security + 9
In an interview, you were asked to analyze the following statements regarding secure network designs and choose the correct one. Which of the following should you choose? A NAC examines an endpoint before it can connect to the network, denying access to any device that does not meet specific criteria. A VPN contains rules that administer the availability of digital assets by granting or denying access to them. An ACL is a security technology that enables authorized users to use an unsecured public network. A SMTP is a VPN protocol that does not offer any encryption or protection, so it is usually paired with IPsec.
A NAC examines an endpoint before it can connect to the network, denying access to any device that does not meet specific criteria.
What is a firewall? A firewall is an ultimate security device that blocks everything malicious from entering a network. A firewall is a network security system that monitors and controls all incoming and outgoing traffic. A firewall is a network security system that monitors only incoming network traffic. A firewall provides physical security for all enterprise devices connected to a network.
A firewall is a network security system that monitors and controls all incoming and outgoing traffic.
Which of the following tasks can be performed using the out-of-band management feature in network devices? [Choose all that apply] Perform maintenance Upgrade the firmware Reinstall the operating system Power-on the network device Reboot the network device
ALL
Which feature of Windows 10 establishes a persistent virtual private network (VPN) connection when there is Internet connectivity? Active VPN Always On VPN Persistent VPN Full VPN
Always On VPN
Which of the following correctly describes the related monitoring methodology? Anomaly monitoring is susceptible to false positives by relying on normal behaviors. Signature-based monitoring requires access to a static database of signatures. Heuristic monitoring compares actions against previously determined standards or behavior. Behavior monitoring uses an algorithm to determine the existence of a threat exists.
Anomaly monitoring is susceptible to false positives by relying on normal behaviors.
What does the spanning-tree protocol use to recognize the best path? Internet protocol TCP BPDU UDP
BPDU (bridge protocol data units) communicates with devices on the network to calculate the best path to its destination.
You want to configure your firewall in a way that incoming traffic from a trusted source address gets through at the fastest possible rate. Which rule action should you choose? Bypass Force allow Allow Log-only
Bypass
Which of the following relates to the term Data Sovereignty? The type of storage used for data The usage of the data by the organization's users An organization's internal security policy Country specific laws and regulations
Country specific laws and regulations
Which of the following should be mentioned by a network diagram? [Choose all that apply.] Configuration of the devices Devices present on the network IP addresses and names of the devices Connectivity between the devices Names of users using the devices
Devices present on the network connectivity between these devices IP addresses and names of these devices
Which of the following ensures alerts are generated when existing log data is changed? Masking File integrity monitor BPDU guard Tokenization
File integrity monitor (BPDU guard - is a feature on the switch that creates an alert when a BPDU is received from an endpoint) (Tokenization - like Masking, obfuscates sensitive data elements, such as an account number, into a random string of characters (token).)
As a cybersecurity expert, you were assigned to interview prospective employees. The following statements are made by an interviewee on various network security technologies. Which of the following should you accept as a correct statement? Port-mirroring transmits the send and receive data streams simultaneously on separate dedicated channels. File integrity monitors are also used for detecting malware. Whenever a TAP device is connected to a network, an IP address is assigned, and the traffic is passed on to that IP. After establishing a baseline for clean files, quality of service examines files to see if they have changed.
File integrity monitors are also used for detecting malware..
Which of the following is a network security appliance? Hub Honeypot Router Switch
Honeypot
Which of the following term relates to the accuracy and consistency of data? Availability Discretion Confidentiality Integrity
Integrity
When setting up a data center in a particular geography, which of the following points must be considered? [Choose all that apply] Locations of the customers Type of connectivity available Internet service provider's presence Power availability Fiber backbone availability
Locations of the customers Type of connectivity available Internet service provider's presence Power availability Fiber backbone availability
You are asked to install an enterprise network firewall that does not allow packets to get through unless the internal endpoint made the initial request for the information. Which firewall should you choose? Policy-based firewall Stateless packet filtering firewall Stateful packet filtering firewall Rule-based firewall
Stateful packet filtering firewall
Which of the following offerings can be provided by a Cloud Access Service Broker (CASB)? [Choose all that apply] Threat prevention Malware prevention Identity and Access Management (IAM) Endpoint protection Cloud governance Data Loss Prevention (DLP)
Threat prevention Malware prevention Identity and Access Management (IAM) Cloud governance Data Loss Prevention (DLP)
You are a cybersecurity trainer tutoring students who will be taking a cybersecurity exam. A student has listed the following features of a honeypot on a practice test. Which of the following will you consider as a correct statement? Using a honeypot allows one to identify threat actor techniques and divert them from legitimate servers. Using a honeypot allows one to monitor the incoming and outgoing network traffic for signs of threat actors. Using a honeypot allows one to mask the IP addresses of internal endpoints from threat actors. Using a honeypot allows one to detect any intrusion to the enterprise network by threat actors and divert them from sensitive servers.
Using a honeypot allows one to identify threat actor techniques and divert them from legitimate servers.
Which of the following are ways of configuring access control lists (ACL)? [Choose all that apply] Using an effective right mask Making the file read-only Per-user basis Per-group basis
Using an effective right mask Per-user basis Per-group basis
Which firewall rule action implicitly denies all other traffic unless explicitly allowed? a. Allow b. Force Allow c. Bypass d. Force Deny
a. Allow
How does BPDU guard provide protection? a. It detects when a BPDU is received from an endpoint. b. BPDUs are encrypted so that attackers cannot see their contents. c. All firewalls are configured to let BPDUs pass to the external network. d. It sends BPDU updates to all routers.
a. It detects when a BPDU is received from an endpoint.
Which of the following is NOT correct about L2TP? a. It must be used on HTML5 compliant devices. b. It is paired with IPSec. c. It is used as a VPN protocol. d. It does not offer encryption.
a. It must be used on HTML5 compliant devices.
Which of the following statements describe the implications of IPv6? [Choose all that apply] The adoption of IPv6 is still missing with many organizations IPv6 addresses are long and difficult to remember Networks need to be upgraded or redesigned Devices and operating systems need to be upgraded
all
Which type of monitoring methodology looks for statistical deviations from a baseline? a. Signature-based monitoring b. Anomaly monitoring c. Heuristic monitoring d. Behavioral monitoring
b. Anomaly monitoring Heuristic monitoring - experience-based techniques Behavioral monitoring - overcome the limitations of both anomaly-based monitoring and signature-based monitoring Signature-based monitoring - examine network traffic for well known patterns
Maja has been asked to investigate DDoS mitigations. Which of the following should Maja consider? a. MAC pit b. DNS sinkhole c. DDoS Prevention System (DPS) d. IP denier
b. DNS sinkhole
Which device intercepts internal user requests and then processes those requests on behalf of the users? a. Host detection server b. Forward proxy server c. Reverse proxy server d. Intrusion prevention device
b. Forward proxy server
Emilie is reviewing a log file of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this? a. Connection-aware firewall b. Stateful packet filtering c. Proxy firewall d. Packet filtering firewall
b. Stateful packet filtering
Which of these appliances provides the broadest protection by combining several security functions? a. WAF b. UTM c. NAT d. NGFW
b. UTM Unified threat management (UTM) is a device that combines several security functions. These include: packet filtering antispam antiphishing antispyware encryption intrusion protection web filtering. ------------------------------------ WAF = web application firewall NAT = Network address translation (allows private IP addresses on Internet) NGFW = next generation firewall
Which of the following is NOT a NAC option when it detects a vulnerable endpoint? a. Connect to a quarantine network. b. Update Active Directory to indicate the device is vulnerable. c. Give restricted access to the network. d. Deny access to the network.
b. Update Active Directory to indicate the device is vulnerable. --- Network Access Control (NAC)
Which of the following is NOT a firewall rule parameter? a. Time b. Visibility c. Context d. Action
b. Visability (Rules) S address D address S port D port protocol direction priority time context action
In which of the following configurations are all the load balancers always active? a. Active-passive b. Active-load-passive-load c. Active-active d. Passive-active-passive
c. Active-active
Which of these is NOT used in scheduling a load balancer? a. The IP address of the destination packet b. Affinity c. Data within the application message itself d. Round-robin
c. Data within the application message itself --- A scheduling protocol that distributes the load based on which devices can handle the load more efficiently is known as affinity scheduling.
Which of the following is not a basic configuration management tool? a. Baseline configuration b. Standard naming convention c. MAC address schema d. Diagrams
c. MAC address schema
Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need? a. Content/URL filtering firewall b. Proprietary firewall c. Policy-based firewall d. Hardware firewall
c. Policy-based firewall
Sofie needs to configure the VPN to preserve bandwidth. Which configuration would she choose? a. Narrow tunnel b. Wide tunnel c. Split tunnel d. Full tunnel
c. Split tunnel
What is a virtual firewall? a. A firewall that blocks only incoming traffic b. A firewall appliance that runs on a LAN c. A firewall that runs in an endpoint virtual machine d. A firewall that runs in the cloud
d. A firewall that runs in the cloud
Which of the following functions does a network hardware security module NOT perform? a. Key management b. Random number generator c. Key exchange d. Fingerprint authentication
d. Fingerprint authentication
Which of the following contains honeyfiles and fake telemetry? a. Honeyserver b. Attacker-interaction honeypot c. Honeypotnet d. High-interaction honeypot
d. High-interaction honeypot
Which statement regarding a demilitarized zone (DMZ) is NOT true? a. It provides an extra degree of security. b. It typically includes an email or web server. c. It can be configured to have one or two firewalls. d. It contains servers that are used only by internal network users.
d. It contains servers that are used only by internal network users.
Hanna has received a request for a data set of actual data for testing a new app that is being developed. She does not want the sensitive elements of the data to be exposed. What technology should she use? a. Tokenization b. Data Object Obfuscation (DOO) c. PII Hiding d. Masking
d. Masking
What is the minimum number of load balancers needed to configure active/active load balancing? 3 4 2 1
2