Network administrators connect to a legacy server using Telnet. They want to secure these transmissions using encryption at a lower layer of the OSI model. What could they use?
Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?
Your network currently has a dedicated firewall protecting access to a web server. It is currently configured with the following two rules in the ACL along with an implicit allow rule at the end:
PERMIT TCP ANY ANY 443
PERMIT TCP ANY ANY 80
You have detected DNS requests and zone transfer requests coming through the firewall and you need to block them. Which of the following would meet this goal? (Select TWO. Each answer is a full solution)
A. Add the following rule to the firewall: DENY TCP ALL ALL 53.
B. Add the following rule to the firewall: DENY UDP ALL ALL 53.
C. Add the following rule to the firewall: DENY TCP ALL ALL 25.
D. Add the following rule to the firewall: DENY IP ALL ALL 53.
E. Change the implicit allow rule to implicit deny.
Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. What would BEST meet this need?
A. PAT and NAT
B. DMZ and VPN
C. VLANs and 802.1x
D. Routers and Layer 3 switches
A network technician incorrectly wired switch connections in your organization's network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. What should be done to prevent this in the future?
A. Install an IDS.
B. Only use Layer 2 switches.
C. Install SNMP on the switches
D. Implement STP or RSTP
Your organization is increasing security and wants to prevent attackers from mapping out the IP addresses used on your internal network. Which of the following choices is the BEST option?
A. Implement subnetting.
B. Implement secure zone transfers.
C. Block outgoing traffic on UDP port 53.
D. Add a WAF.
You recently learned that a network router has TCP ports 22 and 80 open, but the organization's security policy mandates that these should not be accessible. What should you do?
A. Disable the FTP and HTTP services on the router.
B. Disable the DNS and HTTPS services on the router.
C. Disable the SSH and HTTP services on the router.
D. Disable the Telnet and Kerberos services on the router.
Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. What protocol is the BEST choice?
A. TLS (Transport Layer Security)
B. SMTP
C. HTTP
D. SSH
Bart copied an encrypted file from his desktop computer to his USB drive and discovered that the copied file isn't encrypted. He asks you what he can do to ensure file he's encrypted remain encrypted when he copies them to a USB drive. What would you recommend as the BEST solution to this problem?
A. Use file-level encryption
B. Convert the USB to FAT32
C. Use whole disk encryption on the desktop computer
D. Use whole disk encryption on the USB drive
Your organization hosts a web site with a back-end database. The database stores customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data?
A. Full database encryption
B. Whole disk encryption
C. Database column encryption
D. File- level encryption
Your company is planning on implementing a policy for users so that they can connect their mobile devices to the network. However, management wants to restrict network access for these devices. They should have Internet access and be able to access some internal servers, but management wants to ensure that they do not have access to the primary network where company-owned devices operate. Which of the following will BEST meet this goal?
Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one?
A. Asset tracking
B. Screen lock
C. Mobile device management
D. GPS tracking
Your company provides electrical and plumbing services to home owners. Employees use tablets during service calls to record activity, create invoices, and accept credit card payments. Which of the following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?
A. Mobile device management
B. Disabling unused features
C. Remote wiping
D. GPS tracking
Your company has recently provided mobile devices to several employees. A security manager has expressed concerns related to data saved on these devices. Which of the following would BEST address these concerns?
A. Disabling the use of removable media
B. Installing an application that tracks the location of the device
C. Implementing a BYOD policy
D. Enabling geo-tagging
Homer noticed that several generators within the nuclear power plant have been turning on without user interaction. Security investigators discovered that an unauthorized file was installed and causing these generators to start at timed intervals. Further,they determined this file was installed during a visit by external engineers. What should Homer recommend to mitigate this threat in the future?
A. Create an internal CA.
B. Implement WPA2 Enterprise.
C. Implement patch management processes.
D. Configure the SCADA within a VLAN.
Administrators ensure server operating systems are updated at least once a month with relevant patches, but they do not track other software updates. Of the following choices, what is the BEST choice to mitigate risks on these servers?
A. Application change management
B. Application patch management
C. Whole disk encryption
D. Application hardening
A recent risk assessment identified several problems with servers in your organization. They occasionally reboot on their own and the operating systems do not have current security fixes. Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following solutions will mitigate these problems?
A. Virtualization
B. Sandboxing
C. IDS
D. Patch management
You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?
A. Take a snapshot of the VM before deploying the new application.
B. Take a snapshot of the VM after deploying the new application.
C. Apply blacklisting techniques on the server for the new applications.
D. Back up the server after installing the new application
An IT department recently had its hardware budget reduced, but the organization still expects them to maintain availability of services. Of the following choices, what would BEST help them maintain availability with a reduced budget?
A. Failover clusters
B. Virtualization
C. Bollards
D. Hashing
Your organization wants to ensure that employees do not install or play operating system games, such as solitaire and FreeCell, on their computers. Which of the following is the BEST choice to prevent?
A. Security policy
B. Application whitelisting
C. Anti-malware software
D. Antivirus software
You need to monitor the security posture of several servers in your organization and keep a security administrator aware of their status. Which of the following tasks will BEST help you meet this goal?
A. Establishing baseline reporting
B. Determining attack surface
C. Implementing patch management
D. Enabling sandboxing
Your organization wants to improve the security posture of internal database servers. Of the following choices, what provides the BEST solution?
A.Opening ports on a server's firewall
B. Disabling unnecessary services
C. Keeping systems up to date with current patches
D. Keeping systems up to date with current service packs
Users in your organization access your network from remote locations. Currently, the remote access solution uses RADIUS. However, the organization wants to implement a stronger authentication service that supports EAP. Which of the following choices BEST meets this goal?
Your organization recently made an agreement with third parties for the exchange of authentication and authorization information. The solution uses an XML- based open standard. Which of the following is the MOSt likely solution being implemented?
When you log on to your online bank account, you are also able to access a partners credit card site, check-ordering services, and a mortgage site without entering your credentials again. What does this describe?
Your network infrastructure requires users to authenticate with something they are and something they know. Which of the following choices BEST describes this authentication method?
A.Passwords
B. Dual-factor
C. Biometrics
D. Diameter
The security manager at your company recently updated the security policy. One of the changes requires dual-factor authentication. Which of the following will meet this requirement?
A. Hardware token and PIN
B. Fingerprint scan and retina scan
C. Password and PIN
D. Smart card
When users log on to their computers, they are required to enter a username, a password, and a PIN. Which of the following choices BEST describes this?
A. Single-factor authentication
B. Two-factor authentication
C. Multifactor authentication
D. Mutual authentication
Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?
A user calls into the help desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password ?
A. Verify the user's original password.
B. Disable the user's account.
C. Verify the user's identity.
D. Enable the user's account
Your organization has a password policy with a password history value of 12. What does this indicated?
A.Your password must be at least 12 characters long.
B. Twelve different passwords must be used before reusing the same pass
C. Passwords must be changed every 12 days
D. Passwords cannot be changed until 12 days have passed
Management at your company recently decided to implement additional lighting and fencing around the property. Which security goal is your company MOST likely pursing?
A. Confidentiality
B. Integrity
C. Availability
D. Safety
Homer needs to send an email to his HR department with an attachment that includes PII. He wants to maintain the confidentiality of this attachment. Which of the following choices is the BEST choice to meet his needs?
A. Hashing
B. Digital Signature
C. Encryption
D. Certificate
A) Sessioned Conversation Stateful Interaction
B) Symmetrical Confidential Session Interface
C) Small Computer System Interface
D) Stateful Cipher System Integration
A) Redundant Array of Independent Devices
B) Responsive and Instrumental Devices
C) Responsive Asymmetrical Internal Devices
D) Reactive Alternative Internal Devices
A) Responsive Asymmetrical Internal Devices
B) Redundant Array of Inexpensive Devices
C) Reactive Alternative Internal Devices
D) Researched and Investigative Discoveries
A(n) ________ is an alternative facility where an organization can restore all or a portion of its business-critical systems within a short amount of time.
A) certified holder
B) alter ego
C) hot spot
D) Caesar cipher
A(n) ________, also called a circuit-level gateway, evaluates not only a packet's source and destination addresses, but also the circuits that have been established for the packet's communication.
A) application firewall fence
B) digital recovery plan
C) stateful packet inspection
D) circuit filtering firewall
What is the term for the attack that occurs when a filter is tricked into believing a packet is coming from an addressed device different from its true originating source?
A) cipher filtering
B) encryption siting
C) address spoofing
D) integrity searching
As a barrier between the outside world and the enterprise, a(n) ________ is configured to keep out unauthorized individuals who are attempting to attack or penetrate the enterprise.
A) infrastructure
B) certificate
C) firewall
D) cipher
With asymmetric ciphers, two separate keys are used. What are they?
A) an integrated key and a non-integrated key
B) a public key and a private key
C) a packet key and an open key
D) a symmetrical key and an asymmetrical key
What two things are common means of providing for verification that those who are accessing enterprise data are authorized to do so?
A) scanning and authorization
B) repudiation and digital certificates
C) authorization and backup certificates
D) authentication and digital certificates
Answer: D) authentication and digital certificates