Which of the following policies applies to any requests that fall outside the criteria defined in an ACL?
Non-repudiation
Implicit deny policy
Acceptable use policy
Post-admission NAC
A lightly protected subnet placed on the outside of the company's firewall consisting of publicly available servers is known as:
VPN
Access Point (AP)
VLAN
DMZ
Which part of the 192.168.1.5/24 address identifies its network ID?
192
192.168
192.168.1
192.168.1.5
Which of the following acronyms refers to a solution allowing companies to cut costs related to managing of internal calls?
PBX
POTS
P2P
PSTN
A solution that allows to make phone calls over a broadband Internet connection instead of typical analog telephone lines is known as:
IMAP
VoIP
ITCP
Which of the following answers lists a /27 subnet mask?
255.255.255.0
255.255.255.128
255.255.255.192
255.255.255.224
What type of system can be compromised through phreaking?
ATX
PGP
BIOS
Which of the following terms refers to a logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain, regardless of their physical location?
Virtualization
SNMP
Which security measure is in place when a client is denied access to the network due to outdated antivirus software?
NAC
NAT
Which of the following terms refers to a technology that allows multiple operating systems to work simultaneously on the same hardware?
Hyperthreading
Multi core
Combo drive
A security stance whereby a host is being granted / denied permissions based on its actions after it has been provided with the access to the network is known as:
Network separation
Pre-admission NAC
Quarantine
Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device?
ACL
VLAN membership can be set through: (Select all that apply)
Trunk port
Group permissions
Encryption
MAC address
In which of the cloud computing infrastructure types clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment?
IaaS
SaaS
PaaS
Which of the following cloud service types would provide the best solution for a web developer intending to create a web app?
API
A cloud computing infrastructure type where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer's own computers is called:
Thick client
The biggest advantage of public cloud is that all services provided through this type of cloud computing service model are offered free of charge.
A concept of effective security posture employing multiple tools and different techniques to slow down an attacker is known as: (Select 2 answers)
Vulnerability scanning
Layered security
Authorization
Principle of least privilege
Defense in depth
Which of the IPsec modes provides entire packet encryption?
Tunnel
Payload
Transport
Default
Which of the following protocols is used in network management systems for monitoring network-attached devices?
RTP
STP
Which of the following protocols transmit data in an unencrypted form? (Select all that apply)
SCP
IPsec
SNMPv1
FTP
Telnet
SFTP
A group that consists of SNMP devices and one or more SNMP managers is known as:
SNMP trap
Network Management System (NMS)
SNMP community
Management Information Base (MIB)
Which of the following protocols was designed as a secure replacement for Telnet?
ICMP
IPv6
SSH
A system used to convert a computer's host name into an IP address on the Internet is known as:
DNS
NetBIOS
TLS
DNS database AAAA record identifies:
Mail server
IPv4 address
Canonical name
IPv6 address
Which of the following protocols are used for securing HTTP connections? (Select 2 answers)
SSL
Which of the following answers refers to a suite of protocols used for connecting hosts on the Internet?
IPv4
TCP/IP
LAN
FTPS is an extension to the FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
The SCP protocol is used for:
Directory access
Secure file transfer
Network addressing
Sending emails
Which of the protocols listed below is used by the PING utility?
FCoE
Which of the following answers lists the IPv6 loopback address?
::/128
FF00::/8
::1
127.0.0.1
Which of the following answers refers to a networking standard for linking data storage devices over an IP network?
iSCSI
SSD
TPM
LDAP
Which of the following protocols facilitate communication between SAN devices? (Select 2 answers)
MTBF
TFTP
HTTPS
The FTP protocol is designed for:
Sending email messages between servers
Serving web pages
Translating domain names into IP addresses
File exchange
Which of the protocols listed below does not provide authentication?
FTP runs by default on ports: (Select 2 answers)
25
23
20
21
22
Which of the following protocols run(s) on port number 22? (Select all that apply)
SMTP
Port number 23 is used by:
Which of the following TCP ports is used by SMTP?
53
80
DNS runs on port:
139
443
Which of the following ports enables HTTP traffic?
110
88
143
Which of the following ports enable(s) retrieving email messages from a remote server? (Select all that apply)
Which of the port numbers listed below are used by NetBIOS? (Select all that apply)
137
161
138
162
IMAP runs on TCP port:
Which of the following TCP ports is used by HTTPS?
Which of the following answers lists the default port number for a Microsoft-proprietary remote connection protocol?
3389
Which of the following protocols operate(s) at layer 3 (the network layer) of the OSI model? (Select all that apply)
IPSec
HTTP
In the OSI model, TCP resides at the:
Physical layer
Network layer
Application layer
Transport layer
A network protocol for secure file transfer over secure shell is called:
Which of the following wireless encryption schemes offers the highest level of protection?
WEP
WPA2
WAP
WPA
Which of the wireless security protocols listed below has been deprecated in favor of newer standards due to known vulnerabilities?
PEAP
CCMP
Which of the following answers refers to an authentication framework frequently used in wireless networks and point-to-point connections?
DLP
OCSP
EAP
A network access control method whereby the 48-bit address assigned to each network card is used to determine access to the network is known as:
EMI shielding
Hardware lock
MAC filter
Quality of Service (QoS)
Which of the following acronyms refers to a wireless network name?
SSID
SSO
HVAC
Which of the following protocols was introduced to strengthen existing WEP implementations without requiring the replacement of legacy hardware?
TKIP
Disabling SSID broadcast:
Is one of the measures used for securing networks
Makes a WLAN harder to discover
Blocks access to WAP
Prevents wireless clients from accessing the network
Which of the following protocols encapsulates EAP within an encrypted and authenticated TLS tunnel?
PAP
AES-based encryption mode implemented in WPA2 is known as:
An optimal WAP antenna placement provides a countermeasure against: (Select 2 answers)
War chalking
Tailgating
War driving
Shoulder surfing
Site survey
Which of the following WAP configuration settings allows for adjusting the boundary range of the wireless signal?
Beacon frame
Power level controls
MAC filtering
Which of the following answers refers to a solution allowing administrators to block Internet access for users until they perform required action?
Access logs
Mantrap
Captive portal
Which of the following antenna types would provide the best coverage for workstations connecting to a WAP placed in a central point of a typical office? (Select all that apply)
Omnidirectional
Unidirectional
Bidirectional
Non-directional
Which of the following is an example of a wireless site survey?
Bluejacking
Spear phishing
Which of the following examples falls into the category of technical security controls?
Change management
Intrusion detection system
Incident response procedure
An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an example of:
Fault tolerance
False positive error
Incident isolation
False negative error
Which of the following examples falls into the category of operational security controls?
Antivirus software
Which of the following terms refers to a situation where no alarm is raised when an attack has taken place?
False negative
True positive
False positive
True negative
A policy outlining ways of collecting and managing personal data is known as:
Audit policy
Privacy policy
Data loss prevention
Which of the following acronyms refers to a set of rules enforced in a network that restrict the use to which the network may be put?
OEM
AUP
UAT
ARO
One of the goals behind the mandatory vacations policy is to mitigate the occurrence of fraudulent activity within the company.
Which of the following answers refers to a concept of having more than one person required to complete a given task?
Multifactor authentication
Separation of duties
A security rule that prevents users from accessing information and resources that lie beyond the scope of their responsibilities is known as:
Order of volatility
Single sign-on
Which of the following acronyms refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?
ALE
SLE
Single Loss Expectancy (SLE) = Asset Value (AV) x Exposure Factor (EF)
The Exposure Factor (EF) used in the formula above refers to the impact of the risk over the asset, or percentage of asset lost when a specific threat is realized. Which of the following answers lists the EF value for an asset that is entirely lost?
0
100
1.0
0.1
A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called
Antivirus
Firewall
Antispyware
Malware
A device designed to forward data packets between networks is called
Switch
Hub
Router
Allowing a program through a firewall is known as creating
Entry
Exception
A network device designed for managing the optimal distribution of workloads across multiple computing resources is called
Load balancer
HIDS
The last default rule on a firewall is to
Create an exception
Allow all traffic
Deny all traffic
Unblock all ports
A computer network service that allows clients to make indirect network connections to other network services is called
Proxy
Network Access Control (NAC)
Backdoor
A solution designed for filtering malicious / restricted content from entering corporate networks is known as
Subnetting
HIPS
Web security gateway
One of the measures for securing networking devices includes the practice of disabling unused ports
What type of protocols ensure the privacy of a VPN connection?
OSPF
Tunneling
Which of the following answers refers to a dedicated device for managing secure connections established over an untrusted network, such as the Internet?
VPN concentrator
Spam filter
Web server
Which of the following acronyms refers to a network or host based monitoring system designed to automatically alert administrators of known or suspected unauthorized activity?
IDS
AES
EFS
A software tool used to monitor and examine contents of network traffic is known as: (Select all that apply)
Port scanner
Packet sniffer
Vulnerability scanner
Protocol analyzer
Which of the following answers list the protocol and port number used by a spam filter? (Select 2 answers)
TELNET
Which of the following acronyms refers to a network security solution combining the functionality of a firewall with additional safeguards such as URL filtering, content inspection, or malware inspection?
MTU
UTM
XML
Which of the following network security solutions inspects network traffic in real-time and has the capability to stop the ongoing attack?
NIPS
NIST
Which of the following answers refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object?
CRL
BCP
Which of the following actions can be taken by passive IDS? (Select 2 answers)
Reconfiguring firewall
Closing down connection
Logging
Terminating process
Sending an alert
802.1x is an IEEE standard defining
Token ring networks
Port-based network access control
VLAN tagging
Wireless networking
An access control model in which access to resources is granted or denied depending on Access Control List (ACL) entries is also known as
Mandatory Access Control
Lattice-Based Access Control
Role-Based Access Control
Rule-Based Access Control
Which type of Intrusion Detection System (IDS) relies on the previously established baseline of normal network activity in order to detect intrusions?
Signature-based
URL filter
Anomaly-based
Which of the following security solutions provides a countermeasure against denial-of-service attack characterized by increasing number of half-open connections?
Flood guard
Honeypot
Which of the following protocols protects against switching loops?
UTP
HMAC
Which type of Intrusion Detection System (IDS) relies on known attack patterns to detect an intrusion?
URL filtering restricts access to Internet sites based on which of the following criteria?
Virus signature
Web address
Baseline
Data content
Which of the following acronyms refers to a firewall controlling access to a web server?
WPS
WAF
