SEC Technologies And Tools - Cyber Security Quiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Alfredhook3
A
Alfredhook3
Community Contributor
Quizzes Created: 2962 | Total Attempts: 2,234,472
Questions: 78 | Attempts: 575

SettingsSettingsSettings
SEC Technologies And Tools - Cyber SECurity Quiz - Quiz

As an innovative company, SEC Technologies is continuously working on game-changing solutions to protect government agencies, organizations and companies of all sizes and industries against the increasing number of cyber-attacks.
This is a Cyber Security Quiz about SEC Technologies and Tools!


Questions and Answers
  • 1. 

    Your network uses an authentication service base on X.500 specification. When encrypted, it uses TLS. Which authentication service is your network using?

    • A.

      (A) SAML

    • B.

      (B) Diameter

    • C.

      (C) Kerberos

    • D.

      (D) LDAP

    Correct Answer
    D. (D) LDAP
    Explanation
    The network is using LDAP (Lightweight Directory Access Protocol) as the authentication service based on the X.500 specification. LDAP is commonly used in network environments to access and manage directory information, such as user accounts and authentication credentials. The mention of TLS (Transport Layer Security) indicates that the communication between the network and the authentication service is encrypted, ensuring secure transmission of sensitive data.

    Rate this question:

  • 2. 

    You are tasked with configuring a switch so that it separates VoIP and data traffic. Which of the following provides the BEST solution?

    • A.

      (A) NAC

    • B.

      (B) DMZ

    • C.

      (C) SRTP

    • D.

      (D) VLAN

    Correct Answer
    D. (D) VLAN
    Explanation
    VLAN (Virtual Local Area Network) provides the best solution for separating VoIP and data traffic on a switch. VLAN allows the network administrator to create separate virtual networks within a physical network infrastructure. By assigning VoIP devices and data devices to different VLANs, the traffic can be isolated and kept separate from each other. This ensures that the VoIP traffic remains secure and prioritized, while also preventing any interference or congestion from the data traffic. NAC (Network Access Control) is a security solution, DMZ (Demilitarized Zone) is a network architecture, and SRTP (Secure Real-time Transport Protocol) is a security protocol, but none of them specifically address the requirement of separating VoIP and data traffic like VLAN does.

    Rate this question:

  • 3. 

    A HIDS reported a vulnerability on a system based on a known attack. After researching the alert from the HIDS, you identify the recommended solution and begin applying it. What type of HIDS is in use?

    • A.

      (A) Network-based 

    • B.

      (B) Signature-based

    • C.

      (C) Heuristic-based

    • D.

      (D) Anomaly-based

    Correct Answer
    B. (B) Signature-based
    Explanation
    The correct answer is (B) Signature-based. A signature-based HIDS works by comparing the patterns or signatures of known attacks against the system being monitored. In this scenario, the HIDS reported a vulnerability based on a known attack, indicating that it detected a matching signature or pattern. The recommended solution is then applied to mitigate the vulnerability.

    Rate this question:

  • 4. 

    You manage a Linux computer used for security within your network. You plan to use it to inspect and handle network-based traffic using iptables. Which of the following network devices can this replace?

    • A.

      (A) Wireless access point

    • B.

      (B) Firewall

    • C.

      (C) Layer 2 switch

    • D.

      (D) Bridge

    Correct Answer
    B. (B) Firewall
    Explanation
    Iptables is a powerful firewall tool in Linux that allows you to inspect and handle network-based traffic. It can filter and manipulate packets based on various criteria such as source/destination IP addresses, ports, protocols, etc. Therefore, using iptables on a Linux computer can replace a dedicated firewall device, making option (B) the correct answer.

    Rate this question:

  • 5. 

    Lisa is enabling NTP on some servers within the DMZ. Which of the following use cases is she MOST likely supporting with this action?

    • A.

      (A) Support voice and video transmissions

    • B.

      (B) Provide time synchronization

    • C.

      (C) Enable email usage

    • D.

      (D) Encrypt data-in-transit

    Correct Answer
    B. (B) Provide time synchronization
    Explanation
    Enabling NTP (Network Time Protocol) on servers within the DMZ is most likely done to provide time synchronization. NTP is a protocol used to synchronize the clocks of computers on a network, ensuring that they all have the same time. This is important for various reasons, such as accurate logging, coordination of events, and maintaining consistency in distributed systems. It is not directly related to supporting voice and video transmissions, enabling email usage, or encrypting data-in-transit.

    Rate this question:

  • 6. 

    Your network includes dozens of servers. Administrators in your organization are having problems aggregating and correlating the logs from these services. Which of the following provides the BEST solution for these problems?

    • A.

      (A) SIEM

    • B.

      (B) Network mapper

    • C.

      (C) Network scanner

    • D.

      (D) Nmap

    Correct Answer
    A. (A) SIEM
    Explanation
    SIEM (Security Information and Event Management) provides the best solution for aggregating and correlating logs from multiple servers. SIEM systems collect and analyze data from various sources, including logs, to identify and respond to security incidents. By centralizing logs and providing real-time analysis, SIEM enables administrators to detect and investigate security threats more effectively. Network mappers and scanners, such as Nmap, are used for network discovery and vulnerability scanning, but they do not offer the same level of log aggregation and correlation capabilities as SIEM. Therefore, SIEM is the most suitable solution for the given problem.

    Rate this question:

  • 7. 

    You need to perform tests on your network to identify missing security controls. However, you want to have the least impact on your systems that users are accessing. Which of the following tools is the BEST to meet this need?

    • A.

      (A) A syn stealth scan

    • B.

      (B) Vulnerability scan

    • C.

      (C) Ping scan

    • D.

      (D) Penetration test

    Correct Answer
    B. (B) Vulnerability scan
    Explanation
    A vulnerability scan is the best tool to meet the need of identifying missing security controls with the least impact on the systems that users are accessing. Unlike other options, such as a syn stealth scan or penetration test, a vulnerability scan focuses on identifying vulnerabilities and weaknesses in the network infrastructure and systems. It does not attempt to exploit or disrupt the systems being tested, minimizing the impact on the systems and users. A ping scan, on the other hand, is a basic network scanning technique that only checks the availability of hosts and does not provide detailed information about security controls.

    Rate this question:

  • 8. 

    Lisa wants to manage and monitor the switches and routers in her network. Which of the following protocols would she use?

    • A.

      (A) NAT

    • B.

      (B) SRTP

    • C.

      (C) SNMPv3

    • D.

      (D) DNSSEC

    Correct Answer
    C. (C) SNMPv3
    Explanation
    Lisa would use SNMPv3 (Simple Network Management Protocol version 3) to manage and monitor the switches and routers in her network. SNMPv3 is a widely used protocol for network management and provides secure access to network devices, allowing Lisa to gather information about their performance, configure settings, and receive notifications of any issues or changes. It offers authentication and encryption features, making it a suitable choice for ensuring the security of her network management activities.

    Rate this question:

  • 9. 

    Your organization hosts several web servers in a web farm. They have recently been attacked, resulting in unacceptable downtime. Management wants to implement a solution that will provide protection for the web farm and include load balancing to improve the overall performance of the farm. Which of the following BEST meet this need?

    • A.

      (A) Stateless firewall

    • B.

      (B) Stateful firewall

    • C.

      (C) Web application firewall

    • D.

      (D) Host-based firewall

    Correct Answer
    C. (C) Web application firewall
    Explanation
    A web application firewall is the best solution to meet the organization's need for protection and load balancing in the web farm. A web application firewall is specifically designed to protect web applications from various types of attacks, including those that caused the recent downtime. It can inspect and filter incoming and outgoing traffic to detect and block malicious requests. Additionally, a web application firewall can also distribute incoming traffic across multiple servers in the web farm, thereby improving the overall performance and availability of the web applications.

    Rate this question:

  • 10. 

    You need to send several large files containing proprietary data to a business partner. Which of the following is the BEST choice for this task?

    • A.

      (A) FTP

    • B.

      (B) SNMPv3

    • C.

      (C) SFTP

    • D.

      (D) SRTP

    Correct Answer
    C. (C) SFTP
    Explanation
    SFTP (Secure File Transfer Protocol) is the best choice for sending several large files containing proprietary data to a business partner. SFTP provides a secure and encrypted method of transferring files over a network. It ensures the confidentiality and integrity of the data being transferred, protecting it from unauthorized access or tampering. FTP (File Transfer Protocol) is not secure as it transmits data in plain text, SNMPv3 (Simple Network Management Protocol) is not designed for file transfer, and SRTP (Secure Real-time Transport Protocol) is used for securing real-time communication, not file transfer.

    Rate this question:

  • 11. 

    You need to configure a UTM security appliance to restrict traffic going to social media sites. Which of the following are you MOST likely to configure?

    • A.

      (A) Content inspection

    • B.

      (B) Malware inspection

    • C.

      (C) URL filter

    • D.

      (D) DDos mitigator

    Correct Answer
    C. (C) URL filter
    Explanation
    To restrict traffic going to social media sites, the most likely configuration would be a URL filter. A URL filter allows you to block or allow access to specific websites based on their URLs. By configuring a URL filter, you can specify a list of social media site URLs that you want to block, effectively restricting access to those sites. This can be useful in a corporate or educational environment where the use of social media may be deemed inappropriate or distracting.

    Rate this question:

  • 12. 

    You need to implement anti-spoofing on a border router. Which one of the following choices will BEST meet this goal?

    • A.

      (A) Create rules to block all outgoing traffic from a private IP address.

    • B.

      (B) Implement a flood guard on switches.

    • C.

      (C) Add a web application firewall.

    • D.

      (D) Create rules to block all incoming traffic from a private IP address.

    Correct Answer
    D. (D) Create rules to block all incoming traffic from a private IP address.
    Explanation
    Creating rules to block all incoming traffic from a private IP address would be the best choice to implement anti-spoofing on a border router. Spoofing involves an attacker disguising their IP address to appear as a trusted private IP address. By blocking all incoming traffic from private IP addresses, the router can prevent spoofed traffic from entering the network, thereby enhancing security and mitigating potential spoofing attacks.

    Rate this question:

  • 13. 

    Your organization is planning to deploy a new e-commerce web site. Management anticipates heavy processing requirements for a back-end application. The current design will use one web server and multiple application servers. Which of the following BEST describes the application servers?

    • A.

      (A) Load balancing

    • B.

      (B) Clustering

    • C.

      (C) RAID

    • D.

      (D) Affinity scheduling

    Correct Answer
    A. (A) Load balancing
    Explanation
    The application servers in this scenario are responsible for distributing the processing load among multiple servers to ensure efficient and effective handling of the heavy processing requirements. Load balancing involves evenly distributing the incoming requests across multiple servers, thereby optimizing performance and preventing any single server from becoming overwhelmed. This approach helps to improve scalability, availability, and responsiveness of the e-commerce web site.

    Rate this question:

  • 14. 

    After recently adding additional network devices, administrators noticed an increased workload related to their IDS. Which of the following can cause an increased workload from incorrect reporting?

    • A.

      (A) False negatives

    • B.

      (B) False positives

    • C.

      (C) Signature-based

    • D.

      (D) Behavioral-based IDS

    Correct Answer
    B. (B) False positives
    Explanation
    False positives can cause an increased workload from incorrect reporting. False positives occur when the IDS incorrectly identifies legitimate network traffic or behavior as malicious. This can result in administrators having to spend time investigating and responding to these false alarms, which increases their workload.

    Rate this question:

  • 15. 

    Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. Which protocol is the BEST choice?

    • A.

      (A) TLS

    • B.

      (B) SMTP

    • C.

      (C) HTTP

    • D.

      (D) SSH

    Correct Answer
    A. (A) TLS
    Explanation
    TLS (Transport Layer Security) is the best choice for establishing a secure link between mail servers over the Internet. TLS provides encryption and authentication, ensuring that the data transmitted between the servers is secure and cannot be intercepted or tampered with by unauthorized parties. SMTP (Simple Mail Transfer Protocol) is the protocol used for sending email, but it does not provide encryption or security features. HTTP (Hypertext Transfer Protocol) is used for web browsing and does not provide the necessary security for mail server communication. SSH (Secure Shell) is a protocol used for secure remote access to systems, but it is not specifically designed for mail server communication.

    Rate this question:

  • 16. 

    Lisa oversees and monitors processes at a water treatment plant using SCADA systems. Administrators recently discovered malware on her system that was connecting to the SCADA systems. Although they removed the malware, management is still concerned. Lisa needs to continue using her system and it's not possible to update the SCADA systems. Which of the following can mitigate this risk?

    • A.

      (A) Install HIPS on the SCADA systems

    • B.

      (B) Install a firewall on the border of the SCADA network.

    • C.

      (C) Install a NIPS on the border of the SCADA network

    • D.

      (D) Install a honeypot on the SCADA network

    Correct Answer
    C. (C) Install a NIPS on the border of the SCADA network
    Explanation
    Installing a NIPS (Network Intrusion Prevention System) on the border of the SCADA network can mitigate the risk of malware connecting to the SCADA systems. A NIPS is designed to detect and prevent unauthorized access and malicious activity on a network. By placing it on the border of the SCADA network, it can monitor incoming and outgoing traffic, identify and block any suspicious or malicious connections, and provide an additional layer of security to protect the SCADA systems from future malware attacks. This solution allows Lisa to continue using her system without needing to update the SCADA systems, addressing the management's concerns.

    Rate this question:

  • 17. 

    You suspect someone has been trying a brute force password attack on a Linux system. Which of the following logs should you check to view failed authentication attempts by users?

    • A.

      (A) /var/log/btmp

    • B.

      (B) /var/log/fail

    • C.

      (C) var/log/httpd

    • D.

      (D) /var/log/kern

    Correct Answer
    A. (A) /var/log/btmp
    Explanation
    To view failed authentication attempts by users, you should check the /var/log/btmp log on the Linux system. This log file records all failed login attempts, including those made by brute force password attacks. The other options (/var/log/fail, var/log/httpd, /var/log/kern) are incorrect as they do not specifically log failed authentication attempts.

    Rate this question:

  • 18. 

    Flancrest Enterprises recently set up a web site utilizing several web servers in a web farm. The web servers access a back-end database. The database is hosted by a database application configured on two database servers. Web servers can access either of the database servers. Which of the following BEST describes the configuration of the database servers?

    • A.

      (A) Active-passive

    • B.

      (B) Round-robin

    • C.

      (C) Affinity

    • D.

      (D) Active-active

    Correct Answer
    D. (D) Active-active
    Explanation
    The configuration of the database servers in this scenario is active-active. This means that both database servers are actively serving requests from the web servers at the same time. The web servers have the ability to access either of the database servers, allowing for load balancing and redundancy. This configuration helps to ensure high availability and performance of the database system.

    Rate this question:

  • 19. 

    You need to modify the network infrastructure to increase availability of web-based applications for Internet clients. Which of the following choices provides the BEST solution?

    • A.

      (A) Load balancing

    • B.

      (B) Proxy server

    • C.

      (C) UTM

    • D.

      (D) Content inspection

    Correct Answer
    A. (A) Load balancing
    Explanation
    Load balancing is the best solution for increasing the availability of web-based applications for Internet clients. Load balancing distributes incoming network traffic across multiple servers, ensuring that no single server is overwhelmed with requests. This helps to prevent downtime and improves the overall performance and reliability of the applications. By evenly distributing the workload, load balancing also allows for scalability and flexibility in handling increased traffic.

    Rate this question:

  • 20. 

    You have configured a firewall in your network to block ICMP traffic. You want to verify that it is blocking this traffic. Which of the following commands would you use? 

    • A.

      (A) arp

    • B.

      (B) ipconfig

    • C.

      (C) netstat

    • D.

      (D) ping

    Correct Answer
    D. (D) ping
    Explanation
    To verify that the firewall is blocking ICMP traffic, you would use the "ping" command. The ping command is used to send ICMP echo request packets to a specific network device or IP address and wait for a response. If the firewall is blocking ICMP traffic, the ping command will not receive a response from the target device, indicating that the traffic is being blocked. Therefore, using the ping command will help you confirm whether the firewall configuration is correctly blocking ICMP traffic.

    Rate this question:

  • 21. 

    A penetration tester is running several tests on a server within your organization's DMZ. The tester wants to identify the operating system of the remote host. Which of the following tools or methods are MOST likely to provide this information?

    • A.

      (A) Banner grabbing

    • B.

      (B) Vulnerability scan

    • C.

      (C) password cracker

    • D.

      (D) Protocol analyzer

    Correct Answer
    A. (A) Banner grabbing
    Explanation
    Banner grabbing is the most likely tool or method to identify the operating system of a remote host. Banner grabbing involves capturing and analyzing the banners or headers that are sent by the server in response to a connection request. These banners often contain information about the server's operating system, version, and other details. By analyzing the banners, a penetration tester can determine the operating system of the remote host. Vulnerability scans, password crackers, and protocol analyzers are not specifically designed to identify the operating system of a remote host.

    Rate this question:

  • 22. 

    Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal?

    • A.

      (A) SMTP

    • B.

      (B) TLS

    • C.

      (C) SFTP

    • D.

      (D) SRTP

    Correct Answer
    D. (D) SRTP
    Explanation
    SRTP (Secure Real-time Transport Protocol) is a protocol specifically designed to provide secure transmission of audio and video streams over IP networks. It ensures confidentiality, integrity, and authentication of the transmitted data, making it an ideal choice for securing VoIP and video teleconferencing applications. SMTP (Simple Mail Transfer Protocol) is used for email transmission, TLS (Transport Layer Security) provides secure communication over networks, and SFTP (Secure File Transfer Protocol) is used for secure file transfers. However, none of these protocols are specifically designed to support the security requirements of VoIP and video teleconferencing applications.

    Rate this question:

  • 23. 

    Management within your organization wants to ensure that switches are not susceptible to switching loop problems. Which of the following protocols is the BEST choice to meet this need?

    • A.

      (A) Flood guard

    • B.

      (B) SNMPv3

    • C.

      (C) SRTP

    • D.

      (D) RSTP

    Correct Answer
    D. (D) RSTP
    Explanation
    RSTP (Rapid Spanning Tree Protocol) is the best choice to prevent switching loop problems. RSTP is an improvement over the older Spanning Tree Protocol (STP) and is designed to provide faster convergence and better loop prevention in switched networks. It eliminates the need for blocking ports and allows for faster recovery in the event of a link failure. By using RSTP, management can ensure that switches in the organization are protected against switching loop problems.

    Rate this question:

  • 24. 

    Your organization hosts an e-commerce business that has become quite successful recently. It includes a web farm and a database server within the DMZ. IT management is concerned that there isn't enough staff working around the clock to protect these servers. Which of the following would provide the BEST automated protection for these servers?

    • A.

      (A) NIDS and HIDS

    • B.

      (B) NIPS and HIPS

    • C.

      (C) SIEM and NIPS

    • D.

      (D) SIEM and NIDS

    Correct Answer
    B. (B) NIPS and HIPS
    Explanation
    NIPS (Network Intrusion Prevention System) and HIPS (Host Intrusion Prevention System) would provide the best automated protection for the web farm and database server within the DMZ. NIPS monitors network traffic for any suspicious activity and can actively block or prevent intrusions in real-time. HIPS, on the other hand, is installed on individual hosts and monitors their activity, preventing any unauthorized changes or malicious behavior. Together, NIPS and HIPS provide comprehensive protection for both the network and the individual servers, ensuring the security of the e-commerce business.

    Rate this question:

  • 25. 

    Attackers have recently launched several attacks against servers in your organization's DMZ. You are tasked with identifying a solution that will have the best chance at preventing these attacks in the future. Which of the following is the BEST choice? 

    • A.

      (A) An out-of-band IPS

    • B.

      (B) An in-band IPS

    • C.

      (C) A passive IDS

    • D.

      (D) An out-of-band IDS

    Correct Answer
    B. (B) An in-band IPS
    Explanation
    An in-band IPS (Intrusion Prevention System) is the best choice for preventing future attacks against servers in the organization's DMZ. Unlike an out-of-band IPS, which only monitors network traffic, an in-band IPS actively inspects and filters the traffic in real-time. This allows it to detect and block any malicious activity before it reaches the servers, providing a proactive defense against attacks. A passive IDS (Intrusion Detection System) only monitors traffic and does not actively prevent attacks, while an out-of-band IDS lacks the real-time capabilities of an in-band IPS.

    Rate this question:

  • 26. 

    A network administrator needs to identify the type of traffic and packet flags used in traffic sent from a specific address. Which of the following is the BEST tool to meet this need?

    • A.

      (A) SIEM

    • B.

      (B) Netcat

    • C.

      (C) Protocol analyzer

    • D.

      (D) Vulnerability scanner

    Correct Answer
    C. (C) Protocol analyzer
    Explanation
    A protocol analyzer is the best tool for a network administrator to identify the type of traffic and packet flags used in traffic sent from a specific address. A protocol analyzer captures and analyzes network traffic, allowing the administrator to examine the packets and understand the protocols and flags being used. This tool provides detailed information about the traffic, helping the administrator troubleshoot network issues, monitor network performance, and identify any malicious activity.

    Rate this question:

  • 27. 

    A penetration tester is tasked with gaining information on one of your internal servers and he enters the following command: echo " " | nc -vv -n -w1 72.52.206.134 80 What is the purpose of this command?

    • A.

      (A) Identify if a server is running a service using port 80 and is reachable.

    • B.

      (B) Launch an attack on a server sending 80 separate packets in a short period of time.

    • C.

      (C) Use Netcat to remotely administer the server

    • D.

      (D) Use Netcate to start an RDP session on the server.

    Correct Answer
    A. (A) Identify if a server is running a service using port 80 and is reachable.
    Explanation
    The purpose of the given command is to identify if a server is running a service using port 80 and is reachable. The command uses Netcat (nc) to establish a connection with the server's IP address on port 80. The "-vv" option enables verbose output, "-n" disables DNS resolution, and "-w1" sets a timeout of 1 second. The "echo" command is used to send an empty string as input to the server. If the connection is successful and the server is running a service on port 80, it will respond, indicating that the server is reachable.

    Rate this question:

  • 28. 

    You suspect that an attacker has been sending specially crafted TCP packets to a server trying to exploit vulnerability. You decide to capture TCP packets being sent to this server for later analysis and you want to use a command-line tool to do so. Which of the following tools will BEST meet your need? 

    • A.

      (A) Wiredump

    • B.

      (B) Tcpdump

    • C.

      (C) Netcat

    • D.

      (D) Nmap

    Correct Answer
    B. (B) Tcpdump
    Explanation
    Tcpdump is the best tool to capture TCP packets being sent to a server for later analysis. Tcpdump is a command-line packet analyzer that allows you to capture and display network packets. It can capture packets in real-time and save them to a file for later analysis. By using Tcpdump, you can monitor the network traffic and analyze the packets to identify any suspicious activity or potential attacks.

    Rate this question:

  • 29. 

    Your organization recently implemented a BYOD policy. However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources. Which of the following agents would the NAC MOST likely have? 

    • A.

      (A) Permanent

    • B.

      (B) Health

    • C.

      (C) RADIUS

    • D.

      (D) Dissolvable

    Correct Answer
    D. (D) Dissolvable
    Explanation
    The NAC (Network Access Control) would most likely have dissolvable agents in order to ensure that mobile devices meet minimum security standards before accessing network resources. Dissolvable agents are temporary software components that are installed on the device during the authentication process and are removed once the device is deemed compliant. This allows for a more flexible and scalable approach to enforcing security policies on a wide range of devices without requiring permanent installations or modifications.

    Rate this question:

  • 30. 

    Your organization recently suffered a loss from malware that wasn't previously known by any trusted sources. Which of the following BEST describes this attack? 

    • A.

      (A) Phishing

    • B.

      (B) Zero-day

    • C.

      (C) Open-source intelligence

    • D.

      (D) Hoax

    Correct Answer
    B. (B) Zero-day
    Explanation
    The correct answer is (B) Zero-day. A zero-day attack refers to a cyber attack that exploits a vulnerability in a software or system that is unknown to the software developers or security experts. In this scenario, the organization suffered a loss from malware that was not previously known by any trusted sources, indicating that the attack took advantage of a vulnerability that was not yet discovered or patched. This type of attack can be particularly dangerous as there are no known defenses or countermeasures available to protect against it.

    Rate this question:

  • 31. 

    Your organization wants to combine some of the security controls used to control incoming and outgoing network traffic. At a minimum, the solution should include malware inspection, content inspection, and a DDoS mitigator. Which of the following BEST meets this goal? 

    • A.

      (A) VLAN

    • B.

      (B) NAT

    • C.

      (C) UTM

    • D.

      (D) DNSSEC

    Correct Answer
    C. (C) UTM
    Explanation
    A UTM (Unified Threat Management) solution combines multiple security controls, such as malware inspection, content inspection, and DDoS mitigation, into a single device or platform. This allows for centralized management and monitoring of network traffic, providing comprehensive security for both incoming and outgoing traffic. VLAN (A) is a virtual local area network and does not provide the necessary security controls. NAT (B) is a network address translation technique used for IP address management and does not include the required security controls. DNSSEC (D) is a protocol used to secure DNS (Domain Name System) and does not provide the range of security controls needed.

    Rate this question:

  • 32. 

    Ziffcorp is planning to eliminate its current BYOD policy and instead implement a COPE deployment model. You're asked to provide input for the new policy. Which of the following concepts are appropriate for this policy? 

    • A.

      (A) Encryption on employee-owned devices

    • B.

      (B) HSM

    • C.

      (C) ISA

    • D.

      (D) Remote wipe

    Correct Answer
    D. (D) Remote wipe
    Explanation
    The COPE (Corporate Owned, Personally Enabled) deployment model involves providing employees with company-owned devices that they can also use for personal purposes. In this model, it is important to have the ability to remotely wipe the device in case it is lost, stolen, or compromised to protect sensitive company data. Therefore, the concept of remote wipe is appropriate for the new policy. Encryption on employee-owned devices, HSM (Hardware Security Module), and ISA (Information Security Architecture) are not specifically related to the COPE deployment model.

    Rate this question:

  • 33. 

    Management within your organization wants some users to be able to access internal network resources from remote locations. Which of the following is the BEST choice to meet this need?

    • A.

      (A) NAC

    • B.

      (B) VPN

    • C.

      (C) IDS

    • D.

      (D) IPS

    Correct Answer
    B. (B) VPN
    Explanation
    A VPN (Virtual Private Network) is the best choice to meet the need of allowing users to access internal network resources from remote locations. A VPN creates a secure and encrypted connection between the user's device and the internal network, ensuring that data is protected from unauthorized access while being transmitted over the internet. This allows users to securely access internal resources, such as files, applications, and servers, as if they were directly connected to the internal network. NAC (Network Access Control), IDS (Intrusion Detection System), and IPS (Intrusion Prevention System) are not specifically designed to provide remote access to network resources.

    Rate this question:

  • 34. 

    An organization has recently had several attacks against servers within a DMZ. Security administrators discovered that many of these attacks are using TCP, but they did not start with a three-way handshake. Which of the following devices provides the BEST solution? 

    • A.

      (A) Stateless firewall

    • B.

      (B) Stateful firewall

    • C.

      (C) Network firewall

    • D.

      (D) Application-based firewall

    Correct Answer
    B. (B) Stateful firewall
    Explanation
    A stateful firewall is the best solution in this scenario because it keeps track of the state of network connections and only allows packets that are part of an established connection or have passed the three-way handshake. This means that any TCP connections that did not start with a three-way handshake would be blocked by the stateful firewall, preventing the attacks from reaching the servers within the DMZ.

    Rate this question:

  • 35. 

    Your organization's security policy requires that PII data-in-transit must be encrypted. Which of the following protocols would BEST meet this requirement? 

    • A.

      (A) FTP

    • B.

      (B) SSH

    • C.

      (C) SMTP

    • D.

      (D) HTTP

    Correct Answer
    B. (B) SSH
    Explanation
    SSH (Secure Shell) is a network protocol that provides a secure way to access and transfer data over an unsecured network. It uses encryption to protect the confidentiality and integrity of data during transmission. Therefore, SSH would be the best protocol to meet the organization's security policy requirement of encrypting PII data-in-transit. FTP, SMTP, and HTTP do not provide the same level of encryption and security as SSH.

    Rate this question:

  • 36. 

    Your organization is planning to implement a CYOD policy. Which of the following security controls will help protect data by isolating it?

    • A.

      (A) Encrypt sensitive data

    • B.

      (B) Storage segmentation

    • C.

      (C) Full device encryption

    • D.

      (D) Rooting

    Correct Answer
    B. (B) Storage segmentation
    Explanation
    Storage segmentation is a security control that helps protect data by isolating it. It involves dividing the storage space into separate segments, each with its own access controls and permissions. This ensures that sensitive data is stored separately from other data and can only be accessed by authorized individuals. Encrypting sensitive data and implementing full device encryption are also important security measures, but they do not specifically address the isolation of data. Rooting, on the other hand, refers to gaining administrative access to a device, which can actually increase the risk of data exposure.

    Rate this question:

  • 37. 

    Lisa has been hired as a penetration tester by your organization to test the security of a web server. She wants to identify the operating system and get some information on services and applications used by the server. Which of the following tools will BEST meet this need?

    • A.

      (A) SIEM

    • B.

      (B) Netcat

    • C.

      (C) Tcpdump

    • D.

      (D) Gray box test

    Correct Answer
    B. (B) Netcat
    Explanation
    Netcat is a versatile networking tool that can be used to establish connections between computers, send and receive data, and perform port scanning. In this scenario, Lisa can use Netcat to connect to the web server and gather information about the operating system, services, and applications being used. It allows her to interact with the server and gather valuable information for her penetration testing activities. SIEM (Security Information and Event Management) is a tool used for collecting and analyzing security event logs, while Tcpdump is a packet sniffing tool used for network analysis. Gray box testing is a type of penetration testing approach, not a tool.

    Rate this question:

  • 38. 

    Management within your company wants to restrict access to the Bizz app from mobile devices. If users are within the company's property, they should be granted access. If they are not within the company's property, their access should be blocked. Which of the following answers provides the BEST solution to meet this goal? 

    • A.

      (A) Geofencing

    • B.

      (B) Geolocation

    • C.

      (C) GPS tagging

    • D.

      (D) Containerization

    Correct Answer
    A. (A) Geofencing
    Explanation
    Geofencing is the best solution to restrict access to the Bizz app from mobile devices based on the user's location. Geofencing uses GPS or RFID technology to create a virtual boundary around a specific geographic area. By implementing geofencing, the company can define their property as the designated area where users are granted access to the app. When users are outside this boundary, their access will be automatically blocked, ensuring that only users within the company's property can use the app. Geofencing provides an effective and efficient way to control access based on location.

    Rate this question:

  • 39. 

    You are troubleshooting issues between two servers on your network and need to analyze the network traffic. Of the following choices, what is the BEST tool to capture and analyze this traffic?

    • A.

      (A) Network mapper

    • B.

      (B) Protocol analyzer

    • C.

      (C) Network scanner

    • D.

      (D) SIEM

    Correct Answer
    B. (B) Protocol analyzer
    Explanation
    The best tool to capture and analyze network traffic between two servers is a protocol analyzer. A protocol analyzer allows you to capture and inspect network packets, helping you identify any issues or anomalies in the network traffic. It provides detailed information about the protocols being used, source and destination IP addresses, port numbers, and other relevant data. This tool is essential for troubleshooting network issues and understanding the communication between servers. Network mapper, network scanner, and SIEM are not specifically designed for capturing and analyzing network traffic in the same level of detail as a protocol analyzer.

    Rate this question:

  • 40. 

    Management within your company wants to implement a method that will authorize employees based on several elements, including the employee's identity, location, time of day, and type of device used by the employee. Which of the following will meet this need?

    • A.

      (A) Geofence

    • B.

      (B) Containerization

    • C.

      (C) Tethering

    • D.

      (D) Context-aware authentication

    Correct Answer
    D. (D) Context-aware authentication
    Explanation
    Context-aware authentication is the correct answer because it involves authorizing employees based on multiple factors such as their identity, location, time of day, and type of device used. This method takes into account the context in which the employee is accessing the system and adjusts the authentication process accordingly. By considering these various elements, context-aware authentication provides a more secure and customized approach to authorizing employees. Geofence, containerization, and tethering are not specifically designed to meet all the mentioned needs in the question.

    Rate this question:

  • 41. 

    Your organization has several switches within the network. You need to implement a security control to prevent unauthorized access to these switches. Which of the following choices BEST meets this need?

    • A.

      (A) Disable unused ports.

    • B.

      (B) Implement an implicit deny rule.

    • C.

      (C) Disable STP.

    • D.

      (D) Enable SSH.

    Correct Answer
    A. (A) Disable unused ports.
    Explanation
    Disabling unused ports is the best choice to prevent unauthorized access to switches. By disabling unused ports, you ensure that only the necessary ports are active and accessible. This reduces the potential attack surface and makes it more difficult for unauthorized individuals to gain access to the switches. Implementing an implicit deny rule, disabling STP, or enabling SSH may be part of a comprehensive security strategy, but they do not directly address the need to prevent unauthorized access to switches.

    Rate this question:

  • 42. 

    Your organization wants to combine some of the security controls used to control incoming and outgoing network traffic. At a minimum, the solution should include malware inspection, content inspection, and a DDOS mitigator. Which of the following BEST meets this goal? 

    • A.

      (A) VLAN

    • B.

      (B) NAT

    • C.

      (C) UTM

    • D.

      (D) DNSSEC

    Correct Answer
    C. (C) UTM
    Explanation
    A UTM (Unified Threat Management) solution is the best choice for combining security controls for incoming and outgoing network traffic. UTM integrates multiple security features such as malware inspection, content inspection, and DDOS mitigation into a single platform, making it efficient and effective in protecting the network. VLAN (A) is a network segmentation technique and does not provide the required security controls. NAT (B) is a network address translation technique and does not offer the necessary security features. DNSSEC (D) is a security extension for DNS but does not encompass all the required controls. Therefore, UTM is the most suitable option for this scenario.

    Rate this question:

  • 43. 

    Bizzfad is planning to implement a CYOD deployment model. You're asked to provide input for the new policy. Which of the following concepts are appropriate for this policy?

    • A.

      (A) SCADA access

    • B.

      (B) Storage segmentation

    • C.

      (C) Database security

    • D.

      (D) Embedded RTOS

    Correct Answer
    B. (B) Storage segmentation
    Explanation
    Storage segmentation is an appropriate concept for a CYOD (Choose Your Own Device) deployment model. CYOD allows employees to choose their own devices for work purposes, but it also requires implementing policies to ensure security and control. Storage segmentation involves dividing the storage space on a device into separate partitions, allowing for better organization and security of data. This concept is relevant in a CYOD policy as it helps to ensure that sensitive company data is stored separately from personal data on the employee's chosen device, maintaining data security and privacy.

    Rate this question:

  • 44. 

    Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. Which protocol is the BEST choice? 

    • A.

      (A) TLS

    • B.

      (B) SMTP

    • C.

      (C) HTTP

    • D.

      (D) SSH

    Correct Answer
    A. (A) TLS
    Explanation
    TLS (Transport Layer Security) is the best choice for establishing a secure link between mail servers over the Internet. TLS provides encryption and authentication, ensuring that the data transmitted between the servers is protected from eavesdropping and tampering. SMTP (Simple Mail Transfer Protocol) is the protocol used for sending emails, but it does not provide the same level of security as TLS. HTTP (Hypertext Transfer Protocol) is used for web browsing and is not suitable for secure mail server connections. SSH (Secure Shell) is a protocol used for secure remote access to systems, but it is not specifically designed for securing mail server connections.

    Rate this question:

  • 45. 

    Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal? 

    • A.

      (A) SMTP

    • B.

      (B) TLS

    • C.

      (C) SFTP

    • D.

      (D) SRTP

    Correct Answer
    D. (D) SRTP
    Explanation
    SRTP (Secure Real-time Transport Protocol) is the best protocol to increase security for VoIP and video teleconferencing applications. SRTP provides encryption, authentication, and integrity for the transmitted data, ensuring that the communication remains confidential and protected against eavesdropping and tampering. SMTP (Simple Mail Transfer Protocol) is used for email transmission, TLS (Transport Layer Security) is used for securing internet communications, and SFTP (Secure File Transfer Protocol) is used for secure file transfers. However, none of these protocols are specifically designed for securing VoIP and video teleconferencing applications like SRTP.

    Rate this question:

  • 46. 

    Developers recently configured a new service on ServerA. Server A is in a DMZ and accessed by internal users and via the Internet. Network administrators modified firewall rules to access the service. Testing shows the service works when accessed from the internal systems. However, it does not work when accessed from the Internet. Which of the following is MOST likely configured incorrectly?

    • A.

      (A) The new service

    • B.

      (B) An ACL

    • C.

      (C) ServerA

    • D.

      (D) The VLAN

    Correct Answer
    B. (B) An ACL
    Explanation
    The most likely configuration that is incorrect in this scenario is the ACL (Access Control List). An ACL is a set of rules that determines what traffic is allowed or denied on a network. Since the service works when accessed from internal systems but not from the internet, it suggests that the ACL is blocking incoming internet traffic to the service on ServerA.

    Rate this question:

  • 47. 

    Your email server is getting overloaded with spam and much of it is malicious. You need to implement a solution that can help reduce the amount of spam reaching the email server. Which of the following is the BEST choice?

    • A.

      (A) Reverse proxy

    • B.

      (B) Media gateway

    • C.

      (C) Web application firewall

    • D.

      (D) Mail gateway

    Correct Answer
    D. (D) Mail gateway
    Explanation
    A mail gateway is the best choice for reducing the amount of spam reaching the email server. A mail gateway acts as a filter, scanning incoming emails and blocking or flagging spam messages before they reach the email server. This helps to reduce the server's workload and prevents malicious content from entering the system. A reverse proxy, media gateway, and web application firewall are not specifically designed for spam filtering in email servers.

    Rate this question:

  • 48. 

    Your organization hosts an e-commerce business that has become quite successful recently. It includes a web farm and a database server within the DMZ. IT management is concerned that there isn't enough staff working around the clock to protect these servers. Which of the following would provide the BEST automated protection for these servers? 

    • A.

      (A) NIDS and HIDS

    • B.

      (B) NIPS and HIPS

    • C.

      SIEM and NIPS

    • D.

      SIEM and NIDS

    Correct Answer
    B. (B) NIPS and HIPS
    Explanation
    NIPS (Network Intrusion Prevention System) and HIPS (Host Intrusion Prevention System) provide the best automated protection for the servers in this scenario. NIPS monitors network traffic for any suspicious activity and can actively block or prevent any potential attacks. HIPS, on the other hand, is installed on individual servers and monitors for any unauthorized access or malicious activity on the host level. Together, NIPS and HIPS provide comprehensive protection for both the network and the individual servers, ensuring the security of the e-commerce business.

    Rate this question:

  • 49. 

    Management within your organization wants some users to be able to access internal network resources from remote locations. Which of the following is the BEST choice to meet this need? 

    • A.

      (A) NAC

    • B.

      (B) VPN

    • C.

      (C) IDS

    • D.

      (D) IPS

    Correct Answer
    B. (B) VPN
    Explanation
    A VPN (Virtual Private Network) is the best choice to meet the need of allowing users to access internal network resources from remote locations. A VPN creates a secure and encrypted connection over a public network, such as the internet, allowing users to access resources as if they were directly connected to the internal network. This ensures the privacy and security of the data being transmitted between the user and the internal network, making it the ideal solution for remote access.

    Rate this question:

  • 50. 

    You are considering rebooting a database server and want to identify if it has any active network connections. Which of the following commands will list active network connections? 

    • A.

      (A) Arp

    • B.

      (B) Ipconfig

    • C.

      (C) Ping

    • D.

      (D) Netstat

    Correct Answer
    D. (D) Netstat
    Explanation
    The command "Netstat" is used to display active network connections on a computer. It provides information about the active connections, listening ports, and routing tables. By using this command, you can identify if the database server has any active network connections before rebooting it. The other options, such as "Arp," "Ipconfig," and "Ping," do not provide the same functionality as "Netstat" in listing active network connections.

    Rate this question:

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.