You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" CompTIA Security+ Practice Test 1 "
0 of 60 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
CompTIA Security+ SY0-601
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Answered
Review
Question 1 of 60
1. Question
You have been hired as a security expert to implement a security solution to protect an organization from external threats. The solution should provide packet filtering, VPN support, network monitoring, and deeper inspection capabilities that give the organization a superior ability to identify attacks, malware, and other threats.
Which of the following security solutions will you implement to meet the requirement?
Correct
Next-generation firewall (NGFW) is correct. Next-generation firewalls filter network traffic to protect an organization from external threats. Maintaining features of stateful firewalls such as packet filtering, VPN support, network monitoring, and IP mapping features, NGFWs also possess deeper inspection capabilities that give them a superior ability to identify attacks, malware, and other threats.
Next-generation firewalls provide organizations with application control, intrusion prevention, and advanced visibility across the network. As the threat landscape continues to develop rapidly, traditional firewalls fall further behind and put your organization at risk. NGFWs not only block malware, but also include paths for future updates, giving them the flexibility to evolve with the landscape and keep the network secure as new threats arise.
Endpoint detection and response (EDR) is incorrect. Endpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.
Endpoint detection and response tools work by monitoring endpoint and network events and recording the information in a central database where further analysis, detection, investigation, reporting, and alerting take place. A software agent installed on the host system provides the foundation for event monitoring and reporting.
Anti-malware is incorrect. Anti-malware tools may employ scanning, strategies, freeware, or licensed tools to detect rootkits, worms, Trojans, and other types of potentially damaging software. Each type of malware resource carries its own interface and system requirements, which impact user solutions for a given device or system.
Antivirus is incorrect. Antivirus software helps protect your computer against malware and cybercriminals. Antivirus software looks at data web pages, files, software, applications traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible.
Incorrect
Next-generation firewall (NGFW) is correct. Next-generation firewalls filter network traffic to protect an organization from external threats. Maintaining features of stateful firewalls such as packet filtering, VPN support, network monitoring, and IP mapping features, NGFWs also possess deeper inspection capabilities that give them a superior ability to identify attacks, malware, and other threats.
Next-generation firewalls provide organizations with application control, intrusion prevention, and advanced visibility across the network. As the threat landscape continues to develop rapidly, traditional firewalls fall further behind and put your organization at risk. NGFWs not only block malware, but also include paths for future updates, giving them the flexibility to evolve with the landscape and keep the network secure as new threats arise.
Endpoint detection and response (EDR) is incorrect. Endpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.
Endpoint detection and response tools work by monitoring endpoint and network events and recording the information in a central database where further analysis, detection, investigation, reporting, and alerting take place. A software agent installed on the host system provides the foundation for event monitoring and reporting.
Anti-malware is incorrect. Anti-malware tools may employ scanning, strategies, freeware, or licensed tools to detect rootkits, worms, Trojans, and other types of potentially damaging software. Each type of malware resource carries its own interface and system requirements, which impact user solutions for a given device or system.
Antivirus is incorrect. Antivirus software helps protect your computer against malware and cybercriminals. Antivirus software looks at data web pages, files, software, applications traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible.
Unattempted
Next-generation firewall (NGFW) is correct. Next-generation firewalls filter network traffic to protect an organization from external threats. Maintaining features of stateful firewalls such as packet filtering, VPN support, network monitoring, and IP mapping features, NGFWs also possess deeper inspection capabilities that give them a superior ability to identify attacks, malware, and other threats.
Next-generation firewalls provide organizations with application control, intrusion prevention, and advanced visibility across the network. As the threat landscape continues to develop rapidly, traditional firewalls fall further behind and put your organization at risk. NGFWs not only block malware, but also include paths for future updates, giving them the flexibility to evolve with the landscape and keep the network secure as new threats arise.
Endpoint detection and response (EDR) is incorrect. Endpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.
Endpoint detection and response tools work by monitoring endpoint and network events and recording the information in a central database where further analysis, detection, investigation, reporting, and alerting take place. A software agent installed on the host system provides the foundation for event monitoring and reporting.
Anti-malware is incorrect. Anti-malware tools may employ scanning, strategies, freeware, or licensed tools to detect rootkits, worms, Trojans, and other types of potentially damaging software. Each type of malware resource carries its own interface and system requirements, which impact user solutions for a given device or system.
Antivirus is incorrect. Antivirus software helps protect your computer against malware and cybercriminals. Antivirus software looks at data web pages, files, software, applications traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible.
Question 2 of 60
2. Question
Which of the following statements are true regarding Cloud-based security vulnerabilities? (Choose all the apply)
Correct
Misconfigured Cloud Storage is correct.
Cloud storage is a rich source of stolen data for cybercriminals. Despite the high stakes, organizations continue to make the mistake of misconfiguration of cloud storage which has cost many companies greatly.
Poor Access Control is correct.
Another prevalent cyberattack in the cloud has to do with vulnerabilities around access control. Often this is due to weak authentication or authorization methods or is linked to vulnerabilities that bypass these methods.
Shared Tenancy is correct.
Another rare security vulnerability in the cloud that takes a high level of skill to exploit; its called shared tenancy. As you are probably aware, cloud platforms involve a number of software and hardware components. Adversaries who are able to determine the
software or hardware used in a cloud architecture could take advantage of known vulnerabilities and elevate privileges in the cloud.
Secure APIs is not considered as a cloud-based security vulnerability so its incorrect.
Incorrect
Misconfigured Cloud Storage is correct.
Cloud storage is a rich source of stolen data for cybercriminals. Despite the high stakes, organizations continue to make the mistake of misconfiguration of cloud storage which has cost many companies greatly.
Poor Access Control is correct.
Another prevalent cyberattack in the cloud has to do with vulnerabilities around access control. Often this is due to weak authentication or authorization methods or is linked to vulnerabilities that bypass these methods.
Shared Tenancy is correct.
Another rare security vulnerability in the cloud that takes a high level of skill to exploit; its called shared tenancy. As you are probably aware, cloud platforms involve a number of software and hardware components. Adversaries who are able to determine the
software or hardware used in a cloud architecture could take advantage of known vulnerabilities and elevate privileges in the cloud.
Secure APIs is not considered as a cloud-based security vulnerability so its incorrect.
Unattempted
Misconfigured Cloud Storage is correct.
Cloud storage is a rich source of stolen data for cybercriminals. Despite the high stakes, organizations continue to make the mistake of misconfiguration of cloud storage which has cost many companies greatly.
Poor Access Control is correct.
Another prevalent cyberattack in the cloud has to do with vulnerabilities around access control. Often this is due to weak authentication or authorization methods or is linked to vulnerabilities that bypass these methods.
Shared Tenancy is correct.
Another rare security vulnerability in the cloud that takes a high level of skill to exploit; its called shared tenancy. As you are probably aware, cloud platforms involve a number of software and hardware components. Adversaries who are able to determine the
software or hardware used in a cloud architecture could take advantage of known vulnerabilities and elevate privileges in the cloud.
Secure APIs is not considered as a cloud-based security vulnerability so its incorrect.
Question 3 of 60
3. Question
You have been tasked to implement a solution to send product offers to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
What solution will you implement in order to achieve that?
Correct
Geofencing is the correct answer. Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area.
Companies send product offers or specific promotions to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
Geolocation is incorrect. Geolocation refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individuals person, geolocation is often used to track the movements and location of people and surveillance.
Push notifications is incorrect. Push notifications are clickable pop-up messages that appear on your users browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices.
Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Remote wipe is incorrect. Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Incorrect
Geofencing is the correct answer. Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area.
Companies send product offers or specific promotions to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
Geolocation is incorrect. Geolocation refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individuals person, geolocation is often used to track the movements and location of people and surveillance.
Push notifications is incorrect. Push notifications are clickable pop-up messages that appear on your users browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices.
Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Remote wipe is incorrect. Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Unattempted
Geofencing is the correct answer. Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area.
Companies send product offers or specific promotions to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
Geolocation is incorrect. Geolocation refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individuals person, geolocation is often used to track the movements and location of people and surveillance.
Push notifications is incorrect. Push notifications are clickable pop-up messages that appear on your users browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices.
Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Remote wipe is incorrect. Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Question 4 of 60
4. Question
You have been tasked to implement a solution to increase the security of your companys local area network (LAN). All of the companys external-facing servers (Web server, Mail server, FTP server) should be placed in a separate area in order to be accessible from the internet, but the rest of the internal LAN to be unreachable.
Which of the following techniques will you implement to meet the requirement?
Correct
DMZ is the correct answer. In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a physical or logical subnet that separates an internal local area network (LAN) from other untrusted networks usually the public internet.
External-facing servers, resources, and services are located in the DMZ. Therefore, they are accessible from the internet, but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts a hackers ability to directly access internal servers and data through the internet.
VLAN is incorrect. A VLAN (virtual LAN) is a subnetwork that can group together collections of devices on separate physical local area networks (LANs). A LAN is a group of computers and devices that share a communications line or wireless link to a server within the same geographical area. A VLAN acts like a physical LAN, but it allows hosts to be grouped together in the same broadcast domain even if they are not connected to the same switch.
Here are the main reasons why VLANs are used:
1. VLANs increase the number of broadcast domains while decreasing their size.
2. VLANs reduce security risks by reducing the number of hosts that receive copies of frames that the switches flood.
3. You can keep hosts that hold sensitive data on a separate VLAN to improve security.
4. You can create more flexible network designs that group users by department instead of by physical location.
5. Network changes are achieved with ease by just configuring a port into the appropriate VLAN.
VPN is incorrect. A Virtual Private Network (VPN) is a service that allows you to connect to the Internet via an encrypted tunnel to ensure your online privacy and protect your sensitive data. A VPN is commonly used to secure connection to a public Wi-FI hotspot, hide IP address, and make your browsing private.
DNS is incorrect. DNS stands for Domain Name System. Its a system that lets you connect to websites by matching human-readable domain names (like examsdigest.com) with the unique ID of the server where a website is stored.
Think of the DNS system as the internets phonebook. It lists domain names with their corresponding identifiers called IP addresses, instead of listing peoples names with their phone numbers. When a user enters a domain name like examsdigest.com on their device, it looks up the IP address and connects them to the physical location where that website is stored.
Incorrect
DMZ is the correct answer. In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a physical or logical subnet that separates an internal local area network (LAN) from other untrusted networks usually the public internet.
External-facing servers, resources, and services are located in the DMZ. Therefore, they are accessible from the internet, but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts a hackers ability to directly access internal servers and data through the internet.
VLAN is incorrect. A VLAN (virtual LAN) is a subnetwork that can group together collections of devices on separate physical local area networks (LANs). A LAN is a group of computers and devices that share a communications line or wireless link to a server within the same geographical area. A VLAN acts like a physical LAN, but it allows hosts to be grouped together in the same broadcast domain even if they are not connected to the same switch.
Here are the main reasons why VLANs are used:
1. VLANs increase the number of broadcast domains while decreasing their size.
2. VLANs reduce security risks by reducing the number of hosts that receive copies of frames that the switches flood.
3. You can keep hosts that hold sensitive data on a separate VLAN to improve security.
4. You can create more flexible network designs that group users by department instead of by physical location.
5. Network changes are achieved with ease by just configuring a port into the appropriate VLAN.
VPN is incorrect. A Virtual Private Network (VPN) is a service that allows you to connect to the Internet via an encrypted tunnel to ensure your online privacy and protect your sensitive data. A VPN is commonly used to secure connection to a public Wi-FI hotspot, hide IP address, and make your browsing private.
DNS is incorrect. DNS stands for Domain Name System. Its a system that lets you connect to websites by matching human-readable domain names (like examsdigest.com) with the unique ID of the server where a website is stored.
Think of the DNS system as the internets phonebook. It lists domain names with their corresponding identifiers called IP addresses, instead of listing peoples names with their phone numbers. When a user enters a domain name like examsdigest.com on their device, it looks up the IP address and connects them to the physical location where that website is stored.
Unattempted
DMZ is the correct answer. In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a physical or logical subnet that separates an internal local area network (LAN) from other untrusted networks usually the public internet.
External-facing servers, resources, and services are located in the DMZ. Therefore, they are accessible from the internet, but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts a hackers ability to directly access internal servers and data through the internet.
VLAN is incorrect. A VLAN (virtual LAN) is a subnetwork that can group together collections of devices on separate physical local area networks (LANs). A LAN is a group of computers and devices that share a communications line or wireless link to a server within the same geographical area. A VLAN acts like a physical LAN, but it allows hosts to be grouped together in the same broadcast domain even if they are not connected to the same switch.
Here are the main reasons why VLANs are used:
1. VLANs increase the number of broadcast domains while decreasing their size.
2. VLANs reduce security risks by reducing the number of hosts that receive copies of frames that the switches flood.
3. You can keep hosts that hold sensitive data on a separate VLAN to improve security.
4. You can create more flexible network designs that group users by department instead of by physical location.
5. Network changes are achieved with ease by just configuring a port into the appropriate VLAN.
VPN is incorrect. A Virtual Private Network (VPN) is a service that allows you to connect to the Internet via an encrypted tunnel to ensure your online privacy and protect your sensitive data. A VPN is commonly used to secure connection to a public Wi-FI hotspot, hide IP address, and make your browsing private.
DNS is incorrect. DNS stands for Domain Name System. Its a system that lets you connect to websites by matching human-readable domain names (like examsdigest.com) with the unique ID of the server where a website is stored.
Think of the DNS system as the internets phonebook. It lists domain names with their corresponding identifiers called IP addresses, instead of listing peoples names with their phone numbers. When a user enters a domain name like examsdigest.com on their device, it looks up the IP address and connects them to the physical location where that website is stored.
Question 5 of 60
5. Question
Application whitelisting prevents undesirable programs from executing, while application blacklisting is more restrictive and allows only programs that have been explicitly permitted to run.
Correct
False.
Application blacklisting prevents undesirable programs from executing, while application whitelisting is more restrictive and allows only programs that have been explicitly permitted to run.
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabilities but also those that are deemed inappropriate within a given organization. Blacklisting is the method used by most antivirus programs, intrusion prevention/detection systems and spam filters.
Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. The goal of whitelisting is to protect computers and networks from potentially harmful applications.
Incorrect
False.
Application blacklisting prevents undesirable programs from executing, while application whitelisting is more restrictive and allows only programs that have been explicitly permitted to run.
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabilities but also those that are deemed inappropriate within a given organization. Blacklisting is the method used by most antivirus programs, intrusion prevention/detection systems and spam filters.
Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. The goal of whitelisting is to protect computers and networks from potentially harmful applications.
Unattempted
False.
Application blacklisting prevents undesirable programs from executing, while application whitelisting is more restrictive and allows only programs that have been explicitly permitted to run.
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabilities but also those that are deemed inappropriate within a given organization. Blacklisting is the method used by most antivirus programs, intrusion prevention/detection systems and spam filters.
Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. The goal of whitelisting is to protect computers and networks from potentially harmful applications.
Question 6 of 60
6. Question
One of the features of SNMPv3 is called message integrity.
Correct
True.
Simple Network Management Protocol (SNMP) is a way for different devices on a network to share information with one another. It allows devices to communicate even if the devices are different hardware and run different software.
Without a protocol like SNMP, there would be no way for network management tools to identify devices, monitor network performance, keep track of changes to the network, or determine the status of network devices in real-time.
Simple Network Management Protocol (SNMP) provides a message format for communication between what are termed, managers, and agents. An SNMP manager is a network management application running on a PC or server, with that host typically being called a Network Management Station (NMS).
As for the SNMP protocol messages, all versions of SNMP support a basic clear-text password mechanism, although none of those versions refer to the mechanism as using a password. SNMP Version 3 (SNMPv3) adds more modern security as well.
The following are SNMPv3 features:
Message integrity: This mechanism, applied to all SNMPv3 messages, confirms whether or not each message has been changed during transit.
Authentication: This optional feature adds authentication with both a username and password, with the password never sent as clear text. Instead, it uses a hashing method like many other modern authentication processes.
Encryption (privacy): This optional feature encrypts the contents of SNMPv3 messages so that attackers who intercept the messages cannot read their contents.
Incorrect
True.
Simple Network Management Protocol (SNMP) is a way for different devices on a network to share information with one another. It allows devices to communicate even if the devices are different hardware and run different software.
Without a protocol like SNMP, there would be no way for network management tools to identify devices, monitor network performance, keep track of changes to the network, or determine the status of network devices in real-time.
Simple Network Management Protocol (SNMP) provides a message format for communication between what are termed, managers, and agents. An SNMP manager is a network management application running on a PC or server, with that host typically being called a Network Management Station (NMS).
As for the SNMP protocol messages, all versions of SNMP support a basic clear-text password mechanism, although none of those versions refer to the mechanism as using a password. SNMP Version 3 (SNMPv3) adds more modern security as well.
The following are SNMPv3 features:
Message integrity: This mechanism, applied to all SNMPv3 messages, confirms whether or not each message has been changed during transit.
Authentication: This optional feature adds authentication with both a username and password, with the password never sent as clear text. Instead, it uses a hashing method like many other modern authentication processes.
Encryption (privacy): This optional feature encrypts the contents of SNMPv3 messages so that attackers who intercept the messages cannot read their contents.
Unattempted
True.
Simple Network Management Protocol (SNMP) is a way for different devices on a network to share information with one another. It allows devices to communicate even if the devices are different hardware and run different software.
Without a protocol like SNMP, there would be no way for network management tools to identify devices, monitor network performance, keep track of changes to the network, or determine the status of network devices in real-time.
Simple Network Management Protocol (SNMP) provides a message format for communication between what are termed, managers, and agents. An SNMP manager is a network management application running on a PC or server, with that host typically being called a Network Management Station (NMS).
As for the SNMP protocol messages, all versions of SNMP support a basic clear-text password mechanism, although none of those versions refer to the mechanism as using a password. SNMP Version 3 (SNMPv3) adds more modern security as well.
The following are SNMPv3 features:
Message integrity: This mechanism, applied to all SNMPv3 messages, confirms whether or not each message has been changed during transit.
Authentication: This optional feature adds authentication with both a username and password, with the password never sent as clear text. Instead, it uses a hashing method like many other modern authentication processes.
Encryption (privacy): This optional feature encrypts the contents of SNMPv3 messages so that attackers who intercept the messages cannot read their contents.
Question 7 of 60
7. Question
Which of the following features will you use to remotely clear your phones data in the event of losing your phone?
Correct
Remote wipe is the correct answer. Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Geofencing is incorrect. Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area.
Companies send product offers or specific promotions to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
Geolocation is incorrect. Geolocation refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individuals person, geolocation is often used to track the movements and location of people and surveillance.
Push notifications is incorrect. Push notifications are clickable pop-up messages that appear on your users browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices.
Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Incorrect
Remote wipe is the correct answer. Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Geofencing is incorrect. Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area.
Companies send product offers or specific promotions to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
Geolocation is incorrect. Geolocation refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individuals person, geolocation is often used to track the movements and location of people and surveillance.
Push notifications is incorrect. Push notifications are clickable pop-up messages that appear on your users browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices.
Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Unattempted
Remote wipe is the correct answer. Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Geofencing is incorrect. Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area.
Companies send product offers or specific promotions to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
Geolocation is incorrect. Geolocation refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individuals person, geolocation is often used to track the movements and location of people and surveillance.
Push notifications is incorrect. Push notifications are clickable pop-up messages that appear on your users browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices.
Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Question 8 of 60
8. Question
As a security expert of your company you are responsible for preventing unauthorized (rogue) Dynamic Host Configuration Protocols servers offering IP addresses to the clients.
Which of the following security technology will you implement to meet the requirement?
Correct
DHCP snooping is the correct answer. DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients.
Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes. However, the most common DoS scenario is that of an end-user plugging in a consumer-grade router at their desk, ignorant that the device they plugged in is a DHCP server by default.
BPDU guard is incorrect. PortFast BPDU guard prevents loops by moving a non trunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning-tree blocking state.
MAC filtering is incorrect. MAC filtering is a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you dont want on your Wi-Fi. It helps in preventing unwanted access to the network. In a way, we can blacklist or white list certain computers based on their MAC address.
Jump server is incorrect. A jump server is a system on a network used to access and manage devices in a separate security zone. A jump server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. The most common example is managing a host in a DMZ from trusted networks or computers.
The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log into the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.
Incorrect
DHCP snooping is the correct answer. DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients.
Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes. However, the most common DoS scenario is that of an end-user plugging in a consumer-grade router at their desk, ignorant that the device they plugged in is a DHCP server by default.
BPDU guard is incorrect. PortFast BPDU guard prevents loops by moving a non trunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning-tree blocking state.
MAC filtering is incorrect. MAC filtering is a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you dont want on your Wi-Fi. It helps in preventing unwanted access to the network. In a way, we can blacklist or white list certain computers based on their MAC address.
Jump server is incorrect. A jump server is a system on a network used to access and manage devices in a separate security zone. A jump server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. The most common example is managing a host in a DMZ from trusted networks or computers.
The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log into the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.
Unattempted
DHCP snooping is the correct answer. DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients.
Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes. However, the most common DoS scenario is that of an end-user plugging in a consumer-grade router at their desk, ignorant that the device they plugged in is a DHCP server by default.
BPDU guard is incorrect. PortFast BPDU guard prevents loops by moving a non trunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning-tree blocking state.
MAC filtering is incorrect. MAC filtering is a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you dont want on your Wi-Fi. It helps in preventing unwanted access to the network. In a way, we can blacklist or white list certain computers based on their MAC address.
Jump server is incorrect. A jump server is a system on a network used to access and manage devices in a separate security zone. A jump server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. The most common example is managing a host in a DMZ from trusted networks or computers.
The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log into the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.
Question 9 of 60
9. Question
You have been tasked to access a remote computer for handling some administrative tasks over an unsecured network in a secure way.
Which of the following protocols will you use to access the remote computer to handle the administrative tasks?
Correct
SSH is correct. SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
Secure Shell provides strong password authentication and public key authentication, as well as encrypted data communications between two computers connecting over an open network, such as the internet. In addition to providing strong encryption, SSH is widely used by network administrators for managing systems and applications remotely, enabling them to log in to another computer over a network, execute commands and move files from one computer to another.
SRTP is incorrect. SRTP also known as Secure Real-Time Transport Protocol, is an extension profile of RTP (Real-Time Transport Protocol) which adds further security features, such as message authentication, confidentiality, and replay protection mostly intended for VoIP communications.
LDAP is incorrect. The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral application protocol used to maintain distributed directory info in an organized, easy-to-query manner. That means it allows you to keep a directory of items and information about them.
HTTPS is incorrect. Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer. This is particularly important when users transmit sensitive data, such as by logging into a bank account, email service, or health insurance provider.
Incorrect
SSH is correct. SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
Secure Shell provides strong password authentication and public key authentication, as well as encrypted data communications between two computers connecting over an open network, such as the internet. In addition to providing strong encryption, SSH is widely used by network administrators for managing systems and applications remotely, enabling them to log in to another computer over a network, execute commands and move files from one computer to another.
SRTP is incorrect. SRTP also known as Secure Real-Time Transport Protocol, is an extension profile of RTP (Real-Time Transport Protocol) which adds further security features, such as message authentication, confidentiality, and replay protection mostly intended for VoIP communications.
LDAP is incorrect. The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral application protocol used to maintain distributed directory info in an organized, easy-to-query manner. That means it allows you to keep a directory of items and information about them.
HTTPS is incorrect. Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer. This is particularly important when users transmit sensitive data, such as by logging into a bank account, email service, or health insurance provider.
Unattempted
SSH is correct. SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
Secure Shell provides strong password authentication and public key authentication, as well as encrypted data communications between two computers connecting over an open network, such as the internet. In addition to providing strong encryption, SSH is widely used by network administrators for managing systems and applications remotely, enabling them to log in to another computer over a network, execute commands and move files from one computer to another.
SRTP is incorrect. SRTP also known as Secure Real-Time Transport Protocol, is an extension profile of RTP (Real-Time Transport Protocol) which adds further security features, such as message authentication, confidentiality, and replay protection mostly intended for VoIP communications.
LDAP is incorrect. The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral application protocol used to maintain distributed directory info in an organized, easy-to-query manner. That means it allows you to keep a directory of items and information about them.
HTTPS is incorrect. Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP, which is the primary protocol used to send data between a web browser and a website. HTTPS is encrypted in order to increase security of data transfer. This is particularly important when users transmit sensitive data, such as by logging into a bank account, email service, or health insurance provider.
Question 10 of 60
10. Question
__________ is the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
Correct
Footprinting is correct. Footprinting is a part of the reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active.
Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
During this phase, a hacker can collect the following information ?
1. Domain name
2. IP Addresses
3. Namespaces
4. Employee information
5. Phone numbers
6. E-mails
7. Job Information
War driving is incorrect. War driving also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, you need a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna that can be mounted on top of or positioned inside the car.
Open Source Intelligence (OSINT) is incorrect. OSINT is the collection and analysis of information that is gathered from the public, or open, sources. OSINT is primarily used in national security, law enforcement, and business intelligence functions and is of value to analysts who use non-sensitive intelligence.
OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense (DoD), as produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.
Cleanup is incorrect. The final stage in every penetration test is cleaning up all that has been done during the testing process. For this reason, during a penetration test, you must keep track of all the payloads you may have dropped to disk and which modules you may need to clean up after you have run them.
Incorrect
Footprinting is correct. Footprinting is a part of the reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active.
Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
During this phase, a hacker can collect the following information ?
1. Domain name
2. IP Addresses
3. Namespaces
4. Employee information
5. Phone numbers
6. E-mails
7. Job Information
War driving is incorrect. War driving also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, you need a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna that can be mounted on top of or positioned inside the car.
Open Source Intelligence (OSINT) is incorrect. OSINT is the collection and analysis of information that is gathered from the public, or open, sources. OSINT is primarily used in national security, law enforcement, and business intelligence functions and is of value to analysts who use non-sensitive intelligence.
OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense (DoD), as produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.
Cleanup is incorrect. The final stage in every penetration test is cleaning up all that has been done during the testing process. For this reason, during a penetration test, you must keep track of all the payloads you may have dropped to disk and which modules you may need to clean up after you have run them.
Unattempted
Footprinting is correct. Footprinting is a part of the reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active.
Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
During this phase, a hacker can collect the following information ?
1. Domain name
2. IP Addresses
3. Namespaces
4. Employee information
5. Phone numbers
6. E-mails
7. Job Information
War driving is incorrect. War driving also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, you need a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna that can be mounted on top of or positioned inside the car.
Open Source Intelligence (OSINT) is incorrect. OSINT is the collection and analysis of information that is gathered from the public, or open, sources. OSINT is primarily used in national security, law enforcement, and business intelligence functions and is of value to analysts who use non-sensitive intelligence.
OSINT is defined by both the U.S. Director of National Intelligence and the U.S. Department of Defense (DoD), as produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.
Cleanup is incorrect. The final stage in every penetration test is cleaning up all that has been done during the testing process. For this reason, during a penetration test, you must keep track of all the payloads you may have dropped to disk and which modules you may need to clean up after you have run them.
Question 11 of 60
11. Question
A hacker attacks a network with the aim of maintaining ongoing access to the targeted network rather than to get in and out as quickly as possible with the ultimate goal of stealing information over a long period of time. Which type of attack a hacker used in this case?
Correct
The goal of most Advanced persistent threat attacks is to achieve and maintain ongoing access to the targeted network rather than to get in and out as quickly as possible. Because a great deal of effort and resources usually go into carrying out APT attacks, hackers typically target high-value targets, such as nation-states and large corporations, with the ultimate goal of stealing information over a long period of time.
An insider threat is incorrect. Insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors, or business associates, who have inside information concerning the organizations security practices, data, and computer systems.
Nation-State actors is incorrect. Nation-State actors aggressively target and gain persistent access to public and private sector networks to compromise, steal, change, or destroy information.
Hacktivism is incorrect. Hacktivism uses cyber-attacks based on political motivations who use cyber sabotage to promote a specific cause. As opposed to the hacking industry intent on data theft, hacktivism is not motivated by money and high visibility is key. Hacktivisms are motivated by revenge, politics, ideology, protest and a desire to humiliate victims. Profit is not a factor.
Incorrect
The goal of most Advanced persistent threat attacks is to achieve and maintain ongoing access to the targeted network rather than to get in and out as quickly as possible. Because a great deal of effort and resources usually go into carrying out APT attacks, hackers typically target high-value targets, such as nation-states and large corporations, with the ultimate goal of stealing information over a long period of time.
An insider threat is incorrect. Insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors, or business associates, who have inside information concerning the organizations security practices, data, and computer systems.
Nation-State actors is incorrect. Nation-State actors aggressively target and gain persistent access to public and private sector networks to compromise, steal, change, or destroy information.
Hacktivism is incorrect. Hacktivism uses cyber-attacks based on political motivations who use cyber sabotage to promote a specific cause. As opposed to the hacking industry intent on data theft, hacktivism is not motivated by money and high visibility is key. Hacktivisms are motivated by revenge, politics, ideology, protest and a desire to humiliate victims. Profit is not a factor.
Unattempted
The goal of most Advanced persistent threat attacks is to achieve and maintain ongoing access to the targeted network rather than to get in and out as quickly as possible. Because a great deal of effort and resources usually go into carrying out APT attacks, hackers typically target high-value targets, such as nation-states and large corporations, with the ultimate goal of stealing information over a long period of time.
An insider threat is incorrect. Insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors, or business associates, who have inside information concerning the organizations security practices, data, and computer systems.
Nation-State actors is incorrect. Nation-State actors aggressively target and gain persistent access to public and private sector networks to compromise, steal, change, or destroy information.
Hacktivism is incorrect. Hacktivism uses cyber-attacks based on political motivations who use cyber sabotage to promote a specific cause. As opposed to the hacking industry intent on data theft, hacktivism is not motivated by money and high visibility is key. Hacktivisms are motivated by revenge, politics, ideology, protest and a desire to humiliate victims. Profit is not a factor.
Question 12 of 60
12. Question
A zero-day attack is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. (True/False)
Correct
True.
A zero-day attack (also referred to as Day Zero) is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. The software developer must rush to resolve the weakness as soon as it is discovered in order to limit the threat to software users.
Incorrect
True.
A zero-day attack (also referred to as Day Zero) is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. The software developer must rush to resolve the weakness as soon as it is discovered in order to limit the threat to software users.
Unattempted
True.
A zero-day attack (also referred to as Day Zero) is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. The software developer must rush to resolve the weakness as soon as it is discovered in order to limit the threat to software users.
Question 13 of 60
13. Question
The type of hackers that violates computer security systems without permission, stealing the data inside for their own personal gain or vandalizing the system is commonly known as:
Correct
Black-Hat Hackers is correct. Black-Hat hackers violate computer security for personal gain without permission (such as stealing credit card numbers or harvesting personal data for sale to identity thieves) or for pure maliciousness (such as creating a botnet and using that botnet to perform DDoS attacks against websites they dont like.)
White-Hat Hackers is incorrect. White-hat hackers are the opposite of black-hat hackers. Theyre the ethical hackers, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes.
Gray-Hat Hackers is incorrect. A Gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesnt work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.
Red-Hat Hackers is incorrect. Red hats hackers are the most sophisticated hackers of them all. Red hats are motivated by a desire to end black hat hackers but do not want to play by societys rules.
Incorrect
Black-Hat Hackers is correct. Black-Hat hackers violate computer security for personal gain without permission (such as stealing credit card numbers or harvesting personal data for sale to identity thieves) or for pure maliciousness (such as creating a botnet and using that botnet to perform DDoS attacks against websites they dont like.)
White-Hat Hackers is incorrect. White-hat hackers are the opposite of black-hat hackers. Theyre the ethical hackers, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes.
Gray-Hat Hackers is incorrect. A Gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesnt work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.
Red-Hat Hackers is incorrect. Red hats hackers are the most sophisticated hackers of them all. Red hats are motivated by a desire to end black hat hackers but do not want to play by societys rules.
Unattempted
Black-Hat Hackers is correct. Black-Hat hackers violate computer security for personal gain without permission (such as stealing credit card numbers or harvesting personal data for sale to identity thieves) or for pure maliciousness (such as creating a botnet and using that botnet to perform DDoS attacks against websites they dont like.)
White-Hat Hackers is incorrect. White-hat hackers are the opposite of black-hat hackers. Theyre the ethical hackers, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes.
Gray-Hat Hackers is incorrect. A Gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesnt work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.
Red-Hat Hackers is incorrect. Red hats hackers are the most sophisticated hackers of them all. Red hats are motivated by a desire to end black hat hackers but do not want to play by societys rules.
Question 14 of 60
14. Question
In which of the following load balancer mode, two or more servers aggregate the network traffic load and work as a team distributes it to the network servers?
Correct
Active/active is correct. In Active/active mode two or more servers aggregate the network traffic load and work as a team distributes it to the network servers. The load balancers can also remember information requests from users and keep this information in the cache.
Active/passive is incorrect. Active/passive configuration offers many advantages so you should consider buying a pair of load balancers and configure them in H/A (High Availability) mode. This done the primary load balancer distributes the network traffic to the most suitable server while the second load balancer operates in listening mode to constantly monitor the performance of the primary load balancer, ready at any time to step in and take over the load balancing duties should the primary load balancer be in difficulty and failing.
Passive/active and Passive/passive are incorrect as they arent load balancing modes.
Incorrect
Active/active is correct. In Active/active mode two or more servers aggregate the network traffic load and work as a team distributes it to the network servers. The load balancers can also remember information requests from users and keep this information in the cache.
Active/passive is incorrect. Active/passive configuration offers many advantages so you should consider buying a pair of load balancers and configure them in H/A (High Availability) mode. This done the primary load balancer distributes the network traffic to the most suitable server while the second load balancer operates in listening mode to constantly monitor the performance of the primary load balancer, ready at any time to step in and take over the load balancing duties should the primary load balancer be in difficulty and failing.
Passive/active and Passive/passive are incorrect as they arent load balancing modes.
Unattempted
Active/active is correct. In Active/active mode two or more servers aggregate the network traffic load and work as a team distributes it to the network servers. The load balancers can also remember information requests from users and keep this information in the cache.
Active/passive is incorrect. Active/passive configuration offers many advantages so you should consider buying a pair of load balancers and configure them in H/A (High Availability) mode. This done the primary load balancer distributes the network traffic to the most suitable server while the second load balancer operates in listening mode to constantly monitor the performance of the primary load balancer, ready at any time to step in and take over the load balancing duties should the primary load balancer be in difficulty and failing.
Passive/active and Passive/passive are incorrect as they arent load balancing modes.
Question 15 of 60
15. Question
The type of hackers that are experts in compromising computer security systems and use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes is commonly known as:
Correct
White-Hat Hackers is correct. White-hat hackers are the opposite of black-hat hackers. Theyre the ethical hackers, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes.
Black-Hat Hackers is incorrect. Black-Hat hackers violate computer security for personal gain without permission (such as stealing credit card numbers or harvesting personal data for sale to identity thieves) or for pure maliciousness (such as creating a botnet and using that botnet to perform DDoS attacks against websites they dont like).
Red-Hat Hackers is incorrect. Red hats hackers are the most sophisticated hackers of them all. Red hats are motivated by a desire to end black hat hackers but do not want to play by societys rules.
Gray-Hat Hackers is incorrect. A Gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesnt work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.
Incorrect
White-Hat Hackers is correct. White-hat hackers are the opposite of black-hat hackers. Theyre the ethical hackers, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes.
Black-Hat Hackers is incorrect. Black-Hat hackers violate computer security for personal gain without permission (such as stealing credit card numbers or harvesting personal data for sale to identity thieves) or for pure maliciousness (such as creating a botnet and using that botnet to perform DDoS attacks against websites they dont like).
Red-Hat Hackers is incorrect. Red hats hackers are the most sophisticated hackers of them all. Red hats are motivated by a desire to end black hat hackers but do not want to play by societys rules.
Gray-Hat Hackers is incorrect. A Gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesnt work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.
Unattempted
White-Hat Hackers is correct. White-hat hackers are the opposite of black-hat hackers. Theyre the ethical hackers, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes.
Black-Hat Hackers is incorrect. Black-Hat hackers violate computer security for personal gain without permission (such as stealing credit card numbers or harvesting personal data for sale to identity thieves) or for pure maliciousness (such as creating a botnet and using that botnet to perform DDoS attacks against websites they dont like).
Red-Hat Hackers is incorrect. Red hats hackers are the most sophisticated hackers of them all. Red hats are motivated by a desire to end black hat hackers but do not want to play by societys rules.
Gray-Hat Hackers is incorrect. A Gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesnt work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.
Question 16 of 60
16. Question
It has been noticed the Wi-Fi of your company is slow and sometimes not operational. After investigation, you noticed this caused by channel interference.
Which of the following solutions will you implement to avoid problems such as channel interference when you build your WLAN?
Correct
Heatmap is the correct answer. A WiFi heatmap is a map of wireless signal coverage and strength. Typically, a WiFi heatmap shows a real map of a room, floor, or even a city overlaid by a graphical representation of a wireless signal.
The purpose of creating a WiFi heatmap is to obtain accurate information about the quality of coverage of a WiFi network. As you may know, WiFi coverage is affected by many different factors, including:
1. Your WiFi router
2. Other WiFi networks
3. Physical obstacles
4. RF interference
WiFi Protected Setup is incorrect. WiFi Protected Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols.
Captive portal is incorrect. A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources.
You cant avoid channel interference is incorrect because there are many tools to avoid channel interference such as Heatmaps, Site surveys & Wifi Analyzers.
Incorrect
Heatmap is the correct answer. A WiFi heatmap is a map of wireless signal coverage and strength. Typically, a WiFi heatmap shows a real map of a room, floor, or even a city overlaid by a graphical representation of a wireless signal.
The purpose of creating a WiFi heatmap is to obtain accurate information about the quality of coverage of a WiFi network. As you may know, WiFi coverage is affected by many different factors, including:
1. Your WiFi router
2. Other WiFi networks
3. Physical obstacles
4. RF interference
WiFi Protected Setup is incorrect. WiFi Protected Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols.
Captive portal is incorrect. A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources.
You cant avoid channel interference is incorrect because there are many tools to avoid channel interference such as Heatmaps, Site surveys & Wifi Analyzers.
Unattempted
Heatmap is the correct answer. A WiFi heatmap is a map of wireless signal coverage and strength. Typically, a WiFi heatmap shows a real map of a room, floor, or even a city overlaid by a graphical representation of a wireless signal.
The purpose of creating a WiFi heatmap is to obtain accurate information about the quality of coverage of a WiFi network. As you may know, WiFi coverage is affected by many different factors, including:
1. Your WiFi router
2. Other WiFi networks
3. Physical obstacles
4. RF interference
WiFi Protected Setup is incorrect. WiFi Protected Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols.
Captive portal is incorrect. A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources.
You cant avoid channel interference is incorrect because there are many tools to avoid channel interference such as Heatmaps, Site surveys & Wifi Analyzers.
Question 17 of 60
17. Question
Your manager trying to understand the difference between SFTP and FTPS. So, he asked you to explain the difference between those.
Which of the following statements are correct? (Choose all that apply.)
Correct
The correct statements are:
1. SFTP, also known as SSH FTP, encrypts both commands and data while in transmission.
2. FTPS, also known as FTP Secure or FTP-SSL.
3. SFTP protocol is packet-based as opposed to text-based making file and data transfers faster.
The incorrect statements are:
1. FTPS authenticates your connection using a user ID and password or SSH Keys.
2. SFTP authenticates your connection using a user ID and password, a certificate, or both.
SFTP, also known as SSH FTP, encrypts both commands and data while in transmission. This means all your data and credentials are encrypted as they pass through the internet.
SFTP authenticates your connection using a user ID and password or SSH Keys.
FTPS, also known as FTP Secure or FTP-SSL, is a more secure form of FTP. FTPS is basic FTP with security added to the data transfer. Special security protocols TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic and provide encryption of data to protect your information as it moves from point A to point B, including username/password.
FTPS authenticates your connection using a user ID and password, a certificate, or both.
Incorrect
The correct statements are:
1. SFTP, also known as SSH FTP, encrypts both commands and data while in transmission.
2. FTPS, also known as FTP Secure or FTP-SSL.
3. SFTP protocol is packet-based as opposed to text-based making file and data transfers faster.
The incorrect statements are:
1. FTPS authenticates your connection using a user ID and password or SSH Keys.
2. SFTP authenticates your connection using a user ID and password, a certificate, or both.
SFTP, also known as SSH FTP, encrypts both commands and data while in transmission. This means all your data and credentials are encrypted as they pass through the internet.
SFTP authenticates your connection using a user ID and password or SSH Keys.
FTPS, also known as FTP Secure or FTP-SSL, is a more secure form of FTP. FTPS is basic FTP with security added to the data transfer. Special security protocols TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic and provide encryption of data to protect your information as it moves from point A to point B, including username/password.
FTPS authenticates your connection using a user ID and password, a certificate, or both.
Unattempted
The correct statements are:
1. SFTP, also known as SSH FTP, encrypts both commands and data while in transmission.
2. FTPS, also known as FTP Secure or FTP-SSL.
3. SFTP protocol is packet-based as opposed to text-based making file and data transfers faster.
The incorrect statements are:
1. FTPS authenticates your connection using a user ID and password or SSH Keys.
2. SFTP authenticates your connection using a user ID and password, a certificate, or both.
SFTP, also known as SSH FTP, encrypts both commands and data while in transmission. This means all your data and credentials are encrypted as they pass through the internet.
SFTP authenticates your connection using a user ID and password or SSH Keys.
FTPS, also known as FTP Secure or FTP-SSL, is a more secure form of FTP. FTPS is basic FTP with security added to the data transfer. Special security protocols TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic and provide encryption of data to protect your information as it moves from point A to point B, including username/password.
FTPS authenticates your connection using a user ID and password, a certificate, or both.
Question 18 of 60
18. Question
A _____________ certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). These certificates are created, issued, and signed by the company or developer who is responsible for the website or software being signed.
Correct
Self-signed is the correct answer. A self-signed certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates.
The reason why theyre considered different from traditional certificate-authority signed certificates is that theyve created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
Code signing certificates is incorrect. Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your companys name, and if desired, a timestamp.
Wildcard is incorrect. A Wildcard SSL Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.yourcompany.com and you can use it on all of the following without errors: http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Subject alternative name is incorrect. A SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for yourcompany.com, and then add more SAN values to have the same certificate protect yourcompany.org, yourcompany.net and even examsdigest.com while the wildcard certificate allows for unlimited subdomains to be protected with a single certificate.
Incorrect
Self-signed is the correct answer. A self-signed certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates.
The reason why theyre considered different from traditional certificate-authority signed certificates is that theyve created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
Code signing certificates is incorrect. Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your companys name, and if desired, a timestamp.
Wildcard is incorrect. A Wildcard SSL Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.yourcompany.com and you can use it on all of the following without errors: http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Subject alternative name is incorrect. A SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for yourcompany.com, and then add more SAN values to have the same certificate protect yourcompany.org, yourcompany.net and even examsdigest.com while the wildcard certificate allows for unlimited subdomains to be protected with a single certificate.
Unattempted
Self-signed is the correct answer. A self-signed certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates.
The reason why theyre considered different from traditional certificate-authority signed certificates is that theyve created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
Code signing certificates is incorrect. Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your companys name, and if desired, a timestamp.
Wildcard is incorrect. A Wildcard SSL Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.yourcompany.com and you can use it on all of the following without errors: http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Subject alternative name is incorrect. A SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for yourcompany.com, and then add more SAN values to have the same certificate protect yourcompany.org, yourcompany.net and even examsdigest.com while the wildcard certificate allows for unlimited subdomains to be protected with a single certificate.
Question 19 of 60
19. Question
What technique is used for IP address conservation by making private IP addresses to connect to the Internet?
Correct
Network Address Translation (NAT) is the correct answer. Network Address Translation (NAT) is designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses before packets are forwarded to another network.
As part of this capability, NAT can be configured to advertise only one address for the entire network to the outside world. This provides additional security by effectively hiding the entire internal network behind that address. NAT offers the dual functions of security and address conservation and is typically implemented in remote-access environments.
Unified threat management (UTM) is incorrect. A unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.
UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.
Web application firewall (WAF) is incorrect. A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model) and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools that together create a holistic defense against a range of attack vectors.
Access control list (ACL) is incorrect. Access Control Lists (ACLs) are network traffic filters that can control incoming or outgoing traffic. ACLs work on a set of rules that define how to forward or block a packet at the routers interface.
An ACL is the same as a Stateless Firewall, which only restricts, blocks, or allows the packets that are flowing from source to destination. When you define an ACL on a routing device for a specific interface, all the traffic flowing through will be compared with the ACL statement which will either block it or allow it.
Incorrect
Network Address Translation (NAT) is the correct answer. Network Address Translation (NAT) is designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses before packets are forwarded to another network.
As part of this capability, NAT can be configured to advertise only one address for the entire network to the outside world. This provides additional security by effectively hiding the entire internal network behind that address. NAT offers the dual functions of security and address conservation and is typically implemented in remote-access environments.
Unified threat management (UTM) is incorrect. A unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.
UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.
Web application firewall (WAF) is incorrect. A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model) and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools that together create a holistic defense against a range of attack vectors.
Access control list (ACL) is incorrect. Access Control Lists (ACLs) are network traffic filters that can control incoming or outgoing traffic. ACLs work on a set of rules that define how to forward or block a packet at the routers interface.
An ACL is the same as a Stateless Firewall, which only restricts, blocks, or allows the packets that are flowing from source to destination. When you define an ACL on a routing device for a specific interface, all the traffic flowing through will be compared with the ACL statement which will either block it or allow it.
Unattempted
Network Address Translation (NAT) is the correct answer. Network Address Translation (NAT) is designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses before packets are forwarded to another network.
As part of this capability, NAT can be configured to advertise only one address for the entire network to the outside world. This provides additional security by effectively hiding the entire internal network behind that address. NAT offers the dual functions of security and address conservation and is typically implemented in remote-access environments.
Unified threat management (UTM) is incorrect. A unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.
UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.
Web application firewall (WAF) is incorrect. A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model) and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools that together create a holistic defense against a range of attack vectors.
Access control list (ACL) is incorrect. Access Control Lists (ACLs) are network traffic filters that can control incoming or outgoing traffic. ACLs work on a set of rules that define how to forward or block a packet at the routers interface.
An ACL is the same as a Stateless Firewall, which only restricts, blocks, or allows the packets that are flowing from source to destination. When you define an ACL on a routing device for a specific interface, all the traffic flowing through will be compared with the ACL statement which will either block it or allow it.
Question 20 of 60
20. Question
Which of the following options are authentication protocols? (Choose all the apply)
Correct
EAP is the correct answer. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet.
In EAP, a user requests a connection to a wireless network through an access point. The access point requests identification (ID) data from the user and transmits that data to an authentication server.
The authentication server asks the access point for proof of the validity of the ID. After the access point obtains that verification from the user and sends it back to the authentication server, the user is connected to the network as requested.
PEAP is the correct answer. PEAP (Protected Extensible Authentication Protocol) is a version of EAP. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.
PEAP authenticates the server with a public key certificate and carries the authentication in a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN stations and the authentication server can authenticate themselves.
RADIUS is the correct answer. Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point.
WPA2 is incorrect. Short for Wi-Fi Protected Access 2, WPA2 is the security method added to WPA for wireless networks that provide stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks.
WPA3 is incorrect. WPA3 is the latest version of Wi-Fi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. The primary enhancement to WPA3 Personal is in the authentication process, where WPA3 makes brute-force dictionary attacks much more difficult and time-consuming for an attacker.
Incorrect
EAP is the correct answer. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet.
In EAP, a user requests a connection to a wireless network through an access point. The access point requests identification (ID) data from the user and transmits that data to an authentication server.
The authentication server asks the access point for proof of the validity of the ID. After the access point obtains that verification from the user and sends it back to the authentication server, the user is connected to the network as requested.
PEAP is the correct answer. PEAP (Protected Extensible Authentication Protocol) is a version of EAP. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.
PEAP authenticates the server with a public key certificate and carries the authentication in a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN stations and the authentication server can authenticate themselves.
RADIUS is the correct answer. Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point.
WPA2 is incorrect. Short for Wi-Fi Protected Access 2, WPA2 is the security method added to WPA for wireless networks that provide stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks.
WPA3 is incorrect. WPA3 is the latest version of Wi-Fi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. The primary enhancement to WPA3 Personal is in the authentication process, where WPA3 makes brute-force dictionary attacks much more difficult and time-consuming for an attacker.
Unattempted
EAP is the correct answer. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet.
In EAP, a user requests a connection to a wireless network through an access point. The access point requests identification (ID) data from the user and transmits that data to an authentication server.
The authentication server asks the access point for proof of the validity of the ID. After the access point obtains that verification from the user and sends it back to the authentication server, the user is connected to the network as requested.
PEAP is the correct answer. PEAP (Protected Extensible Authentication Protocol) is a version of EAP. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.
PEAP authenticates the server with a public key certificate and carries the authentication in a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN stations and the authentication server can authenticate themselves.
RADIUS is the correct answer. Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point.
WPA2 is incorrect. Short for Wi-Fi Protected Access 2, WPA2 is the security method added to WPA for wireless networks that provide stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks.
WPA3 is incorrect. WPA3 is the latest version of Wi-Fi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. The primary enhancement to WPA3 Personal is in the authentication process, where WPA3 makes brute-force dictionary attacks much more difficult and time-consuming for an attacker.
Question 21 of 60
21. Question
Which of the following VPN solutions is used to connect two local area networks (LANs) utilized by businesses large and small that want to provide their employees with secure access to network resources?
Correct
Site-to-site is the correct answer. The Site to Site VPN, known as point to point VPN, is used to connect two local area networks (LANs). Site to site VPNs are usually utilized by businesses large and small that want to provide their employees or business partners secure access to network resources. Usually, these network resources are files or access to programs that need to be protected.
Remote Access is incorrect. Remote Access (Personal) VPN is used to connect a personal user device to a remote server on a private network. Once a remote access VPN is connected, a users internet activity will go through the encrypted VPN tunnel to the remote server and access the internet from that remote server. That means that the internet website or application sees the remote servers IP address instead of your personal devices IP address which provides a layer of privacy.
Split tunnel is incorrect. VPN split tunneling lets you route some of your device or app traffic through the encrypted VPN tunnel while other devices or apps access the internet directly. Use split tunneling to protect the traffic you choose, without losing access to local network devices.
Proxy server is incorrect. A proxy server is not a VPN solution, the proxy server acts as a gateway between you and the internet. Its an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy. Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests.
Incorrect
Site-to-site is the correct answer. The Site to Site VPN, known as point to point VPN, is used to connect two local area networks (LANs). Site to site VPNs are usually utilized by businesses large and small that want to provide their employees or business partners secure access to network resources. Usually, these network resources are files or access to programs that need to be protected.
Remote Access is incorrect. Remote Access (Personal) VPN is used to connect a personal user device to a remote server on a private network. Once a remote access VPN is connected, a users internet activity will go through the encrypted VPN tunnel to the remote server and access the internet from that remote server. That means that the internet website or application sees the remote servers IP address instead of your personal devices IP address which provides a layer of privacy.
Split tunnel is incorrect. VPN split tunneling lets you route some of your device or app traffic through the encrypted VPN tunnel while other devices or apps access the internet directly. Use split tunneling to protect the traffic you choose, without losing access to local network devices.
Proxy server is incorrect. A proxy server is not a VPN solution, the proxy server acts as a gateway between you and the internet. Its an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy. Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests.
Unattempted
Site-to-site is the correct answer. The Site to Site VPN, known as point to point VPN, is used to connect two local area networks (LANs). Site to site VPNs are usually utilized by businesses large and small that want to provide their employees or business partners secure access to network resources. Usually, these network resources are files or access to programs that need to be protected.
Remote Access is incorrect. Remote Access (Personal) VPN is used to connect a personal user device to a remote server on a private network. Once a remote access VPN is connected, a users internet activity will go through the encrypted VPN tunnel to the remote server and access the internet from that remote server. That means that the internet website or application sees the remote servers IP address instead of your personal devices IP address which provides a layer of privacy.
Split tunnel is incorrect. VPN split tunneling lets you route some of your device or app traffic through the encrypted VPN tunnel while other devices or apps access the internet directly. Use split tunneling to protect the traffic you choose, without losing access to local network devices.
Proxy server is incorrect. A proxy server is not a VPN solution, the proxy server acts as a gateway between you and the internet. Its an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy. Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests.
Question 22 of 60
22. Question
Which of the following technologies will you use in order to send instant notifications to your subscribed users each time you publish a new blog post on your website?
Correct
Push notifications is the correct answer. Push notifications are clickable pop-up messages that appear on your users browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices.
Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Geofencing is incorrect. Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area.
Companies send product offers or specific promotions to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
Geolocation is incorrect. Geolocation refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individuals person, geolocation is often used to track the movements and location of people and surveillance.
Remote wipe is incorrect. Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Incorrect
Push notifications is the correct answer. Push notifications are clickable pop-up messages that appear on your users browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices.
Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Geofencing is incorrect. Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area.
Companies send product offers or specific promotions to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
Geolocation is incorrect. Geolocation refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individuals person, geolocation is often used to track the movements and location of people and surveillance.
Remote wipe is incorrect. Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Unattempted
Push notifications is the correct answer. Push notifications are clickable pop-up messages that appear on your users browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices.
Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Geofencing is incorrect. Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area.
Companies send product offers or specific promotions to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
Geolocation is incorrect. Geolocation refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individuals person, geolocation is often used to track the movements and location of people and surveillance.
Remote wipe is incorrect. Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Question 23 of 60
23. Question
The main goal of performing a wireless site ________________ is to reveal areas of channel interference and dead zones, helping you avoid problems as you build the network and prevent obstacles for network users.
Correct
The main goal of performing a wireless site survey is to reveal areas of channel interference and dead zones, helping you avoid problems as you build the network and prevent obstacles for network users.
A wireless site survey is used to determine two things. First, you want to determine the feasibility of building a wireless network on your site. Once you have established its feasible, youll need to determine the best place for access points and other equipment such as antennas and cables. A site survey also helps you to determine what type of equipment you will need, where it will go, and how it needs to be installed.
Incorrect
The main goal of performing a wireless site survey is to reveal areas of channel interference and dead zones, helping you avoid problems as you build the network and prevent obstacles for network users.
A wireless site survey is used to determine two things. First, you want to determine the feasibility of building a wireless network on your site. Once you have established its feasible, youll need to determine the best place for access points and other equipment such as antennas and cables. A site survey also helps you to determine what type of equipment you will need, where it will go, and how it needs to be installed.
Unattempted
The main goal of performing a wireless site survey is to reveal areas of channel interference and dead zones, helping you avoid problems as you build the network and prevent obstacles for network users.
A wireless site survey is used to determine two things. First, you want to determine the feasibility of building a wireless network on your site. Once you have established its feasible, youll need to determine the best place for access points and other equipment such as antennas and cables. A site survey also helps you to determine what type of equipment you will need, where it will go, and how it needs to be installed.
Question 24 of 60
24. Question
Assuming you have the domain yourcompany.com with the following sub-domains: http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Which of the following types of certificates will you choose to secure all the first-level sub-domains on a single domain name?
Correct
Wildcard is the correct answer. A Wildcard SSL Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.yourcompany.com and you can use it on all of the following without errors: http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Subject alternative name is incorrect. A SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for yourcompany.com, and then add more SAN values to have the same certificate protect yourcompany.org, yourcompany.net and even examsdigest.com while the wildcard certificate allows for unlimited subdomains to be protected with a single certificate.
Code signing certificates is incorrect. Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your companys name, and if desired, a timestamp.
Self-signed is incorrect. A self-signed certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates.
The reason why theyre considered different from traditional certificate-authority signed certificates is that theyve created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
Incorrect
Wildcard is the correct answer. A Wildcard SSL Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.yourcompany.com and you can use it on all of the following without errors: http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Subject alternative name is incorrect. A SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for yourcompany.com, and then add more SAN values to have the same certificate protect yourcompany.org, yourcompany.net and even examsdigest.com while the wildcard certificate allows for unlimited subdomains to be protected with a single certificate.
Code signing certificates is incorrect. Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your companys name, and if desired, a timestamp.
Self-signed is incorrect. A self-signed certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates.
The reason why theyre considered different from traditional certificate-authority signed certificates is that theyve created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
Unattempted
Wildcard is the correct answer. A Wildcard SSL Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.yourcompany.com and you can use it on all of the following without errors: http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Subject alternative name is incorrect. A SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for yourcompany.com, and then add more SAN values to have the same certificate protect yourcompany.org, yourcompany.net and even examsdigest.com while the wildcard certificate allows for unlimited subdomains to be protected with a single certificate.
Code signing certificates is incorrect. Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your companys name, and if desired, a timestamp.
Self-signed is incorrect. A self-signed certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates.
The reason why theyre considered different from traditional certificate-authority signed certificates is that theyve created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
Question 25 of 60
25. Question
WiFi ____________ Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster, easier, and more secure.
Correct
Protected is the correct answer. WiFi Protected Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster, easier, and more secure. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols.
Incorrect
Protected is the correct answer. WiFi Protected Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster, easier, and more secure. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols.
Unattempted
Protected is the correct answer. WiFi Protected Setup is a wireless network security standard that tries to make connections between a router and wireless devices faster, easier, and more secure. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols.
Question 26 of 60
26. Question
The type of network hardware appliance that protects networks against security threats (malware, attacks) that simultaneously target separate parts of the network by integrating multiple security services and features is known as:
Correct
Unified threat management (UTM) is the correct answer. A unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.
UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.
Network Address Translation (NAT) is incorrect. Network Address Translation (NAT) is designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses before packets are forwarded to another network.
As part of this capability, NAT can be configured to advertise only one address for the entire network to the outside world. This provides additional security by effectively hiding the entire internal network behind that address. NAT offers the dual functions of security and address conservation and is typically implemented in remote-access environments.
Web application firewall (WAF) is incorrect. A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model) and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools that together create a holistic defense against a range of attack vectors.
Content/URL filter is incorrect. URL filtering is a type of technology that helps businesses control their users and guests ability to access certain content on the web.
Incorrect
Unified threat management (UTM) is the correct answer. A unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.
UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.
Network Address Translation (NAT) is incorrect. Network Address Translation (NAT) is designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses before packets are forwarded to another network.
As part of this capability, NAT can be configured to advertise only one address for the entire network to the outside world. This provides additional security by effectively hiding the entire internal network behind that address. NAT offers the dual functions of security and address conservation and is typically implemented in remote-access environments.
Web application firewall (WAF) is incorrect. A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model) and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools that together create a holistic defense against a range of attack vectors.
Content/URL filter is incorrect. URL filtering is a type of technology that helps businesses control their users and guests ability to access certain content on the web.
Unattempted
Unified threat management (UTM) is the correct answer. A unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.
UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.
Network Address Translation (NAT) is incorrect. Network Address Translation (NAT) is designed for IP address conservation. It enables private IP networks that use unregistered IP addresses to connect to the Internet. NAT operates on a router, usually connecting two networks together, and translates the private (not globally unique) addresses in the internal network into legal addresses before packets are forwarded to another network.
As part of this capability, NAT can be configured to advertise only one address for the entire network to the outside world. This provides additional security by effectively hiding the entire internal network behind that address. NAT offers the dual functions of security and address conservation and is typically implemented in remote-access environments.
Web application firewall (WAF) is incorrect. A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model) and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools that together create a holistic defense against a range of attack vectors.
Content/URL filter is incorrect. URL filtering is a type of technology that helps businesses control their users and guests ability to access certain content on the web.
Question 27 of 60
27. Question
Which of the following authentication protocols allows you to use an existing account to sign in to multiple websites, without needing to create new passwords?
Correct
OpenID is the correct answer. The OpenID allows you to use an existing account to sign in to multiple websites, without needing to create new passwords. With OpenID, your password is only given to your identity provider, and that provider then confirms your identity to the websites you visit.
Kerberos is incorrect. Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
TACACS+ is incorrect. Terminal Access Controller Access-Control System Plus (TACACS+) is an Authentication, Authorization, and Accounting (AAA) protocol that is used to authenticate access to network devices.
OAuth is incorrect. OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password. For example, you can tell Facebook that its OK for BBC.com to access your profile or post updates to your timeline without having to give BBC your Facebook password. This minimizes risk in a major way: In the event, BBC suffers a breach, your Facebook password remains safe.
Incorrect
OpenID is the correct answer. The OpenID allows you to use an existing account to sign in to multiple websites, without needing to create new passwords. With OpenID, your password is only given to your identity provider, and that provider then confirms your identity to the websites you visit.
Kerberos is incorrect. Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
TACACS+ is incorrect. Terminal Access Controller Access-Control System Plus (TACACS+) is an Authentication, Authorization, and Accounting (AAA) protocol that is used to authenticate access to network devices.
OAuth is incorrect. OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password. For example, you can tell Facebook that its OK for BBC.com to access your profile or post updates to your timeline without having to give BBC your Facebook password. This minimizes risk in a major way: In the event, BBC suffers a breach, your Facebook password remains safe.
Unattempted
OpenID is the correct answer. The OpenID allows you to use an existing account to sign in to multiple websites, without needing to create new passwords. With OpenID, your password is only given to your identity provider, and that provider then confirms your identity to the websites you visit.
Kerberos is incorrect. Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet.
TACACS+ is incorrect. Terminal Access Controller Access-Control System Plus (TACACS+) is an Authentication, Authorization, and Accounting (AAA) protocol that is used to authenticate access to network devices.
OAuth is incorrect. OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password. For example, you can tell Facebook that its OK for BBC.com to access your profile or post updates to your timeline without having to give BBC your Facebook password. This minimizes risk in a major way: In the event, BBC suffers a breach, your Facebook password remains safe.
Question 28 of 60
28. Question
In the form of Rule-Based Access Control, data are accessible or not accessible based on the users IP address.
Correct
In the form of Rule-Based Access Control, data are accessible or not accessible based on the users IP address.
In the form of Rule-Based Access Control (RBAC), youre focusing on the rules associated with the datas access or restrictions. These rules may be parameters, such as allowing access only from certain IP addresses, denying access from certain IP addresses, or something more specific. In a more specific instance, access from a specific IP address may be allowed unless it comes through a certain port (such as the port used for FTP access).
When dealing with role-based access controls, data is protected in exactly the way it sounds like it is: by user roles. Users are sorted into groups or categories based on their job functions or departments, and those categories determine the data that theyre able to access. Human Resources team members, for example, might be permitted to access employee information while no other role-based group is permitted to do so.
Incorrect
In the form of Rule-Based Access Control, data are accessible or not accessible based on the users IP address.
In the form of Rule-Based Access Control (RBAC), youre focusing on the rules associated with the datas access or restrictions. These rules may be parameters, such as allowing access only from certain IP addresses, denying access from certain IP addresses, or something more specific. In a more specific instance, access from a specific IP address may be allowed unless it comes through a certain port (such as the port used for FTP access).
When dealing with role-based access controls, data is protected in exactly the way it sounds like it is: by user roles. Users are sorted into groups or categories based on their job functions or departments, and those categories determine the data that theyre able to access. Human Resources team members, for example, might be permitted to access employee information while no other role-based group is permitted to do so.
Unattempted
In the form of Rule-Based Access Control, data are accessible or not accessible based on the users IP address.
In the form of Rule-Based Access Control (RBAC), youre focusing on the rules associated with the datas access or restrictions. These rules may be parameters, such as allowing access only from certain IP addresses, denying access from certain IP addresses, or something more specific. In a more specific instance, access from a specific IP address may be allowed unless it comes through a certain port (such as the port used for FTP access).
When dealing with role-based access controls, data is protected in exactly the way it sounds like it is: by user roles. Users are sorted into groups or categories based on their job functions or departments, and those categories determine the data that theyre able to access. Human Resources team members, for example, might be permitted to access employee information while no other role-based group is permitted to do so.
Question 29 of 60
29. Question
You have been tasked to implement a solution to encrypt data as it is written to the disk and decrypt data as it is read off the disk.
Which of the following solution will you implement to meet the requirement?
Correct
Full-disk encryption (FDE) and self-encrypting drives (SED) encrypt data as it is written to the disk and decrypt data as it is read off the disk. FDE makes sense for laptops, which are highly susceptible to loss or theft. But FDE isnt suitable for the most common risks faced in data center and cloud environments.
The advantages of full-disk encryption/self-encrypting drives (FDE/SED) include:
1. Simplest method of deploying encryption
2. Transparent to applications, databases, and users.
3. High-performance, hardware-based encryption
The limitations of full-disk encryption/self-encrypting drives (FDE/SED) include:
1. Addresses a very limited set of threats (protects only from physical loss of storage media)
2. Lacks safeguards against advanced persistent threats (APTs), malicious insiders, or external attackers
3. Meets minimal compliance requirements
4. Doesnt offer granular access audit logs
Root of trust is incorrect. The Root of Trust is a concept that starts a chain of trust needed to ensure computers boot with legitimate code. If the first piece of code executed has been verified as legitimate, those credentials are trusted by the execution of each subsequent piece of code.
Trusted Platform Module is incorrect. TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys.
A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and attestation (a process helping to prove that a platform is trustworthy and has not been breached) are necessary steps to ensure safer computing in all environments.
Sandboxing is incorrect. Sandboxing is a technique in which you create an isolated test environment, a sandbox, in which to execute or detonate a suspicious file or URL that is attached to an email or otherwise reaches your network and then observe what happens.
If the file or URL displays malicious behavior, then youve discovered a new threat. The sandbox must be a secure, virtual environment that accurately emulates the CPU of your production servers.
Incorrect
Full-disk encryption (FDE) and self-encrypting drives (SED) encrypt data as it is written to the disk and decrypt data as it is read off the disk. FDE makes sense for laptops, which are highly susceptible to loss or theft. But FDE isnt suitable for the most common risks faced in data center and cloud environments.
The advantages of full-disk encryption/self-encrypting drives (FDE/SED) include:
1. Simplest method of deploying encryption
2. Transparent to applications, databases, and users.
3. High-performance, hardware-based encryption
The limitations of full-disk encryption/self-encrypting drives (FDE/SED) include:
1. Addresses a very limited set of threats (protects only from physical loss of storage media)
2. Lacks safeguards against advanced persistent threats (APTs), malicious insiders, or external attackers
3. Meets minimal compliance requirements
4. Doesnt offer granular access audit logs
Root of trust is incorrect. The Root of Trust is a concept that starts a chain of trust needed to ensure computers boot with legitimate code. If the first piece of code executed has been verified as legitimate, those credentials are trusted by the execution of each subsequent piece of code.
Trusted Platform Module is incorrect. TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys.
A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and attestation (a process helping to prove that a platform is trustworthy and has not been breached) are necessary steps to ensure safer computing in all environments.
Sandboxing is incorrect. Sandboxing is a technique in which you create an isolated test environment, a sandbox, in which to execute or detonate a suspicious file or URL that is attached to an email or otherwise reaches your network and then observe what happens.
If the file or URL displays malicious behavior, then youve discovered a new threat. The sandbox must be a secure, virtual environment that accurately emulates the CPU of your production servers.
Unattempted
Full-disk encryption (FDE) and self-encrypting drives (SED) encrypt data as it is written to the disk and decrypt data as it is read off the disk. FDE makes sense for laptops, which are highly susceptible to loss or theft. But FDE isnt suitable for the most common risks faced in data center and cloud environments.
The advantages of full-disk encryption/self-encrypting drives (FDE/SED) include:
1. Simplest method of deploying encryption
2. Transparent to applications, databases, and users.
3. High-performance, hardware-based encryption
The limitations of full-disk encryption/self-encrypting drives (FDE/SED) include:
1. Addresses a very limited set of threats (protects only from physical loss of storage media)
2. Lacks safeguards against advanced persistent threats (APTs), malicious insiders, or external attackers
3. Meets minimal compliance requirements
4. Doesnt offer granular access audit logs
Root of trust is incorrect. The Root of Trust is a concept that starts a chain of trust needed to ensure computers boot with legitimate code. If the first piece of code executed has been verified as legitimate, those credentials are trusted by the execution of each subsequent piece of code.
Trusted Platform Module is incorrect. TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys.
A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and attestation (a process helping to prove that a platform is trustworthy and has not been breached) are necessary steps to ensure safer computing in all environments.
Sandboxing is incorrect. Sandboxing is a technique in which you create an isolated test environment, a sandbox, in which to execute or detonate a suspicious file or URL that is attached to an email or otherwise reaches your network and then observe what happens.
If the file or URL displays malicious behavior, then youve discovered a new threat. The sandbox must be a secure, virtual environment that accurately emulates the CPU of your production servers.
Question 30 of 60
30. Question
For security and monitoring purposes your company instructed you to implement a solution so that all packets entering or exiting a port should be copied and then should be sent to a local interface for monitoring.
Which of the following solution will you implement in order to meet the requirement?
Correct
Port mirroring is the correct answer. Port mirroring copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface for local monitoring or to a VLAN for remote monitoring. Use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on.
Port mirroring is needed for traffic analysis on a switch because a switch normally sends packets only to the port to which the destination device is connected. You configure port mirroring on the switch to send copies of unicast traffic to a local interface or a VLAN and run an analyzer application on a device connected to the interface or VLAN.
Access control list (ACL) is incorrect. Access Control Lists (ACLs) are network traffic filters that can control incoming or outgoing traffic. ACLs work on a set of rules that define how to forward or block a packet at the routers interface.
An ACL is the same as a Stateless Firewall, which only restricts, blocks, or allows the packets that are flowing from source to destination. When you define an ACL on a routing device for a specific interface, all the traffic flowing through will be compared with the ACL statement which will either block it or allow it.
Quality of service (QoS) is incorrect. Quality of service (QoS) refers to any technology that manages data traffic to reduce packet loss, latency and jitter on the network.
Quality of service also involves controlling and managing network resources by setting priorities for specific types of data (video, audio, files) on the network. QoS is exclusively applied to network traffic generated for video on demand, IPTV, VoIP, streaming media, videoconferencing, and online gaming.
File integrity monitoring (FIM) is incorrect. File integrity monitoring (FIM) refers to an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted.
Incorrect
Port mirroring is the correct answer. Port mirroring copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface for local monitoring or to a VLAN for remote monitoring. Use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on.
Port mirroring is needed for traffic analysis on a switch because a switch normally sends packets only to the port to which the destination device is connected. You configure port mirroring on the switch to send copies of unicast traffic to a local interface or a VLAN and run an analyzer application on a device connected to the interface or VLAN.
Access control list (ACL) is incorrect. Access Control Lists (ACLs) are network traffic filters that can control incoming or outgoing traffic. ACLs work on a set of rules that define how to forward or block a packet at the routers interface.
An ACL is the same as a Stateless Firewall, which only restricts, blocks, or allows the packets that are flowing from source to destination. When you define an ACL on a routing device for a specific interface, all the traffic flowing through will be compared with the ACL statement which will either block it or allow it.
Quality of service (QoS) is incorrect. Quality of service (QoS) refers to any technology that manages data traffic to reduce packet loss, latency and jitter on the network.
Quality of service also involves controlling and managing network resources by setting priorities for specific types of data (video, audio, files) on the network. QoS is exclusively applied to network traffic generated for video on demand, IPTV, VoIP, streaming media, videoconferencing, and online gaming.
File integrity monitoring (FIM) is incorrect. File integrity monitoring (FIM) refers to an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted.
Unattempted
Port mirroring is the correct answer. Port mirroring copies packets entering or exiting a port or entering a VLAN and sends the copies to a local interface for local monitoring or to a VLAN for remote monitoring. Use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on.
Port mirroring is needed for traffic analysis on a switch because a switch normally sends packets only to the port to which the destination device is connected. You configure port mirroring on the switch to send copies of unicast traffic to a local interface or a VLAN and run an analyzer application on a device connected to the interface or VLAN.
Access control list (ACL) is incorrect. Access Control Lists (ACLs) are network traffic filters that can control incoming or outgoing traffic. ACLs work on a set of rules that define how to forward or block a packet at the routers interface.
An ACL is the same as a Stateless Firewall, which only restricts, blocks, or allows the packets that are flowing from source to destination. When you define an ACL on a routing device for a specific interface, all the traffic flowing through will be compared with the ACL statement which will either block it or allow it.
Quality of service (QoS) is incorrect. Quality of service (QoS) refers to any technology that manages data traffic to reduce packet loss, latency and jitter on the network.
Quality of service also involves controlling and managing network resources by setting priorities for specific types of data (video, audio, files) on the network. QoS is exclusively applied to network traffic generated for video on demand, IPTV, VoIP, streaming media, videoconferencing, and online gaming.
File integrity monitoring (FIM) is incorrect. File integrity monitoring (FIM) refers to an IT security process and technology that tests and checks operating system (OS), database, and application software files to determine whether or not they have been tampered with or corrupted.
Question 31 of 60
31. Question
Which of the following Public key infrastructure (PKI) terms is known as an organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates?
Correct
Certificate authority (CA) is the correct answer. A certificate authority (CA), also sometimes referred to as a certification authority, is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates. A digital certificate provides:
1. Authentication, by serving as a credential to validate the identity of the entity that it is issued to.
2. Encryption, for secure communication over insecure networks such as the Internet.
3. Integrity of documents signed with the certificate so that they cannot be altered by a third party in transit.
Registration Authority is incorrect. Registration Authority is a company or organization that is responsible for receiving and validating requests for digital certificates and public/private key pairs. A registration authority (RA) is part of the public key infrastructure (PKI).
Online Certificate Status Protocol (OCSP) is incorrect. When establishing an SSL/TLS session, clients can use Online Certificate Status Protocol (OCSP) to check the revocation status of the authentication certificate. The authenticating client sends a request containing the serial number of the certificate to the OCSP responder (server).
The responder searches the database of the certificate authority (CA) that issued the certificate and returns a response containing the status (good, revoked, or unknown) to the client. The advantage of the OCSP method is that it can verify status in real-time, instead of depending on the issue frequency (hourly, daily, or weekly) of CRLs.
Certificate signing request (CSR) is incorrect. A certificate signing request (CSR) is one of the first steps towards getting your own SSL Certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) the Certificate Authority (CA) will use to create your certificate. It also contains the public key that will be included in your certificate and is signed with the corresponding private key.
Incorrect
Certificate authority (CA) is the correct answer. A certificate authority (CA), also sometimes referred to as a certification authority, is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates. A digital certificate provides:
1. Authentication, by serving as a credential to validate the identity of the entity that it is issued to.
2. Encryption, for secure communication over insecure networks such as the Internet.
3. Integrity of documents signed with the certificate so that they cannot be altered by a third party in transit.
Registration Authority is incorrect. Registration Authority is a company or organization that is responsible for receiving and validating requests for digital certificates and public/private key pairs. A registration authority (RA) is part of the public key infrastructure (PKI).
Online Certificate Status Protocol (OCSP) is incorrect. When establishing an SSL/TLS session, clients can use Online Certificate Status Protocol (OCSP) to check the revocation status of the authentication certificate. The authenticating client sends a request containing the serial number of the certificate to the OCSP responder (server).
The responder searches the database of the certificate authority (CA) that issued the certificate and returns a response containing the status (good, revoked, or unknown) to the client. The advantage of the OCSP method is that it can verify status in real-time, instead of depending on the issue frequency (hourly, daily, or weekly) of CRLs.
Certificate signing request (CSR) is incorrect. A certificate signing request (CSR) is one of the first steps towards getting your own SSL Certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) the Certificate Authority (CA) will use to create your certificate. It also contains the public key that will be included in your certificate and is signed with the corresponding private key.
Unattempted
Certificate authority (CA) is the correct answer. A certificate authority (CA), also sometimes referred to as a certification authority, is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates. A digital certificate provides:
1. Authentication, by serving as a credential to validate the identity of the entity that it is issued to.
2. Encryption, for secure communication over insecure networks such as the Internet.
3. Integrity of documents signed with the certificate so that they cannot be altered by a third party in transit.
Registration Authority is incorrect. Registration Authority is a company or organization that is responsible for receiving and validating requests for digital certificates and public/private key pairs. A registration authority (RA) is part of the public key infrastructure (PKI).
Online Certificate Status Protocol (OCSP) is incorrect. When establishing an SSL/TLS session, clients can use Online Certificate Status Protocol (OCSP) to check the revocation status of the authentication certificate. The authenticating client sends a request containing the serial number of the certificate to the OCSP responder (server).
The responder searches the database of the certificate authority (CA) that issued the certificate and returns a response containing the status (good, revoked, or unknown) to the client. The advantage of the OCSP method is that it can verify status in real-time, instead of depending on the issue frequency (hourly, daily, or weekly) of CRLs.
Certificate signing request (CSR) is incorrect. A certificate signing request (CSR) is one of the first steps towards getting your own SSL Certificate. Generated on the same server you plan to install the certificate on, the CSR contains information (e.g. common name, organization, country) the Certificate Authority (CA) will use to create your certificate. It also contains the public key that will be included in your certificate and is signed with the corresponding private key.
Question 32 of 60
32. Question
You have been tasked to implement a security solution so all the network events from your company should be recorded in a central database for further analysis.
Which of the following security solutions will you implement to meet the requirement?
Correct
Endpoint detection and response (EDR) is the correct answer. Endpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.
Endpoint detection and response tools work by monitoring endpoint and network events and recording the information in a central database where further analysis, detection, investigation, reporting, and alerting take place. A software agent installed on the host system provides the foundation for event monitoring and reporting.
Next-generation firewall (NGFW) is incorrect. Next-generation firewalls filter network traffic to protect an organization from external threats. Maintaining features of stateful firewalls such as packet filtering, VPN support, network monitoring, and IP mapping features, NGFWs also possess deeper inspection capabilities that give them a superior ability to identify attacks, malware, and other threats.
Next-generation firewalls provide organizations with application control, intrusion prevention, and advanced visibility across the network. As the threat landscape continues to develop rapidly, traditional firewalls fall further behind and put your organization at risk. NGFWs not only block malware, but also include paths for future updates, giving them the flexibility to evolve with the landscape and keep the network secure as new threats arise.
Anti-malware is incorrect. Anti-malware tools may employ scanning, strategies, freeware, or licensed tools to detect rootkits, worms, Trojans, and other types of potentially damaging software. Each type of malware resource carries its own interface and system requirements, which impact user solutions for a given device or system.
Antivirus is incorrect. Antivirus software helps protect your computer against malware and cybercriminals. Antivirus software looks at data web pages, files, software, applications traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible.
Incorrect
Endpoint detection and response (EDR) is the correct answer. Endpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.
Endpoint detection and response tools work by monitoring endpoint and network events and recording the information in a central database where further analysis, detection, investigation, reporting, and alerting take place. A software agent installed on the host system provides the foundation for event monitoring and reporting.
Next-generation firewall (NGFW) is incorrect. Next-generation firewalls filter network traffic to protect an organization from external threats. Maintaining features of stateful firewalls such as packet filtering, VPN support, network monitoring, and IP mapping features, NGFWs also possess deeper inspection capabilities that give them a superior ability to identify attacks, malware, and other threats.
Next-generation firewalls provide organizations with application control, intrusion prevention, and advanced visibility across the network. As the threat landscape continues to develop rapidly, traditional firewalls fall further behind and put your organization at risk. NGFWs not only block malware, but also include paths for future updates, giving them the flexibility to evolve with the landscape and keep the network secure as new threats arise.
Anti-malware is incorrect. Anti-malware tools may employ scanning, strategies, freeware, or licensed tools to detect rootkits, worms, Trojans, and other types of potentially damaging software. Each type of malware resource carries its own interface and system requirements, which impact user solutions for a given device or system.
Antivirus is incorrect. Antivirus software helps protect your computer against malware and cybercriminals. Antivirus software looks at data web pages, files, software, applications traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible.
Unattempted
Endpoint detection and response (EDR) is the correct answer. Endpoint detection and response is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.
Endpoint detection and response tools work by monitoring endpoint and network events and recording the information in a central database where further analysis, detection, investigation, reporting, and alerting take place. A software agent installed on the host system provides the foundation for event monitoring and reporting.
Next-generation firewall (NGFW) is incorrect. Next-generation firewalls filter network traffic to protect an organization from external threats. Maintaining features of stateful firewalls such as packet filtering, VPN support, network monitoring, and IP mapping features, NGFWs also possess deeper inspection capabilities that give them a superior ability to identify attacks, malware, and other threats.
Next-generation firewalls provide organizations with application control, intrusion prevention, and advanced visibility across the network. As the threat landscape continues to develop rapidly, traditional firewalls fall further behind and put your organization at risk. NGFWs not only block malware, but also include paths for future updates, giving them the flexibility to evolve with the landscape and keep the network secure as new threats arise.
Anti-malware is incorrect. Anti-malware tools may employ scanning, strategies, freeware, or licensed tools to detect rootkits, worms, Trojans, and other types of potentially damaging software. Each type of malware resource carries its own interface and system requirements, which impact user solutions for a given device or system.
Antivirus is incorrect. Antivirus software helps protect your computer against malware and cybercriminals. Antivirus software looks at data web pages, files, software, applications traveling over the network to your devices. It searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. It seeks to block or remove malware as quickly as possible.
Question 33 of 60
33. Question
The network administrator from your company notices that the network performance has been degraded due to a broadcast storm.
Which of the following techniques will you recommend to the network administrator in order to reduce broadcast storms? (Choose all that apply)
Correct
A broadcast storm is an abnormally high number of broadcast packets within a short period of time. A broadcast storm can overwhelm switches and endpoints as they struggle to keep up with processing the flood of packets. When this happens, network performance degrades.
How to reduce broadcast storms:
1. Storm control and equivalent protocols allow you to rate-limit broadcast packets. If your switch has such a mechanism, turn it on.
2. Ensure IP-directed broadcasts are disabled on your Layer 3 devices. Theres little to no reason why youd want broadcast packets coming in from the internet going to a private address space. If a storm is originating from the WAN, disabling IP-directed broadcasts will shut it down.
3. Split up your broadcast domain. Creating a new VLAN and migrating hosts into it will load balance the broadcast traffic to a more acceptable level. Broadcast traffic is necessary and useful, but too much of it eventually leads to a poor network experience.
4. Check how often ARP tables are emptied. The more frequently theyre emptied, the more often ARP broadcast requests occur.
5. Sometimes, when switches have a hardware failure, their switchports begin to spew out broadcast traffic onto the network. If you have a spare switch of the same or similar model, clone the config of the active switch onto the spare and swap the hardware and cables during a maintenance window. Does the storm subside? If it does, it was a hardware issue. If not, then youve gotta keep digging.
6. Check for loops in switches. Say there was an unmanaged Layer 2 switch connected upstream to an unmanaged switch, and someones connected a cable between two ports on the same unmanaged switch (lets say ports 1 and 2). The unmanaged switch will respond to all broadcasts multiple times and flood the broadcast domain with packets, causing a denial of service attack on the network.
Incorrect
A broadcast storm is an abnormally high number of broadcast packets within a short period of time. A broadcast storm can overwhelm switches and endpoints as they struggle to keep up with processing the flood of packets. When this happens, network performance degrades.
How to reduce broadcast storms:
1. Storm control and equivalent protocols allow you to rate-limit broadcast packets. If your switch has such a mechanism, turn it on.
2. Ensure IP-directed broadcasts are disabled on your Layer 3 devices. Theres little to no reason why youd want broadcast packets coming in from the internet going to a private address space. If a storm is originating from the WAN, disabling IP-directed broadcasts will shut it down.
3. Split up your broadcast domain. Creating a new VLAN and migrating hosts into it will load balance the broadcast traffic to a more acceptable level. Broadcast traffic is necessary and useful, but too much of it eventually leads to a poor network experience.
4. Check how often ARP tables are emptied. The more frequently theyre emptied, the more often ARP broadcast requests occur.
5. Sometimes, when switches have a hardware failure, their switchports begin to spew out broadcast traffic onto the network. If you have a spare switch of the same or similar model, clone the config of the active switch onto the spare and swap the hardware and cables during a maintenance window. Does the storm subside? If it does, it was a hardware issue. If not, then youve gotta keep digging.
6. Check for loops in switches. Say there was an unmanaged Layer 2 switch connected upstream to an unmanaged switch, and someones connected a cable between two ports on the same unmanaged switch (lets say ports 1 and 2). The unmanaged switch will respond to all broadcasts multiple times and flood the broadcast domain with packets, causing a denial of service attack on the network.
Unattempted
A broadcast storm is an abnormally high number of broadcast packets within a short period of time. A broadcast storm can overwhelm switches and endpoints as they struggle to keep up with processing the flood of packets. When this happens, network performance degrades.
How to reduce broadcast storms:
1. Storm control and equivalent protocols allow you to rate-limit broadcast packets. If your switch has such a mechanism, turn it on.
2. Ensure IP-directed broadcasts are disabled on your Layer 3 devices. Theres little to no reason why youd want broadcast packets coming in from the internet going to a private address space. If a storm is originating from the WAN, disabling IP-directed broadcasts will shut it down.
3. Split up your broadcast domain. Creating a new VLAN and migrating hosts into it will load balance the broadcast traffic to a more acceptable level. Broadcast traffic is necessary and useful, but too much of it eventually leads to a poor network experience.
4. Check how often ARP tables are emptied. The more frequently theyre emptied, the more often ARP broadcast requests occur.
5. Sometimes, when switches have a hardware failure, their switchports begin to spew out broadcast traffic onto the network. If you have a spare switch of the same or similar model, clone the config of the active switch onto the spare and swap the hardware and cables during a maintenance window. Does the storm subside? If it does, it was a hardware issue. If not, then youve gotta keep digging.
6. Check for loops in switches. Say there was an unmanaged Layer 2 switch connected upstream to an unmanaged switch, and someones connected a cable between two ports on the same unmanaged switch (lets say ports 1 and 2). The unmanaged switch will respond to all broadcasts multiple times and flood the broadcast domain with packets, causing a denial of service attack on the network.
Question 34 of 60
34. Question
Which of the following options are cryptographic protocols? (Choose all the apply)
Correct
WPA2 is the correct answer. Short for Wi-Fi Protected Access 2, WPA2 is the security method added to WPA for wireless networks that provide stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks.
WPA3 is the correct answer. WPA3 is the latest version of Wi-Fi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. The primary enhancement to WPA3 Personal is in the authentication process, where WPA3 makes brute-force dictionary attacks much more difficult and time-consuming for an attacker.
CCMP is the correct answer. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard for wireless local area networks (WLANs), particularly those using WiMax technology.
CCMP offers enhanced security compared with similar technologies such as Temporal Key Integrity Protocol (TKIP). CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks.
SAE is the correct answer. In cryptography, Simultaneous Authentication of Equals (SAE) is a secure password-based authentication and password-authenticated key agreement method.
SAE is resistant to passive attack, active attack, and dictionary attack. It provides a secure alternative to using certificates or when a centralized authority is not available. It is a peer-to-peer protocol, has no asymmetry, and supports simultaneous initiation. It is therefore well-suited for use in mesh networks.
EAP is incorrect. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet.
In EAP, a user requests a connection to a wireless network through an access point. The access point requests identification (ID) data from the user and transmits that data to an authentication server. The authentication server asks the access point for proof of the validity of the ID. After the access point obtains that verification from the user and sends it back to the authentication server, the user is connected to the network as requested.
PEAP is incorrect. PEAP (Protected Extensible Authentication Protocol) is a version of EAP. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.
PEAP authenticates the server with a public key certificate and carries the authentication in a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN stations and the authentication server can authenticate themselves.
Incorrect
WPA2 is the correct answer. Short for Wi-Fi Protected Access 2, WPA2 is the security method added to WPA for wireless networks that provide stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks.
WPA3 is the correct answer. WPA3 is the latest version of Wi-Fi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. The primary enhancement to WPA3 Personal is in the authentication process, where WPA3 makes brute-force dictionary attacks much more difficult and time-consuming for an attacker.
CCMP is the correct answer. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard for wireless local area networks (WLANs), particularly those using WiMax technology.
CCMP offers enhanced security compared with similar technologies such as Temporal Key Integrity Protocol (TKIP). CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks.
SAE is the correct answer. In cryptography, Simultaneous Authentication of Equals (SAE) is a secure password-based authentication and password-authenticated key agreement method.
SAE is resistant to passive attack, active attack, and dictionary attack. It provides a secure alternative to using certificates or when a centralized authority is not available. It is a peer-to-peer protocol, has no asymmetry, and supports simultaneous initiation. It is therefore well-suited for use in mesh networks.
EAP is incorrect. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet.
In EAP, a user requests a connection to a wireless network through an access point. The access point requests identification (ID) data from the user and transmits that data to an authentication server. The authentication server asks the access point for proof of the validity of the ID. After the access point obtains that verification from the user and sends it back to the authentication server, the user is connected to the network as requested.
PEAP is incorrect. PEAP (Protected Extensible Authentication Protocol) is a version of EAP. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.
PEAP authenticates the server with a public key certificate and carries the authentication in a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN stations and the authentication server can authenticate themselves.
Unattempted
WPA2 is the correct answer. Short for Wi-Fi Protected Access 2, WPA2 is the security method added to WPA for wireless networks that provide stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks.
WPA3 is the correct answer. WPA3 is the latest version of Wi-Fi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. The primary enhancement to WPA3 Personal is in the authentication process, where WPA3 makes brute-force dictionary attacks much more difficult and time-consuming for an attacker.
CCMP is the correct answer. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol that forms part of the 802.11i standard for wireless local area networks (WLANs), particularly those using WiMax technology.
CCMP offers enhanced security compared with similar technologies such as Temporal Key Integrity Protocol (TKIP). CCMP employs 128-bit keys and a 48-bit initialization vector that minimizes vulnerability to replay attacks.
SAE is the correct answer. In cryptography, Simultaneous Authentication of Equals (SAE) is a secure password-based authentication and password-authenticated key agreement method.
SAE is resistant to passive attack, active attack, and dictionary attack. It provides a secure alternative to using certificates or when a centralized authority is not available. It is a peer-to-peer protocol, has no asymmetry, and supports simultaneous initiation. It is therefore well-suited for use in mesh networks.
EAP is incorrect. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet.
In EAP, a user requests a connection to a wireless network through an access point. The access point requests identification (ID) data from the user and transmits that data to an authentication server. The authentication server asks the access point for proof of the validity of the ID. After the access point obtains that verification from the user and sends it back to the authentication server, the user is connected to the network as requested.
PEAP is incorrect. PEAP (Protected Extensible Authentication Protocol) is a version of EAP. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.
PEAP authenticates the server with a public key certificate and carries the authentication in a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN stations and the authentication server can authenticate themselves.
Question 35 of 60
35. Question
Which of the following types of certificates will you use to digitally sign your apps as a way for end-users to verify that the code they receive has not been altered or compromised by a third party?
Correct
Code signing certificates is the correct answer. Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your companys name, and if desired, a timestamp.
Wildcard is incorrect. A Wildcard SSL Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.yourcompany.com and you can use it on all of the following without errors: http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Subject alternative name is incorrect. A SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for yourcompany.com, and then add more SAN values to have the same certificate protect yourcompany.org, yourcompany.net and even examsdigest.com while the wildcard certificate allows for unlimited subdomains to be protected with a single certificate.
Self-signed is incorrect. A self-signed certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates.
The reason why theyre considered different from traditional certificate-authority signed certificates is that theyve created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
Incorrect
Code signing certificates is the correct answer. Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your companys name, and if desired, a timestamp.
Wildcard is incorrect. A Wildcard SSL Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.yourcompany.com and you can use it on all of the following without errors: http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Subject alternative name is incorrect. A SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for yourcompany.com, and then add more SAN values to have the same certificate protect yourcompany.org, yourcompany.net and even examsdigest.com while the wildcard certificate allows for unlimited subdomains to be protected with a single certificate.
Self-signed is incorrect. A self-signed certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates.
The reason why theyre considered different from traditional certificate-authority signed certificates is that theyve created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
Unattempted
Code signing certificates is the correct answer. Code Signing Certificates are used by software developers to digitally sign apps, drivers, and software programs as a way for end-users to verify that the code they receive has not been altered or compromised by a third party. They include your signature, your companys name, and if desired, a timestamp.
Wildcard is incorrect. A Wildcard SSL Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.yourcompany.com and you can use it on all of the following without errors: http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Subject alternative name is incorrect. A SAN cert allows for multiple domain names to be protected with a single certificate. For example, you could get a certificate for yourcompany.com, and then add more SAN values to have the same certificate protect yourcompany.org, yourcompany.net and even examsdigest.com while the wildcard certificate allows for unlimited subdomains to be protected with a single certificate.
Self-signed is incorrect. A self-signed certificate is a digital certificate thats not signed by a publicly trusted certificate authority (CA). This can include SSL/TLS certificates, code signing certificates, and S/MIME certificates.
The reason why theyre considered different from traditional certificate-authority signed certificates is that theyve created, issued, and signed by the company or developer who is responsible for the website or software being signed. This is why self-signed certificates are considered unsafe for public-facing websites and applications.
Question 36 of 60
36. Question
A/An _______________ is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
Correct
Service-level agreement (SLA) is the correct answer. A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
Memorandum of understanding (MOU) is incorrect. A memorandum of understanding (MOU or MoU) is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.
The MOU can be seen as the starting point for negotiations as it defines the scope and purpose of the talks. Such memoranda are most often seen in international treaty negotiations but also may be used in high-stakes business dealings such as merger talks.
End of life (EOL) is incorrect. End of life (EOL) is the final stage of a products existence. The particular concerns of end-of-life depend on the product in question and whether the perspective is that of the manufacturer or the user.
For the manufacturer, EOL concerns involve not only discontinuing production but also continuing to address the market needs that the product addresses which might lead to the development of a new product. For the business using the product, EOL concerns include disposing of the existing product responsibly, transitioning to a different product, and ensuring that disruption will be minimal.
Non-Disclosure Agreement (NDA) is incorrect. A Non-Disclosure Agreement (NDA) is a legally enforceable contract that establishes confidentiality between two partiesthe owner of protected information and the recipient of that information. By signing an NDA, participants agree to protect confidential information shared with them by the other party.
Incorrect
Service-level agreement (SLA) is the correct answer. A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
Memorandum of understanding (MOU) is incorrect. A memorandum of understanding (MOU or MoU) is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.
The MOU can be seen as the starting point for negotiations as it defines the scope and purpose of the talks. Such memoranda are most often seen in international treaty negotiations but also may be used in high-stakes business dealings such as merger talks.
End of life (EOL) is incorrect. End of life (EOL) is the final stage of a products existence. The particular concerns of end-of-life depend on the product in question and whether the perspective is that of the manufacturer or the user.
For the manufacturer, EOL concerns involve not only discontinuing production but also continuing to address the market needs that the product addresses which might lead to the development of a new product. For the business using the product, EOL concerns include disposing of the existing product responsibly, transitioning to a different product, and ensuring that disruption will be minimal.
Non-Disclosure Agreement (NDA) is incorrect. A Non-Disclosure Agreement (NDA) is a legally enforceable contract that establishes confidentiality between two partiesthe owner of protected information and the recipient of that information. By signing an NDA, participants agree to protect confidential information shared with them by the other party.
Unattempted
Service-level agreement (SLA) is the correct answer. A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
Memorandum of understanding (MOU) is incorrect. A memorandum of understanding (MOU or MoU) is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.
The MOU can be seen as the starting point for negotiations as it defines the scope and purpose of the talks. Such memoranda are most often seen in international treaty negotiations but also may be used in high-stakes business dealings such as merger talks.
End of life (EOL) is incorrect. End of life (EOL) is the final stage of a products existence. The particular concerns of end-of-life depend on the product in question and whether the perspective is that of the manufacturer or the user.
For the manufacturer, EOL concerns involve not only discontinuing production but also continuing to address the market needs that the product addresses which might lead to the development of a new product. For the business using the product, EOL concerns include disposing of the existing product responsibly, transitioning to a different product, and ensuring that disruption will be minimal.
Non-Disclosure Agreement (NDA) is incorrect. A Non-Disclosure Agreement (NDA) is a legally enforceable contract that establishes confidentiality between two partiesthe owner of protected information and the recipient of that information. By signing an NDA, participants agree to protect confidential information shared with them by the other party.
Question 37 of 60
37. Question
A ___________________ is a legally enforceable contract that establishes confidentiality between two partiesthe owner of protected information and the recipient of that information.
Correct
Non-Disclosure Agreement (NDA) is the correct answer. A Non-Disclosure Agreement (NDA) is a legally enforceable contract that establishes confidentiality between two partiesthe owner of protected information and the recipient of that information. By signing an NDA, participants agree to protect confidential information shared with them by the other party.
Memorandum of understanding (MOU) is incorrect. A memorandum of understanding (MOU or MoU) is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.
The MOU can be seen as the starting point for negotiations as it defines the scope and purpose of the talks. Such memoranda are most often seen in international treaty negotiations but also may be used in high-stakes business dealings such as merger talks.
Service-level agreement (SLA) is incorrect. A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
End of life (EOL) is incorrect. End of life (EOL) is the final stage of a products existence. The particular concerns of end-of-life depend on the product in question and whether the perspective is that of the manufacturer or the user.
For the manufacturer, EOL concerns involve not only discontinuing production but also continuing to address the market needs that the product addresses which might lead to the development of a new product. For the business using the product, EOL concerns include disposing of the existing product responsibly, transitioning to a different product, and ensuring that disruption will be minimal.
Incorrect
Non-Disclosure Agreement (NDA) is the correct answer. A Non-Disclosure Agreement (NDA) is a legally enforceable contract that establishes confidentiality between two partiesthe owner of protected information and the recipient of that information. By signing an NDA, participants agree to protect confidential information shared with them by the other party.
Memorandum of understanding (MOU) is incorrect. A memorandum of understanding (MOU or MoU) is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.
The MOU can be seen as the starting point for negotiations as it defines the scope and purpose of the talks. Such memoranda are most often seen in international treaty negotiations but also may be used in high-stakes business dealings such as merger talks.
Service-level agreement (SLA) is incorrect. A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
End of life (EOL) is incorrect. End of life (EOL) is the final stage of a products existence. The particular concerns of end-of-life depend on the product in question and whether the perspective is that of the manufacturer or the user.
For the manufacturer, EOL concerns involve not only discontinuing production but also continuing to address the market needs that the product addresses which might lead to the development of a new product. For the business using the product, EOL concerns include disposing of the existing product responsibly, transitioning to a different product, and ensuring that disruption will be minimal.
Unattempted
Non-Disclosure Agreement (NDA) is the correct answer. A Non-Disclosure Agreement (NDA) is a legally enforceable contract that establishes confidentiality between two partiesthe owner of protected information and the recipient of that information. By signing an NDA, participants agree to protect confidential information shared with them by the other party.
Memorandum of understanding (MOU) is incorrect. A memorandum of understanding (MOU or MoU) is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.
The MOU can be seen as the starting point for negotiations as it defines the scope and purpose of the talks. Such memoranda are most often seen in international treaty negotiations but also may be used in high-stakes business dealings such as merger talks.
Service-level agreement (SLA) is incorrect. A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
End of life (EOL) is incorrect. End of life (EOL) is the final stage of a products existence. The particular concerns of end-of-life depend on the product in question and whether the perspective is that of the manufacturer or the user.
For the manufacturer, EOL concerns involve not only discontinuing production but also continuing to address the market needs that the product addresses which might lead to the development of a new product. For the business using the product, EOL concerns include disposing of the existing product responsibly, transitioning to a different product, and ensuring that disruption will be minimal.
Question 38 of 60
38. Question
Which of the following tools can you use to perform manual DNS lookups? Assuming you are working on a Linux environment. (Choose all that apply)
Correct
The commands dig and nslookup can be used to perform manual DNS lookups on a Linux system.
The command route displays or modifies the computers routing table.
The command pathping provides useful information about network latency and network loss at intermediate hops between a source address and a destination address. The command pathping combines the functionality of ping with that of tracert.
The command ifconfig displays your IP address in Linux systems. The command ifconfig can also be used to configure, disable and enable a network interface.
Incorrect
The commands dig and nslookup can be used to perform manual DNS lookups on a Linux system.
The command route displays or modifies the computers routing table.
The command pathping provides useful information about network latency and network loss at intermediate hops between a source address and a destination address. The command pathping combines the functionality of ping with that of tracert.
The command ifconfig displays your IP address in Linux systems. The command ifconfig can also be used to configure, disable and enable a network interface.
Unattempted
The commands dig and nslookup can be used to perform manual DNS lookups on a Linux system.
The command route displays or modifies the computers routing table.
The command pathping provides useful information about network latency and network loss at intermediate hops between a source address and a destination address. The command pathping combines the functionality of ping with that of tracert.
The command ifconfig displays your IP address in Linux systems. The command ifconfig can also be used to configure, disable and enable a network interface.
Question 39 of 60
39. Question
______________________ Assertions Markup Language is an important component of many SSO systems that allow users to access multiple applications, services, or websites from a single login process. It is used to share security credentials across one or more networked systems.
Correct
Security Assertions Markup Language is an important component of many SSO systems that allow users to access multiple applications, services, or websites from a single login process. It is used to share security credentials across one or more networked systems.
Incorrect
Security Assertions Markup Language is an important component of many SSO systems that allow users to access multiple applications, services, or websites from a single login process. It is used to share security credentials across one or more networked systems.
Unattempted
Security Assertions Markup Language is an important component of many SSO systems that allow users to access multiple applications, services, or websites from a single login process. It is used to share security credentials across one or more networked systems.
Question 40 of 60
40. Question
_________________ measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, it helps you predict how long an asset can run before the next unplanned breakdown happens.
Correct
Mean time between failures (MTBF) is the correct answer. MTBF measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprises operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Mean time to repair (MTTR) is the correct answer. MTTR (mean time to recovery or mean time to repair) is the average time it takes to recover from a product or system failure. This includes the full time of the outagefrom the time the system or product fails to the time that it becomes fully operational again.
Recovery Time Objective (RTO) is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Incorrect
Mean time between failures (MTBF) is the correct answer. MTBF measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprises operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Mean time to repair (MTTR) is the correct answer. MTTR (mean time to recovery or mean time to repair) is the average time it takes to recover from a product or system failure. This includes the full time of the outagefrom the time the system or product fails to the time that it becomes fully operational again.
Recovery Time Objective (RTO) is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Unattempted
Mean time between failures (MTBF) is the correct answer. MTBF measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprises operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Mean time to repair (MTTR) is the correct answer. MTTR (mean time to recovery or mean time to repair) is the average time it takes to recover from a product or system failure. This includes the full time of the outagefrom the time the system or product fails to the time that it becomes fully operational again.
Recovery Time Objective (RTO) is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Question 41 of 60
41. Question
The log file of your companys network status is updated frequently, and the most critical information is on the first five lines. You want to avoid opening the entire file each time, only to view the first five lines.
What command will you use to view only the first five lines of the log file?
Correct
head is the correct answer. The head command is a UNIX and Linux command for outputting the first part of the files. Examples of outputting the first five lines of a file, limiting the number of lines, limiting the number of bytes, showing multiple files, and using pipes.
tail is incorrect. The tail command is a command-line utility for outputting the last part of files given to it via standard input. It writes results to standard output. By default, tail returns the last ten lines of each file that it is given. It may also be used to follow a file in real-time and watch as new lines are written to it.
cat is incorrect. The cat (short for concatenate) command is one of the most frequently used command in Linux/Unix like operating systems. cat command allows us to create single or multiple files, concatenate files and redirect output in terminal or files.
chmod is incorrect. The chmod command is used to change the access permissions of file. Lets say you are the owner of a file named yourfile, and you want to set its permissions so that the user can read, write, and execute it, then the final command is:
chmod u=rwx
Incorrect
head is the correct answer. The head command is a UNIX and Linux command for outputting the first part of the files. Examples of outputting the first five lines of a file, limiting the number of lines, limiting the number of bytes, showing multiple files, and using pipes.
tail is incorrect. The tail command is a command-line utility for outputting the last part of files given to it via standard input. It writes results to standard output. By default, tail returns the last ten lines of each file that it is given. It may also be used to follow a file in real-time and watch as new lines are written to it.
cat is incorrect. The cat (short for concatenate) command is one of the most frequently used command in Linux/Unix like operating systems. cat command allows us to create single or multiple files, concatenate files and redirect output in terminal or files.
chmod is incorrect. The chmod command is used to change the access permissions of file. Lets say you are the owner of a file named yourfile, and you want to set its permissions so that the user can read, write, and execute it, then the final command is:
chmod u=rwx
Unattempted
head is the correct answer. The head command is a UNIX and Linux command for outputting the first part of the files. Examples of outputting the first five lines of a file, limiting the number of lines, limiting the number of bytes, showing multiple files, and using pipes.
tail is incorrect. The tail command is a command-line utility for outputting the last part of files given to it via standard input. It writes results to standard output. By default, tail returns the last ten lines of each file that it is given. It may also be used to follow a file in real-time and watch as new lines are written to it.
cat is incorrect. The cat (short for concatenate) command is one of the most frequently used command in Linux/Unix like operating systems. cat command allows us to create single or multiple files, concatenate files and redirect output in terminal or files.
chmod is incorrect. The chmod command is used to change the access permissions of file. Lets say you are the owner of a file named yourfile, and you want to set its permissions so that the user can read, write, and execute it, then the final command is:
chmod u=rwx
Question 42 of 60
42. Question
In the form of Role-Based Access Control, data are accessible or not accessible based on the users IP address.
Correct
In the form of Role-Based Access Control, the data is accessible or not accessible based on the users IP address.
When dealing with role-based access controls, data is protected in exactly the way it sounds like it is: by user roles. Users are sorted into groups or categories based on their job functions or departments, and those categories determine the data that theyre able to access. Human Resources team members, for example, might be permitted to access employee information while no other role-based group is permitted to do so.
In the form of Rule-Based Access Control (RBAC), youre focusing on the rules associated with the datas access or restrictions. These rules may be parameters, such as allowing access only from certain IP addresses, denying access from certain IP addresses, or something more specific. In a more specific instance, access from a specific IP address may be allowed unless it comes through a certain port (such as the port used for FTP access).
Incorrect
In the form of Role-Based Access Control, the data is accessible or not accessible based on the users IP address.
When dealing with role-based access controls, data is protected in exactly the way it sounds like it is: by user roles. Users are sorted into groups or categories based on their job functions or departments, and those categories determine the data that theyre able to access. Human Resources team members, for example, might be permitted to access employee information while no other role-based group is permitted to do so.
In the form of Rule-Based Access Control (RBAC), youre focusing on the rules associated with the datas access or restrictions. These rules may be parameters, such as allowing access only from certain IP addresses, denying access from certain IP addresses, or something more specific. In a more specific instance, access from a specific IP address may be allowed unless it comes through a certain port (such as the port used for FTP access).
Unattempted
In the form of Role-Based Access Control, the data is accessible or not accessible based on the users IP address.
When dealing with role-based access controls, data is protected in exactly the way it sounds like it is: by user roles. Users are sorted into groups or categories based on their job functions or departments, and those categories determine the data that theyre able to access. Human Resources team members, for example, might be permitted to access employee information while no other role-based group is permitted to do so.
In the form of Rule-Based Access Control (RBAC), youre focusing on the rules associated with the datas access or restrictions. These rules may be parameters, such as allowing access only from certain IP addresses, denying access from certain IP addresses, or something more specific. In a more specific instance, access from a specific IP address may be allowed unless it comes through a certain port (such as the port used for FTP access).
Question 43 of 60
43. Question
You have been noticed that the email server doesnt work. Your manager said that someone from the company changed the DNS records (MX) of the email server.
Which of the following commands will you type to find the new MX records of the server?
Correct
nslookup is the correct answer. The command nslookup is used to perform DNS queries and receive: domain names, IP addresses, an DNS Records such as A records, MX records or any other DNS Record.
The command that finds the MX records from your email server is:
$ nslookup -query=mx yourdomain.com
tracert is incorrect. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. Its used to show several details such as the number of hops about the path that a packet takes from the computer or device youre on to whatever destination you specify.
ipconfig is incorrect. To command ipconfig displays the basic TCP/IP configuration such as IPv4, IPv6, subnet mask, and default gateway for all adapters.
ping is incorrect. The command ping sends a request over the network to a specific device to see if a networked device is reachable. In other words, the ping command is used to find out whether an IP connection exists for a particular host.
Incorrect
nslookup is the correct answer. The command nslookup is used to perform DNS queries and receive: domain names, IP addresses, an DNS Records such as A records, MX records or any other DNS Record.
The command that finds the MX records from your email server is:
$ nslookup -query=mx yourdomain.com
tracert is incorrect. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. Its used to show several details such as the number of hops about the path that a packet takes from the computer or device youre on to whatever destination you specify.
ipconfig is incorrect. To command ipconfig displays the basic TCP/IP configuration such as IPv4, IPv6, subnet mask, and default gateway for all adapters.
ping is incorrect. The command ping sends a request over the network to a specific device to see if a networked device is reachable. In other words, the ping command is used to find out whether an IP connection exists for a particular host.
Unattempted
nslookup is the correct answer. The command nslookup is used to perform DNS queries and receive: domain names, IP addresses, an DNS Records such as A records, MX records or any other DNS Record.
The command that finds the MX records from your email server is:
$ nslookup -query=mx yourdomain.com
tracert is incorrect. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. Its used to show several details such as the number of hops about the path that a packet takes from the computer or device youre on to whatever destination you specify.
ipconfig is incorrect. To command ipconfig displays the basic TCP/IP configuration such as IPv4, IPv6, subnet mask, and default gateway for all adapters.
ping is incorrect. The command ping sends a request over the network to a specific device to see if a networked device is reachable. In other words, the ping command is used to find out whether an IP connection exists for a particular host.
Question 44 of 60
44. Question
Which of the following process describes how long businesses need to keep a piece of information (a record), where its stored, and how to dispose of the record when its time?
Correct
Retention policy is the correct answer. A retention policy is a key part of the lifecycle of a record. It describes how long business needs to keep a piece of information (a record), where its stored, and how to dispose of the record when its time.
Business continuity plan is incorrect. Business continuity planning is a strategy. It ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Disaster recovery plan is incorrect. A business disaster recovery plan can restore data and critical applications in the event your systems are destroyed when disaster strikes.
The difference between a business continuity plan and a disaster recovery plan is:
A business continuity plan is a strategy businesses put in place to continue operating with minimal disruption in the event of a disaster. The disaster recovery plan refers more specifically to the steps and technologies for recovering from a disruptive event, especially as it pertains to restoring lost data, infrastructure failure, or other technological components.
Incident response team. An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include developing an incident response plan, testing for and resolving system vulnerabilities, maintaining strong security best practices, and providing support for all incident handling measures.
Incorrect
Retention policy is the correct answer. A retention policy is a key part of the lifecycle of a record. It describes how long business needs to keep a piece of information (a record), where its stored, and how to dispose of the record when its time.
Business continuity plan is incorrect. Business continuity planning is a strategy. It ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Disaster recovery plan is incorrect. A business disaster recovery plan can restore data and critical applications in the event your systems are destroyed when disaster strikes.
The difference between a business continuity plan and a disaster recovery plan is:
A business continuity plan is a strategy businesses put in place to continue operating with minimal disruption in the event of a disaster. The disaster recovery plan refers more specifically to the steps and technologies for recovering from a disruptive event, especially as it pertains to restoring lost data, infrastructure failure, or other technological components.
Incident response team. An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include developing an incident response plan, testing for and resolving system vulnerabilities, maintaining strong security best practices, and providing support for all incident handling measures.
Unattempted
Retention policy is the correct answer. A retention policy is a key part of the lifecycle of a record. It describes how long business needs to keep a piece of information (a record), where its stored, and how to dispose of the record when its time.
Business continuity plan is incorrect. Business continuity planning is a strategy. It ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Disaster recovery plan is incorrect. A business disaster recovery plan can restore data and critical applications in the event your systems are destroyed when disaster strikes.
The difference between a business continuity plan and a disaster recovery plan is:
A business continuity plan is a strategy businesses put in place to continue operating with minimal disruption in the event of a disaster. The disaster recovery plan refers more specifically to the steps and technologies for recovering from a disruptive event, especially as it pertains to restoring lost data, infrastructure failure, or other technological components.
Incident response team. An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include developing an incident response plan, testing for and resolving system vulnerabilities, maintaining strong security best practices, and providing support for all incident handling measures.
Question 45 of 60
45. Question
_________________ is a strategy that ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Correct
Business continuity plan is the correct answer. Business continuity planning is a strategy that ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Single loss expectancy (SLE) is incorrect. SLE tells us what kind of monetary loss we can expect if an asset is compromised because of a risk. Calculating SLE requires knowledge of the asset value (AV) and the range of loss that can be expected if a risk is exploited, which is known as the exposure factor (EF). EF is a percentage determined by how much of an impact we can expect based on the risk, the highest being 1 (signifying 100%).
In formulaic terms, SLE = AV * EF
Annualized loss expectancy (ALE) is incorrect. Annualized loss expectancy is the loss that can be expected for an asset due to risk over a one-year period. Its useful for working out whether a business decision is worthwhile.
Annualized rate of occurrence (ARO) is incorrect. The annualized rate of occurrence (ARO) is described as an estimated frequency of the threat occurring in one year. ARO is used to calculate ALE (annualized loss expectancy). ALE is calculated as follows: ALE = SLE x ARO. ALE is $15,000 ($30,000 x 0.5), when ARO is estimated to be 0.5 (once in two years).
As we can see, the risk is about the impact of the vulnerability on the business and the probability of the vulnerability to be exploited.
Incorrect
Business continuity plan is the correct answer. Business continuity planning is a strategy that ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Single loss expectancy (SLE) is incorrect. SLE tells us what kind of monetary loss we can expect if an asset is compromised because of a risk. Calculating SLE requires knowledge of the asset value (AV) and the range of loss that can be expected if a risk is exploited, which is known as the exposure factor (EF). EF is a percentage determined by how much of an impact we can expect based on the risk, the highest being 1 (signifying 100%).
In formulaic terms, SLE = AV * EF
Annualized loss expectancy (ALE) is incorrect. Annualized loss expectancy is the loss that can be expected for an asset due to risk over a one-year period. Its useful for working out whether a business decision is worthwhile.
Annualized rate of occurrence (ARO) is incorrect. The annualized rate of occurrence (ARO) is described as an estimated frequency of the threat occurring in one year. ARO is used to calculate ALE (annualized loss expectancy). ALE is calculated as follows: ALE = SLE x ARO. ALE is $15,000 ($30,000 x 0.5), when ARO is estimated to be 0.5 (once in two years).
As we can see, the risk is about the impact of the vulnerability on the business and the probability of the vulnerability to be exploited.
Unattempted
Business continuity plan is the correct answer. Business continuity planning is a strategy that ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Single loss expectancy (SLE) is incorrect. SLE tells us what kind of monetary loss we can expect if an asset is compromised because of a risk. Calculating SLE requires knowledge of the asset value (AV) and the range of loss that can be expected if a risk is exploited, which is known as the exposure factor (EF). EF is a percentage determined by how much of an impact we can expect based on the risk, the highest being 1 (signifying 100%).
In formulaic terms, SLE = AV * EF
Annualized loss expectancy (ALE) is incorrect. Annualized loss expectancy is the loss that can be expected for an asset due to risk over a one-year period. Its useful for working out whether a business decision is worthwhile.
Annualized rate of occurrence (ARO) is incorrect. The annualized rate of occurrence (ARO) is described as an estimated frequency of the threat occurring in one year. ARO is used to calculate ALE (annualized loss expectancy). ALE is calculated as follows: ALE = SLE x ARO. ALE is $15,000 ($30,000 x 0.5), when ARO is estimated to be 0.5 (once in two years).
As we can see, the risk is about the impact of the vulnerability on the business and the probability of the vulnerability to be exploited.
Question 46 of 60
46. Question
The _________________ is described as an estimated frequency of the threat occurring in one year.
Correct
Annualized rate of occurrence (ARO) is the correct answer. The annualized rate of occurrence (ARO) is described as an estimated frequency of the threat occurring in one year. ARO is used to calculate ALE (annualized loss expectancy). ALE is calculated as follows: ALE = SLE x ARO. ALE is $15,000 ($30,000 x 0.5), when ARO is estimated to be 0.5 (once in two years).
As we can see, the risk is about the impact of the vulnerability on the business and the probability of the vulnerability to be exploited.
Single loss expectancy (SLE) is incorrect. SLE tells us what kind of monetary loss we can expect if an asset is compromised because of a risk. Calculating SLE requires knowledge of the asset value (AV) and the range of loss that can be expected if a risk is exploited, which is known as the exposure factor (EF). EF is a percentage determined by how much of an impact we can expect based on the risk, the highest being 1 (signifying 100%).
In formulaic terms, SLE = AV ? EF
Annualized loss expectancy (ALE) is incorrect. Annualized loss expectancy is the loss that can be expected for an asset due to risk over a one-year period. Its useful for working out whether a business decision is worthwhile.
Business continuity plan is incorrect. Business continuity planning is a strategy that ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Incorrect
Annualized rate of occurrence (ARO) is the correct answer. The annualized rate of occurrence (ARO) is described as an estimated frequency of the threat occurring in one year. ARO is used to calculate ALE (annualized loss expectancy). ALE is calculated as follows: ALE = SLE x ARO. ALE is $15,000 ($30,000 x 0.5), when ARO is estimated to be 0.5 (once in two years).
As we can see, the risk is about the impact of the vulnerability on the business and the probability of the vulnerability to be exploited.
Single loss expectancy (SLE) is incorrect. SLE tells us what kind of monetary loss we can expect if an asset is compromised because of a risk. Calculating SLE requires knowledge of the asset value (AV) and the range of loss that can be expected if a risk is exploited, which is known as the exposure factor (EF). EF is a percentage determined by how much of an impact we can expect based on the risk, the highest being 1 (signifying 100%).
In formulaic terms, SLE = AV ? EF
Annualized loss expectancy (ALE) is incorrect. Annualized loss expectancy is the loss that can be expected for an asset due to risk over a one-year period. Its useful for working out whether a business decision is worthwhile.
Business continuity plan is incorrect. Business continuity planning is a strategy that ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Unattempted
Annualized rate of occurrence (ARO) is the correct answer. The annualized rate of occurrence (ARO) is described as an estimated frequency of the threat occurring in one year. ARO is used to calculate ALE (annualized loss expectancy). ALE is calculated as follows: ALE = SLE x ARO. ALE is $15,000 ($30,000 x 0.5), when ARO is estimated to be 0.5 (once in two years).
As we can see, the risk is about the impact of the vulnerability on the business and the probability of the vulnerability to be exploited.
Single loss expectancy (SLE) is incorrect. SLE tells us what kind of monetary loss we can expect if an asset is compromised because of a risk. Calculating SLE requires knowledge of the asset value (AV) and the range of loss that can be expected if a risk is exploited, which is known as the exposure factor (EF). EF is a percentage determined by how much of an impact we can expect based on the risk, the highest being 1 (signifying 100%).
In formulaic terms, SLE = AV ? EF
Annualized loss expectancy (ALE) is incorrect. Annualized loss expectancy is the loss that can be expected for an asset due to risk over a one-year period. Its useful for working out whether a business decision is worthwhile.
Business continuity plan is incorrect. Business continuity planning is a strategy that ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Question 47 of 60
47. Question
Wireshark is a command-line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues, as well as a security tool. (True/False)
Correct
The Wireshark is indeed a tool that captures and analyzes network traffic that goes through your system but is not a command-line utility.
Wireshark is the worlds leading network traffic analyzer and an essential tool for any security professional or systems administrator. It lets you analyze network traffic in real-time, and is often the best tool for troubleshooting issues on your network.
Tcpdump is a command-line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues, as well as a security tool.
Incorrect
The Wireshark is indeed a tool that captures and analyzes network traffic that goes through your system but is not a command-line utility.
Wireshark is the worlds leading network traffic analyzer and an essential tool for any security professional or systems administrator. It lets you analyze network traffic in real-time, and is often the best tool for troubleshooting issues on your network.
Tcpdump is a command-line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues, as well as a security tool.
Unattempted
The Wireshark is indeed a tool that captures and analyzes network traffic that goes through your system but is not a command-line utility.
Wireshark is the worlds leading network traffic analyzer and an essential tool for any security professional or systems administrator. It lets you analyze network traffic in real-time, and is often the best tool for troubleshooting issues on your network.
Tcpdump is a command-line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues, as well as a security tool.
Question 48 of 60
48. Question
Access _________________ List is a network traffic filter that controls incoming or outgoing traffic. It works on a set of rules that define how to forward or block a packet at the routers interface.
Correct
Control is the correct answer. Access Control List is a network traffic filter that controls incoming or outgoing traffic. It works on a set of rules that define how to forward or block a packet at the routers interface.
Incorrect
Control is the correct answer. Access Control List is a network traffic filter that controls incoming or outgoing traffic. It works on a set of rules that define how to forward or block a packet at the routers interface.
Unattempted
Control is the correct answer. Access Control List is a network traffic filter that controls incoming or outgoing traffic. It works on a set of rules that define how to forward or block a packet at the routers interface.
Question 49 of 60
49. Question
The ____________ is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Correct
Recovery Time Objective (RTO) is the correct answer. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprises operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Mean time to repair (MTTR) is incorrect. MTTR (mean time to recovery or mean time to restore) is the average time it takes to recover from a product or system failure. This includes the full time of the outagefrom the time the system or product fails to the time that it becomes fully operational again.
Mean time between failures (MTBF) is incorrect. MTBF measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Incorrect
Recovery Time Objective (RTO) is the correct answer. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprises operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Mean time to repair (MTTR) is incorrect. MTTR (mean time to recovery or mean time to restore) is the average time it takes to recover from a product or system failure. This includes the full time of the outagefrom the time the system or product fails to the time that it becomes fully operational again.
Mean time between failures (MTBF) is incorrect. MTBF measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Unattempted
Recovery Time Objective (RTO) is the correct answer. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprises operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Mean time to repair (MTTR) is incorrect. MTTR (mean time to recovery or mean time to restore) is the average time it takes to recover from a product or system failure. This includes the full time of the outagefrom the time the system or product fails to the time that it becomes fully operational again.
Mean time between failures (MTBF) is incorrect. MTBF measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Question 50 of 60
50. Question
______________ is a set of rules designed to give EU citizens more control over their personal data.
Correct
General Data Protection Regulation is the correct answer. General Data Protection Regulation (GDPR) is a set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
Under the terms of GDPR, not only do organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners or face penalties for not doing so.
Payment Card Industry Data Security Standard is incorrect. The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
National Institute of Standards and Technology (NIST) is incorrect. NISTs mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve the quality of life.
International Organization for Standardization (ISO) is incorrect. ISO develops and publishes standards for a vast range of products, materials, and processes. The organizations standards catalog is divided into 97 fields which include healthcare technology, railway engineering, jewelry, clothing, metallurgy, weapons, paint, civil engineering, agriculture, and aircraft.
Incorrect
General Data Protection Regulation is the correct answer. General Data Protection Regulation (GDPR) is a set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
Under the terms of GDPR, not only do organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners or face penalties for not doing so.
Payment Card Industry Data Security Standard is incorrect. The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
National Institute of Standards and Technology (NIST) is incorrect. NISTs mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve the quality of life.
International Organization for Standardization (ISO) is incorrect. ISO develops and publishes standards for a vast range of products, materials, and processes. The organizations standards catalog is divided into 97 fields which include healthcare technology, railway engineering, jewelry, clothing, metallurgy, weapons, paint, civil engineering, agriculture, and aircraft.
Unattempted
General Data Protection Regulation is the correct answer. General Data Protection Regulation (GDPR) is a set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
Under the terms of GDPR, not only do organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners or face penalties for not doing so.
Payment Card Industry Data Security Standard is incorrect. The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
National Institute of Standards and Technology (NIST) is incorrect. NISTs mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve the quality of life.
International Organization for Standardization (ISO) is incorrect. ISO develops and publishes standards for a vast range of products, materials, and processes. The organizations standards catalog is divided into 97 fields which include healthcare technology, railway engineering, jewelry, clothing, metallurgy, weapons, paint, civil engineering, agriculture, and aircraft.
Question 51 of 60
51. Question
You have been tasked to configure the Wi-Fi of your companys LAN to allow certain computers to have access to the Internet and the rest computers need to be blocked.
Which of the following security technology will you implement to meet the requirement?
Correct
MAC filtering is the correct answer. MAC filtering is a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you dont want on your Wi-Fi. It helps in preventing unwanted access to the network. In a way, we can blacklist or white list certain computers based on their MAC address.
DHCP snooping is incorrect. DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients.
Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes. However, the most common DoS scenario is that of an end-user plugging in a consumer-grade router at their desk, ignorant that the device they plugged in is a DHCP server by default.
BPDU guard is incorrect. PortFast BPDU guard prevents loops by moving a non trunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning-tree blocking state.
Jump server is incorrect. A jump server is a system on a network used to access and manage devices in a separate security zone. A jump server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. The most common example is managing a host in a DMZ from trusted networks or computers.
The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log in to the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.
Incorrect
MAC filtering is the correct answer. MAC filtering is a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you dont want on your Wi-Fi. It helps in preventing unwanted access to the network. In a way, we can blacklist or white list certain computers based on their MAC address.
DHCP snooping is incorrect. DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients.
Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes. However, the most common DoS scenario is that of an end-user plugging in a consumer-grade router at their desk, ignorant that the device they plugged in is a DHCP server by default.
BPDU guard is incorrect. PortFast BPDU guard prevents loops by moving a non trunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning-tree blocking state.
Jump server is incorrect. A jump server is a system on a network used to access and manage devices in a separate security zone. A jump server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. The most common example is managing a host in a DMZ from trusted networks or computers.
The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log in to the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.
Unattempted
MAC filtering is the correct answer. MAC filtering is a security method based on access control. In this, each address is assigned a 48-bit address which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you dont want on your Wi-Fi. It helps in preventing unwanted access to the network. In a way, we can blacklist or white list certain computers based on their MAC address.
DHCP snooping is incorrect. DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients.
Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes. However, the most common DoS scenario is that of an end-user plugging in a consumer-grade router at their desk, ignorant that the device they plugged in is a DHCP server by default.
BPDU guard is incorrect. PortFast BPDU guard prevents loops by moving a non trunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning-tree blocking state.
Jump server is incorrect. A jump server is a system on a network used to access and manage devices in a separate security zone. A jump server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. The most common example is managing a host in a DMZ from trusted networks or computers.
The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log in to the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.
Question 52 of 60
52. Question
PC1 can ping the printer device on the Marketing team network but cant ping the printer on the Sales team network. Assuming you are working on a Linux environment, which of the following commands will you type to get details about the route that packets go through from the PC1 to the printer on the Sales team network?
Correct
The traceroute is the correct command. The traceroute command is one of the key diagnostic tools for TCP/IP. It displays a list of all the routers that a packet must go through to get from the computer where traceroute is run to any other computer on the Internet.
To use traceroute, type the traceroute command followed by the hostname of the computer to which you want to trace the route.
For example, suppose that the printer on the Sales team network has an IP of 123.123.123.123 then you can use the command traceroute 123.123.123.123
ifconfig is incorrect. The command ifconfig is used to view and change the configuration of the network interfaces on your system. It displays information about all network interfaces currently in operation.
dig is incorrect. The command dig is a network administration command-line tool for querying Domain Name System (DNS) name servers. It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups. The dig command replaces older tool such as nslookup and the host.
tracert is incorrect. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. This answer can be considered as correct but the question says that you are working on a Linux environment, the command tracert is used on the Windows environment.
Incorrect
The traceroute is the correct command. The traceroute command is one of the key diagnostic tools for TCP/IP. It displays a list of all the routers that a packet must go through to get from the computer where traceroute is run to any other computer on the Internet.
To use traceroute, type the traceroute command followed by the hostname of the computer to which you want to trace the route.
For example, suppose that the printer on the Sales team network has an IP of 123.123.123.123 then you can use the command traceroute 123.123.123.123
ifconfig is incorrect. The command ifconfig is used to view and change the configuration of the network interfaces on your system. It displays information about all network interfaces currently in operation.
dig is incorrect. The command dig is a network administration command-line tool for querying Domain Name System (DNS) name servers. It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups. The dig command replaces older tool such as nslookup and the host.
tracert is incorrect. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. This answer can be considered as correct but the question says that you are working on a Linux environment, the command tracert is used on the Windows environment.
Unattempted
The traceroute is the correct command. The traceroute command is one of the key diagnostic tools for TCP/IP. It displays a list of all the routers that a packet must go through to get from the computer where traceroute is run to any other computer on the Internet.
To use traceroute, type the traceroute command followed by the hostname of the computer to which you want to trace the route.
For example, suppose that the printer on the Sales team network has an IP of 123.123.123.123 then you can use the command traceroute 123.123.123.123
ifconfig is incorrect. The command ifconfig is used to view and change the configuration of the network interfaces on your system. It displays information about all network interfaces currently in operation.
dig is incorrect. The command dig is a network administration command-line tool for querying Domain Name System (DNS) name servers. It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups. The dig command replaces older tool such as nslookup and the host.
tracert is incorrect. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. This answer can be considered as correct but the question says that you are working on a Linux environment, the command tracert is used on the Windows environment.
Question 53 of 60
53. Question
_________________ is the average time it takes to recover from a product or system failure. This includes the full time of the outagefrom the time the system or product fails to the time that it becomes fully operational again.
Correct
Mean time to repair (MTTR) is the correct answer. MTTR (mean time to recovery or mean time to repair) is the average time it takes to recover from a product or system failure. This includes the full time of the outagefrom the time the system or product fails to the time that it becomes fully operational again.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprises operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Recovery Time Objective (RTO) is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Mean time between failures (MTBF) is incorrect. MTBF measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Incorrect
Mean time to repair (MTTR) is the correct answer. MTTR (mean time to recovery or mean time to repair) is the average time it takes to recover from a product or system failure. This includes the full time of the outagefrom the time the system or product fails to the time that it becomes fully operational again.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprises operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Recovery Time Objective (RTO) is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Mean time between failures (MTBF) is incorrect. MTBF measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Unattempted
Mean time to repair (MTTR) is the correct answer. MTTR (mean time to recovery or mean time to repair) is the average time it takes to recover from a product or system failure. This includes the full time of the outagefrom the time the system or product fails to the time that it becomes fully operational again.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprises operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Recovery Time Objective (RTO) is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Mean time between failures (MTBF) is incorrect. MTBF measures the predicted time that passes between one previous failure of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Question 54 of 60
54. Question
Assuming you are working on a Windows environment. What command will you type to identify the number of hops and the time it takes for a packet to travel between your local computer and your web server?
Correct
tracert is the correct answer. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. Its used to show several details such as the number of hops about the path that a packet takes from the computer or device youre on to whatever destination you specify.
ipconfig is incorrect. To command ipconfig displays the basic TCP/IP configuration such as IPv4, IPv6, subnet mask, and default gateway for all adapters.
nslookup is incorrect. The command nslookup is used to perform DNS queries and receive: domain names, IP addresses, an DNS Records such as A records, MX records or any other DNS Record.
ping is incorrect. The command ping sends a request over the network to a specific device to see if a networked device is reachable. In other words, the ping command is used to find out whether an IP connection exists for a particular host.
Incorrect
tracert is the correct answer. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. Its used to show several details such as the number of hops about the path that a packet takes from the computer or device youre on to whatever destination you specify.
ipconfig is incorrect. To command ipconfig displays the basic TCP/IP configuration such as IPv4, IPv6, subnet mask, and default gateway for all adapters.
nslookup is incorrect. The command nslookup is used to perform DNS queries and receive: domain names, IP addresses, an DNS Records such as A records, MX records or any other DNS Record.
ping is incorrect. The command ping sends a request over the network to a specific device to see if a networked device is reachable. In other words, the ping command is used to find out whether an IP connection exists for a particular host.
Unattempted
tracert is the correct answer. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. Its used to show several details such as the number of hops about the path that a packet takes from the computer or device youre on to whatever destination you specify.
ipconfig is incorrect. To command ipconfig displays the basic TCP/IP configuration such as IPv4, IPv6, subnet mask, and default gateway for all adapters.
nslookup is incorrect. The command nslookup is used to perform DNS queries and receive: domain names, IP addresses, an DNS Records such as A records, MX records or any other DNS Record.
ping is incorrect. The command ping sends a request over the network to a specific device to see if a networked device is reachable. In other words, the ping command is used to find out whether an IP connection exists for a particular host.
Question 55 of 60
55. Question
Which of the following VPN solutions is used to connect a personal user device to a remote server on a private network?
Correct
Remote Access is the correct answer. Remote Access (Personal) VPN is used to connect a personal user device to a remote server on a private network. Once a remote access VPN is connected, a users internet activity will go through the encrypted VPN tunnel to the remote server and access the internet from that remote server. That means that the internet website or application sees the remote servers IP address instead of your personal devices IP address which provides a layer of privacy.
Site-to-site is incorrect. The Site to Site VPN, known as point to point VPN, is used to connect two local area networks (LANs). Site to site VPNs are usually utilized by businesses large and small that want to provide their employees or business partners secure access to network resources. Usually, these network resources are files or access to programs that need to be protected.
Split tunnel is incorrect. VPN split tunneling lets you route some of your device or app traffic through the encrypted VPN tunnel while other devices or apps access the internet directly. Use split tunneling to protect the traffic you choose, without losing access to local network devices.
Proxy server is incorrect. A proxy server is not a VPN solution, the proxy server acts as a gateway between you and the internet. Its an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy. Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests.
Incorrect
Remote Access is the correct answer. Remote Access (Personal) VPN is used to connect a personal user device to a remote server on a private network. Once a remote access VPN is connected, a users internet activity will go through the encrypted VPN tunnel to the remote server and access the internet from that remote server. That means that the internet website or application sees the remote servers IP address instead of your personal devices IP address which provides a layer of privacy.
Site-to-site is incorrect. The Site to Site VPN, known as point to point VPN, is used to connect two local area networks (LANs). Site to site VPNs are usually utilized by businesses large and small that want to provide their employees or business partners secure access to network resources. Usually, these network resources are files or access to programs that need to be protected.
Split tunnel is incorrect. VPN split tunneling lets you route some of your device or app traffic through the encrypted VPN tunnel while other devices or apps access the internet directly. Use split tunneling to protect the traffic you choose, without losing access to local network devices.
Proxy server is incorrect. A proxy server is not a VPN solution, the proxy server acts as a gateway between you and the internet. Its an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy. Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests.
Unattempted
Remote Access is the correct answer. Remote Access (Personal) VPN is used to connect a personal user device to a remote server on a private network. Once a remote access VPN is connected, a users internet activity will go through the encrypted VPN tunnel to the remote server and access the internet from that remote server. That means that the internet website or application sees the remote servers IP address instead of your personal devices IP address which provides a layer of privacy.
Site-to-site is incorrect. The Site to Site VPN, known as point to point VPN, is used to connect two local area networks (LANs). Site to site VPNs are usually utilized by businesses large and small that want to provide their employees or business partners secure access to network resources. Usually, these network resources are files or access to programs that need to be protected.
Split tunnel is incorrect. VPN split tunneling lets you route some of your device or app traffic through the encrypted VPN tunnel while other devices or apps access the internet directly. Use split tunneling to protect the traffic you choose, without losing access to local network devices.
Proxy server is incorrect. A proxy server is not a VPN solution, the proxy server acts as a gateway between you and the internet. Its an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy. Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests.
Question 56 of 60
56. Question
Which of the following process is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes (natural disasters, cyber-attacks)?
Correct
Business continuity plan is the correct answer. Business continuity planning is a strategy. It ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Disaster recovery plan is incorrect. A business disaster recovery plan can restore data and critical applications in the event your systems are destroyed when disaster strikes.
The difference between a business continuity plan and disaster recovery plan is:
A business continuity plan is a strategy businesses put in place to continue operating with minimal disruption in the event of a disaster. The disaster recovery plan refers more specifically to the steps and technologies for recovering from a disruptive event, especially as it pertains to restoring lost data, infrastructure failure, or other technological components.
Incident response team is incorrect. An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include developing an incident response plan, testing for and resolving system vulnerabilities, maintaining strong security best practices, and providing support for all incident handling measures.
Retention policy is incorrect. A retention policy is a key part of the lifecycle of a record. It describes how long a business needs to keep a piece of information (a record), where its stored, and how to dispose of the record when its time.
Incorrect
Business continuity plan is the correct answer. Business continuity planning is a strategy. It ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Disaster recovery plan is incorrect. A business disaster recovery plan can restore data and critical applications in the event your systems are destroyed when disaster strikes.
The difference between a business continuity plan and disaster recovery plan is:
A business continuity plan is a strategy businesses put in place to continue operating with minimal disruption in the event of a disaster. The disaster recovery plan refers more specifically to the steps and technologies for recovering from a disruptive event, especially as it pertains to restoring lost data, infrastructure failure, or other technological components.
Incident response team is incorrect. An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include developing an incident response plan, testing for and resolving system vulnerabilities, maintaining strong security best practices, and providing support for all incident handling measures.
Retention policy is incorrect. A retention policy is a key part of the lifecycle of a record. It describes how long a business needs to keep a piece of information (a record), where its stored, and how to dispose of the record when its time.
Unattempted
Business continuity plan is the correct answer. Business continuity planning is a strategy. It ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Disaster recovery plan is incorrect. A business disaster recovery plan can restore data and critical applications in the event your systems are destroyed when disaster strikes.
The difference between a business continuity plan and disaster recovery plan is:
A business continuity plan is a strategy businesses put in place to continue operating with minimal disruption in the event of a disaster. The disaster recovery plan refers more specifically to the steps and technologies for recovering from a disruptive event, especially as it pertains to restoring lost data, infrastructure failure, or other technological components.
Incident response team is incorrect. An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include developing an incident response plan, testing for and resolving system vulnerabilities, maintaining strong security best practices, and providing support for all incident handling measures.
Retention policy is incorrect. A retention policy is a key part of the lifecycle of a record. It describes how long a business needs to keep a piece of information (a record), where its stored, and how to dispose of the record when its time.
Question 57 of 60
57. Question
Assuming you are working on a Windows environment. For troubleshooting reasons, you need to discover your IP information, including DHCP and DNS server addresses from your current workstation.
Which of the following commands will help you to troubleshoot the network?
Correct
ipconfig is the correct answer. To command ipconfig displays the basic TCP/IP configuration such as IPv4, IPv6, subnet mask, and default gateway for all adapters.
tracert is incorrect. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. Its used to show several details such as the number of hops about the path that a packet takes from the computer or device youre on to whatever destination you specify.
nslookup is incorrect. The command nslookup is used to perform DNS queries and receive: domain names, IP addresses, an DNS Records such as A records, MX records or any other DNS Record.
ping is incorrect. The command ping sends a request over the network to a specific device to see if a networked device is reachable. In other words, the ping command is used to find out whether an IP connection exists for a particular host.
Incorrect
ipconfig is the correct answer. To command ipconfig displays the basic TCP/IP configuration such as IPv4, IPv6, subnet mask, and default gateway for all adapters.
tracert is incorrect. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. Its used to show several details such as the number of hops about the path that a packet takes from the computer or device youre on to whatever destination you specify.
nslookup is incorrect. The command nslookup is used to perform DNS queries and receive: domain names, IP addresses, an DNS Records such as A records, MX records or any other DNS Record.
ping is incorrect. The command ping sends a request over the network to a specific device to see if a networked device is reachable. In other words, the ping command is used to find out whether an IP connection exists for a particular host.
Unattempted
ipconfig is the correct answer. To command ipconfig displays the basic TCP/IP configuration such as IPv4, IPv6, subnet mask, and default gateway for all adapters.
tracert is incorrect. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. Its used to show several details such as the number of hops about the path that a packet takes from the computer or device youre on to whatever destination you specify.
nslookup is incorrect. The command nslookup is used to perform DNS queries and receive: domain names, IP addresses, an DNS Records such as A records, MX records or any other DNS Record.
ping is incorrect. The command ping sends a request over the network to a specific device to see if a networked device is reachable. In other words, the ping command is used to find out whether an IP connection exists for a particular host.
Question 58 of 60
58. Question
A _______________ is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.
Correct
Memorandum of understanding (MOU) is the correct answer. A memorandum of understanding (MOU or MoU) is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.
The MOU can be seen as the starting point for negotiations as it defines the scope and purpose of the talks. Such memoranda are most often seen in international treaty negotiations but also may be used in high-stakes business dealings such as merger talks.
Service-level agreement (SLA) is incorrect. A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
End of life (EOL) is incorrect. End of life (EOL) is the final stage of a products existence. The particular concerns of end-of-life depend on the product in question and whether the perspective is that of the manufacturer or the user.
For the manufacturer, EOL concerns involve not only discontinuing production but also continuing to address the market needs that the product addresses which might lead to the development of a new product. For the business using the product, EOL concerns include disposing of the existing product responsibly, transitioning to a different product, and ensuring that disruption will be minimal.
Non-Disclosure Agreement (NDA) is incorrect. A Non-Disclosure Agreement (NDA) is a legally enforceable contract that establishes confidentiality between two partiesthe owner of protected information and the recipient of that information. By signing an NDA, participants agree to protect confidential information shared with them by the other party.
Incorrect
Memorandum of understanding (MOU) is the correct answer. A memorandum of understanding (MOU or MoU) is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.
The MOU can be seen as the starting point for negotiations as it defines the scope and purpose of the talks. Such memoranda are most often seen in international treaty negotiations but also may be used in high-stakes business dealings such as merger talks.
Service-level agreement (SLA) is incorrect. A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
End of life (EOL) is incorrect. End of life (EOL) is the final stage of a products existence. The particular concerns of end-of-life depend on the product in question and whether the perspective is that of the manufacturer or the user.
For the manufacturer, EOL concerns involve not only discontinuing production but also continuing to address the market needs that the product addresses which might lead to the development of a new product. For the business using the product, EOL concerns include disposing of the existing product responsibly, transitioning to a different product, and ensuring that disruption will be minimal.
Non-Disclosure Agreement (NDA) is incorrect. A Non-Disclosure Agreement (NDA) is a legally enforceable contract that establishes confidentiality between two partiesthe owner of protected information and the recipient of that information. By signing an NDA, participants agree to protect confidential information shared with them by the other party.
Unattempted
Memorandum of understanding (MOU) is the correct answer. A memorandum of understanding (MOU or MoU) is an agreement between two or more parties outlined in a formal document. It is not legally binding but signals the willingness of the parties to move forward with a contract.
The MOU can be seen as the starting point for negotiations as it defines the scope and purpose of the talks. Such memoranda are most often seen in international treaty negotiations but also may be used in high-stakes business dealings such as merger talks.
Service-level agreement (SLA) is incorrect. A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
End of life (EOL) is incorrect. End of life (EOL) is the final stage of a products existence. The particular concerns of end-of-life depend on the product in question and whether the perspective is that of the manufacturer or the user.
For the manufacturer, EOL concerns involve not only discontinuing production but also continuing to address the market needs that the product addresses which might lead to the development of a new product. For the business using the product, EOL concerns include disposing of the existing product responsibly, transitioning to a different product, and ensuring that disruption will be minimal.
Non-Disclosure Agreement (NDA) is incorrect. A Non-Disclosure Agreement (NDA) is a legally enforceable contract that establishes confidentiality between two partiesthe owner of protected information and the recipient of that information. By signing an NDA, participants agree to protect confidential information shared with them by the other party.
Question 59 of 60
59. Question
You need to mitigate all the networking attacks that exploit open unused TCP ports on your system.
Which of the following command displays active TCP connections and ports on which the computer is listening?
Correct
netstat is the correct answer. The netstat command displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, this command displays active TCP connections.
arp is incorrect. The arp command allows you to display and modify the Address Resolution Protocol (ARP) cache. An ARP cache is a simple mapping of IP addresses to MAC addresses. Each time a computers TCP/IP stack uses ARP to determine the Media Access Control (MAC) address for an IP address, it records the mapping in the ARP cache so that future ARP lookups go faster.
route is incorrect. The route command is used to view and manipulate the IP routing table.
Sn1per is incorrect. Sn1per is not a command, is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Incorrect
netstat is the correct answer. The netstat command displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, this command displays active TCP connections.
arp is incorrect. The arp command allows you to display and modify the Address Resolution Protocol (ARP) cache. An ARP cache is a simple mapping of IP addresses to MAC addresses. Each time a computers TCP/IP stack uses ARP to determine the Media Access Control (MAC) address for an IP address, it records the mapping in the ARP cache so that future ARP lookups go faster.
route is incorrect. The route command is used to view and manipulate the IP routing table.
Sn1per is incorrect. Sn1per is not a command, is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Unattempted
netstat is the correct answer. The netstat command displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, this command displays active TCP connections.
arp is incorrect. The arp command allows you to display and modify the Address Resolution Protocol (ARP) cache. An ARP cache is a simple mapping of IP addresses to MAC addresses. Each time a computers TCP/IP stack uses ARP to determine the Media Access Control (MAC) address for an IP address, it records the mapping in the ARP cache so that future ARP lookups go faster.
route is incorrect. The route command is used to view and manipulate the IP routing table.
Sn1per is incorrect. Sn1per is not a command, is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
Question 60 of 60
60. Question
In cloud computing, the ability to scale up and down resources based on the users needs is known as:
Correct
Dynamic resource allocation is the correct answer. Dynamic resource allocation is the ability to scale up and down resources based on the users needs.
Virtual private cloud is incorrect. A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a public cloud. VPC customers can run code, store data, host websites, and do anything else they could do in an ordinary private cloud, but the private cloud is hosted remotely by a public cloud provider. VPCs combine the scalability and convenience of public cloud computing with the data isolation of private cloud computing.
Network segmentation is incorrect. Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks, each being a network segment. The advantages of such splitting are primarily for boosting performance and improving security.
Public subnet is incorrect. A public subnet is a subnet thats associated with a route table that has a route to an Internet gateway.
Incorrect
Dynamic resource allocation is the correct answer. Dynamic resource allocation is the ability to scale up and down resources based on the users needs.
Virtual private cloud is incorrect. A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a public cloud. VPC customers can run code, store data, host websites, and do anything else they could do in an ordinary private cloud, but the private cloud is hosted remotely by a public cloud provider. VPCs combine the scalability and convenience of public cloud computing with the data isolation of private cloud computing.
Network segmentation is incorrect. Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks, each being a network segment. The advantages of such splitting are primarily for boosting performance and improving security.
Public subnet is incorrect. A public subnet is a subnet thats associated with a route table that has a route to an Internet gateway.
Unattempted
Dynamic resource allocation is the correct answer. Dynamic resource allocation is the ability to scale up and down resources based on the users needs.
Virtual private cloud is incorrect. A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a public cloud. VPC customers can run code, store data, host websites, and do anything else they could do in an ordinary private cloud, but the private cloud is hosted remotely by a public cloud provider. VPCs combine the scalability and convenience of public cloud computing with the data isolation of private cloud computing.
Network segmentation is incorrect. Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks, each being a network segment. The advantages of such splitting are primarily for boosting performance and improving security.
Public subnet is incorrect. A public subnet is a subnet thats associated with a route table that has a route to an Internet gateway.
X
Use Page numbers below to navigate to other practice tests