Your organization wants to prevent users from accessing file sharing web sites. Which of the following choices will meet this need?
URL filter. A URL filter blocks access to specific web sites based on their URLs.
Your organization wants to combine some of the security controls used on the network. What could your organization implement to meet this goal?
UTM. A Unified Threat Management device combines multiple security controls into a single device.
Which of the following operates on the HIGHEST layer of the OSI model, and is the most effective at blocking application attacks?
WAF. A web application firewall (WAF) operates on multiple layers up to Layer 7 of the OSI reference model and blocks attacks against a web server.
Which of the following network tools includes sniffing capabilities?
IDS. Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) include sniffing capabilities allowing them to inspect packet streams for malicious activity.
A HIDS reported a vulnerability on a system using an assigned vulnerability identification number. After researching the number on the vendor's web site, you identify the recommended solution and begin applying it. What type of HIDS is in use?
Signature-based. If the issue has an assigned number, it must be known, so it is signature-based. A host-based intrusion detection system (HIDS) is not network-based. A heuristic-based (or anomaly-based) detection system catches issues that are not previo
Management is concerned about malicious activity on your network and wants to implement a security control that will detect unusual traffic on the network. Which of the following is the BEST choice to meet this goal?
Anomaly-based IDS. An anomaly-based (also called heuristic or behavior-based) detection system compares current activity with a previously created baseline to detect any anomalies or changes.
Your network IDS recently detected an attack on a server. Upon investigation, you discover that the IDS does not have a signature on this attack. Instead, the IDS detected it using a heuristic analysis. Of the following choices, what is the MOST likely ca
Zero-day. Heuristic analysis has the best chance of detecting a zero-day attack. A zero-day attack is one that is unknown to vendors and because this attack doesn't have a signature, it is most likely unknown.
You need to configure a UTM security appliance to restrict access to peer-to-peer file sharing web sites. What are you MOST likely to configure?
URL filter. You would most likely configure the Uniform Resource Locator (URL) filter on the unified threat management (UTM) security appliance. This would block access to the P2P sites based on their URL.
You are preparing to deploy an anomaly-based detection system to monitor network activity. What would you create first?
Baseline. An anomaly-based (also called heuristic or behavior-based) detection system compares current activity with a previously created baseline to detect any anomalies or changes.
A network technician incorrectly wired switch connections in your organization's network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. What should be done to prevent this in the future?
Implement STP or RSTP. Spanning Tree Protocol (STP) or Rapid STP (RSTP) will prevent switching loop problems. It's rare for a wiring error to take down a switch. However, if two ports on a switch are connected to each other, it creates a switching loop an
Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need access to both the i
VLANs and 802.1x. An 802.1x server provides port-based authentication and can authenticate clients. Clients that cannot authenticate can be redirected to a virtual local area network (VLAN) that grants them Internet access, but not access to the internal
What would you configure on a Layer 3 device to allow FTP traffic to pass through?
Access control list. You would configure an ACL to allow traffic in or out of a network. A router is a Layer 3 device and you would configure the ACL on the router. The last rule in the ACL would be implicit deny to block all other traffic.
What type of device would have the following entries used to define its operation?
permit IP any any eq 80
permit IP any any eq 443
deny IP any any
Firewall. These are rules in an ACL for a firewall. The first two rules indicate that traffic from any IP address, to any IP address, using ports 80 or 443 is permitted or allowed. The final rule is also known as implicit deny rule and is placed last in t
Your organization is hosting a wireless network with an 802.1x server using PEAP. On Thursday, users report they can no longer access the wireless network. Administrators verified the network configuration matches the baseline, there aren't any hardware o
The RADIUS server certificate expired. The most likely cause is that the Remote Authentication Dial-In User Service (RADIUS) server certificate expired. An 802.1x server is implemented as a RADIUS server and Protected Extensible Authentication Protocol (P
What would administrators typically place at the end of an ACL of a firewall?
Implicity deny. Administrators would place an implicit deny rule at the end of an ACL to deny all traffic that hasn't been explicitly allowed.
You need to divide a single Class B IP address range into several ranges. What would you do?
Subnet the Class B IP address range. You can divide any classful IP address range by subnetting it. This breaks up a larger range of IP addresses into smaller network segments or blocks of IP addresses.
Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?
DMZ. A demilitarized zone (DMZ) is a buffered zone between a private network and the Internet, and it will separate the web server's web-facing traffic from the internal network.
An automated process isolated a computer in a restricted VLAN because the process noticed the computer's antivirus definitions were not up to date. What is the name of this process?
NAC. Network access control is a group of technologies that can inspect systems and control their access to a network. In this scenario, NAC changed the computer's IP address to quarantine it in a restricted VLAN.
Of the following choices, which one is a cloud computing option that allows customers to apply patches to the operating system?
Infrastructure as a Service. IaaS is a cloud computing option where the vendor provides access to a computer, but customers must manage the system, including keeping it up to date with current patches. A hybrid cloud is a combination of a public cloud and
An organization wants to provide protection against malware attacks. Administrators have installed antivirus software on all computers. Additionally, they implemented a firewall and an IDS on the network. Which of the following BEST identifies this princi
Layered security. Layered security (or defense in depth) implements multiple controls to provide several layers of protection.
Your organization has implemented a network design that allows internal computers to share one public IP address. Oft the following choices, what did they MOST likely implement?
PAT. Port Address Translation (PAT) is a form of Network Address Translation (NAT) and it allows many internal devices to share one public IP address.
A company is implementing a feature that allows multiple servers to operate on a single physical server. What is this?
Virtualization. Virtualization allows multiple virtual servers to exist on a single physical server.
What protocol does IPv6 use for hardware address resolution?
NDP. IPv6 uses the Neighbor Discovery Protocol to resolve IPv6 addresses to media access control addresses.
What is the default port for SSH?
22. SSH uses TCP port 22 by default, and it is commonly used with other protocols, such as Secure Copy (SCP) and Secure File Transfer Protocol (SFTP). Telnet uses port 23. SMTP uses port 25. HTTP uses port 80. HTTPS uses port 443.
You are configuring a host-based firewall so that it will allow SFTP connections. Which of the following is required?
Allow TCP 22. You should create a rule to allow traffic using TCP port 22. SFTP uses SSH on TCP port 22. FTP uses TCP port 21. SSH does not use UDP.
You need to send several large files containing proprietary data to a business partner. Which of the following is the BEST choice for this task?
SFTP. FTP is the best choice to send large files, and Secure File Transfer Protocol (SFTP) is the best choice to send large files that need to be protected with encryption.
Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. What protocol is the BEST choice?
TLS. Transport Layer Security (TLS) is a good choice to create a secure connection between two systems over the Internet.
You recently learned that a network router has TCP ports 22 and 80 open, but the organization's security policy mandates that these should not be accessible. What should you do?
Disable the SSH and HTTP services on the router.
You need to prevent the use of TFTP through your firewall. Which port would you block?
UDP 69. You should block UDP port 69 to block Trivial File Transfer Protocol (TFTP). TFTP does not use TCP. FTP uses TCP port 21.
You need to enable the use of NetBIOS through a firewall. Which ports should you open?
137 through 139.
Lisa wants to manage and monitor the switches and routers in her network. Which of the following protocols would she use?
SNMP.
You need to reboot your DNS server. Of the following choices, which type of server are you MOST likely to reboot?
BIND server. Berkeley Internet Name Domain (BIND) is a type of Domain Name System (DNS) software commonly used on the Internet and in some internal networks, so a BIND server is a DNS server.
Your organization is increasing security and wants to prevent attackers from mapping out the IP addresses used on your internal network. Which of the following choices is the BEST option?
Implement secure zone transfers. By implementing secure zone transfers on internal DNS servers, it prevents attackers from downloading zone data and mapping IP addresses and devices.
Network administrators connect to a legacy server using Telnet. They want to secure these transmissions using encryption at a lower layer of the OSI model. What could they use?
IPv6. IPv6 includes the use of Internet Protocol security (IPsec), so it is the best choice and it operates on Layer 3 of the OSI model. Although you can use SSH instead of Telnet, they both operate on Layer 7 of the OSI model.
Your organization is planning to implement a VPN and wants to ensure it is secure. Which of the following protocols is the BEST choice to use with the VPN?
IPsec. IPsec is one of the several protocols used to secure VPN traffic.
Which of the following list of protocols use TCP port 22 by default?
SSH, SCP, SFTP.
Bart wants to block access to all external web sites. Which port should he block at the firewall?
TCP 80. He should block port 80 because web sites use HTTP over TCP port 80.
You need to manage a remote server. Which of the following ports should you open on the firewall between your system and the remote server?
22 and 3389. You can manage a remote server using SSH on TCP port 22 and RDP on TCP port 3389.
While reviewing logs on a firewall, you see several requests for the AAAA record of gcgapremium.com. What is the purpose of this request?
To identify the IPv6 address of gcgapremium.com. A DNS AAAA record identifies the IPv6 address of a given name. An A record identifies the IPv4 address of a given name. An MX record identifies a mail server. A CNAME record identifies aliases.
You need to provide connectivity between two buildings without running any cables. You decide to use two WAPs and a high-gain directional antenna. Which of the following antennas is the BEST choice to meet this need?
Yagi. A Yagi antenna is a high-gain directional antenna with a very narrow radiation pattern and is an ideal choice for this scenario. An isotropic antenna is theoretical and indicates the signal goes in all directions equally. Omnidirectional and dipole
You are assisting a user implement a wireless network in his home. The wireless hardware he has requires the RC4 protocol. What type of security is BEST for this network?
WPA-TKIP. Temporal Key Integrity Protocol (TKIP) uses RC4 and is compatible with older hardware so Wi-Fi Protected Access (WPA) with TKIP and is the best option for this network.
You want to implement the STRONGEST level of security on a wireless network. Which of the following supports this goal?
Implementing WPA2. WPA2 provides the strongest level of security of the available answers.
You are planning to deploy a WLAN and you want to ensure it is secure. Which of the following provides the BEST security?
WPA2 CCMP.
Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?
An authentication server with a digital certificate installed on the authentication server. WPA2 Enterprise requires an 802.1x authentication server and most implementations require a digital certificate installed on the server.
You are assisting a small business owner in setting up a public wireless hot spot for her customers. Which of the following actions are MOST appropriate for this hot spot?
Enabling Open System Authentication. Open System Authentication is the best choice of those given for a public wireless hot spot. It is used with WEP, doesn't require users to enter a preshared key or passphrase, and doesn't require the business owner to
Homer is able to connect to his company's wireless network with his smartphone but not with his laptop computer. Which of the following is the MOST likely reason for this disparity?
His company's network has a MAC address filter in place.
Management asks you if you can modify the wireless network to prevent users from easily discovering it. Which of the following would you modify to meet this goal?
SSID broadcast.
Your organization maintains a separate wireless network for visitors in a conference room. However, you have recently noticed that people are connecting to this network even when there aren't any visitors in the conference room. You want to prevent these
Reduce antenna power. Reducing the antenna power will make it more difficult for users outside of the conference room to connect, but will not affect visitors in the conference room.
Which of the following represents the BEST action to increase security in a wireless network?
Replace TKIP with CCMP. Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) provides stronger encryption than Temporal Key Integrity Protocol (TKIP) and is the best choice.
You are planning a wireless network for a business. A core requirement is to ensure that the solution encrypts user credentials when users enter their usernames and passwords. Which of the following BEST meets this requirement?
WPA2 over EAP-TTLS. WPA2 over Extensible Authentication Protocol (EAP)-Tunneled Transport Layer Security (EAP-TTLS) is the best solution from the available answers.
A small business owner modified his wireless router with the following settings:
PERMIT 1A:2B:3C:4D:5E:6F
DENY 6F:5E:4D:3C:2B:1A
After saving the settings, an employee reports that he cannot access the wireless network anymore. What is the MOST likely rea
Hardware address filtering. MAC address filtering can block or allow access based on a device's MAC address, also known as the hardware address.
Homer recently implemented a wireless network in his home using WEP. He asks you for advice. Which of the following is the BEST advice you can give him?
He should not use WEP because it implements weak IVs for encryption keys. WEP is not recommended for use and one of the reasons is due to weak initialization vectors (IVs) used for key transmission.