2.1 Install & configure network components, hardware- and software-based, to support org. security Flashcards

1
Q

An admin deployed an intrusion detection system (IDS) behind the firewall of the demilitarized zone. A recent audit reveals that although the IDS generated the correct event, the penetration tester retrieved the alert notification. Without changing the physical architecture, how will the admin prevent easy detection of future alerts by intruders?

A

Set up an out-of-band link on a separate VLAN.

An out-of-band link offers better security than in-band. You may use separate cabling or the same cabling and physical switches, but a separate VLAN for management.

An in-band link is less secure, since the management channel is shared by the network being monitored. This will make alerts more detectable by an adversary and can also be blocked.

Rulesets are a configuration setting for the intrusion detection system (IDS). Content filtering, such as blocking URLs and applying keyword-sensitive blacklists or whitelists, are examples of a ruleset.

Deploying a security information and event management (SIEM) changes the physical architecture and is not required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company wants to extend the corporate network to their employees over the Internet, anywhere in the United States. Requirements include a small budget and a minimum change to infrastructure. Access is transparent to the user. Which of the following should the company consider? (Select two)

A

A remote access topology

TLS VPN

A remote access virtual private network (VPN) involves VPN client agents connecting to a VPN-enabled router concentrator at the company’s main network. This is ideal for telecommuters.

A TLS (Transport Layer Security) VPN will require a remote server listening on port 443 (so no changes to firewalls) and optionally, a set of client certificates for authenticating the device (transparent for users after simple set up).

IPSec VPN will use encryption, such as L2TP (Layer 2 Tunneling Protocol) and IKEv2 (Internet Key Exchange). It is generally harder to implement than TLS VPN, due to firewall restrictions and client-side set up.

A site-to-site VPN connects two or more local networks, each site running a VPN gateway. The gateway does all the work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A Windows firewall rule allows all programs, all protocols, and all ports within a 192.168.0.0/24 subnet to connect to the network. What type of Windows Firewall with Advanced Security is this?

A

Access Control List

An access control list contains rules that define the type of data packet and the appropriate action to take when it exits or enters a network or system. The general actions are to either deny or accept.

Transport Layer Security is a protocol is like SSL. TLS can be used to create virtual private networks.

Data Leak Prevention scans for content in a structured format like an e-mail and performs an action based on policy. (e.g., blocks an e-mail containing proprietary information).

Secure Sockets Layer is network protocol that establishes an encrypted link between a web server and a browser. Users interact commonly with their bank’s web portal using encrypted communication via an SSL or TLS connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A Windows 7 laptop computer has Microsoft’s BitLocker enabled. Upon boot, the Windows operating system brings up the log in screen, ready for user credentials. Which of the following best describes how the system has BitLocker set up?

A

A TPM chip is on the motherboard.

A TPM or Trusted Platform Module is a hardware security module that BitLocker uses to link an encrypted hard drive with a specific system. Placing an encrypted hard drive in another laptop will require a recovery password.

BitLocker creates a recovery password as part of its encryption process. Although this recovery password can be stored on the same encrypted hard drive, it is not recommended.

BitLocker can be transparent to the user if a TPM chip is used. User may not realize that the hard drive is encrypted when, in fact, it is.

Windows 10 BitLocker allows for only used space on the hard drive to be encrypted. Windows 7 BitLocker only supports full disk encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company’s data loss prevention (DLP) system’s setup blocks the transferring of proprietary company information to all, but which of the following?

A

One Drive

A separate cloud-based DLP service is required to work with an on-premise DLP solution, to block the transferring of content to cloud storage services. It does this by using either a proxy to mediate access, or the cloud service provider’s API to perform scanning and policy enforcement.

A DLP can be used to block the writing of information to a CD or DVD based on configured policies and installed agents at the endpoint.

A DLP can block the transferring of content to USB in the same way as writing to CD or DVD.

A DLP can block the sending of proprietary information over email by, for example, preventing the attaching of documents or pictures to an email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A network with two normal-working switches, have several client computers connected for work and Internet access. After adding two new switches and more client computers, the new computers, as well as some of the old client computers, cannot access the network. What is most likely the cause and the solution? (Select two)

A

A loop in the network

STP

A switch loop on the network will cause network connections to drop, since the packet cannot make the appropriate hop to the next switch to its final destination. Switching loops also generates broadcast storms.

STP (Spanning Tree Protocol) is a means for the bridges to organize themselves into a hierarchy and prevent loops from forming.

Port security is an advanced security feature that allows a certain amount of MAC addresses to access a physical port. After a certain number, new connections will be blocked.

A flood guard is a feature of a circuit-level firewall that prevents maliciously open connections from forming. This is not applicable to switching loops.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A hacker plans to eavesdrop on a network from a remote location. Multiple rods make up the tool of choice. The tool will point to the target to gather traffic. Which of the following devices will the hacker most likely use?

A

Yagi

The Yagi or Yagi-Uda array is describe as a rod with fins. It is a directional antenna.

A parabolic or dish antenna are very familiar. These dishes are often pointed to satellites in space.

Also known as a parabolic antenna, a grid antenna has open spacing that solves the high wind issues that dish antennas experience causing them to move.

The rubber ducky or dipole antennas are plastic-coated rods used on wireless access points (WAPs). WAPs without any antennas use omnidirectional vertical rod-type antennas, which can receive and send a signal in all directions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A remote office has both a file server and a web server. A network appliance is in front of these servers, to manage network traffic. A security administrator configures the access control list (ACL) to specify rules for specific subnet ranges. Which of the following best describes this device?

A

A layer 3 device

A layer 3 device operates on the network layer. Common devices like a router operate at layer 3 to route traffic based on IP addresses. The network appliance at the remote office describes a layer 3 firewall.

A layer 2 device mostly describes a basic Ethernet switch. These are also called a LAN (local area network) switch, data switch, or workgroup switch. It operates at layer 2 or data link layer of the OSI model.

A VPN (Virtual Private Network) concentrator is a device that incorporates advanced encryption and authentication methods, to handle many VPN tunnels.

A proxy server mediates the communications between a client and another server. It can filter communications and provide caching services to improve performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Management hired 20 new people and the network team set up the network connections in the office to accommodate them. There are three dummy client switches, with roughly 40 computers connected to the network. The client computers have an IP (Internet Protocol) address using DHCP (Dynamic Host Configuration Protocol). Connected to the switches are the local DHCP server and file server. When trying to access the servers or the Internet from the client computers, there is no network connectivity. Some clients have a DHCP IP address. What may be the cause?

A

A loop in the network

A switch loop on the network will cause network connections to drop, since the packet cannot make the appropriate hop to the next switch and to its final destination. Switching loops also generates broadcast storms.

MAC (Media Access Control) filters can block data coming from specific MAC addresses to drop. However, “dummy” client switches were deployed, which normally means no advanced configurations have been made.

Port security is an advanced security feature. “Dummy” switches are basic switches to allow traffic to flow freely.

DHCP is working properly, since some clients did receive DHCP IP addresses. Others have not yet received one because of switch loops.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Management wants to secure company laptops with BitLocker, in case they get stolen, or the hard drives removed. However, the user should not have to type in a password to decrypt the hard drive. What is an alternative, rather than inputting a password, to use a system with BitLocker enabled?

A

Use a hardware security module

A TPM or Trusted Platform Module is a hardware security module that BitLocker uses to link an encrypted hard drive with a specific system. Placing an encrypted hard drive in another laptop will require a recovery password.

BitLocker can be applied to USB drives, but a laptop cannot boot from an encrypted USB drive. It is not ideal for telecommuters to boot from a USB either.

BitLocker creates a recovery password as part of its encryption process. Although this recovery password can be stored on the same encrypted hard drive, it is not recommended.

SSO (Single Sign On) is applicable with other services or applications after the initial log in. BitLocker does not use single sign on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An office deployed new client switches. A network administrator disables Telnet and allows SSH (Secure Shell) for secure management. A security administrator suggests disabling HTTP (Hypertext Transfer Protocol). What other best practices can restrict unauthorized connecting of other devices?

A

Enable port security

Port security is used to prevent the attachment of unauthorized client devices on wall ports, switches, or routers. A maximum number of MAC addresses can be set to record, which will prevent future connections once the maximum is met.

SNMP or Simple Network Management Protocol is used for sending traps to network monitoring tools with status information. Changing the custom string will prevent unauthorized tools from gathering data using default string names.

HTTPS can be enabled on the network switch for secure web management. This is an alternative to managing switches via SSH.

Installing the latest firmware updates can provide new features, fix bugs, and patch any security vulnerabilities. Reviewing vendor security bulletins can help forewarn of possible exploits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Two virtual hosts run on a stack and each host runs a virtual machine (VM). Both VMs use shared storage, and an admin must provide stateful fault tolerance. The Enterprise services running on these VMs must work on both virtual hosts, and continue working if one of the virtual hosts go offline. What cluster set up would provide the functionality the organization requires?

A

An active/active configuration consisting of n nodes.

An active/active cluster provides Enterprise services to clients from both virtual servers. All services will transparently transfer to the other server if one virtual host goes offline.

An active/passive cluster provides Enterprise services to clients from only one virtual server. The other server comes online only when the currently active server goes offline.

A session affinity setting is used in load balancing scenarios. This is also known as source IP (internet protocol) and is a layer 4 approach to handling user sessions.

A round robin setting is used in load balancing scenarios. New client sessions are established with the next server in the group. Round robin and affinity provide stateless fault tolerance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An organization has a network access control (NAC) system that assesses the health of workstations and laptops connected to the corporate network. A network admin must add mobile devices to the list of platforms. How will an admin provide health assessments for these new devices?

A

Perform an agentless health assessment.

An agentless health or posture assessment supports a wide range of devices, such as smartphones and tablets, but less detailed information about the client is available.

A non-persistent or dissolvable agent is loaded into memory and never installed on the system. This option still requires an agent that may not be compatible with mobile devices.

Enforcing existing policies only apply to workstation and laptops. New policies must be created for mobile devices.

A quarantine network is a restricted network that uncompliant devices are redirected to, only after it has been assessed. A policy for mobile devices must be in place in order for proper remediation to take place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An Internet service provider (ISP) enters an old neighborhood to make plans to provide high-speed Internet. The neighborhood does not have cable service. Mobile homes in the area have antennas visibly seen above their rooftops. What type of antennas do these residents most likely use?

A

Yagi

The Yagi or Yagi-Uda array is describe as a rod with fins. It is a directional antenna.

A parabolic or dish antenna are very similar. These dishes are often pointed to satellites in space.

Also known as a parabolic antenna, a grid antenna has open spacing that solves the high wind issues that dish antennas experience causing them to move.

The rubber ducky or dipole antennas, are plastic-coated rods used on wireless access points (WAPs). WAPs without any antennas, use omnidirectional vertical rod-type antennas, which can receive and send a signal in all directions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The only wireless access point (WAP) in the office is an 802.11ac device that advertises to have faster data rates and better performance, even at the edge, than the older WAP. The device is on the ceiling, in the middle of the office, with limited access to about 100 feet. What may cause the shorter range?

A

A reduced power setting.

Most Wi-Fi routers come with a transmit (Tx) power setting. This can be reduced to a lower output to reduce the range of the wireless signal.

Multiple Wi-Fi routers cannot conflict with one another by signal alone. The band and channel selections have a better chance of conflicting if both are the same between multiple WAPs.

There are enough channels to suffice the office range. Most offices, even today, are using wireless-N devices, both at 2.4 GHz and 5 GHz. As this office will operate in the 5 GHz band, there are many channels in this range that are open.

When placing the WAP at higher levels, like the ceiling, the device will provide maximum range and reduce interference.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A network administrator logs on to a computer and notices two ethernet ports connected to one another within the guest operating system, under Windows settings. What type of network is on this computer?

A

Bridge

A bridge connects two network segments together. An example includes a bridged connection between the wireless and Ethernet adapters of a laptop.

An ad hoc network is created when wireless network adapters are configured to connect to one another in a peer-to-peer WLAN (Wireless LAN) topology.

STP stands for Spanning Tree Protocol. It prevents loops with multiple switches and routers.

A tunnel describes a mode used in IPsec (Internet protocol security). Tunnel mode encrypts entire network packets prior to routing through the public Internet and is decrypted at the destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A company wants to make it easier for their telecommute employees to access corporate resources from any place, like a coffee shop. Management asked security administrators to find a solution that will provide the most secure user connection to company SharePoint sites, with very little changes to the network architecture. Which of the following would support management’s requirements? (Select two)

A

Client-based VPN over port 443

TLS VPN

A remote access virtual private network (VPN) involves VPN client agents connecting to a VPN-enabled router concentrator at the company’s main network. This is ideal for telecommuters. If used with TLS or SSL VPN, port 443 will be used.

A TLS (Transport Layer Security) VPN will require a remote server listening on port 443 (so no changes to firewalls) and optionally, a set of client certificates for authenticating the device (transparent for users after simple set up).

Like TLS VPN, SSL (Secure Sockets Layer) VPN will also pass through traffic over port 443. However, TLS is more secure than SSL.

A site-to-site VPN connects two or more local networks, each site running a VPN gateway. The gateway does all the work.

18
Q

A new user logs in with a PKI (public key infrastructure) card using a pin and prepares to send an encrypted email to a colleague using a mail service via the web browser. The user does not see the option for encryption. Co-workers send encrypted email on a regular basis. What does the employee need?

A

An S/MIME plug-in

S/MIME (Secure/Multipurpose Internet Mail Extensions) is an email encryption standard that adds digital signatures and public key cryptography to email.

A hardware security module like a trust platform module (TPM) is not required for email encryption to work. A TPM works best with drive encryption software like BitLocker.

PKI cards utilize user certificates to identify the user or owner of the card. A successful log in with the card assumes the user has a working user certificate.

The PKI (Public Key Infrastructure) certificates are valid and supported, given that encrypted emails are regularly sent. Any new certificates and/or cards should be tested prior to roll out in production.

19
Q

An administrator navigates to the Windows Firewall with Advanced Security. The inbound rules show a custom rule, which assigned the action, “Allow the connection” to all programs, all protocols, and all ports with a scope of 192.168.0.0/24. This is an example of what type of security setting?

A

ACL

ACL (Access Control List) is used by firewalls. The list of rules defines the type of data packet and the appropriate action to take when it exits or enters a network or system. The actions are to deny or accept.

TLS (Transport Layer Security) is a protocol similar to SSL. TLS can be used to create virtual private networks.

DLP (Data Leak Prevention) scans for content in a structured format like an e-mail and performs an action based on policy (e.g., blocks an email containing proprietary information).

SSL (Secure Sockets Layer) is a network protocol that establishes an encrypted link between a web server and a browser. Users interact with their bank’s web portal using an SSL or TLS connection.

20
Q

All of the following describes an application firewall, except:

A

It analyzes packets at layer 2.

A network-based firewall analyzes packets at the layer 2 or data link layer of the OSI (Open Systems Interconnection) model. An application firewall analyzes packets at layer 7 or the application layer.

An application firewall can be called by different names, such as application layer gateway firewall, stateful multilayer inspection firewall, or deep packet inspection firewall.

Most UTM (Unified Threat Management) systems include an application firewall to provide more complex network security.

An application firewall is mostly installed on a server as an application (e.g., Windows Firewall). However, it can also run on physical network appliances, like a UTM device.

21
Q

A company deploys a (Secure Sockets Layer) SSL decryptor at the edge of the network, to ensure the network traffic utilizes encryption appropriately. It will also integrate with other security appliances and services. What are the pros and/or cons of utilizing this device? (Select two)

A

Weak cipher suites are not allowed

A single point of failure

A benefit (or pro) for deploying an SSL decryptor is that it will block connections that use weak cipher suites or implementations and block connections that cannot be inspected.

Placing the SSL decryptor at the edge is a drawback (or con). The edge of the network is also the point where internal network meets the public network. The placement makes the SSL decryptor a single point of failure.

Multiple subscription services are not applicable to an SSL decryptor. It may be an operational requirement depending on a user’s role, but it is unrelated to IT infrastructure.

A load balancer is not applicable in this case since a load balancer is only beneficial to a pair of systems or services. In this case, there is only one SSL decryptor deployed at the edge of the network.

22
Q

An admin sets up an intrusion detection system (IDS), which will require a separate VLAN (virtual local area network) connection for the management channel. What type of link did the admin set up?

A

Out-of-band

An out-of-band link offers better security than in-band. You may use separate cabling or the same cabling and physical switches but a separate VLAN (virtual LAN) for management.

An in-band link is less secure, since the management channel is shared by the network being monitored. This will make alerts more detectable by an adversary and can also be blocked.

A virtual IP is commonly used in the context of load-balancers. It is advertised to the network and routes traffic to individual server nodes all with different IP addresses.

Port security is a feature of a switch or router that filters port connections with MAC (media access control) addresses.

23
Q

Unlike transport layer security (TLS), internet protocol security (IPSec) can use two modes. One mode encrypts only the payload of the IP packet, leaving the IP address unencrypted. The other mode encrypts the whole IP packet and adds a new IP header. What are these modes? (Select two)

A

Tunnel

Transport

The tunnel mode is used by IPsec to provide encrypted communication by encrypting the entire network packet. This method is used mostly in unsecured networks.

The transport mode is used by IPsec to provide encrypted communication by only encrypting the payload. This method is used mostly in private networks.

The term stateful is commonly used to describe how a firewall inspects network packets. Stateful inspections analyzes traffic data that includes previously inspected packets.

The term stateless is commonly used with firewalls. A stateless inspection focuses only on the packet being analyzed at one time, to make a better decision on what firewall rule or policy to enforce.

24
Q

A network administrator logs on to a computer and notices two ethernet ports connected to one another within the guest operating system, under Windows settings. What type of network is on this computer?

A

Bridge

A bridge connects two network segments together. An example includes a bridged connection between the wireless and Ethernet adapters of a laptop.

An ad hoc network is created when wireless network adapters are configured to connect to one another in a peer-to-peer WLAN (Wireless LAN) topology.

STP stands for Spanning Tree Protocol. It prevents loops with multiple switches and routers.

A tunnel describes a mode used in IPsec (Internet protocol security). Tunnel mode encrypts entire network packets prior to routing through the public Internet and is decrypted at the destination.

25
Q

A network admin must filter content for users as they access web pages and FTP sites. What type and class of proxy server should the network admin deploy? (Select two)

A

Transparent

Multipurpose

A multipurpose proxy server can be configured with filters for multiple protocol types, such as HTTP (Hypertext Transfer Protocol), FTP (File Transfer Protocol), and SMTP (Simple Mail Transfer Protocol).

An application-specific proxy, like a web proxy, will only filter out content from the web. A proxy server is required for FTP services as well.

A non-transparent class of proxies requires a client to be configured with the proxy server address and port settings.

A transparent class of proxies requires no extra configuration of client computers. This proxy intercepts client traffic through a switch, router or other inline network appliance.

26
Q

A system administrator logs in to multiple servers and network devices to research the events of an incident. A security administrator suggests to management to use SolarWinds’s SIEM (Security Information and Event Management) solution. Why should management consider using this type of solution? (Select two)

A

To aggregate logs

To correlate events

The core function of an SIEM tool is to aggregate logs from multiple sources. In addition to logs from Windows and Linux-based hosts, this could include switches, routers, firewalls, a DLP system, etc.

Correlation means that SIEM software can link individual events or data points (observables) into a meaningful indicator of risk, or Indicator of Compromise (IOC). Correlation can then be used to drive an alerting system.

Although the work of logging into multiple devices may be reduced, more time can be used to fully analyze the logs that are collected and provide meaningful information to management.

An IDS or Intrusion Detection System will do the actual detection. However, the detection events can be sent to SolarWinds for aggregation and correlation.

27
Q

A new employee logs in to a workstation with a PKI (public key infrastructure) card. The employee opens up the card reader application and finds a user certificate and a separate email certificate. What purpose does the email certificate serve?

A

To sign and encrypt email

An email certificate can be used to sign and encrypt email messages, typically using S/MIME (Secure/Multipurpose Internet Mail Extensions) or PGP (Pretty Good Privacy).

The mail certificate is not required to open and access a mail application, like Outlook. The email application connects a user based on their regular user account, which is the same account used to log in to a workstation.

Only a user certificate is required to log in to a workstation that requires or provides the option for smart card log in.

Office 365 Message Encryption (OME) is only available using an Office 365 email account on Exchange online. The installing or configuring of certificates is not required for this cloud service.

28
Q

A security administrator wants to reduce the wireless range of the 802.11ac Wi-Fi router in the office. It currently conflicts with another 802.11ac wireless access point, which also operates in the 5 GHz band. Which of the following tasks will shorten the range and stop the conflict? (Select more than one)

A

Change the channel.

Use the 2.5 GHz range.

Most Wi-Fi routers come with a transmit (Tx) power setting. Reducing this setting, lowers power consumption, which will also lower wireless signal output.

Two Wi-Fi routers running in the 5 GHz should be in different channels to reduce conflict. Even if two wireless access points (WAPs) are used to extend the range, it must have different channels to differentiate.

The 2.4 GHz range is supported on 802.11ac devices with dual band. However, this range is strictly for legacy clients (802.11bgn) only.

The technique of using foil on Wi-Fi routers is mainly used to increase the wireless range or its performance. This will not support the requirements for the security administrator.

29
Q

A user cannot receive email from a new vendor regarding paper samples, after only 24 hours of regular email correspondence the day before. Regular corporate email, as well as Google or Hotmail email has no issue getting to the user. What may have caused the email from reaching the user?

A

The spam filter checked and stopped the email.

Spam filtering can cause legitimate messages to be blocked. It needs careful configuration to provide the right balance between security and usability.

The user had regular email communication with the user the day before. It is highly unlikely that the wrong email address was used by the vendor.

The firewall at the edge (or nearest the Internet) is not blocking regular email traffic from entering the corporate network to the mail server. And there is no traffic prevention internally to the user.

Connectivity through the ISP (Internet Service Provider) is still working since regular Google or Hotmail emails are still being received.

30
Q

Two virtual machines have a custom application set up for active/active clustering. Each physical node has the appropriate number of network adapters for clustering, as well as service communication to clients. Cisco backs the company’s infrastructure and has also made recommendations. Which of the following will most likely support these customer services? (Select two)

A

GLBP

VIP

Each server node has its own IP address, but externally a load-balanced service is advertising a Virtual IP (VIP) address. Clients go to an IP address or FQDN (fully qualified domain name) and will be routed accordingly between the servers in the cluster.

Gateway Load Balancing Protocol (GLBP) is Cisco’s proprietary service to providing a load-balanced service with a VIP. The infrastructure is Cisco-based, so this service will most likely be implemented.

Common Address Redundancy Protocol (CARP) is another commonly used network protocol that works in the same way as GLBP, but since the infrastructure is Cisco-based, GLBP will most likely be the one that is selected.

A FQDN can have multiple IP addresses using DNS records, and name resolution can route the sessions. However, only the first record will be active until it is unavailable.

31
Q

A network security admin needs to manage the traffic entering a device that supports a file server. The branch office has both the server and the device. The device’s current setting is for “implicit deny.” Which of the following most describes the device?

A

A layer 3 firewall

Firewalls can operate at many levels. The most basic is layer 3 where the firewall blocks traffic from specific IP ranges. In access control list (ACL), the final default rule is typically to block any traffic that has not matched a rule (implicit deny).

A layer 2 of transparent firewall looks at bridged packets that run through a pair of locally-switched Ethernet ports. It can be placed into a network without having to re-subnet it.

NAC or Network Access Control is essentially a health policy that verifies each requesting node conforms to a healthy policy (patch level, antivirus/firewall configuration, and so on).

A proxy server mediates the communications between a client and another server. It can filter communications and provide caching services to improve performance.

32
Q

A system administrator updates multiple laptops, with Windows operating system over the Internet during the opening hours of the day. The laptops plug into the network ports on the wall. After the fourth laptop, the network port no longer works. The admin plugs in another laptop and the network port still does not work. What may be the cause of this?

A

Port security

Port security is used to prevent the attachment of unauthorized devices on wall ports, switches, or routers. A maximum number of MAC addresses can be set to record, which will prevent future connections once the maximum is met.

SNMP (Simple Network Management Protocol) is used for sending traps to network monitoring tools with status information. Traps cannot make administrative changes to port connections.

A firmware update on switches or routers will require a reboot and cause connected devices to lose network connectivity. However, updates are not normally done during business hours.

An access control list (ACL) can be used to restrict access to the management console from specific host(s), single IP address(es), or subnet ranges.

33
Q

A network administrator sets up a wireless access point (WAP) in the office. Management wishes to allow access to only certain mobile devices owned by employees. What setting on the (WAP) would the network administrator configure?

A

MAC filtering

MAC (media access control) filtering specifies a list of valid MAC addresses of devices that will be allowed to connect to the WAP (wireless access point).

An SSID or service set identifier is used to help users identify the correct WAP they are connecting to. An extended SSID or ESSID is used when multiple SSIDs are grouped into one.

A band selection is either 2.4 GHz or 5 GHz. This is a hardware limitation of the device, and most modern mobile devices will be able to connect to both.

The antenna is related more on placement of the WAP. Only devices within range will be able to connect.

34
Q

A type of proxy device, meant to examine encrypted traffic, may become an addition to the suite of network appliances inside of the corporate network. One of the security engineers suggests placing the device at the very edge as a transparent bridge. What is this device and why would its placement be important? (Select two)

A

SSL interceptor

To evade a hacker

An SSL decryptor, inspector, or interceptor is a type of proxy used to examine encrypted traffic before it enters or leaves the network. This ensures that traffic complies with data policies and strong cipher suites are used.

The SSL decryptor is at the network’s edge as a transparent bridge to evade a hacker’s view. It will not be a regular device with an IP address on its own subnet range.

The SSL decryptor will more commonly integrate with a DLP or SIEM to apply security policies and provide effective monitoring and reporting.

A UTM (Unified Threat Manager) appliance combines the functions of a firewall, malware scanner, intrusion detection, and many others. An SSL interceptor is not found in a UTM.

35
Q

An office deployed new client switches. A network administrator disables Telnet and allows SSH (Secure Shell) for secure management. A security administrator suggests disabling HTTP (Hypertext Transfer Protocol). What other best practices can restrict unauthorized connecting of other devices?

A

Enable port security

Port security is used to prevent the attachment of unauthorized client devices on wall ports, switches, or routers. A maximum number of MAC addresses can be set to record, which will prevent future connections once the maximum is met.

SNMP or Simple Network Management Protocol is used for sending traps to network monitoring tools with status information. Changing the custom string will prevent unauthorized tools from gathering data using default string names.

HTTPS can be enabled on the network switch for secure web management. This is an alternative to managing switches via SSH.

Installing the latest firmware updates can provide new features, fix bugs, and patch any security vulnerabilities. Reviewing vendor security bulletins can help forewarn of possible exploits.

36
Q

Two virtual servers deployed DHCP. One server will actively provide IP (Internet Protocol) addresses, while the other is on standby. The server backend has active-passive clustering. Management would like services for session routing with something other than a Cisco solution. Which of the following will most likely support management’s needs? (Select two)

A

CARP

VIP

Each server node has its own IP address, but externally a load-balanced service is advertising a Virtual IP (VIP) address. Clients go to an IP address or FQDN (fully qualified domain name) and will be routed accordingly between the servers in the cluster.

Common Address Redundancy Protocol (CARP) is a standard industry network protocol that will work in this situation.

Gateway Load Balancing Protocol (GLBP) is Cisco’s proprietary service to providing a load-balanced service with a VIP. While GLBP and CARP are similar in functionality, management specifically requested not to use a Cisco solution, so GLBP will not work in this case.

A FQDN can have multiple IP addresses using DNS records, and name resolution can route the sessions. However, only the first record will be active until it is unavailable.

37
Q

An administrator deploys a basic network intrusion detection (NID) device to block common patterns of attacks. What detection method does this device use?

A

Signature-based

38
Q

Two virtual machines have a custom application set up for active/active clustering. Each physical node has the appropriate number of network adapters for clustering, as well as service communication to clients. Cisco backs the company’s infrastructure and has also made recommendations. Which of the following will most likely support these customer services? (Select two)

A

VIP

GLBP

Each server node has its own IP address, but externally a load-balanced service is advertising a Virtual IP (VIP) address. Clients go to an IP address or FQDN (fully qualified domain name) and will be routed accordingly between the servers in the cluster.

Gateway Load Balancing Protocol (GLBP) is Cisco’s proprietary service to providing a load-balanced service with a VIP. The infrastructure is Cisco-based, so this service will most likely be implemented.

Common Address Redundancy Protocol (CARP) is another commonly used network protocol that works in the same way as GLBP, but since the infrastructure is Cisco-based, GLBP will most likely be the one that is selected.

A FQDN can have multiple IP addresses using DNS records, and name resolution can route the sessions. However, only the first record will be active until it is unavailable.

39
Q

A TLS (Transport Layer Security) VPN (Virtual Private Network) requires a remote access server listening on port 443 to encrypt traffic with a client machine. An IPSec (Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts only the payload of the IP packet. The other mode encrypts the whole IP packet (header and payload). These two modes describe which of the following? (Select two)

A

Transport

Tunnel

The tunnel mode is used by IPsec to provide encrypted communication by encrypting the entire network packet. This method will be used mostly in unsecured networks.

The transport mode is used by IPsec to provide encrypted communication by only encrypting the payload. This method will be used mostly in private networks.

A cipher is the process (or algorithm) used to encrypt and decrypt a message. A cipher mode refers to the cryptographic product that processes multiple blocks. ECB or Electronic Code Book is the simplest mode of cipher operation.

A counter mode is a type of cipher mode of operation.

40
Q

Management hired 20 new people and the network team set up the network connections in the office to accommodate them. There are three dummy client switches, with roughly 40 computers connected to the network. The client computers have an IP (Internet Protocol) address using DHCP (Dynamic Host Configuration Protocol). Connected to the switches are the local DHCP server and file server. When trying to access the servers or the Internet from the client computers, there is no network connectivity. Some clients have a DHCP IP address. What may be the cause?

A

A loop in the network

A switch loop on the network will cause network connections to drop, since the packet cannot make the appropriate hop to the next switch and to its final destination. Switching loops also generates broadcast storms.

MAC (Media Access Control) filters can block data coming from specific MAC addresses to drop. However, “dummy” client switches were deployed, which normally means no advanced configurations have been made.

Port security is an advanced security feature. “Dummy” switches are basic switches to allow traffic to flow freely.

DHCP is working properly, since some clients did receive DHCP IP addresses. Others have not yet received one because of switch loops.

41
Q

A security administrator wants to reduce the wireless range of the 802.11ac Wi-Fi router in the office. It currently conflicts with another 802.11ac wireless access point, which also operates in the 5 GHz band. Which of the following tasks will shorten the range and stop the conflict? (Select more than one)

A

Reduce the transmit power.

Change the channel.

Most Wi-Fi routers come with a transmit (Tx) power setting. Reducing this setting, lowers power consumption, which will also lower wireless signal output.

Two Wi-Fi routers running in the 5 GHz should be in different channels to reduce conflict. Even if two wireless access points (WAPs) are used to extend the range, it must have different channels to differentiate.

The 2.4 GHz range is supported on 802.11ac devices with dual band. However, this range is strictly for legacy clients (802.11bgn) only.

The technique of using foil on Wi-Fi routers is mainly used to increase the wireless range or its performance. This will not support the requirements for the security administrator.