies to take advantage of cloud storage? (Select two.)

Growing demand for storage Need to bring costs down

Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sub-layer for security?

HTTPS

Which of the following protocols uses port 443?

HTTPS

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?

Host-based IDS

Which of the following is a network virtualization solution provided by Microsoft?

Hyper-V

Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?

Hypervisor

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?

IPS

You have been offered a position as a security analyst for Acme, Inc. The position will be remote. Acme Inc. has sent you your employment contract using a system that only allows you to open and digitally sign the contract. Which rights management method is being used?

IRM

Your organization allows employees to bring their own devices into work, but management is concerned that a malicious internal user could use a mobile device to conduct an insider attack. Which of the following should be implemented to help mitigate this threat?

Implement an AUP that specifies where and when mobile devices can be possessed within the organization.

Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?

Implement an application-aware IPS in front of the web server

An attacker inserts SQL database commands into a data input field of an order form used by a web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's web browser. Which practice would have prevented this exploit?

Implementing client-side validation

While using a web-based order form, an attacker enters an unusually large value in the Quantity field. The value he or she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practices would have prevented this exploit? (Select two.)

Implementing client-side validation Implementing server-side validation

The IT manager has tasked you with configuring Intune. You have enrolled the devices and now need to set up the Intune policies. Where would you go to set up the Intune policies?

In the Admin portal, select Policy > Add Policy.

Which of the following are true concerning virtual desktop infrastructure (VDI)? (Select two.)

In the event of a widespread malware infection, the administrator can quickly reimage all user desktops on a few central servers. User desktop environments are centrally hosted on servers instead of on individual desktop systems.

Which of the following functions does a single quote (') perform in an SQL injection?

Indicates that data has ended and a command is beginning

Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?

Input validation

You manage information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over an internet connection using a mobile device app. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)

Install the latest firmware updates from the device manufacturer. Verify that your network's existing security infrastructure is working properly.

Which of the following tools allows the user to set security rules for an instance of an application that interacts with one organization and different security rules for an instance of the application when interacting with another organization?

Instance awareness

What is the system that connects application repositories, systems, and IT environments in a way that allows access and exchange of data over a network by multiple devices and locations called?

Integration

You notice that a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections. Which of the following labels applies to this growing ecosystem of smart devices?

Internet of Things (IoT)

Your organization recently purchased 20 Android tablets for use by the organization's management team. You are using a Windows domain. Which of the following should you use to push security settings to the devices?

Intune

Which of the following is the recommend Intune configuration?

Intune Standalone

Which of the following BEST describes dynamic data masking? (Select two.)

It replaces original information with a mask that mimics the original in form and function. It can be used to control which users can see the actual data.

You want to check a server for user accounts that have weak passwords. Which tool should you use?

John the Ripper

Which of the following describes a false positive when using an IPS device?

Legitimate traffic being flagged as malicious

Which of the following is a technique that disperses a workload between two or more computers or resources to achieve optimal resource utilization, throughput, or response time?

Load balancing

Which step in the penetration testing life cycle is accomplished using rootkits or Trojan horse programs?

Maintain access

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which type of attack?

Man-in-the-middle attack

Which DLP method works by replacing sensitive data with realistic fictional data?

Masking

Which of the following is a solution that pushes security policies directly to mobile devices over a network connection?

Mobile device management (MDM)

Which of the following is an advantage of software-defined networking (SDN)?

More granular control

Which of the following statements about virtual networks is true? (Select two.)

Multiple virtual networks can be associated with a single physical network adapter. A virtual network is dependent on the configuration and physical hardware of the host operating system.

The IT manager has tasked you with implementing a solution that ensures that mobile devices are up to date, have anti-malware installed, and have the latest definition updates before being allowed to connect to the network. Which of the following should you implement?

NAC

You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use?

Nessus

DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property?

Network DLP

You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?

Network mapper

A security administrator needs to run a vulnerability scan that analyzes a system from the perspective of a hacker attacking the organization from the outside. Which type of scan should he or she use?

Non-credentialed scan

Which of the following does the Application layer use to communicate with the Control layer?

Northbound APIs

Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?

OSINT

Which of the following BEST describes the Platform as a Service (PaaS) cloud computing service model?

PaaS delivers everything a developer needs to build an application on the cloud infrastructure.

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?

Packet sniffer

You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?

Packet sniffer

Which type of firewall protects against packets coming from certain IP addresses?

Packet-filtering

Which type of reconnaissance is dumpster diving?

Passive

Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?

Password salting

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Penetration testing

Which of the following Security Orchestration, Automation, and Response (SOAR) system automation components is often used to document the processes and procedures that are to be used by a human during a manual intervention?

Playbook

As you browse the internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?

Pop-up blocker

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure on the switch?

Port mirroring

You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services. Which tool should you use?

Port scanner

Tokenization is another effective tool in data loss prevention. Tokenization does which of the following? (Select two.)

Protects data on its server with authentication and authorization protocols Replaces actual data with a randomly generated alphanumeric character set

Which of the following is an advantage of a virtual browser?

Protects the host operating system from malicious downloads

You want to identify traffic that is generated and sent through a network by a specific application running on a device. Which tool should you use?

Protocol analyzer

Match each description on the left with the appropriate cloud technology on the right.

Provides cloud services to just about anyone. Provides cloud services to a single organization. Allows cloud services to be shared by several organizations. Integrates one cloud service with other cloud services.

Which of the following BEST describes a virtual desktop infrastructure (VDI)?

Provides enhanced security and better data protection because most of the data processing is provided by servers in the data center rather than on the local device.

Which of the following serves real-time applications without buffer delays?

RTOS

Which of the following password attacks uses preconfigured matrices of hashed dictionary words?

Rainbow table attack

Which phase or step of a security assessment is a passive activity?

Reconnaissance

Which of the following app deployment and update methods allows an administrator to remove apps and clear all data from a device without affecting the device itself?

Remote management

Which of the following app deployment and update methods allows updates to be uploaded onto Intune where they can be pushed out to users within 24 hours?

Remote management

A smartphone was lost at the airport. There is no way to recover the device. Which of the following ensures data confidentiality on the device?

Remote wipe

Mobile application management (MAM) provides the ability to do which of the following?

Remotely install and uninstall apps.

Which of the following methods can cloud providers implement to provide high availability?

Replication

What is the storage location called that holds all the development source files that version control systems use?

Repository

Which of the following is the first step in the Waterfall application development model?

Requirements

Which of the following is considered a drawback of the Waterfall application development life cycle?

Requirements are determined at the beginning and are carried through to the end product.

You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk. Which of the following actions would BEST protect your system?

Run the browser within a virtual environment.

You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?

Run the vulnerability assessment again.

Which of the following devices are special computer systems that gather, analyze, and manage automated factory equipment?

SCADA

What is a set of software development tools called that can be installed as one unit and provides code frameworks or code snippets to help development go faster?

SDK

Which of the following is a disadvantage of software defined networking (SDN)?

SDN standards are still being developed.

You are the security administrator for your organization. You have implemented a cloud service to provide features such as authentication, anti-malware, intrusion detection, and penetration testing. Which cloud service have you most likely implemented?

SECaaS

As a network administrator, you are asked to recommend a secure method for transferring data between hosts on a network. Which of the following protocols would you recommend? (Select two.)

SFTP SCP

Which of the following systems is able to respond to low-level security events without human assistance?

SOAR

You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?

SQL injection

SFTP uses which mechanism to provide security for authentication and data transfer?

SSH

Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network?

SaaS

What is isolating a virtual machine from the physical network to allow testing to be performed without impacting the production environment called?

Sandboxing

Which of the following is a very detailed document that defines exactly what is going to be included in the penetration test?

Scope of work

Which of the following mobile device security considerations disables the ability to use the device after a short period of inactivity?

Screen lock

Which of the following is a network security service that filters malware from user-side internet connections using different techniques?

Secure web gateway

Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors?

Security operations team

Which of the following tools can be used to see if a target has any online IoT devices without proper security?

Shodan

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?

Signature-based IDS

Which of the following do Raspberry Pi systems make use of?

SoC

Carl received a phone call from a woman who states that she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password. Which of the following types of non-technical password attack has occurred?

Social engineering

Network engineers have the option of using software to configure and control the network rather than relying on individual static configuration files that are located on each network device. Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network?

Software-defined networking (SDN)

Which of the following best describes shoulder surfing?

Someone nearby watching you enter your password on your computer and recording it.

Which APIs do individual networking devices use to communicate with the control plane from the Physical layer?

Southbound

A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of which form of attack?

Spoofing

Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Spoofing

Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)

TLS SSL

Which of the following tools allow remote management of servers? (Select two.)

Telnet SSH

What is the primary purpose of penetration testing?

Test the effectiveness of your security perimeter.

If a user's BYOD device (such as a tablet or phone) is infected with malware, that malware can be spread if that user connects to your organization's network. One way to prevent this event is to use a Network Access Control (NAC) system. How does an NAC protect your network from being infected by a BYOD device?

The NAC remediates devices before allowing them to connect to your network.

Software defined networking (SDN) uses a controller to manage devices. The controller is able to inventory hardware components on the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make widespread configuration changes on just one device. Which of the following best describes an SDN controller?

The SDN controller is software.

When using SSL authentication, what does the client verify first when checking a server's identity?

The current date and time must fall within the server's certificate-validity period.

Which of the following describes the worst possible action by an IDS?

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

The IT manager has tasked you with installing new physical machines. These computer systems are barebone systems that simply establish a remote connection to the data center to run the user's virtualized desktop. Which type of deployment model is being used?

Thin client

Drag the software defined networking (SDN) layer on the left to the appropriate function on the right. (Each SDN layer may be used once, more than once, or not at all.)

This layer receives its requests from the Application layer: Control layer This layer is also known as the Infrastructure layer: Physical layer This layer communicates with the Control layer through what is called the northbound interface: Application layer This layer provides the Physical layer with configuration and instructions: Control layer On this layer, individual networking devices use southbound APIs to communicate with the control plane: Physical layer

In your role as a security analyst, you need to stay up to date on the latest threats. You are currently reviewing the latest real-time updates on cyberthreats from across the world. Which of the following resources are you MOST likely using?

Threat feeds

Mobile device management (MDM) provides the ability to do which of the following?

Track the device.

A user named Bob Smith has been assigned a new desktop workstation to complete his day-to-day work. When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d. On first login, Bob is prompted to change his password. He changes it to the name of his dog, Fido. What should you do to increase the security of Bob's account? (Select two.)

Train users not to use passwords that are easy to guess. Use Group Policy to require strong passwords on user accounts.

Which type of hypervisor runs as an application on the host machine?

Type 2

Which of the following mobile device management (MDM) solutions allows an organization to manage all devices, including printers, workstations, and even IoT devices?

UEM

What is the limit of virtual machines that can be connected to a virtual network?

Unlimited

An active IDS system often performs which of the following actions? (Select two.)

Updates filters to block suspect traffic. Performs reverse lookups to identify an intruder.

Which formula is used to determine a cloud provider's availability percentage?

Uptime/uptime + downtime

What is a virtual LAN that runs on top of a physical LAN called?

VAN

Which of the following virtual devices provides packet filtering and monitoring?

VFA

Which of the following is an example of protocol-based network virtualization?

VLAN

Which of the following is used as a secure tunnel to connect two networks?

VPN

You manage the information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an internet connection. You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)

Verify that your network's existing security infrastructure is working properly. Install the latest firmware updates from the device manufacturer.

Which of the following devices facilitates communication between different virtual machines by checking data packets before moving them to a destination?

Virtual switch

Which of the following lets you make phone calls over a packet-switched network?

VoIP

You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need?

Vulnerability scanner

The process of walking around an office building with an 802.11 signal detector is known as:

War driving

You have been promoted to team lead of one of the security operations teams. Which security team are you now a part of?

White

You have been hired to perform a penetration test for an organization. You are given full knowledge of the network before the test begins. Which type of penetration test are you performing?

White box

You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?

Wireshark

Which load balancing method distributes a workload across multiple computers?

Workload balancing

Which of the following is an attack that injects malicious scripts into web pages to redirect users to fake websites to gather personal information?

XSS

Which of the following tools can be used to view and modify DNS server information in Linux?

dig

You need to enumerate the devices on your network and display the network's configuration details. Which of the following utilities should you use?

nmap

You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use?

ping

Which passive reconnaissance tool is used to gather information from a variety of public sources?

theHarvester