Chapter 2: Technologies and Tools Practice Tests

Question 1

The ACL for a firewall has an allow rule for HTTP, HTTPS, and LDAP. What will happen when a user tries to download a file from an external FTP server?

Answer 1

Because there is no allow rule for FTP or TCP port 21, explicit deny will be applied, preventing the download.

Question 2

A network administrator is configuring a switch and is unsure whether to enable port security or 802.1x. What can you advise on both of these technologies?

Answer 2

Port security disables the ports and reduces the functionality of the switch, however, 802.1x authenticates the device, so the ports remain open with rogue devices being prevented access.

Question 3

A security administrator is enabling IPSec on the file server that hosts the financial server. They are then going to enable IPSec between the server and all of the desktops being the financial users. What mode of IPSec will be adopted?

Answer 3

Using IPSec between servers uses transport mode, but when IPSec is used over the internet, it uses tunnel mode.

Question 4

What type of firewall is best suited to deal with an incoming SYN flood attack?

Answer 4

A stateful firewall inspects incoming traffic down to the commands used and packet sizes and would realize that the three-way handshake is not being established and would prevent the SYN flood attack.

Question 5

A security administrator is enabling an L2TP/IPSec on a virtual private network. What will be the role of a VPN concentrator?

Answer 5

The role of the VPN concentrator is to set up the secure session for the VPN connection.

Question 6

Your company is experiencing a very high volume of web traffic coming to their internet web servers. What is the best way to ensure that the people coming to your website get the web pages in a timely manner?

Answer 6

We would install a load balancer to deal with the vast amount of web traffic and we would set up affinity in the regions with limited bandwidth with all of the requests going to the same web server.

Question 7

Your company is experiencing a high volume of DDoS traffic heading for your company’s network. What is the best way to deal with this traffic?

Answer 7

The best way to deal with a high volume of DDoS traffic is to use as a firewall to prevent this traffic entering your network.

Question 8

What is the purpose of DNS round-robin, and what are the pitfalls of using it?

Answer 8

DNS round robin can be used to balance web traffic as it rotates through the A records. The pitfall is that it does not know the status of the web server.

Question 9

How can I capture the commands going to a network-based gaming application?

Answer 9

To capture commands going across the network, we need to use a packet sniffer, also known as a protocol analyzer.

Question 10

Your company provides internet access to films. What type of port should we use to ensure that the films run smoothly?

Answer 10

A UDP port needs to be used for streaming video; TCP would be far too slow as it uses a three-way handshake.

Question 11

What type of tool can we use to determine the patch level version of a web server? Name three tools that can be used for this technique.

Answer 11

To discover information such as the patch level version of a web server, we would use banner grabbing. Common tools for banner grabbing include telnet, nmap, or netcat (nc).

Question 12

The security administrator has noticed a rise in the number of unauthorized hosts appearing on your network. What two tools can be implemented so that they are notified when someone attaches a new host?

Answer 12

Nmap and NIDS can both identify when a new host enters your network.

Question 13

The security administrator has noticed that there has been an increase in the number of failed logins attempts on network-based computers. The account lockout policy allows three failed login attempts. What type of tool can they use for real-time monitoring of these events?

Answer 13

A SIEM system should be implemented as it does real-time monitoring and can use an aggregation engine to identify attacks across the network.

Question 14

The CEO has written a new policy stating that all of the security logs on domain controllers are to be copied to a central location daily. These log files need to be secured to ensure that they have not been tampered with after collection. What action should the security administrator take to fulfill this policy?

Answer 14

To fulfill the policy, the security should store the security logs in a WORM drive (Write Once Read Many); this allows files to be copied to the drive but not altered or deleted.

Question 15

When an attack on a host is made, a connection is established. Which two tools can capture the established connection so that the attacker can be identified?

Answer 15

Two tools that can identify an established session is the Windows command-line tool netstat and the Linux tool called netcat, also known as nc.

Question 16

What data format cannot be analyzed by any of the company’s monitoring tools?

Answer 16

Security monitoring tools cannot analyze data if it is in an encrypted format

Question 17

What are the three main components of a proxy server?

Answer 17

A proxy filter has a URL filter to block access to certain websites, content filter to stop access to gaming websites, and web page caching to provide faster and more secure access to web pages. It cannot cache the stock exchange as the data is too volatile.

Question 18

What is the purpose of a reverse proxy?

Answer 18

A reverse proxy authenticates incoming connections and decrypts incoming traffic so that the inline NIPS can monitor it.

Question 19

What technique does an iPhone use to send software updates to the phone?

Answer 19

A mobile telephone uses over-the-air (OTA) updates where, ideally, the phone should have a full battery or be connected to a power socket.

Question 20

What is the danger of someone taking an unauthorized smartphone into a research and development laboratory?

Answer 20

A smartphone could be used to record a conversation and take videos and pictures of sensitive and private information.

Question 21

If I am using my personal phone as a BYOD device, what can be done to keep business data separate from my personal data?

Answer 21

To keep your business data separate from your personal data, you would storage segmentation, also known as containerization, to isolate the data from other data. This could be in the format of installing a micro SD card into the phone.

Question 22

What would be a safe, restricted, and contained environment that an IT team could provide to contractors to use?

Answer 22

Using a Virtual Desktop Infrastructure (VDI) environment, the contractors would have an isolated desktop, depending on the network connections assigned to it. If they were to test applications, they could be sandboxed inside of their virtual machines.

Question 23

If I want to use a third-party application on my carrier-locked iOS phone, what two stages should I perform to enable the application to run?

Answer 23

You would first of all have to carry out carrier unlocking, known as jailbreaking, and then use a technique called sideloading to load the third-party software. This would not prevent you from using the Apple Store.

Question 24

What would I need to use in conjunction with a mobile device to limit the bandwidth being used when I download applications to the device?

Answer 24

Using a download manager would state how many connections are allowed and the amount of bandwidth that they are allowed to use.

Question 25

If I want to use a third-party application on my carrier-locked Android phone, what two stages should I perform to enable the application to run?

Answer 25

You would first of all have to carry out carrier unlocking, known as rooting, and then use a technique called sideloading to load the third-party software.

Question 26

In what circumstances would I remote-wipe a device using the mobile device management system; (name two)?

Answer 26

You would only remote wipe a mobile device if it was lost or stolen to prevent the data from falling into the wrong hands.

Question 27

The network administrator has been receiving support calls relating to the wireless access point. What tool should they use to diagnose the problem?

Answer 27

To diagnose the problems with a wireless access point, the network administrator would use a wireless packet sniffer to see the packets come from and to the wireless access point.

Question 28

When the SSID of a wireless access point has been disabled, what two types of devices can be used to discover the SSID?

Answer 28

You can either use a wireless packet sniffer as the SSID is inside the packet destination for the wireless access point or an SSID de-cloak device to discover the disabled SSID.

Question 29

When I was on holiday in Las Vegas, all of the pictures I submitted to Facebook had the location where the picture was taken. Which tool carried out the labeling of photographs?

Answer 29

GPS tagging inserts the location when a picture is taken.

Question 30

Which tools can I use to see if the DLL files of an application have been altered or tampered with?

Answer 30

A file integrity checker such as Microsoft’s System File Checker (SFC) can determine whether the DLL files have been tampered with.

Question 31

When setting up certificates on a mobile device, the administrator is receiving certificate trust errors. What two actions should the administrator carry out first?

Answer 31

The administrator must first of all check the certificate to see whether it is still valid and then check whether it has been added to the Trusted Root Certification Authorities store on the local machine.

Question 32

A new employee was given a company laptop with the correct certificates installed. Two weeks later, they report to the IT team that they are getting trust errors with the certificates. What has the new employee done to cause this error?

Answer 32

When the certificate was installed, it must have been valid and then added to the Trusted Root Certification Authorities store. The new employee must have deleted the local cache, removing the certificate from the Trusted Root Certification Authorities store.

Question 33

A salesperson cannot get internet access on their laptop, so they connect their 4G phone to the laptop to provide internet access. What technique have they just used?

Answer 33

When a laptop gets its internet connection via phone, this is known as tethering.

Question 34

A security administrator has found that many company devices have been tampered with over the past week. When they have looked into the security log files, they found that nothing out of the ordinary had been recorded. What has been tampering with the equipment?

Answer 34

As most of the security has been circumvented without detection, it looks like a malicious insider threat has been carried out.

Question 35

A retailer wants to allow its customers to use a wireless payment method to pay for small transactions. What payment method must the customer adopt?

Answer 35

Near Field Communication (NFC) is a wireless payment system used by bank cards or mobile phones. It is limited to a distance of about 4 inches from the reader.

Question 36

An audit has been carried out against the assets held by the IT team and the auditor has found that the company owns 300 Windows 10 licenses, but the software has been installed on 302 laptops. What is this violation known as?

Answer 36

If the company has used more licenses than it originally purchased, this is called a license compliance violation and could result in a regulatory fine.

Question 37

A small company is going to purchase a firewall and needs to ensure that the firewall is an all-in-one device providing more protection than just simply being a firewall. What type of firewall would you recommend that they purchase?

Answer 37

The all-in-one firewall device is called Unified Threat Management (UTM); this provides firewall, anti-malware, and anti-spam protection as well as content and URL filtering.

Question 38

A security administrator has found that remote users have been infecting the company network with viruses. What tool do they need to implement to mitigate this risk?

Answer 38

Once a remote user has been authenticated, if the security administrator implements Network Access Control (NAC), it would check that the device was fully patched before it was allowed onto the network.

Question 39

The security team has discovered that an attacker has been logging in twice to each machine but a security alert has not been logged as the company has an account lockout threshold of three attempts. What type of system should the company implement to alert them of any re-occurrence of this event?

Answer 39

If a company has an account lockout policy of three failed logins and they used a SIEM system, it would identify three failed logins, even if it was only one failed login on three separate machines. It also works in real time.

Question 40

What type of system does the security administrator need to implement to prevent anyone from emailing out credit card information?

Answer 40

To prevent PII or sensitive information leaving the company by email, the administrator should implement a Data Loss Prevention (DLP) system. It uses a pattern match and if the information matches the pattern, it is prevented from leaving the network.

Question 41

What type of security technology can prevent a hacker from accessing a computer’s registry remotely?

Answer 41

If the security administrator implemented Data Execution Prevention (DEP), any remote session would be limited to areas such as temporary internet files and not access the management of the system.

Question 42

What common security issue reduces the amount of bandwidth available to the company coupled with reducing the amount of disk space available on a computer?

Answer 42

Downloading unauthorized software would reduce both the amount of available bandwidth and the amount of free disk space available.

Question 43

What security technology can be implemented on a virtual machine to protect it against attacks?

Answer 43

A Host-based Intrusion Prevention System (HIPS) could be installed inside a virtual machine to prevent attacks.

Question 44

What security technology only allows approved applications to run on a system? How does it work?

Answer 44

An application whitelist lays out what application can be installed on a system. You can do this by adding the application name, the name of the .msi or .exe files or .dll binaries.

Question 45

Why would a security administrator archive security logs onto a WORM drive?

Answer 45

Storing information on a WORM drive prevents the deletion or amendment of the data stored there.

Question 46

What type of security technology would an administrator implement to protect a web server’s applications and data?

Answer 46

A security administrator would use a web application firewall to protect a web server’s application and data from attack.

Question 47

What is the purpose of push notification services?

Answer 47

Push notification services inform a user that mail has arrived at their inbox.

Question 48

A security administrator wants to implement a Bluetooth type of technology that uses low power. What technology should he implement?

Answer 48

ANT is a bespoke, low-power Bluetooth technology.

Question 49

A company has suffered from an increase in the theft of its high-end laptops. What technology can be implemented to prevent such laptops from being stolen?

Answer 49

If the company implemented geofencing, it would prevent the high-end laptops from going outside of the boundaries set.

Question 50

A security administrator has discovered that the incorrect authentication information has been used to access the network. What type of technology is the attacker using?

Answer 50

The biometric authentication failure acceptance rate allows the incorrect authentication method to gain access to a network