Chap 4 - Network Security Flashcards
1
Q
DMZ
A
Demilitarized Zone
DMZ: Network buffer zone between an internal network and the Internet.
Purpose: Enhances security by isolating public services from the internal network.
Hosts: Web, email, DNS servers accessible from the Internet.
Implementation: Uses two firewalls for external and internal protection.
Benefit: Reduces risk of external attacks reaching the internal network.
Also known as a Perimeter Network or Screened Subnet
2
Q
4-1: Which of the following are terms for an area of an enterprise network, separated by firewalls, which contains servers that must be accessible from both the Internet and the internal network? (Choose all that apply)
Intranet
DMZ
EGP
Stateless network
Perimeter network
Screened Subnet
A
DMZ
Perimeter network
Screened Subnet
3
Q
EAP
A
EAP (Extensible Authentication Protocol)
A framework for various authentication mechanisms to secure data transmission, primarily used in network access authentication
4
Q
MS-CHAPv2
A
MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2)
An enhanced version of CHAP developed by Microsoft. It offers improved security features and is the most common authentication method for dial-up connections.
MS-CHAPv2 is supported by modern operating systems for its security advantages over previous versions.
5
Q
PAP
A
PAP (Password Authentication Protocol)
An authentication method that sends a username and password in plaintext over the network. This simplicity poses a security risk as it allows potential interception of the credentials
6
Q
CHAP
A
CHAP (Challenge Handshake Authentication Protocol)
A more secure method than PAP, CHAP uses a challenge-response mechanism based on hashes of a shared secret (usually a password).
It periodically re-authenticates to prevent man-in-the-middle attacks, ensuring that the password itself is never sent over the network
7
Q
4-9: Which of the follow security protocols can authenticate users without transmitting their passwords over the network?
Kerberos
802.1X
TKIP
LDAP
A
Kerebos
Employees a series of tickets to authenticate users and other network devices without the need to transmit credentials over the network
8
Q
4-13: Which of the following terms describes a system that prevetns computers from logging on to a network unless they have the latest updates and antimalware software installed?
NAC
LDAP
RADIUS
TKIP-RC4
A
NAC
9
Q
NAC
A
Network Access Control
mechanism that defines standards of equipment and configuration that systems must meet before they can connect to the network
10
Q
4-14: Which of the following describes the primary difference between SSO and Same Sign-On?
- SSO enables users to access different resources with one set of credentials , whereas same sign-on requires users to have mutliple credential sets
- SSO credentials consist of one username and one password, whereas same sign-on credentials consist of one username and multiple passwords
- SSO requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatly
- SSO requires MFA, such as a password and a smartcard, whereas same sign-on requires only a password for authentication
A
SSO requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatly
11
Q
4-17: Which of the following statements best describes the primary scenario for the use of TACACS+?
- TACACS+ was designed to provide authentication, authorization and accounting services for wireless networks
- TACACS+ was designed to provide authentication, authorization and accounting services for Active Directory services
- TACACS+ was designed to provide authentication, authorization and accounting services for remote dial-up users
- TACACS+ was designed to provide authentication, authorization and accounting services for network routers and switches
A
TACACS+ was designed to provide authentication, authorization and accounting services for network routers and switches
12
Q
TACACS+
A
Terminal Access Controller Access Control System Plus
- Developed by Cisco for AAA (Authentication, Authorization, and Accounting) support.
- Designed for complex networks with many routers and switches.
- Centralizes access control for network devices.
- Separates authorization, authentication, and accounting processes for enhanced control.
- Uses TCP port 49 by default.
- Supports PAP, CHAP, MD5 hashes, and Kerberos for authentication
13
Q
802.1X
A
- IEEE 802.1X: Standard for port-based network access control
- Provides secure authentication for devices on LAN or WLAN networks
- Uses an authentication server like RADIUS for user credential verification
- Components include client, access-point/switch, RADIUS server, and identity provider
- Ensures encrypted network access through EAP over LANs for enhanced security
- Basic implementation of NAC
14
Q
4-23: Which of the following is an implementation of NAC?
RADIUS
802.1X
LDAP
TACACS+
A
802.1X
15
Q
4-24: Which of the following is not one of the roles involved in an 802.1X transaction?
Supplicant
Authentication Server
Authorizing Agent
Authenticator
A
Authorizing Agent
16
Q
4-25: In an 802.1X transaction, what is the function of the supplicant?
- The supplicant is the service that issues certificats to clients attempting to connect to the network
- The supplicant is the service that verifies the credentials of the client attempting to access the network
- The supplicant is the network device to which the client is attempting to connect
- The supplicant is the client user or computer attemping to connect to the network
A
The supplicant is the client user or computer attemping to connect to the network
17
Q
4-26: In an 802.1X transaction, what is the function of the authenticator?
- The authenticator is the service that issues certificates to clients attempting to connect to the network
- The authenticator is the service that verifies the credentials of the client attempting to access the network
- The authenticator is the network device to which the client is attempting to connect
- The authenticator is the client user or computer attemping to connect to the network
A
The authenticator is the network device to which the client is attempting to connect
18
Q
Parts of 802.1X standard
A
- Supplicant: client attempting to connect to the network
- Authenticator: switch or AP to which the supplicant is requesting access
- Authentication Server: typically a RADIUS implementation that verifies the supplicant’s identity
19
Q
4-28: Which of the following are standards that define combined AAA services? (Choose all that apply)
802.1X
RADIUS
TACACS+
LDAP
A
RADIUS
TACACS+
20
Q
4-30: Which of the following statements about RADIUS and TACACS+ are correct?
By default, RADIUS uses UDP, and TACACS+ uses TCP
By default, RADIUS uses TCP, and TACACS+ uses UDP
By default, both RADIUS and TACACS+ use TCP
By default, both RADIUS and TACACS+ use UDP
A
By default, RADIUS uses UDP, and TACACS+ uses TCP
21
Q
TACACS+ port and protocol
A
TCP 49
22
Q
4-46: Which of the following is the best description of a software product with a zero-day vulnerability?
- A product with a vulnerability that has just been addressed by a newly released fix
- A product with a vulnerability that has just been addressed by a fix, which nearly all users have applied
- A vulnerability in a newly-released product for which no fix has yet been developed
- A vulnerability in a product which no attackers have yet discovered or exploited
A
A vulnerability in a newly-released product for which no fix has yet been developed
Nick note: This answer is partially incorrect as a zero-day can be found in an existing product. CompTIA doesn’t know wtf they are talking about sometimes…
23
Q
Defense in Depth
A
The use of multiple security mechanisms to provide additional protection
24
Q
4-52: As a part of her company’s new risk management initative, Alice has been assigned the task of performing a threat assessment for the firm’s data resources. For each potential threat, she discovers, which of the following elements should Alice estimate? (Choose all that apply)
Severity
Mitigation
Likelihood
Posture
A
Severity
Likelihood
25
War Driving
Attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks
26
War Chalking
When a war driver locates a wireless network and marks it for other attackers
27
Bluesnarfing
attack in which an intruder connects to a wireless device using Bluetooth for the purpose of steeling information
28
Bluejacking
process of sending unsolicited messages to a device using Bluetooth
29
Permanent DoS
A type of DoS attack where the attacker actually damages the target system and prevents it from functioning
30
Amplified Dos
a DoS attack where the messages sent by the attacker required an extended amount of processing by the target server(s) increasing the burden on them more than simplier messages would
Can be mulitple attack machines, but CompTIA seems to define it as using only one
31
Reflective DoS
a DoS attack where the attacker sends requests containing the target server's IP address to legitimate servers on the internet, causing them to sent a flood of responses to the target
32
4-63: Which of the following types of attacks require no additional hardware or software components (Choose all that apply)
Brute-force
Social Engineering
Denial-of-Service
Phishing
Brute-force
Social Engineering
Denial-of-Service
Nick: this question and answer makes no sense to me....
33
4-67: In which of the following ways is VLAN hopping a potential threat?
* VLAN hopping enables an attacker to scramble a switch's patch panel connections
* VLAN hopping enables an attacker to rename the default VLAN on a switch
* VLAN hopping enables an attacker to access different VLANs using 801.2q spoofing
* VLAN hopping enables an attacker to change the native VLAN on a switch
VLAN hopping enables an attacker to access different VLANs using 801.2q spoofing
34
VLAN Hopping
method for sending commands to switches to transfer a port from one VLAN to another, enabling attacker to connect to a different VLAN
35
Smurf attack
Short: **a DDoS attack in which an attacker attempts to flood a targeted server with Internet control message protocol (ICMP) packets**
Long:A Smurf attack is a type of DDoS attack that exploits IP and ICMP protocols by sending ping messages with a fake IP address to create a flood of traffic, overwhelming the victim's network.
These attacks can render networks inoperable by generating an excessive amount of traffic through IP broadcasting, leading to disruption and downtime.
Smurf attack relies on routers to forward broadcast traffic, which they no longer do, so this kind of attack is no longer an issue
36
4-83: Which of the following are not considered to be Denial-of-Service (DoS) attacks? (Choose all that apply)
* An intruder breaks into a company's datacenter and smashes their web servers with a sledgehammer
* An attacker uses the ping command with the -t parameter to send a continuous stream of large ICMP packets to a server
* An attacker captures the packets transmitted to and from a domain controller to obtain encrypted passwords
* An attacker connects a rogue access point to a company's wireless network using their SSID in the hopes of attracting their users
* An attacker captures the packets transmitted to and from a domain controller to obtain encrypted passwords
* An attacker connects a rogue access point to a company's wireless network using their SSID in the hopes of attracting their users
37
4-94: Which of the following EAP variants utilize tunneling to provide security for the authentication process? (Choose all that apply)
PEAP
EAP-FAST
EAP-TLS
EAP-PSK
PEAP
EAP-FAST
38
PEAP
Protected Extended Authentication Protocol
encapsulates EAP inside of a TLS tunnel
39
EAP-FAST
Extended Authentication Protocol - Flexible Authentication via Secure Tunnel
establishes a TLS tunnel to protect user credential transmission
40
EAP-TLS
Extended Authentication Protocol - Transport Layer Security
Uses TLS for encryption, but not for tunneling
41
EAP-PSK
Extended Authentication Protocol - PreShared Key
Uses a PreShared Keyto provide an authentication process, but does not use encryption
42
Geofencing
Mechanism intended to prevent unauthorized clients outside of a facility from connecting to a network. Can be done using:
* Signal strength requirement
* Power level requirement
* GPS location requirement
* Or done via strategic placement of antenna
43
4-97: Which of the following elements associates a public and private key pair to the identity of a specific person or computer?
Exploit
Signature
Certificate
Resource Record
Certificate
44
4-103: On which of the following types of devices should you consider disabling unused ports as a security precaution? (Choose all that apply)
Hubs
Servers
Switches
WAPs
Servers
Switches
Why? -
Hub ports cannot be disabled
WAPs usually only have one port
45
4-104: For which of the following reasons is disabling the SSID broadcast of a wireless network to prevent unauthorized access a relatively weak method of device hardening?
* Attackers have ways of connecting to the network without the SSID
* Attacks can capture packets transmitted over the network and read the SSID from them
* Every access point's SSID is printed on a label on the back of the device
* Attackers have software that can easily guess a network's SSID
Attacks can capture packets transmitted over the network and read the SSID from them
46
4-105: Which of the following cannot be considered to be a server hardening policy?
Disabling unnecessary services
Disabling unused TCP and UDP ports
Upgrading firmware
Creating privileged user accounts
Upgrading firmware
47
4-106: Which of the following are valid reasons not to disable unused switch ports? (Choose all that apply)
The datacenter is secured from unauthorized access
The unused ports are not patched into wall jacks
The unused ports are left open to facilite the onboarding of new users
The switch is configured to use a MAC-based ACL
The datacenter is secured from unauthorized access
The switch is configured to use a MAC-based ACL
48
4-111: Which of the following are network segmentation methods that can prevent intruders from gaining full access to a network? (Choose all that apply)
ACL
VLAN
NAC
DMZ
VLAN
DMZ
49
DHCP Snooping
* DHCP Snooping prevents rogue DHCP server issues.
* Creates a DHCP snooping binding database of MAC addresses for: Known DHCP servers (trusted ports); Clients (untrusted ports).
* Blocks DHCP messages from systems on untrusted ports.
* Stops unauthorized DHCP traffic and alerts appropriate personnel
50
Role Separation
Practice of creating a different virtual server for each server role or application
51
4-114: Which of the following terms decribes the threat mitigation technique of deploying individual applications and services on virtuasl servers so that no more than one is endangered at any one time, rather than deploying multiple applications on a single server?
Geofencing
Network segmentation
Role separation
VLAN hopping
Role separation
52
4-116: A server's firewall is configured using a default policy that does not allow any users remote access to the server unless an administrator creates a rule granting them access. Which of the following terms describes this default policy?
Explicit allow
Explicit deny
Implicit allow
Implicit deny
Implicit deny
53
4-118: Which of the followng statements about DHCP snooping is not true?
* DHCP snooping detects rogue DHCP servers
* DHCP snooping is implemented in network switches
* DHCP snooping drops DHCP messages arriving over the incorrect port
* DHCP snooping prevents DNS cache poisoning
DHCP snooping prevents DNS cache poisoning
54
4-119: At which layer of the OSI model does DHCP snooping operate?
Data link
Network
Transport
Application
Data link
55
4-117: Dynamic ARP Inspection (DAI) is a feature in some network switches that prevents on-path (man-in-the-middle) atacks facilitied by ARP poisoning, the deliberate insertion of fradulent information into the ARP cache. A swicth with DAI inspects incoming ARP packets and rejects those that contain incorrect pairs of IP addresses and MAC addresses. Which of the following is the means by which the switch complies a table of correct ARP information with the incoming packets?
DHCP snooping
Secure SNMP
DNS name resolution
NDP
DHCP snooping
56
DAI
Dynamic ARP Inspection
* Utilizes DHCP snooping data.
* Identifies and discards dubious ARP messages.
* Prevents ARP cache poisoning and similar malicious activities
57
NDP
Neighbor Discovery Protocol
* IPv6 protocol
* Performs functions similar to ARP in IPv4
* Involved in Stateless Address Autoconfiguration (SLAAC)
* consists of five ICMP control message types:
* neighbor solicitation
* neighbor advertisement
* router solicitation
* router advertisement
* and redirect
58
4-121: Which of the following protocols is a root guard designed to affect?
EAP
STP
LDAP
ARP
STP
59
4-122: Which of the following mitigation techniques help organizations maintain compliance to standard such as HIPAA and FISMA
File integrity monitoring
Role Separation
Deauthentication
Tamper detection
Router Advertisement guard
File integrity monitoring
60
4-128: Unlike individual users who usually have their OS patches downloaded and installed automatically, corporate IT departments typically evaluate new patches before deploying them. Which of the following is not a common step in this evaluation process?
Testing
Researching
Rolling back
Backing up
Rolling back
61
4-133: Which of the following technologies utilize ACLs to limit access to network resources? (Choose all that apply)
NTFS
LDAP
WAP
Kerebos
NTFS
WAP
62
Whats another term for Port Isolation
Private VLAN
a feature in some switches that enables admins to restrict selected ports to a given uplink, essentially creating a separate, secondary VLAN that is isolated from the switch's default primary VLAN
63
4-138: (Abbreivated) - Which of the following are potentially viable methods for securing all IoT devices against attack? (Choose all that apply)
Network segmentation
NAC
Security Gateways
Firewalls
NAC
Security Gateways
the reasoning is that because IoT devices are mobile they cannot be protected by Network Segmentation nor Firewalls. But in order to be IoT they connect to the LAN, so they can be. Another exam of CompTIA being full of shit
64
4-139: Which of the following statements about a switch's default VLAN are true? (Choose all that apply)
Admins must create a default VLAN when configuring a new switch
The default VLAN on a switch cannot be deleted
The default VLAN on most switches is designated as VLAN 0
The default VLAN on a switch cannot be renamed
The default VLAN on a switch cannot be deleted
The default VLAN on a switch cannot be renamed
65
4-140: Control plane policing (CPP or CoPP) is a feature on some routers and switches that limits the rate of traffic on the device's processor, to prevent DoS and reconnaisse attacks, using which of the following technologies?
IPSec
802.1X
RA Guard
QoS
VLAN Hopping
QoS
66
CPP (or CoPP)
Control Plane Policing (CoPP)
* allows users to configure a filter to manage the traffic flow of control plane packets
* QoS feature
* provides security and prioritization for critical network functions
67
4-141: Which of the following technologies enables VPN clients to connect directly to each other as well as to the VPN server at the home site?
VPN concentrator
DMVPN
SIP Trunk
MPLS
Clientless VPN
DMVPN
68
DMVPN
Dynamic Multipoint Virtual Private Network
creates a mesh technology between multiple VPN sites, enabling remote sites to connect directly to each other instead of the home site
69
SIP Trunk
Session Initiation Protocol Trunk
provides a communication domain between public and private domains of a network
70
4-142: Which of the following VPN protocols is generally considered to be obselete?
IPSec
L2TP
PPTP
SSL/TLS
PPTP
71
4-143: Which of the following VPN protocols does not provide encryption within the tunnel?
PPTP
IPSec
L2TP
SSL
L2TP
72
L2TP
Layer 2 Tunneling Protocol (L2TP)
* a VPN protocol developed from the combination of Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP)
* L2TP operates without native encryption or authentication, making it typically used in conjunction with IPsec to ensure security.
73
4-144: Which of the following elements must be identical in both the client and server computers to establish a remote WAN connection? (Choose all that apply)
The WAN Type
The data link layer protocol
The authentication method
The OS
* The WAN Type
* The data link layer protocol
* The authentication method
74
4-146: Which of the following types of VPN connection is the best solution for allowing clients limited access to your corporate network?
Host-to-site
Site-to-site
Host-to-host
Extranet
Extranet
75
Extranet
VPn designed to provide clients, vendors, and other outside partners with the ability to connect to your coportate network with limited access
76
4-147: Which of the following protocols is not used for remote control of computers?
RDP
TFTP
SSH
Telnet
TFTP
77
4-150: Ralph is a network admin for a firm that is allowing employees to telecommute for the first time, and he is responsible for designing a remote access solution that will enable users to access network resources, such as company email and databases securely. All of the remote users have been issued smartcards and will be connecting using VPN connections on company supplied laptops running Win10 and equipped with card readers. The users will be logging on to the company network using their standard Active Directory Domain Services accounts, so it is important for Ralph to design a solution that provides maximum protection for their passwords, both inside and outside of the office. Which of the following authentication protocols should Ralph configure the remote access servers and laptop computers to use?
PAP
CHAP
EAP
MSCHAPv2
EAP
only protocol with Win10 that supports hardware based authentication
78
4-151: Ralph has come across the term virtual desktop, and he is not exactly sure what it means. After performing some internet searches, he finds multiple definitions. Which of the following is not one of the technologies that uses the term virtual desktop?
* A 3D realization of a computer display using a VR hardware device
* A computer display with a virtual OS desktop that is larger than can be displayed on a monitor
* A cloud based Win10 deployment that enables users to access their desktops using any remote device
* A hardware device that projects a computer desktop on a screen, rather than displaying on a monitor
* A hardware device that projects a computer desktop on a screen, rather than displaying on a monitor
79
4-155: Which of the following types of traffic are carried by Telnet? (Choose all that apply)
Keystrokes
Mouse movements
Display information
Application data
Keystrokes
Display information
80
4-156: Which of the following describes the primary function of a Remote Desktop Gateway?
* Provides multiple users with Remote Desktop client access to one workstation
* Provides a single Remote Desktop client with simultaneous access to multiple workstations
* Enables remote users outside the network to access network workstations
* Enables remote users to access workstations without the need for a Remote Desktop client
Enables remote users outside the network to access network workstations [without the need for a VPN]
81
4-157: WHich of the following statements about in-band management and out-of-band management are true? (Choose all that apply)
* Out-of-band management tools do not provide access to the remote system's BIOS or UEFI firmware
* Out-of-band management tools enable you to reinstall the OS on a remote computer
* Telnet, SSH, and VNC are in-band management tools
* To perform out-of-band managemen on a device, it must have an IP address
* Out-of-band management tools enable you to reinstall the OS on a remote computer
* Telnet, SSH, and VNC are in-band management tools
Out-of-band uses a dedicated channel to devices on the network, which provides access to the BIOS or UEFI
82
4-158: Which of the following statements best describes out-of-band management?
* Out-of-band management is a method for accessing network devices from a remote location
* Out-of-band management is a method for accessing network devices using a direct cable connection
* Out-of-band management is a method for accessing network devices using a connection to the system other than the production network to which the device is connected
* Out-of-band management is a method for accessing network devices using any tool that operates over the production network to which the device is connected
Out-of-band management is a method for accessing network devices using a connection to the system other than the production network to which the device is connected
83
4-159: What four components are required for a computer to establish a remote TCP/IP connection?
Common Protocols
Remote Access Services (RAS)
A physical layer connection
TCP/IP configuration
Point-to-Point Tunneling Protocol (PPTP)
Host and remote software
Common Protocols [from data link layer and above]
A physical layer connection [WAN connection]
TCP/IP configuration
Host and remote software
84
4-160: Which of the following statements explains why web broswing over a client-to-site VPN connection is usually much slower than browsing locally?
The browser application is running on the VPN server
The browser is using the remote network's Internet connection
The VPN tunnel restricts the amount of bandwidth available
VPN encryption is processor intensive
The browser is using the remote network's Internet connection
85
4-163: Which of the following are the two most common types of TLS/SSL VPN connections? (Choose all that apply)
TLS/SSL client
TLS/SSL portal
TLS/SSL tunnel
TLS/SSL gateway
TLS/SSL portal
TLS/SSL tunnel
86
4-166: Which of the following statements about running a site-to-site VPN connection to join two distant LANs together, rather than using a WAN connection, are generally true? (Choose all that apply)
The VPN is cheaper
The VPN is slower
The VPN is less secure
The VPN is harder to maintain
The VPN is cheaper
The VPN is slower
87
4-167: Which of the following are examples of out-of-band device management? (Choose all that apply)
Logging on remotely from a network workstation
Plugging a laptop into a console port
Establishing a point-to-point modem connection
Connecting dedicated ports on each device to a separate switch
Plugging a laptop into a console port
Establishing a point-to-point modem connection
Connecting dedicated ports on each device to a separate switch
88
4-168: Which of the following is not an advantage of VNC terminal emulation product over its competitors?
VNC is free
VNC runs on many OSes
VNC runs faster than the competition
VNC can run through a web browser
VNC runs faster than the competition
89
4-170: Which of the following techniques do VPNs use to secure the data they transmit over the internet? (Choose all that apply)
Tunneling
Socketing
Message integrity
Authentication
Tunneling
Socketing
Authentication
90
4-171: VPNs use tunneling, which is the process of encapsulating a data packet within other packet for transmission over a network connection, typically using the internet. The system encrypts the entire encapsulated data packet for protection. Split tunneling is a variation of this method that provides which of the following advantages (CHoose all that apply)
Conservation of VPN bandwith
Access to the LAN devices while connected to the VPN
Additional data integrity protection
Faster data transmission through multiplexing
Access to the LAN devices while connected to the VPN
Additional data integrity protection
91
VPN Split Tunneling
variation of VPN where only part of the systems traffic is directed over the VPN connection, the rest is transmitted over the normal manner. VPN admins can decide which applications and devices will use the VPN
92
Fail open
door lock reverts to its unsecure state (open) when an emergency occurs (fail)
93
4-183: Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail open?
The door remains in its current state in the event of an emergency
The door locks in the event of an emergency
The door unlocks in the event of an emergency
The door continues to function using battery power in the event of an emergency
The door unlocks in the event of an emergency
94
4-185: Which of the following are means of preventing unauthorized individuals from entering a sensitive location, such as a datacenter? (Choose all that apply)
Biometric scans
Identification badges
Key fobs
Motion detection
Biometric scans
Identification badges
Key fobs
95
4-187: Which of the following physical security devices can use passive RFIDs to enable an authorized user to enter a secured area? (Choose all that apply)
Key fob
Keycard lock
Proximity card
Cypher lock
Smart locker
Key fob
Proximity card
Smart locker
96
4-196: Which of the following are not a means of detecting intruders in a network datacenter? (Choose all that apply)
Motion detection
Video surveillance
Biometrics
Smartcards
Biometrics
Smartcards
97
4-197: Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail closed?
The door remains in its current state in the event of an emergency
The door locks in the event of an emergency
The door unlocks in the event of an emergency
The door continues to function using battery power in the event of an emergency
The door locks in the event of an emergency
98
Fail Closed
door lock reverts to its secure state (closed) when an emergency occurs (fail)
99
4-199: Ralph's company has purchased new computers to replace some of the older workstations currently in use. Ralph has been assigned the task of preparing the older computers for disposal. They will be sold to a local secondhand dealer. For the dealer to accept the computers, they must have a functional OS. Company policy also dictates that the computers be permanently wiped of all applications and data before disposal. Which of the following task will Ralph have to perform before the computers are sold? (Choose all that apply)
Reinstall the OS
Uninstall all applications
Delete all data files
Run a disk wipe utility
Perform a factory reset
Reinstall the OS
Run a disk wipe utility
