Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SND > pReview > Flashcards

pReview Flashcards

1
Q

Which type of attack is primarily intended to disrupt the availability of critical business functions?

Man-in-the-middle
Denial-of-service
Eavesdropping
Covert channel

A

Denial-of-service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Classify each attack method in relation to its direct impact on the CIA triad.

Answer options may be used more than once or not at all. Confidentiality, Integrity, or Availability.

Key logger
DNS poisoning
Covert channels
DDoS

A

Key logger - Confidentiality
DNS poisoning - Integrity
Covert channels - Confidentiality
DDoS - Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security administrator has configured a small keysize to protect the VPN.

Which security objective does this affect?

Confidentiality
Availability
Authentication
Integrity

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A laptop has been stolen, and the data has been seen for sale on the darknet.

Which process could have protected the confidentiality of the data?

BIOS password
Hard drive encryption
Two-factor authentication
Host-based IDS

A

Hard drive encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When browsing to a financial website, a user receives an error on the browser that points to the certificate on the website. The user reviews the certificate and maps it to a known certificate authority.

Why did the user need to perform these actions?

To validate client authenticity
To establish a trust relationship
To monitor communications
To ensure connection is available and reliable

A

To establish a trust relationship

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A team of scientists is working on a secure project. The network administrator needs to configure a network for the team that is not routable from the Internet. A firewall is protecting the scientists’ network and is using network address translation (NAT) to translate the internal IP addresses to public IP addresses.

Which IP address should the network administrator configure on the inside interface of the firewall?

  1. 131.162.1
  2. 14.15.16
  3. 32.255.1
  4. 169.255.12
A

10.14.15.16

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An ad hoc network design team has just finished a presentation on the latest updates to the organization’s network infrastructure. The team ensured that plenty of redundancy has been built in and bottlenecks have been eliminated.

Which security objective has the team bolstered through these improvements?

Integrity
Availability
Confidentiality
Non-repudiation

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company has recently implemented a new email encryption system that uses public key infrastructure (PKI). The company is now requiring all employees to sign and encrypt internal communication. An employee wants to send a digitally signed message to the IT director.

What does the IT director use to decode the employee’s signature under the new system?

The employee’s public key 		
The IT director’s password 		
The IT director’s private key 		
The IT director’s public key 		
The employee’s password 		
The employee’s private key
A

The employee’s public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An administrator at a small office is tasked with supporting a new time clock that has been installed on the network. The outsourced company managing the time clock states that the connection protocol it uses with the clock is encrypted, but it needs to allow incoming connections from the Internet.

Which action should allow the outsourced company to securely manage the time clock with a minimal amount of configuration effort?

  • Setting up a port forward on the firewall from the outsourced company to the time clock
  • Configuring a virtual private network (VPN) between the outsourced company and the small office
  • Creating an access rule on the firewall allowing the clock to connect to the outsourced company
  • Creating a transparent forward proxy to allow the encrypted protocol to traverse the Internet
A
  • Setting up a port forward on the firewall from the outsourced company to the time clock
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A small nonprofit company has received several legacy wireless access points (APs) as a donation. The security administrator discovers that the encryption protocol the devices use is not very secure. The encryption key can be discovered by a malicious hacker in only a few minutes. After discussions with other security professionals, the administrator learns the APs can implement a key protocol that can change the encryption key every few seconds and provide a per-packet verification at each side of the communication.

Which security measure is the key protocol implemented to protect?

Confidentiality of the key 		
Availability of the key 		
Accountability of the key 		
Privacy of the key 		
Integrity of the key
A

Integrity of the key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A recently terminated employee from accounting used several widely available programs in an amateur attempt to exploit a company’s database.

Which term describes the terminated employee?

White hat hackers
Black hat hackers
Hacktavists
Script kiddies

A

Script kiddies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An organization has recently undergone a period of growth, both in terms of business operations and personnel. The network infrastructure has kept pace, growing to accommodate the new size and structure. Mapping and auditing of the expanded network needs to be done. One of the first findings is that the router has permissive rights to all unassigned ports.

What is this finding an example of?

A threat
A good security practice
A vulnerability
An opportunity

A

A vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company has been the target of multiple social engineering attacks and is implementing a new mandatory security awareness training program to reduce the risk of a future compromise. The security administrator is mainly concerned with the following attack vectors:

Spoofed emails containing fake password reset links aimed at harvesting employees’ passwords
Phone calls to the helpdesk by a malicious user pretending to be an employee needing a password reset
A malicious user tailgating while impersonating a contractor to steal employees’ mobile devices

What are the two vulnerabilities that the company needs to address to meet the above requirements?

Choose 2 answers

Disgruntled employees 		
Weak passwords 		
Compromised email system 		
Untrained users 		
Lack of secure access control
A

Untrained users

Lack of secure access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An email link takes a user to an online store. After clicking the link, the user is redirected to a spoofed online store.

Which type of attack is occurring?

SQL injection
Cross-site scripting
Session hijacking
Distributed denial-of-service

A

Cross-site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which device is responsible for performing stateful packet inspection on traffic traversing connected segments?

Screening router
VPN appliance
Layer 3 switch
Firewall

A

Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which device is Layer 7 aware and provides both filtering of unwanted source IP traffic from accessing a network and policy on which ports may be used?

Packet filter firewall
IPSec VPN
Application firewall
Circuit firewall

A

Application firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A software circuit firewall is on the network providing protection for a web server. There is a cross-site scripting vulnerability on the web server.

How will the software circuit firewall react to an exploit of this vulnerability?

  • It will filter based solely on initial session setup.
  • It will filter traffic at each layer of the OSI model.
  • It will be restricted to protecting against low-volume attacks.
  • It will protect against application vulnerabilities.
A
  • It will filter based solely on initial session
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

During preproduction testing, a key security control is found to be missing. This oversight inadvertently allows users to view data they are not authorized to access. Upon review of the initial security requirements, it was stated that authentication, authorization, and accounting (AAA) of users was required in the design of the system.

What occurred during the systems development life cycle (SDLC) that caused this problem?

  • AAA requirements were not clear in the system security requirements.
  • Penetration testing was not performed during the implementation phase.
  • Identity and access management (IAM) assessments were not conducted to ensure authentication was enforced during the testing phase.
  • No objective security reviews were conducted to ensure security requirements were being met during the development phase.
A
  • No objective security reviews were conducted to ensure security requirements were being met during the development phase.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Many of the devices a company uses are stand-alone, third-party appliances. While the appliances are evaluated for security concerns at the time of purchase, many have reached the end of their support and will need to be replaced soon.

What should a security administrator do to protect these assets before they are disposed of and replaced?

Use a defense-in-depth strategy
Implement security through obscurity
Follow a strict compliance methodology
Develop custom, in-house patches

A

Use a defense-in-depth strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

During the initiation phase of the systems development life cycle (SDLC), an administrator is working on a new system that will support remote access to the organization’s disaster recovery environment. As part of the effort, the administrator is attempting to calculate the bandwidth required to support systems identified in the business impact analysis.

Why is the calculation of required bandwidth vital to the tenets of security?

  • The organization will not have the desired level of availability without sufficient bandwidth.
  • Failure to provide adequate bandwidth will be a violation of the Internet service provider’s service level agreement.
  • The integrity of critical data will be compromised without sufficient bandwidth.
  • Limited bandwidth will impact the organization’s ability to cut over to a hot site.
A
  • The organization will not have the desired level of availability without sufficient bandwidth.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A technician is configuring the security features of new, built-in-house software. After configuring the application, the technician tests the new security controls.

At which phase of the systems development life cycle (SDLC) process is the technician operating?

Implementation
Initiation
Deployment
Operation

A

Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

In the diagram provided, three network zones containing servers are depicted. As the security architect, only one host intrusion sensor and one network intrusion sensor will be allowed in the design.

Where should the sensors be deployed to maximize detection of threats against this organization’s extranet implementation?

  • Host-based Intrusion Detection System (HIDS) on the DB server and Network Intrusion Prevention System (NIPS) in the LAN
  • HIDS on the DB server and NIPS in the DMZ
  • HIDS on the app server and NIPS in the LAN
  • HIDS on the laptop and NIPS in the DMZ
  • HIDS on the web server and NIPS in the DMZ
A
  • HIDS on the web server and NIPS in the DMZ
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

An information security project manager has been tasked with implementing a new system designed to detect and respond to network security threats to user workstations as well as systems in a screened subnet. As part of the configuration, the project team will implement a new network topology.

Which network topoly should the project team implement?

  • Intrusion prevention system (IPS) along with sensors in the demilitarized zone (DMZ) and local area network (LAN)
  • IPS along with sensors in the wide are network (WAN) and LAN
  • IPS along with sensors in the metropolitan area network (MAN) and multiprotocol label switching (MPLS)
  • Intrusion detection system (IDS) along with sensors in the LAN and DMZ
  • IDS along with sensors in the DMZ and network address translation (NAT)
A
  • Intrusion prevention system (IPS) along with sensors in the demilitarized zone (DMZ) and local area network (LAN)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A security administrator receives an intrusion detection system (IDS) alert identifying suspicious traffic on the network between two sites. In order to identify whether the traffic was malicious or not, the administrator enables a packet capture both inside and outside of one site’s firewall. While monitoring the internal packet captures, the administrator determines that a rogue IP address is generating a lot of address resolution protocol (ARP) traffic. Further monitoring of the external packet capture reveals that the secure sockets layer (SSL) certificate that certain clients were using was changed to a self-signed certificate.

Which type of attack is occurring, based on the packet captures?

Rogue access point
DNS poisoning
Cross-site scripting
Man-in-the-middle

A

Man-in-the-middle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

As a fundamental concept of network security, backups are vital to incident recovery. A security administrator has been tasked with reporting on the pros and cons of various backup/recovery technologies and is preparing a list of these technologies.

Match the advantages and disadvantages with each backup/recovery technology to assist the security administrator.

Answer options may be used more than once or not at all. Select your answer from the pull-down list.

Online/Offline storage

Prompts (Advantages)
Offers access to data from any Internet connection
Better option when faced with possible major catastrophes affecting connectivity
Provides for quick recoveries while controlling the physical/logical information

Prompts (Disadvantages)
Puts data on someone else’s hardware
Requires rented/leased space for storage
Subject to physical threats under the organizations control

  • Offers access to data from any Internet connection
  • Better option when faced with possible major catastrophes affecting connectivity
  • Provides for quick recoveries while controlling the physical/logical information
  • Puts data on someone else’s hardware
  • Requires rented/leased space for storage
  • Subject to physical threats under the organizations control
A

Online storage - Offers access to data from any Internet connection
Offsite storage - Better option when faced with possible major catastrophes affecting connectivity
Onsite storage - Provides for quick recoveries while controlling the physical/logical information
Online storage - Puts data on someone else’s hardware
Offsite storage - Requires rented/leased space for storage
Onsite storage - Subject to physical threats under the organizations control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A company is concerned about employee usernames and passwords being obtained through phishing campaigns.

Which emerging technology should the company employ to keep this from happening?

Cloud computing
ITIL
Permissioning
Tokens

A

Tokens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which method could be used to protect against data leakage?

Hashing
Data caching
Steganography
Deep-content inspection

A

Deep-content inspection

28
Q

A large organization will be heavily dependent on a number of in-house web services that are Internet-facing.

Which control should be used by this organization to protect against Internet-based attackers?

Hardened security appliance
Data loss prevention solution
Application whitelisting
Application firewall

A

Application firewall

29
Q

A security administrator has decided that it is important to simplify the management of many of the edge security devices through a single web interface. The administrator decides to purchase a replacement security device that can filter common website attacks, allow users remote access to their network resources, and scan emails for malware.

What should the administrator deploy to meet these goals?

DLP server
Web application firewall
Stateful packet inspection device
Hybrid firewall

A

Hybrid firewall

30
Q

Recently, many organizations are embracing Bring Your Own Device (BYOD) as a means to reduce cost.

What is the primary reason these organizations must ensure malware detection remains a top priority?

  • To protect the organization from attacks introduced by the lack of a perimeter
  • To protect employees’ personal financial transactions and files
  • To reduce the number of external network-based attacks of internal corporate resources
  • To gain better visibility over the security posture of competitors
A
  • To protect the organization from attacks introduced by the lack of a perimeter
31
Q

A security administrator has recently subscribed to online threat feeds that discuss continual security improvement, better log visibility, and improved risk mitigation techniques.

Which explanation should be given as the reason for improving continuous detection processes in these discussions?

  • The detection process may not have addressed all immediately identified risks
  • So that networks are better protected than they were in the past
  • To provide more granular reporting to management
  • New vulnerabilities are identified every day, and as such networks need to adapt
A
  • New vulnerabilities are identified every day, and as such networks need to adapt
32
Q

A company is in the process of separating valid network traffic from malicious traffic. Currently, the company does not want to block valid traffic that would cause an outage to an application.

Which device will monitor and classify potential malicious traffic to improve current policies?

Load balancer
Firewall
Intrusion Detection System (IDS)
VPN

A

Intrusion Detection System (IDS)

33
Q

What are two security controls that are applicable to the LAN-to-WAN domain?

Choose 2 answers

Antivirus software
Network topology
Proxy server
Stateful packet inspection

A

Proxy server

Stateful packet inspection

34
Q

A company’s chief executive officer (CEO) is traveling overseas for a business meeting and wants to protect emails and video conference calls from a breach in confidentiality.

Which strategy should be used to achieve this objective?

  • Define and implement a secure cloud solution.
  • Ensure that antivirus and application patches are up-to-date.
  • Secure a VPN back into the corporate offices.
  • Ensure that the CEO’s operating system uses genuine copies of its programs.
A
  • Secure a VPN back into the corporate offices.
35
Q

An enterprise environment has multiple stakeholders, each of whom has a unique role, responsibility, and level of access.

What is a cost-effective method of segmenting the network for this environment?

  • Define and implement secure cloud architecture.
  • Configure a demilitarized zone (DMZ) at the network perimeter.
  • Create Virtual Local Area Networks (VLANs) to segment network traffic.
  • Implement an array of routing topologies to segment.
A
  • Create Virtual Local Area Networks (VLANs) to segment network traffic.
36
Q

Match each network security strategy with the appropriate IT domain.

Answer options may be used more than once or not at all. Select your answers from the pull-down list.

  • Acceptable Use Policy (AUP) signed prior to being granted access to IT resources and infrastructure
  • Focused on training, strong authentication, granular authorization, and detailed accounting (AAA)
  • System hardening, communication protection, and device positioning
  • Protocols, addressing, topology, and communication encryption are critical to securing this domain
  • Secured via encrypted tunnels for VPN communication
A

User domain - Acceptable Use Policy (AUP) signed prior to being granted access to IT resources and infrastructure
User domain - Focused on training, strong authentication, granular authorization, and detailed accounting (AAA)
Workstation domain - System hardening, communication protection, and device positioning
Local Area Network (LAN) domain - Protocols, addressing, topology, and communication encryption are critical to securing this domain
Remote access domain - Secured via encrypted tunnels for VPN communication

37
Q

Which concept is appropriate for system hardening, given the workstation domain?

Choose 2 answers

Implement network access control 		
Synchronize the clock 		
Define a guest account 		
Enable host firewall 		
Filter RFC 1918 addresses
A

Synchronize the clock

Enable host firewall

38
Q

A security administrator has discovered the following on a public website:
root:A4D7CF982CB1E5F83CB2FF4DACE8911E
user:A4D7CF982CB1E5F83CB2FF4DACE8911E
The security administrator is asked to mitigate the risks that these types of attacks expose the company to in the future.

What is an effective countermeasure that can be executed?

Create strong firewall Access Control Lists (ACLs).
Configure a custom subnet.
Set up an egress filter.
Implement tokens.

A

Implement tokens.

39
Q

A device on a network is pinging over 100 endpoints on the infrastructure. The IP and MAC addresses belong to the network management system. However, the MAC address has been spoofed. The machine is tracked down, and it is an unknown rogue device that somehow got past the network admission control (NAC) device.

Which action should be taken from this point forward?

  • Make an image of this device for forensic analysis.
  • Perform a memory dump.
  • Run an antivirus scan on this device.
  • Contain and unplug this device from the network.
A
  • Contain and unplug this device from the network.
40
Q

A network has been subjected to a series of simple yet aggressive attacks for a number of weeks. The company’s leadership and security team want to know the type of information the attacker is searching for, and the ways in which the attacker has been successful.

What are three methods that should be used to research the attacker’s intentions and capabilities?

Choose 3 answers

Honeynet 		
Mantrap 		
Padded cell 		
Hairpin 		
Backdoor 		
Honeypot
A

Honeynet
Padded cell
Honeypot

41
Q

An alarm has been triggered based on the Intrusion Detection System (IDS) thresholds on a company’s main operational network. An immediate analysis of the IDS logs shows an intruder successfully breached the perimeter network defenses and began data exfiltration. Although the network security administrator managed to lock out the intruder and deny access from the source, the company must now go into “incident response” mode.

Which three goals should the administrator accomplish as quickly as possible?

Choose 3 answers

  • Minimize operational and network downtime.
  • Retrain the security team for allowing the intruder access.
  • Purchase the next generation of firewall implementation to further secure the perimeter.
  • Retaliate against the intruder and attack the access point.
  • Restore the environment back to a secured normal state.
  • Minimize loss (e.g., financial, reputational, data, intellectual property).
A
  • Minimize operational and network downtime.
  • Restore the environment back to a secured normal state.
  • Minimize loss (e.g., financial, reputational, data, intellectual property).
42
Q

An application server was recently attacked, resulting in compromise of all transactional credit card information via the website. It was revealed that the attacker was able to compromise a system administrator’s computer via a spear phishing attack. This gave the attacker the ability to compromise the application server.

Which network security management practice should be applied to treat these operational weaknesses?

  • Increase training of information technology staff on the dangers of social engineering.
  • Install antivirus, malware, Host-Intrusion Prevention System (HIPS), and host firewalls on database servers.
  • Institute a patch policy for the application servers.
  • Increase physical security for all personnel accessing the servers.
A
  • Increase training of information technology staff on the dangers of social engineering.
43
Q

An attacker compromises an Internet-facing web server. The attacker then uses the compromised web server to gain unauthorized access to other internal servers.

Which control or design consideration prevents exploitation of the internal network?

Antivirus
Demilitarized zone
Outbound firewall rules
Network address translation

A

Demilitarized zone

44
Q

Recently, a company experienced several malware infections. Though the virus scanners have been regularly updated, re-infections happen regularly. An investigation of the infected PCs shows that several critical OS files have not been updated in more than a year.

Which two strategies should the company deploy in the future to detect and minimize the possibility of this kind of infection?

Choose 2 answers

Full disk encryption 		
Vulnerability assessments 		
Honeypot 		
Web application firewall 		
Patch management
A

Vulnerability assessments

Patch management

45
Q

Company A has established a business partnership with Company B. Company A and Company B need to securely interconnect their networks, while minimally impacting the end-user experience.

How should access to these two networks be granted?

Host these devices in the cloud
Remote Access VPN
Thin client or terminal services
Site-to-site VPN

A

Site-to-site VPN

46
Q 
A company’s chief information officer (CIO) has tasked the network security team with a set of requirements for the next iteration of network security. The CIO wants a solution that will implement the following items:
  Access control
Connectionless data integrity checking
Data origin authentication
Replay detection and rejection
Confidentiality using encryption
Traffic flow confidentiality
What provides this set of services?

Internet Protocol Security (IPSec)
Layer 2 Tunneling Protocol (L2TP)
Point-to-Point Protocol (PPP)
Secure Sockets Layer/Transport Layer Security (SSL/TLS)

A

Internet Protocol Security (IPSec)

47
Q

A company decides to implement Network Address Translation (NAT) and strict inbound access control after experiencing multiple breaches from external hosts connecting to its publicly available IP addresses. The system administrator verifies the Access Control List (ACL) is configured properly, but firewall log analysis still shows multiple external malicious hosts connected to internal company hosts.

What should the security administrator do to reduce the risk of further malicious connections?

  • Block Internet Control Message Protocol (ICMP) at the border firewall.
  • Block incoming external port scans.
  • Implement an outbound ACL.
  • Implement a remote access VPN.
A
  • Implement an outbound ACL.
48
Q

A network administrator wants to harden the configuration of the company’s VPN.

Which two steps must the administrator take to ensure the VPN server is hardened and the VPN tunnel implements strong confidentiality controls?

Choose 2 answers

Implement Data Encryption Standard (DES).
Use Secure Hashing Algorithm 1 (SHA-1).
Employ authentication headers.
Change the server’s password.
Configure Advanced Encryption Standard (AES).

A

Change the server’s password.

Configure Advanced Encryption Standard (AES).

49
Q

After a new firewall was installed, the security administrator has reported that a large number of fragments and overlapping packets are filling the logs and causing abnormal network behavior.

Which two features can be implemented on the firewall to resolve this issue?

Choose 2 answers

Dynamic filtering 		
802.1x authentication 		
Encrypted payload 		
Deep packet inspection 		
Intrusion detection system (IDS)
A

Dynamic filtering

Intrusion detection system (IDS)

50
Q

A security administrator working for a large organization has been asked to implement a remote access solution that would facilitate telecommuting employees. Employees must be able to access the internal network and securely perform work-related functions from home. The solution must allow for a minimum of 20 simultaneous connections at any given time.

Which remote access solution is the proper solution?

  • Separate Local Area Network (LAN) segments via virtual LAN (VLAN).
  • Implement end-to-end data encryption.
  • Install a VPN concentrator.
  • Implement a PKI solution.
  • Enable remote desktop connection on the internal network.
A
  • Install a VPN concentrator.
51
Q

During an annual security audit, a company discovered that the development team has been committing code to production, which breaches the compliance requirement of separation of duties.

Which security measure needs to be implemented?

Prioritize log aggregation network traffic.
Adopt the principle of least privilege.
Create an incident response plan.
Set up proper storage encryption.

A

Adopt the principle of least privilege.

52
Q

A security network specialist has been asked to configure secure Internet access for a small company made up of 20 computers. The company must provide remote services to its mobile workers.

Which solution should be implemented?

  • Endpoint-based firewalls and secure shell (SSH) remote access
  • Bastion firewall acting as the firewall and a VPN
  • Endpoint-based firewalls and secured remote desktop services
  • Small office, home office (SOHO) hardware firewall with secure sockets layer (SSL) port forwarding
A
  • Bastion firewall acting as the firewall and a VPN
53
Q

A company needs an alternative to a VPN solution to provide secure communications between clients and servers within the extended organization. In addition to secure communications, eavesdropping and tampering with data while in transport must be prevented. Finally, endpoint authentication and confidentiality of communications must be provided.

Which solution should be implemented based on these requirements?

  • Generic Routing Encapsulation (GRE)
  • Layer 2 Tunneling Protocol (L2TP)
  • Point-to-Point Tunneling Protocol (PPTP)
  • Secure Sockets Layer/Transport Layer Security (SSL/TLS)
A
  • Secure Sockets Layer/Transport Layer Security (SSL/TLS)
54
Q

An organization is looking for a better way to communicate across the Internet. The organization has done an exhaustive study of both present and future requirements, and has determined the need for the following specifications in the new communication infrastructure:
- Increased address space
- More efficient routing functionality
- Reduced management requirements
- Better quality of service
- Enhanced security
What should the organization implement across their enterprise based on these requirements?

Network Address Translation (NAT)
Internet Protocol Version 6 (IPv6)
Internet Protocol Security (IPSec)
User Datagram Protocol (UDP)

A

Internet Protocol Version 6 (IPv6)

55
Q

A VPN solution was compromised when traffic from the Internet was seen on the internal network. This traffic bypassed the company’s firewall policies. Specifically, a large amount of command-and-control data was seen by network intrusion detection systems (NIDS) from the VPN user’s connection.

Which scenario potentially caused this compromise?

  • The VPN authentication, authorization, and accounting (AAA) server did not adequately limit privilege escalation of the VPN user and resulted in malware injection attacks.
  • The VPN user’s credentials were compromised, allowing an attacker to route Internet traffic into the VPN.
  • Split tunneling was allowed where a connected VPN client could route traffic to and from the Internet into the VPN connection.
  • A VPN user’s laptop was compromised with malware, causing an Internet backdoor to occur even though split tunneling was not allowed.
A
  • Split tunneling was allowed where a connected VPN client could route traffic to and from the Internet into the VPN connection.
56
Q

A firewall policy has an Access Control List (ACL), which allows a connection from a university that is not part of the company.

Which description depicts what the company is currently doing that directly relates to this ACL?

  • Utilizing a remote connection on port 22
  • Allowing a remote employee to access a secure webpage on port 443
  • Allowing a local administrator to secure the firewall on port 161
  • Running a web server on port 80
A
  • Running a web server on port 80
57
Q

A network technician needs to securely connect a remote office over the commercial Internet. The technician wants to ensure the local headquarters’ virtual local area networks (VLANs) are visible at the remote site, and that the remote site uses the headquarters’ Dynamic Host Configuration Protocol (DHCP) server for addressing.

Which solution will allow the two offices to implement the requirements?

  • Secure Shell (SSH)
  • Internet Protocol Security (IPSec) transport mode
  • Layer 2 Tunneling Protocol (L2TP)
  • Point-to-Point Protocol (PPP)
A
  • Layer 2 Tunneling Protocol (L2TP)
58
Q

A network security engineer has been contracted by a small organization to develop a remote connection solution. The organization is extremely concerned with privacy and secure communications. The organization owns the entire network, including all switches, routers, cabling, and hardware infrastructure.

Which solution should the network security engineer implement?

  • Trusted VPN solution
  • Private branch exchange
  • Remote Authentication Dial-In User Server (RADIUS) access
  • Hybrid VPN solution
    Secure VPN solution
A
  • Trusted VPN solution
59
Q

A firewall has been placed between two networks. Each network implements a VPN concentrator to enable secure communication via a VPN in tunnel mode.

What information regarding the VPN will the firewall logs provide?

  • Information about the temporary encapsulation header
  • Information about internal endpoints’ source IP addresses
  • Information about the packet payload content
  • Information about the origin and destination of original headers
A
  • Information about the temporary encapsulation header
60
Q

Use the following configuration of an access control list (ACL) to answer the question below:

PROTO SRC_IP SRC_PORT DST_IP DST_PORT ACTION
TCP ANY ANY 192.168.4.0/24 >1024 ALLOW

Which type of firewall should the company be using?

Application layer
Circuit proxy
Static filtering
Stateful inspection

A

Static filtering

61
Q

During a routine penetration test of an organization’s perimeter firewall, an analyst discovers that port 25 is open on the wide area network (WAN) interface of the firewall.

What is causing this finding?

  • Network Address Translation (NAT) is passing Simple Mail Transfer Protocol (SMTP) traffic to an internal email server.
  • Remote console access to the firewall was not disabled.
  • Port Address Translation (PAT) is passing webmail traffic to an internal web server.
  • Local POP access to the firewall was enabled by default.
A
  • Network Address Translation (NAT) is passing Simple Mail Transfer Protocol (SMTP) traffic to an internal email server.
62
Q

A firewall administrator is setting up the necessary rule to allow an email server to send and receive email.

Which three elements does the Access Control List (ACL) need?

Choose 3 answers

  • Email address domain
  • Source IP
  • Dynamic Host Configuration Protocol (DHCP) scope
  • Destination port
  • Base protocol
  • DNS MX records
A
  • Source IP
  • Destination port
  • Base protocol
63
Q

What are remote access, site-to-site, host-to-host, and extranet access examples of?

VPN policies
VPN devices
VPN encryption
VPN architecture

A

VPN architecture

64
Q

New requirements state that secure communication between a company’s remote sites and its corporate headquarters should be encrypted. The administrator decides to encrypt both the packet headers and packet payloads between the sites.

What did the administrator deploy to accomplish this?

  • VPN In clientless mode
  • VPN in transport mode
  • VPN in Network Address Translation (NAT) traversal mode
  • VPN in tunnel mode
A
  • VPN in tunnel mode
65
Q

Match each VPN concept with its appropriate characteristic.

Answer options may be used more than once or not at all. Select your answers from the pull-down list.

  • Secure Sockets Layer/Top Level Specification (SSL/TLS)
  • Tunnel mode
  • Transport mode
A
  • Secure Sockets Layer/Top Level Specification (SSL/TLS)
    - Encryption protocol VPNs use
  • Tunnel mode - Encrypts the entire payload and
    the header
  • Transport mode - Encrypts only the payload
66
Q

A security administrator is reviewing the VPN deployment to understand why the VPN connection is not affected when making firewall changes. The security administrator tests the connection, and the web content filter does not work for the VPN connection.

Which type of VPN deployment is being used?

Internally connected
Demilitarized zone (DMZ)-based
Inline-based
Bypass

A

Bypass

SND (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions