Match the network access protection (nap) component on the left with its description on the right.

Looking for Expert Opinion?

Let us have a look at your work and suggest how to improve it!

Get a Consultant

You have recently experienced a security incident with one of your servers. After some research, you determine that hotfix #568994 that has recently been released would have protected the server. Which of the ff. recommendations should you follow when applying the hotfix?

Test the hotfix, then apply it to all servers.

Which of the ff. is the best recommendation for applying hotfixes to your servers?

Apply only the hotfixes that apply to software running on your systems

Which of the following terms describes a Windows operating system patch that corrects a specific problem and is release on a short-term, periodic basis (typically monthly)?

Hotfix

You provide IT support under contract for a dentists office. The office has a limited number of wireless clients, so a simple wireless router is used to profide WIFI access. On your latest visit, you check the manufactures website and discover that a update has been released by the wireless router manufacture. You decide to download and install the update.

Click the option you should use in the wireless routers configuration interface to prepare the device for update.

Backup Configuration

Even if you perform regular backups, what must be done to ensure that you are protected against data loss?

Regularly test restoration procedures

Why should backup media be stored offsite?

To preven the same disaster from affecting both the network and the backup media

Which of the following is true for a system image backup?

Is saved as a .vhd file

Which media types can backup files be saved to? select two

Network Attached Storage (NAS) External hard drives

You just developed a new Cisco router that connects several network segments in your organization. The router is physically located in the server route that requires an ID card to gain access. You backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using Telnet client with a username admin and a password of admin. You used the MDS hashing algorithm to protect the password.

What should you do to increase the security of this device? select two

Change the default administrative username and password Use an SSH client to access the router configuration

Which of the following protocols or services would you associate with Windows Remote Desktop Services network traffic?

RDP

You manage a server at work that has just been configured with a new application. Consequently, the server has crashed several times during the last week. you think you have the problem resolved, but you would like to be able to manage the server remotely in case there is a problem
Which of the following protocols would you use for remote management? select two

VNC ICA

You are in the middle of a big project at work. All of your work files are on a server at the office. You want to be able to access the server desktop, open and edit files, save the files on the server, and print files to a printer connected to a computer at home.
Which protocol should you use?

RDP

Match each bring your own device (BOYD) security concern on the right with a possible remedy on the left. Each remedy may be used once, more than once, not at all.

Users take pictures of proprietary processes and procedures- Specify where and when mobile devices can be possessed in your acceptable use policy. Devices with a data plan can e-mail stole data- Specify where and when mobile devices can be possessed in your acceptable use policy Devices have no PIN or password configured- Enroll devices in a mobile device management system Anti-malware software is not installed- Implement a network access control (NAC) solution A device containing sensitive data may be lost- Enroll devices in a mobile device management system

Your organization recently purchased 30 tablet devices for your traveling sales force. These devices have Windows RT preinstalled on them. To increase security of these devices, you want to apply a default set of security-related configuration settings.

What is the best approach to take to accomplish this? select two

Configure and apply security policy settings in a mobile device management system Enroll the devices in a mobile device management system

Your organization recently purchased 18 IPad tablets for use by the organizations management team. The devices have iOS pre-installed on them. To increase security of these devices, you want to apply a default set of security-related configuration settings.

What is the best approach to take to accomplish this? select two

Enroll the devices in a mobile device management system Configure and apply security policy settings in a mobile device management system

Your organizations security policy specifies that any mobile device (regardless of ownership) that connects to your internal network must have remote with enabled. If the device is lost or stolen, then it must be wiped to remove any sensitive data from it.
Your organization recently purchased several Windows RT tablets. Which should you do?

Sign up for a Microsoft Intune account to manage the tablets

Most, mobile device management (MDM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate

Most accurate GPS More accurate Wi-Fi triangulation Less accurate Cell phone tower triangulation least accurate IP address resolution

Your organization has recently purchases 20 tablets devices for the Human Resources department to use for training sessions. You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible.

Which actions should you take? (select 2)

Implement storage implementation. Enable device encryption.

Which of the following mobile device security consideration will disable the ability to use the device after a short period of inactivity?

Screen lock

Which of the following are not reasons to remote wipe a mobile device?

When the devices is inactive for a period of time

A smart phone was lost at the airport. There is no way to recover the device. Which of the following will ensure data confidentiality on the device?

Remote Wipe

Your organization provides its sales force with Windows RT 8.1 tablets to use while visiting customers sites. You manage these devices by enrolling them in your cloud-based Microsoft Intune account. One of your sales reps left her tablet at an airport. The devices contains sensitive information and you need to remove it in case that device is compromised.

Which Intune portal should you use to perform a remote wipe?

Admin Portal

Many of the end users in your organization are bringing their own personal mobile devices to work and are storing sensitive date on them. To precent the data from being compromised, you create a cloud-based Microsoft Intune account and configure mobile device security policies. You now need to apply those security policies to the end users mobile devices.

What should you do? select two

Enroll the devices with the Intune service Create a user account for each user who has a managed mobile device

You are considering using WIFI triangulation to track the location of wireless devices within your organization. However, you have read on the internet that this type of tracking can produce inaccurate results.
What is the most important consideration for getting reliable results when implementing this type of system?

Signal strength

The outside sales reps from your company use notebooks computers, tablets, and phones to connect to the internal company network. While traveling, they connect thier devices to the internet using airport and hotel networks.
What should you do?

NAC

The owner of a hotel has contracted with you to implement a wireless network to provide Internet access for patrons. The owner has asked….. Under no circumstances should…..

What should you do?

Implement a guest network

Which of the following enterprise wireless configurations strategies best keeps public wireless access separate from private wireless access?

Configure a guest access WLAN that uses open authentication and that isolates guest WLAN traffic from other clients on the same access point.

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees.
What should you do?

Add a separate A/C unit in the server room

You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into the server components and affecting the ability of the network.
Which of the following should you implement?

Positive pressure system

You are adding a new rack to your data center, which will house five new blade servers. The new servers will be installed in a cluster that will host a customer tracking database. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to connect each new server to the switch in the existing rack using straight-through UTP cables that will be run along the floor around the perimeter of the data center. To provide power for the new devices, you will hire an electrician to install several new 20-amp wall outlets near the new rack. To protect against power failures, you also plan to install a UPS in the rack along with redundant power supplies for the server. Will this configuration work?

No, you should run the cable around the perimeter of the room in a cable tray.

You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for virtualization. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a straight-through plenum UTP cable that will be run along the floor around the perimeter of the data center to prevent tripping. To provide power for the net devices….

Will this configuration work?

No, you should consider relocating the new rack next to the existing rack.

You are adding a new rack to your data center, which will house two new blade servers and a new switch. The new servers will be used for virtualization. The only space you have available in the data center is on the opposite side of the room from your existing rack, which already houses several servers, a switch, and a router. You plan to configure a trunk port on each switch and connect them with a cross-over plenum UTP cable that will be run through the suspended tile ceiling for the data center.
what is wrong with this configuration? select two

You should implement a UPS between the wall outlet and the network devices You should implement redundant power supplies for the network devices

You have purchased a solar backup power device to provide temporary electrical power to critical systems in your data center should the power provided by the electrical utility company go out The solar panel array captures sunlight, converts it into DC, and stores it in large batteries. However…

Which electrical devices should you implement to convert the DC power stored in the batteries into AC power that can be used in the data center?

Inverter

Which electrical devices is used to convert the voltage of an alternating current (AC) from the utilities company’s transmission lines to 110 volts that can be used by devices in the data center?

Transformers

You have been struggling to keep the temperature in your server room under control. To address this issue, you have decided to reconfigure the room to create hot and cold aisles.
Which of the following are true concerning this configurations? select two

The rear of your servers should fave the hot aisle The from of your servers should face the cold aisle

You’ve just installed a new 16U wall-mounted rack in your data center. You need to install the following equipment in this rack: A 4U redundant power supply A 4U server A 4U switch A 2U router

Which of the following equipment will also fit in this rack along with the above equipment?

2U UPS

Consider the network diagram shown below. Click on the item in the diagram that does not follow a standardized labeling scheme

PC2

Your 24U rack currently houses two 4U server systems. To prevent overheating, yo’ve installed a rock-mounted environment monitoring device within the rack. Currently, the device shows the temp within the rack to be 79 degrees.

what should you do?

Nothing, the temperature within the rack is within acceptable limits

You have been hired by a startup company to install a new data center. The company is small, so they will elect to use an unused employee break room as the data center. You are concerned about truth physical security of the servers that will be installed in the data center.

what should you do? select two

Install racks with locking doors Install a biometric lock on the data center door

Which of the following is the least effective power loss protection for computer systems?

Surge protector

Besides protecting a computer from under voltage, a typical UPS also performs which two actions.

Protects from over voltage Conditions the power signal

You manage the website for your company. The website uses a cluster of two servers with a single shared storage device. The shared device uses a RAID 1 configuration. Each server has a single connection to the shared storage, and a single connection to your ISP.
You want to provide redundancy such that a failure in a single component does not cause the website to be unavailable. What should you add to your configuration to accomplish this?

Connect one server through a different ISP to the internet.

You have a WAN link that connects two sites. The WAN link is supposed to provide 1.5 Mbps of bandwidth. You want to perform a test to see the actual bandwidth of the link.
Which tool should you use?

Throughput tester.

What is a program that appears to be legitimate application, utility, game or screensaver and that performs malicious activities surreptitiously?

Trojan horse

You connect a packet sniffer to a switch to monitor frames on your local area network. However, the packet sniffer is only able to see broadcast frames and frames addressed specifically to the host device.
Which feature should you enable on the switch so you can see frames from all devices connected to the switch?

Mirroring.

You have installed a new application on a network device. During testing, it appears as if the software is causing other services running on the device to stop responding.
Which tool should you consult to identify the problem?

Application log.

You manage a firewall that connects your private network to the Internet. You would like to see a record of every packet that has been rejected by the firewall in the past month.
Which tool should you use?

Event log.

You suspect that your web server has been the target of a denial-of-service attack. You would like to view information about the number of connections to the server over the past three days.
Which log would you most likely examine?

Performance

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the network.
Which tool should you use?

Packet sniffer.

You have a website that customers use to view product information and place orders. You would like to identify the maximum number of simultaneous sessions that this server can maintain before the performance is negatively impacted.
Which tool should you use?

Load tester

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffer software on a device which is connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation and not other devices.

Which feature should you configure?

Promiscuous mode.

You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device.
Which tool should you use?

Protocol analyzer.

You have heard about a Trojan horse program where the compromised systems sends personal information to a remote attacker on a specific TCP port. You want to be able to easily tell whether any of your systems are sending data to the attacker.
Which log would you monitor?

Firewall

You have a small network of devices connected together using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B.

What should you do?

Run the packet sniffer application on Host B.

Which of the following functions can a port scanner provide? select two

Determining which ports are open on a firewall Discovering unadvertised servers

Each of the following tools used to check the health of a network.
Which of these is typically used to managing and sending messages from one computer system to another?

syslog

Which of the following is a reason to use a protocol analyzer?

Find devices that might be using legacy protocols, such as IPX/SPX or NetBIOS

You are the network administrator for a growing business. When you were initially hired, the organization was small and only a single switch and router were required to support your users. During this time, you monitored log messages from your router and switch directly from each device’s console.

However, the organization has grown considerably in recent months. You now must manage 8 individual switches and three routers. It’s becoming more and more difficult to monitor these devices and stay on top of issues in a timely manner.

What should you do?

Use syslog to implement centralized logging.

Which of the following is a standard for sending log messages to a central logging server?

Syslog

Consider the following log message, generated on a router. *Aug 8 11:18:12.081: %LINEPPROTO-5-UPDOWN: Line protocol on interface fastethernet0/0, changed state to down.

What facility generated this message?

%LINEPPROTO

Consider the following output generated by the show interface fa0/0 command generated on a router:
Which of the following statements are true about fa0/0 interface. select three

The interface has been dropping incoming packets Several collisions have occurred One cyclic redundancy check error has occurred

Because of an unexplained network slowdown on your network, you decide to install monitoring software on several key network hosts to locate the problem. You will then collect and analyze data from a central network host. What protocol will the software use to detect the problem?

SNMP

Which protocol uses traps to send notifications from network devices?

SNMP

You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?

Implement version 3 of SNMP

Which of the following are improvements to SNMP that are included within SNMP version 3? (Select two)

Authentication for agents and managers Encryption of SNMP messages

One of the components of Simple Network Management Protocol (SNMP) is an alert. Which of the following best describes an SNMP alert?

Sends a message via email or SMS when an event occurs

You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device.
Which tool should you use?

Protocol analyzer.

Developers in your company have created a Web application that interfaces with a database server. During development, programmers created a special user account that bypasses the normal security. What is this an example of?

Backdoor

A collection of zombie computers have been setup to collect personal information. What type of malware do the zombie computers represent?

Botnet

You have heard about a new malware program that presents itself to user as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the ff. terms best describes this software?

Rootkit

NetBus and Back Orifice are remote control tools. They allow you to connect to a remote system over a network and operate it as if you were sitting at its local keyboard. Unfortunately, these two programs are also examples of what type of security concern?

Backdoor Trojans

Which type of virus intercepts system requests and alters service outputs to conceal its presence?

Stealth

Which of the ff. best describes spyware?

It monitors the actions you take on your machine and sends the information back to its originating source.

While browsing the Internet, you notice that the browser displays ads that are targeted towards recent keyword searches you have performed. What is this an example of?

Adware

Which of the ff. measures are you most likely to implement to protect against a worm or Trojan horse?

Anti-virus software

You recently discovered several key files of your antivirus program have been deleted. You suspect that a virus has deleted the files. Which type of virus deletes key antivirus program files?

Retro

Which of the ff. describes a logic bomb?

A program that performs a malicious activity at a specific time or after a triggering event.

What is the main difference between a worm and a virus?

A worm can replicate itself, while a virus requires a host for distribution.

What is another name for a logic bomb?

Asynchronous attack

Which of the ff. statements about the use of anti-virus software is correct?

Anti-virus software be configured to download update virus definition files as soon as they become available.

Which of the ff. password attacks uses preconfigured matrices of hashed dictionary words?

Rainbow table

Which of the ff. is most vulnerable to a brute force attack?

Password authentication

In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?

A strong password policy

Which of the ff. actions should you take to reduce the attack surface of a server?

Disable unused services

By definition, what is the process of reducing security exposure and tightening security controls?

Hardening

When securing a newly deployed server, which of the ff. rules of thumb should be followed?

Determine the unneeded services and their dependencies before altering the system.

Which of the ff. describes a configuration baseline?

A list of common security settings that a group or all devices share

Which of the ff. solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers?

Group Policy

For users who are member of the Sales Team, you want to force their computers to use a specific desktop background and remove access to administrative tools from the Start menu. Which solution should you use?

Group Policy

You have contracted with a vendor to supply a custom application that runs on Windows workstations. As new application versions and patches are released, you want to be able to automatically apply these to multiple computers. Which tool would be the best choice to use?

Group Policy

You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network, and control access to files when files are accessed through the network or through a local logon. Which solution should you implement?

NTFS and share permissions

You want to give all managers the ability to view edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this?

Create a security group for the managers. Add all users as members of the group. Add the group to the file’s DACL.

You have a shared folder named Reports. Members of the Managers group have been given Write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do?

Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.

You have two folders that contain documents used by various departments: o The Development group has been given the Write permission to the Design folder. o The Sales group has been given the Write permission to the Products folder.

No other permission have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do?

Make Mark a member of the Sales groupl add Mark’s user account directly to the ACL for the Design folder.

FTPS uses which mechanism to provide security for authentication and data transfer?

SSL

You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do to enable access?

Open ports 20 and 21 for inbound and outbound connections.

Many popular operating system allow for quick and easy sharing of files and printers with other network members. Which of the ff. is not a means by which file and printer sharing is hardened?

Allowing NetBIOS traffic outside of your secured network.

Your company leases a very fast Internet connection and pays for it based on usage. You have been asked by the company president to reduce Internet line lease costs. You want to reduce the amount of web pages that are downloaded over the leased connection, without decreasing performance.

What is the best way to do this?

Install a proxy server

You manage a server that runs your company Web site. The Web site includes streaming video that shows features of some of your products.

The link connecting your server to the Internet charges based on bandwidth use. When the bandwidth spikes, so does your bill. You would like to implement a solution to prevent the amount of traffic sent over the WAN link from exceeding a specific level.

Which solution should you implement?

Traffic shaper

You manage a server that runs your company Web site. The Web server has reached its capacity, and the number of client requests is greater than the server can handle.

You would like to find a solution so that a second server can respond to requests for Web site content.

Which solution should you implement?

Load balancing

You have a website that uses multiple servers for different types of transactions. For example, one server is responsible for static web content, while another is responsible for secure transactions. You would like to implement a devices to speed up access to your web content….. Which type of device should you choose?

Content switch

What is the primary security feature that can be designed into a networks infrastructure to protect and support availability?

Redundancy

What is the purpose of using Ethernet bonding? (Select two.)

Increases network performance. Provides a failover solution for network adapters

You have a network server with two network interface cards. You want both network adapters to be used at the same time to connect to the same network to double the amount of data the server can send. Which feature would you use?

Ethernet bonding

Your network conducts training sessions for high-profile clients. As part of the training, clients connect to get a video feed of the instructor and other class activities. You want to make sure that video traffic related to the training is not delayed on the network.

Which solution should you implement?

QoS

QoS provides which of the following on a network?

Reduces latency of time-sensitive traffic

Match the COS priority on the left with the corresponding value on the right.

0-Best effort (default) 1-Backgroud 2-Excellent effort 3-Critical applications 4-Video(<100ms latency) 5-Video(<10ms latency) 6-Internetwork control 7-Network control

Which of the following statements about DSCP are true? select two

The DiffServ field is used to add precedence values Classification occurs at layer 3

Which type of switch optimizes network performance by using ASIC to perform switching at wire speed?

Multilayer switch

Your organizations uses a time-keeping application that only runs on Windows 2000. Because of this, there are several Windows 2000 workstations on your network. Last week you noticed unusual activity…. Which solution should you implement to protect the network….

Configure VLAN membership so that the Windows 2000 workstations are on their own VLAN

A new assistant network Admin was recently hired by your organization to relieve some of your workload. You assigned the assistant network Admin to replace a defective patch cable that connected port 1 on your patch panel to one of your network switches…. What should you do. choose two

Remove the patch cable connecting the first switch to the third switch Enable STP on each switch

You are a network administrator for your computer. A frantic user calls you one morning exclaiming that "nothing is working." What should you do next in your troubleshooting strategy?

Establish the symptoms.

You are a network administrator for your company. A user calls and tells you that after stepping on the network cable in her office, that she can no longer access the network. You go to the office and see that one of the user’s stiletto heels has broken and exposed some of the wiring in the Cat 5 network cable. You make another cable and attach it from the wall plate to the user’s computer.

What should you do next in your troubleshooting strategy?

Test the solution.

A router periodically goes offline. Once it goes offline, you find that a simple reboot puts the router back online. After doing some research you find that the most likely cause of the problem is a bug in the router’s software. A new patch is available from the manufacturer that is supposed to eliminate the problem.

What should you do next?

Identify possible effects of the solution.

Users report that the network is down. After some investigation, you determine that a specific router is configured such that a routing loop exists.
What should you do next?

Determine if escalation is needed.

A user reports that she cant connect to the internet. After some investigation, you find the wireless router has been misconfigured. You are responsible for managing and maintaining the wireless access point.
What should you do next?

Create an action plan.

A user is unable to connect to the network. You investigate the problem and determine that the network adapter is defective. You replace the network adapter and verity that it works.
What should you do next?

Identify the results and effects of the solution

A user reports that he cant connect to a specific Web site. You go to the user’s computer and reproduce the problem.
What should you do next?

Identify the affected areas of the network.

A user reports that she cant connect to a server on your network. You check the problem and find out that all users are having the same problem.
What should you do next?

Determine what has changed.

When troubleshooting network issues, its important to carry out tasks in a specific order. Drag the trouble shooting task on the left to the correct step on the right.

Step 1 Identify the problem Step 2 Establish a theory of probable causes Step 3 Test the theory to determine the cause Step 4 Establish a plan of action Step 5 Implement the solution or escalate Step 6 Verify full system functionality Step 7 Document findings, actions and outcomes

Match each troubleshooting command on the left with its function on the right. each utility may be used one, more than once, or not at all

Tests connectivity between two network hosts by sending IPv4 ICMP echo requests packets without modifying the TTL parameters/Ping Computes lost/sent packet statistics for each hop in the route between two hosts/ Pathping Used on Linux systems to identify the route between two IPv6 hosts/ Tracetroute6 Used on Windows systems to identify the route between two IPv4 hosts/ Tracert Tests connectivity IPV6/

A service Level Agreement (SLA) defines the relationship between, and the contractual responsibilities of, providers and recipients of service. Which of the following characteristics are most important when designing an SLA? select two

Detailed provider responsibilities for all continuity and disaster recovery mechanisms. Clear and detailed descriptions of penalties if the level of service is not provided

What is the most important element related to evidence in addition to the evidence itself?

Chain of custody document

You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court.
What type of document is this?

Chain of custody

Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?

Hashing

The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following action is most likely to destroy evidence?

Rebooting the system

You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains.
What should you do first?

Make a bit-level copy of the disk

Arrange the computer components listed on the left in order of decreasing volatility on the right.

CPU registers and caches System RAM Paging file Hard Disk File system backup on an external USB drive

After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?

Back up all logs and audits regarding the incident

Which of the following is an important aspect of evidence gathering?

Backing up all logs files and audit trails

When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first?

Document whats on the screen

During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence?

Disconnect the access point from the network

You have discovered a computer that is connected to you r network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack.
Which should you do next?

Perform a memory dump

You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future.

What else might you be legally required to do?

Contact your customers to let them know of the security breach.

In which stage of the evidence lifecycle is the forensic report created?

Preservation and analysis

Members off the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed.

Which solution should you use?

NAC

You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download.

Which of the following components will be part of your solutions? select two

802.1a authentications Remediation servers

You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network.

What feature should you configure?

Port authentication

In which of the following situations would you use port security?

You want to restrict the devices that could connect through a switch port.

You are the network administrator for a city library. Thought the library are several groups of computers that provide public access to the internet….. The library computers are in croups of four. each group of four computers is connected to a hub that is connected to the library network…

What can you do?

Configure port security on the switch

Your company is a small start-up that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides internet access.
You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented.

VLAN

A network switch detects a DHCP frame on the LAN that appears to have come from a DHCP server that is not located on the local network. In fact, it appears to have originated from outside the organizations firewall. As a result, the switch drops the DHCP message from that server.

Which security feature was enabled on the switch to accomplish this?

DHCP snooping

A network switch is configured to perform the following checks on its ports. -all ARP requests -each intercepted request -if the packet has a valid Binding -if the packet has an invalid binding

What security feature was enabled on the switch to accomplish this?

Dynamic ARP inspection

Which type of security uses MAC addresses to identify devices that are allowed or denied a connection to a switch?

Port security

Match the port security MAC address type on the left with its description on the right

MAC address manually identified as an allowed address SecureConfigured MAC address that has been learned and allowed by the switch SecureDynamic MAC address that is manually configured or dynamically learned that is saved in the config file SecureSticky

You are in the process of implementing a Network Access Protection (NAP) infrastructure to increase your networks security. You are currently configuring the remediation network that non-compliant clients will connect to in order to become compliant. the remediation network needs to be isolated from the secure network.

Which should you implement to do this?

Network segmentation

Match the network Access Protection (NAP) component on the left with is description on the right.

Generates a stament of Health (SoH) that reports the client configuration for health requirements. NAP Client Runs the System Health Validator (SHV) NAP Server Is the connection point for clients to the network Enforcement Server (ES) Contain resources accessible to non-compliant computers on the limited-access network. Remediation Server

You have decided to perform a double blind penetration test. Which of the following actions would you perform first?

Inform senior management

Which of the following activities are typically associated with penetration testing? (select two)

Attempting social engineering Running a port scanner

Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack?

Zero knowledge team

A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to a wireless network and then uses NMAP to probe various network hosts to see which operating system they are running.
Which process did the administrator use in the penetration test in this scenario?

Active fingerprinting

A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try and determine which operating systems are running on network hosts.
Which process did the administrator use in the penetration test in this scenario?

Passive fingerprinting

Drag each penetration test characteristic on the left to the appropriate penetration test name on the right.

White box test The tester has detailed information about the target system prior to starting the test. Grey Box test The tester has the same about of information that would be available to a typical insider in the organization. Black box test The tester has no prior knowledge of the target system. Single blind test Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed. Double blind test The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed

Match each network enumeration technique on the left with its corresponding description on the fish.

Identifying phone number with modems War dialing Scanning for wireless access points Wardriving Identifying operating system type and version number Banner grabbing Identifying services that can pass through a firewall Firewalking

What is the main difference between vulnerability scanning and penetration testing?

Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter.

Which of the following is included in an operations penetration test? (select three)

1. Looking through discarded papers or media for sensitive information 2.Eavesdropping or obtaining sensitive information from items that are not properly stored 3.Acting as an imposter with the intent to gain access or information

Which phase or step of security assessment is a passive activity

Reconnaissance

What is the primary purpose of penetration testing?

Test the effectiveness of your security perimeter

Which of the following identifies an operating system or network service based upon it response to ICMP messages?

Fingerprinting

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Penetration testing

Which of the following activities are considered passive in regards to the functioning of anintrusion detection system? (Select two.)

Monitoring the audit trails on a server Listening to network traffic

An active IDS system often performs which of the following actions? select two

Update filters to block suspect traffic Perform reverse lookups to identify an intruder

What does an IDS that uses signature recognition use for identifying attacks?

Comparison to a database of know attacks

Which of the following are security devices that perform stageful inspections of packet data, looking for patterns that indicate malicious code? select two

IPS IDS

Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment?

Periodic reviews must be conducted to detect malicious activity or policy violations.

What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?

IDS

You are connected about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when poosible to stop or prevent the attacks.
Which tool should you use?

IPS

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.

Which solution should you implement?

Host based IDS

You are concerned about protecting your network from network-based attacks from the internet. Specifically, you are concerned about zero day attacks (attacks that have not yet been identified or that do not have prescribed protections.)
Which type of device should you use?

Anomaly based IDS

If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?

Disconnect the intruder

You have worked as a network Admin for a company for seven months. One day all picture files on the server become corrupted. You discover that a user downloaded a virus from the internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss adam at that this situation does not occur.

What should you do?

Install a network virus detection software solution.

Which of the following actions should you take to reduce the attack surface of a server?

Disable unused services

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services.
Which tool should you use?

Port scanner

Which of the following intrusion detection and prevention systems use fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data?

honeypot

What does a tarpit specifically do to detect and prevent intrusion into your network?

Answer connection requests in such a way that the attacking computer is stuck for a period of time

A service Level Agreement (SLA) defines the relationship between, and the contractual responsibilities of, providers and recipients of service. Which of the following characteristics are most important when designing an SLA? select two

Detailed provider responsibilities for all continuity and disaster recovery mechanisms. Clear and detailed descriptions of penalties if the level of service is not provided

What is the most important element related to evidence in addition to the evidence itself?

Chain of custody document

You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court.
What type of document is this?

Chain of custody

Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?

Hashing

The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following action is most likely to destroy evidence?

Rebooting the system

You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains.
What should you do first?

Make a bit-level copy of the disk

Arrange the computer components listed on the left in order of decreasing volatility on the right.

CPU registers and caches System RAM Paging file Hard Disk File system backup on an external USB drive

After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?

Back up all logs and audits regarding the incident

Which of the following is an important aspect of evidence gathering?

Backing up all logs files and audit trails

When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first?

Document whats on the screen

During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence?

Disconnect the access point from the network

You have discovered a computer that is connected to you r network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack.
Which should you do next?

Perform a memory dump

You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future.

What else might you be legally required to do?

Contact your customers to let them know of the security breach.

In which stage of the evidence lifecycle is the forensic report created?

Preservation and analysis

Members off the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed.

Which solution should you use?

NAC

You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download.

Which of the following components will be part of your solutions? select two

802.1a authentications Remediation servers

You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network.

What feature should you configure?

Port authentication

In which of the following situations would you use port security?

You want to restrict the devices that could connect through a switch port.

You are the network administrator for a city library. Thought the library are several groups of computers that provide public access to the internet….. The library computers are in croups of four. each group of four computers is connected to a hub that is connected to the library network…

What can you do?

Configure port security on the switch

Your company is a small start-up that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides internet access.
You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented.

VLAN

A network switch detects a DHCP frame on the LAN that appears to have come from a DHCP server that is not located on the local network. In fact, it appears to have originated from outside the organizations firewall. As a result, the switch drops the DHCP message from that server.

Which security feature was enabled on the switch to accomplish this?

DHCP snooping

A network switch is configured to perform the following checks on its ports. -all ARP requests -each intercepted request -if the packet has a valid Binding -if the packet has an invalid binding

What security feature was enabled on the switch to accomplish this?

Dynamic ARP inspection

Which type of security uses MAC addresses to identify devices that are allowed or denied a connection to a switch?

Port security

Match the port security MAC address type on the left with its description on the right

MAC address manually identified as an allowed address SecureConfigured MAC address that has been learned and allowed by the switch SecureDynamic MAC address that is manually configured or dynamically learned that is saved in the config file SecureSticky

You are in the process of implementing a Network Access Protection (NAP) infrastructure to increase your networks security. You are currently configuring the remediation network that non-compliant clients will connect to in order to become compliant. the remediation network needs to be isolated from the secure network.

Which should you implement to do this?

Network segmentation

Match the network Access Protection (NAP) component on the left with is description on the right.

Generates a stament of Health (SoH) that reports the client configuration for health requirements. NAP Client Runs the System Health Validator (SHV) NAP Server Is the connection point for clients to the network Enforcement Server (ES) Contain resources accessible to non-compliant computers on the limited-access network. Remediation Server

You have decided to perform a double blind penetration test. Which of the following actions would you perform first?

Inform senior management

Which of the following activities are typically associated with penetration testing? (select two)

Attempting social engineering Running a port scanner

Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack?

Zero knowledge team

A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to a wireless network and then uses NMAP to probe various network hosts to see which operating system they are running.
Which process did the administrator use in the penetration test in this scenario?

Active fingerprinting

A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try and determine which operating systems are running on network hosts.
Which process did the administrator use in the penetration test in this scenario?

Passive fingerprinting

Drag each penetration test characteristic on the left to the appropriate penetration test name on the right.

White box test The tester has detailed information about the target system prior to starting the test. Grey Box test The tester has the same about of information that would be available to a typical insider in the organization. Black box test The tester has no prior knowledge of the target system. Single blind test Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed. Double blind test The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed

Match each network enumeration technique on the left with its corresponding description on the fish.

Identifying phone number with modems War dialing Scanning for wireless access points Wardriving Identifying operating system type and version number Banner grabbing Identifying services that can pass through a firewall Firewalking

What is the main difference between vulnerability scanning and penetration testing?

Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter.

Which of the following is included in an operations penetration test? (select three)

1. Looking through discarded papers or media for sensitive information 2.Eavesdropping or obtaining sensitive information from items that are not properly stored 3.Acting as an imposter with the intent to gain access or information

Which phase or step of security assessment is a passive activity

Reconnaissance

What is the primary purpose of penetration testing?

Test the effectiveness of your security perimeter

Which of the following identifies an operating system or network service based upon it response to ICMP messages?

Fingerprinting

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Penetration testing

Which of the following activities are considered passive in regards to the functioning of anintrusion detection system? (Select two.)

Monitoring the audit trails on a server Listening to network traffic

An active IDS system often performs which of the following actions? select two

Update filters to block suspect traffic Perform reverse lookups to identify an intruder

What does an IDS that uses signature recognition use for identifying attacks?

Comparison to a database of know attacks

Which of the following are security devices that perform stageful inspections of packet data, looking for patterns that indicate malicious code? select two

IPS IDS

Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment?

Periodic reviews must be conducted to detect malicious activity or policy violations.

What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?

IDS

You are connected about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when poosible to stop or prevent the attacks.
Which tool should you use?

IPS

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.

Which solution should you implement?

Host based IDS

You are concerned about protecting your network from network-based attacks from the internet. Specifically, you are concerned about zero day attacks (attacks that have not yet been identified or that do not have prescribed protections.)
Which type of device should you use?

Anomaly based IDS

If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?

Disconnect the intruder

You have worked as a network Admin for a company for seven months. One day all picture files on the server become corrupted. You discover that a user downloaded a virus from the internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss adam at that this situation does not occur.

What should you do?

Install a network virus detection software solution.

Which of the following actions should you take to reduce the attack surface of a server?

Disable unused services

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services.
Which tool should you use?

Port scanner

Which of the following intrusion detection and prevention systems use fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data?

honeypot

What does a tarpit specifically do to detect and prevent intrusion into your network?

Answer connection requests in such a way that the attacking computer is stuck for a period of time