SEC Technologies And Tools - Cyber Security Quiz

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Alfredhook3
A
Alfredhook3
Community Contributor
Quizzes Created: 2945 | Total Attempts: 2,890,246
| Attempts: 614 | Questions: 78
Please wait...
Question 1 / 78
0 %
0/100
Score 0/100
1. Your company's web site experiences a large number of client requests during certain times of the year. Which of the following would your company add to ensure the web site's availability during these times? 

Explanation

Load balancing is the correct answer because it helps distribute client requests across multiple servers, ensuring that no single server becomes overwhelmed with traffic. By evenly distributing the workload, load balancing helps maintain the availability and performance of the website, even during peak times when there is a large influx of client requests. This helps prevent any single server from becoming a bottleneck and ensures that the website remains accessible to all users.

Submit
Please wait...
About This Quiz
SEC Technologies And Tools - Cyber SECurity Quiz - Quiz

As an innovative company, SEC Technologies is continuously working on game-changing solutions to protect government agencies, organizations and companies of all sizes and industries against the increasing number... see moreof cyber-attacks.
This is a Cyber Security Quiz about SEC Technologies and Tools! see less

2. Lisa is enabling NTP on some servers within the DMZ. Which of the following cases is the MOST likely supporting with this action?

Explanation

Enabling NTP (Network Time Protocol) on servers within the DMZ is most likely supporting the action of providing time synchronization. NTP is a protocol used for synchronizing the clocks of computer systems over a network. By enabling NTP on the servers, Lisa ensures that all the servers within the DMZ have accurate and synchronized time, which is important for various network operations, logging, authentication, and other time-sensitive processes. This action helps in maintaining consistency and coordination among the servers within the DMZ.

Submit
3. Management within your organization wants some users to be able to access internal network resources from remote locations. Which of the following is the BEST choice to meet this need? 

Explanation

A VPN (Virtual Private Network) is the best choice to meet the need of allowing users to access internal network resources from remote locations. A VPN creates a secure and encrypted connection over a public network, such as the internet, allowing users to access resources as if they were directly connected to the internal network. This ensures the privacy and security of the data being transmitted between the user and the internal network, making it the ideal solution for remote access.

Submit
4. Lisa is enabling NTP on some servers within the DMZ. Which of the following use cases is she MOST likely supporting with this action?

Explanation

Enabling NTP (Network Time Protocol) on servers within the DMZ is most likely done to provide time synchronization. NTP is a protocol used to synchronize the clocks of computers on a network, ensuring that they all have the same time. This is important for various reasons, such as accurate logging, coordination of events, and maintaining consistency in distributed systems. It is not directly related to supporting voice and video transmissions, enabling email usage, or encrypting data-in-transit.

Submit
5. Management within your organization wants some users to be able to access internal network resources from remote locations. Which of the following is the BEST choice to meet this need?

Explanation

A VPN (Virtual Private Network) is the best choice to meet the need of allowing users to access internal network resources from remote locations. A VPN creates a secure and encrypted connection between the user's device and the internal network, ensuring that data is protected from unauthorized access while being transmitted over the internet. This allows users to securely access internal resources, such as files, applications, and servers, as if they were directly connected to the internal network. NAC (Network Access Control), IDS (Intrusion Detection System), and IPS (Intrusion Prevention System) are not specifically designed to provide remote access to network resources.

Submit
6. Your organization's security policy requires that PII data-in-transit must be encrypted. Which of the following protocols would BEST meet this requirement? 

Explanation

SSH (Secure Shell) is a network protocol that provides a secure way to access and transfer data over an unsecured network. It uses encryption to protect the confidentiality and integrity of data during transmission. Therefore, SSH would be the best protocol to meet the organization's security policy requirement of encrypting PII data-in-transit. FTP, SMTP, and HTTP do not provide the same level of encryption and security as SSH.

Submit
7. You manage a Linux computer used for security within your network. You plan to use it to inspect and handle network-based traffic using iptables. Which of the following network devices can this replace?

Explanation

Iptables is a powerful firewall tool in Linux that allows you to inspect and handle network-based traffic. It can filter and manipulate packets based on various criteria such as source/destination IP addresses, ports, protocols, etc. Therefore, using iptables on a Linux computer can replace a dedicated firewall device, making option (B) the correct answer.

Submit
8. Your organization is planning to deploy a new e-commerce web site. Management anticipates heavy processing requirements for a back-end application. The current design will use one web server and multiple application servers. Which of the following BEST describes the application servers?

Explanation

The application servers in this scenario are responsible for distributing the processing load among multiple servers to ensure efficient and effective handling of the heavy processing requirements. Load balancing involves evenly distributing the incoming requests across multiple servers, thereby optimizing performance and preventing any single server from becoming overwhelmed. This approach helps to improve scalability, availability, and responsiveness of the e-commerce web site.

Submit
9. You suspect that an attacker has been sending specially crafted TCP packets to a server trying to exploit vulnerability. You decide to capture TCP packets being sent to this server for later analysis and you want to use a command-line tool to do so. Which of the following tools will BEST meet your need? 

Explanation

Tcpdump is the best tool to capture TCP packets being sent to a server for later analysis. Tcpdump is a command-line packet analyzer that allows you to capture and display network packets. It can capture packets in real-time and save them to a file for later analysis. By using Tcpdump, you can monitor the network traffic and analyze the packets to identify any suspicious activity or potential attacks.

Submit
10. Your organization recently suffered a loss from malware that wasn't previously known by any trusted sources. Which of the following BEST describes this attack? 

Explanation

The correct answer is (B) Zero-day. A zero-day attack refers to a cyber attack that exploits a vulnerability in a software or system that is unknown to the software developers or security experts. In this scenario, the organization suffered a loss from malware that was not previously known by any trusted sources, indicating that the attack took advantage of a vulnerability that was not yet discovered or patched. This type of attack can be particularly dangerous as there are no known defenses or countermeasures available to protect against it.

Submit
11. A penetration tester is running several tests on a server within your organization's DMZ. The tester wants to identify the operating system of the remote host. Which of the following tools or methods are MOST likely to provide this information?

Explanation

Banner grabbing is the most likely tool or method to identify the operating system of a remote host. Banner grabbing involves capturing and analyzing the banners or headers that are sent by the server in response to a connection request. These banners often contain information about the server's operating system, version, and other details. By analyzing the banners, a penetration tester can determine the operating system of the remote host. Vulnerability scans, password crackers, and protocol analyzers are not specifically designed to identify the operating system of a remote host.

Submit
12. Your organization wants to combine some of the security controls used to control incoming and outgoing network traffic. At a minimum, the solution should include malware inspection, content inspection, and a DDOS mitigator. Which of the following BEST meets this goal? 

Explanation

A UTM (Unified Threat Management) solution is the best choice for combining security controls for incoming and outgoing network traffic. UTM integrates multiple security features such as malware inspection, content inspection, and DDOS mitigation into a single platform, making it efficient and effective in protecting the network. VLAN (A) is a network segmentation technique and does not provide the required security controls. NAT (B) is a network address translation technique and does not offer the necessary security features. DNSSEC (D) is a security extension for DNS but does not encompass all the required controls. Therefore, UTM is the most suitable option for this scenario.

Submit
13. Developers recently configured a new service on ServerA. Server A is in a DMZ and accessed by internal users and via the Internet. Network administrators modified firewall rules to access the service. Testing shows the service works when accessed from the internal systems. However, it does not work when accessed from the Internet. Which of the following is MOST likely configured incorrectly?

Explanation

The most likely configuration that is incorrect in this scenario is the ACL (Access Control List). An ACL is a set of rules that determines what traffic is allowed or denied on a network. Since the service works when accessed from internal systems but not from the internet, it suggests that the ACL is blocking incoming internet traffic to the service on ServerA.

Submit
14. Your organization hosts an e-commerce business that has become quite successful recently. It includes a web farm and a database server within the DMZ. IT management is concerned that there isn't enough staff working around the clock to protect these servers. Which of the following would provide the BEST automated protection for these servers? 

Explanation

NIPS (Network Intrusion Prevention System) and HIPS (Host Intrusion Prevention System) provide the best automated protection for the servers in this scenario. NIPS monitors network traffic for any suspicious activity and can actively block or prevent any potential attacks. HIPS, on the other hand, is installed on individual servers and monitors for any unauthorized access or malicious activity on the host level. Together, NIPS and HIPS provide comprehensive protection for both the network and the individual servers, ensuring the security of the e-commerce business.

Submit
15. Your network includes dozens of servers. Administrators in your organization are having problems aggregating and correlating the logs from these services. Which of the following provides the BEST solution for these problems?

Explanation

SIEM (Security Information and Event Management) provides the best solution for aggregating and correlating logs from multiple servers. SIEM systems collect and analyze data from various sources, including logs, to identify and respond to security incidents. By centralizing logs and providing real-time analysis, SIEM enables administrators to detect and investigate security threats more effectively. Network mappers and scanners, such as Nmap, are used for network discovery and vulnerability scanning, but they do not offer the same level of log aggregation and correlation capabilities as SIEM. Therefore, SIEM is the most suitable solution for the given problem.

Submit
16. Which type of device would have the following entries used to define its operation?  permit IP any any eq 80 permit IP any any eq 443 deny IP and any any

Explanation

The given entries "permit IP any any eq 80" and "permit IP any any eq 443" indicate that the device is allowing incoming traffic on ports 80 and 443, which are commonly used for HTTP and HTTPS protocols respectively. The entry "deny IP any any" suggests that the device is blocking all other types of IP traffic. This behavior aligns with the functionality of a firewall, which is designed to monitor and control network traffic based on predefined rules. Therefore, the correct answer is (A) Firewall.

Submit
17. Your organization has a dedicated classroom for teaching computer classes. Students include internal employees and visiting guests. Security administrators recently discovered that students were unplugging the network cable from some classroom computers and plugging the network cable into their laptop computer, giving them access to network resources. Which of the following is the BEST solution to prevent this activity? 

Explanation

Port security is the best solution to prevent students from unplugging the network cable from classroom computers and plugging it into their laptops. Port security allows administrators to restrict access to network resources by binding specific MAC addresses to specific switch ports. This means that only authorized devices with registered MAC addresses can access the network through a particular port, preventing unauthorized devices from gaining network access.

Submit
18. You need to perform tests on your network to identify missing security controls. However, you want to have the least impact on your systems that users are accessing. Which of the following tools is the BEST to meet this need?

Explanation

A vulnerability scan is the best tool to meet the need of identifying missing security controls with the least impact on the systems that users are accessing. Unlike other options, such as a syn stealth scan or penetration test, a vulnerability scan focuses on identifying vulnerabilities and weaknesses in the network infrastructure and systems. It does not attempt to exploit or disrupt the systems being tested, minimizing the impact on the systems and users. A ping scan, on the other hand, is a basic network scanning technique that only checks the availability of hosts and does not provide detailed information about security controls.

Submit
19. Lisa wants to manage and monitor the switches and routers in her network. Which of the following protocols would she use?

Explanation

Lisa would use SNMPv3 (Simple Network Management Protocol version 3) to manage and monitor the switches and routers in her network. SNMPv3 is a widely used protocol for network management and provides secure access to network devices, allowing Lisa to gather information about their performance, configure settings, and receive notifications of any issues or changes. It offers authentication and encryption features, making it a suitable choice for ensuring the security of her network management activities.

Submit
20. Your organization hosts several web servers in a web farm. They have recently been attacked, resulting in unacceptable downtime. Management wants to implement a solution that will provide protection for the web farm and include load balancing to improve the overall performance of the farm. Which of the following BEST meet this need?

Explanation

A web application firewall is the best solution to meet the organization's need for protection and load balancing in the web farm. A web application firewall is specifically designed to protect web applications from various types of attacks, including those that caused the recent downtime. It can inspect and filter incoming and outgoing traffic to detect and block malicious requests. Additionally, a web application firewall can also distribute incoming traffic across multiple servers in the web farm, thereby improving the overall performance and availability of the web applications.

Submit
21. Bizzfad is planning to implement a CYOD deployment model. You're asked to provide input for the new policy. Which of the following concepts are appropriate for this policy?

Explanation

Storage segmentation is an appropriate concept for a CYOD (Choose Your Own Device) deployment model. CYOD allows employees to choose their own devices for work purposes, but it also requires implementing policies to ensure security and control. Storage segmentation involves dividing the storage space on a device into separate partitions, allowing for better organization and security of data. This concept is relevant in a CYOD policy as it helps to ensure that sensitive company data is stored separately from personal data on the employee's chosen device, maintaining data security and privacy.

Submit
22. Management suspects that employees have been sending proprietary data out of the network via email. They want to implement a solution that will detect and block similar incidents in the future. Which of the following is the BEST choice to meet this need? 

Explanation

A mail gateway is the best choice to meet the need of detecting and blocking incidents of sending proprietary data out of the network via email. A mail gateway is a security solution that monitors and filters email traffic, allowing organizations to enforce policies and prevent unauthorized data transfers. It can scan email attachments and content for sensitive information, detect patterns that indicate data leakage, and block or quarantine suspicious emails. By implementing a mail gateway, management can effectively prevent future incidents of sending proprietary data out of the network via email.

Submit
23. Ned is not able to access any network resources from his Linux-based computer. Which of the following commands would he use to view the network configuration of his system? 

Explanation

Ned would use the "ifconfig" command to view the network configuration of his Linux-based computer. This command is used to display the current network configuration, including IP addresses, network interfaces, and other network-related information.

Submit
24. Of the following choices, what can you use to divert malicious attacks on your network away from valuable data to worthless, fabricated data? 

Explanation

A honeypot is a security mechanism that is used to divert and distract malicious attacks on a network. It is designed to appear as a valuable target to attackers, attracting their attention and luring them away from actual valuable data. By directing attackers towards the honeypot, organizations can monitor their behavior, gather information about their tactics, and protect their real data from being compromised.

Submit
25. Management within your company wants to prevent users from copying documents to USB flash drives. Which of the following can be used to meet this goal? 

Explanation

DLP stands for Data Loss Prevention, which is a security solution that helps organizations monitor and control sensitive data to prevent its unauthorized disclosure. In this scenario, DLP can be used to prevent users from copying documents to USB flash drives by implementing policies and rules that detect and block any attempts to copy data to removable storage devices. DLP can also provide alerts and notifications to the management team when such activities occur, allowing them to take appropriate action to mitigate the risk of data loss.

Submit
26. A HIDS reported a vulnerability on a system based on a known attack. After researching the alert from the HIDS, you identify the recommended solution and begin applying it. What type of HIDS is in use?

Explanation

The correct answer is (B) Signature-based. A signature-based HIDS works by comparing the patterns or signatures of known attacks against the system being monitored. In this scenario, the HIDS reported a vulnerability based on a known attack, indicating that it detected a matching signature or pattern. The recommended solution is then applied to mitigate the vulnerability.

Submit
27. After recently adding additional network devices, administrators noticed an increased workload related to their IDS. Which of the following can cause an increased workload from incorrect reporting?

Explanation

False positives can cause an increased workload from incorrect reporting. False positives occur when the IDS incorrectly identifies legitimate network traffic or behavior as malicious. This can result in administrators having to spend time investigating and responding to these false alarms, which increases their workload.

Submit
28. Your organization hosts an e-commerce business that has become quite successful recently. It includes a web farm and a database server within the DMZ. IT management is concerned that there isn't enough staff working around the clock to protect these servers. Which of the following would provide the BEST automated protection for these servers?

Explanation

NIPS (Network Intrusion Prevention System) and HIPS (Host Intrusion Prevention System) would provide the best automated protection for the web farm and database server within the DMZ. NIPS monitors network traffic for any suspicious activity and can actively block or prevent intrusions in real-time. HIPS, on the other hand, is installed on individual hosts and monitors their activity, preventing any unauthorized changes or malicious behavior. Together, NIPS and HIPS provide comprehensive protection for both the network and the individual servers, ensuring the security of the e-commerce business.

Submit
29. Attackers have recently launched several attacks against servers in your organization's DMZ. You are tasked with identifying a solution that will have the best chance at preventing these attacks in the future. Which of the following is the BEST choice? 

Explanation

An in-band IPS (Intrusion Prevention System) is the best choice for preventing future attacks against servers in the organization's DMZ. Unlike an out-of-band IPS, which only monitors network traffic, an in-band IPS actively inspects and filters the traffic in real-time. This allows it to detect and block any malicious activity before it reaches the servers, providing a proactive defense against attacks. A passive IDS (Intrusion Detection System) only monitors traffic and does not actively prevent attacks, while an out-of-band IDS lacks the real-time capabilities of an in-band IPS.

Submit
30. A penetration tester is tasked with gaining information on one of your internal servers and he enters the following command: echo " " | nc -vv -n -w1 72.52.206.134 80 What is the purpose of this command?

Explanation

The purpose of the given command is to identify if a server is running a service using port 80 and is reachable. The command uses Netcat (nc) to establish a connection with the server's IP address on port 80. The "-vv" option enables verbose output, "-n" disables DNS resolution, and "-w1" sets a timeout of 1 second. The "echo" command is used to send an empty string as input to the server. If the connection is successful and the server is running a service on port 80, it will respond, indicating that the server is reachable.

Submit
31. Flancrest Enterprises recently set up a web site utilizing several web servers in a web farm. The web farm spreads the load among the different web servers by sending the first request to one server, the next request to the second server, and so on. Which of the following BEST describes this configuration? 

Explanation

This configuration is described as "round-robin." In a round-robin configuration, the load is distributed evenly among the web servers in the web farm by sending each request to the next server in a sequential order. This ensures that each server receives an equal share of the workload, preventing any single server from being overwhelmed.

Submit
32. Lenny noticed a significant number of logon failures for administrator accounts on the organization's public web site. After investigating it further, he notices that most of these attempts are from IP addresses assigned to foreign countries. He wants to implement a solution that will detect and prevent similar attacks. Which of the following is the BEST choice?

Explanation

Implementing an IPS (Intrusion Prevention System) would be the best choice in this scenario. An IPS can detect and prevent attacks by analyzing network traffic and identifying any suspicious or malicious activity. By implementing an IPS, Lenny can effectively detect and block any further login attempts from foreign IP addresses, thereby preventing similar attacks on the organization's public web site. Adding a flood guard to the network may help mitigate against DDoS attacks but will not specifically address the issue of logon failures. Blocking all traffic from foreign countries may not be feasible or practical, as it could potentially block legitimate users from accessing the web site. Disabling the administrator accounts would not address the root cause of the problem and may hinder the organization's operations.

Submit
33. You need to configure a UTM security appliance to restrict traffic going to social media sites. Which of the following are you MOST likely to configure?

Explanation

To restrict traffic going to social media sites, the most likely configuration would be a URL filter. A URL filter allows you to block or allow access to specific websites based on their URLs. By configuring a URL filter, you can specify a list of social media site URLs that you want to block, effectively restricting access to those sites. This can be useful in a corporate or educational environment where the use of social media may be deemed inappropriate or distracting.

Submit
34. You need to modify the network infrastructure to increase availability of web-based applications for Internet clients. Which of the following choices provides the BEST solution?

Explanation

Load balancing is the best solution for increasing the availability of web-based applications for Internet clients. Load balancing distributes incoming network traffic across multiple servers, ensuring that no single server is overwhelmed with requests. This helps to prevent downtime and improves the overall performance and reliability of the applications. By evenly distributing the workload, load balancing also allows for scalability and flexibility in handling increased traffic.

Submit
35. Your network uses an authentication service base on X.500 specification. When encrypted, it uses TLS. Which authentication service is your network using?

Explanation

The network is using LDAP (Lightweight Directory Access Protocol) as the authentication service based on the X.500 specification. LDAP is commonly used in network environments to access and manage directory information, such as user accounts and authentication credentials. The mention of TLS (Transport Layer Security) indicates that the communication between the network and the authentication service is encrypted, ensuring secure transmission of sensitive data.

Submit
36. You are tasked with configuring a switch so that it separates VoIP and data traffic. Which of the following provides the BEST solution?

Explanation

VLAN (Virtual Local Area Network) provides the best solution for separating VoIP and data traffic on a switch. VLAN allows the network administrator to create separate virtual networks within a physical network infrastructure. By assigning VoIP devices and data devices to different VLANs, the traffic can be isolated and kept separate from each other. This ensures that the VoIP traffic remains secure and prioritized, while also preventing any interference or congestion from the data traffic. NAC (Network Access Control) is a security solution, DMZ (Demilitarized Zone) is a network architecture, and SRTP (Secure Real-time Transport Protocol) is a security protocol, but none of them specifically address the requirement of separating VoIP and data traffic like VLAN does.

Submit
37. You need to send several large files containing proprietary data to a business partner. Which of the following is the BEST choice for this task?

Explanation

SFTP (Secure File Transfer Protocol) is the best choice for sending several large files containing proprietary data to a business partner. SFTP provides a secure and encrypted method of transferring files over a network. It ensures the confidentiality and integrity of the data being transferred, protecting it from unauthorized access or tampering. FTP (File Transfer Protocol) is not secure as it transmits data in plain text, SNMPv3 (Simple Network Management Protocol) is not designed for file transfer, and SRTP (Secure Real-time Transport Protocol) is used for securing real-time communication, not file transfer.

Submit
38. You suspect someone has been trying a brute force password attack on a Linux system. Which of the following logs should you check to view failed authentication attempts by users?

Explanation

To view failed authentication attempts by users, you should check the /var/log/btmp log on the Linux system. This log file records all failed login attempts, including those made by brute force password attacks. The other options (/var/log/fail, var/log/httpd, /var/log/kern) are incorrect as they do not specifically log failed authentication attempts.

Submit
39. Your email server is getting overloaded with spam and much of it is malicious. You need to implement a solution that can help reduce the amount of spam reaching the email server. Which of the following is the BEST choice?

Explanation

A mail gateway is the best choice for reducing the amount of spam reaching the email server. A mail gateway acts as a filter, scanning incoming emails and blocking or flagging spam messages before they reach the email server. This helps to reduce the server's workload and prevents malicious content from entering the system. A reverse proxy, media gateway, and web application firewall are not specifically designed for spam filtering in email servers.

Submit
40. Marge, a security administrator, is tasked with ensuring that all devices have updated virus definition files before they can access network resources. Which of the following technologies would help her accomplish this goal? 

Explanation

NAC stands for Network Access Control. It is a technology that allows security administrators to ensure that all devices connecting to the network meet certain security requirements before being granted access to network resources. In this scenario, Marge can use NAC to enforce the requirement of having updated virus definition files on all devices before they can access network resources. NAC can verify the presence and currency of virus definition files on devices, ensuring that they are protected against malware threats before allowing them onto the network.

Submit
41. Management asks you if you can modify the wireless network to prevent users from easily discovering it. Which of the following would you modify to meet this goal? 

Explanation

To prevent users from easily discovering the wireless network, you would modify the SSID broadcast. The SSID (Service Set Identifier) is the name of the wireless network that is broadcasted to allow devices to connect to it. By disabling the SSID broadcast, the network will not be visible to users scanning for available networks, making it more difficult for unauthorized users to find and connect to the network.

Submit
42. You have configured a firewall in your network to block ICMP traffic. You want to verify that it is blocking this traffic. Which of the following commands would you use? 

Explanation

To verify that the firewall is blocking ICMP traffic, you would use the "ping" command. The ping command is used to send ICMP echo request packets to a specific network device or IP address and wait for a response. If the firewall is blocking ICMP traffic, the ping command will not receive a response from the target device, indicating that the traffic is being blocked. Therefore, using the ping command will help you confirm whether the firewall configuration is correctly blocking ICMP traffic.

Submit
43. Management within your company wants to restrict access to the Bizz app from mobile devices. If users are within the company's property, they should be granted access. If they are not within the company's property, their access should be blocked. Which of the following answers provides the BEST solution to meet this goal? 

Explanation

Geofencing is the best solution to restrict access to the Bizz app from mobile devices based on the user's location. Geofencing uses GPS or RFID technology to create a virtual boundary around a specific geographic area. By implementing geofencing, the company can define their property as the designated area where users are granted access to the app. When users are outside this boundary, their access will be automatically blocked, ensuring that only users within the company's property can use the app. Geofencing provides an effective and efficient way to control access based on location.

Submit
44. An organization has a large network with dozens of servers. Administrators are finding it difficult to review and analyze the logs from all the network devices. They are looking for a solution to aggregate and correlate the logs. Which of the following choices BEST meets this need? 

Explanation

SIEM stands for Security Information and Event Management. It is a solution that helps organizations aggregate and correlate logs from various network devices. SIEM systems collect and analyze logs in real-time, providing administrators with a centralized platform to review and analyze the data. This helps identify security incidents, detect anomalies, and respond to threats more effectively. Nmap, Netcat, and Wireshark are not designed for log aggregation and correlation, making SIEM the best choice for this need.

Submit
45. Management is concerned about malicious activity and wants to implement a security control that will detect unusual traffic on the network. Which of the following is the BEST choice to meet this goal?

Explanation

An anomaly-based IDS is the best choice to detect unusual traffic on the network. Unlike a signature-based IDS, which relies on known patterns and signatures of attacks, an anomaly-based IDS can detect new and unknown threats by analyzing network traffic for deviations from normal behavior. This makes it more effective in detecting malicious activity that may not have a known signature. A network-based firewall, although it can provide some level of security, may not be as effective in detecting unusual traffic patterns as an anomaly-based IDS. A honeynet is a network decoy used to attract attackers, but it does not directly detect or prevent malicious activity.

Submit
46. Your organization recently implemented a BYOD policy. However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources. Which of the following agents would the NAC MOST likely have?

Explanation

The NAC (Network Access Control) would most likely have dissolvable agents in this scenario. Dissolvable agents are temporary software components that are installed on mobile devices to check and enforce security policies before granting access to network resources. They are typically used in situations where devices need to meet minimum security standards before being allowed on the network. Unlike permanent agents, which remain on the device even after accessing the network, dissolvable agents are removed once the security checks are completed.

Submit
47. You need to implement anti-spoofing on a border router. Which one of the following choices will BEST meet this goal?

Explanation

Creating rules to block all incoming traffic from a private IP address would be the best choice to implement anti-spoofing on a border router. Spoofing involves an attacker disguising their IP address to appear as a trusted private IP address. By blocking all incoming traffic from private IP addresses, the router can prevent spoofed traffic from entering the network, thereby enhancing security and mitigating potential spoofing attacks.

Submit
48. You are considering rebooting a database server and want to identify if it has any active network connections. Which of the following commands will list active network connections? 

Explanation

The command "Netstat" is used to display active network connections on a computer. It provides information about the active connections, listening ports, and routing tables. By using this command, you can identify if the database server has any active network connections before rebooting it. The other options, such as "Arp," "Ipconfig," and "Ping," do not provide the same functionality as "Netstat" in listing active network connections.

Submit
49. An organization is hosting a VPN. Management wants to ensure that all VPN clients are using up-to-date operating systems and antivirus software. Which of the following would BEST meet this need? 

Explanation

NAC stands for Network Access Control. It is a security solution that ensures that only authorized and compliant devices can access a network. In this scenario, using NAC would be the best option to meet the organization's requirement of ensuring that all VPN clients are using up-to-date operating systems and antivirus software. NAC can enforce policies that require devices to have the latest updates and antivirus software before granting them access to the VPN. This helps to maintain the security and integrity of the network by preventing vulnerable or compromised devices from connecting.

Submit
50. Your organization recently implemented a BYOD policy. However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources. Which of the following agents would the NAC MOST likely have? 

Explanation

The NAC (Network Access Control) would most likely have dissolvable agents in order to ensure that mobile devices meet minimum security standards before accessing network resources. Dissolvable agents are temporary software components that are installed on the device during the authentication process and are removed once the device is deemed compliant. This allows for a more flexible and scalable approach to enforcing security policies on a wide range of devices without requiring permanent installations or modifications.

Submit
51. Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. Which protocol is the BEST choice? 

Explanation

TLS (Transport Layer Security) is the best choice for establishing a secure link between mail servers over the Internet. TLS provides encryption and authentication, ensuring that the data transmitted between the servers is protected from eavesdropping and tampering. SMTP (Simple Mail Transfer Protocol) is the protocol used for sending emails, but it does not provide the same level of security as TLS. HTTP (Hypertext Transfer Protocol) is used for web browsing and is not suitable for secure mail server connections. SSH (Secure Shell) is a protocol used for secure remote access to systems, but it is not specifically designed for securing mail server connections.

Submit
52. A new device security policy has authorized the use of employee-owned devices but mandates additional security controls to protect them if they are lost or stolen. Which of the following meets this goal?

Explanation

Screen locks and device encryption meet the goal of protecting employee-owned devices if they are lost or stolen. Screen locks prevent unauthorized access to the device, while device encryption ensures that the data stored on the device is encrypted and cannot be accessed without the proper credentials. This combination of security controls helps to safeguard the sensitive information on the device and mitigate the risk of data breaches in case of loss or theft. Patch management and change management (option B) are unrelated to device security, and full device encryption and IaaS (option D) are not mentioned in the context of the question.

Submit
53. Lisa is using a Linux computer to monitor network traffic. She connected the computer to the mirror port of a switch and started the logging software. However, she found that the only traffic being collected is traffic to or from the Linux computer. She wants to collect all traffic going through the switch. Which of the following actions should she take?

Explanation

The correct answer is (B) Run the command ifconfig eth0promisc. By running this command, Lisa can enable promiscuous mode on the network interface eth0, which allows the Linux computer to capture all network traffic passing through the switch. This will ensure that all traffic going through the switch is collected by the logging software.

Submit
54. Your organization has been receiving a significant amount of spam with links to malicious web sites. You want to stop the spam. Of the following choices, which provides the BEST solution? 

Explanation

Adding the domain to a block list is the best solution because it allows the organization to prevent any emails or messages originating from that domain from reaching their network. This effectively blocks all spam messages containing links to malicious websites, reducing the risk of users clicking on these links and compromising their security. Using a URL filter or MAC filter may not be as effective in this scenario as they may not specifically target the domain in question. Adding antivirus software can help detect and remove malware, but it may not prevent the spam messages from reaching the organization's network in the first place.

Submit
55. Your organization is planning to implement a VPN. They want to ensure that after a VPN client connects to the VPN server, all traffic from the VPN client is encrypted. Which of the following would BEST meet this goal? 

Explanation

A full tunnel VPN configuration ensures that all traffic from the VPN client is encrypted and sent through the VPN server. This means that all internet traffic, including web browsing, email, and other applications, will be protected and secured. Split tunneling, on the other hand, allows some traffic to bypass the VPN and directly access the internet, which may pose a security risk. IPsec using Tunnel mode and IPsec using Transport mode are encryption protocols used within a VPN, but they do not guarantee that all traffic will be encrypted. Therefore, a full tunnel configuration is the best option to meet the organization's goal of encrypting all traffic from the VPN client.

Submit
56. Flancrest Enterprises recently set up a web site utilizing several web servers in a web farm. The web farm spreads the load among the different web servers. Visitor IP addresses are used to ensure that clients always return to the same server during a web session. Which of the following BEST describes this configuration? 

Explanation

The given configuration is best described as "affinity". Affinity refers to the practice of ensuring that clients always return to the same server during a web session. In this case, the web farm utilizes visitor IP addresses to achieve this, spreading the load among different web servers while maintaining consistency for each client. This configuration helps in providing a seamless and consistent experience for users during their web sessions.

Submit
57. Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal?

Explanation

SRTP (Secure Real-time Transport Protocol) is a protocol specifically designed to provide secure transmission of audio and video streams over IP networks. It ensures confidentiality, integrity, and authentication of the transmitted data, making it an ideal choice for securing VoIP and video teleconferencing applications. SMTP (Simple Mail Transfer Protocol) is used for email transmission, TLS (Transport Layer Security) provides secure communication over networks, and SFTP (Secure File Transfer Protocol) is used for secure file transfers. However, none of these protocols are specifically designed to support the security requirements of VoIP and video teleconferencing applications.

Submit
58. A network administrator needs to identify the type of traffic and packet flags used in traffic sent from a specific address. Which of the following is the BEST tool to meet this need?

Explanation

A protocol analyzer is the best tool for a network administrator to identify the type of traffic and packet flags used in traffic sent from a specific address. A protocol analyzer captures and analyzes network traffic, allowing the administrator to examine the packets and understand the protocols and flags being used. This tool provides detailed information about the traffic, helping the administrator troubleshoot network issues, monitor network performance, and identify any malicious activity.

Submit
59. Your organization wants to combine some of the security controls used to control incoming and outgoing network traffic. At a minimum, the solution should include malware inspection, content inspection, and a DDoS mitigator. Which of the following BEST meets this goal? 

Explanation

A UTM (Unified Threat Management) solution combines multiple security controls, such as malware inspection, content inspection, and DDoS mitigation, into a single device or platform. This allows for centralized management and monitoring of network traffic, providing comprehensive security for both incoming and outgoing traffic. VLAN (A) is a virtual local area network and does not provide the necessary security controls. NAT (B) is a network address translation technique used for IP address management and does not include the required security controls. DNSSEC (D) is a protocol used to secure DNS (Domain Name System) and does not provide the range of security controls needed.

Submit
60. Your organization is planning to implement a CYOD policy. Which of the following security controls will help protect data by isolating it?

Explanation

Storage segmentation is a security control that helps protect data by isolating it. It involves dividing the storage space into separate segments, each with its own access controls and permissions. This ensures that sensitive data is stored separately from other data and can only be accessed by authorized individuals. Encrypting sensitive data and implementing full device encryption are also important security measures, but they do not specifically address the isolation of data. Rooting, on the other hand, refers to gaining administrative access to a device, which can actually increase the risk of data exposure.

Submit
61. You are troubleshooting issues between two servers on your network and need to analyze the network traffic. Of the following choices, what is the BEST tool to capture and analyze this traffic?

Explanation

The best tool to capture and analyze network traffic between two servers is a protocol analyzer. A protocol analyzer allows you to capture and inspect network packets, helping you identify any issues or anomalies in the network traffic. It provides detailed information about the protocols being used, source and destination IP addresses, port numbers, and other relevant data. This tool is essential for troubleshooting network issues and understanding the communication between servers. Network mapper, network scanner, and SIEM are not specifically designed for capturing and analyzing network traffic in the same level of detail as a protocol analyzer.

Submit
62. Management within your company wants to implement a method that will authorize employees based on several elements, including the employee's identity, location, time of day, and type of device used by the employee. Which of the following will meet this need?

Explanation

Context-aware authentication is the correct answer because it involves authorizing employees based on multiple factors such as their identity, location, time of day, and type of device used. This method takes into account the context in which the employee is accessing the system and adjusts the authentication process accordingly. By considering these various elements, context-aware authentication provides a more secure and customized approach to authorizing employees. Geofence, containerization, and tethering are not specifically designed to meet all the mentioned needs in the question.

Submit
63. Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal? 

Explanation

SRTP (Secure Real-time Transport Protocol) is the best protocol to increase security for VoIP and video teleconferencing applications. SRTP provides encryption, authentication, and integrity for the transmitted data, ensuring that the communication remains confidential and protected against eavesdropping and tampering. SMTP (Simple Mail Transfer Protocol) is used for email transmission, TLS (Transport Layer Security) is used for securing internet communications, and SFTP (Secure File Transfer Protocol) is used for secure file transfers. However, none of these protocols are specifically designed for securing VoIP and video teleconferencing applications like SRTP.

Submit
64. Management within your organization wants to ensure that switches are not susceptible to switching loop problems. Which of the following protocols is the BEST choice to meet this need?

Explanation

RSTP (Rapid Spanning Tree Protocol) is the best choice to prevent switching loop problems. RSTP is an improvement over the older Spanning Tree Protocol (STP) and is designed to provide faster convergence and better loop prevention in switched networks. It eliminates the need for blocking ports and allows for faster recovery in the event of a link failure. By using RSTP, management can ensure that switches in the organization are protected against switching loop problems.

Submit
65. Marge needs to collect network device configuration information and network statistics from devices on the network. She wants to protect the confidentiality of credentials used to connect to these devices. Which of the following protocols would BEST meet this need?

Explanation

SNMPv3 (Simple Network Management Protocol version 3) would best meet Marge's need to protect the confidentiality of credentials used to connect to network devices. SNMPv3 provides authentication and encryption features, allowing Marge to securely collect configuration information and network statistics without exposing sensitive information. SSH (Secure Shell) is also a secure protocol, but it is primarily used for remote administration and secure file transfers, not specifically designed for network device management. FTPS (FTP over SSL) and TLS (Transport Layer Security) provide encryption for file transfers, but they do not offer the same level of authentication and management capabilities as SNMPv3.

Submit
66. Ziffcorp is planning to eliminate its current BYOD policy and instead implement a COPE deployment model. You're asked to provide input for the new policy. Which of the following concepts are appropriate for this policy? 

Explanation

The COPE (Corporate Owned, Personally Enabled) deployment model involves providing employees with company-owned devices that they can also use for personal purposes. In this model, it is important to have the ability to remotely wipe the device in case it is lost, stolen, or compromised to protect sensitive company data. Therefore, the concept of remote wipe is appropriate for the new policy. Encryption on employee-owned devices, HSM (Hardware Security Module), and ISA (Information Security Architecture) are not specifically related to the COPE deployment model.

Submit
67. Your organization has several switches within the network. You need to implement a security control to prevent unauthorized access to these switches. Which of the following choices BEST meets this need?

Explanation

Disabling unused ports is the best choice to prevent unauthorized access to switches. By disabling unused ports, you ensure that only the necessary ports are active and accessible. This reduces the potential attack surface and makes it more difficult for unauthorized individuals to gain access to the switches. Implementing an implicit deny rule, disabling STP, or enabling SSH may be part of a comprehensive security strategy, but they do not directly address the need to prevent unauthorized access to switches.

Submit
68. Management wants to ensure that employees do not print any documents that include customer or employee PII. Which of the following solutions would meet this goal? 

Explanation

A Data Loss Prevention (DLP) solution would meet the goal of ensuring that employees do not print any documents that include customer or employee Personally Identifiable Information (PII). DLP solutions are designed to monitor and control the flow of sensitive data within an organization, including preventing unauthorized printing or transmission of sensitive information. By implementing a DLP solution, management can enforce policies and rules that detect and block any attempts to print documents containing PII, thereby mitigating the risk of data breaches and ensuring compliance with privacy regulations.

Submit
69. You need to provide connectivity between two buildings without running any cables. You decide to use two 802.11ac APs to provide wireless connectivity between the buildings. Which of the following is the best choice to support this need? 

Explanation

Using directional antennas on both APs would be the best choice to provide wireless connectivity between the buildings without running any cables. Directional antennas have a narrower beamwidth, which allows for a more focused signal in a specific direction. This means that the signal will be more concentrated and less likely to be interfered with by other devices or obstacles. By using directional antennas, the signal can be directed towards the other building, providing a stronger and more reliable connection.

Submit
70. Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. Which protocol is the BEST choice?

Explanation

TLS (Transport Layer Security) is the best choice for establishing a secure link between mail servers over the Internet. TLS provides encryption and authentication, ensuring that the data transmitted between the servers is secure and cannot be intercepted or tampered with by unauthorized parties. SMTP (Simple Mail Transfer Protocol) is the protocol used for sending email, but it does not provide encryption or security features. HTTP (Hypertext Transfer Protocol) is used for web browsing and does not provide the necessary security for mail server communication. SSH (Secure Shell) is a protocol used for secure remote access to systems, but it is not specifically designed for mail server communication.

Submit
71. Flancrest Enterprises recently set up a web site utilizing several web servers in a web farm. The web servers access a back-end database. The database is hosted by a database application configured on two database servers. Web servers can access either of the database servers. Which of the following BEST describes the configuration of the database servers?

Explanation

The configuration of the database servers in this scenario is active-active. This means that both database servers are actively serving requests from the web servers at the same time. The web servers have the ability to access either of the database servers, allowing for load balancing and redundancy. This configuration helps to ensure high availability and performance of the database system.

Submit
72. Lisa has been hired as a penetration tester by your organization to test the security of a web server. She wants to identify the operating system and get some information on services and applications used by the server. Which of the following tools will BEST meet this need?

Explanation

Netcat is a versatile networking tool that can be used to establish connections between computers, send and receive data, and perform port scanning. In this scenario, Lisa can use Netcat to connect to the web server and gather information about the operating system, services, and applications being used. It allows her to interact with the server and gather valuable information for her penetration testing activities. SIEM (Security Information and Event Management) is a tool used for collecting and analyzing security event logs, while Tcpdump is a packet sniffing tool used for network analysis. Gray box testing is a type of penetration testing approach, not a tool.

Submit
73. Your wireless network includes one centralized AP that you configure. This AP forwards the configuration to the other APs in your wireless network. Which of the following BEST describes these APs? 

Explanation

The correct answer is (D) The centralized AP is a fat AP and it configures thin APs in your network. In a wireless network, a fat AP refers to an access point that has its own processing power and can operate independently. A thin AP, on the other hand, relies on a centralized controller for its configuration and management. In this scenario, the centralized AP acts as a fat AP and is responsible for configuring and managing the thin APs in the network.

Submit
74. You are preparing to deploy a heuristic-based detection system to monitor activity. Which of the following would you  create first? 

Explanation

An in-band IPS would be created first because it is a proactive security measure that actively monitors and analyzes network traffic in real-time. It can detect and prevent malicious activity by inspecting packets as they pass through the network. This is crucial for identifying and stopping potential threats before they can cause any harm. An in-band IPS is typically deployed inline with the network, allowing it to actively block or modify traffic as needed. This makes it an essential component for protecting the network from various attacks and vulnerabilities.

Submit
75. Lisa oversees and monitors processes at a water treatment plant using SCADA systems. Administrators recently discovered malware on her system that was connecting to the SCADA systems. Although they removed the malware, management is still concerned. Lisa needs to continue using her system and it's not possible to update the SCADA systems. Which of the following can mitigate this risk?

Explanation

Installing a NIPS (Network Intrusion Prevention System) on the border of the SCADA network can mitigate the risk of malware connecting to the SCADA systems. A NIPS is designed to detect and prevent unauthorized access and malicious activity on a network. By placing it on the border of the SCADA network, it can monitor incoming and outgoing traffic, identify and block any suspicious or malicious connections, and provide an additional layer of security to protect the SCADA systems from future malware attacks. This solution allows Lisa to continue using her system without needing to update the SCADA systems, addressing the management's concerns.

Submit
76. An organization has recently had several attacks against servers within a DMZ. Security administrators discovered that many of these attacks are using TCP, but they did not start with a three-way handshake. Which of the following devices provides the BEST solution? 

Explanation

A stateful firewall is the best solution in this scenario because it keeps track of the state of network connections and only allows packets that are part of an established connection or have passed the three-way handshake. This means that any TCP connections that did not start with a three-way handshake would be blocked by the stateful firewall, preventing the attacks from reaching the servers within the DMZ.

Submit
77. A network technician incorrectly wired switch connections in your organization's network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. Which of the following should be done to prevent this situation in the future? 

Explanation

Implementing STP (Spanning Tree Protocol) or RSTP (Rapid Spanning Tree Protocol) would prevent this situation in the future. These protocols are used to prevent network loops and ensure that there is only one active path between switches. If a network loop is detected, STP or RSTP will block one of the redundant paths, preventing the switch from being disabled. This would help avoid situations where incorrect switch connections cause network disruptions similar to a denial-of-service attack.

Submit
78. Which of the following BEST describes a false negative?

Explanation

A false negative refers to a situation where a test or system fails to detect a condition or event that actually exists. In this case, the correct answer (D) states that an IDS (Intrusion Detection System) does not detect a buffer overflow attack. This means that the IDS fails to identify the attack, even though it is present. This is an example of a false negative because the system should have detected the attack, but it did not.

Submit
View My Results

Quiz Review Timeline (Updated): Mar 22, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • May 13, 2021
    Quiz Created by
    Alfredhook3
Cancel
  • All
    All (78)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
Your company's web site experiences a large number of client...
Lisa is enabling NTP on some servers within the DMZ. Which of the...
Management within your organization wants some users to be able to...
Lisa is enabling NTP on some servers within the DMZ. Which of the...
Management within your organization wants some users to be able to...
Your organization's security policy requires that PII...
You manage a Linux computer used for security within your network. You...
Your organization is planning to deploy a new e-commerce web site....
You suspect that an attacker has been sending specially crafted TCP...
Your organization recently suffered a loss from malware that...
A penetration tester is running several tests on a server within your...
Your organization wants to combine some of the security controls used...
Developers recently configured a new service on ServerA. Server A is...
Your organization hosts an e-commerce business that has become quite...
Your network includes dozens of servers. Administrators in your...
Which type of device would have the following entries used to define...
Your organization has a dedicated classroom for teaching computer...
You need to perform tests on your network to identify missing security...
Lisa wants to manage and monitor the switches and routers in her...
Your organization hosts several web servers in a web farm. They have...
Bizzfad is planning to implement a CYOD deployment model. You're...
Management suspects that employees have been sending proprietary data...
Ned is not able to access any network resources from his Linux-based...
Of the following choices, what can you use to divert malicious attacks...
Management within your company wants to prevent users from copying...
A HIDS reported a vulnerability on a system based on a known attack....
After recently adding additional network devices, administrators...
Your organization hosts an e-commerce business that has become quite...
Attackers have recently launched several attacks against servers in...
A penetration tester is tasked with gaining information on one of your...
Flancrest Enterprises recently set up a web site utilizing several web...
Lenny noticed a significant number of logon failures for administrator...
You need to configure a UTM security appliance to restrict traffic...
You need to modify the network infrastructure to increase availability...
Your network uses an authentication service base on X.500...
You are tasked with configuring a switch so that it separates VoIP and...
You need to send several large files containing proprietary data to a...
You suspect someone has been trying a brute force password attack on a...
Your email server is getting overloaded with spam and much of it is...
Marge, a security administrator, is tasked with ensuring that all...
Management asks you if you can modify the wireless network to prevent...
You have configured a firewall in your network to block ICMP traffic....
Management within your company wants to restrict access to the Bizz...
An organization has a large network with dozens of servers....
Management is concerned about malicious activity and wants to...
Your organization recently implemented a BYOD policy. However,...
You need to implement anti-spoofing on a border router. Which one of...
You are considering rebooting a database server and want to identify...
An organization is hosting a VPN. Management wants to ensure that all...
Your organization recently implemented a BYOD policy. However,...
Your organization is planning to establish a secure link between one...
A new device security policy has authorized the use of employee-owned...
Lisa is using a Linux computer to monitor network traffic. She...
Your organization has been receiving a significant amount of spam with...
Your organization is planning to implement a VPN. They want to ensure...
Flancrest Enterprises recently set up a web site utilizing several web...
Your organization wants to increase security for VoIP and video...
A network administrator needs to identify the type of traffic and...
Your organization wants to combine some of the security controls used...
Your organization is planning to implement a CYOD policy. Which of the...
You are troubleshooting issues between two servers on your network and...
Management within your company wants to implement a method that will...
Your organization wants to increase security for VoIP and video...
Management within your organization wants to ensure that switches are...
Marge needs to collect network device configuration information and...
Ziffcorp is planning to eliminate its current BYOD policy and instead...
Your organization has several switches within the network. You need to...
Management wants to ensure that employees do not print any documents...
You need to provide connectivity between two buildings without running...
Your organization is planning to establish a secure link between one...
Flancrest Enterprises recently set up a web site utilizing several web...
Lisa has been hired as a penetration tester by your organization to...
Your wireless network includes one centralized AP that you configure....
You are preparing to deploy a heuristic-based detection system to...
Lisa oversees and monitors processes at a water treatment plant using...
An organization has recently had several attacks against servers...
A network technician incorrectly wired switch connections in your...
Which of the following BEST describes a false negative?
Alert!

Advertisement