Q1. When performing the daily review of the system vulnerability scans of the network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability. Which of the following is the type of vulnerability described?
A. Network based
B. IDS
C. Signature based
D. Host based
Answer: C
Explanation:
Q2. Allowing unauthorized removable devices to connect to computers increases the risk of which of the following?
A. Data leakage prevention
B. Data exfiltration
C. Data classification
D. Data deduplication
Answer: B
Explanation: Data exfiltration is the unauthorized copying, transfer or retrieval of data from a system.
Q3. How must user accounts for exiting employees be handled?
A. Disabled, regardless of the circumstances
B. Disabled if the employee has been terminated
C. Deleted, regardless of the circumstances
D. Deleted if the employee has been terminated
Answer: A
Explanation:
You should always disable an employee’s account as soon as they leave. The employee knows the username and password of the account and could continue to log in for potentially malicious purposes. Disabling the account will ensure that no one can log in using that account.
Q4. Which of the following network design elements allows for many internal devices to share one public IP address?
A. DNAT
B. PAT
C. DNS
D. DMZ
Answer: B
Explanation:
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP address to the home network's router. When Computer X logs on the Internet, the router assigns the client a port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique address. If Computer Z logs on the Internet at the same time, the router assigns it the same local IP address with a different port number. Although both computers are sharing the same public IP address and accessing the Internet at the same time, the router knows exactly which computer to send specific packets to because each computer has a unique internal address.
Q5. Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination?
A. Proxies
B. Load balancers
C. Protocol analyzer
D. VPN concentrator
Answer: A
Explanation:
Q6. A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90).
Which of the following attack types has occurred?
A. Buffer overflow
B. Cross-site scripting
C. XML injection
D. SQL injection
Answer: A
Explanation: Explanation The hex character 90 (x90) means NOP or No Op or No Operation. In a buffer overflow attack, the buffer can be filled and overflowed with No Op commands. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Q7. Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?
A. EAP-MD5
B. WEP
C. PEAP-MSCHAPv2
D. EAP-TLS
Answer: C
Explanation:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards.
Q8. A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Joe and Ann were hired 16 days ago. When Joe logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password?
A. Ann’s user account has administrator privileges.
B. Joe’s user account was not added to the group policy.
C. Ann’s user account was not added to the group policy.
D. Joe’s user account was inadvertently disabled and must be re-created.
Answer: C
Explanation:
Group policy is used to manage Windows systems in a Windows network domain environment by means of a Group Policy Object (GPO). GPO’s include a number of settings related to credentials, which includes password expiration. Because Anne was not prompted to change her password, it could only mean that her user account was not added to the group policy.
Q9. An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame.
Which of the following strategies would the administrator MOST likely implement?
A. Full backups on the weekend and incremental during the week
B. Full backups on the weekend and full backups every day
C. Incremental backups on the weekend and differential backups every day
D. Differential backups on the weekend and full backups every day
Answer: A
Explanation:
A full backup is a complete, comprehensive backup of all fi les on a disk or server. The full backup is current only at the time it’s performed. Once a full backup is made, you have a complete archive of the system at that point in time. A system shouldn’t be in use while it undergoes a full backup because some fi les may not get backed up. Once the system goes back into operation, the backup is no longer current. A full backup can be a time-consuming process on a large system. An incremental backup is a partial backup that stores only the information that has been changed since the last full or the last incremental backup. If a full backup were performed on a Sunday night, an incremental backup done on Monday night would contain only the information that changed since Sunday night. Such a backup is typically considerably smaller than a full backup. Each incremental backup must be retained until a full backup can be performed. Incremental backups are usually the fastest backups to perform on most systems, and each incremental backup tape is relatively small.
Q10. Which of the following types of security services are used to support authentication for remote users and devices?
A. Biometrics
B. HSM
C. RADIUS
D. TACACS
Answer: C
Explanation:
RADIUS authentication phase takes place when a network client connects to a network access server (NAS) and provides authentication credentials. The NAS will then make use of the authentication credentials to issue a RADIUS authentication request to the RADIUS server, which will then exchange RADIUS authentication messages with the NAS.