Practice Questions Flashcards

1
Q

You need to transmit PII via email and you want to maintain its confidentiality. Which of the following choices is the BEST solution?

Use hashes

Encrypt it before sending

Protect it with a digital signature

Use RAID

A

Encrypt it before sending

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Apu manages network devices in his store and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, he created hashes for these files and compares them with hashes he created on the same files the previous week. Which of the following use cases is he MOST likely using?

Supporting confidentiality

Supporting integrity

Supporting encryption

Supporting availability

A

Supporting integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Louie hid several plaintext documents within an image file. He then sent the image file to Tony. Which of the following BEST describes the purpose of his actions?

To support steganography

To support integrity

To support availability

To support obfuscation

A

To support obfuscation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Management has mandated the use of digital signatures by all personnel within your organization. Which of the following use cases does this primarily support?

Supporting confidentiality

Supporting availability

Supporting obfuscation

Supporting non-repudiation

A

Supporting non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

As the CTO, Marge is implementing a security program. She has included security controls to address confidentiality and availability. Of the following choices, what else should she include?

Ensure critical systems provide uninterrupted service.

Protect data-in-transit from unauthorized disclosure.

Ensure systems are not susceptible to unauthorized changes.

Secure data to prevent unauthorized disclosure.

A

Ensure systems are not susceptible to unauthorized changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Your organization wants to reduce the amount of money it is losing
due to thefts. Which of the following is the BEST example of an equipment
theft deterrent?

Snapshots

Cable locks

Strong passwords

Persistent VDI

A

Cable locks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your organization is considering virtualization solutions.
Management wants to ensure that any solution provides the best ROI.
Which of the following situations indicates that virtualization would
provide the best ROI?

Most physical servers within the organization are currently
utilized at close to 100 percent.

The organization has many servers that do not require failover
services.

Most desktop PCs require fast processors and a high amount of
memory.

Most physical servers within the organization are currently
underutilized

A

Most physical servers within the organization are currently

underutilized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You are preparing to deploy a new application on a virtual server. The
virtual server hosts another server application that employees routinely
access. Which of the following is the BEST method to use when
deploying the new application?

Take a snapshot of the VM before deploying the new application.

Take a snapshot of the VM after deploying the new application.

Ensure the server is configured for non-persistence.

Back up the server after installing the new application.

A

Take a snapshot of the VM before deploying the new application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Ned is not able to access any network resources from his Linux-based
computer. Which of the following commands would he use to view the
network configuration of his system?

ifconfig

ipconfig

netstat

tracert

A

ifconfig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Administrators frequently create VMs for testing. They sometimes
leave these running without using them again after they complete their
tests. Which of the following does this describe?

VM escape

VDI snapshot

VM sprawl

Type II hypervisor

A

VM sprawl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Users within your organization access virtual desktops hosted on
remote servers. This describes which of the following?

VDE

Snapshots for non-persistence

Type I hypervisors

VM sprawl

A

VDE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your organization has implemented a VDI for most users. When a
user logs off, the desktop reverts to its original state without saving any
changes made by the user. Which of the following BEST describes this
behavior?

Container virtualization

VM escape

Non-persistence

Elasticity

A

Non-persistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which type of virtualization allows a computer’s operating system
kernel to run multiple isolated instances of a guest virtual machine, with
each guest sharing the kernel?

Container virtualization

Type I hypervisor virtualization

Type II hypervisor virtualization

VDE

A

Container virtualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You are considering rebooting a database server and want to identify
if it has any active network connections. Which of the following
commands will list active network connections?

arp

ipconfig

ping

netstat

A

netstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You have configured a firewall in your network to block ICMP traffic.
You want to verify that it is blocking this traffic. Which of the following
commands would you use?

arp

ipconfig

netstat

ping

A

ping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Developers in your organization have created an application
designed for the sales team. Salespeople can log on to the application
using a simple password of 1234. However, this password does not meet
the organization’s password policy. Which of the following is the BEST
response by the security administrator after learning about this?

Nothing. Strong passwords aren’t required in applications.

Modify the security policy to accept this password.

Document this as an exception in the application’s documentation.

Direct the application team manager to ensure the application
adheres to the organization’s password policy.

A

Direct the application team manager to ensure the application
adheres to the organization’s password policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Ned is reviewing password security for employees of The Leftorium.
The password policy has the following settings:
• The password maximum age is 30 days.
• The password minimum length is 14 characters.
• Passwords cannot be reused until five other passwords have been
used.
• Passwords must include at least one of each of the following four
character types: uppercase letters, lowercase letters, numbers, and
special characters.
Ned discovers that despite having this password policy in place, users are
still using the same password that they were using more than a month ago.
Which of the following actions will resolve this issue?

Change the password history to 10.

Require the use of complex passwords.

Change the maximum age setting to 60 days.

A

Create a rule in the password policy for the password minimum
age to be 7 days.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Your organization is planning to implement remote access
capabilities. Management wants strong authentication and wants to ensure
that passwords expire after a predefined time interval. Which of the
following choices BEST meets this requirement?

HOTP

TOTP

CAC

Kerberos

A

TOTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Your organization has decided to implement a biometric solution for
authentication. One of the goals is to ensure that the biometric system is
highly accurate. Which of the following provides the BEST indication of
accuracy with the biometric system?

The lowest possible FRR

The highest possible FAR

The lowest possible CER

The highest possible CER

A

The lowest possible CER

20
Q

Your organization recently updated an online application that
employees use to log on when working from home. Employees enter their
username and password into the application from their smartphone and
the application logs their location using GPS. Which type of
authentication is being used?

One-factor

Dual-factor

Something you are

Somewhere you are

A

One-factor

21
Q

A network includes a ticket-granting ticket server used for
authentication. Which authentication service does this network use?

Shibboleth

SAML

LDAP

Kerberos

A

Kerberos

22
Q

Lisa is a training instructor and she maintains a training lab with 18
computers. She has enough rights and permissions on these machines so
that she can configure them as needed for classes. However, she does not
have the rights to add them to the organization’s domain. Which of the
following choices BEST describes this example?

Least privilege

Need to know

Group-based privileges

Location-based policies

A

Least privilege

23
Q

Marge is reviewing an organization’s account management processes.
She wants to ensure that security log entries accurately report the identity
of personnel taking specific actions. Which of the following steps would
BEST meet this requirement?

Update ACLs for all files and folders.

Implement role-based privileges.

Use an SSO solution.

Remove all shared accounts.

A

Remove all shared accounts.

24
Q

A recent security audit discovered several apparently dormant user
accounts. Although users could log on to the accounts, no one had logged
on to them for more than 60 days. You later discovered that these accounts
are for contractors who work approximately one week every quarter.
Which of the following is the BEST response to this situation?

Remove the account expiration from the accounts.

Delete the accounts.

Reset the accounts.

Disable the accounts.

A

Disable the accounts.

25
Q

Members of a project team chose to meet at a local library to
complete some work on a key project. All of them are authorized to work
from home using a VPN connection and have connected from home
successfully. However, they found that they were unable to connect to the
network using the VPN from the library and they could not access any of
the project data. Which of the following choices is the MOST likely
reason why they can’t access this data?

Role-based access control

Time-of-day access control

Location-based policy

Discretionary access control

A

Location-based policy

26
Q

You need to create an account for a contractor who will be working
at your company for 60 days. Which of the following is the BEST
security step to take when creating this account?

Configure history on the account.

Configure a password expiration date on the account.

Configure an expiration date on the account.

Configure complexity.

A

Configure an expiration date on the account.

27
Q

A company recently hired you as a security administrator. You notice
that some former accounts used by temporary employees are currently
enabled. Which of the following choices is the BEST response?

Disable all the temporary accounts.

Disable the temporary accounts you’ve noticed are enabled.

Craft a script to identify inactive accounts based on the last time
they logged on.

Set account expiration dates for all accounts when creating them.

A

Craft a script to identify inactive accounts based on the last time
they logged on.

28
Q

Developers are planning to develop an application using role-based
access control. Which of the following would they MOST likely include in
their planning?

A listing of labels reflecting classification levels

A requirements list identifying need to know

A listing of owners

A matrix of functions matched with their required privileges

A

A matrix of functions matched with their required privileges

29
Q

A
security administrator needs to implement an access control system that
will protect data based on the following matrix.
(Note that this matrix only represents a subset of the overall
requirements.) Which of the following models is the administrator
implementing?

DAC

MAC

Role-BAC

ABAC

A

MAC

30
Q

Your organization is implementing an SDN. Management wants to
use an access control model that controls access based on attributes. Which
of the following is the BEST solution?
DAC

MAC

Role-BAC

ABAC

A

ABAC

31
Q

Your organization’s security policy requires that PII data-in-transit
must be encrypted. Which of the following protocols would BEST meet
this requirement?

FTP

SSH

SMTP

HTTP

A

SSH

32
Q

Marge needs to collect network device configuration information and
network statistics from devices on the network. She wants to protect the
confidentiality of credentials used to connect to these devices. Which of
the following protocols would BEST meet this need?

SSH

FTPS

SNMPv3

TLS

A

SNMPv3

33
Q

Lisa is enabling NTP on some servers within the DMZ. Which of the
following use cases is she MOST likely supporting with this action?

Support voice and video transmissions

Provide time synchronization

Enable email usage

Encrypt data-in-transit

A

Provide time synchronization

34
Q

Your organization wants to increase security for VoIP and video
teleconferencing applications used within the network. Which of the
following protocols will BEST support this goal?

SMTP

TLS

SFTP

SRTP

A

SRTP

35
Q

Management within your organization wants to ensure that switches
are not susceptible to switching loop problems. Which of the following
protocols is the BEST choice to meet this need?

Flood guard

SNMPv3

SRTP

RSTP

A

RSTP

36
Q

A network technician incorrectly wired the switch connections in
your organization’s network. It effectively disabled the switch as though it
was a victim of a denial-of-service attack. Which of the following should
be done to prevent this situation in the future?

Install an IDS.

Only use Layer 2 switches.

Install SNMPv3 on the switches.

Implement STP or RSTP.

A

Implement STP or RSTP.

37
Q

Developers recently configured a new service on ServerA. ServerA
is in a DMZ and accessed by internal users and via the Internet. Network
administrators modified firewall rules to access the service. Testing shows
the service works when accessed from internal systems. However, it does
not work when accessed from the Internet. Which of the following is
MOST likely configured incorrectly?

The new service

An ACL

ServerA

The VLAN

A

An ACL

38
Q

You manage a Linux computer used for security within your network.
You plan to use it to inspect and handle network-based traffic using
iptables. Which of the following network devices can this replace?

Wireless access point

Firewall

Layer 2 switch

Bridge

A

Firewall

39
Q

You need to implement antispoofing on a border router. Which one of
the following choices will BEST meet this goal?

Create rules to block all outgoing traffic from a private IP
address.

Implement a flood guard on switches.

Add a web application firewall.

Create rules to block all incoming traffic from a private IP
address.

A

Create rules to block all incoming traffic from a private IP

address.

40
Q

An organization has recently had several attacks against servers
within a DMZ. Security administrators discovered that many of these
attacks are using TCP, but they did not start with a three-way handshake.
Which of the following devices provides the BEST solution?

Stateless firewall

Stateful firewall

Network firewall

Application-based firewall

A

Stateful firewall

41
Q

Which type of device would have the following entries used to
define its operation? permit IP any any eq 80
permit IP any any eq
443 deny IP any any

Firewall

Layer 2 switch

Proxy server

Web server

A

Firewall

42
Q

Your organization hosts a web server and wants to increase its security.
You need to separate all web-facing traffic from internal network traffic.
Which of the following provides the BEST solution?

DMZ

VLAN

Firewall

WAF

A

DMZ

43
Q

Management at your organization wants to prevent employees from
accessing social media sites using company-owned computers. Which of
the following devices would you implement?

Transparent proxy

Reverse proxy

Nontransparent proxy

Caching proxy

A

Nontransparent proxy

44
Q

You need to configure a UTM security appliance to restrict traffic
going to social media sites. Which of the following are you MOST likely to
configure?

Content inspection

Malware inspection

URL filter

DDoS mitigator

A

URL filter

45
Q

Your organization recently purchased a sophisticated security
appliance that includes a DDoS mitigator. Where should you place this
device?

Within the DMZ

At the border of the network, between the intranet and the DMZ

At the border of the network, between the private network and
the Internet

In the internal network

A

At the border of the network, between the private network and
the Internet