Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts? Availability Integrity Accounting Confidentiality.
Digital signatures are used for ensuring which of the following items? (Select TWO). Confidentiality Integrity Non-Repudiation Availability Algorithm Strength.
Which of the following firewall rules only denies DNS zone transfers? deny udp any any port 53 deny ip any any deny tcp any any port 53 deny all dns packets.
A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application’s task. Which of the following is the security administrator practicing in this example? Explicit deny Port security Access control lists Implicit deny.
An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network? Configure each port on the switches to use the same VLAN other than the default one Enable VTP on both switches and set to the same domain Configure only one of the routers to run DHCP services Implement port security on the switches.
Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?
PERMIT TCP ANY HOST 192.168.0.10 EQ 80
PERMIT TCP ANY HOST 192.168.0.10 EQ 443 It implements stateful packet filtering. It implements bottom-up processing. It failed closed. It implements an implicit deny.
A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements? NAT and DMZ VPN and IPSec Switches and a firewall 802.1x and VLANs.
Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished? Create a VLAN without a default gateway. Remove the network from the routing table. Create a virtual switch. Commission a stand-alone switch.
A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement? SaaS MaaS IaaS IaaS.
Which of the following devices would MOST likely have a DMZ interface? Firewall Switch Load Balancer Proxy.
A security analyst needs to ensure all external traffic is able to access the company’s front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended? DMZ Cloud computing VLAN Virtualization.
Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO). 10.4.4.125
10.4.4.158 10.4.4.165 10.4.4.189 10.4.4.199.
Which of the following would the security engineer set as the subnet mask for the servers below to utilize host addresses on separate broadcast domains?
Server 1: 192.168.100.6
Server 2: 192.168.100.9
Server 3: 192.169.100.20 /24 /27 /28 /29 /30.
An administrator connects VoIP phones to the same switch as the network PCs and printers. Which of the following would provide the BEST logical separation of these three device types while still allowing traffic between them via ACL? Create three VLANs on the switch connected to a router Define three subnets, configure each device to use their own dedicated IP address range, and then connect the network to a router Install a firewall and connect it to the switch Install a firewall and connect it to a dedicated switch for each device type.
A computer is put into a restricted VLAN until the computer’s virus definitions are up-to-date. Which of the following BEST describes this system type? NAT NIPS NAC DMZ.
The server administrator has noted that most servers have a lot of free disk space and low memory utilization. Which of the following statements will be correct if the server administrator migrates to a virtual server environment? The administrator will need to deploy load balancing and clustering. The administrator may spend more on licensing but less on hardware and equipment. The administrator will not be able to add a test virtual environment in the data center. Servers will encounter latency and lowered throughput issues.
Takes away the need for a data center. IaaS MaaS SaaS HaaS.
An IT director is looking to reduce the footprint of their company’s server environment. They have decided to move several internally developed software applications to an alternate environment, supported by an external company. Which of the following BEST describes this arrangement? Infrastructure as a Service Storage as a Service Platform as a Service Software as a Service.
A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure? IPsec SFTP BGP PPTP.
A company’s legacy server requires administration using Telnet. Which of the following protocols could be used to secure communication by offering encryption at a lower OSI layer? (Select TWO). IPv6 SFTP IPSec SSH IPv4.
A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports? SNMP SNMPv3 ICMP SSH.
A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet. Which of the following should be used in the code? (Choose two.) Escrowed keys SSL symmetric encryption key Software code private key Remote server public key OCSP.
IPv6 addresses are how many bits?.
IPv4 addresses are how many bits?.
IPsec is built into which? IPv4 IPv6.
Which of the following protocols is used by IPv6 for MAC address resolution? NDP ARP DNS NCP.
A security analyst noticed a colleague typing the following command:
`Telnet some-host 443’
Which of the following was the colleague performing? A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead. A mistaken port being entered because telnet servers typically do not listen on port 443.
Which of the following is a step in deploying a WPA2-Enterprise wireless network? Install a token on the authentication server Install a DHCP server on the authentication server Install an encryption key on the authentication server Install a digital certificate on the authentication server.
Configuring key/value pairs on a RADIUS server is associated with deploying which of the following? WPA2-Enterprise wireless network DNS secondary zones Digital certificates Intrusion detection system.
Which of the following BEST describes the weakness in WEP encryption? The initialization vector of WEP uses a crack-able RC4 encryption algorithm.
Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived. The initialization vector of WEP uses a crack-able RC4 encryption algorithm.
Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived. The WEP key has a weak MD4 hashing algorithm used.
A simple rainbow table can be used to generate key possibilities due to MD4 collisions. The WEP key is stored with a very small pool of random numbers to make the cipher text.
As the random numbers are often reused it becomes easy to derive the remaining WEP key.
|
