SYS401
Which of the following is a directional antenna that can be used in point-to-point or point-to-multi-point WiFi communication systems? (Select TWO).
Backfire & Dish Both the Backfire and the Dish antennae are high gain antenna types that transmit a narrow beam of signal. It can therefore be used as a point-to-point antenna over short distances, but as point-to-multi-point antenna over longer distances.
A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services?
Bind server BIND (Berkeley Internet Name Domain) is the most widely used Domain Name System (DNS) software on the Internet. It includes the DNS server component contracted for name daemon. This is the only option that directly involves DNS.
A network consists of various remote sites that connect back to two main locations. Pete, the security administrator, needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?
Block port 23 on the network firewall
A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed?
Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS
A Windows-based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner?
Boot from CD/USB
An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue?
CCMP
A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?
Change the encryption from TKIP-based to CCMP-based.
A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend?
Change the encryption used so that the encryption protocol is CCMP-based.
A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface. PERMIT TCP ANY ANY 80 PERMIT TCP ANY ANY 443 Which of the following rules would accomplish this task? (Select TWO).
Change the firewall default settings so that it implements an implicit deny & Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53
Separation of duties is often implemented between developers and administrators in order to separate which of the following?
Changes to program code and the ability to deploy to production
Multi-tenancy is a concept found in which of the following?
Cloud computing
The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available?
Cloud computing
Which of the following technologies can store multi-tenant data with different security requirements?
Cloud computing
Which of the following offers the LEAST amount of protection against data theft by USB drives?
Cloud computing Cloud computing refers to performing data processing and storage elsewhere, over a network connection, rather than locally. Because users have access to the data, it can easily be copied to a USB device.
At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?
Configure port security.
Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router's logs, she sees that devices not belonging to the developers are connecting to the access point. Which of the following would BEST alleviate the developer's reports?
Configure the router so that wireless access is based upon the connecting device's hardware address.
Joe, a security administrator, believes that a network breach has occurred in the data center as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe search for in the log files?
Connections to port 22
Which of the following would Pete, a security administrator, do to limit a wireless signal from penetrating the exterior walls?
Consider antenna placement
Layer 7 devices used to prevent specific types of html tags are called:
Content filters
An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?
Continuous security monitoring processes
Joe, a technician at the local power plant, notices that several turbines had ramp up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Joe recommend?
Create a VLAN for the SCADA
A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO).
Create a server VLAN & Create an ACL to access the server
A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?
Create a static PAT from port 80 on the outside interface to the internal interface on port 8080
Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?
Create a virtual switch.
Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols (VoIP). Which of the following should he do to segment that traffic from the other traffic?
Create a voice VLAN.
An administrator connects VoIP phones to the same switch as the network PCs and printers. Which of the following would provide the BEST logical separation of these three device types while still allowing traffic between them via ACL?
Create three VLANs on the switch connected to a router
An organization has three divisions: Accounting, Sales, and Human Resources. Users in the Accounting division require access to a server in the Sales division, but no users in the Human Resources division should have access to resources in any other division, nor should any users in the Sales division have access to resources in the Accounting division.Which of the following network segmentation schemas would BEST meet this objective?
Create three separate VLANS, one for each division.
You are tasked with reducing risk associated with sharing data with unauthorized entities from computers without preventing employees access to the internet. What would best accomplish this task?
DLP
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?
DMZ
A security analyst needs to ensure all external traffic is able to access the company's front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?
DMZ
When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator's request?
DMZ
Which of the following network architecture concepts is used to securely isolate at the boundary between networks?
DMZ
During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53. Which of the following protocol types is observed in this traffic?
DNS
A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses. Which of the following ports may have been closed to cause this issue?
DNS DNS links IP addresses and human-friendly fully qualified domain names (FQDNs) if the DNS ports are blocked websites will not be reachable.
Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns?
Data confidentiality
Which of the following describes the purpose of an MOU?
Define responsibilities of each party
A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic. Which of the following would accomplish this task?
Deny UDP port 69 Trivial File Transfer Protocol (TFTP) is a simple file-exchange protocol that doesn't require authentication. It operates on UDP port 69.
It is MOST important to make sure that the firewall is configured to do which of the following?
Deny all traffic and only permit by exception.
Which of the following best practices makes a wireless network more difficult to find?
Disable SSID broadcast
You discover your router has been victim of a DoS attack. You also discover unauthorized access via the console cable. How can you prevent future occurences? 2 things.
Disable console access to the router and restrict physical access to the router
Which of the following is a best practice when securing a switch from physical access?
Disable unused ports
A security architect wishes to implement a wireless network with connectivity to the company's internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?
Disabling SSID broadcasting
An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?
EAP-TLS
An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?
Enable MAC filtering
Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).
Enable MAC filtering & Disable SSID broadcast
How would you send sensitive data over a non-secure network via web services
Enable TLS
The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action?
Enact a policy that employees must use their vacation time in a staggered schedule.
Attacker mimics starbucks free access point. This is an example of
Evil twin
Which of the following is the MOST secure protocol to transfer files?
FTPS
FTP/S uses which of the following TCP ports by default?
FTPS uses ports 989 and 990.
A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. Which of the following describes this cause?
False positive
Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?
False positive
Which of the following can result in significant administrative overhead from incorrect reporting?
False positives
Which of the following devices would MOST likely have a DMZ interface?
Firewall
Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic?
Firewall. Ip tables are a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores.
The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO's requirements?
Firewalls
Mandatory vacations are a security control which can be used to uncover which of the following?
Fraud committed by a system administrator
A company is preparing to decommission an offline, non-networked root certificate server. Before sending the server's drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. Which of the following, if implemented, would BEST reassure the CSO? (Select TWO).
Full disk encryption, Disk wiping procedures
Which of the following tests would you perform on a system which you have no prior knowledge
Fuzzing and black box testing
Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?
HIPS on each virtual machine. HIPS is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.
After entering the following information into a SOHO wireless router, a mobile device's user reports being unable to connect to the network: PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB Which of the following is preventing the device from connecting?
Hardware address filtering is blocking the device.
Which of the following would enforce a policy requiring systems to prevent files and services from operating outside a strict rule set?
Host based firewall
After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely. Which of the following is the MOST likely reason the PC technician is unable to ping those devices?
ICMP is being blocked. ICMP is a protocol that is commonly used by tools such as ping, traceroute, and pathping. ICMP offers no information If ICMP request queries go unanswered, or ICMP replies are lost or blocked.
Configuring the mode, encryption methods, and security associations are part of which of the following?
IPSec IPSec can operate in tunnel mode or transport mode. It uses symmetric cryptography to provide encryption security. Furthermore, it makes use of Internet Security Association and Key Management Protocol (ISAKMP).
A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure?
IPsec
Which of the following protocols allows for the LARGEST address space?
IPv6
A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario?
IPv6 IPSec security is built into IPv6.
A company's legacy server requires administration using Telnet. Which of the following protocols could be used to secure communication by offering encryption at a lower OSI layer? (Select TWO).
IPv6 & IPSec
When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which of the following BEST describes this type of record?
IPv6 DNS record
A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68. Which of the following replies has the administrator received?
IPv6 address
Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation?
Implement WPA
Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks?
Implement a firewall to protect the SCADA system
An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?
Implement an intrusion prevention system
The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window?
Implement deduplication on the storage array to reduce the amount of drive space needed
An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network?
Implement port security on the switches
The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?
Implicit deny on the payroll folder for the staff group Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default.
What would you do to prevent passwords from being compromised? Two things
Increase password complexity and increase password length
An IT director is looking to reduce the footprint of their company's server environment. They have decided to move several internally developed software applications to an alternate environment, supported by an external company. Which of the following BEST describes this arrangement?
Infrastructure as a Service
Which of the following offerings typically allows the customer to apply operating system patches?
Infrastructure as a service
Which of the following is a step in deploying a WPA2-Enterprise wireless network?
Install a digital certificate on the authentication server
Pete, the system administrator, wishes to monitor and limit users' access to external websites. Which of the following would BEST address this?
Install a proxy server.
Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete's access to this site?
Internet content filter
Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL? PERMIT TCP ANY HOST 192.168.0.10 EQ 80 PERMIT TCP ANY HOST 192.168.0.10 EQ 443
It implements an implicit deny. Implicit deny is the default response when an explicit allow or deny isn't present.
A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented?
Job rotation
In order to prevent and detect fraud, which of the following should be implemented?
Job rotation
An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?
LDAP LDAP makes use of port 389.
Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks?
Layer 7 firewall
Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be considered components of:
Layered security.
A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall?
Least privilege
One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following?
Least privilege
Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website?
Load balancer
Ann, a security administrator, has concerns regarding her company's wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be. Which of the following would BEST alleviate Ann's concerns with minimum disturbance of current functionality for clients?
Lower the antenna's broadcasting power.
Which of the following means of wireless authentication is easily vulnerable to spoofing?
MAC Filtering
A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up. Which of the following BEST allows the analyst to restrict user access to approved devices?
MAC filtering
Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding?
MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.
Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save money while providing valuable services. She is looking for a cost-effective solution to assist in capacity planning as well as visibility into the performance of the network. Which of the following cloud technologies should she look into?
MaaS
A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?
MaaS. Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service (XaaS). MaaS allows for the deployment of monitoring functionalities for several other services and applications within the cloud.
Which attacks depends on interception of data packets
Man in the middle
A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?
Mandatory Vacations
Which of the following should Pete, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?
Mandatory Vacations
Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?
Mandatory vacations
You maintain a virtual machine infrastructure. An audit indentfies that you have servers containing senseitive customer information residing on the same physical host as numerous less secire virtual machines. How can you resolve this issue without changing infrastructure?
Move the VM's that contain sensitive information to a separate host
A security administrator is tasked with ensuring that all devices have updated virus definition files before they are allowed to access network resources. Which of the following technologies would be used to accomplish this goal?
NAC
A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type?
NAC Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/ reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.
An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:
NAT
Which of the following protocols is used by IPv6 for MAC address resolution?
NDP
An administrator is looking to implement a security device which will be able to not only detect network intrusions at the organization level, but help defend against them as well. Which of the following is being described here?
NIPS
Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?
NIPS
Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task?
NIPS monitors the entire network for suspicious traffic by analyzing protocol activity.
A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?
NetBIOS The LMHOSTS file provides a NetBIOS name resolution method that can be used for small networks that do not use a WINS server. NetBIOS has been adapted to run on top of TCP/ IP, and is still extensively used for name resolution and registration in Windows-based environments.
An auditor is given access to a conference room to conduct an analysis. When they connect their laptop's Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue?
Network Access Control
Three of the primary security control types that can be implemented are.
Operational, technical, and management.
Sara, the security administrator, must configure the firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure?
PAT (Port Address Translation)
Which of the following network design elements allows for many internal devices to share one public IP address?
PAT Port Address Translation. It permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements?
PEAP-MSCHAPv2
Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?
PEAP-MSCHAPv2 PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards.
A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company's gateway firewall?
PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443
Which of the following would allosw for the most secure password recovery method?
PIN sent to phone via SMS
Users can authenticate to a company's web applications using their credentials from a popular social media site. Which of the following poses the greatest risk with this integration?
Password breaches to the social media site affect the company application as well
Which of the following describes the active assessment of the security posture of a system. The system has yet to be deployed onto the production network. Which of the following will produce a report identifying which vulnerabilities were actually exploited?
Penetration testing.
You would like to analyze the effect of deploying a system w/o patching it to discover potential vulnerabilities. which is the best option to use while keeping the network secure
Perform grey box testing to identify the vulnerabilities.
Somone is using your company's wireless network to compromise the HVAC controls. Which of the following would you do to prevent future occurrences?
Place the HVAC controls on a separate VLAN
Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office. Which of the following would BEST help Jane when deploying a new access point?
Placement of antenna
Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue?
Protocol analyzer. A protocol analyzer is first, a packet capturing tool that can collect network traffic and store it in memory or onto a storage device. Once a packet is captured, it can be analyzed either with complex automated tools and scripts or manually.
Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE).
Proxies, Firewall, URL filtering
Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic?
Quality of service Quality of Service (QoS) facilitates the deployment of media-rich applications, such as video conferencing and Internet Protocol (IP) telephony, without adversely affecting network throughput.
A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log: 22, 25, 445, 1433, 3128, 3389, 6667 Which of the following protocols was used to access the server remotely?
RDP RDP uses TCP port 3389.
Which of the following is a programming interface that allows a remote computer to run programs on a local machine?
RPC Remote Procedure Call (RPC) is a programming interface that allows a remote computer to run programs on a local machine.
Which of the following defines a business goal for system restoration and acceptable data loss?
RPO The recovery point objective (RPO) defines the point at which the system needs to be restored.
After reviewing the firewall logs of her organization's wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?
Reduce the power level of the AP on the network segment
An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST solution?
Require IPSec with AH between the servers
The CISO of a company implements key escrow and symmetric encryption. She needs to decrpt a users file. The user refuses to provide her with the decryption key. What can she do to decrypt the file?
Retrieve the encryption key
A company that has a mandatory vacation policy has implemented which of the following controls?
Risk control
A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which of the following protocols could be utilized? (Select TWO).
SCP & SSH SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP). SCP is commonly used on Linux and Unix platforms.
What protocols use SSH
SCP and SFTP
By default, which of the following uses TCP port 22? (Select THREE).
SCP, SSH, SFTP
A network administrator is asked to send a large file containing PII to a business associate. Which of the following protocols is the BEST choice to use?
SFTP
Which of the following secure file transfer methods uses port 22 by default?
SFTP
Which of the following protocols allows for secure transfer of files? (Select TWO).
SFTP & SCP Standard FTP is a protocol often used to move files between one system and another either over the Internet or within private networks. SFTP is a secured alternative to standard FTP. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP).
Which of the following would you use to monitor the performance of the enterprises resources?
SNMP
A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports?
SNMPv3
A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons?
SNMPv3
Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which of the following protocols would he need to configure on each device?
SNMPv3
A recent vulnerability scan found that Telnet is enabled on all network devices. Which of the following protocols should be used instead of Telnet?
SSH
A security analyst needs to logon to the console to perform maintenance on a remote server. Which of the following protocols would provide secure access?
SSH
Which of the following is BEST used as a secure replacement for TELNET?
SSH
Which of the following uses port 22 by default? (Select THREE).
SSH, SFTP, SCP SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.
An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?
SSID broadcast
An achievement in providing worldwide Internet security was the signing of certificates associated with which of the following protocols?
SSL SSL (Secure Sockets Layer) is used for establishing an encrypted link between two computers, typically a web server and a browser. SSL is used to enable sensitive information such as login credentials and credit card numbers to be transmitted securely.
A software company has completed a security assessment. The assessment states that the company should implement fencing and lighting around the property. Additionally, the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO).
Safety, Integrity
You are the security admin of your company. You audit all 10 routers in the compan and discover that more than half of them had default configurations loaded on them. How would you mitigate this vulnerability
Secure router configuration.
Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?
Secure zone transfers
A major security risk with co-mingling of hosts with different security requirements is:
Security policy violations.
Ann is an employee in the accounting department and would like to work on files from her home computer. She recently heard about a new personal cloud storage service with an easy web interface. Before uploading her work related files into the cloud for access, which of the following is the MOST important security concern Ann should be aware of?
Sensitivity of the files
A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?
Separation of duties
The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future?
Separation of duties
The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been deployed?
Signature Based IDS
When performing the daily review of the system vulnerability scans of the network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability. Which of the following is the type of vulnerability described?
Signature based vulnerability
You work for a company that uses MAC filtering. How could you provide a proof-of-concept proving the need for WPA2 wireless security?
Sniff the wireless traffic and clone a MAC address
A company's business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?
Software as a Service
The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO's direction but has mandated that key authentication systems be run within the organization's network. Which of the following would BEST meet the CIO and CRO's requirements?
Software as a Service
What kind of firewall inspects Ethernet traffic at the MOST levels of the OSI model?
Stateful firewall
Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks?
Subnetting
Which of the following would allow the organization to divide a Class C IP address range into several ranges?
Subnetting
A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened on the firewall in order for this VPN to function properly? (Select TWO).
TCP 1723 & UDP 47 A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a second GRE tunnel to the same peer. The PPTP GRE packet format is non-standard, including an additional acknowledgement field replacing the typical routing field in the GRE header. However, as in a normal GRE connection, those modified GRE packets are directly encapsulated into IP packets, and seen as IP protocol number 47.
Pete needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall?
TCP 22
An organization recently switched from a cloud-based email solution to an in-house email server. The firewall needs to be modified to allow for sending and receiving email. Which of the following ports should be open on the firewall to allow for email traffic? (Select THREE).
TCP 25, TCP 110, TCP 143 Port 25 is used by Simple Mail Transfer Protocol (SMTP) for routing e-mail between mail servers. Port 110 is used for Post Office Protocol v3 (POP3), which is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection. Port 143 is used by Internet Message Access Protocol (IMAP) for the management of email messages.
A security technician needs to open ports on a firewall to allow for domain name resolution. Which of the following ports should be opened? (Select TWO).
TCP 53 & UDP 53 DNS uses TCP and UDP port 53. TCP port 53 is used for zone transfers, whereas UDP port 53 is used for queries.
Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?
TCP port 80 and TCP port 443
Which of the following is a difference between TFTP and FTP?
TFTP utilizes UDP and FTP uses TCP.
Which of the following wireless security technologies continuously supplies new keys for WEP?
TKIP
Which of the following protocols is used to authenticate the client and server's digital certificate?
TLS
A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate?
TLS Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key. The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.
Which of the following would assist an escrow agent in securing private keys?
TPM
To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?
Technical
Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should Pete do NEXT?
Tell the application development manager to code the application to adhere to the company's password policy.
On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the MOST likely cause for this issue?
The Remote Authentication Dial-In User Service server certificate has expired. The question states that the network uses 802.1x with PEAP. The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS). A RADIUS server will be configured with a digital certificate. When a digital certificate is created, an expiration period is configured by the Certificate Authority (CA). The expiration period is commonly one or two years. The question states that no configuration changes have been made so it's likely that the certificate has expired.
A company provides secure wireless Internet access for visitors and vendors working onsite. Some of the vendors using older technology report that they are unable to access the wireless network after entering the correct network information. Which of the following is the MOST likely reason for this issue?
The SSID broadcast is disabled.
Which of the following BEST describes the weakness in WEP encryption?
The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.
The server administrator has noted that most servers have a lot of free disk space and low memory utilization. Which of the following statements will be correct if the server administrator migrates to a virtual server environment?
The administrator may spend more on licensing but less on hardware and equipment.
Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect. Which of the following is MOST likely the reason?
The company wireless is using a MAC filter.
The administrator receives a call from an employee named Joe. Joe says the Internet is down and he is receiving a blank page when typing to connect to a popular sports website. The administrator asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then says that he can get to the sports site on this phone. Which of the following might the administrator need to configure?
The default block page on the URL filter
Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10. DIAGRAM PC1 PC2 [192.168.1.30]——-[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]———[10.2.2.10] LOGS 10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN 10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK 10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK Given the above information, which of the following can be inferred about the above environment?
The router implements NAT.
A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication works fine, but VLAN 12 does not. Which of the following MUST happen before the server can communicate on VLAN 12?
The server's network switch port must be 802.1q tagged for VLAN 12. 802.1q is a standard that defines a system of VLAN tagging for Ethernet frames. The purpose of a tagged port is to pass traffic for multiple VLAN's.
A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?
The switch has several VLANs configured on it.
Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?
The system is virtualized.
Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp's debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party?
This may violate data ownership and non-disclosure agreements
An IT security manager is asked to provide the total risk to the business. Which of the following calculations would the security manager choose to determine total risk?
Threats X vulnerability X asset value Threats X vulnerability X asset value is equal to asset value (AV) times exposure factor (EF). This is used to calculate a risk.
Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies?
To reduce the organizational risk
Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk?
Transfer the risk saving $5,000.
True or False. Escape routes supports a goal of safety
True
True or False: RAM is the most volatile
True
True or False: TACAS is proprietary protocol used by the DoD for passing unclassified information
True
You are required to encrypt files stored in several sensitive directories using symmetric encryption. What could satisfy that?
TwoFish
Pete, the system administrator, wants to restrict access to advertisements, games, and gambling web sites. Which of the following devices would BEST achieve this goal?
URL content filter
Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?
URL filter
The loss prevention department has purchased a new application that allows the employees to monitor the alarm systems at remote locations. However, the application fails to connect to the vendor's server and the users are unable to log in. Which of the following are the MOST likely causes of this issue? (Select TWO).
URL filtering & Firewall rules
A review of the company's network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following is suited for this purpose?
UTM
Mike has hired several new security administrators and has been explaining the design of the company's firewall, IDS sensors, antivirus server, DMZs and HIPS. What incorporates these elements?
UTM security Appliance
An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?
Unified Threat Management
You are concerned about vulnerabilities associated with remote users and data in transit. What would eliminate your concerns
Use VPN
Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles?
User rights reviews
A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees' devices are connected?
VLAN
According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?
VLAN
An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which of the following types of network design elements would MOST likely be used?
VLAN. VLAN is a hardware-imposed network segmentation created by switches.
Pete, a security administrator, is informed that people from the HR department should not have access to the accounting department's server, and the accounting department should not have access to the HR department's server. The network is separated by switches. Which of the following is designed to keep the HR department users from accessing the accounting department's server and vice-versa?
VLANs
Which of the following would Pete, a security administrator, MOST likely implement in order to allow employees to have secure remote access to certain internal network services such as file servers?
VPN gateway
Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO).
Virtual switch, VLAN
A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?
Virtual switches with VLANs
A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?
Virtualization
Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives?
Virtualization
Which of the following is required to allow multiple servers to exist on one physical server?
Virtualization
Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?
WAF. A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation.
A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network. Which of the following should the administrator implement?
WEP over EAP-PEAP
A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place?
WPA cracking There are three steps to penetrating a WPA-protected network. Sniffing Parsing Attacking
A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?
WPA2 CCMP
The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?
WPA2 CCMP
A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption. Which of the following should be implemented?
WPA2-Enterprise
Configuring key/value pairs on a RADIUS server is associated with deploying which of the following?
WPA2-Enterprise wireless network. WPA2-Enterprise is designed for enterprise networks and requires a RADIUS authentication server.
A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?
Warning banners
The IDS does not identify a buffer overflow.
Which of the following is an example of a false negative?
Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?
Whitelisting
Sara, a security technician, has received notice that a vendor coming in for a presentation will require access to a server outside of the network. Currently, users are only able to access remote sites through a VPN connection. How could Sara BEST accommodate the vendor?
Write a firewall rule to allow the vendor to have access to the remote site.
Which of the following is a management control?
Written security policy
An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation?
Yagi
You are the network administrator of a company and have identified sensitive information being transmitted from a workstation on the LAN to an unauthorized IP address residing in a foreign country. All perimeer devices have not been compromised and AV signatures are up to date on the workstations. What is the cause?
Zero day
What is an example of logical security
biometic access system
While previously recommended as a security measure, disabling SSID broadcast is not effective against most attackers because network SSIDs are:
contained in certain wireless packets in plaintext.
Which of the following firewall rules only denies DNS zone transfers?
deny tcp any any port 53 DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers.
If you don't know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it?
ifconfig
An attacker captures transaction packets that add $50.00 to a gift card. The attacker then pushes those packets back onto the network adding and additional $50.00. This describes:
replay attack
The common method of breaking larger network address space into smaller networks is known as:
subnetting.
Which of the following would the security engineer set as the subnet mask for the servers below to utilize host addresses on separate broadcast domains? Server 1: 192.168.100.6 Server 2: 192.168.100.9 Server 3: 192.169.100.20
/30 Using this option will result in all three servers using host addresses on different broadcast domains.
Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO).
10.4.4.165 & 10.4.4.189 With the given subnet mask, a maximum number of 30 hosts between IP addresses 10.4.4.161 and 10.4.4.190 are allowed. Therefore, option C and D would be hosts on the same subnet, and the other options would not.
While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO).
20 & 21 FTP (File Transfer Protocol) makes use of ports 20 and 21
A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?
21
Which of the following ports is used for SSH, by default?
22
Which of the following ports is used to securely transfer files between remote UNIX systems?
22 SCP copies files securely between hosts on a network. It uses SSH for data transfer, and uses the same authentication and provides the same security as SSH.
Which of the following ports should be used by a system administrator to securely manage a remote server?
22 SSH can be called a remote access or remote terminal solution.
A technician is unable to manage a remote server. Which of the following ports should be opened on the firewall for remote server management? (Select TWO).
22 & 3389 A secure remote administration solution and Remote Desktop protocol is required. Secure Shell (SSH) is a secure remote administration solution and makes use of TCP port 22. Remote Desktop Protocol (RDP) uses TCP port 3389
Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?
22/TCP SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.
Ann, a technician, is attempting to establish a remote terminal session to an end user's computer using Kerberos authentication, but she cannot connect to the destination machine. Which of the following default ports should Ann ensure is open?
3389 Remote Desktop Protocol (RDP) uses TCP port 3389.
Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports?
443 HTTPS authenticates the website and corresponding web server with which one is communicating. HTTPS makes use of port 443.
An active directory setting restricts querying to only secure connections. Which of the following ports should be selected to establish a successful connection?
636 Port 636 is used for secure LDAP (LDAPS).
After a new firewall has been installed, devices cannot obtain a new IP address. Which of the following ports should Matt, the security administrator, open on the firewall?
68 The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for distributing IP addresses for interfaces and services. DHCP makes use of port 68.
Which of the following is the default port for TFTP?
69/UDP
Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?
80
While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?
802.1x 802.1x is a port-based authentication mechanism.
A company determines a need for additional protection from rogue devices plugging into physical ports around the building. Which of the following provides the highest degree of protection from unauthorized wired network access?
802.1x IEEE 802.1x is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols and provides an authentication mechanism to wireless devices connecting to a LAN or WLAN.
A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements?
802.1x and VLANs
Which of the following BEST describes a demilitarized zone?
A buffer zone between protected and unprotected networks.
You are a security administrator for a large enterprise. You must ensure that there aren't any unauthorized devices on the network. During a scan, you discover an unauthorized device belonging to a user in the finance department. The user is using an apple iphone in order to browse the internet. What did you use to ID the phone
A mac address
A security analyst noticed a colleague typing the following command: `Telnet some-host 443' Which of the following was the colleague performing?
A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.
A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause?
A site survey was not conducted
The security administrator at ABC company received the following log information from an external party: 10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal 10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force 10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company's security administrator is unable to determine the origin of the attack?
ABC company uses PAT.
Which the following flags are used to establish a TCP connection? (Select TWO).
ACK, SYN To establish a TCP connection, the three-way (or 3-step) handshake occurs: SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment's sequence number to a random value A. SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number i.e. A+1, and the sequence number that the server chooses for the packet is another random number, B. ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. A+1, and the acknowledgement number is set to one more than the received sequence number i.e. B+1.
A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used?
AES
Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company's information systems?
Acceptable Use Policy
Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO).
Acceptable use policy, Privacy policy
A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application's task. Which of the following is the security administrator practicing in this example?
Access control lists.
The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?
Access control lists. In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer)
You perform an audit and discover several failed login attempts to an employees' account. What should you do to prevent future occurences
Account lockout
While rarely enforced, mandatory vacation policies are effective at uncovering:
Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.
Your company's firewall administrator needs to add a new certificate for the corporate remote access solution. The solution requres that the uploaded needs to contain the entire certificiate chain to be successful. The administrator loads the company certificate and the root CA certificate into the file. The file gets rejected. What must the firewall admin do to complete the certificate chain?
Add the intermediate authority
In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization?
Administrator
Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network. Which of the following types of technologies will BEST address this scenario?
Anomaly Based IDS
A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO).
Antenna placement & Power levels
One of your datacenters is located in a country that has become politically unstable. You accept the recommendations to transfer the datacenter to another country. What kind of risk mitigation decision is this
Avoidance
