1. What is a bootable USB flash drive used to reset passwords on a device? A. Password vault B.
1. What is a bootable USB flash drive used to reset passwords on a device?
A. Password vault
B. Dynamic knowledge-based authentication (KBA)
C. Static knowledge-based authentication (KBA)
D. Password key
2. What file permissions are set after executing this Linux command: chmod 644 file.htm?
A. Others can only read from the file.
B. Others can only write to the file.
C. Others can only read from and write to the file.
D. Others can read from, write to, and execute the file.
3. What file permissions are set after executing this Linux command: chmod 644 file.htm?
A. The user can only read from the file.
B. The user can read from, write to, and execute the file.
C. The user can only read from and write to the file.
D. The user can only write to the file.
4. AAA framework is the foundation of network security and is necessary to provide an access management system. What does the acronym AAA stand for?
A. Automation, Authorization, and Availability
B. Automation, Access, and Accounting
C. Authentication, Authorization, and Accounting
D. Authentication, Access, and Availability
5. What of the following protocols is NOT an AAA protocol?
A. TACACS+
B. RADIUS
C. Kerberos
D. diameter
6. What of the following protocols encrypts the complete authentication process?
A. TACACS+
B. PAP
C. CHAP
D. RADIUS
7. What kind of access control limits the amount of time that system administrators can have elevated privileges?
A. Privilege access management (PAM)
B. Role-based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Discretionary Access Control (DAC)
8. You are enabling NTP on some servers on the organization’s network. Which of the following use cases are you MOST likely supporting with this action?
A. Enable email usage
B. Support voice and video transmission
C. Encrypt data traveling across the network
D. Provide time synchronization
9. Which protocol is used to send encrypted traffic over a network.
A. TLS
B. DNS
C. HTTP
D. LDAP
10. Which IPsec mode is used for remote-access VPNs?
A. Transport
B. Hashed
C. Tunnel
D. Encrypted
11. What is the port for HTTP?
A. TCP port 443
B. TCP port 143
C. TCP port 53
D. TCP port 80
12. What protocol is used to monitor network devices, modify configurations on the devices, report the status of devices back to a central network management system, and provide integrity, encryption, and authentication?
A. SNMPv3
B. DNSSEC
C. IMAP
D. S/MIME
13. Which protocol is used to store and manage email on a server?
A. TLS
B. IMAP4
C. HTTP
D. LDAPS
14. What protocol replaced SSL?
A. HTTPS
B. STARTTLS
C. LDAP
D. TLS
15. What protocol uses UDP port 53?
A. DNS zone transfers
B. SMTP
C. HTTP
D. DNS name service lookups
16. _____ is a chip on a computer’s motherboard that does cryptographic functions.
A. HSM
B. FDE
C. TPM
D. UEFI
17. Which of the following is used to boot a computer?
A. Opal
B. BIOS
C. FDE
D. SED
18. This is a list of applications that are blocked from running on a system.
A. certificate revocation list (CRL)
B. application denylist
C. application allowlist
D. access control list (ACL)
19. This is when someone other than the original programmer goes through the code, line by line, looking for potential vulnerabilities.
A. Dynamic code analysis
B. Manual code review
C. Static code analysis
D. Fuzzing
20. What function prevents malware infections at the BIOS/UEFI level and at the operating system level?
A. Multi-factor authentication
B. Secure boot
C. IPSec
D. AES encryption
21. What protocol is used to transmit secure cookies?
A. HTTPS
B. HTTP
C. SFTP
D. SRTP
22. This is performed by an automated tool that looks for coding mistakes, which is similar to a spell checker. This checks the programming code without running it.
A. Dynamic code analysis
B. Manual code review
C. Static code analysis
D. Fuzzing
23. How does a signature-based IDS determine if an entity is malicious or not?
A. compares the current network behavior to a baseline of the network behavior
B. uses AI (artificial intelligence) to determine if the entity is malicious or not
C. looks at how an entity acts in an environment
D. compares an entity to a database of known vulnerabilities and attack patterns
24. What is a device that identifies and filters application traffic on the network?
A. Network address translation (NAT) gateway
B. Next-generation firewall (NGFW)
C. Host-based intrusion prevention system (HIPS)
D. Network access control (NAC)
25. What type of virtual private network (VPN) connects two sites across the public Internet?
A. Split tunnel
B. Remote-access
C. Full tunnel
D. Site-to-site
26. What type of firewall keeps track of established sessions using a session table. It blocks traffic that is not part of an established session.
A. Web application firewall (WAF)
B. Stateful firewall
C. Next-generation firewall (NGFW)
D. Stateless firewall
27. What is a potential attack that can be used on IPv6?
A. IP address exhaustion
B. Neighbor Cache Exhaustion attack
C. ARP (Address resolution protocol) DoS (Denial of Service) attack
D. ARP (Address resolution protocol) poisoning
28. What type of virtual private network (VPN) connects a user to a private intranet across the public Internet? This is also known as a host-to-gateway VPN.
A. Site-to-site
B. Remote-access
C. Split tunnel
D. Full tunnel
29. What prevents unauthorized DHCP servers from assigning IP addresses to clients? The switch sends the DHCP Discover message only to trusted ports used in DHCP configuration. This also drops DHCP messages over ports that do not match the trusted ports
A. Dynamic Host Configuration Protocol (DHCP) snooping
B. Media access control (MAC) filtering
C. Bridge Protocol Data Unit (BPDU) guard
D. Layer 2 tunneling protocol (L2TP)
30. What is an advantage of IPv6 over IPv4?
A. IPv6 replaces ARP (Address Resolution Protocol) with NDP (Neighborhood Discovery Protocol)
B. IPv6 has NAT (Network Address Translation)
C. IPv6 has more complex communication
D. IPv6 has less IP addresses
31. What kind of firewalls run on a single computer? These are also called an application-based firewall.
A. stateful
B. ACL (access control list)
C. network-based
D. host-based
32. This network traffic is less trusted, so typically we want stronger security policies for this kind of traffic.
A. East-West traffic
B. North-South traffic
C. Virtual local area network (VLAN)
D. Zero Trust
33. This is software or hardware that is incorporated into a firewall to monitor Internet traffic. It prevents access to malicious websites. It also prevents malware from downloading.
A. Intranet
B. Content filter
C. Network Access Control (NAC)
D. Network Address Translation (NAT)
34. You are setting up an anomaly-based IDS to monitor network activity. Which of the following would you set up first?
A. a baseline of the current network behavior
B. a database of known vulnerabilities and attack patterns
C. a switch
D. a router
35. What network device is an OSI layer 1 device?
A. hub
B. proxy server
C. router
D. switch
36. What can support connecting a browser to a VPN?
A. Switches
B. Firewalls
C. Proxy servers
D. HTML5
37. _____ is the remote management of servers, desktops, laptops, and mobile devices. This helps to update antivirus software, keep up with current patches, and use security controls on these devices.
A. MAM (Mobile Application Management)
B. UEM (Unified Endpoint Management)
C. SEAndroid (Security-Enhanced Android)
D. MicroSD HSM (Micro Secure Digital Hardware Security Module)
38. _____ is removing software restrictions from an Android device so that any third-party app can be installed.
A. installing custom firmware
B. jailbreaking
C. tethering
D. rooting
39. Which of the following deployment models is when an organization purchases mobile devices, and issues them to employees, who can use the device as if they personally owned it?
A. COPE
B. Corporate-owned
C. BYOD
D. CYOD
40. Automatically storing the appropriate data in the appropriate segment is known as _____. For example, corporate data is automatically stored on one segment that is always encrypted; while user data is automatically stored on another segment.
A. remote wipe
B. content management
C. geofencing
D. screen locks
41. _____ is a connection method for mobile devices that provides free access to geolocation and time information to receivers anywhere in the world. Often used for maps and directions.
A. USB (Universal Serial Bus)
B. Infrared
C. Global Positioning System (GPS)
D. Radio-frequency identification (RFID)
42. Which of the following is the MOST likely to put an organization at risk for data exfiltration?
A. GPS tagging
B. firmware OTA (over the air) updates
C. USB OTG (on-the-go)
D. SMS (Short Message Service)
43. What is a potential risk of using SMS (Short Message Service), MMS (Multimedia Messaging Service), or RCS (Rich Communication Services)?
A. carrier unlocking
B. sideloading
C. eavesdropping
D. GPS tagging
44. _____ is a connection method from a mobile device to a device that is very close by. This connection method is often used for credit card payments by waving our phone over the reader.
A. Wi-Fi
B. Bluetooth
C. Cellular
D. NFC (near field communication)
45. _____ creates a copy of the data and stores it in a second location.
A. Data encryption
B. Permissions on data
C. High availability of data
D. Data replication
46. What refers to passwords and encryption keys that protect cloud resources?
A. Secrets management
B. Integration and auditing
C. Resource policies
D. High availability across zones
47. On-premise networks typically have VLANs (virtual local networks), while CSPs (Cloud Service Providers) typically have _____.
A. public and private subnets
B. Virtual Private Networks (VPNs)
C. virtual private clouds (VPCs)
D. air gaps
48. Your organization’s password policy states that users must change their passwords every 30 days. How do you implement this policy?
A. set the minimum password age to 30
B. set the password history to 30
C. set the maximum password age to 30
D. set the account lockout threshold to 30
49. What are a pair of public and private keys used by the SSH (Secure Shell) protocol to confirm a person’s identity?
A. Service accounts
B. User accounts
C. SSH keys
D. Identity provider (IdP)
50. What settings do we use to prevent users from rotating through passwords, so they can use a previous password?
A. password history and maximum password age
B. minimum password age and maximum password age
C. account lockout threshold and account lockout duration
D. password history and minimum password age
Step by Step Solution
There are 3 Steps involved in it
Step: 1
1 D Password key 2 A Others can only read from the file 3 A The user can only read from the file 4 C ...See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started