Module III Certification Quiz Part 1

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Vtgamer

Vtgamer

Community Contributor

Quizzes Created: 5 | Total Attempts: 3,904

Questions: 91 | Attempts: 140 | Updated: Mar 19, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Scoo quiz for security plus test test and test some more

Questions and Answers

1.

Many unauthorized staff has been entering the data center by piggybacking authorized staff. The CIO has mandated to stop this behavior. Which technology should be installed at the data center to prevent piggybacking?
- A.
  
  Token access
- B.
  
  Security badges
- C.
  
  Hardware locks
- D.
  
  Mantrap
Correct Answer
D. Mantrap

Explanation
A mantrap is a security measure that can be installed at a data center to prevent piggybacking. It is a small enclosed area with two doors, where one door cannot be opened until the other is closed. This ensures that only one person can enter at a time and prevents unauthorized individuals from entering by piggybacking on authorized staff. By installing a mantrap, the data center can effectively control access and prevent unauthorized entry.

Rate this question:
2.

Why will a Faraday cage be used?
- A.
  
  To minimize weak encryption
- B.
  
  To allow wireless usage
- C.
  
  To find rogue access points
- D.
  
  To mitigate data emanation
Correct Answer
D. To mitigate data emanation

Explanation
A Faraday cage is a shielded enclosure that prevents the escape or entry of electromagnetic fields. It is commonly used to mitigate data emanation, which refers to the unintentional leakage of electromagnetic signals that can be intercepted by unauthorized individuals. By using a Faraday cage, the electromagnetic signals generated by electronic devices inside the cage are contained, preventing them from being intercepted or accessed by external sources. This ensures the security and confidentiality of sensitive data and helps protect against potential data breaches or unauthorized access.

Rate this question:
3.

An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following?
- A.
  
  Grounded wiring frame
- B.
  
  TEMPEST
- C.
  
  Faraday cage
- D.
  
  Mantrap
Correct Answer
C. Faraday cage

Explanation
A Faraday cage is an enclosure that is designed to block external radio frequency signals from entering or leaving a controlled environment. It is made of conductive material, such as metal, which creates a shield that prevents electromagnetic waves from passing through. This is achieved by the principle of electromagnetic shielding, where the conductive material absorbs and redistributes the electromagnetic energy, thereby minimizing its transmission. Therefore, a Faraday cage is the best description for an enclosure that prevents radio frequency signals from emanating out of a controlled environment.

Rate this question:
4.

Which one of the following options will create a security buffer zone between two rooms?
- A.
  
  DMX
- B.
  
  Turnstile
- C.
  
  Mantrap
- D.
  
  Anti-pass back
Correct Answer
C. Mantrap

Explanation
A mantrap is a security measure that creates a buffer zone between two rooms by using two interlocking doors or gates. It ensures that only one door can be open at a time, preventing unauthorized access and creating a controlled entry point. This physical barrier enhances security by restricting the movement of individuals between the two rooms and allowing for proper identification and authorization before granting access.

Rate this question:
5.

As a network administrator you need to take personal safety into consideration. What fire suppression substances types can effectively prevent damage to electronic equipment?
- A.
  
  CO2
- B.
  
  Halon
- C.
  
  Water
- D.
  
  Foam
Correct Answer
A. CO2

Explanation
CO2 (carbon dioxide) is the correct answer because it is an effective fire suppression substance that can prevent damage to electronic equipment. CO2 is commonly used in fire suppression systems because it is non-conductive and does not leave any residue. When CO2 is released into a fire, it displaces oxygen, effectively smothering the flames and preventing further damage to the equipment. CO2 is safe to use in areas with sensitive electronics and is an efficient and reliable method of fire suppression.

Rate this question:
6.

A Faraday case or Faraday shield is an enclosure formed by conducting material, or by a mesh of such material. Such an enclosure blocks out external static electrical fields. Faraday cages are named after physicist Michael Faraday, who built one in 1836. Which of the following would a Faraday cage prevent usage of?
- A.
  
  Uninterruptible Power Supply (UPS)
- B.
  
  Cell phone
- C.
  
  USB key
- D.
  
  Storage drive
Correct Answer
B. Cell phone

Explanation
A Faraday cage prevents the usage of a cell phone. This is because the cage is designed to block out external static electrical fields, which includes the signals and waves used by cell phones to communicate. When a cell phone is placed inside a Faraday cage, it is effectively shielded from any incoming or outgoing signals, rendering it unable to send or receive calls, messages, or data.

Rate this question:
7.

An administrator wants to make sure that no equipment is damaged when encountering a fire or false alarm in the server room. Which type of fire suppression system should be used?
- A.
  
  Deluge sprinkler
- B.
  
  Hydrogen peroxide
- C.
  
  Wet pipe sprinkler
- D.
  
  Carbon dioxide
Correct Answer
D. Carbon dioxide

Explanation
Carbon dioxide is the most suitable fire suppression system for a server room because it is effective in extinguishing fires without causing damage to the equipment. Carbon dioxide works by displacing oxygen, which is necessary for combustion, and suffocating the fire. It is a clean agent that does not leave any residue or water behind, making it ideal for sensitive electronic equipment. Additionally, carbon dioxide is non-conductive, so it does not pose a risk of electrical damage.

Rate this question:
8.

For the following options, which is an area of the network infrastructure that allows a technician to put public facing systems into it without compromising the entire infrastructure?
- A.
  
  VPN
- B.
  
  VLAN
- C.
  
  DMZ
- D.
  
  NAT
Correct Answer
C. DMZ

Explanation
A DMZ (Demilitarized Zone) is an area of the network infrastructure that allows a technician to put public facing systems into it without compromising the entire infrastructure. It acts as a buffer zone between the internal network and the external network, providing an additional layer of security. Public facing systems such as web servers or email servers can be placed in the DMZ, allowing external access while minimizing the risk of compromising the internal network.

Rate this question:
9.

In computing, a stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. You have been studying stateful packet inspection and want to perform this security technique on the network. Which device will you use to BEST utilize stateful packet inspection?
- A.
  
  Switch
- B.
  
  IDS
- C.
  
  Hub
- D.
  
  Firewall
Correct Answer
D. Firewall

Explanation
A firewall is the device that is best utilized for stateful packet inspection. It is specifically designed to keep track of the state of network connections and perform stateful inspection. Switches, IDS (Intrusion Detection System), and hubs do not have the same capability to perform stateful packet inspection as a firewall does. Therefore, a firewall is the most appropriate device for implementing this security technique.

Rate this question:
10.

A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other’s traffic. Which of the following network devices should be used?
- A.
  
  Switch
- B.
  
  Firewall
- C.
  
  Hub
- D.
  
  Router
Correct Answer
A. Switch

Explanation
A switch should be used to reduce the ability of users on the same floor and network segment to see each other's traffic. Unlike a hub, which broadcasts all traffic to all connected devices, a switch only sends traffic to the intended recipient. This means that users on the same floor and network segment will not be able to see each other's traffic unless it is specifically addressed to them. A firewall, on the other hand, is used for network security and controlling access to the network, but it does not specifically address the requirement of reducing visibility of traffic between users on the same floor and network segment. A router is used to connect different networks, but it does not provide the same level of traffic isolation as a switch.

Rate this question:
11.

Coaxial cable is a cable consisting of an inner conductor, surrounded by a tubular insulating layer typically made from a flexible material with a high dielectric constant, all of which is then surrounded by another conductive layer (typically of fine woven wire for flexibility, or of a then metallic foil), and then finally covered again with a thin insulating layer on the outside. Which is the primary security risk with coaxial cable?
- A.
  
  Data emanation from the core
- B.
  
  Refraction of the signal
- C.
  
  Crosstalk between the wire pairs
- D.
  
  Diffusion of the core light source
Correct Answer
A. Data emanation from the core

Explanation
The primary security risk with coaxial cable is data emanation from the core. This means that there is a potential for the data being transmitted through the cable to leak or be intercepted, compromising the security and confidentiality of the information.

Rate this question:
12.

Which statement best describes a static NAT?
- A.
  
  A static NAT uses a one to many mapping
- B.
  
  A static NAT uses a many to many mapping
- C.
  
  A static NAT uses a many to one mapping
- D.
  
  A static NAT uses a one to one mapping
Correct Answer
D. A static NAT uses a one to one mapping

Explanation
A static NAT uses a one to one mapping, meaning that it translates a single private IP address to a single public IP address. This allows for a direct and specific translation between the private and public IP addresses, ensuring that each private IP address has a unique corresponding public IP address. This type of mapping is commonly used when a network device needs to have a consistent public IP address for external communication.

Rate this question:
13.

Which of the following is employed to allow distrusted hosts to connect to services inside a network without allowing the hosts direct access to the internal networks?
- A.
  
  Demilitarized zone (DMZ)
- B.
  
  VLAN
- C.
  
  Extranet
- D.
  
  Intranet
Correct Answer
A. Demilitarized zone (DMZ)

Explanation
A demilitarized zone (DMZ) is employed to allow distrusted hosts to connect to services inside a network without allowing the hosts direct access to the internal networks. A DMZ acts as a buffer zone between the internal network and the external network, providing an additional layer of security. It allows external users to access certain services, such as web servers or email servers, while keeping them isolated from the internal network where sensitive data is stored. This helps to protect the internal network from potential security threats that may originate from the external network.

Rate this question:
14.

Which media is LEAST susceptible to a tap being placed on the line?
- A.
  
  Coaxial
- B.
  
  UTP
- C.
  
  Fiber
- D.
  
  STP
Correct Answer
C. Fiber

Explanation
Fiber is the least susceptible to a tap being placed on the line because it uses light signals to transmit data instead of electrical signals. This means that it is more difficult for someone to intercept or tap into the fiber optic cable without disrupting the signal. Additionally, fiber optic cables do not emit electromagnetic radiation, making it harder for someone to detect and intercept the signal.

Rate this question:
15.

Fiber optic cable is considered safer than CAT5 because fiber optic cable (Select TWO)
- A.
  
  Can be run for a longer distance
- B.
  
  Is hard to tap into
- C.
  
  Is made of glass rather than copper
- D.
  
  Is more difficult o install
- E.
  
  Is not susceptible to interference
Correct Answer(s)
B. Is hard to tap into
E. Is not susceptible to interference

Explanation
Fiber optic cable is considered safer than CAT5 because it is hard to tap into. Unlike copper cables, fiber optic cables do not emit electromagnetic signals that can be intercepted, making them more secure against eavesdropping or hacking attempts. Additionally, fiber optic cables are not susceptible to interference from electromagnetic fields or radio frequency interference, ensuring a reliable and uninterrupted transmission of data.

Rate this question:
16.

Which of the following types of firewalls provides inspection at layer 7 of the OSI model?
- A.
  
  Stateful inspection
- B.
  
  Packet filters
- C.
  
  Application-proxy
- D.
  
  Network address translation (NAT)
Correct Answer
C. Application-proxy

Explanation
An application-proxy firewall provides inspection at layer 7 of the OSI model. This type of firewall acts as an intermediary between the client and the server, and it can analyze the application layer data to determine if the traffic should be allowed or blocked. It can understand the specific protocols and applications being used, allowing for more granular control and better protection against advanced threats. Stateful inspection and packet filters operate at lower layers of the OSI model, while network address translation (NAT) is a technique used for translating IP addresses.

Rate this question:
17.

A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a:
- A.
  
  Honeypot
- B.
  
  Packet sniffer
- C.
  
  Anti-virus program
- D.
  
  Firewall
Correct Answer
D. Firewall

Explanation
A firewall is a software or hardware device that acts as a barrier between a computer or network and unauthorized access from external sources. It monitors and controls incoming and outgoing network traffic based on predetermined security rules. By allowing only authorized network traffic, a firewall helps to protect the computer or network from potential threats and unauthorized access attempts.

Rate this question:
18.

Internet filter appliances/servers will most likely analyze which three items? (Select THREE)
- A.
  
  URLs
- B.
  
  Content
- C.
  
  CRLs
- D.
  
  Certificate
Correct Answer(s)
A. URLs
B. Content
D. Certificate

Explanation
Internet filter appliances/servers analyze URLs, content, and certificates. URLs are analyzed to determine the website or web page being accessed and to apply filtering rules based on the domain or specific URL. Content analysis is performed to scan and filter out any inappropriate or unauthorized content, such as malware, explicit material, or prohibited websites. Certificates are analyzed to verify the authenticity and security of the website being accessed, ensuring that it is encrypted and trusted. By analyzing these three items, internet filter appliances/servers can effectively enforce internet usage policies and protect users from potential threats or inappropriate content.

Rate this question:
19.

Which item will MOST likely permit an attacker to make a switch function like a hub?
- A.
  
  ARP poisoning
- B.
  
  MAC flooding
- C.
  
  DNS poisoning
- D.
  
  DNS spoofing
Correct Answer
B. MAC flooding

Explanation
MAC flooding is a technique used by attackers to overload the switch's CAM (Content Addressable Memory) table, which is responsible for mapping MAC addresses to their corresponding ports. By flooding the switch with a large number of fake MAC addresses, the attacker can cause the switch to enter into a fail-open mode, where it starts behaving like a hub and broadcasting all network traffic to all connected devices. This allows the attacker to intercept and capture sensitive information from the network.

Rate this question:
20.

A company implements an SMTP server on their firewall. This implementation would violate which of the following security principles?
- A.
  
  Create an in-depth defense
- B.
  
  Address internal threats
- C.
  
  Keep the solution simple
- D.
  
  Use a device as intended
Correct Answer
D. Use a device as intended

Explanation
The implementation of an SMTP server on a firewall violates the principle of "Use a device as intended." A firewall is designed to control and monitor network traffic, not to function as an email server. By using the firewall for a purpose it was not intended for, the company is potentially compromising its security and opening itself up to vulnerabilities. It is important to use devices for their intended purposes to ensure their effectiveness and maintain a secure environment.

Rate this question:
21.

In computer networking, network address translation (NAT) is the process of modifying network address information in datagram packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another. Which description is true about a static NAT?
- A.
  
  A static NAT uses a many to one mapping
- B.
  
  A static NAT uses a one to one mapping
- C.
  
  A static NAT uses a many to many mapping
- D.
  
  A static NAT uses a one to many mapping
Correct Answer
B. A static NAT uses a one to one mapping

Explanation
A static NAT uses a one to one mapping, meaning that it maps a single internal IP address to a single external IP address. This allows for a direct and specific translation of IP addresses, ensuring that each internal address corresponds to a unique external address. This can be useful in scenarios where specific devices or services need to be accessed from outside the network using a dedicated IP address.

Rate this question:
22.

Which method is easiest to disable a 10Base2 network?
- A.
  
  Introduce crosstalk
- B.
  
  Install a zombie
- C.
  
  Remove a vampire tap
- D.
  
  Remove a terminator
Correct Answer
D. Remove a terminator

Explanation
Removing a terminator is the easiest method to disable a 10Base2 network. A 10Base2 network uses coaxial cables, and terminators are used at both ends of the network to absorb signals and prevent reflections. By removing a terminator, the network loses its termination point, causing signal reflections and disrupting the network communication. This is a simple and straightforward method to disable the network.

Rate this question:
23.

A company wants to connect the network to a manufacturer’s network to be able to order parts. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection?
- A.
  
  Extranet
- B.
  
  Scatternet
- C.
  
  Intranet
- D.
  
  VON
Correct Answer
A. Extranet

Explanation
An extranet is a private network that allows controlled access to external users, such as suppliers or partners, to a company's internal network resources. By implementing an extranet, the company can connect its network to the manufacturer's network, enabling them to order parts. The extranet provides a secure and limited connection, allowing only authorized services and resources to be accessed by the manufacturer. This ensures that the company can maintain control over the connection while still benefiting from the collaboration with the manufacturer.

Rate this question:
24.

Which of the following portions of a company’s network is between the Internet and an internal network?
- A.
  
  Filter router
- B.
  
  Demilitarized zone (DMZ)
- C.
  
  Workstation
- D.
  
  IDS
Correct Answer
B. Demilitarized zone (DMZ)

Explanation
A demilitarized zone (DMZ) is a portion of a company's network that is located between the Internet and an internal network. It acts as a buffer zone that separates the public-facing services and systems from the internal network, providing an additional layer of security. The DMZ allows external users to access certain services, such as email or web servers, while keeping the internal network protected from potential threats. By placing these services in the DMZ, any potential attacks or vulnerabilities are contained within this zone and do not directly impact the internal network.

Rate this question:
25.

The MOST common exploits of Internet-exposed network services are due to:
- A.
  
  Buffer overflows
- B.
  
  Active content (e.g. Java Applets)
- C.
  
  Trojan horse programs
- D.
  
  Illicit servers
Correct Answer
A. Buffer overflows

Explanation
Buffer overflows are the most common exploits of Internet-exposed network services because they occur when a program tries to write more data to a buffer than it can hold, causing the excess data to overflow into adjacent memory locations. This can be exploited by attackers to overwrite critical data or execute arbitrary code, leading to unauthorized access or control of the system. Active content, Trojan horse programs, and illicit servers can also be used for exploitation, but buffer overflows are more prevalent and pose a significant security risk.

Rate this question:
26.

A company wants to implement a VLAN. Senior management believes that VLAN will be secure because authentication is accomplished by MAC addressing and that dynamic trunking protocol (DTP) will facilitate network efficiency. Which of the following issues should be discussed with senior management before VLAN implementation?
- A.
  
  MAC addresses can be spoofed and DTP allow only authenticated users
- B.
  
  MAC addresses are a secure authentication mechanism and DTP allows rogue network devices to configure ports
- C.
  
  MAC addresses can be spoofed and DTP allows rogue network devices to configure ports
- D.
  
  MAC addresses are a secure authentication mechanism and DTP allows only authenticated users
Correct Answer
C. MAC addresses can be spoofed and DTP allows rogue network devices to configure ports

Explanation
The correct answer is "MAC addresses can be spoofed and DTP allows rogue network devices to configure ports". This answer highlights two important security concerns with implementing VLANs. MAC addresses can be easily spoofed, which means that unauthorized devices can pretend to have a legitimate MAC address and gain access to the VLAN. Additionally, DTP allows for automatic configuration of ports, which can be exploited by rogue network devices to gain unauthorized access to the VLAN. These issues should be discussed with senior management to ensure that appropriate security measures are put in place before implementing VLANs.

Rate this question:
27.

Which of the following can be used to implement a procedure to control inbound and outbound traffic on a network segment?
- A.
  
  Proxy
- B.
  
  ACL
- C.
  
  NIDS
- D.
  
  HIDS
Correct Answer
B. ACL

Explanation
ACL stands for Access Control List and it is used to implement a procedure to control inbound and outbound traffic on a network segment. ACLs are a set of rules that are applied to a network interface or device to filter traffic based on specified criteria such as source IP address, destination IP address, port number, etc. By configuring ACLs, network administrators can determine what traffic is allowed or denied to pass through a network segment, providing an additional layer of security and control.

Rate this question:
28.

Which of the following is MOST often used to allow a client or partner access to a network?
- A.
  
  Intranet
- B.
  
  Demilitarized zone (DMZ)
- C.
  
  Extranet
- D.
  
  VLAN
Correct Answer
C. Extranet

Explanation
An extranet is a private network that allows authorized external users, such as clients or partners, to access a company's internal network. It provides a secure and controlled environment for sharing information, collaborating on projects, and conducting business transactions. This makes it the most common choice for granting external access to a network while maintaining security and privacy. An intranet is a private network for internal use only, a DMZ is a network segment that separates an internal network from an external network, and a VLAN is a logical division of a network.

Rate this question:
29.

Which of the following protocols are not recommended due to them supplying passwords and information over the network?
- A.
  
  SNMP (Simple Network Management Protocol)
- B.
  
  Internet Control Message Protocol (ICMP)
- C.
  
  Domain Name Service (DNS)
- D.
  
  Network News Transfer Protocol (NNTP)
Correct Answer
A. SNMP (Simple Network Management Protocol)

Explanation
SNMP (Simple Network Management Protocol) is not recommended due to it supplying passwords and information over the network. This protocol is commonly used for network management and allows devices to be monitored and controlled. However, SNMP uses clear text passwords and does not provide encryption, making it vulnerable to interception and unauthorized access. Therefore, it is not recommended to use SNMP for transmitting sensitive information over the network.

Rate this question:
30.

In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Pre-shared keys can be applied to which of the following?
- A.
  
  TPM
- B.
  
  CA
- C.
  
  PGP
- D.
  
  Digital signature
Correct Answer
A. TPM

Explanation
A pre-shared key (PSK) can be applied to a Trusted Platform Module (TPM). A TPM is a hardware chip that securely stores cryptographic keys and performs cryptographic operations. By using a PSK, the TPM can authenticate and establish a secure connection with another party, ensuring the confidentiality and integrity of the communication. PSKs are commonly used in scenarios where two parties need to establish a secure channel without relying on a public key infrastructure or certificate authority.

Rate this question:
31.

On the basis of certain ports, which of the following will allow wireless access to network resources?
- A.
  
  802.1x
- B.
  
  802.11g
- C.
  
  802.11a
- D.
  
  802.11n
Correct Answer
A. 802.1x

Explanation
802.1x is a network authentication protocol that allows wireless access to network resources. It provides a secure method of authenticating and authorizing devices to connect to a network. This protocol is commonly used in Wi-Fi networks to ensure that only authorized devices can access network resources. It uses a combination of authentication methods such as usernames and passwords, digital certificates, or smart cards to verify the identity of the device trying to connect. Once authenticated, the device is granted access to the network resources.

Rate this question:
32.

Which one of the following is not Bluetooth threat?
- A.
  
  Blue jacking
- B.
  
  Discovery mode
- C.
  
  A smurf attack
- D.
  
  Bluesnarfing
Correct Answer
C. A smurf attack

Explanation
A smurf attack is not a Bluetooth threat. A smurf attack is a type of network attack that involves sending a large amount of ICMP echo request (ping) traffic to IP broadcast addresses, causing the targeted network to become overwhelmed and resulting in a denial of service. Bluetooth threats, on the other hand, involve security vulnerabilities and attacks specifically targeting Bluetooth technology, such as blue jacking (sending unsolicited messages to Bluetooth-enabled devices), discovery mode (making a device visible to others for pairing), and bluesnarfing (unauthorized access to information on a Bluetooth device).

Rate this question:
33.

To keep an 802.11x network from being automatically discovered, a user should:
- A.
  
  Change the SSID name
- B.
  
  Activate the SSID password
- C.
  
  Turn off the SSID broadcast
- D.
  
  Leave the SSID default
Correct Answer
C. Turn off the SSID broadcast

Explanation
To keep an 802.11x network from being automatically discovered, the user should turn off the SSID broadcast. This means that the network's name will not be visible to other devices, making it harder for unauthorized users to find and connect to the network. Changing the SSID name or activating a password can also enhance security, but turning off the SSID broadcast is specifically effective in preventing automatic discovery of the network. Leaving the SSID default would not provide any additional security measures.

Rate this question:
34.

A small manufacturing company wants to deploy secure wireless on their network. Which of the following wireless security protocols could be used (Select TWO)
- A.
  
  WPA
- B.
  
  WAN
- C.
  
  WEP
- D.
  
  IPX
Correct Answer(s)
A. WPA
C. WEP

Explanation
WPA (Wi-Fi Protected Access) and WEP (Wired Equivalent Privacy) are both wireless security protocols that can be used to secure a wireless network. WPA provides stronger security compared to WEP as it uses encryption algorithms and dynamic keys to protect the network. WEP, on the other hand, uses a static encryption key which makes it less secure. By using both WPA and WEP, the small manufacturing company can ensure the security of their wireless network.

Rate this question:
35.

What will be implemented by a technician to mitigate the chances of a successful attack against the wireless network?
- A.
  
  Implement an identification system and WPA2
- B.
  
  Implement an authentication system and WEP
- C.
  
  Implement a biometric system and WEP
- D.
  
  Implement an authentication system and WPA
Correct Answer
D. Implement an authentication system and WPA

Explanation
Implementing an authentication system and WPA (Wi-Fi Protected Access) will help mitigate the chances of a successful attack against the wireless network. WPA provides stronger security compared to WEP (Wired Equivalent Privacy) and helps protect against unauthorized access. An authentication system further adds a layer of security by verifying the identity of users before granting access to the network. This combination of authentication and encryption (WPA) helps ensure that only authorized users can connect to the network, reducing the risk of successful attacks.

Rate this question:
36.

The purpose of the SSID in a wireless network is to:
- A.
  
  Define the encryption protocols used
- B.
  
  Protect the client
- C.
  
  Secure the WAP
- D.
  
  Identify the network
Correct Answer
D. Identify the network

Explanation
The SSID in a wireless network is used to identify the network. It serves as the name of the network that users can see when searching for available networks to connect to. The SSID allows users to differentiate between different networks and choose the one they want to connect to. It is not used to define encryption protocols, protect the client, or secure the WAP. Its main purpose is simply to identify the network.

Rate this question:
37.

A graphical user interface (GUI) is a type of user interface which allows people to interact with electronic devices such as computers; hand-held devices such as MP3 Players, Portable Media Players or Gaming devices; household appliances and office equipment. Which of the following will permit a technician to restrict a users Access to the GUI?
- A.
  
  Password policy enforcement
- B.
  
  Group policy implementation
- C.
  
  Use of logical tokens
- D.
  
  Access control lists
Correct Answer
B. Group policy implementation

Explanation
Group policy implementation allows a technician to restrict a user's access to the graphical user interface (GUI). Group policies are a set of rules and configurations that can be applied to a group of users or computers in a network. By implementing group policies, a technician can control and limit the actions and privileges of users, including their access to the GUI. This can help ensure security and prevent unauthorized access or changes to the system.

Rate this question:
38.

Which item best describes an instance where a biometric system identifies legitimate users as being unauthorized?
- A.
  
  False acceptance
- B.
  
  False negative
- C.
  
  False positive
- D.
  
  False rejection
Correct Answer
D. False rejection

Explanation
False rejection is the best description for an instance where a biometric system identifies legitimate users as being unauthorized. This occurs when the system incorrectly denies access to individuals who are actually authorized to use the system. It is a type of error in which the system fails to recognize and authenticate legitimate users, leading to their rejection or denial of access.

Rate this question:
39.

You work as a network technician. You have been asked to reconstruct the infrastructure of an organization. You should make sure that the virtualization technology is implemented securely. What should be taken into consideration while implementing virtualization technology?
- A.
  
  The technician should perform penetration testing on all the virtual servers to monitor performance
- B.
  
  The technician should verify that the virtual servers and the host have the latest service packs and patches applied
- C.
  
  The technician should verify that the virtual servers are dual homed so that traffic is securely separated
- D.
  
  The technician should subnet the network so each virtual server is on a different network segment
Correct Answer
B. The technician should verify that the virtual servers and the host have the latest service packs and patches applied

Explanation
When implementing virtualization technology, it is important to ensure that both the virtual servers and the host have the latest service packs and patches applied. This is crucial for maintaining the security and stability of the virtual environment. Service packs and patches often include important security updates and bug fixes that address vulnerabilities and improve overall performance. By regularly updating and patching the virtual servers and host, the technician can minimize the risk of security breaches and ensure that the infrastructure remains secure.

Rate this question:
40.

Which method can be used to correct a single security issue on a workstation?
- A.
  
  A patch
- B.
  
  A service pack
- C.
  
  Patch management
- D.
  
  Configuration baseline
Correct Answer
A. A patch

Explanation
A patch is a software update that is designed to fix a specific security issue on a workstation. It is a small piece of code that is applied to the existing software to address vulnerabilities and improve security. By installing a patch, the specific security issue can be corrected without making any major changes to the entire system or software.

Rate this question:
41.

While hardening an operating system, which item is LEAST effective?
- A.
  
  Configuration baselines
- B.
  
  Limiting administrative privileges
- C.
  
  Installing HIDS
- D.
  
  Install a software firewall
Correct Answer
C. Installing HIDS

Explanation
Installing HIDS (Host-based Intrusion Detection System) is the least effective option for hardening an operating system. While HIDS can provide some level of protection by monitoring system activity and detecting potential intrusions, it is not as effective as the other options listed. Configuration baselines help establish a secure starting point for the system, limiting administrative privileges reduces the risk of unauthorized access, and installing a software firewall adds an additional layer of protection against external threats. Therefore, installing HIDS is the least effective measure among the given options.

Rate this question:
42.

Which of the following needs to be backed up on a domain controller to be able to recover Active Directory?
- A.
  
  System state
- B.
  
  Operating system
- C.
  
  System files
- D.
  
  User date
Correct Answer
A. System state

Explanation
To be able to recover Active Directory on a domain controller, the system state needs to be backed up. The system state includes crucial components such as the registry, system files, boot files, and Active Directory database. By backing up the system state, all the necessary information and settings required for Active Directory recovery are preserved. Backing up the operating system, system files, or user data alone would not be sufficient to recover Active Directory.

Rate this question:
43.

Which of the following is the BEST place to obtain a hotfix or patch for an application or system?
- A.
  
  A news group or forum
- B.
  
  A CD-ROM
- C.
  
  An email from the vendor
- D.
  
  The manufacturer’s website
Correct Answer
D. The manufacturer’s website

Explanation
The manufacturer's website is the best place to obtain a hotfix or patch for an application or system because it is the official source for updates and is likely to have the most up-to-date and reliable information. News groups or forums may provide unofficial or outdated information, a CD-ROM may not have the latest updates, and an email from the vendor may not be as accessible or comprehensive as the manufacturer's website.

Rate this question:
44.

The Light Weight Directory Access Protocol or LDAP is an application protocol for querying and modifying directory services running over TCP/IP. A user needs to implement secure LDAP on the network. Which port number will secure LDAP use by default?
- A.
  
  389
- B.
  
  443
- C.
  
  636
- D.
  
  53
Correct Answer
C. 636

Explanation
Secure LDAP (LDAPS) uses port number 636 by default. LDAPS is a secure version of the LDAP protocol that uses SSL/TLS encryption to provide secure communication between the client and the LDAP server. By using port 636, LDAPS ensures that the data exchanged between the client and server is encrypted, preventing unauthorized access or tampering of the data.

Rate this question:
45.

Which action should be performed to harden workstations and servers?
- A.
  
  Check the logs regularly
- B.
  
  Install only needed software
- C.
  
  Report all security incidents
- D.
  
  Log on only as the administrator
Correct Answer
B. Install only needed software

Explanation
Installing only needed software is an action that should be performed to harden workstations and servers. By installing only the necessary software, the attack surface of the system is reduced, minimizing the potential vulnerabilities that could be exploited by attackers. Unnecessary software increases the risk of security breaches as it may contain vulnerabilities or provide additional entry points for attackers. Therefore, installing only the required software helps in strengthening the security of workstations and servers.

Rate this question:
46.

Which description is correct about the standard load for all systems?
- A.
  
  Configuration baseline
- B.
  
  Security template
- C.
  
  Group policy
- D.
  
  Patch management
Correct Answer
A. Configuration baseline

Explanation
A configuration baseline refers to a standard set of settings and configurations that are established for all systems within an organization. It serves as a reference point for ensuring consistency and security across different systems. By implementing a configuration baseline, organizations can ensure that all systems are set up and maintained in a standardized and secure manner. This helps to reduce vulnerabilities and maintain a stable and reliable IT environment.

Rate this question:
47.

Which of the following is an installable package that includes several patches from the same vendor for various applications?
- A.
  
  Service pack
- B.
  
  Hotfix
- C.
  
  Patch rollup
- D.
  
  Patch template
Correct Answer
A. Service pack

Explanation
A service pack is an installable package that includes several patches from the same vendor for various applications. It is a cumulative update that contains bug fixes, security enhancements, and additional features. Service packs are released periodically to provide a convenient way for users to update their software and ensure that they have the latest patches and improvements.

Rate this question:
48.

Kerberos uses which of the following ports by default?
- A.
  
  88
- B.
  
  139
- C.
  
  23
- D.
  
  443
Correct Answer
A. 88

Explanation
Kerberos uses port 88 by default. Kerberos is a network authentication protocol that uses tickets to provide secure authentication for client-server applications. It operates on port 88 to facilitate this authentication process.

Rate this question:
49.

Non-essential services are often appealing to attackers because non-essential services: (Select TWO)
- A.
  
  Are not visible to an IDS
- B.
  
  Consume less bandwidth
- C.
  
  Sustain attacks that go unnoticed
- D.
  
  Provide root level access
- E.
  
  Are not typically configured correctly
Correct Answer(s)
C. Sustain attacks that go unnoticed
E. Are not typically configured correctly

Explanation
Attackers often find non-essential services appealing because these services can sustain attacks that go unnoticed and are not typically configured correctly. Non-essential services may not receive as much attention or monitoring as essential services, making it easier for attackers to exploit vulnerabilities and carry out attacks without being detected. Additionally, since these services are not critical to the functioning of a system, they may not be configured with the same level of security measures as essential services, providing attackers with potential avenues for gaining unauthorized access.

Rate this question:
50.

Your company has already implemented two-factor authentication and wants to install a third authentication factor. If the existing authentication system uses strong passwords and PKI tokens, which item would provide a third factor?
- A.
  
  Pass phrases
- B.
  
  Six digit PINs
- C.
  
  Elliptic curve
- D.
  
  Fingerprint scanner
Correct Answer
D. Fingerprint scanner

Explanation
A fingerprint scanner would provide a third authentication factor because it is a biometric factor that verifies the unique physical characteristic of an individual, adding an extra layer of security to the existing two-factor authentication system. This would make it more difficult for unauthorized individuals to gain access to the system, as they would need to possess not only the strong password and PKI token, but also have their fingerprint recognized by the scanner.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 19, 2023

Quiz Edited by
ProProfs Editorial Team
Feb 19, 2010

Quiz Created by
Vtgamer

Module III Certification Quiz Part 1

Many unauthorized staff has been entering the data center by piggybacking authorized staff. The CIO has mandated to stop this behavior. Which technology should be installed at the data center to prevent piggybacking?

Why will a Faraday cage be used?

An enclosure that prevents radio frequency signals from emanating out of a controlled environment is BEST described as which of the following?

Which one of the following options will create a security buffer zone between two rooms?

As a network administrator you need to take personal safety into consideration. What fire suppression substances types can effectively prevent damage to electronic equipment?

An administrator wants to make sure that no equipment is damaged when encountering a fire or false alarm in the server room. Which type of fire suppression system should be used?

For the following options, which is an area of the network infrastructure that allows a technician to put public facing systems into it without compromising the entire infrastructure?

A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other’s traffic. Which of the following network devices should be used?

Which statement best describes a static NAT?

Which of the following is employed to allow distrusted hosts to connect to services inside a network without allowing the hosts direct access to the internal networks?

Which media is LEAST susceptible to a tap being placed on the line?

Fiber optic cable is considered safer than CAT5 because fiber optic cable (Select TWO)

Which of the following types of firewalls provides inspection at layer 7 of the OSI model?

A software or hardware device that allows only authorized network traffic in or out of a computer or network is called a:

Internet filter appliances/servers will most likely analyze which three items? (Select THREE)

Which item will MOST likely permit an attacker to make a switch function like a hub?

A company implements an SMTP server on their firewall. This implementation would violate which of the following security principles?

Which method is easiest to disable a 10Base2 network?

A company wants to connect the network to a manufacturer’s network to be able to order parts. Which of the following types of networks should the company implement to provide the connection while limiting the services allowed over the connection?

Which of the following portions of a company’s network is between the Internet and an internal network?

The MOST common exploits of Internet-exposed network services are due to:

Which of the following can be used to implement a procedure to control inbound and outbound traffic on a network segment?

Which of the following is MOST often used to allow a client or partner access to a network?

Which of the following protocols are not recommended due to them supplying passwords and information over the network?

In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Pre-shared keys can be applied to which of the following?

On the basis of certain ports, which of the following will allow wireless access to network resources?

Which one of the following is not Bluetooth threat?

To keep an 802.11x network from being automatically discovered, a user should:

A small manufacturing company wants to deploy secure wireless on their network. Which of the following wireless security protocols could be used (Select TWO)

What will be implemented by a technician to mitigate the chances of a successful attack against the wireless network?

The purpose of the SSID in a wireless network is to:

Which item best describes an instance where a biometric system identifies legitimate users as being unauthorized?

You work as a network technician. You have been asked to reconstruct the infrastructure of an organization. You should make sure that the virtualization technology is implemented securely. What should be taken into consideration while implementing virtualization technology?

Which method can be used to correct a single security issue on a workstation?

While hardening an operating system, which item is LEAST effective?

Which of the following needs to be backed up on a domain controller to be able to recover Active Directory?

Which of the following is the BEST place to obtain a hotfix or patch for an application or system?

The Light Weight Directory Access Protocol or LDAP is an application protocol for querying and modifying directory services running over TCP/IP. A user needs to implement secure LDAP on the network. Which port number will secure LDAP use by default?

Which action should be performed to harden workstations and servers?

Which description is correct about the standard load for all systems?

Which of the following is an installable package that includes several patches from the same vendor for various applications?

Kerberos uses which of the following ports by default?

Non-essential services are often appealing to attackers because non-essential services: (Select TWO)

Your company has already implemented two-factor authentication and wants to install a third authentication factor. If the existing authentication system uses strong passwords and PKI tokens, which item would provide a third factor?