Mock Exam 2 Flashcards

1
Q

The network administrator has received a support call from the CEO stating that he cannot download a book from the internet. The publisher is using an FTP server for the book download. The firewall rules are shown as follows:

  • Inbound rules
  • HTTP port 80 allow
  • HTTPS port 443 allow
  • DNS port 53 allow

Which of the following options prevents the download? Choose the BEST answer.

A

a. There is no allow rule for FTP traffic.
b. There is an explicit deny rule.
c. Implicit deny is preventing the download.
d. He needs to change the web browser to support FTP traffic.

c

When there is no allow rule in either a firewall or router, the incoming traffic gets the last rule, which is deny all. This is known as implicit deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The network security team have been informed by the customer services department that visitors in the waiting area keep plugging their laptops into a spare wall jack to obtain internet access. The network team realize that this is a security risk. What is the BEST solution to prevent this?

A

a. Ask customers to hand their laptops into reception when they arrive.
b. Enable 802.1x on the router to prevent internet access.
c. Place a sign in the waiting room.
d. Enable port security on the router to prevent internet access.
e. Enable port security on the switch.

e

Enabling port security on the switch blocks all connections to the wall jack as the port is turned off.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A network administrator has just informed the cyber security team that he is going to set up network access control using host health checks without using a quarantined network. Which of the following best describes what will happen if a host is non-compliant?

A

a. The remote client will not be authenticated.
b. The remote client will be authenticated then the connection will drop.
c. The remote client will be authenticated.
d. The remote client will not be authenticated and the connection will be successful.

b

Network Access Control (NAC) checks that clients are patched, and this occurs after the authentication process. A non-compliant machine that is unpatched is placed in a quarantine or boundary network where the required updates are obtained from a remediation server. In this case, there is no way to obtain updates. Therefore, once the client has been authenticated, there will be a host health check and if the client is not patched, the connection will drop.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The network team have just installed another switch into the network and the network traffic is going extremely slowly. What can they do to ensure the traffic has less latency?

A

a. Use a packet sniffer to identify which traffic is going slowly and deny it access to the network.
b. Use spanning tree protocol to prevent looping.
c. Reduce the number of VLANs on the switch.
d. Use a network load balancer to balance the traffic.

b

Network Access Control (NAC) checks that clients are patched, and this occurs after the authentication process. A non-compliant machine that is unpatched is placed in a quarantine or boundary network where the required updates are obtained from a remediation server. In this case, there is no way to obtain updates. Therefore, once the client has been authenticated, there will be a host health check and if the client is not patched, the connection will drop.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The systems administrator went to a local shop for lunch and paid using a contactless payment method. Which of the following connection methods was he using to purchase lunch?

A

a. Wi-Fi
b. Cellular
c. NFC
d. KFC
e. Bluetooth

c

Near Field Communication (NFC) is a contactless payment method over a distance of 4 inches or 10 centimeters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A network administrator is setting up a new VPN server and is using a CISCO VPN Series 3000 concentrator. What is the purpose of the VPN concentrator?

A

a. It increases the concurrent connections on the VPN.
b. It allows the VPN to connect to a RADIUS server.
c. It allows the VPN to connect to a TACACS+ server.
d. It establishes the secure sessions for the VPN.

d

The purpose of the VPN concentrator is to create the secure sessions for VPN connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your company network has recently been attacked by remote users. The cyber security team needs to use tools that will identify the established sessions so that they can be identified. Which of the following tools will show established sessions? Choose two.

A

a. Protocol analyzer
b. Netstat
c. Netcat (nc)
d. Tcpdump

b, c

netstat -an is a Microsoft product that will show connections and netcat, normally known as nc, shows established connection as it is a Unix open source utility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

During an internal audit, users complained that the quality of the videoconferencing has been intermittent. What is the BEST solution to ensure a better videoconferencing experience?

A

a. Ensure that they are using SRTP instead of RTP.
b. Use a VPN.
c. Put the voice traffic into a VLAN.
d. Use an iSCSi connector.

c

If you put your voice traffic, also known as videoconferencing, into its own VLAN, it is separated from the rest of the network and bandwidth will be guaranteed. This will result in better quality videoconferencing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An exchange engineer has recommended that the mail server is upgraded as the current mail protocol does not keep a copy on the server. What mail protocol is being used?

A

a. POP 3
b. HTTPS
c. TLS
d. IMAP4
e. Webmail

a

POP3 is a legacy version of email that does not keep a copy on the server. Upgrading will allow the mail administrator to backup the emails that remain on the mail server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The auditor has carried out an inspection of the finance department and has made recommendations, that the file server holding the financial data and the desktops of the financial department should use IPSec to secure the sessions between them. The network administrator has asked the security analyst what mode of IPSec should be used? What did the security analyst recommend?

A

a. IPSec in tunnel mode
b. IPSec in split tunnel mode
c. IPSec in transport mode
d. IPSec in full tunnel mode

c

When setting IPSec between hosts on the internal LAN, IPSec transport mode should be used where only the ESP is encrypted. When using IPSec in a VPN as L2TP/IPSec, it should be used in tunnel mode where both the AH and ESP are encrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the similarities and differences between a proxy server and a UTM firewall? Choose all that apply.

A

a. The proxy server can perform malware inspection.
b. The UTM can perform malware inspection.
c. The proxy server can perform URL filtering.
d. The UTM can perform URL filtering.
e. The proxy server can perform content filtering.
f. The UTM can perform content filtering.
g. The proxy server can perform web page caching.

h. The UTM can perform web page caching.

b, c, d, e, f, g

Proxy server can perform web page caching, URL and content filtering. The UTM can perform malware inspection and URL and content filtering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The system administrator has just installed a new finance application onto the financial director’s laptop. The application will not run and the event viewer shows an error running the payroll.dll. What is the BEST solution to ensure that the application works?

A

a. Add the application to the whitelist.
b. Add the application to the blacklist.
c. Add the application’s EXE file to the whitelist.
d. Add the DLL binary for the payroll application to the whitelist.
e. Remove the DLL binary for the payroll application from the blacklist.

d

The whitelist is a list of allowed applications, EXE files, and DLL binaries. Since the only exception was payroll.dll, we need to add the DLL binary to the whitelist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security administrator installed a new inline NIPS that has been inspecting all traffic flowing through it with great success. A medium sized packet flowing through the inline NIPS could not be inspected. What is the BEST reason that it could not be inspected?

A

a. The packet was not recognized by the NIPS
b. The packet was encrypted before arriving at the NIPS
c. The NIPS was using the wrong input filter
d. The NIPS had an exception rule for the packet

b

An inline NIPS inspects all traffic flowing through it, however, an encrypted packet cannot be inspected by any security device in the Security+ exam.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A cyber security team has carried out an audit of the mail server and has recommended that mail between the mail servers must not be monitored or captured by protocol analyzers. The mail must remain confidential. Which of the following protocols should the auditor recommend?

A

a. POP secure
b. IMAP secure
c. TLS
d. SSL
e. HTTPS

c

TLS is used in the Security+ exam for the encryption of mail between mail servers. The encryption of mail between two people uses PGP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following authentication systems could allow a user access to a system while creating an access violation?

A

a. Smart card authentication
b. Username and password authentication
c. Biometric authentication
d. Federation services authenticated

c

False Acceptance Rate (FAR) is where a person who should not have access to a system gains access because of a biometric authentication error.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A company is removing its expensive lease line between London and Glasgow sites and is going to replace it with a VPN solution. What type of VPN will they use as a replacement and which mode is the BEST to use? Choose two.

A

a. L2TP/IPSec
b. IPSec transport mode
c. Always on mode
d. IPSec tunnel mode
e. Site-to-site VPN
f. PPTP VPN
g. SSL VPN

c, e

A site-to-site VPN can be used to connect two sites together and it needs to use always-on mode as it is a permanent connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The financial director stores credit card information on his laptop. Therefore, the cyber security team have installed full disk encryption to prevent exfiltration of this data. A DLP solution has also been installed to prevent PII and sensitive information such as credit cards from leaving the laptop via USB drive or email. What can be installed on his laptop to prevent remote attacks?

A

a. HIDS
b. HIPS
c. NIDS
d. NIPS

b

A HIPS is a host-based intrusion prevention system that can help to prevent attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A network administrator needs to be alerted when new hosts join the network. Which of the following tools can help them to achieve this? Choose two.

A

a. HIDS
b. Nmap
c. Netstat
d. NIDS

b,d

Nmap is a tool that can map out the whole network showing hosts and detailed information about them. NIDS can alert you when a computer has just joined the network as it uses sensors and collectors to do so.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A company refurbishes a lecture theatre with state-of-the-art presentation equipment valued at over $25,000. What can the security administrator install to prevent the theft of the equipment from the theatre? Choose the BEST answer.

A

a. NFC
b. Geolocation
c. Asset tracking
d. Tagging

b

Geolocation shows you the location where the equipment is. Another option would be to use geofencing—that would alert the security administrator when each piece of equipment left the theatre

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The security administrator needs to purchase a new biometrics authentication system for a multinational corporation. Which of the following products will he decide is the BEST option to purchase?

A

a. Product A – low FAR
b. Product B – high FAR
c. Product C – high FRR
d. Product D – low FRR
e. Product E – low CER
f. Product F – high CER

e

The CER is where the FAR and FRR are both equal. The lower the CER, the better the biometric system as there are fewer errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The cyber security team have been collecting the security logs from all of the servers and network appliances and storing them in a WORM drive. Why have they chosen this type of drive? Select the MOST suitable answer.

A

a. It can be protected by a password.
b. It is a portable drive that can be locked away at night.
c. It is an industry-standard drive for cyber security.
d. The information cannot be altered.

d

A WORM drive is write once read many, this means that data cannot be deleted, altered, or tampered with so that the log files can be protected.

22
Q

A systems administrator for a large multinational company is replacing 1,000 hard drives from company desktops. Which of the following data sanitation tools should he use to destroy the data on the old hard drives?

A

a. Pulverizing
b. Degaussing
c. Low-level formatting
d. Shredding

d

The best ways to dispose of a hard drive from best to worst are shred, pulverize, and degauss.

23
Q

A cyber security analyst obtained the following information:

John Scott 5f4dcc3b5aa765d61d8327deb882cf99

Which tool did the cyber security analyst use and what does it represent? Choose two.

A

a. It is his employee ID.
b. Packet sniffer.
c. Password hash.
d. Hash of his employee ID.
e. Password cracker.
f. Wireless scanner.

In the Security+ exam, when you see names in clear text and a hash value, this is a hash of the password. The preceding is the MD5 hash of the word password, one of the most common passwords. This is the output from a password cracker.

24
Q

The backup operator backs up the company data on a daily basis. Which of the following is the fastest backup?

A

a. Full backup
b. Differential backup
c. Snapshot
d. Incremental backup

In the Security+ exam, the fastest backup is the snapshot. It should really be the fastest restore. Snapshots are normally a rollback option.

25
Q

A SIEM system notifies the system administrator that a computer with a hardened operating system has a vulnerability. When a manual check is done, no vulnerabilities exist. Why is the system producing the wrong information? Choose the BEST two options

A

a. The SIEM system is missing some system updates.
b. The SIEM system is using the incorrect input filters.
c. The host-based firewall is preventing monitoring.
d. The SIEM system is producing false negatives.
e. The SIEM system is producing false positives.

A hardened operating system has no vulnerabilities. The SIEM system is giving the wrong information; this is known as a false positive. SIEM systems measure different types of packets using a separate input filter for each, and using the incorrect filter will produce false positives.

26
Q

The cyber security team wish to prevent mobile devices from operating outside of the United Kingdom. What is the best way to achieve this?

A

a. Geolocation
b. GPS tracking
c. Context-aware authentication
d. All of the above

Context-aware authentication can be set up so that the devices only operate in the UK and if someone tried to use them in another country, the device would be disabled.

27
Q

Your company has been very successful and has an enormous volume of web traffic coming to the company’s web servers. However, the load balancer has failed and you are waiting for a replacement. What can we use to manage the web traffic coming in until a new load balancer arrives?

A

a. NAT server
b. Stateful firewall
c. Round robin
d. Stateless firewall

c

DNS round robin is a technique where the web requests are rotated through each DNS record for web servers balancing the incoming requests.

28
Q

You are a systems administrator for a company hosting the G4 summit. Which of the following data sanitation tools should you use to destroy all of the paperwork used in the summit?

A

a. Shred
b. Burn
c. Pulverize
d. Pulp

The best ways of destroying paper data, from best to worst, are burning, pulping, then shredding.

29
Q

An auditor from FAST carried out an audit of the company software and made three observations:

Product Licenses. In use
A 100 102
B 25. 26
C 30 41

Which of the following BEST describes the auditor’s recommendations?

A

a. Company policy violation
b. Overuse of licenses
c. License compliance violation
d. License compliance warning

The company has a license compliance violation as all software is licensed and using more copies of software than the licenses that you purchase is breaking the law.

30
Q

There has been a number of successful cyber attacks on corporate websites where hackers have managed to steal credit card information. What is the BEST way for your cyber security team to discover the attack methods used?

A

a. Speak to a company that was attacked
b. Read bulletins from security websites
c. Set up a honeynet
d. Monitor the SQL database holding the information

A honeypot is a website made to look like a legitimate website with lowered security so that security teams can monitor the attack methods being used, then they can mitigate the risk. A number of honeypots is called a honeynet.

31
Q

An auditor was carrying out a network audit on the wireless network that was not broadcasting the SSID. He managed to use two different tools to discover the SSID. Which two tools did he use?

A

a. Tcpdump
b. SSID decloak device
c. Wireless scanner
d. Protocol analyzer
e. Packet sniffer

When the SSID is disabled, the SSID can be attached to the packet header. Both a SSID decloak device and a wireless scanner/wireless packet sniffer can capture the SSID from the packet.

32
Q

The network team have placed the voice traffic in a VLAN so that it is segmented from the rest of the network and has guaranteed bandwidth. The auditor has recommended that the voice traffic should be secured so that it cannot be monitored or captured by a protocol analyzer. Which of the following protocols should the network team select?

A

a. SCP
b. SFTP
c. SRTP
d. TLS

Voice traffic operates on a protocol called Real Time Protocol and the secure version is Secure Real-Time Protocol (SRTP).

33
Q

The cyber security team is rolling out new mobile phones that will hold sensitive company data. Which of the following is the BEST solution to protect the phones? Choose three.

A

a. Context-aware authentication
b. Strong password
c. Device encryption

d. TLS encryption
e. GPS tracking
f. Cable locks
g. Screen locks

The cell phones will need screen locks, so they log out; they will need strong password to prevent them from being guessed and device encryption to encrypt the data at rest.

34
Q

Which of the following protocols should secure traffic in transit between two mail servers?

A

a. SSL
b. HTTPS
c. S/MIME
d. TLS

Secure traffic between two mail servers and data in transit is TLS. S/MIME and PGP are used between two people.

35
Q

A sales person logged into the company VPN to download some files. During the download, the sales person went online to look at the availability for flights for next month. During this session, the company network was hacked by someone gaining access via the web browser. What was the vulnerability that caused the attack?

A

a. Man-in-the-browser attack
b. Man-in-the-middle attack
c. Split tunneling
d. Session hijacking

Secure traffic between two mail servers and data in transit is TLS. S/MIME and PGP are used between two people.

36
Q

A member of the sales team managed to connect remotely to the company network, but then a few seconds later his laptop was placed in a quarantined network and was asked to contact the remediation server. Why was this done?

A

a. The remediation server must scan all incoming traffic to prevent a virus attack.
b. The sales person’s password has just expired.
c. Network access control disabled the salesperson’s account.
d. The device that the salesperson’s logged in with was not fully patched.

Network Access Control (NAC) kicks in after a remote connection has been made to ensure that the device is fully patched and has no virus, making the machine compliant. A non-compliant machine is placed in a quarantined network, where the remediation server gives them access to missing patched; they will then gain access to the network.

37
Q

A small company has only one wireless access point, but today nobody can connect to the network. What tool should the system administrator use to troubleshoot, and why is the wireless access point not working?

A

a. Protocol analyzer
b. Tcpdump
c. SSID decloak device
d. Wireless scanner

A wireless scanner can capture packets from and to the wireless access point, so that they can troubleshoot where the problem is arising. They will also be able to see rejected packets.

38
Q

A company has over twelve wireless access points that need to be configured centrally. How will this be achieved with the minimum amount of effort?

A

a. Set up and roll out a group policy.
b. Use a fat wireless controller.
c. Update the wireless controllers using SSH.
d. Use a thin wireless controller.
e. Update the wireless access points using SNMP v 3.

A thin wireless controller pushes out new configuration files to all wireless access points from a central location.

39
Q

The cyber security team is rolling out new mobile phones that will hold sensitive company data. Which of the following is the BEST solution to protect the phones? Choose three.

A

a. Context-aware authentication
b. Strong password
c. Device encryption

d. TLS encryption
e. GPS tracking
f. Cable locks
g. Screen locks

The cell phones will need screen locks, so they log out; they will need strong password to prevent them from being guessed and device encryption to encrypt the data at rest.

40
Q

A network administrator has just installed a new firewall and finds that traffic cannot flow through it. What is the default setting for a firewall? Choose the BEST two answers.

A

a. Allow only HTTP and HTTPS traffic.
b. Block all traffic.
c. Allow by exception.

d. The firewall is switched off and needs to be powered on.

To install a firewall, it must be powered on. The only rule in the firewall (or router) is deny all. Therefore, the default setting is block all, allow by exception, where you would configure allow rules.

41
Q

A cyber security analyst needs to run a scan to discover the hostname, IP address, and missing patches on three separate servers without causing any damage to them. What is the BEST type of scan for him to use?

A

a. Intrusive scan
b. Non-credentialed scan
c. Credentialed scan
d. Active scan

c

A credentialed scan is a passive scan that can provide the details of the server as well as missing patches. A non-credentialed scan is also passive but can only identify missing patches.

42
Q

The financial director has notified the IT director that employees have been emailing VISA credit card details to outside agencies. One of the programmers inserted a regular expression into an XML template, so that if any emails matches the following pattern, that mail will automatically get blocked:

^(?:4 [0-9] {12] (?: {0-9] {3} )?

What type of technology is being adopted to prevent the credit card details being emailed out?

A

a. DLR
b. NFX
c. NFC
d. DLP

d

Data Loss Prevention (DLP) prevents PII or sensitive information from leaving the company by blocking data that matches the pattern. It can block emails and prevent data being put on external drives.

43
Q

What do a SIEM server and Kerberos have in common? Choose the BEST answer.

A

a. They work in real time.
b. You need admin rights to access them.
c. They require time synchronization with the atomic clock.
d. They are both Microsoft products.

c

Both Kerberos and a SIEM system are time-dependent and need to maintain accurate time by synchronizing with the atomic clock or any reference time clock.

44
Q

The network administrator needs to ensure that the data passing through the inline NIPS is decrypted. Which of the following devices will he use to decrypt incoming packets?

A

a. Load balancer
b. Stateful firewall
c. Proxy server
d. Reverse proxy
e. UTM
f. WAF

d

A reverse proxy authenticates incoming connections and has the ability to decrypt incoming data.

45
Q

A salesperson arrives at his hotel at 6:30 pm and realizes that he should have made a credit card payment today. He checks into his room and finds that the free Wi-Fi does not have any encryption. What is the BEST solution that he should take to ensure the payment is as secure as possible? Choose two, each providing part of the solution.

A

a. Connect to the hotel Wi-Fi.
b. Use a L2TP/IPSec VPN to connect to the credit card portal.
c. Tether his phone to his laptop.
d. Use SSL encryption to connect to the credit card portal.
e. Use a SSL VPN to connect to the credit card portal.

b, c

Tethering his mobile phone to the laptop will provide a much more secure internet connection. Using a L2TP/IPSEC VPN provides the most secure session to the credit card portal.

46
Q

Your company has been very successful and has an enormous volume of web traffic coming to the company’s web servers. What can you use to help manage the web requests in a timely fashion?

A

a. NAT server
b. Stateful firewall
c. UTM
d. Load balancer

d

A load balancer knows the status of each web server, therefore, it passes requests to the least utilized host.

47
Q

What is the most common method of authentication? Choose two.

A

a. PIN
b. Password
c. CAC card
d. Username
e. Smart card
f. Biometrics

b,d

Although better security can be provided by using multifactor authentication, the most common method is the single factor username and password.

48
Q

A person at a market stall advertises that he can unlock a mobile and add third-party applications to your phone without the vendor finding out. Which of the following options is he using to achieve this? Choose two.

A

a. Screen locks
b. Routing/jailbreaking
c. Degaussing
d. Third-party app store
e. Sideloading

b, e

Unlocking an iOS phone is called jailbreaking; routing is when it is an Android phone. Loading unauthorized third-party apps is called sideloading.

49
Q

Your company has been very successful and has an enormous volume of DDoS traffic coming to the company’s web servers. What can you use to deal with the DDoS traffic? Choose the best answer.

A

a. NAT server
b. Stateful firewall
c. Load balancer
d. UTM

b

We do not wish DDoS traffic to enter our network. There, we will install a stateful firewall as it will inspect the incoming traffic and deny the DDoS traffic access to the network. We want to prevent the DDoS traffic from arriving.

50
Q

A network technician is going to set up a L2TP/IPSec VPN so that salespeople can remotely connect to the company offices. He needs to set up the VPN with the most secure protocol and the appropriate mode for its purpose. Which mode and encryption level with be used? Choose two.

A

a. IPS transport mode
b. Always on mode
c. IPSec tunnel mode
d. 3DES
e. AES
f. RS

c, e

A L2TP/IPSec is externally set up in tunnel mode, whereas, server to server with a LAN is transport mode. The only three protocols used with L2TP/IPSec are DES, 3DES, and AES. AES can operate up to 256 bits, this makes it the most secure.