Question 1:
Which type of attack is primarily intended to disrupt the availability of critical business functions?
Covert channel
Man-in-the-middle
Eavesdropping
Denial-of-service
Question 2:
Classify each attack method in relation to its direct impact on the CIA triad.
Answer options may be used more than once or not at all. Select your answers from the pull-down list.
Key logger
Covert channels
DNS poisoning
DDoS
options - Availability, Confidentiality, Integrity
Question 3:
A security administrator has configured a small keysize to protect the VPN.
Which security objective does this affect?
Availability
Authentication Integrity
Confidentiality
Question 4:
A laptop has been stolen. and the data has been seen for sale on the darknet.
Which process could have protected the confidentiality of the data?
Host-based IDS
Hard drive encryption
Two-factor authentication
BIOS password
Question 5:
When browsing to a financial website. a user receives an error on the browser that points to the certificate on the website. The user reviews the certificate and maps it to a known certificate authority.
Why did the user need to perform these actions?
To validate client authenticity
To ensure connection is available and reliable
To monitor communications
To establish a trust relationship
Question 6:
A team of scientists is working on a secure project. The network administrator needs to configure a network for the team that is not routable from the Internet A firewall is protecting the scientists' network and is using network address translation (NAT) to translate the internal IP addresses to public IP addresses.
Which IP address should the network administrator configure on the inside interface of the firewall,
10.14.15.16
9.131.162.1
172.32.255.1
192.169.255.12
Question 7:
An ad hoc network design team has lust finished a presentation on the latest updates to the organization's network infrastructure The team ensured that plenty of redundancy has been built in ana bottlenecks have been eliminated.
Which security objective has the team bolstered through these improvements?
Confidentiality
Non-repudiation
Availablity
Integrity
Question 8:
A company has recently implemented a new email encryption system that uses pubic key infrastructure (PKI). The company is now requiring all employees to sign ana encrypt internal communication. An employee wants to send a digitaly signed message to the IT director.
What does the IT director use to decode the employees signature under the new system?
The IT director's password
The employee's public key
The employee's password
The employee's private key
The IT director's private key
The IT director's public key
Question 9:
An administrator at a small office is tasked with supporting a new lime clock that has been installed on the network.
The outsourced company managing the time clock states that the connection protocol it uses with the clock is encrypted. but it needs to allow incoming connections from the Internet
Which action should allow the outsourced company to securely manage the time clock with a minimal amount of confSgutaton effort?
Creating an access rule on the firewall allowing the clock to connect to the outsourced company
Setting up a port forward on the firewall from the Outsourced company to tne time chock
Creating a transparent forward proxy to allow the encrypted protocol to traverse tne Internet
Configuring a virtual private network (VPN) between the outsourced company and the small office
Question 10:
A small nonprofit company nas received several legacy wireless access points (APS) as a donation. The security administrator discovers that the encryption protocol tne devices use is not very secure. The encryption key can be discovered by a malicious hacker in on few minutes. After discussions with other security' professionals. the administrator learns the AP's can implement a key protocol trial can change the encryption key every few seconds and provide a perpacket verification at each side of tne communication
Which security measure is the key protocol implemented to protect?
Integrity of the key
Availabilty of the key
Privacy of the key
Accountabacy of the key
Confidentiality of the key
Question 11: A recently terminated employee from accounting used several widely available programs in an amateur attempt to exploit a company's database.
Which term describes the terminated employee?
Black hat hackers
White hat hackers
Script kiddies
Hacktavists
Question 12:
An organization has recently undergone a period of growth, both in terms of business operations and personnel. The network infrastructure has kept pace, growing to accommodate the new size and structure. Mapping and auditing of the expanded network needs to be done. One of the first findings is that the router has permissive rights to all unassigned ports.
What is this finding an example of?
An opportunity
A vulnerability
A good security practice
A threat
Question 13:
A company has been the target of multiple social engineering attacks and is implementing a new mandatory security awareness training program to reduce the risk of a future compromise. The security administrator is mainly concerned with the following attack vectors:
Spoofed emails containing fake password reset links aimed at harvesting employees' passwords
Phone calls to the helpdesk by a malicious user pretending to be an employee needing a password reset
A malicious user tailgating while Impersonating a contractor to steal employees' mobile devices
What are the two vuinerabilmes that the company needs to address to meet the above requirements?
Choose 2 answers
Lack of secure access control
Untrained users
Disgruntled employees
Weak passwords
Compromised email system
Question 14:
An email link takes a user to an online store. After clicking the link, the user is redirected to a spoofed online store.
Which type of attack ts occurring?
Session hijacking
SOL injection
Distributed denial-of-service
Cross-site scripting
Question 15:
Which device is responsible for performing stateful packet inspection on traffic traversing connected segments?
Layer 3 switch
Screening router
Firewall
VPN appliance
Question 16:
Which device is Layer 7 aware and provides both filtering of unwanted source IP traffic from accessing a network and policy on which ports may be used?
IPSec VPN
Circuit firewall
Application firewall
Packet filter firewall
Question 17:
A software circuit firewall is on the network providing protection for a web server. There is a cross-site scripting vulnerability on the web server.
How will the software circuit firewall react to an exploit of Mfrs vulnerability?
It will filter traffic at each layer of the OSI model.
It will protect against application vulnerabilities.
It will be restricted to protecting against low-volume attacks.
It will fitter based solely on Initial session setup.
Question 18:
During preproduction testing, a Key security control Is found to be missing. This oversight inadvertently allows users to view data they are not authorized to access. Vpon review of the Initial security requirements, it was stated that authentication, authorization, and accounting (AAA) of users was required in the design of the system.
What occurred during the systems development life cycle (SDLC) that caused this problem?
Penetration testing was not performed during the implementation phase.
No objective security reviews were conducted to ensure security requirements were being met during the development phase.
AAA requirements were not clear in the system security requirements.
Identity and access management (IAM) assessments were not conducted to ensure authentication was enforced during the testing phase.
Question 19:
Many of the devices a company uses are stand-alone, third-pany appliances. While the appliances are evaluated for security concerns at the time of purchase, many have reached the end or their support and will need to be replaced soon. What should a security administrator do to protect these assets before they are disposed of and replaced?
Develop custom in-house patches
Use a defense-in-depth strategy
Follow a strict compliance methodology
Implement security through obscurity
Question 20:
During the initiation phase of the systems development life cycle (SDLC). an administrator is working on a new system that will support remote access to the organization's disaster recovery environment As part of the effort the administrator rs attempting to calculate the bandwidth required to support systems identified in the business impact analysis.
Why is the calculation of required bandwidth vital to the tenets of security?
The organization will not have the desired level of availability without Sufficient bandwidth. Limited bandwidth will impact the organization's ability to cut over to a hot site
Failure to provide adequate bandwidth will be a violation of the Internet service provider's service level agreement
The integrity of critical data will be compromised without sufficient bandwidth.
Question 21:
A technician is configuring the security features of new built-in-house software. After configuring the apphc ation the technician tests the new security controls
At which phase of the Systems development life cycle (SDLC) process is the technician operating?
Deployment
Operation
Initiation
Implementation
Question 22:
In the diagram provided three network zones containing servers are depicted As the security architect, only one host intrusion sensor and one network intrusion sensor will be allowed in the design
where should the sensors be deployed to maximize detection or threats against this organization's extranet implementation?
Host-based Intrusion Detection System (HIDS) on the DB server and Network intrusion Prevention System (NIPS) ri the LAN
HIDS on the app server and NIPS in the LAN
HIDS on the laptop and NIPS in the DMZ
HIDS on the DB server and NIPS in the DMZ
HIDS on the web server and NIPS in the DIAZ
Question 23:
An information security project manager has been tasked with implementing a new system designed to detect and respond to network security threats to user workstations as systems in a screened subnet. As part of the configuration the protect team will implement a new network topology
Which network topoty should the project team implement?
Intrusion detection system (IDS) along with sensors in the LAN and DMZ
IPS along with sensors in the wide are network (WAN) and LAN
IDs along wen sensors in the DMZ and network address translation (NAT)
Intrusion prevention system (IPS) along with sensors in tne demilitarized zone (DMZ) and local area network (LAN)
IPS along with sensors in tne metropoirtan area network (MAN) and multiprotocol label switching (MPLS)
Question 24:
A security administrator receives an intrusion detection system (IDS) alert identifying suspicious traffic on the network between two sites In order to identify whether the traffic was malicious or not, the administrator enables a packet capture both inside and outside of one sites Newell Mile monitoring the internal packet Captures. the administrator determines that a rogue IP address is generating a lot of address resolution protocol (ARP) traffic. Further monitoring of the external packet capture reveals that the secure sockets layer (SSL) certificate that certain clients were using was changed to a self-signed certificate
Which type of attack is occurring. based on the packet captures?
Rogue access point
DNS poisoning
Ltan-in-the-middle
Cross-site scripting
Question 25:
As a fundamental concept of network security, backups are vital to incident recovery. A security administrator has been tasked with reporting on the pros and cons of various backup recovery' technologies and is preparing a list Of these technologies Match the advantages and disadvantages with each backup/recovery technology to assist the security administrator.
Answer options may be used more than once or not at all Select your answer from the pull-down list.
Prompts (Advantages)
offers access to data from any Internet connection
Better option when faced with possible major catastrophes affecting connectivity Provides for quick recoveries while controlling the physical/logical information
Prompts (Disadvantage)
Puts data on someone else's hardware
Requires rentedleased space for storage
Subject to physical threats under the organizations control
Subject to physical threats under the organizations control
Offers access to data from any Internet connection
Provides for quick recoveries while controlling the prnsicallogical information
Better option when faced with possible major catastrophes affecting connectivity
Requires rentedneased space for storage
Puts data on someone else's hardware
Question 26:
A company is concerned about employee usernames and passwords being obtained through phishing campaigns.
Which emerging technology should the company employ to keep this from happening?
ITIL
Pernissigning
Tokens
Cloud computing
Question 27:
Which method could be used to protect against data leakage?
Steganography
Deep-content inspection
Data caching
Hashing
Question 28:
A large organization will be heavily dependent on a number of in-house web services that are Internet-facing.
Which control should be used by this organization to protect against Internet-based attackers?
Hardened security appliance
Application whitelisting
Application firevvall
Data lass prevention solution
Question 29:
A security administrator has decided that it is important to simplify the management of many of the edge security devices through a single web interface. The administrator decides to purchase a replacement security device that can filter common website attacks. allow users remote access to their network resources and scan emailS for malware.
What should the administrator deploy to meet these goals?
Hybrid firewall
Stateful packet inspection device
Web application firewall
DLP server
Question 30:
Recently, many organizations are embracing Bring Your Own Device (BYOD) as a means to reduce cost
What is the primary reason these organizations must ensure malware detection remains a top priority?
To reduce the number of external network-based attacks of internal corporate resources
To gain better visibility over the security posture of competitors
To protect the organization from attacks introduced by the lack of a perimeter
To protect employees' personal financial transactions and files
Question 31:
A security administrator has recently subscribed to online threat feeds that discuss continual security improvement, better log visibility, and improved risk mitigation techniques.
Which explanation should be given as the reason for improving continuous detection processes in these discussions?
To provide more granular reporting to management
So that networks are better protected than they were in the past
New vulnerabilities are identified every day, and as such networks need to adapt
The detection process may not have addressed at immediately identified risks
Question 32:
A company is in the process of separating valid network traffic from malicious traffic Currently. the company does not want to block valid traffic that would cause an outage to an application.
Which device will monitor and classify potential malicious traffic to improve current policies?
VPN
Intrusion Detection System (IDS)
Load balancer
Firewall
Question 33:
What are two security controls that are applicable to the LAN-to-WAN domain?
Choose 2 answers
Stateful packet inspection
Proxy server
Antivirus software
Network topology
Question 34:
A company's chief executive officer (CEO) is traveling overseas for a business meeting and wants to protect emails and video conference calls from a breach in confidentiality.
Which strategy should be used to achieve this objective?
Define and implement a secure cloud solution.
Ensure that antivirus and application patches are up-to-date.
Secure a VPN back into the corporate offices.
Ensure that the CEO's operating system uses genuine copies of its programs.
Question 35:
An enterprise environment has multiple stakeholders, each of whom has a unique role, responsibility, and level of access.
What is a cost-effective method of segmenting the network far this environment?
Configure a demilitarized zone (DMZ) at the network perimeter.
Define and implement secure cloud architecture
Create Virtual Local Area Networks (VLANs) to segment network traffic.
Implement an array of routing topologies to segment
Question 36:
Match each network security strategy with the appropriate IT domain.
Answer options may be used more than once or not at all. Select your answers from the pull-down list
Protocols, addressing, topology. and communication encryption are critical to securing this domain
Focused on training, strong authentication, granular authorization, and detailed accounting (AAA)
Acceptable Use Policy (AUP) signed prior to being granted access to IT resources and infrastructure
System hardening, communication protection and device positioning
Secured via encrypted tunnels for VPN communication
options:
Local Area Network (LAN) domain
Remote access domain
User domain
Workstation domain
Question 37:
Which concept is appropriate for system hardening. given the workstation domain?
Choose 2 answers
Synchronize the clock
Implement network access control
Filter RFC 1918 addresses
Define a guest account
Enable host firewall
Question 38:
A security administrator has discovered the following on a public website:
root:A4D7CF982CB1E5F83CB2FF4DACE8911-2
usex:A4D7CF982CB1E5F83CB2FF4DACE8911E
The security administrator is asked to mitigate the risks that these types of attacks expose the company to in the future.
What is an effective countermeasure that can be executed?
Set up an egress filter.
Create strong firewall Access Control Lists (ACL5).
Implement tokens.
Configure a custom subnet.
Question 39:
A device on a network is pinging over 100 endpoints on the infrastructure. The IP and MAC addresses belong to the network management system. However. the MAC address has been spoofed. The machine is tracked down. and it is an unknown rogue device that somehow got past the network admission control (NAC) device.
Which action should be taken from thrS point forward?
Make an image of this device for forensic analysis.
Run an antivirus scan on this device
Contain and unplug this device from the network
Perform a memory dump.
Question 40:
A network has been subjected to a series of simple yet aggressive attacks for a number of weeks The company's leadership and security team want to know the type of information the attacker is searching tor. and the ways in which the attacker has been successful
What are three methods that Should be used 10 research the attacker's intentions and capabilities?
Choose 3 answers
Honeypot
Mantrap
Honey net
Backdoor
Question 41:
An alarm has been triggered based on the Intrusion Detection System (IDS) thresholds on a company's main operational network. An immediate analysis of the IDS logs shows an intruder successfully breached the perimeter network defenses and began data extinration. Although the network security administrator managed to lock out the intruder and deny access from the source, the company must now go into -incident response- mode.
which three goals should the administrator accomplish as quickly as possible?
Choose 3 answers
minimize operational and network downtime.
Retrain the security team for allowing the intruder access.
Minimize loss (e.g.. financial. reputational. data, intellectual property).
Restore the environment back to a secured normal state.
Purchase the next generation of firewall implementation to further secure the perimeter.
Retaliate against the intruder and attack the access point.
Question 42:
An application server was recently attacked, resulting in compromise of all transactional credit card information via the website. It was revealed that the attacker was able to compromise a system administrator's computer via a spear phishing attack. This gave the attacker the ability to compromise the application server.
Which network security management practice should be applied to treat these operational weaknesses?
Increase physical security for all personnel accessing the servers.
Institute a patch policy for the application servers.
Increase training of information technology staff on the dangers of social engineering.
Install antivirus, malware, Host-Intrusion Prevention System (HIPS), and host firewalls on database servers.
Question 43:
An attacker compromises an Internet-facing web server. The attacker then uses the compromised web server to gain unauthorized access to other internal servers.
Which control or design consideration prevents exploitation of the internal network?
Demilitarized zone
Outbound frewall rules
Antivirus
Network address translation
Question 44:
Recently. a company experienced several malware infections. Though the virus scanners have been regularly updated, re-infections happen regularly. An Investigation of the Infected PCs shows that several critical OS files have not been updated in more than a year.
Which two strategies should the company deploy in the future to detect and minimize the possibility of this kind of infection?
Choose 2 answers
Patch management
Honeypot
Full disk encryption
Web application firewall
Vulnerability assessments
Question 45:
Company A has established a business partnership with Company B. Company A and Company B need to securely interconnect their networks. while minimally impacting the end-user experience.
How should access to these two networks be granted?
Thin client or terminal services
Host these devices in the cloud
Site-to-site VPN
Remote Access VPN
Question 46:
A company's chief information officer (CIO) has tasked the network security team with a set of requirements for the next iteration of network security. The CIO wants a solution that will implement the following items.
Access control
Connectionless data integrity checking
Data origin authentication
Replay detection and rejection
Confidentiality using encryption
Traffic flow confidentiality
What provides this set of services?
Layer 2 Tunneling Protocol (L2TP)
Secure Sockets Layer/Transport Layer Security (SSl/TLS)
Point-to-Point Protocol (PPP)
Internet Protocol Security (IPSec)
Question 47:
A company decides to implement Network Address Translation (NAT) and strict inbound access control after experiencing multiple breaches from external hosts connecting to its publicly available IP addresses. The system administrator verifies the Access Control List (ACL) is configured properly, but firewall log analysis still shows multiple external malicious hosts connected to internal company hosts.
What should the security administrator do to reduce the risk of further malicious connections?
Block Incoming external port scans.
Implement an outbound ACL.
Implement a remote access VPN.
Block Internet Control Message Protocol (ICMP) at the border firewall.
Question 48:
A network administrator wants to harden the configuration of the company's VPN.
Which two steps must the administrator take to ensure the VPN server is hardened and the VPN tunnel implements strong confidentiality controls?
Choose 2 answers
Implement Data Encryption Standard (DES).
Use Secure Hashing Algorithm 1 (SHA-1).
Configure Advanced Encryption Standard (AES).
Employ authentication headers.
Change the server's password.
Question 49:
Alter a new firewall was installed, the security administrator has reported that a large number of fragments and overlapping packets are filling the logs and causing abnormal network behavior.
Which two features can be implemented on the firewall to resolve this issue?
Choose 2 answers
802.1x authentication
Deep packet inspection
Dynamic filtering
Intrusion detection system (IDS)
Encrypted payload
Question 50:
A security administrator working for a large organization has been asked to implement a remote access solution that would facilitate telecommuting employees. Employees must be able to access the Internal network and securely perform work-related functions from home. The solution must allow for a minimum of 20 simultaneous connections at any given time.
Which remote access solution is the proper solution?
Implement a PKI solution.
Separate Local Area Network (LAN) segments via virtual LAN (ULAN).
Enable remote desktop connection on the internal network.
Implement end-to-end data encryption
install a VPN concentrator.
Question 51:
During an annual security audit, a company discovered that the development team has been committing code to production, which breaches the compliance requirement of separation of duties.
Which security measure needs to be implemented?
Prioritize log aggregation network traffic.
Set up proper storage encryption.
Adopt the principle of least privilege.
Create an incident response plan.
Question 52:
A security network specialist has been asked to configure secure Internet access for a small company made up of 20 computers. The company must provide remote services to its mobile workers.
Which solution should be implemented?
Bastion firewall acting as the firewall and a VPN
Endpoint-based firewalls and secured remote desktop services
Small office. home office (SOHO) hardware firewall with secure sockets layer (SSL) port forwarding
Endpoint-based firewalls and secure shell (SSH) remote access
Question 53:
A company needs an alternative to a VPN solution to provide secure communications between clients and servers within the extended organization. In addition to secure communications, eavesdropping and tampering with data while in transport must be prevented. Finally, endpoint authentication and confidentiality of communications must be provided.
Which solution should be implemented based on these requirements?
Layer 2 Tunneling Protocol (L2TP)
Point-to-Point Tunneling Protocol (PPTP)
Secure Sockets Layer/Transport Layer Security (SSUTLS)
Generic Routing Encapsulation (GRE)
Question 54:
An organization is looking for a better way to communicate across the Internet. The organization has done an exhaustive study of both present and future requirements, and has determined the need for the following specifications in the new communication infrastructure:
Increased address space
More efficient routing functionality
Reduced management requirements
Better quality of service
Enhanced security
What should the organization implement across their enterprise based on these requirements?
Internet Protocol Version 6 (IPv6) User Datagram Protocol (UDP) Internet Protocol Security (IPSec) Network Address Translation (NAT)
Question 55:
A VPN solution was compromised when traffic from the Internet was seen on the internal network. This traffic bypassed the company's firewall policies. Specifically. a large amount of command-and-control data was seen by network intrusion detection systems (NIDS) from the VPN user's connection.
Which scenario potentially caused this compromise?
The VPN authentication, authorization, and accounting (AAA) server did not adequately limit privilege escalation of the VPN user and resulted in malware injection attacks.
A VPN user's laptop was compromised with malware. causing an Internet backdoor to occur even though split tunneling was not allowed.
The VPN user's credentials were compromised, allowing an attacker to route Internet traffic into the VPN.
Split tunneling was allowed where a connected VPN client could route traffic to and from the Internet into the VPN connection.
Question 56:
A firewall policy has an Access Control List (ACL), which allows a connection from a university that is not part of the company.
Which description depicts what the company is currently doing that directly relates to this ACL?
Allowing a local administrator to secure the firewall on port 161
Utilizing a remote connection on port 22
Running a web server on port 80
Allowing a remote employee to access a secure webpage on port 443
Question 57:
A network technician needs to securely connect a remote office over the commercial Internet. The technician wants to ensure the local headquarters' virtual local area networks (VLANs) are visible at the remote site, and that the remote site uses the headquarters' Dynamic Host Configuration Protocol (DHCP) server for addressing.
Which solution will allow the two offices to implement the requirements?
Internet Protocol Security (IPSec)
transport mode Secure Shell (SSH)
Point-to-Point Protocol (PPP)
Layer 2 Tunneling Protocol (L2TP)
Question 58:
A network security engineer has been contracted by a small organization to develop a remote connection solution. The organization is extremely concerned with privacy and secure communications. The organization owns the entire network, including all switches, routers. cabling, and hardware infrastructure.
Which solution should the network security engineer implement?
Private branch exchange
Hybrid VPN solution
Secure VPN solution
Remote Authentication Dial-In User Server (RADIUS) access Trusted VPN solution
Question 59:
A firewall has been placed between two networks Each network implements a VPN concentrator to enable secure communication via a VPN in tunnel mode.
What information regarding the VPN will the firewall logs provide?
Information about internal endpoints' source IP addresses
Information about the origin and destination of original headers
Information about the temporary encapsulation header
Information about the packet payload content
Question 60:
Use the following configuration of an access control list (ACL) to answer the question below:
PROTO SRC_IP SRC_PORT DST_IP DST_PORT ACTION
TCP ANY ANY 192.16,3.4.3/24 >1024 ALICW
Which type of firewall should the company be using?
Application layer
Circuit proxy
Stateful inspection
Static filtering
Question 61:
During a routine penetration test of an organization's perimeter firewall, an anaFyst discovers that port 25 is open on the wide area network (WAN) interface of the firewall.
What is causing this finding?
Port Address Translation (PAT) is passing webmail traffic to an internal web server
Local POP access to the firewall was enabled by default
Network Address Translation (NAT) is passing Simple Mail Transfer Protocol (SMTP) traffic to an internal email server
Remote console access to the firewall was not disabled
Question 62:
A firewall administrator is setting up the necessary rule to allow an email server to send and receive email.
Which three elements does the Access Control List (ACL) need?
Choose 3 answers
Email address domain
Source IP
DNS MX records
Base protocol
Destination port
Dynamic Host Configuration Protocol (DHCP) scope
Question 63:
What are remote access, site-to-site, host-to-host and extranet access examples of?
VPN architecture
VPN devices
VPN encryption
VPN policies
Question 64:
New requirements state that secure communication between a company's remote sites and its corporate headquarters should be encrypted. The administrator decides to encrypt both the packet headers and packet payloads between the sites.
What did the administrator deploy to accomplish this?
VPN in tunnel mode
VPN In clientless mode
VPN in Network Address Translation (NAT) traversal mode VPN in transport mode
Question 65:
Match each VPN concept with its appropriate characteristic.
Answer options may be used more than once or not at all. Select your answers from the pull-down list
Transport mode
Secure Sockets Layer/Top Level Specification (SSLTTLS)
Tunnel mode
Options:
Encryption protocol VPNs use
Encrypts only the payload
Encrypts the entire payload and the header
Question 66:
A security administrator is reviewing the VPN deployment to understand why the VPN connection is not affected when making firewall changes. The security administrator tests the connection, and the web content filter does not work for the VPN connection.
Which type of VPN deployment is being used?
Internally connected
Bypass
Demilitarized zone (DMZ)-based
Inline-based