Deck 1

Question 1

A short list of commonly used passwords tried against large number of user accounts is a characteristic feature of:

Answer 1

Spraying attack

Question 2

What is does “Impossible travel” refer to?

Answer 2

a situation wherein an account is accessed from a location that is physically impossible for the user to be in

Question 3

What is the name of a solution that increases the efficiency of IP address space management by allowing network administrators to divide networks into subnets of different sizes?

Answer 3

VLSM

Question 4

Which of the following acronyms refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?

Answer 4

ACL

Question 5

Which of the following policies applies to any requests that fall outside the criteria defined in an ACL?

Answer 5

Implicit Deny Policy

Question 6

Which of the answers listed below does not refer to the concept of network isolation?

Answer 6

DLP

Question 7

Which of the answers listed below refer to the concept of data isolation?

Answer 7

EFS + DLP

Question 8

A type of document outlining the shared responsibilities between a CSP and its customers for securing and managing data and resources is known as:

Answer 8

Cloud responsibility matrix

Question 9

Which of the following provides isolation from external computer networks?

Answer 9

Air gap

Question 10

Which of the answers listed below refers to a specific type of ICS?

Answer 10

SCADA

Question 11

Which of the answers listed below refer(s) to embedded systems?

Answer 11

Often designed to operate in real-time or with low latency ( Your answer)

Typically equipped with constrained computing resources and storage (missed)

Designed to perform a single task or a few closely related tasks within a larger system ( Your answer)

Question 12

Which of the following terms can be used to describe a system designed to aim for minimized downtime and uninterrupted operation?

Answer 12

HA

Question 13

A type of hardened server used as a secure gateway for remote administration of devices placed in a different security zone is called:

Answer 13

Jump server

Question 14

Which of the following provides passive network security breach response on an individual computer system?

Answer 14

HIDS

Question 15

Which of the answers listed below refers to network security technology designed to monitor WLANs for unauthorized access, security threats, and suspicious activities?

Answer 15

WIDS

Question 16

In active-passive mode, load balancers distribute network traffic across:

Answer 16

Servers marked as active

Question 17

Which of the following EAP methods offers the highest level of security?

Answer 17

EAP-TLS

Question 18

Which of the following answers refer to the characteristic features of a Layer 4 firewall?

Answer 18

Filters traffic based on source/destination IP addresses, ports, and protocol types

Operates at the transport layer of the OSI model

Offers basic (faster) traffic filtering

Question 19

Which of the answers listed below refer to a Layer 7 firewall?

Answer 19

Offers complex (slower) traffic filtering

Adds the ability to inspect the contents of data packets in addition to the header information

Operates at the application layer of the OSI model

Question 20

Examples of protocols typically used for implementing secure VPN tunnels include:

Answer 20

IPsec + TLS + L2TP

Question 21

Which of the following terms is used to describe a type of VPN that alleviates bottlenecks and conserves bandwidth by enabling utilization of both the VPN and public network links?

Answer 21

Split tunnel

Question 22

An HTML5 VPN portal is an example of clientless VPN implementation where an HTML5-compliant web browser along with TLS encryption can be used instead of a dedicated VPN client software.

Answer 22

True

Question 23

Which of the following answers refers to a protocol designed to secure data transmitted over WLANs?

Answer 23

WTLS

Question 24

Which part of IPsec provides confidentiality, data integrity, and authentication?

Answer 24

ESP

Question 25

Which of the IPsec modes provides entire packet encryption?

Answer 25

Tunnel

Question 26

An IPsec mode providing encryption only for the payload (the data part of the packet) is referred to as:

Answer 26

Transport mode

Question 27

An IPsec mode providing encryption only for the payload (the data part of the packet) is referred to as:

Answer 27

SASE

Question 28

Which of the answers listed below refers to any type of information pertaining to an individual that can be used to uniquely identify that person?

Answer 28

PII

Question 29

Which of the answers listed below refer(s) to encryption method(s) used to protect data at rest?

Answer 29

FDE + SED + EFS

Question 30

Encryption methods used to protect data in transit include:

Answer 30

VPN + IPsec + TLS

Question 31

Which of the following answers refers to an individual or role responsible for overseeing and ensuring compliance with data protection laws and policies within an organization?

Answer 31

DPO

Question 32

Which of the following answers refer to data masking?

Answer 32

Replaces sensitive data with fictitious or modified data while retaining its original format

   Allows for data manipulation in environments where the actual values are not needed

Question 33

Which of the following modifies data or code to make it difficult to understand or reverse-engineer, but without necessarily encrypting or hiding the data?

Answer 33

Obfuscation

Question 34

ACL, FACL, DAC, MAC, and RBAC are all access control mechanisms that can be used to manage user permissions and protect the confidentiality, integrity, and availability of data.

Answer 34

True

Question 35

Hardware RAID Level 0:

Answer 35

Requires a minimum of 2 drives to implement

   Is also known as disk striping 

   Decreases reliability (failure of any disk in the array results in the loss of all data in the array

Question 36

Hardware RAID Level 1:

Answer 36

Is also referred to as disk mirroring

Question 37

Hardware RAID Level 5:

Answer 37

Offers increased performance and fault tolerance (single drive failure does not destroy the array and lost data can be re-created by the remaining drives)

   Is also known as disk striping with parity

Question 38

Hardware RAID Level 10 (a.k.a. RAID 1+0)

Answer 38

Is referred to as stripe of mirrors, i.e., a combination of RAID 1 (disk mirroring) and RAID 0 (disk striping)

Question 39

Which of the following RAID levels does not offer fault tolerance?

Answer 39

6 + 0

Question 40

Which of the following is the primary function of clustering?

Answer 40

Groups servers together to provide high availability and fault tolerance

Question 41

Which of the terms listed below refers to a duplicate of the original site, with fully operational computer systems as well as near-complete backups of user data?

Answer 41

Hot site

Question 42

Which of the following terms refers to an alternate site that provides some pre-installed hardware and software and might have partial data backups, but it is not fully operational and requires additional configuration before use?

Answer 42

Warm site

Question 43

A disaster recovery facility that provides only the physical space for recovery operations is known as:

Answer 43

Mirror site

Question 44

What is the name of a U.S. government initiative that provides a set of procedures and plans that an organization can implement to ensure continued performance of its essential functions during unexpected events?

Answer 44

COOP

Question 45

A technique that allows to recover changes that occurred since the last backup in the event of a system crash is known as:

Answer 45

Journaling

Question 46

Which of the following power redundancy solutions would be best suited for providing long-term emergency power during an unexpected main power source outage?

Answer 46

Backup generator

Question 47

In the context of MDM, the isolation of corporate applications and data from other parts of the mobile device is referred to as:

Answer 47

Containerization

Question 48

An administrator needs to adjust the placement of multiple APs to ensure the best wireless signal coverage for the network. Which of the following would be of help in identifying areas of low signal strength?

Answer 48

Heat map

Question 49

Which of the answers listed below refers to a mobile device deployment model where organizations provide and own the devices while allowing their personal use?

Answer 49

COPE

Question 50

What is the name of a mobile device deployment model in which employees select devices for work-related tasks from a company-approved device list?

Answer 50

CYOD

Question 51

An SSID is a unique identifier (a.k.a. wireless network name) for a WLAN. Wireless networks advertise their presence by regularly broadcasting SSID in a special packet called beacon frame. In wireless networks with disabled security features, knowing the network SSID is enough to get access to the network. SSID also pinpoints the wireless router that acts as a WAP. Wireless routers from the same manufacturer are frequently configured with default (well-known) SSID names. Since multiple devices with the same SSID displayed on the list of available networks create confusion and encourage accidental access by unauthorized users (applies to networks that lack security), changing the default SSID is a recommended practice.

Answer 51

True

Question 52

Which of the following solutions would offer the strongest security for a small network that lacks an authentication server?

Answer 52

WPA3-SAE

Question 53

What are the characteristic features of WPA2/WPA3 Enterprise mode?

Answer 53

Suitable for large corporate networks

IEEE 802.1X

Requires RADIUS authentication server

Question 54

What is the name of the encryption protocol primarily used in Wi-Fi networks implementing the WPA3 security standard?

Answer 54

AES-GCMP

Question 55

What are the characteristics of TACACS+?

Answer 55

Encrypts the entire payload of the access-request packet

Primarily used for device administration 

   Separates authentication and authorization

Question 56

What are the characteristic features of RADIUS?

Answer 56

Primarily used for network access

Combines authentication and authorization

Encrypts only the password in the access-request packet

Question 57

Which of the wireless encryption schemes listed below offers the highest level of protection?

Answer 57

WPA3