Chapter 7 PDF Questions and Answers

Summary

This document contains a set of security-related exam questions and their answers. The questions cover topics such as network security, threats, and vulnerabilities. The document provides detailed solutions for each security-related question.

Full Transcript

Question #1:
Which of the following can be used to identify potential attacker activities without affecting
production servers?
A.Honey pot (answer)
B.Video surveillance
C.Zero Trust
D.Geofencing

Question #2:
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older
browser versions with well-known exploits. Which of the following security solutions should be
configured to best provide the ability to monitor and block these known signature-based
attacks?
A.ACL
B.DLP
C.IDS
D.IPS (answer)

Question #3:
A company's legal department drafted sensitive documents in a SaaS application and wants to
ensure the documents cannot be accessed by individuals in high-risk countries. Which of the
following is the most effective way to limit this access?
A.Data masking
B.Encryption
C.Geolocation policy(answer)
D.Data sovereignty regulation

Question #4:
A security analyst scans a company's public network and discovers a host is running a remote
desktop that can be used to access the production network. Which of the following changes
should the security analyst recommend?
A.Changing the remote desktop port to a non-standard number
B.Setting up a VPN and placing the jump server inside the firewall (answer)
C.Using a proxy for web connections from the remote desktop
server
D.Connecting the remote server to the domain and increasing the password length

Question #5:
A hacker gained access to a system via a phishing attempt that was a direct result of a user
clicking a suspicious link. The link laterally deployed ransomware, which lay dormant for multiple
weeks, across the network. Which of the following would have mitigated the spread?
A.IPS (answer)
B.IDS
C.WAF
D.UAT

Question #6:
Which of the following would be the best way to handle a critical business application that is
running on a legacy server?
A.Segmentation (answer)
B.Isolation
C.Hardening
D.Decommissioning

Question #7:
An engineer needs to find a solution that creates an added layer of security by preventing
unauthorized access to internal company resources. Which of the following would be the best
solution?
A.RDP server
B.Jump server (answer)
C.Proxy server
D.Hypervisor

Question #8:
A security consultant needs secure, remote access to a client environment. Which of the
following should the security consultant most likely use to gain access?
A.EAP
B.DHCP
C.IPSec (answer)
D.NAT

Question #9:
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due
to remote work. The organization is looking for a software solution that will allow it to reduce
traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data
center and monitoring of remote employee internet traffic. Which of the following will help
achieve these objectives?
A.Deploying a SASE solution to remote employees (answer)
B.Building a load-balanced VPN solution with redundant internet
C.Purchasing a low-cost SD-WAN solution for VPN traffic
D.Using a cloud provider to create additional VPN concentrators

Question #10:
A company needs to provide administrative access to internal resources while minimizing the
traffic allowed through the security boundary. Which of the following methods is most secure?
A.Implementing a bastion host (answer)
B.Deploying a perimeter network
C.Installing a WAF
D.Utilizing single sign-on

Question #11:
A newly identified network access vulnerability has been found in the OS of legacy loT devices.
Which of the following would best mitigate this vulnerability quickly?
A.Insurance
B.Patching
C.Segmentation (answer)
D.Replacement

Question #12:
After a security incident, a systems administrator asks the company to buy a NAC platform.
Which of the following attack surfaces is the systems administrator trying to protect?
A.Bluetooth
B.Wired (answer)
C.NFC
D.SCADA

Question #13:
During a security incident, the security operations team identified sustained network traffic from
a malicious IP address:10.1.4.9. A security analyst is creating an inbound firewall rule to block
the IP address from accessing the organization's network. Which of the following fulfills this
request?
A.access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32
B.access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0 (answer)
C.access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0
D.access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Question #14:
Users at a company are reporting they are unable to access the URL for a new retail website
because it is flagged as gambling and is being blocked. Which of the following changes would
allow users to access the site?
A.Creating a firewall rule to allow HTTPS traffic
B.Configuring the IPS to allow shopping
C.Tuning the DLP rule that detects credit card data
D.Updating the categorization in the content filter (answer)
Question #15:
An enterprise is trying to limit outbound DNS traffic originating from its internal network.
Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25.
Which of the following firewall ACLs will accomplish this goal?
A.Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny
10.50.10.25/32 0.0.0.0/0 port 53
B.Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53 Access list outbound deny
0.0.0.0/0 0.0.0.0/0 port 53
C.Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0
10.50.10.25/32 port 53
D.Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny
0.0.0.0/0 0.0.0.0/0 port 53(answer)

Question #16:
An organization would like to store customer data on a separate part of the network that is not
accessible to users on the main corporate network. Which of the following should the
administrator use to accomplish this goal?
A.Segmentation (answer)
B.Isolation
C.Patching
D.Encryption

Question #17:
Which of the following can best protect against an employee inadvertently installing malware on
a company system?
A.Host-based firewall
B.System isolation
C.Least privilege
D.Application allow list (answer)

Question #18:
An organization is leveraging a VPN between its headquarters and a branch location. Which of
the following is the VPN protecting?
A.Data in use
B.Data in transit (answer)
C.Geographic restrictions
D.Data sovereignty

Question #19:
A company prevented direct access from the database administrators' workstations to the
network segment that contains database servers. Which of the following should a database
administrator use to access the database servers?
A.Jump server(answer)
B.RADIUS
C.HSM
D.Load balancer

Question #20:
A security engineer needs to configure an NGFW to minimize the impact of the increasing
number of various traffic types during attacks. Which of the following types of rules is the
engineer the most likely to configure?
A. Signature-based
B. Behavioral-based (answer)
C. URL-based
D. Agent-based

Question #21:
Which of the following is most likely to be deployed to obtain and analyze attacker activity and
techniques?
A. Firewall
B. IDS
C. Honeypot (answer)
D. Layer 3 switch

Question #22:
A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's
network. Which of the following should be configured on the existing network infrastructure to
best prevent this activity?
A.Port security (answer)
B.Web application firewall
C.Transport layer security
D.Virtual private network

Question #23:
A company wants to get alerts when others are researching and doing reconnaissance on the
company. One approach would be to host a part of the infrastructure online with known
vulnerabilities that would appear to be company assets. Which of the following describes this
approach?
A. Watering hole
B. Bug bounty
C. DNS sinkhole
D. Honeypot (answer)

Question #24:
A systems administrator is redesigning how devices will perform network authentication. The
following requirements need to be met: An existing internal certificate must be used.
Wired and wireless networks must be supported.
Any unapproved device should be isolated in a quarantine subnet. Approved devices should
be updated before accessing resources. Which of the following would best meet the
requirements?
A. 802.1X (answer)
B. EAP
C. RADIUS
D. WPA2

Question #25:
A systems administrator notices that one of the systems critical for processing customer
transactions is running an end-of-life operating system. Which of the following techniques would
increase enterprise security?
A.Installing HIDS on the system
B.Placing the system in an isolated VLAN (answer)
C.Decommissioning the system
D.Encrypting the system's hard drive

Question #26:
A security engineer is installing an IPS to block signature-based attacks in the environment.
Which of the following modes will best accomplish this task?
A.Monitor
B.Sensor
C.Audit
D.Active (answer)

Question #27:
A security analyst finds a rogue device during a monthly audit of current endpoint assets that
are connected to the network. The corporate network utilizes 802.1X for access control. To be
allowed on the network, a device must have a known hardware address, and a valid
username and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?
A.A user performed a MAC cloning attack with a personal device.(answer)
B.A DHCP failure caused an incorrect IP address to be distributed.
C.An administrator bypassed the security controls for testing.
D.DNS hijacking lets an attacker intercept the captive portal traffic.

Question #28:
These employees utilize a solution that allows remote access without interception concerns.
Which of the following best describes this solution?
A.Proxy server
B.NGFW
C.VPN (answer)
D.Security zone

Question #29:
Employees located off-site must have access to company resources in order to complete their
assigned tasks These employees utilize a solution that allows remote access without
interception concerns. Which of the following best describes this solution?
A.Proxy server
B.NGFW
C.VPN (answer)
D.Security zone

Question # 30:
A recent penetration test identified that an attacker could flood the MAC address table of
network switches. Which of the following would best mitigate this type of attack?
A.Load balancer
B.Port security (answer)
C.IPS
D.NGFW

Question #31:
Which of the following is the best way to provide secure remote access for employees while
minimizing the exposure of a company's internal network?
A.VPN (answer)
B.LDAP
C.FTP
D.RADIUS