Architecture and Design

Question 1

You have joined a new enterprise as a member of the IT security team. During on boarding you receive 2 PCs, 1 with access to highly confidential systems and 1 with access to less critical data and the internet. You cannot send data or documents from one network to the other and have to manage separate credentials for each. What concept best defines this approach?
A. Physical de-segmentation
B. Air gap
C. VPN
D. Data aggregated network segmentation (DANS)

Answer 1

B. Air gap

Question 2

You are a penetration tester for a network security consulting company. You are currently an-site at a customers premises and are doing your first analysis of the customer's network security. You check if they are using Wifi and find that they are using a deprecated protocol with known vulnerabilities. Which of the options is most likely being used?
A. 805.99b
B. 802.1x
C. WPA2
D. WEP

Answer 2

D. WEP

Wired Equivalent Privacy (WEP
WPA2 is newer and more robust)

Question 3

What term refers to holistic approach to IT security including diversification of vendors controls (both administrative and technical) and user training?
A. DMZ
B. Defense-in-depth
C. Regulatory standard framework
D. Holistic IA

Answer 3

B. Defense-in-depth

Question 4

What improvements does a VLAN offer for network security?
A. Physically restricts unauthorized devices from network access
B. Provides layer 4 filtering (TCP/UDP)
C. Allows for session dropping in the event of an anomaly detection
D. Logically separates network segments

Answer 4

D. Logically separates network segments

Question 5

Your employer uses a third party service provider to store files like word documents and presentations. These files can be accessed and collaborated on by other employees through a website. there are many companies that use this same service, but data is controlled using various methods to ensure users can only access their own companies files. What type of services is this?
A. Cloud service
B. Hybrid
C. Infrastructure
D. Hosting

Answer 5

A. Cloud service

Question 6

Your employer has always been very security conscious and to date does not use any company owned mobile or wireless devices like laptops and smart phones. A new project aims to evaluate options on the market for security implementation laptops within the company. One requirement is that all data stored on the laptop's drive must be encrypted. What type of drive could fulfill this requirement?
A. PKI-SSD
B. VPN
C. SED
D. RAID0

Answer 6

C. SED

Question 7

You are responsible for network security within your employer's network architecture team. Your team is implementing a new network that can allow unauthenticated WiFi users access to the internet without allowing them access to any internal systems. What type of WiFi network is this?
A DMZ
B. Guest
C. Extranet
D. NAT

Answer 7

B. Guest

Question 8

Your employer has several thousand internal users all who need to access the internet on a daily basis to complete their work. What technology should be used to mask the internal IP addresses of these users and allow access to the internet through shared public IP addresses?
A. NAT
B. Router
C. DMZ
D. DNS

Answer 8

A. NAT

Question 9

What term defines an operating system that has been verified as having a sufficient level of security based on the Common Criteria for Information Technology Security Evaluation?
A. Trusted Operating System (TOS)
B. SFRs
C. Certified Secure Operating System (CSOS)
D. Protection Profiled Operating System (PPOS)

Answer 9

A. Trusted Operating System (TOS)

Question 10

A new company policy requires hardware encryption for certain highly confidential systems. These existing systems do not already have a hardware component that can provide this functionality. what is the easiest way to implement this new policy?
A. RADIUS
B. PKI
C. Trusted Platform Module
D. Hardware Security Module

Answer 10

D. Hardware Security Module (HSM)

Best option to add additional HW based encryption functionalities is using HSM (not embedded). TPM is embedded.

Question 11

What improvements does a VLAN offer for network security?
A. Physically restricts unauthorized devices from network access
B. Provides layer 4 filtering (TCP/UDP)
C. Allows for session dropping in the event of an anomaly detected
D. Logically separates network segments

Answer 11

D. Logically separates network segments

Question 12

Your employer has asked your team to define and implement a new network area that will be accessible to authorized 3rd party companies through a dedicated WAN connection. A critical requirement is that access to this new network area should bot also allow network access to the companies internal network and systems. What type of network best defines this setup?
A. Extranet
B. Intranet
C. Guess WiFi
D. VLAN

Answer 12

A. Extranet

Question 13

You work as a freelance security consultant. You are now working for a large government and have been contracted to create a stand alone system that should attract malicious activity. The system should mimic an existing productive system but with fake non-sensitive data. the activity in this new system should be recorded so security analysis can review and identify patterns in the malicious activity. What best defines this type of system?
A. DMZ
B. Honeynet
C. Ad hoc target
D. DDoS mitigator

Answer 13

B. Honeynet

or Honeypot

Question 14

which of the following acronyms refers to a cryptographic hardware component capable of securely storing data like passwords and keys?
A. TPM
B. NAT
C. DMZ
D. DLP

Answer 14

A. TPM

Trusted Platform Module

Question 15

Your employer is planning to place wireless devices at the entrance of their retail locations. the devices will use WiFi to connect to the store's wireless network and use beams of light to detect when someone enters through the entrance. Other that WiFi, what type of wireless communication is being used?
A. 802.11
B. NFC
C. Bluetooth
D. Infrared

Answer 15

D. Infrared