You have detected DNS requests and zone transfer requests coming through the firewall and you need to block them. Which of the following would meet this goal? (Select TWO. Each answer is a full solution)

Your network currently has a dedicated firewall protecting access to a web server. It is currently configured with the following two rules in the ACL along with an implicit allow rule at the end:
PERMIT TCP ANY ANY 443
PERMIT TCP ANY ANY 80

You have detected DNS requests and zone transfer requests coming through the firewall and you need to block them. Which of the following would meet this goal? (Select TWO. Each answer is a full solution) 



A. Add the following rule to the firewall: DENY TCP ALL ALL 53.
B. Add the following rule to the firewall: DENY UDP ALL ALL 53.
C. Add the following rule to the firewall: DENY TCP ALL ALL 25.
D. Add the following rule to the firewall: DENY IP ALL ALL 53.
E. Change the implicit allow rule to implicit deny.


Answer: D & E

Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. What would BEST meet this need?

Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. What would BEST meet this need? 



A. PAT and NAT
B. DMZ and VPN
C. VLANs and 802.1x
D. Routers and Layer 3 switches


Answer: C

A network technician incorrectly wired switch connections in your organization's network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. What should be done to prevent this in the future?

A network technician incorrectly wired switch connections in your organization's network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. What should be done to prevent this in the future?




A. Install an IDS.
B. Only use Layer 2 switches.
C. Install SNMP on the switches
D. Implement STP or RSTP


Answer: D

Your organization is increasing security and wants to prevent attackers from mapping out the IP addresses used on your internal network. Which of the following choices is the BEST option?

Your organization is increasing security and wants to prevent attackers from mapping out the IP addresses used on your internal network. Which of the following choices is the BEST option?



A. Implement subnetting.
B. Implement secure zone transfers.
C. Block outgoing traffic on UDP port 53.
D. Add a WAF.


Answer: B

You recently learned that a network router has TCP ports 22 and 80 open, but the organization's security policy mandates that these should not be accessible. What should you do?

You recently learned that a network router has TCP ports 22 and 80 open, but the organization's security policy mandates that these should not be accessible. What should you do?




A. Disable the FTP and HTTP services on the router.
B. Disable the DNS and HTTPS services on the router.
C. Disable the SSH and HTTP services on the router.
D. Disable the Telnet and Kerberos services on the router.


Answer: C

Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. What protocol is the BEST choice?

Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. What protocol is the BEST choice?



A. TLS (Transport Layer Security)
B. SMTP
C. HTTP
D. SSH


Answer: A

Bart copied an encrypted file from his desktop computer to his USB drive and discovered that the copied file isn't encrypted. He asks you what he can do to ensure file he's encrypted remain encrypted when he copies them to a USB drive. What would you recommend as the BEST solution to this problem?

Bart copied an encrypted file from his desktop computer to his USB drive and discovered that the copied file isn't encrypted. He asks you what he can do to ensure file he's encrypted remain encrypted when he copies them to a USB drive. What would you recommend as the BEST solution to this problem?




A. Use file-level encryption
B. Convert the USB to FAT32
C. Use whole disk encryption on the desktop computer
D. Use whole disk encryption on the USB drive


Answer: D

Your organization hosts a web site with a back-end database. The database stores customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data?

Your organization hosts a web site with a back-end database. The database stores customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data?



A. Full database encryption
B. Whole disk encryption
C. Database column encryption
D. File- level encryption



Answer: C

Your company is planning on implementing a policy for users so that they can connect their mobile devices to the network. However, management wants to restrict network access for these devices. They should have Internet access and be able to access some internal servers, but management wants to ensure that they do not have access to the primary network where company-owned devices operate. Which of the following will BEST meet this goal?

Your company is planning on implementing a policy for users so that they can connect their mobile devices to the network. However, management wants to restrict network access for these devices. They should have Internet access and be able to access some internal servers, but management wants to ensure that they do not have access to the primary network where company-owned devices operate. Which of the following will BEST meet this goal? 




A. WPA2 Enterprise
B. VPN
C. GPS
D. VLAN


Answer: D

Your company provides electrical and plumbing services to home owners. Employees use tablets during service calls to record activity, create invoices, and accept credit card payments. Which of the following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?

Your company provides electrical and plumbing services to home owners. Employees use tablets during service calls to record activity, create invoices, and accept credit card payments. Which of the following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?



A. Mobile device management
B. Disabling unused features
C. Remote wiping
D. GPS tracking


Answer: C

Your company has recently provided mobile devices to several employees. A security manager has expressed concerns related to data saved on these devices. Which of the following would BEST address these concerns?

Your company has recently provided mobile devices to several employees. A security manager has expressed concerns related to data saved on these devices. Which of the following would BEST address these concerns?




A. Disabling the use of removable media
B. Installing an application that tracks the location of the device
C. Implementing a BYOD policy
D. Enabling geo-tagging


Answer: A

Homer noticed that several generators within the nuclear power plant have been turning on without user interaction. Security investigators discovered that an unauthorized file was installed and causing these generators to start at timed intervals. Further,they determined this file was installed during a visit by external engineers. What should Homer recommend to mitigate this threat in the future?

Homer noticed that several generators within the nuclear power plant have been turning on without user interaction. Security investigators discovered that an unauthorized file was installed and causing these generators to start at timed intervals. Further,they determined this file was installed during a visit by external engineers. What should Homer recommend to mitigate this threat in the future?




A. Create an internal CA.
B. Implement WPA2 Enterprise.
C. Implement patch management processes.
D. Configure the SCADA within a VLAN.


Answer: D

Administrators ensure server operating systems are updated at least once a month with relevant patches, but they do not track other software updates. Of the following choices, what is the BEST choice to mitigate risks on these servers?

Administrators ensure server operating systems are updated at least once a month with relevant patches, but they do not track other software updates. Of the following choices, what is the BEST choice to mitigate risks on these servers?




A. Application change management
B. Application patch management
C. Whole disk encryption
D. Application hardening


Answer: B

A recent risk assessment identified several problems with servers in your organization. They occasionally reboot on their own and the operating systems do not have current security fixes. Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following solutions will mitigate these problems?

A recent risk assessment identified several problems with servers in your organization. They occasionally reboot on their own and the operating systems do not have current security fixes. Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following solutions will mitigate these problems?




A. Virtualization
B. Sandboxing
C. IDS
D. Patch management


Answer: D

You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?

You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?




A. Take a snapshot of the VM before deploying the new application.
B. Take a snapshot of the VM after deploying the new application.
C. Apply blacklisting techniques on the server for the new applications.
D. Back up the server after installing the new application


Answer: A

An IT department recently had its hardware budget reduced, but the organization still expects them to maintain availability of services. Of the following choices, what would BEST help them maintain availability with a reduced budget?

An IT department recently had its hardware budget reduced, but the organization still expects them to maintain availability of services. Of the following choices, what would BEST help them maintain availability with a reduced budget?



A. Failover clusters
B. Virtualization
C. Bollards
D. Hashing


Answer: B

Your organization wants to ensure that employees do not install or play operating system games, such as solitaire and FreeCell, on their computers. Which of the following is the BEST choice to prevent?

Your organization wants to ensure that employees do not install or play operating system games, such as solitaire and FreeCell, on their computers. Which of the following is the BEST choice to prevent?




A. Security policy
B. Application whitelisting
C. Anti-malware software
D. Antivirus software


Answer: B

You need to monitor the security posture of several servers in your organization and keep a security administrator aware of their status. Which of the following tasks will BEST help you meet this goal?

You need to monitor the security posture of several servers in your organization and keep a security administrator aware of their status. Which of the following tasks will BEST help you meet this goal?




A. Establishing baseline reporting
B. Determining attack surface
C. Implementing patch management
D. Enabling sandboxing


Answer: A

Your organization wants to improve the security posture of internal database servers. Of the following choices, what provides the BEST solution?

Your organization wants to improve the security posture of internal database servers. Of the following choices, what provides the BEST solution?




A.Opening ports on a server's firewall
B. Disabling unnecessary services
C. Keeping systems up to date with current patches
D. Keeping systems up to date with current service packs


Answer: B

Users in your organization access your network from remote locations. Currently, the remote access solution uses RADIUS. However, the organization wants to implement a stronger authentication service that supports EAP. Which of the following choices BEST meets this goal?

Users in your organization access your network from remote locations. Currently, the remote access solution uses RADIUS. However, the organization wants to implement a stronger authentication service that supports EAP. Which of the following choices BEST meets this goal? 




A. TACACS+
B. Diameter
C. Kerberos
D. Secure LDAP


Answer: B

Your organization recently made an agreement with third parties for the exchange of authentication and authorization information. The solution uses an XML- based open standard. Which of the following is the MOSt likely solution being implemented?

Your organization recently made an agreement with third parties for the exchange of authentication and authorization information. The solution uses an XML- based open standard. Which of the following is the MOSt likely solution being implemented?




A. RADIUS
B. Diameter
C. TACACS+
D. SAML


Answer: D

When you log on to your online bank account, you are also able to access a partners credit card site, check-ordering services, and a mortgage site without entering your credentials again. What does this describe?

When you log on to your online bank account, you are also able to access a partners credit card site, check-ordering services, and a mortgage site without entering your credentials again. What does this describe?




A. SSO
B. Same sign-on
C. SAML
D. Kerberos


Answer: A

The security manager at your company recently updated the security policy. One of the changes requires dual-factor authentication. Which of the following will meet this requirement?

The security manager at your company recently updated the security policy. One of the changes requires dual-factor authentication. Which of the following will meet this requirement?




A. Hardware token and PIN
B. Fingerprint scan and retina scan
C. Password and PIN
D. Smart card


Answer: A

Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?

Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?




A. HOTP
B. TOTP
C. CAC
D. Kerberos


Answer: B

A user calls into the help desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password ?

A user calls into the help desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password ?




A. Verify the user's original password.
B. Disable the user's account.
C. Verify the user's identity.
D. Enable the user's account


Answer: C

Homer needs to send an email to his HR department with an attachment that includes PII. He wants to maintain the confidentiality of this attachment. Which of the following choices is the BEST choice to meet his needs?

Homer needs to send an email to his HR department with an attachment that includes PII. He wants to maintain the confidentiality of this attachment. Which of the following choices is the BEST choice to meet his needs? 




A. Hashing
B. Digital Signature
C. Encryption
D. Certificate


Answer: C

ECC stands for ________.

ECC stands for ________.




A) enhanced communications control
B) end communications center
C) error correcting code
D) error control code


Answer: C) error correcting code

SCSI stands for ________.

SCSI stands for ________.



A) Sessioned Conversation Stateful Interaction
B) Symmetrical Confidential Session Interface
C) Small Computer System Interface
D) Stateful Cipher System Integration


Answer: C) Small Computer System Interface

RAID is also sometimes referred to as ________.

RAID is also sometimes referred to as ________. 




A) Redundant Array of Independent Devices
B) Responsive and Instrumental Devices
C) Responsive Asymmetrical Internal Devices
D) Reactive Alternative Internal Devices


Answer: A) Redundant Array of Independent Devices

RAID stands for ________.

RAID stands for ________.




A) Responsive Asymmetrical Internal Devices
B) Redundant Array of Inexpensive Devices
C) Reactive Alternative Internal Devices
D) Researched and Investigative Discoveries


Answer: B) Redundant Array of Inexpensive Devices

A network is both ________ and ________ vulnerable.

A network is both ________ and ________ vulnerable. 




A) clerically, systematically
B) sensically, instantly
C) logically, physically
D) publicly, privately


Answer: C) logically, physically

DRP stands for ________.

DRP stands for ________. 




A) digital recovery plan
B) dividing rumor protocol
C) disaster recovery plan
D) dichotic recovery protocol


Answer: C) disaster recovery plan

SPI stands for ________.

SPI stands for ________. 




A) stateful packet inspection
B) scan packet integration
C) session packet inspection
D) scanning proxy integration


Answer: A) stateful packet inspection

A(n) ________, also called a circuit-level gateway, evaluates not only a packet's source and destination addresses, but also the circuits that have been established for the packet's communication.

A(n) ________, also called a circuit-level gateway, evaluates not only a packet's source and destination addresses, but also the circuits that have been established for the packet's communication.




A) application firewall fence
B) digital recovery plan
C) stateful packet inspection
D) circuit filtering firewall


Answer: D) circuit filtering firewall

What is the term for the attack that occurs when a filter is tricked into believing a packet is coming from an addressed device different from its true originating source?

What is the term for the attack that occurs when a filter is tricked into believing a packet is coming from an addressed device different from its true originating source?




A) cipher filtering
B) encryption siting
C) address spoofing
D) integrity searching


Answer: C) address spoofing

DMZ stands for ________.

DMZ stands for ________. 




A) digital machine zone
B) deviced machine zone
C) demilitarized zone
D) disaster machination zone


Answer: C) demilitarized zone

PKI stands for ________.

PKI stands for ________. 




A) Proxy Key Infrastructure
B) Public Key Infrastructure
C) Public Kinetic Infrastructure
D) Private Key Infrastructure


Answer: B) Public Key Infrastructure

With asymmetric ciphers, two separate keys are used. What are they?

With asymmetric ciphers, two separate keys are used. What are they?




A) an integrated key and a non-integrated key
B) a public key and a private key
C) a packet key and an open key
D) a symmetrical key and an asymmetrical key


Answer: B) a public key and a private key

What two things are common means of providing for verification that those who are accessing enterprise data are authorized to do so?

What two things are common means of providing for verification that those who are accessing enterprise data are authorized to do so?




A) scanning and authorization
B) repudiation and digital certificates
C) authorization and backup certificates
D) authentication and digital certificates


Answer: D) authentication and digital certificates

Every data communication has ________.

Every data communication has ________. 




A) a digifier and a resender
B) sender and a receiver
C) a user and a recipient
D) a scrambler and a cryptographer


Answer: B) sender and a receiver