B.3.3 Security+ SY0-601 Domain 3: Implementation Flashcards
338 questions (plus some of my own)
For Milestone 4 (Reach Your Network), which of the following would be considered a secure protocol to use to reach your network?
SSH
Which of the following file transfer protocols use SSH to provide confidentiality during the transfer? (Select two.)
SSH File Transfer Protocol (SFTP)
Secure Copy Protocol (SCP)
You’ve just deployed a new Cisco router that connects several network segments in your organization.
The router is physically located in a server room that requires an ID for access. You’ve backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a username of admin and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.
What should you do to increase the security of this device? (Select two.)
Use an SSH client to access the router configuration
Change the default administrative username and password
You’ve just deployed a new Cisco router that connects several network segments in your organization.
The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router’s console port. You’ve configured the device with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.
What should you do to increase the security of this device?
Use SCP to back up the router configuration to a remote location
Which of the following protocols can be used to securely manage a network device from a remote connection?
SSH
SFTP uses which mechanism to provide security for authentication and data transfer?
SSH
Telnet is inherently insecure because its communications is in plaintext and easily intercepted. Which of the following is an acceptable alternative to Telnet?
SSH
What is the default encryption algorithm used by SSH (Secure Shell) to protect data traffic between a client and the controlled server?
International Data Encryption Algorithm (IDEA)
What is IDEA?
It’s designed to securely encrypt digital data and is used in various applications, including secure communications, financial transactions, and electronic voting systems
Which of the following mechanisms can you use to add encryption to email? (Select two.)
S/MIME
PGP
Which ports does LDAP use by default? (Select two.)
636
389
You want to deploy SSL to protect authentication traffic with your LDAP-based directory service. Which port does this action use?
636
Your LDAP directory-services solution uses simple authentication. What should you always do when using simple authentication?
Use SSL
To transfer files to your company’s internal network from home, you use FTP. The administrator has recently implemented a firewall at the network perimeter and disabled as many ports as possible.
Now, you can no longer make the FTP connection. You suspect the firewall is causing the issue. Which ports need to remain open so you can still transfer the files? (Select two.)
20
21
FTPS uses which mechanism to provide security for authentication and data transfer?
SSL
Which of the following is a secure alternative to FTP that uses SSL for encryption?
FTPS
As a network administrator, you are asked to recommend a secure method for transferring data between hosts on a network. Which of the following protocols would you recommend? (Select two.)
SFTP
SCP
To increase security on your company’s internal network, the administrator has disabled as many ports as possible. However, now you can browse the internet, but you are unable to perform secure credit card transactions.
Which port needs to be enabled to allow secure transactions?
443
Which of the following protocols uses port 443?
HTTPS
Which TCP/IP protocol is a secure form of HTTP that uses SSL as a sub-layer for security?
HTTPS
Which protocol is used to securely browse a website?
HTTPS
Which utility would you MOST likely use on OS X to encrypt and decrypt data and messages?
GNU Privacy Guard (GPG)
IPsec is implemented through two separate protocols. What are these protocols called? (Select two.)
Encapsulating Security Payload (ESP)
Authentication Header (AH)
Which of the following network layer protocols provides authentication and encryption services for IP-based network traffic?
IPsec
What is the primary function of the IKE Protocol used with IPsec?
Create a security association between communicating partners
As you browse the internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view.
Which tool can you implement to prevent these windows from showing?
Pop-up blocker
While using a web-based order form, an attacker enters an unusually large value in the Quantity field.
The value he or she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number.
As a result, the web application processes the order as a return instead of a purchase, and the attacker’s account is credited with a large sum of money.
Which practices would have prevented this exploit? (Select two.)
Implementing server-side validation
Implementing client-side validation
You install a new Linux distribution on a server in your network. The distribution includes a Simple Mail Transfer Protocol (SMTP) daemon that is enabled by default when the system boots. The SMTP daemon does not require authentication to send email messages.
Which type of email attack is this server susceptible to?
Open SMTP relay
Which of the following BEST describes an email security gateway?
It monitors emails that originate from an organization
You often travel away from the office. While traveling, you would like to use your laptop computer to connect directly to a server in your office and access files.
You want the connection to be as secure as possible. Which type of connection do you need?
Remote access
What does a remote access server use for authorization?
Remote access policies
Which of the following app deployment and update methods allows updates to be uploaded onto Intune where they can be pushed out to users within 24 hours?
Remote management
Which of the following app deployment and update methods allows an administrator to remove apps and clear all data from a device without affecting the device itself?
Remote management
Which of the following tools allow remote management of servers? (Select two.)
Telnet
SSH
You want to set up a collector-initiated environment for event subscriptions. Which commands would you run? (Select two.)
Run winrm qc -q on the source computer
Run wecutil qc on the collector computer
You set up Event Subscription, but you are getting an overwhelming amount of events recorded. What should you do?
Define a filter
You wish to configure collector-initiated event subscriptions. On the collector computer, in which program do you configure a subscription?
Event Viewer
Which two types of service accounts must you use to set up event subscriptions?
Specific user service account
Default machine account
For some reason, your source computers are not communicating properly with the collector. Which tool would you use to verify communications?
Runtime Status
Which of the following are required to configure Event Subscription for event forwarding? (Select three.)
Create a Windows firewall exception for HTTP or HTTPS on all source computers
Start Windows Event Collector service on collector computer
Start Windows Remote Management service on both the source and collector computers
For source-initiated subscriptions, which tool do you use to configure event forwarding?
Group Policy
You are configuring a source-initiated subscription on the collector computer in Event Viewer. Which of the following do you need to specify?
Computer group
You have a large number of source computers in your IT environment. Which subscription type would be most efficient to employ?
Source-initiated
Which of the following DLP implementations can be used to monitor and control access to physical devices on workstations or servers?
Endpoint DLP
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices.
You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.
Which solution should you implement?
Host-based IDS
What do host-based intrusion detection systems often rely upon to perform detection activities?
Auditing capabilities
What is the most common form of host-based IDS that employs signature or pattern-matching detection methods?
Antivirus software
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling.
You want to protect the laptop from internet-based attacks. Which solution should you use?
Host-based firewall
Which of the following is specifically meant to ensure that a program operates on clean, correct, and useful data?
Input validation
You are implementing a new application control solution.
Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review.
How should you configure the application control software to handle applications not contained in the whitelist?
Flag
This application endpoint-protection rule implicitly denies unless added to the rule. Which of the following processes describes this?
Whitelisting
You have been receiving a lot of phishing emails sent from the domain kenyan.msn.pl. Links within these emails open new browser windows at youneedit.com.pl.
You want to make sure that these emails never reach your inbox, but you also want to make sure that emails from other senders are not affected.
What should you do?
Add kenyan.msn.pl to the email blacklist
Which of the following enters random data to the inputs of an application?
Fuzzing
Which fuzz testing program type defines new test data based on models of the input?
Generation-based
The Application layer of the security model includes which of the following? (Select two.)
Web application security
User management
Which common design feature among instant messaging clients make them less secure than other means of communicating over the internet?
Peer-to-peer networking
Which type of application allows users to share and access content without using a centralized server?
Peer-to-peer software
Which of the following methods did Microsoft introduce in Windows 10 to help distribute OS updates?
Peer-to-peer software
Which of the following is a benefit of P2P applications?
Shared resources
Which of the following actions should you take to reduce the attack surface of a server?
Disable unused services
Which action would you use in a rule to disallow a connection silently?
Drop
You have configured the following rules. What is the effect?
sudo iptables -A INPUT -p tcp –dport 25 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp –sport 25 -m conntrack –ctstate ESTABLISHED -j ACCEPT
Allow SMTP traffic
Which type of packet would the sender receive if they sent a connection request to TCP port 25 on a server with the following command applied?
sudo iptables -A OUTPUT -p tcp –dport 25 -j REJECT
RST
When designing a firewall, what is the recommended approach for opening and closing ports?
Close all ports; open only ports required by applications inside the DMZ
You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose?
BitLocker
Which of the following is defined as an operating system that comes hardened and validated to a specific security level as defined in the Common Criteria for Information Technology Security Evaluation (CC)?
TOS
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following actions should you take to increase its security? (Select two.)
Apply all patches and updates
Change default account passwords
Windows Server Update Services (WSUS) is used to accomplish which part of a manageable network?
Patch management
Which type of update should be prioritized even outside of a normal patching window?
Critical updates
You have recently experienced a security incident with one of your servers. After some research, you determine that a new hotfix has recently been released, which would have protected the server.
Which of the following recommendations would be the BEST solution for you to follow when applying the hotfix?
Test the hotfix and then apply it to all servers
Which of the following tools can you use on a Windows network to automatically distribute and install software and operating system patches on workstations? (Select two.)
WSUS
Group Policy
By definition, what is the process of reducing security exposure and tightening security controls?
Hardening
What is the main function of a TPM hardware chip?
Generate and store cryptographic keys
Which of the following functions are performed by a TPM?
Create a hash of system components
You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device.
What should you do?
Use a PIN instead of a startup key
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files.
What should you do?
Implement BitLocker without a TPM
What is isolating a virtual machine from the physical network to allow testing to be performed without impacting the production environment called?
Sandboxing
Which load balancing method distributes a workload across multiple computers?
Workload balancing
Which of the following is a technique that disperses a workload between two or more computers or resources to achieve optimal resource utilization, throughput, or response time?
Load balancing
As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same network segment as the human resources department.
Which of the following steps can be used to isolate these departments?
Create a separate VLAN for each department
Which of the following is commonly created to segment a network into different zones?
VLANs
When configuring VLANs on a switch, which type of switch ports are members of all VLANs defined on the switch?
Trunk ports
Which of the following is an appropriate definition of a VLAN?
A logical grouping of devices based on service need, protocol, or other criteria
A virtual LAN can be created using which of the following?
Switch
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to?
Switch port
You manage a network that uses a single switch. All ports within your building connect through the single switch.
In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and internet access.
Which feature should you implement?
VLANs
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer.
What should you use for this situation?
VLAN
Which of the following is an example of protocol-based network virtualization?
VLAN
What is a virtual LAN that runs on top of a physical LAN called?
Virtual Area Network (VAN)
You have placed a File Transfer Protocol (FTP) server in your DMZ behind your firewall. The FTP server is to be used to distribute software updates and demonstration versions of your products. However, users report that they are unable to access the FTP server.
What should you do to enable access?
Open ports 20 and 21 for outbound connections.
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information.
How should you place devices on the network to best protect the servers? (Select two.)
Put the database server on the private network
Put the web server inside the DMZ
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?
DMZ
In which of the following situations would you most likely implement a demilitarized zone (DMZ)?
You want to protect a public web server from attack
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Bastion or sacrificial host
Which of the following is another name for a firewall that performs router functions?
Screening router
How many network interfaces does a dual-homed gateway typically have?
3
In which of the following zones would a web server most likely be placed?
Low-trust zone
Which of the following BEST describes zero-trust security?
Only devices that pass both authentication and authorization are trusted
Your network devices are categorized into the following zone types:
- No-trust zone
- Low-trust zone
- Medium-trust zone
- High-trust zone
Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed.
Which of the following is the secure architecture concept that is being used on this network?
Network segmentation
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
Extranet
Which of the following best describes the concept of a virtual LAN?
Devices on the same network logically grouped as if they were on separate networks
Which of the following provides the network virtualization solution called XenServer?
Citrix
Which VPN tunnel style routes only certain types of traffic?
Split
Which of the following VPN protocols is no longer considered secure?
Point-to-Point Tunneling Protocol (PPTP)
A group of salesmen would like to remotely access your private network through the internet while they are traveling. You want to control access to the private network through a single server.
Which solution should you implement?
VPN concentrator
Which VPN implementation uses routers on the edge of each site?
Site-to-site VPN
A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization’s order database.
Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports.
Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection.
Which key steps should you take when implementing this configuration? (Select two.)
Configure the browser to send HTTPS requests through the VPN connection
Configure the VPN connection to use IPsec
Which statement BEST describes IPsec when used in tunnel mode?
The entire data packet, including headers, is encapsulated
Which IPSec subprotocol provides data encryption?
ESP
In addition to Authentication Header (AH), IPsec is comprised of what other service?
Encapsulating Security Payload (ESP)
Which VPN protocol typically employs IPsec as its data encryption mechanism?
Layer 2 Tunneling Protocol (L2TP)
A VPN is primarily used for which of the following purposes?
Support secured communications over an untrusted network
Which of the following is the BEST solution to allow access to private resources from the internet?
VPN
The IT manager has asked you to create four new VLANs for a new department. As you are going through the VLAN configurations, you find some VLANs numbered 1002-1005. However, they are not in use.
What should you do with these VLANs?
Nothing. They are reserved and cannot be used or deleted
Which of the following is used as a secure tunnel to connect two networks?
VPN
The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to.
Which of the following is the primary benefit of creating this VLAN?
You can control security by isolating wireless guest devices within this VLAN
Which of the following NAC agent types is the most convenient agent type?
Permanent
Which of the following NAC agent types creates a temporary connection?
Dissolvable
Which of the following NAC agent types would be used for IoT devices?
Agentless
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks.
You are concerned that these computers could pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches are installed.
Which solution should you use?
Network Access Control (NAC)
What is Cisco’s Network Access Control (NAC) solution called?
Identity Services Engine (ISE)
You are configuring the security settings for your network. You have decided to configure a policy that requires any computer connecting to the network to run at least Windows 10 version 2004.
Which of the following have you configured?
NAC
Which of the steps in the Network Access Control (NAC) implementation process occurs once the policies have been defined?
Apply
You are part of a committee that is meeting to define how Network Access Control (NAC) should be implemented in the organization.
Which step in the NAC process is this?
Plan
What are the steps in the NAC implementation process in order?
Planning
Define
Implementing
Review
The IT manager has tasked you with implementing a solution that ensures that mobile devices are up to date, have anti-malware installed, and have the latest definition updates before being allowed to connect to the network.
Which of the following should you implement?
NAC
Which of the following do switches and wireless access points use to control access through a device?
MAC address filtering
In which of the following situations would you use port security?
You want to restrict the devices that could connect through a switch port
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You’ve had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet.
The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet.
What can you do?
Configure port security on the switch
Which protocol should you disable on the user access ports of a switch?
Dynamic Trunking Protocol (DTP)
Which of the following types of proxies would you use to remain anonymous when surfing the internet?
Forward
Which security mechanism can be used to detect attacks that originate on the internet or from within an internal trusted subnet?
Intrusion Detection System (IDS)
Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?
IDS
An active IDS system often performs which of the following actions? (Select two.)
Updates filters to block suspect traffic
Performs reverse lookups to identify an intruder
Which of the following devices can monitor a network and detect potential security attacks?
IDS
Which of the following devices is capable of detecting and responding to security threats?
Intrusion Prevention System (IPS)