Network Defense Essentials

Question 1

Clark, a thief, escaped from the civil forces and tried to enter the nearest company’s premises. The security systems installed at the entrance identified the unauthorized entry into the organization’s premises and triggered an alarm to activate security teams.

Which of the following types of security control system triggered an alarm in the above scenario when the unauthorized intrusion attempt was made?

Answer 1

Detection controls
These are used to detect unauthorized access attempts.

Question 2

Clark, a network security specialist, was assigned to secure an organization’s network. Clark implemented a network defense approach that can tackle network attacks such as DoS and DDoS and includes security monitoring methods such as IDS, SIMS, TRS, and IPS.

Answer 2

Reactive approach
Consist of methods or techniques that are used to detect attacks on the target network.

Question 3

Which of the following components of technical security controls protects the information passing through the network and preserves the privacy and reliability of the data?

Answer 3

Encryption and protocols

Question 4

Sally, a security professional, implemented a protocol for authenticating requests in computer networks. The protocol implemented by Sally is based on the client-server model, and uses encryption technology and a “ticket” mechanism to prove the identity of a user on a non-secure network.

Identify the protocol implemented by Sally in the above scenario.

Answer 4

Kerberos
Kerberos is a network authentication protocol that is implemented for authenticating requests in computer networks.

Question 5

Margaret, a system administrator, regularly administers the devices connected to the organizational network. She found that certain devices are vulnerable to sniffing attacks. To protect the device from such attacks, Margaret employed a protocol that encrypts the entire communication between the client and the server, including the user’s password, which protects it from sniffing attacks.

Identify the protocol employed by Margaret in the above scenario.

Answer 5

TACACS+
provides authentication, authorization, and accounting (AAA) services for network communication.

Question 6

Which of the following protocols provides centralized authentication, authorization, and accounting (AAA) for remote access servers to communicate with a central server?

Answer 6

RADIUS
Remote authentication dial-in user service (RADIUS) is an authentication protocol which provides centralized authentication, authorization, and accounting (AAA) for remote access servers to communicate with a central server.

Question 7

James, a network administrator, was assigned a task to create a standard access control model for the organization’s confidential data. He implemented an access control model that determines the usage and access policies for the users. After its implementation, only users with appropriate access rights can access the resource.

Which of the following access control models James has implemented in the above scenario?

Answer 7

Mandatory access control (MAC)
The MAC determines the usage and access policies for the users.

Question 8

Identify the access control terminology that is referred to as an explicit resource on which an access restriction is imposed.

Answer 8

Object
An object is an explicit resource on which an access restriction is imposed.

Question 9

Identify the access control model in which the access permissions are beyond the user control, which implies that users cannot amend the access policies created by the system.

Answer 9

Role-Based access control (RBAC)
In a role-based access control, the access permissions are available based on the access policies determined by the system.

Question 10

Which of the following access control models can be termed as need-to-know access model where the decision can be taken by an owner to provide or deny access to specific user or a group of users?

Answer 10

Discretionary Access Control (DAC)
DAC determines the access control taken by any possessor of an object in order to decide the access control of a subject on that object.

Question 11

Ronnie, a security professional got many tickets stating that certain miscreants have been accessing the files with the credentials of the employees and they are creating havoc in the organization. To prevent such incidents, Ronnie implemented an authentication mechanism that identifies human characteristics for authenticating people.

Answer 11

Biometric authentication
Biometrics is a technology which identifies human characteristics for authenticating people.

Question 12

Rachel, a security professional plans to implement an added layer of defense to protect critical assets from sophisticated cyberattacks. She implemented an authentication technique that uses a physical entity such as a security token as one of the credentials and the other credential can include security codes.

Identify the type of authentication implemented by Rachel in the above scenario.

Answer 12

Two-factor authentication
Two-factor authentication is a process where a system confirms the user identification in two steps.

Question 13

Alice, a shopping freak, logged into an ecommerce app and added certain favorite items to her cart list. Before placing the order, she added her shipping address and debit card details along with the CVV number on the app. After adding her card details, Alice clicked on the proceed option to pay the bill. During the bill payment, Alice received an OTP on her mobile phone. Upon providing a valid OTP on the payment gateway, Alice’s order was successfully accepted.

Which of the following types of authentication method was demonstrated in the above scenario?

Answer 13

Two-factor authentication
Two-factor authentication is a process where a system confirms the user identification in two steps.

Question 14

Smith, a developer in a software company, has designed a banking application. For security reasons, he created an authentication mechanism that requires logging-in with user credentials as well as an OTP, which is sent to the user’s mobile number.

Which of the following authentication methods Smith has implemented in the above scenario?

Answer 14

Two-factor authentication
Two-factor authentication is a process where a system confirms the user identification in two steps.

Question 15

Williams, a network administrator, was assigned a duty to configure network security devices such as intrusion detection system (IDS) and intrusion prevention system (IPS) to protect the organization network from intrusion and block hackers’ traffic from entering the network.

Which of the following ISO/IES standards Williams must follow while configuring or modifying these security devices?

Answer 15

ISO/IEC 27039
provides guidelines to assist organizations in preparing to deploy intrusion detection and prevention systems (IDPS).
(An Incident Detection System (IDS) is a hardware or software program using known intrusion signatures to identify and analyze inbound and outbound network traffic for suspicious activities.)

Question 16

Which of the following ISO/IEC standards provides ISMS implementation guide for the telecom industry that was developed jointly by ITU Telecommunication Standardization Sector (ITU-T) and ISO/IEC JTC1/SC 27?

Answer 16

ISO/IEC 27011
specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.

Question 17

Which of the following acts allows a provision for the regulation of the processing of information relating to individuals and to make provision in connection with the Information Commissioner’s functions under certain regulations relating to information?

Answer 17

Data Protection Act 2018 (DPA)
The DPA is an act to make provision for the regulation of the processing of information relating to individuals.

Question 18

Which of the following Internet access policy starts with all services blocked and enables safe and necessary services individually?

Answer 18

Prudent Policy
A prudent policy starts with all services blocked. The Network defender enables safe and necessary services individually.

Question 19

Sam, a system administrator, was assigned to configure the information security policy that focuses on the overall security of a particular system in an organization. Jack selected a security policy that includes DMZ policy, encryption policy, policies for IDS/IPS implementation, and acceptable use policy.

Which of the following security policies Jack has implemented in the above scenario?

Answer 19

System-specific security policy (SSSP)
SSSP directs users while configuring or maintaining a system.

Question 20

Which of the following types of Internet policy accepts a majority of Internet traffic and only blocks known dangerous services/attacks?

Answer 20

Permissive policy
This policy is wide open, and only known dangerous services/attacks or behaviors are blocked.

Question 21

Which of the following security labels is given to a data or object that is only accessible by few people in the organization because of its technical, business, and personal issues?

Answer 21

Restricted

Question 22

Stella, a security team member, was instructed to train new employees on securing the organization from unwanted issues. As a primary part of training, she instructed employees not to throw sensitive documents in the trash, and also trained them on how to shred documents and erase magnetic data before putting them into the trash.

Which of the following attacks were mitigated by grooming employees on the above techniques?

Answer 22

Dumpster diving

Question 23

Which of the following types of physical threat involves activities such as planting a vehicle bomb, human bomb, or a postal bomb in and around the organization’s premises that impacts the physical security of the organization?

Answer 23

Terrorism

Question 24

Identify the type of man-made threat that includes former employees who try to compromise the system by willingly harming the system components.

Answer 24

Vandalism

Question 25

Identify the fire-fighting system that provides a pre-piped water system for organizations and provides water supply to hose lines in certain locations.

Answer 25

Standpipe system

Question 26

Which of the following physical security barriers can affect the fast evacuation of occupants in case of a fire emergency as it allows entry of only one person at a time?

Answer 26

Turnstiles

Question 27

Which of the following activities is a physical security measure implemented for maintaining servers and backup devices?

Answer 27

Use rack mount servers

Question 28

Freddy, a network engineer, detects that the network cabling of his organization was flawed and insecure. To implement secure network cabling, he installed a type of cable where each pair of wires is individually guarded with foil and is less susceptible to external interference.

Identify the type of cable utilized by Freddy in the above scenario.

Answer 28

Shielded twisted pair cable

Question 29

Williams, an infrastructure designer, was assigned to design the arrangement of servers in a data center. The requirement is that the arrangement of equipment should maintain airflow to save energy. The arrangement designed by Williams can save the hardware from humidity and heat and increases hardware performance.

Which of the following options was employed by Williams in the above scenario?

Answer 29

Hot and cold aisles

Question 30

Which of the following practices is NOT a measure for strengthening the physical security of an organization?

Answer 30

Never follow copyright rules and licensing restrictions

Question 31

Which of the following types of bastion host is a firewall device with only one network interface and all the traffic is routed through the bastion host?

Answer 31

Single-homed bastion host

Question 32

Finch, a network administrator in the process of securing the internal network, segregated the LAN creating an independent subnetwork. The newly created subnetwork has been placed between the organization’s internal network and the outside public network to enable high-level protection for the LAN.

Identify the independent network created by Finch in the above scenario to protect the LAN.

Answer 32

Demilitarized Zone (DMZ)
A computer subnetwork is placed between the organization’s private network such as a LAN, and an outside public network such as the Internet, and acts as an additional security layer.

Question 33

Which of the following types of bastion host operates with multiple network connections but the network connections do not interact with each other?

Answer 33

Non-routing dual-homed host

Question 34

Given below are the different steps involved in firewall implementation and deployment.

Planning
Testing
Managing and maintaining
Configuring
Deploying
What is the correct sequence of steps involved in firewall implementation and deployment?

Answer 34

1 -> 4 -> 2 -> 5 -> 3
Planning, Configuring, Testing, Deploying, and then Managing, and maintaining

Question 35

Which of the following firewall technologies works at the session layer of the OSI model or the TCP layer of TCP/IP model and filters the traffic based on specified session rules?

Answer 35

Circuit-Level Gateway
Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP.

Question 36

John, a network specialist at an organization, was instructed to monitor unusual behaviors in the network. He implemented an IDS system that first creates models of possible intrusions and then compares these models with incoming events to make a detection decision.

Identify the type of IDS detection method employed by John in the above scenario.

Answer 36

Misuse detection

Question 37

David, a network specialist at an organization, was monitoring incidents on an IDS solution. The IDS solution detected suspicious activity performed by a threat actor over the organization’s network and had sent an email alert to David operating at the control room. David immediately took the pre-configured counter-action and blocked the attacker from further attempts on the organization’s network.

Identify the tool that helped David detect intrusion attempts in the above scenario.

Answer 37

Suricata
a high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets.

Question 38

Jackson, a security analyst at an organization, was instructed to strengthen the security of their intranet. He deployed a honeypot solution the monitors attackers’ tricks and exploits by logging all their activity. As a result, Jackson can respond to such exploits quickly before the attacker can misuse or compromise the system.

Identify the honeypot solution that helps Jackson in the above scenario.

Answer 38

KFSensor
acts as a honeypot, designed to attract and detect hackers and worms by simulating vulnerable system services and trojans. KFSensor is pre-configured to monitor all TCP and UDP ports, along with ICMP. It is also configured with the emulation of common services.

Question 39

Which of the following types of honeypot simulates only a limited number of services and applications of a target system or network and if the attacker does something that the emulation does not expect, the honeypot will simply generate an error?

Answer 39

Low-interaction honeypot
Low-interaction honeypots emulate only a limited number of services and applications of a target system or network.

Question 40

Which of the following types of proxy does not transfer information about the IP address of its user, thereby hiding information about the user and their surfing interests?

Answer 40

Anonymous Proxy
An anonymous proxy does not transfer information about the IP address of its user, thereby hiding information about the user and their surfing interests.

Question 41

Identify the proxy through which a client system connects to a server without its knowledge and is configured to be entirely invisible to an end user.

Answer 41

Transparent proxy
A transparent proxy is a proxy through which a client system connects to a server without its knowledge.

Question 42

Identify the VPN component that is a computer that accepts VPN connections from VPN clients.

Answer 42

Tunnel terminating device
A VPN termination device can be — for example — a router, firewall or VPN connector. For a remote-access VPN, traffic is encrypted from one end device to another, but for a site-to-site VPN, traffic from end devices is sent without encryption to a VPN gateway.

Question 43

Identify the VPN core functionality in which packets over a VPN are enclosed within another packet that has a different IP source and destination because concealing the source and destination of the packets can protect the integrity of the data sent

Answer 43

Encapsulation
Encapsulation is the method in which protocols have separate functions to communicate among each other by hiding the data.

Question 44

Which of the following tools is an analytics-driven SEIM solution that automates the collection, indexing, and alerting of real-time machine data that are critical to an organization’s operations?

Answer 44

Splunk Enterprise
is a data-centric, modern security information and event management (SIEM) solution that delivers data-driven insights for full breadth visibility into your security posture so you can protect your business and mitigate risk at scale.

Question 45

Identify the security control that performs real-time security operations center (SOC) functions like identifying, monitoring, recording, auditing, and analyzing security incidents and performs threat detection and security incident response activities.

Answer 45

SIEM
Security Incident and Event Management (SIEM)
SIEM performs real-time SOC (Security Operations Center) functions like identifying, monitoring, recording, auditing, and analyzing security incidents.

Question 46

Which of the following anti-malware tools helps network defenders identify and prevent malicious Trojans or malware from infecting computer systems or electronic devices?

Answer 46

McAfee LiveSafe
is a antivirus protection that defends against viruses, online threats, and ransomware with online and offline protection.

Question 47

Which of the following components of virtualization is an application or firmware that enables multiple guest operating systems to share a host’s hardware resources?

Answer 47

Hypervisor
An application or firmware that enables multiple guest operating systems to share a host’s hardware resources.

Question 48

Which of the following components of Docker engine manages the Docker images, containers, networks, and storage volume, and processes the requests of the Docker API?

Answer 48

Docker Daemon
( dockerd ) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services.

Question 49

Which of the following types of service enables the deployment of containers and container management through orchestrators and using which subscribers can develop rich, scalable containerized applications through the cloud or on-site data centers?

Answer 49

CaaS
Container-as-a-Service (CaaS)
This cloud computing model provides containers and clusters as a service to its subscribers.

Question 50

An organization has recently leased an online cloud service. Using these services, subscribers can develop rich, scalable containerized applications through the cloud or on-site data centers.

Identify the type of cloud computing service deployed by the organization in the above scenario.

Answer 50

CaaS
Container-as-a-Service (CaaS)
This cloud computing model provides containers and clusters as a service to its subscribers.

Question 51

Brian, a cloud architect, plans to share a pool of resources with another organization through the Internet to reduce costs. For this reason, he uses a cloud deployment model where the infrastructure is shared among organizations with common computing concerns, such as security, regulatory compliance, performance requirements, and jurisdiction.

Which of the following cloud deployment models helps Brian in the above scenario?

Answer 51

Community cloud
Shared infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.).

Question 52

Identify the actor in NIST cloud computing architecture who performs an independent examination of cloud service controls to express an opinion thereon and evaluates the services provided by a CSP based on security controls, privacy impact, and performance.

Answer 52

Cloud auditor
A cloud auditor is a party that performs an independent examination of cloud service controls to express an opinion thereon.

Question 53

Which of the following features in AWS IAM initially provides minimum permissions to the user to ensure security and the permissions can be extended based on the requirement?

Answer 53

Grant least privilege
The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.

Question 54

Which of the following practices help security professionals in protecting the cloud environment?

Answer 54

Vendors should regularly undergo AICPA SAS 70 Type II audits

Question 55

Kevin, a security professional, plans to implement wireless technology in his organization for easy and fast transmission of data in a wireless network. For this purpose, he uses a technology that belongs to the IEEE 802.16 family of wireless networking standards and can function over several miles with data rates reaching up to 75 Mbps.

Identify the technology employed by Kevin in the above scenario.

Answer 55

WiMAX
The worldwide interoperability for microwave access (WiMAX) technology uses long distance wireless networking and high-speed Internet.

Question 56

Which of the following technologies belongs to the IEEE 802.16 family of wireless networking standards whose signals can function over several miles with data rates reaching up to 75 Mbps?

Answer 56

WiMAX
The worldwide interoperability for microwave access (WiMAX) technology uses long distance wireless networking and high-speed Internet.

Question 57

In which of the following wireless encryption techniques messages pass through a message integrity check using the TKIP to provide stronger encryption and authentication?

Answer 57

WPA
It is an advanced wireless encryption protocol using TKIP and Message Integrity Check(MIC) to provide strong encryption and authentication.

Question 58

Which of the following encryption algorithms is used on WPA2 wireless network encryption mechanism to provide stronger data protection and network access control?

Answer 58

AES-CCMP
is the strongest security in development for IEEE 802.11i.

Question 59

Annie, a security professional, has been tasked to implement Wi-Fi authentication in her organization to secure the wireless communication. For this purpose, she implemented an authentication process in which the station and AP use the same WEP key to provide authentication, and Annie enabled and configured the key manually on both the AP and client.

Identify the Wi-Fi authentication method employed by Annie in the above scenario.

Answer 59

Shared key authentication process

Question 60

In which of the following Wi-Fi authentication methods, each wireless station receives a secret key over a secure channel that is distinct from the 802.11 wireless network communication channels to establish a network connection?

Answer 60

Shared key authentication process

Question 61

Richard, a network engineer, performs advanced monitoring and detection of wireless network anomalies. He employed a Wi-Fi security auditing tool to detect, analyze, and identify wireless threats.

Identify the tool employed by Richard in the above scenario.

Answer 61

BoopSuite
is a set of tools written in Python designed for wireless auditing and security testing.

Question 62

Given below is the list of different cryptographic modes from stronger to weaker encryption.

1. WPA2 Enterprise
2. WPA Enterprise
3. WPA2 Enterprise with RADIUS
4. WPA
5. WEP
6. WPA2 PSK
7. WPA3
   Identify the correct order of preference for choosing an encryption mode.

Answer 62

7 -> 3 -> 1 -> 6 -> 2 -> 4 -> 5
WPA3
WPA2 Enterprise with RADIUS
WPA2 Enterprise
WPA2 PSK
WPA Enterprise
WPA
WEP

Question 63

Which of the following mobile connection techniques is a wireless sensor protocol that enables communication between sensors and their controllers and is used in IoT devices such as heart rate or fitness monitoring equipment?

Answer 63

ANT
It is a wireless sensor protocol that enables communication between sensors and their controllers.

Question 64

Which of the following mobile device connection methods is based on a single network tower that serves devices located within a specific radius and are installed in urban, suburban, and rural areas and cover a large distance?

Answer 64

Cellular communication
is based on a single network tower that serves devices located within a specific radius.

Question 65

Ruben, a security engineer, received a complaint from an employee stating his mobile device has been misplaced by a miscreant, which contains certain confidential organizational data. For this reason, Ruben used a technique that allows him to erase all the device data by remotely executing a command.

Identify the technique used by Ruben in the above scenario.

Answer 65

Remote wipe
is a technique used for securing and protecting data from miscreants if a mobile device used by an employee was stolen or lost.

Question 66

Which of the following techniques separates the personal and organizational data in employee’s mobile devices and also helps in improving the security of organizational data?

Answer 66

Containerization
is a technique in which all personal and organizational data are segregated on an employee’s mobile device.

Question 67

Which of the following policies allows employees to use and manage the devices purchased by the organization and reduces the risks associated with BYOD by implementing stringent policies and protecting devices?

Answer 67

Corporate Owned, Personally Enabled (COPE)
refers to a policy that allows employees to use and manage the devices purchased by the organizations.

Question 68

Jack, an employee at an organization, was using his mobile device for enterprise purposes. The mobile device contained a vulnerable program that looked like a legitimate browsing app, which was downloaded from third-party website. The vulnerable program was exploited by an attacker to gain remote access and steal sensitive data.

Identify the mobile device security risk demonstrated in the above scenario.

Answer 68

Application-based risks

Question 69

Sam, a security professional, implemented a mobile policy in his organization to prevent phishing and malware attacks. He deployed a solution that uses machine learning and real-time analysis to protect mobile endpoints and also generates alerts for the enterprise mobility management solutions to perform appropriate actions.

Identify the solution deployed by Sam in the above scenario.

Answer 69

Mobile threat defense solution

Question 70

Which of the following measures allows security professionals to protect mobile data from unauthorized access?

Answer 70

Maintain access control for devices and data

Question 71

Which of the following components of IoT technology is used to bridge the gap between an IoT device and the end user, thereby allowing them to communicate with each other?

Answer 71

IoT gateway

Question 72

Bob, a patient with a paralyzed, wanted to turn on smart lights and AC in his room. As he cannot stand, Bob requested the hospital management to connect those device sensors to his mobile so that he can turn on/off the smart devices whenever he wants.

Which of the following IoT communication models was demonstrated in the above scenario?

Answer 72

Device-to-device
inter-connected devices interact with each other through the Internet, but they predominantly use protocols such as ZigBee, Z-Wave or Bluetooth.

Question 73

Which of the following features of an IoT-enabled IT environment involves the exchange of data between IoT-enabled organizations using different communication protocols?

Answer 73

Data collection

Question 74

In which of the following communication model IoT devices first communicate with the remote server rather than directly communicating with the client to send or receive data or commands?

Answer 74

Device-to-Cloud
devices communicate with the cloud directly, rather than directly communicating with the client to send or receive data or commands.

Question 75

Which of the following components of an IoT framework is referred to as the central point of data aggregation for most of the data in the ecosystem?

Answer 75

Cloud platform
In an IoT ecosystem, the cloud component is referred to as the central aggregation and data management point.

Question 76

Which of the following measures is NOT a best practice for security of the IoT environment?

Allow only trusted IP addresses to access the device from the Internet

Enable the UPnP port on routers

Implement a strong authentication mechanism

Disable the “guest” and “demo” user accounts if enabled

Answer 76

Enable the UPnP port on routers
UPnP enables apps and devices to automatically open and close ports to connect with the LAN network.

Question 77

Jeffry, an IT administrator wants to monitor, manage the IoT devices to detect flaws and diagnose operational issues and update the firmware remotely. He installed a solution that can perform the above-mentioned functions.

Answer 77

Predix
ensures data and communications integrity from asset connection through the data life cycle. Data is shared via IT/OT environments, into the cloud, via storage, and back into the OT, while the runtime environment is monitored for anomalies requiring incident response.

Question 78

Jack, a security specialist, implemented an IoT network in his organization; it includes a communication aggregator in one of the parts of network that communicates with a trusted local network as well as with an untrusted public network through a secure connection.

Answer 78

Gateway
A web security gateway, also known as a secure web gateway, is a device, cloud service, or application that is deployed at the boundaries of a network to monitor and stop malicious traffic from entering the organization, and to block users from accessing malicious or suspicious web resources.

Question 79

Which of the following objectives of cryptography ensures that the information is accessible only to those who are authorized to access it?

Answer 79

Confidentiality

Question 80

An organization, CyberSol.org, developed a software product and implemented key exchange algorithms to share its resources with customers. The organization also handed over a copy of keys to the law enforcement agency or a trusted third party to keep them in escrow. These keys can be used during crises or after an incident to decipher digital evidence under authorization or a warrant from a court of law.

Which of the following concepts was demonstrated in the above scenario?

Answer 80

Government Access to Keys (GAK)
GAK refers to the statutory obligation of individuals and organizations to disclose their cryptographic keys to government agencies.

Question 81

Brenda, an encryption specialist, wants to use an advanced algorithm to encrypt the digital information in her organization. For this purpose, she uses a symmetric-key algorithm in which the encryption as well as decryption is performed using the same key and has a 128-bit block size.

Identify the encryption algorithm used by Brenda in the above scenario.

Answer 81

AES
Advanced Encryption Standard (AES)
The AES is a National Institute of Standards and Technology (NIST) specification for the encryption of electronic data.

Question 82

John wants to send an email to Bob by attaching a confidential encrypted file. He employs an Internet encryption and authentication standard that uses modular arithmetic and elementary number theory for performing computations.

Identify the cryptographic algorithm employed by John in the above scenario.

Answer 82

RSA
is an Internet encryption and authentication system that uses an algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman.

Question 83

Which of the following tools helps security professionals encrypt and decrypt files using 128-bit or 256-bit encryption?

Answer 83

AxCrypt
is secure because it endeavors to only use accepted practices and algorithms and does not attempt to invent any new encryption algorithms or methods.

Question 84

Identify the tool that allows security professionals to encrypt critical files stored on the computer and the cloud.

Answer 84

CryptoForge
employs four strong cryptographic algorithms to protect data: Blowfish, AES (Advanced Encryption Standard), TripleDES and Gost.

Question 85

Steve, HR of an organization, wants to send an important file containing employee data to the payroll department. He digitally signs the file and attaches a digital certificate to it before sending to the payroll team. The payroll team verify the signature and add the employee’ details to the database.

Identify the attribute of the digital certificate that helped the payroll team verify the digital signature of Steve.

Answer 85

Public key
is a large numerical value that is used to encrypt data. The key can be generated by a software program, but more often, it is provided by a trusted, designated authority and made available to everyone through a publicly accessible repository or directory.

Question 86

Identify the attribute of a digital certificate that specifies the hash value for the certificate, which is then used for verifying the certificate’s integrity.

Answer 86

digital certificate is a technology used to associate a user’s identity to a public key that has been digitally signed by a trusted third party.

Question 87

In which of the following states of data is it encrypted before being carried through the encrypted connections such as HTTPS, SSL, TLS and FTPS?

Answer 87

Data in transit

Question 88

Identify the data security technology that allows security professionals to makes a duplicate copy of critical data to be used for restoring and recovery purposes when the primary copy is lost or corrupted.

Answer 88

Data resilience and backup

Question 89

Which of the following media is considered as the best media for data backup and facilitates data backup at an enterprise level, has no storage capacity limits, and can be used to store large amounts of data?

Answer 89

Tape drive

Question 90

David, a system administrator, was assigned a task to secure the organization’s data. He employed a data encryption tool that establishes and maintains an on-the-fly-encrypted volume, which means the tool automatically encrypts the data just before it is saved and decrypts just after it is loaded.

Identify the tool employed by David in the above scenario.

Answer 90

VeraCrypt
is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or (in Windows) the entire storage device with pre-boot authentication.

Question 91

Given below are the different steps involved in data backup strategy.

1. Selecting the backup types
2. Choosing the right backup solution
3. Identifying the critical business data
4. Selecting a backup technology
5. Selecting the backup media
6. Conducting a recovery drill test
7. Selecting the appropriate RAID levels
8. Selecting an appropriate backup
   method
   Identify the correct sequence of steps involved.

Answer 91

3 -> 5 -> 4 -> 7 -> 8 -> 1 -> 2 -> 6
Identifying the critical business data
Selecting the backup media
Selecting a backup technology
Selecting the appropriate RAID levels
Selecting an appropriate backup method
Selecting the backup types
Choosing the right backup solution
Conducting a recovery drill test

Question 92

Identify the RAID system feature that improves the read/write performance of data by dividing it into small chunks and spreading it over multiple disks.

Answer 92

Disk striping
RAID 0 (disk striping) is the process of dividing a body of data into blocks and spreading the data blocks across multiple storage devices, such as hard disks or solid-state drives (SSDs), in a redundant array of independent disks (RAID) group.

Question 93

Which of the following measures is the best practice for a successful DLP implementation?

Answer 93

Identify sensitive data for protection
(DLP includes a set of software products and processes that do not allow users to send confidential corporate data outside the organization.)

Question 94

Which of the following measures is NOT a best practice for a successful DLP implementation?

Implement DLP with a maximum base
Identify the roles and responsibilities of
individuals
Identify the main objective of DLP
Identify sensitive data for protection

Answer 94

Implement DLP with a maximum base

Question 95

Which of the following advantages of network traffic monitoring will be achieved by establishing SLAs and compliance applicable to users or consumers by providing complete infrastructure information while drafting the SLA?

Answer 95

Minimizing risk
(service-level agreement (SLA) sets the expectations between the service provider and the customer and describes the products or services to be delivered, the single point of contact for end-user problems, and the metrics by which the effectiveness of the process is monitored and approved.)

Question 96

Identify the advantage of monitoring network traffic.

Answer 96

Finding unnecessary and vulnerable applications

Question 97

In which of the following types of attack signature analysis, security professionals need to analyze a series of packets over a long period of time to detect attack signatures?

Answer 97

Composite-signature-based analysis
is one that looks at a series of fragments from the same connection and determines whether the fragments are overlapping (this would be an obvious attack because a real fragmented packet can be reassembled, whereas overlapping fragments cannot).

Question 98

Which of the following attack signature analysis techniques allows network defenders to detect suspicious activity by analyzing the data in the payload and matching a text string to a specific set of characters?

Answer 98

Content-based signature analysis
that are designed to examine the content of such things as network packets or log entries. -Content-based signatures are typically easy to build and look for simple things, such as a certain string of characters or a certain flag set in a TCP packet.

Question 99

Which of the following Wireshark filters helps network administrators view only SMTP traffic over the network?

Answer 99

tcp.port eq 25
(Show only SMTP (port 25) and ICMP traffic.)

Question 100

Given below are the different steps to start capturing packets with Wireshark.

1. An overview of the available interfaces
   can be obtained using the Capture
   Interface dialog box.
2. Double-click on an interface in the main
   window.
3. Start a capture from this dialog box
   using the Start button.
4. A capture can be immediately started
   using the current settings by selecting
   Capture → Start or by clicking the first
   toolbar button.
   Identify the correct sequence of steps involved.

Answer 100

2 -> 1 -> 3 -> 4
Double-click on an interface in the main
window.
An overview of the available interfaces
can be obtained using the Capture Interface dialog box.
Start a capture from this dialog box
using the Start button.
A capture can be immediately started
using the current settings by selecting Capture → Start or by clicking the first toolbar button.