Mock Exam 2 Flashcards
The network administrator has received a support call from the CEO stating that he cannot download a book from the internet. The publisher is using an FTP server for the book download. The firewall rules are shown as follows:
- Inbound rules
- HTTP port 80 allow
- HTTPS port 443 allow
- DNS port 53 allow
Which of the following options prevents the download? Choose the BEST answer.
a. There is no allow rule for FTP traffic.
b. There is an explicit deny rule.
c. Implicit deny is preventing the download.
d. He needs to change the web browser to support FTP traffic.
c
When there is no allow rule in either a firewall or router, the incoming traffic gets the last rule, which is deny all. This is known as implicit deny
The network security team have been informed by the customer services department that visitors in the waiting area keep plugging their laptops into a spare wall jack to obtain internet access. The network team realize that this is a security risk. What is the BEST solution to prevent this?
a. Ask customers to hand their laptops into reception when they arrive.
b. Enable 802.1x on the router to prevent internet access.
c. Place a sign in the waiting room.
d. Enable port security on the router to prevent internet access.
e. Enable port security on the switch.
e
Enabling port security on the switch blocks all connections to the wall jack as the port is turned off.
A network administrator has just informed the cyber security team that he is going to set up network access control using host health checks without using a quarantined network. Which of the following best describes what will happen if a host is non-compliant?
a. The remote client will not be authenticated.
b. The remote client will be authenticated then the connection will drop.
c. The remote client will be authenticated.
d. The remote client will not be authenticated and the connection will be successful.
b
Network Access Control (NAC) checks that clients are patched, and this occurs after the authentication process. A non-compliant machine that is unpatched is placed in a quarantine or boundary network where the required updates are obtained from a remediation server. In this case, there is no way to obtain updates. Therefore, once the client has been authenticated, there will be a host health check and if the client is not patched, the connection will drop.
The network team have just installed another switch into the network and the network traffic is going extremely slowly. What can they do to ensure the traffic has less latency?
a. Use a packet sniffer to identify which traffic is going slowly and deny it access to the network.
b. Use spanning tree protocol to prevent looping.
c. Reduce the number of VLANs on the switch.
d. Use a network load balancer to balance the traffic.
b
Network Access Control (NAC) checks that clients are patched, and this occurs after the authentication process. A non-compliant machine that is unpatched is placed in a quarantine or boundary network where the required updates are obtained from a remediation server. In this case, there is no way to obtain updates. Therefore, once the client has been authenticated, there will be a host health check and if the client is not patched, the connection will drop.
The systems administrator went to a local shop for lunch and paid using a contactless payment method. Which of the following connection methods was he using to purchase lunch?
a. Wi-Fi
b. Cellular
c. NFC
d. KFC
e. Bluetooth
c
Near Field Communication (NFC) is a contactless payment method over a distance of 4 inches or 10 centimeters.
A network administrator is setting up a new VPN server and is using a CISCO VPN Series 3000 concentrator. What is the purpose of the VPN concentrator?
a. It increases the concurrent connections on the VPN.
b. It allows the VPN to connect to a RADIUS server.
c. It allows the VPN to connect to a TACACS+ server.
d. It establishes the secure sessions for the VPN.
d
The purpose of the VPN concentrator is to create the secure sessions for VPN connections.
Your company network has recently been attacked by remote users. The cyber security team needs to use tools that will identify the established sessions so that they can be identified. Which of the following tools will show established sessions? Choose two.
a. Protocol analyzer
b. Netstat
c. Netcat (nc)
d. Tcpdump
b, c
netstat -an is a Microsoft product that will show connections and netcat, normally known as nc, shows established connection as it is a Unix open source utility.
During an internal audit, users complained that the quality of the videoconferencing has been intermittent. What is the BEST solution to ensure a better videoconferencing experience?
a. Ensure that they are using SRTP instead of RTP.
b. Use a VPN.
c. Put the voice traffic into a VLAN.
d. Use an iSCSi connector.
c
If you put your voice traffic, also known as videoconferencing, into its own VLAN, it is separated from the rest of the network and bandwidth will be guaranteed. This will result in better quality videoconferencing.
An exchange engineer has recommended that the mail server is upgraded as the current mail protocol does not keep a copy on the server. What mail protocol is being used?
a. POP 3
b. HTTPS
c. TLS
d. IMAP4
e. Webmail
a
POP3 is a legacy version of email that does not keep a copy on the server. Upgrading will allow the mail administrator to backup the emails that remain on the mail server.
The auditor has carried out an inspection of the finance department and has made recommendations, that the file server holding the financial data and the desktops of the financial department should use IPSec to secure the sessions between them. The network administrator has asked the security analyst what mode of IPSec should be used? What did the security analyst recommend?
a. IPSec in tunnel mode
b. IPSec in split tunnel mode
c. IPSec in transport mode
d. IPSec in full tunnel mode
c
When setting IPSec between hosts on the internal LAN, IPSec transport mode should be used where only the ESP is encrypted. When using IPSec in a VPN as L2TP/IPSec, it should be used in tunnel mode where both the AH and ESP are encrypted.
What are the similarities and differences between a proxy server and a UTM firewall? Choose all that apply.
a. The proxy server can perform malware inspection.
b. The UTM can perform malware inspection.
c. The proxy server can perform URL filtering.
d. The UTM can perform URL filtering.
e. The proxy server can perform content filtering.
f. The UTM can perform content filtering.
g. The proxy server can perform web page caching.
h. The UTM can perform web page caching.
b, c, d, e, f, g
Proxy server can perform web page caching, URL and content filtering. The UTM can perform malware inspection and URL and content filtering.
The system administrator has just installed a new finance application onto the financial director’s laptop. The application will not run and the event viewer shows an error running the payroll.dll. What is the BEST solution to ensure that the application works?
a. Add the application to the whitelist.
b. Add the application to the blacklist.
c. Add the application’s EXE file to the whitelist.
d. Add the DLL binary for the payroll application to the whitelist.
e. Remove the DLL binary for the payroll application from the blacklist.
d
The whitelist is a list of allowed applications, EXE files, and DLL binaries. Since the only exception was payroll.dll, we need to add the DLL binary to the whitelist.
A security administrator installed a new inline NIPS that has been inspecting all traffic flowing through it with great success. A medium sized packet flowing through the inline NIPS could not be inspected. What is the BEST reason that it could not be inspected?
a. The packet was not recognized by the NIPS
b. The packet was encrypted before arriving at the NIPS
c. The NIPS was using the wrong input filter
d. The NIPS had an exception rule for the packet
b
An inline NIPS inspects all traffic flowing through it, however, an encrypted packet cannot be inspected by any security device in the Security+ exam.
A cyber security team has carried out an audit of the mail server and has recommended that mail between the mail servers must not be monitored or captured by protocol analyzers. The mail must remain confidential. Which of the following protocols should the auditor recommend?
a. POP secure
b. IMAP secure
c. TLS
d. SSL
e. HTTPS
c
TLS is used in the Security+ exam for the encryption of mail between mail servers. The encryption of mail between two people uses PGP.
Which of the following authentication systems could allow a user access to a system while creating an access violation?
a. Smart card authentication
b. Username and password authentication
c. Biometric authentication
d. Federation services authenticated
c
False Acceptance Rate (FAR) is where a person who should not have access to a system gains access because of a biometric authentication error.
A company is removing its expensive lease line between London and Glasgow sites and is going to replace it with a VPN solution. What type of VPN will they use as a replacement and which mode is the BEST to use? Choose two.
a. L2TP/IPSec
b. IPSec transport mode
c. Always on mode
d. IPSec tunnel mode
e. Site-to-site VPN
f. PPTP VPN
g. SSL VPN
c, e
A site-to-site VPN can be used to connect two sites together and it needs to use always-on mode as it is a permanent connection.
The financial director stores credit card information on his laptop. Therefore, the cyber security team have installed full disk encryption to prevent exfiltration of this data. A DLP solution has also been installed to prevent PII and sensitive information such as credit cards from leaving the laptop via USB drive or email. What can be installed on his laptop to prevent remote attacks?
a. HIDS
b. HIPS
c. NIDS
d. NIPS
b
A HIPS is a host-based intrusion prevention system that can help to prevent attacks.
A network administrator needs to be alerted when new hosts join the network. Which of the following tools can help them to achieve this? Choose two.
a. HIDS
b. Nmap
c. Netstat
d. NIDS
b,d
Nmap is a tool that can map out the whole network showing hosts and detailed information about them. NIDS can alert you when a computer has just joined the network as it uses sensors and collectors to do so.
A company refurbishes a lecture theatre with state-of-the-art presentation equipment valued at over $25,000. What can the security administrator install to prevent the theft of the equipment from the theatre? Choose the BEST answer.
a. NFC
b. Geolocation
c. Asset tracking
d. Tagging
b
Geolocation shows you the location where the equipment is. Another option would be to use geofencing—that would alert the security administrator when each piece of equipment left the theatre
The security administrator needs to purchase a new biometrics authentication system for a multinational corporation. Which of the following products will he decide is the BEST option to purchase?
a. Product A – low FAR
b. Product B – high FAR
c. Product C – high FRR
d. Product D – low FRR
e. Product E – low CER
f. Product F – high CER
e
The CER is where the FAR and FRR are both equal. The lower the CER, the better the biometric system as there are fewer errors.