B.3.2 Security+ SY0-601 Domain 2: Architecture and Design Flashcards

189 questions (plus some of my own)

1
Q

Which Microsoft tool can be used to review a system’s security configuration against recommended settings?

A

Microsoft Security Compliance Toolkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following describes a configuration baseline?

A

A list of common security settings that a group or all devices share

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What should you consider security baselines?

A

Dynamic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You would like to get a feel for the amount of bandwidth you are using in your network. What is the first thing you should do?

A

Establish a baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is a technology that tries to detect and stop sensitive data breaches, or data leakage incidents, in an organization?

A

Data loss prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DLP can be implemented as a software or hardware solution that analyzes traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization’s security policies.

Which of the following DLP implementations analyzes traffic for data containing such things as financial documents, social security numbers, or key words used in proprietary intellectual property?

A

Network DLP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does DLP mean?

A

Data Loss Prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Travis is sending a highly confidential email to Craig that contains sensitive data. Which of the following should Travis implement to ensure that only Craig is able to read the email?

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which form of cryptography is best suited for bulk encryption because it is so fast?

A

Symmetric key cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following security solutions would prevent a user from reading a file that she did not create?

A

Encrypted File System (EFS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an EFS?

A

A Windows file encryption option that encrypts individual files so that only the user who created the file can open it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You’ve used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you’ve used an external USB flash drive to store the BitLocker startup key.

You use EFS to encrypt the C:\Secrets folder and its contents.

Which of the following is true in this scenario? (Select two.)

A

If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.

By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following database encryption methods encrypts the entire database and all backups?

A

Transparent Data Encryption (TDE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following cloud storage access services acts as a gatekeeper, extending an organization’s security policies into the cloud storage infrastructure?

A

A cloud-access security broker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the on-premises, cloud-based software tool that sits between an organization and a cloud service provider called?

A

Cloud-access security broker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following can provide the most specific protection and monitoring capabilities?

A

Cloud-access security broker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You are purchasing a hard disk from an online retailer over the internet. What does your browser use to ensure that others cannot see your credit card number on the internet?

A

Secure Sockets Layer (SSL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.)

A

Transport Layer Security (TLS)
SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following protocols can TLS use for key exchange? (Select two.)

A

Diffie-Hellman
Rivest-Shamir-Adleman (RSA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which protocol does HTTPS use to offer greater security in web transactions?

A

SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

SSL (Secure Sockets Layer) operates at which layer of the OSI model?

A

Session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

When using SSL authentication, what does the client verify first when checking a server’s identity?

A

The current date and time must fall within the server’s certificate-validity period

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

You want to allow traveling users to connect to your private network through the internet. Users connect from various locations, including airports, hotels, and public access points like coffee shops and libraries. As such, you won’t be able to configure the firewalls that might be controlling access to the internet in these locations.

Which of the following protocols would MOST likely be allowed through the widest number of firewalls?

A

SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?

A

Hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

You have been asked to deploy a network solution that includes an alternate location where operational recovery is provided within minutes of a disaster. Which of the following strategies would you choose?

A

Hot site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present?

A

Cold site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Daily backups are completed at the ABD company location, and only a weekly backup is maintained at another network location. Which of the following disaster recovery strategies is ABD using?

A

Warm site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

If your mission-critical services have a maximum tolerable downtime (MTD) or a recovery-time objective (RTO) of 36 hours, what is the optimum form of recovery site?

A

Warm site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A honeypot is used for which purpose?

A

To delay intruders in order to gather auditing data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following BEST describes a honeyfile?

A

A single file setup to entice and trap attackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

You want to create a collection of computers on your network that appear to have valuable data but actually store fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the attacker’s methods.

Which feature should you implement?

A

Honeynet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following BEST describes the Platform as a Service (PaaS) cloud computing service model?

A

PaaS delivers everything a developer needs to build an application on the cloud infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network?

A

SaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

You are the security administrator for your organization. You have implemented a cloud service to provide features such as authentication, anti-malware, intrusion detection, and penetration testing.

Which cloud service have you most likely implemented?

A

SECaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A group of small local businesses have joined together to share access to a cloud-based payment system.

Which type of cloud is MOST likely being implemented?

A

Community

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What does Public Cloud do?

A

Provides cloud services to just about anyone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What does the Private Cloud do?

A

Provides cloud services to a single organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What does the Community Cloud do?

A

Allows cloud services to be shared by several organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What does the Hybrid Cloud do?

A

Integrates one cloud service with other cloud services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

The IT manager has tasked you with installing new physical machines. These computer systems are barebone systems that simply establish a remote connection to the data center to run the user’s virtualized desktop.

Which type of deployment model is being used?

A

Thin client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which of the following is an advantage of software-defined networking (SDN)?

A

More granular control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Which of the following BEST describes the Application SDN layer?

A

Communicates with the Control layer through the northbound interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which SDN layer would a load balancer that stops and starts VMs as resource use increases reside on?

A

Application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Software defined networking (SDN) uses a controller to manage devices. The controller is able to inventory hardware components on the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make widespread configuration changes on just one device.

Which of the following best describes an SDN controller?

A

The SDN controller is software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

From which layer does the Application layer receive its requests?

A

Control Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which layer is also known as the Infrastructure layer?

A

Physical Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What layer communicated with the Control layer through the northbound interface?

A

Application Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What layer provides the Physical layer with configuration and instructions?

A

Control Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What type of southbound APIs do individual networking devices use on this layer to communicate with the control plane?

A

Physical Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which of the following does the Application layer use to communicate with the Control layer?

A

Northbound APIs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which of the following BEST describes the Physical SDN layer?

A

Also known as the Infrastructure layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Network engineers have the option of using software to configure and control the network rather than relying on individual static configuration files that are located on each network device.

Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network?

A

Software-defined networking (SDN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Which APIs do individual networking devices use to communicate with the control plane from the Physical layer?

A

Southbound

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which of the following is a disadvantage of software defined networking (SDN)?

A

SDN standards are still being developed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What is the system that connects application repositories, systems, and IT environments in a way that allows access and exchange of data over a network by multiple devices and locations called?

A

Integration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Which of the following are disadvantages of server virtualization?

A

A compromised host system might affect multiple servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Which of the following are advantages of virtualization? (Select two.)

A

Centralized administration
Easy migration of systems to different hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?

A

Hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What is the limit of virtual machines that can be connected to a virtual network?

A

Unlimited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which of the following is an exploit in which malware allows the virtual OS to interact directly with the hypervisor?

A

Escape

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What is an Escape?

A

It is an exploit in which malware allows the operating system within a virtual machine to break out and interact directly with the hypervisor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might be installed while users browse websites, which could compromise your system or pose a confidentiality risk.

Which of the following actions would BEST protect your system?

A

Run the browser within a virtual environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which of the following is an advantage of a virtual browser?

A

Protects the host operating system from malicious downloads

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Which of the following devices facilitates communication between different virtual machines by checking data packets before moving them to a destination?

A

Virtual switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Which type of hypervisor runs as an application on the host machine?

A

Type 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems’ versions and editions.

Currently, all of your virtual machines used for testing are connected to the production network through the hypervisor’s network interface. However, you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code.

To prevent issues, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other.

What should you do? (Select two. Both responses are part of the complete solution.)

A

Create a new virtual switch configured for host-only (internal) networking

Connect the virtual network interfaces in the virtual machines to the virtual switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Which of the following is a network virtualization solution provided by Microsoft?

A

Hyper-V

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Which of the following virtual devices provides packet filtering and monitoring?

A

VFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Which of the following statements about virtual networks is true? (Select two.)

A

Multiple virtual networks can be associated with a single physical network adapter
A virtual network is dependent on the configuration and physical hardware of the host operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Which application development model approaches software development as a continuous, changing process with never-ending versions, bug fixes, and enhancements?

A

Agile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Which of the following is the first step in the Waterfall application development model?

A

Requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Which of the following is considered a drawback of the Waterfall application development life cycle?

A

Requirements are determined at the beginning and are carried through to the end product

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Which of the following are the two main causes of software vulnerabilities? (Select two.)

A

Design flaws
Coding errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

You are performing a security test from the outside on a new application that has been deployed.

Which secure testing method are you MOST likely using?

A

Dynamic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

What is a set of software development tools called that can be installed as one unit and provides code frameworks or code snippets to help development go faster?

A

Software Development Kit (SDK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

You manage a group of 20 Windows workstations that are currently configured as a workgroup. You have been thinking about switching to an Active Directory configuration.

Which advantages would there be to switching to Active Directory? (Select two.)

A

Centralized configuration control
Centralized authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

What is the name of the service included with the Windows Server operating system that manages a centralized database containing user account and security information?

A

Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What is a “Logical organization of resources”?

A

Organizational unit (OU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

What is a “Collection of network resources”?

A

Domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What is a “Collection of related domain trees”?

A

Forest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

What is a “Network resource in the directory”?

A

Object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What is a “Group of related domains”?

A

Tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

What AD Domain is used to manage individual desktop workstation access?

A

CORPWS7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Which of the following is a message authentication code that allows a user to verify that a file or message is legitimate?

A

HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder.

Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?

A

Have Marcus log off and log back in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?

A

Access token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Which kind of access control technology allows more than just the identity of an individual to be transmitted wirelessly to either allow or deny access?

A

Smart card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

A smart card can be used to store all but which of the following items?

A

Biometric template original

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

What is the smart card attack description for Software Attacks?

A

Exploits vulnerabilities in a card’s protocols or encryption methods

90
Q

What is the smart card attack description for Eavesdropping?

A

Captures transmission data produced by a card as it is used

91
Q

What is the smart card attack description for Fault generation?

A

Deliberately induces malfunctions in a card

92
Q

What is the smart card attack description for Microprobing?

A

Accesses the chip’s surface directly to observe, manipulate, and interfere with a circuit

93
Q

Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group.

Several days after being promoted, Lori needs to have performance reviews with the team she manages. However, she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system.

What is MOST likely preventing her from accessing this system?

A

She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions

94
Q

Which of the following terms is used to describe an event in which a person who should be allowed access is denied access to a system?

A

False negative

95
Q

Which of the following defines the crossover error rate for evaluating biometric systems?

A

The point where the number of false positives matches the number of false negatives in a biometric system

96
Q

Which of the following are disadvantages of biometrics? (Select two.)

A

They have the potential to produce numerous false negatives
When used alone, they are no more secure than a strong password

97
Q

What is the MOST important aspect of a biometric device?

A

Accuracy

98
Q

Which of the following is a password that relates to things that people know, such as a mother’s maiden name or a pet’s name?

A

Cognitive

99
Q

What is a cognitive password?

A

They relate to things that people know, such as a mother’s maiden name or a pet’s name

100
Q

What type of password is maryhadalittlelamb?

A

Passphrase

101
Q

Which of the following is the most common form of authentication?

A

Password

102
Q

Which of the following are examples of Something You Have authentication controls? (Select two.)

A

Photo ID
Smart card

103
Q

Which of the following is the strongest form of multi-factor authentication?

A

A password, a biometric scan, and a token device

104
Q

What is a PIN?

A

Something You Know

105
Q

What is a Smart card?

A

Something You Have

106
Q

What is a Password?

A

Something You Know

107
Q

What is a Retina Scan?

A

Something You Are

108
Q

What is a Fingerprint scan?

A

Something You Are

109
Q

What is a Hardware token?

A

Something You Have

110
Q

What is a Passphrase?

A

Something You Know

111
Q

What is Voice recognition?

A

Something You Are

112
Q

What is Wi-Fi triangulation?

A

Somewhere You Are

113
Q

What is Typing behaviors?

A

Something You Do

114
Q

Which of the following is the term for the process of validating a subject’s identity?

A

Authentication

115
Q

A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?

A

Authentication and authorization

116
Q

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)

A

TACACS+
RADIUS

117
Q

Which of the following defines all the prerequisites a device must meet in order to access a network?

A

Authentication

118
Q

Which of the following applies the appropriate policies in order to provide a device with the access it’s defined to receive?

A

Authorization

119
Q

What is the process of controlling access to resources such as computers, files, or printers called?

A

Authorization

120
Q

What is mutual authentication?

A

A process by which each party in an online communication verifies the identity of the other party

121
Q

Which of the following drive configurations is fault tolerant?

A

RAID 5

122
Q

Which of the following disk configurations might sustain losing two disks? (Select two.)

A

RAID 1+0
RAID 0+1

123
Q

You have a computer with three hard disks. A RAID 0 volume uses space on Disk 1 and Disk 2. A RAID 1 volume uses space on Disk 2 and Disk 3.

Disk 2 fails. Which of the following is true?

A

Data on the RAID 1 volume is accessible; data on the RAID 0 volume is not

124
Q

You have been asked to implement a RAID 5 solution for your network. What is the minimum number of hard disks that can be used to configure RAID 5?

A

3

125
Q

What option is an advantage RAID 5 has over RAID 1?

A

RAID 5 improves performance over RAID 1

126
Q

Which device is used to ensure power to a server or network device during short power outages?

A

Uninterruptible power supply

127
Q

To prevent server downtime, which of the following components should be installed redundantly in a server system?

A

Power supply

128
Q

What is the primary security feature that can be designed into a network’s infrastructure to protect and support availability?

A

Redundancy

129
Q

Which of the following network strategies connects multiple servers together so that if one server fails, the others immediately take over its tasks, preventing a disruption in service?

A

Clustering

130
Q

Which backup strategy backs up all files from a computer’s file system, regardless of whether the file’s archive bit is set or not, and then marks them as backed up?

A

Full

131
Q

Your network performs a full backup every night. Each Sunday, the previous night’s backup tape is archived.

On a Wednesday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?

A

1

132
Q

Which of the following are backed up during an incremental backup?

A

Only files that have changed since the last full backup

133
Q

Which of the following is true of an incremental backup’s process?

A

Backs up all files with the archive bit set and resets the archive bit

134
Q

Your network uses the following backup strategy:

  • Full backups every Sunday night
  • Incremental backups Monday night through Saturday night

On a Thursday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?

A

4

135
Q

A system failure has occurred. Which of the following restoration processes would result in the fastest restoration of all data to its most current state?

A

Restore the full backup and the last differential backup

136
Q

Which of the following are backed up during a differential backup?

A

Only files that have changed since the last full backup

137
Q

Which backup strategy backs up only files that have the archive bit set, but does not mark them as having been backed up?

A

Differential

138
Q

Your disaster recovery plan calls for backup media to be stored at a different location. The location is a safe deposit box at the local bank. Because of this, the disaster recovery plan specifies that you choose a method that uses the least amount of backup media, but also allows you to quickly back up and restore files.

Which backup strategy would BEST meet the disaster recovery plan?

A

Perform a full backup once per week and a differential backup the other days of the week

139
Q

What does a differential backup do during the backup?

A

Backs up all files with the archive bit set and does not reset the archive bit

140
Q

Your network uses the following backup strategy:

  • Full backups every Sunday night
  • Differential backups Monday night through Saturday night

On Thursday morning, the storage system fails. How many restore operations would you need to perform to recover all of the data?

A

2

141
Q

Which of the following describes a system image backup? (Select two.)

A

A system image contains everything on the system volume, including the operating system, installed programs, drivers, and user data files

A system image backup consists of an entire volume backed up to .vhd files

142
Q

Why should backup media be stored offsite?

A

To prevent the same disaster from affecting both the network and the backup media

143
Q

Which of the following is an open-source hardware and software company that designs and manufactures single-board microcontrollers as well as kits to build digital devices?

A

Arduino

144
Q

You manage information systems for a large co-location data center.

Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over an internet connection using a mobile device app.

You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)

A

Install the latest firmware updates from the device manufacturer
Verify that your network’s existing security infrastructure is working properly

145
Q

You manage the information systems for a large manufacturing firm.

Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization’s automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an internet connection.

You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)

A

Install the latest firmware updates from the device manufacturer
Verify that your network’s existing security infrastructure is working properly

146
Q

Which of the following devices are special computer systems that gather, analyze, and manage automated factory equipment?

A

SCADA

147
Q

You notice that a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections.

Which of the following labels applies to this growing ecosystem of smart devices?

A

Internet of Things (IoT)

148
Q

Which Amazon device can be used to control smart devices (such as lights) throughout a home using voice commands?

A

Echo

149
Q

Why do attackers prefer to conduct distributed network attacks in static environments? (Select two.)

A

Devices are typically more difficult to monitor than traditional network devices
Devices tend to employ much weaker security than traditional network devices

150
Q

You are creating a VLAN for voice over IP (VoIP). Which command should you use?

A

switchport voice vlan [number]

151
Q

Which of the following lets you make phone calls over a packet-switched network?

A

VoIP

152
Q

Which of the following serves real-time applications without buffer delays?

A

RTOS

153
Q

Which of the following do Raspberry Pi systems make use of?

A

SoC

154
Q

Which of the following can be used to stop piggybacking at a front entrance where employees should swipe smart cards to gain entry?

A

Deploy a mantrap

155
Q

What is Piggybanking?

A

It is when an authorized or unauthorized individual gains entry into a secured area by exploiting the credentials of a prior person

156
Q

Which of the following are solutions that address physical security? (Select two.)

A

Escort visitors at all times
Require identification and name badges for all employees

157
Q

Where would badge readers be most appropriate in a small business?

A

Building entrances and the server room

158
Q

Which option is a benefit of CCTV?

A

Expand the area visible by security guards

159
Q

You want to use CCTV to increase your physical security, and you want the ability to remotely control the camera position. Which camera type should you choose?

A

Pan Tilt Zoom (PTZ)

160
Q

If a fingerprint or retina scan is required to open a secured door, which kind of physical security has been implemented?

A

Biometric locks

161
Q

Which of the following is the most important thing to do to prevent console access to the router?

A

Keep the router in a locked room

162
Q

Your company has five salesmen who work out of the office and frequently leave their laptops laying on their desks in their cubicles. You are concerned that someone might walk by and take one of these laptops.

Which of the following is the BEST protection implementation to address your concerns?

A

Use cable locks to chain the laptops to the desks

163
Q

Which of the following can make passwords useless on a router?

A

Not controlling physical access to the router

164
Q

Which device is used to allow a USB device to charge but blocks the data transfer capabilities of the device?

A

USB data blocker

165
Q

Which of the following fire extinguisher types is best used for the electrical fires that might result when working with computer components?

A

Class C

166
Q

What does a Class A fire extinguisher do?

A

It uses water or soda acid and is best for fires using typical combustible materials (wood, paper, cloth, plastics)

167
Q

What does a Class B fire extinguisher do?

A

It uses either CO2 or FM200, but it is best suited for petroleum, oil, solvent, or alcohol fires

168
Q

What does a Class D fire extinguisher do?

A

It uses a dry powder and is best for sodium and potassium fires

169
Q

You walk by the server room and notice that a fire has started. What should you do first?

A

Make sure everyone has cleared the area

170
Q

What is the recommended humidity level for server rooms?

A

50%

171
Q

Your networking closet contains your network routers, switches, bridges, and some servers. You want to make sure an attacker is not able to gain physical access to the equipment in the networking closet. You also want to prevent anyone from reconfiguring the network to set up remote access or backdoor access.

Which of the following measures are the best ways to secure your networking equipment from unauthorized physical access? (Select two. Each measure is part of a complete solution.)

A

Place your networking equipment in a room that requires key card entry
Place your networking equipment in a locked cage

172
Q

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees.

What should you do to help reduce problems?

A

Add a separate A/C unit in the server room

173
Q

You maintain a network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting network availability.

Which of the following should you implement?

A

Positive pressure system

174
Q

A Faraday cage is used to prevent what from leaving an area?

A

Electromagnetic emissions

175
Q

A computer or small network that is not connected to the rest of the network or the internet is known as?

A

Air gap

176
Q

Where should an organization’s web server be placed?

A

DMZ

177
Q

Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails?

A

Only the servers in the DMZ are compromised, but the LAN will stay protected

178
Q

What needs to be configured on a firewall to allow traffic directed to the public resource in the DMZ?

A

Packet filters

179
Q

Which special network area is used to provide added protection by isolating publicly accessible servers?

A

DMZ

180
Q

Which device is often employed by power companies to protect cabling infrastructure from having cables added or removed and to prevent emissions from being retrieved from the air?

A

Protective Distribution System (PDS)

181
Q

Most equipment is cooled by bringing cold air in the front and ducting the heat out of the back. What is the term for where the heat is sent in this type of scenario?

A

Hot aisle

182
Q

You’ve just deployed a new Cisco router that connects several network segments in your organization.

The router is physically located in a cubicle near your office. You’ve backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.

What should you do to increase the security of this device?

A

Move the router to a secure server room

183
Q

Power, heating, ventilation, air conditioning systems (HVAC), and utilities are all components of which term?

A

Infrastructure

184
Q

When you dispose of a computer or sell used hardware, it is crucial that none of the data on the hard disks can be recovered.

Which of the following actions can you take to ensure that no data is recoverable?

A

Damage the hard disks so badly that all data remanence is gone

185
Q

Which of the following data destruction techniques uses a punch press or hammer system to crush a hard disk?

A

Pulverizing

186
Q

A company is preparing to discard a batch of old hard drives that contain sensitive data. They want to ensure the data is completely destroyed and the drives are rendered unusable.

Which of the following methods should they use?

A

Pulping

187
Q

Burning, pulping, and shredding are three ways to securely dispose of data in which form?

A

Paper

188
Q

Which of the following is a direct integrity protection?

A

Digital Signature

189
Q

What is the most obvious means of providing non-repudiation in a cryptography system?

A

Digital signatures

190
Q

What do application control solutions use to identify specific applications?

A

Application signatures

191
Q

Which of the following are true of Triple DES (3DES)?

A

Key length is 168 bits

192
Q

Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?

A

Password salting

193
Q

What is the process of adding random characters at the beginning or end of a password to generate a completely different hash called?

A

Salting

194
Q

A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender.

Which of the following must the receiver use to access the hashing value and verify the integrity of the transmission?

A

Sender’s public key

195
Q

Hashing algorithms are used to perform which of the following activities?

A

Create a message digest

196
Q

Which of the following is used to verify that a downloaded file has not been altered?

A

Hash

197
Q

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match.

What do you know about the file?

A

Your copy is the same as the copy posted on the website

198
Q

Which of the following does not or cannot produce a hash value of 128 bits?

A

SHA-1

199
Q

Mary wants to send a message to Sam in such a way that only Sam can read it. Which key should be used to encrypt the message?

A

Sam’s public key

200
Q

Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key would Mary use to create the digital signature?

A

Her private key

201
Q

Which type(s) of key(s) are used in symmetric cryptography?

A

A shared key

202
Q

How many keys are used with symmetric key cryptography?

A

One

203
Q

When a cryptographic system is used to protect data confidentiality, what actually takes place?

A

Unauthorized users are prevented from viewing or accessing the resource

204
Q

Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates?

A

Private keys

205
Q

The success of asymmetric encryption is dependent upon which of the following?

A

The secrecy of the key

206
Q

Which of the following can be classified as a stream cipher?

A

RC4

207
Q

Which of the following are true concerning the Advanced Encryption Standard (AES) symmetric block cipher? (Select two.)

A

It uses a variable-length block and key length (128-, 192-, or 256-bit keys)

It is also known as the Rijndael cipher

208
Q

How many keys are used with asymmetric (public key) cryptography?

A

Two

209
Q

Which of the following algorithms are used in asymmetric encryption? (Select two.)

A

RSA
Diffie-Hellman

210
Q

Which of the following algorithms are used in symmetric encryption? (Select two.)

A

Blowfish
3DES

211
Q

If a message sender encrypts a message with a key and a message receiver decrypts it using the same key, which type of key exchange is taking place?

A

Symmetric

212
Q

Which term means a cryptography mechanism that hides secret communications within various forms of data?

A

Steganography

213
Q

You create a new document and save it to a hard drive on a file server on your company’s network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal?

A

Confidentiality

214
Q

By definition, which security concept uses the ability to prove that a sender undeniably sent an encrypted message?

A

Non-repudiation

215
Q

When a sender encrypts a message using their own private key, which security service is being provided to the recipient?

A

Non-repudiation

216
Q

Your computer system is a participant in an asymmetric cryptography system. You’ve crafted a message to be sent to another user. Before transmission, you hash the message and then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user.

Which protection does the private key-signing activity of this process provide?

A

Non-repudiation

217
Q

Cryptographic systems provide which of the following security services? (Select two.)

A

Confidentiality
Non-repudiation

218
Q

Which of the following are often identified as the three main goals of security? (Select three.)

A

Integrity
Availability
Confidentiality

219
Q

Which of the following encryption mechanisms offers the least security because of weak keys?

A

DES

220
Q

Which of the following is the weakest symmetric encryption method?

A

DES