Security+ Mobile App Questions

Question 1

Salting a password is a technique used in key stretching to make the password more secure against cracking attempts. There are various techniques to stretch a key; some are more common but each is different. – Which of the following is a key stretching technique that salts a password of atleast 64 bits using a pseudo-random function such as HMAC?

crypt(3)
PBKDF2
Bcrypt
SHA-1

Answer 1

PBKDF2

Explanation:
PBKDF2 is a salting technique that incorperates a pseudo-random function to protect passwords of atleast 64 bits. PBKDF2 is in use in many applications such as WIFI Protected Access II (WPA2), Apple’s iOS mobile operating system, and Cisco operating systems.

Question 2

A load balancer at Acme Inc. is fielding requests from the internet to Acme’s new web portal that provides hospitals access to their medical tool catalog. They are receiving quite a bit of traffic from around the country and have configured the load balancer to keep user’s requests local to the server that first accepts the request. For example, user 1 visits the website and is routed to server 3; all subsequent visits sends user 1 to server 3 for their web access. – This is an example of which of the following?

Geolocation Routing
Round-robin Load Balancing
Weight-based Routing
Source Address Affinity

Answer 2

Source Address Affinity

Explanation:
Source Address Affinity ensures that requests are routed to the same server that a user was originally sent to, based on the IP address. The first visit to the website may be assigned a distribution method like round-robin, but with Source Address Affinity, every time the user revisits the page, they will have their request sent to the server that they were routed to originally.

Question 3

Anders Insurance Agency has discovered that malware on one of their internal computers has been exfiltrating user information. But the malware is unfamiliar and not registering with their antivirus/anti-malware programs. They alert a cybersecurity agency, which investigates and discovers that the malware is originating from an infected government site for an insurance regulatory authority that Anders Insurance visits regularly. – Which of the following is the BEST description of what has occurred?

Watering Hole Attack
Phishing
Man-in-the-Middle Attack
Whaling

Answer 3

Watering Hole Attack

Explanation:
Watering Hole Attack targets sites that its victims use most often. After infecting the site and configuring it to deliver malware, the attacker waits for their target to use the site and become infected, then the attacker can carry out additional objectives, such as exfiltrating information.

Question 4

A user is browing social media site and sees a post by their friend about an interesting game, along with the link. The user clicks on the link and is presented with a game that is focused on discovering hidden items on the web page and clicking on them. The user plays the game, eventually leaves the page, and later discovers that their social media account has been hacked and is now sending spam messages to their friends. – Which of the following MOST LIKELY occured in this scenario?

Clickjacking
Man-in-the-Browser
Domain Hijacking
Session Hijacking

Answer 4

Clickjacking

Explanation:
Clickjacking is an attack where the attacker builds elements on a web page that obscure the true nature of what the user is clicking on. It is possible to use HTML elements called frames to mask web pages and essentially build their own elements on top, such as game icons or buttons, and trick users into performing the actions they desire. This could take the form of a user clicking a “reset password” link, sharing a post without their knowledge, or providing a session ID or credentials to the attacker.

Question 5

An attacker is watching the public wireless communications in a local coffee shop. They are sniffing the traffic and have proceeded to intercept a login session in order to capture the information for later use. – What attack is being used?

Watering Hole
Cross-Site Scripting
Replay
Evil Twin

Answer 5

Replay

Explanation:
When a hacker is able to intercept a session and use it again later, it’s considered a Replay Attack. The attacker intercepts the session and analyzes it. They can later impersonate the victim and use the session to gain access to servers or applications. Encryption stops this attack.

Question 6

An administrator has an email server that is configured to accept IMAP connections on the well-known port of 143. They want to implement a secure IMAP configuration within the environment but need it to conform to the original environement. – WHich of the following protocols would they use?

IMAPS
SSL
STARTTLS
SPOP

Answer 6

STARTTLS

Explanation:
Internet Message Access Protocol v4 (IMAPv4) provides access to stored email on an email server and enables users to organize and manage these emails in folders on the server. IMAP4 uses port 143 and, though IMAPS is a secure edition of IMAP4, it uses a different port: 993. In contrast, IMAP4 with STARTTLS operates on the same well-known port as IMAP4 on Port 143.

Question 7

An administrator needs a security solution for their organization’s cloud environment. They want a service that sits between their on-site premises and the cloud provider. It should allow them to define security policies for traffic following outside their on-premises site to the cloud. – What type of security solution should they implement?

CASB
SDV
SWG
Security Groups

Answer 7

CASB (Cloud Access Security Broker)

Explanation:
Cloud Access Security Broker is a service that acts as a software layer between an organization and their cloud. Many cloud providers, like Amazon and Microsot, provide APIs that allow for automated control of this.

Question 8

An administrator at Acme Inc. is taking a snapshot of the network and comparing it to an original snapshot to check for anomalies. – What is the administrator doing?

Monitoring
Streaming
Baselining
Benchmarking

Answer 8

Baselining

Explanation:
Baselining is the process of measuring changes in networking, hardware, and software. It gives monitoring software the ability to determine what’s normal and what’s abnormal in the system. It’s how the software determines abnormal traffic patterns in order to alert the administrator.

Question 9

An administrator is interested in implementing email encryption throughout the organization. They have a PKI configured to work within the local network and would like to incorperate that. – Which of the following protocols should they implement?

PGP
OpenPGP
S/MIME
TLS

Answer 9

S/MIME (Secure/Multipurpose Internet Mail Extensions)

Explanation:
Secure/Multipurpose Internet Mail Extensions (S/MIME) is one of the most prevalent email encryption standards available. S/MIME uses RSA for asymmetric encryption and AES for symmetric encryption and can encrypt email at rest and in transit. Due to the use of RSA for asymmetric encryption, a PKI is required to provide and manage the appropriate certificates.

Question 10

Which service of IPSec ensures that an IP Packet is from the sender it claims to be from?

Authentication
Encryption
Confidentiality
Integrity

Answer 10

Authentication

Explanation:
My Take: Authentication is Person to Person verification/confirmation where Integrity makes sure the information in the Packet has not been altered and came from where they should have come from.

Authentication deals with confirming that the Sender is who they say they are.
Integrity ensures that files are not altered in transit and Confidentiality can encrypt the packet.

Question 11

As the final networking components are configured and tested, the production environment is now complete for Acme Inc. and their new payment processing service. They want to use a form of monitoring that will take a snapshot of the entire environment and its normal operating procedures and send an alert if anything is performing oddly. – What type of monitoring established performance baseline based on a set of network traffic evaluations?

Signature-based
Anomaly-based
Pattern-based
Hashing-based

Answer 11

Anomaly-based

Explanation:
Anomaly-based monitoring systems are also known as statistical anomaly-based monitoring systems. They establish a performance baseline based on a set of normal network traffic evaluations. The baseline should be taken when servers are under normal load.

Question 12

A security administrator is creating a plan that lays out the steps to perform in the event of a fire in their new data center. It outlines what to prioritize and how to properly evacuate if necessary. – What of the following is the administrator creating?

Failover Plan
Backup Plan
Disaster Recovery Plan
Fire Plan

Answer 12

Disaster Recovery Plan

Explanation:
Disaster Recovery Plan is created in a case of an unplanned disaster such as a fire, flood, power loss, or theft. It contains the steps needed to get the organization productive again.

Question 13

During the course of a reorganization, Smith Industries was interested in implementing a new IT security framework to promote enhanced security, along with proper processes for obtaining and deploying secure hardware and software. – Of the following IT Security frameworks, which divides IT into the following four sections: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate?

ITIL
PMBOK
COBIT
NIST

Answer 13

COBIT (Control Objectives for Information and Related Technologies)

Explanation:
COBIT is a good practice framework created by the international professional association ISACA for information technology management and governance. COBIT provides an implementable “set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.”

Question 14

A new junior developer is being briefed on development efforts at Acme Inc. The lead administrator is explaining a recent issue where an application was writing to a set of memory that another command was using. This caused unexpected issues and several crashes before it was remedied. – Which of the following were they MOST LIKELY encountering?

Improper input handling
Resource exhaustion
Race Condition
Integer Overflow

Answer 14

Race Condition

Explanation:
In programming, when serveral modules of an application, or two or more applications, attempt to access the same resource at the same time, it can cause a conflict known as a Race Condition. This situation can be a significant headache for a developer if not properly accounted for, as it can lead to incorrect computations, data value conflicts, and more.

Question 15

A critical business system at Smith Industries is built on an aging platform, but replacement attempts have been difficult. The executives are interested in the potential risk it poses to the rest of the network and what may happen if it’s left without an adequate replacement. They are performing regular baseline captures and would like to use existing information if possible. – What baseline reporting methodology are they using to find vulnerabilities and weaknesses in their system?

Security posture
Hashing
Vulnerability Assessment
Security Posture Assessment

Answer 15

Security Posture Assessment

Explanation:
Security Posture Assessment uses baseline reporting and other analyses to discover vulnerabilities and weaknesses in systems. It’s used to determine an organization’s security posture, which is the security status of the organization’s entire network, information, and systems, and their capability to manage the defense of this environment and react to changing circumstances.

Question 16

An employee at ACME corporation fell victim to a phishing attack. Once the intruder gained access to the employee’s account, they were able to exfiltrate protected information regarding the corporation’s infrastructure. – Which type of data breach would this be classified as?

Financial
Privacy
Proprietary
Integrity

Answer 16

Proprietary

Explanation:
A proprietary data breach ocurs when proprietary data has been accessed or exfiltrated. Proprietary data is any data controlled solely by your company. Protected infrastructure information is an example of proprietary data.

Question 17

A new employee is starting at ACME Inc., working in HR. The network administrator creates their account and places it in the HR group, which includes the HR managers and HR employees, so they have the same access. The nework administrator explains to the employee that there are areas of the HR application that they have access to but that are only for managers. – This violates which of the following technical control principles?

Location-based Policies
Need to Know
Group-based Privileges
Least Privilege

Answer 17

Least Privilege

Explanation:
Least Privilege is a technical control by which users only have the access necessary to perform their job functions and nothing more. In this example, there should have ben a group configured for HR employees separate from that of the HR managers, so that they only had the permissions necessary to perform their jobs.

Question 18

An attacker is working on gaining access to a target network and has succeeded in gaining access to a user’s workstaiton. The attacker then begins to use that workstation to attack other targets and to continue access escalation. – Which of the following did the attacker perofrm after gaining access?

Pivot
Active Reconnaissance
Escalation of Privilege
Initial Exploitation

Answer 18

Pivot

Explanation:
A Pivot is the process of using various tools to obtain more information baout the subject at hand. In this case, the attacker pivots after gaining access to the victim’s workstation to then begin attacking the rest of the network from that workstation. This is the attacker pivoting from the machine to obtain a wide variety of other information about the network, such as network shares, additional vulnerable hosts, or even sensitive information, depending on data storage.

Question 19

You need to create a forensic image of a Windows computer. – Which of the following tools can you use to achieve this?

Cuckoo
dd
chmod
FTK Imager

Answer 19

FTK Imager

Explanation:
The Forensic Toolkit (FTK) is a full suite of tools that can be used in a forensics investigation. One of the tools, FTK Imager, can be used to create an image of a Windows device.

The Linux tool dd is also used for imaging, but it is for Linux systems and not Windows devices.

Cuckoo and chmod can’t be used to create forensic images.

Question 20

Passed after several accounting scandals, this act asserts accountability over these organizations and how they handle their finances. – What act governs the disclosure of financial and accounting information?

GLB
SOX
HIPPA
Privacy Act of 1974

Answer 20

SOX (Sarbanes-Oxley)

Explanation:
Sarbanes-Oxley (SOX) Act governs the disclosure of financial and accounting information. It was enacted in 2002. It was passed following the scandles of Enron and WorldCom. SOX requires executives within an organization to take responsibility for the accuracy of financial reports.

Question 21

HR employees need to send personal and sensitive information to an employee for review. The information is regulated for privacy and the HR resources need to ensure that only the recipient is able to open and view the informationa fter authentication. – What can they use to encrypt the message into an unreadable form?

A Key
Encryption
A Cipher
Cryptography

Answer 21

A Cipher

Explanation:
In Cryptography, a Cipher is an algorithm for performing encryption or decryption - a series of Well-Defined steps that can be followed as a procedure. It is also sometimes used to refer to the Encrypted text message itself, although in that case the term “ciphertext” is preferred.

Question 22

There are repots that a Server on the Network has been compromised and may be sending malicious traffic over the Network to other devices to further the attack. The administrators want to view the Network traffic so that they can get an idea of what to expect. – Which of the following would the administrators want to use in order to view traffic on the Network?

Nessus
Nmap
Protocol Analyzer
LANsurveyor

Answer 22

Protocol Analyzer

Explanation:
Protocol Analyzers are also called Sniffers. They intercept Network traffic and allow an administrator or a Hacker to view Packet Data. Data cannot be read if it’s encrypted. The ability to see the traffic on the Network should not be underestimated, especially during instances of troubleshooting and locating potentially malicious activity. It enables a view of the streaming traffic in real time, which is not offered by many Switches or Routers unless they are high-end. Items such as plaintext passwords being transmitted over the Network, potential sources of flood attacks, and more can be discovered.

Question 23

Which type of certificate is created and used by a root CA?

SAN
Code Signing
Self-Signed
Wildcard

Answer 23

Self-Signed

Explanation:
A root Certificate Authority (CA) needs to create its own Certificate and sign it itself. All other systems will get their Certificate from the root CA.

Question 24

An administrator is deploying a new secure Server that has drive Encryption because it handles sensitive customer information. The executives are concerned that the keys used for the Encryption may be made inaccessible at some point. – What should an administrator ocnfigure in case a certificate key is corrupted, comprormised, or made inaccessible?

Key Distributor
Key Recovery Agent
Key Escrow
Backup Keys

Answer 24

Key Recovery Agent

Explanation:
If a Key Recovery Agent has been configured, lost or corrupted keys can be resotred. It’s important to use some type of software that can archive and restore keys in case of an incident or disaster. Some technologies provide an ability for the recovery agent to recover the encrypted data using a key that is different than the one originally used for encryption. Microsoft’s BitLocker uses two keys, one of the user and another of the key recovery agent, to encrypt information and make it possible to recover the data if the original key is corrupted or lost.

Question 25

An administrator wants to encrypt all communications from systems on one Network with systems on another Network. – Which mode of IPsec should be used in this situation?

Network
Tunnel
Transport
Incognito

Answer 25

Tunnel

Explanation:
Tunnel Mode is used when IP Traffic is encapsulated and sent outside of a LAN across a WAN to another Network. This occurs in VPNs that use IPsec.

Question 26

The Smith Consulting organization is experiencing growth that is putting a strain on its Network. They have a loose work group of computers and they need to basically triple their company size as a result of landing recent business contracts. They need to implement a secure Network that provides access only to authorized users and is able to authenticate those users to ensure that no unatuhroized access is given. – Which of the following tools would BEST fit this scenario?

Remote Access
Directory Services
Additional Work Groups
VPN

Answer 26

Directory Services

Explanation:
Directory Services can streamline management and enhance Security of Networks by providing a centralized capability to manage authorized users and devices. Microsoft Active Directory, for example, is capable of creating objects for each authorized user and computer to keep track of their access levels.

Question 27

After an incident, an investigator generates a hash from the contents of a hard drive. – What purpose does this has value serve in an investigation?

Secure Wipe
E-Discovery
Data Recovery
Nonrepudiation

Answer 27

Nonrepudiation

Explanation:
Nonrepudiation means that there is proof that someone cannot deny something, which can be accomplished by taking a Hash Value. Taking a Hash Value shows if the data has changed since it was first discovered.

Question 28

An attacker has obtained the password database for a popular social media site and has begun to run analysis on it to decrypt the passwords. They are running every possible combination against the database in an effort to crack it. – This is an example of which of the following?

Offline Brute Force Attack
Online Brute Force Attack
Dictionary Attack
Pass the Hash Attack

Answer 28

Offline Brute Force Attack

Explanation:
An offline password attack, or offline Brute Force Attack, is when the attacker attempts to discover the password from a captured database or packet scan. Some of the most effective methods to mitigate offline attacks are complex passwords and salted password hashes.

An online password attack would occur as a Brute Force attack against a web application login by repeatedly guessing at the password for an account.

Question 29

What SNMP scenario monitors software deployed by a Network management system?

Network Systems
Managed Devices
Hosting
Agent

Answer 29

Agent

Explanation:
Agents are software deployed by the Network Management System (NMS) that is loaded onto managed devices. The software redirects the information that the NMS needs to monitor remote devices. This information can be aggregated at the central SNMP server for review of the logs.

Question 30

An organization has just discovered that they were the victims of a cyber attack. The intruder was not able to steal any of their customer’s private data, but they were able to steal blueprints for the organization’s next product. – Which of the following BEST describes the scenario?

PII Theft
PCI Theft
Identity Theft
IP Theft

Answer 30

IP Theft (Intellectual Property Theft)

Explanation:
Intellectual Property (IP) refers to a certain type of property created from the mind. The engineers who created the blueprints created them specifically for the organization and they were not to be shared with the outside world. The scenario describes IP Theft.

Identity Theft and PII (Personally Identifiable Information) Theft do not fit the scenario because the data stolen did not pertain to any specific individual.

This is also not a Theft of Payment Card Information (PCI) so PCI Theft is incorrect.

Question 31

The Smith Consulting organization is experiencing growth that is putting a strain on its Network. They have a loose work group of computers and they need to basically triple their company size as a result of landing recent business contracts. They need to implement a Secure Network that provides access only to authorized users and is able to authenticate those users to ensure that no unauthorized access is given. – Which of the following tools would BEST fit this scenario?

VPN
Directory Services
Additional Work Groups
Remote Access

Answer 31

Directory Services

Explanation:
Directory Services can streamline management and enhance Security of Networks by providing a centralized capability to manage authorized users and devices. Microsoft Active Directory for example is capable of creating objects for each authorized user and computer to keep track of their access levels.

Question 32

WIndows incorperates a dual set of permissions, one for sharing and one for NTFS file system. They have differences and it’s important to understand which are applicable. – Which of the following is NOT a Windows Share Permission?

Read
Full Control
Change
Write

Answer 32

Write

Explanation:
The only Share Permissions on Windows are Full Control, Change, and Read. The NTFS permissions are more granular and cover much more. Here is a list of NTFS Permissions:

Full Control
Modify
Read & Execute
List Folder Contents
Read
Write

Question 33

An administrator uses NAC to run software to check the status of a system without directly installing it there. – What BEST describes this scenario?

Stateless
Agentless
Dissolvable
Permanent

Answer 33

Dissolvable

Explanation:
Network Access Control (NAC) that is agent-based can be permanent or Dissolvable. If it is Dissolvable, it runs the program once and the system to determine if access should be allowed or denied, and then deletes the program. If it is permanent, the program stays on the agent until manually removed.

Question 34

The Security officer at Smith Manufacturing wants to implement Secure procedures for the Server room. The concern is that there is no automatic logging of who uses their key for the Server room, so they are interested in adding an additional element of authentication, coupled with the Keys. – What can they attach to the keychains to allow door access to the Server room?

Key Locks
Passwords
ID Badges
Security Tokens

Answer 34

Security Tokens

Explanation:
Security Tokens are physical devices given to authorized personnel to help with authentication. Hardware tokens are used for door access to systems or for accessing a physical computer. These tokens can be swiped along with the key to not only authenticate and allow access, but to make digital visitor logs to track who had access at what time.

Question 35

For enhanced Security, the standard profile for a Firewall is to allow only connections that have specifically been discribed in the filters and to restrict all other access. – What type of access control is this?

Separation of Duties
Implicit Deny
Least Privilege
Job Rotation

Answer 35

Implict Deny

Explanation:
Indicates a Firewall, so it would be a Firewall Rule.
This access control practice automatically denies all users except those eplicitly given access to the object. This method is good for highly sensitive confidential data.

Question 36

Of the following, which is a web application vulnerability that can be perpetrated when an attacker embeds malicious HTML or JavaScript into a website for it to execute when the victim visits the webpage?

DLL Injection
SQL Injection
Cross-Site Request Forgery
Cross-Site Scripting

Answer 36

Cross-Site Scripting

Explanation:
Indicates HTML or JavaScript, which are Scripting Languages.
Cross-Site Scripting (XSS) is a web application vulnerability that arises when attackers are able to embed malicious Scripts (HTML, JavaScript, etc.) within a webpage that will run when a user visits the page. These XSS attackers can extract sensitive information, such as login cookies, and provide it to the attacker to use to impersonate a user’s login.

Question 37

You are working with the Security Team to implement proper Security Controls. One of the systems has an operating system that is no longer supported. However, it can’t be upgraded to a new operating system due to the antiquated software in use. In order to address this issue, the Security Team has chosen to simply isolate the system by removing it from the Network. – Which type of Security Control does NOT apply directly to the vulnerable System, but can help ofset the lack of a direct control?

Compensating
Deterrent
Corrective
Detective

Answer 37

Compensating

Explanation:
A Compensating Control does not apply directly to the vulnerable system, but can help offset or Compensate for the lack of a direct control. In this scenario, a direct control would be to update the operating system to a supported version. Since this is not possible, the Security Team has simply isolated the system from the rest of the Network to compensate for this direct fix issue.

Question 38

During the course of a reorganization, Smith Industries was interested in implemetning a new IT Security framework to promote enhanced Security, along with proper processes for obtaining and deploying secure hardware and software. – Of the following IT Security frameworks, which divides IT into the following four sections - Plan and Organized, Acquire and Implement, Deliver and Support, and Monitor and Evaluate?

PMBOK
NIST
COBIT
ITIL

Answer 38

COBIT (Control Objectives for Information and Related Technologies)

Explanation:
COBIT is a good-practice framework created by the International Professional Association (ISACA) for information Technology management and governance. COBIT provides an implementable “Set of Controls over Information Technology and organizes them around a logical framework of IT-related processes and enablers.”

Question 39

IT Systems management is a dynamic process that requires both preemptive and reactive methods to ensure that an organization can prepare for and recover from an attack. – Which of the following is the term applied to the mitigation action organizations take to defend against Risk?

Due Care
Due Diligence
Due Process
Offboarding

Answer 39

Due Care

Explanation:
Due Car is the mitigation action that an organization takes to defend against the Risks that have been uncovered during Due Diligence. Due Care is what happens AFTER an attack has been identified. The organization must assess the severity of the attack, contain the attack, stop it from harming performance, and then find the root cause.

Question 40

An administrator is reviewing a System that hosts a secure site for users to track banking information. In addition to hosting the web application, this Server also handles the TLS connections between the Server and Client. Logs are indicating that the system is maxing out its CPU and RAM usage, which is impacting the website speed. – Which of the following would enhance this Secure Website’s Function?

Scale up the Server with more RAM and CPU
Offload Encryption functionality to a TLS accelerator.
Limit the number of connections to the Server.
Reduce the number of requests accepted per connection

Answer 40

Offload Encryption functionality to a TLS accelerator.

Explanation:
The process of establishing the HIPS Sessions, Negotiating the Best Security supported between the Client and Server, sharing Encryption Keys, and Encrypting Session data requires a significant amount of CPU and RAM resources. Offloading it to a dedicated device can reduce the perofrmance impact and increase website response.

Limiting the number of connections or requests is realistically infeasible and would negatively impact user interaction, so this option is incorrect. Scaling the CPU and RAM is also incorrect. While it is possible to increase RAM, the process of enhancing a Server CPU is rather cost-inefficient. A better option would be to obtain a second server and offload the TLS functionality to a TLS Accelerator.

Question 41

Sean needs an Audit report form a provider that he is considering. He plans to check the Auditor’s opinions on the effectivenes of the Security and Privacy Controls that the provider has in place. Which of the following types of Standard for Attestation Engagements (SSAE) should he ask for?

SSAE-18 SOC 2, Type 1
SSAE-18 SOC 2, Type 2
SSAE-18 SOC 1, Type 1
SSAE-18 SOC 1, Type 2

Answer 41

SSAE-18 SOC 2, Type 2

Explanation:
SOC 2 engagement assesses the Security and Privacy controls that are in place, and a Type 2 Report provides information on the Auditor’s assessment of the effectiveness of the controls that are in place.

A SOC 1 Report assesses the controls that impact the accuracy of financial reporting.
Type 1 Reports a review auditor’s opinion of the description provided by management about the suitability of the controls as designed. They do not look at the actual operating effectiveness of the controls.

Question 42

Clover is working for the US Government and has determined information in her company that needs some protection. If the information was exposed without permission, it would lead to identifiable harm to national security. How should she categorize the data?

Business Sensitive
Secret
Top Secret
Confidential

Answer 42

Confidential

Explanation:
Confidential information is classified by the US Government as information that requires some Protection and that if disclosed without authorization, would cause identifiable harm to National Security.

Top Secret information requires the highest degree of protection and would cause exceptionally grave harm if exposed without authorization.

Secret information requires a substantial degree of protection and would cause serious damage if exposed.

Business Sensitive is not a US Government classification but is a term commonly used in businesses.

Question 43

A large subset of the Acme Inc. employee workforce works remotely and requires a VPN connection. Since there are several hundred employees, the VPN connections have grown in number. – What should large organizations use to handle multiple incoming VPN sessions?

VPN Router
VPN Server
VPN Centralizer
VPN Concentrator

Answer 43

VPN Concentrator

Explanation:
VPN Concentrator is an appliance offered by several vendors that helps large organizations with VPN organization. It’s used when the company needs hundreds of simultaneous connections during the workday.

Question 44

Which of the following statements are TRUE for Application Whitelisting and Blacklisting? (Choose ALL that Apply)

Software Restriction Policy for restricting applications applies only to an individual user and not to a group of users.

An administrator can Blacklist or Whitelist applications that the users can run using Software Restriction Policies.

If an application or a specific path that contains the executables is Blacklisted, then all executables within the defined path are Blacklisted.

Application Blacklisting and Whitelisting is always applied at the domain level.

Answer 44

An administrator can Blacklist or Whitelist applications that the users can run using Software Restriction Policies.

If an application or a specific path that contains the executables is Blacklisted, then all executables within the defined path are Blacklisted.

Question 45

To prevent the spread of an attack, which of the following methods of isolation can be used? (Choose ALL that Apply)

Isolate the Users
Isolate the affected Systems
Isolate the Network
Isolate the Attacker

Answer 45

Isolate the affected Systems
Isolate the Attacker

Question 46

When implementing segmentation as a proactive measure, which of the following types of segments exist on a Network? (Choose ALL that Apply)

DMZ
Users
Data Center
Guests

Answer 46

Users
Data Center
Guests

Question 47

If two segments need to talk to each other in a segmented Network, which of the following is required?

Router
WAF
Firewall
IDS

Answer 47

Firewall