1.  What is a bootable USB flash drive used to reset passwords on a device?
    A.     Password vault
    B.     Dynamic knowledge-based authentication (KBA)
    C.     Static knowledge-based authentication (KBA)
    D.     Password key

2.  What file permissions are set after executing this Linux command: chmod 644 file.htm?
    A.     Others can only read from the file.
    B.     Others can only write to the file.
    C.     Others can only read from and write to the file.
    D.     Others can read from, write to, and execute the file.

3.  What file permissions are set after executing this Linux command: chmod 644 file.htm?
    A.     The user can only read from the file.
    B.     The user can read from, write to, and execute the file.
    C.     The user can only read from and write to the file.
    D.     The user can only write to the file.

4.  AAA framework is the foundation of network security and is necessary to provide an access management system. What does the acronym AAA stand for?
    A.     Automation, Authorization, and Availability
    B.     Automation, Access, and Accounting
    C.     Authentication, Authorization, and Accounting
    D.     Authentication, Access, and Availability

5.  What of the following protocols is NOT an AAA protocol?
    A.     TACACS+
    B.     RADIUS
    C.     Kerberos
    D.     diameter

6.  What of the following protocols encrypts the complete authentication process?
    A.     TACACS+
    B.     PAP
    C.     CHAP
    D.     RADIUS

7.  What kind of access control limits the amount of time that system administrators can have elevated privileges?
    A.     Privilege access management (PAM)
    B.     Role-based Access Control (RBAC)
    C.     Mandatory Access Control (MAC)
    D.     Discretionary Access Control (DAC)

8.  You are enabling NTP on some servers on the organization’s network. Which of the following use cases are you MOST likely supporting with this action?
    A.     Enable email usage
    B.     Support voice and video transmission
    C.     Encrypt data traveling across the network
    D.     Provide time synchronization

9.  Which protocol is used to send encrypted traffic over a network.
    A.     TLS
    B.     DNS
    C.     HTTP
    D.     LDAP

10.  Which IPsec mode is used for remote-access VPNs?
    A.     Transport
    B.     Hashed
    C.     Tunnel
    D.     Encrypted

11.  What is the port for HTTP?
    A.     TCP port 443
    B.     TCP port 143
    C.     TCP port 53
    D.     TCP port 80

12.  What protocol is used to monitor network devices, modify configurations on the devices, report the status of devices back to a central network management system, and provide integrity, encryption, and authentication?
    A.     SNMPv3
    B.     DNSSEC
    C.     IMAP
    D.     S/MIME

13.  Which protocol is used to store and manage email on a server?
    A.     TLS
    B.     IMAP4
    C.     HTTP
    D.     LDAPS

14.  What protocol replaced SSL?
    A.     HTTPS
    B.     STARTTLS
    C.     LDAP
    D.     TLS
 
15. What protocol uses UDP port 53?
    A.     DNS zone transfers
    B.     SMTP
    C.     HTTP
    D.     DNS name service lookups

16.  _____ is a chip on a computer’s motherboard that does cryptographic functions.
    A.     HSM
    B.     FDE
    C.     TPM
    D.     UEFI

17.  Which of the following is used to boot a computer?
    A.     Opal
    B.     BIOS
    C.     FDE
    D.     SED

18. This is a list of applications that are blocked from running on a system.
    A.     certificate revocation list (CRL)
    B.     application denylist
    C.     application allowlist
    D.     access control list (ACL)

19.  This is when someone other than the original programmer goes through the code, line by line, looking for potential vulnerabilities.
    A.     Dynamic code analysis
    B.     Manual code review
    C.     Static code analysis
    D.     Fuzzing

20.  What function prevents malware infections at the BIOS/UEFI level and at the operating system level?
    A.     Multi-factor authentication
    B.     Secure boot
    C.     IPSec
    D.     AES encryption

21.  What protocol is used to transmit secure cookies?
    A.     HTTPS
    B.     HTTP
    C.     SFTP
    D.     SRTP

22.  This is performed by an automated tool that looks for coding mistakes, which is similar to a spell checker. This checks the programming code without running it.
    A.     Dynamic code analysis
    B.     Manual code review
    C.     Static code analysis
    D.     Fuzzing

23.  How does a signature-based IDS determine if an entity is malicious or not?
    A.     compares the current network behavior to a baseline of the network behavior
    B.     uses AI (artificial intelligence) to determine if the entity is malicious or not
    C.     looks at how an entity acts in an environment
    D.     compares an entity to a database of known vulnerabilities and attack patterns

24.  What is a device that identifies and filters application traffic on the network?
    A.     Network address translation (NAT) gateway
    B.     Next-generation firewall (NGFW)
    C.     Host-based intrusion prevention system (HIPS)
    D.     Network access control (NAC)

25.  What type of virtual private network (VPN) connects two sites across the public Internet?
    A.     Split tunnel
    B.     Remote-access
    C.     Full tunnel
    D.     Site-to-site

26.  What type of firewall keeps track of established sessions using a session table. It blocks traffic that is not part of an established session.
    A.     Web application firewall (WAF)
    B.     Stateful firewall
    C.     Next-generation firewall (NGFW)
    D.     Stateless firewall

27.  What is a potential attack that can be used on IPv6?
    A.     IP address exhaustion
    B.     Neighbor Cache Exhaustion attack
    C.     ARP (Address resolution protocol) DoS (Denial of Service) attack
    D.     ARP (Address resolution protocol) poisoning

28.  What type of virtual private network (VPN) connects a user to a private intranet across the public Internet? This is also known as a host-to-gateway VPN.
    A.     Site-to-site
    B.     Remote-access
    C.     Split tunnel
    D.     Full tunnel

29.  What prevents unauthorized DHCP servers from assigning IP addresses to clients? The switch sends the DHCP Discover message only to trusted ports used in DHCP configuration. This also drops DHCP messages over ports that do not match the trusted ports
    A.     Dynamic Host Configuration Protocol (DHCP) snooping
    B.     Media access control (MAC) filtering
    C.     Bridge Protocol Data Unit (BPDU) guard
    D.     Layer 2 tunneling protocol (L2TP)

30.  What is an advantage of IPv6 over IPv4?
    A.     IPv6 replaces ARP (Address Resolution Protocol) with NDP (Neighborhood Discovery Protocol)
    B.     IPv6 has NAT (Network Address Translation)
    C.     IPv6 has more complex communication
    D.     IPv6 has less IP addresses

31.  What kind of firewalls run on a single computer? These are also called an application-based firewall.
    A.     stateful
    B.     ACL (access control list)
    C.     network-based
    D.     host-based

32.  This network traffic is less trusted, so typically we want stronger security policies for this kind of traffic.
    A.     East-West traffic
    B.     North-South traffic
    C.     Virtual local area network (VLAN)
    D.     Zero Trust

33.  This is software or hardware that is incorporated into a firewall to monitor Internet traffic. It prevents access to malicious websites. It also prevents malware from downloading.
    A.     Intranet
    B.     Content filter
    C.     Network Access Control (NAC)
    D.     Network Address Translation (NAT)

34.  You are setting up an anomaly-based IDS to monitor network activity. Which of the following would you set up first?
    A.     a baseline of the current network behavior
    B.     a database of known vulnerabilities and attack patterns
    C.     a switch
    D.     a router

35.  What network device is an OSI layer 1 device?
    A.     hub
    B.     proxy server
    C.     router
    D.     switch

36.  What can support connecting a browser to a VPN?
    A.     Switches
    B.     Firewalls
    C.     Proxy servers
    D.     HTML5

37.  _____ is the remote management of servers, desktops, laptops, and mobile devices. This helps to update antivirus software, keep up with current patches, and use security controls on these devices.
    A.     MAM (Mobile Application Management)
    B.     UEM (Unified Endpoint Management)
    C.     SEAndroid (Security-Enhanced Android)
    D.     MicroSD HSM (Micro Secure Digital Hardware Security Module)

38.  _____ is removing software restrictions from an Android device so that any third-party app can be installed.
    A.     installing custom firmware
    B.     jailbreaking
    C.     tethering
    D.     rooting

39.  Which of the following deployment models is when an organization purchases mobile devices, and issues them to employees, who can use the device as if they personally owned it?
    A.     COPE
    B.     Corporate-owned
    C.     BYOD
    D.     CYOD

40.  Automatically storing the appropriate data in the appropriate segment is known as _____. For example, corporate data is automatically stored on one segment that is always encrypted; while user data is automatically stored on another segment.
    A.     remote wipe
    B.     content management
    C.     geofencing
    D.     screen locks

41. _____ is a connection method for mobile devices that provides free access to geolocation and time information to receivers anywhere in the world. Often used for maps and directions.
    A.     USB (Universal Serial Bus)
    B.     Infrared
    C.     Global Positioning System (GPS)
    D.     Radio-frequency identification (RFID)

42.  Which of the following is the MOST likely to put an organization at risk for data exfiltration?
    A.     GPS tagging
    B.     firmware OTA (over the air) updates
    C.     USB OTG (on-the-go)
    D.     SMS (Short Message Service)

43.  What is a potential risk of using SMS (Short Message Service), MMS (Multimedia Messaging Service), or RCS (Rich Communication Services)?
    A.     carrier unlocking
    B.     sideloading
    C.     eavesdropping
    D.     GPS tagging

44.  _____ is a connection method from a mobile device to a device that is very close by. This connection method is often used for credit card payments by waving our phone over the reader.
    A.     Wi-Fi
    B.     Bluetooth
    C.     Cellular
    D.     NFC (near field communication)

45.  _____ creates a copy of the data and stores it in a second location.
    A.     Data encryption
    B.     Permissions on data
    C.     High availability of data
    D.     Data replication

46.  What refers to passwords and encryption keys that protect cloud resources?
    A.     Secrets management
    B.     Integration and auditing
    C.     Resource policies
    D.     High availability across zones

47.  On-premise networks typically have VLANs (virtual local networks), while CSPs (Cloud Service Providers) typically have _____.
    A.     public and private subnets
    B.     Virtual Private Networks (VPNs)
    C.     virtual private clouds (VPCs)
    D.     air gaps

48.  Your organization’s password policy states that users must change their passwords every 30 days. How do you implement this policy?
    A.     set the minimum password age to 30
    B.     set the password history to 30
    C.     set the maximum password age to 30
    D.     set the account lockout threshold to 30

49.  What are a pair of public and private keys used by the SSH (Secure Shell) protocol to confirm a person’s identity?
    A.     Service accounts
    B.     User accounts
    C.     SSH keys
    D.     Identity provider (IdP)

50.  What settings do we use to prevent users from rotating through passwords, so they can use a previous password?
    A.     password history and maximum password age
    B.     minimum password age and maximum password age
    C.     account lockout threshold and account lockout duration
    D.     password history and minimum password age