SECURITY+ Module 3

1. Which one of the following ports would block outgoing email?
2. Which of the following protocols use SSH? (Select two.)
3. What two primary security services does the asymmetric key standard defining IPsec provide?
4. Why do vendors provide MD5 values for their software patches?
5. Your developers made certain that any input to a search function they developed would result in commas, quotes, and other certain special characters being stripped out. Which of the following is likely their reasoning?
6. You are a security administrator and learn that a user has been emailing files containing credit card number data from the corporate domain to his personal email account. This data is typically required to go to a third-party business partner. Which of the following solutions could you implement to prevent these emails or attachments from being sent to personal email accounts?
7. Which of the following correctly matches each protocol to its default port?
8.  Which of the following is a white-box testing process for detecting bugs in the early stages of program development?
9. Your company will have a new branch office. You need to seamlessly provide branch office users access to the corporate network resources as if they were at the corporate offices. Which of the following would best enable you to accomplish this goal?
10. You are consulting for an organization that has only ever required outbound Internet access. The organization now needs to deploy a web server for its customers (and it will maintain the web server) but is concerned about inbound access to the organization network. Which one of the following should you recommend?
11. Your company requires a switch feature that makes additional checks in Layer 2 networks to prevent STP issues. Which of the following safeguards should be implemented?
12. You are implementing server load balancing. In which configuration is the passive server promoted to active if the active server fails?
13. Your network IDS is reporting a high number of false positives. What does this mean?
14. A member of your team made changes to the configuration of the wireless network. Existing devices are still able to connect to the network, but you are unable to find the network to connect to when trying to deploy a new laptop. What change did the team member most likely make?
15. Your users are all connected to a wireless access point using WPA2-PSK. Your manager wants you to confirm what cryptographic standard is being used. Which of the following is most likely?
16. As you are deploying wireless authentication protocols, a request comes up to eliminate the need for client certificates. Which of the following requires a client certificate?
17. Your organization is conducting a wireless site survey for proper AP placement. Which of the following provides a visual method for understanding the coverage and signal strength and may help with this process?
18.  You want your users’ valid authentication information to be shared across trusted entities so the users can seamlessly roam across different wireless networks without having to reauthenticate. Which of the following can allow this?
19.  Which of the following enables the use of location services for applications on mobile devices?
20. As more users are using mobile devices for work, you have been tasked with supporting the compliance team by ensuring that policies can be enforced. You also need remote management capabilities of the devices. Which of the following solutions should you consider?
21. Which of the following are deployment strategies for mobile devices? (Select three.)
22. What device security methods can be implemented to protect business content from security risks associated with personal usage? (Select two.)
23. What feature enables users to secure sensitive information on a mobile device’s removable flash memory storage card?
24. A user does not have an identity-based policy and requires access to a storage resource but is denied access. Which of the following do you need to do in order to allow him access?
25. You need to block SSH inbound traffic on a virtual instance. Which of the following would accomplish this goal?
26. Which of the following allows a VPC to be connected with other services without the need for additional technologies such as a VPN connection or an Internet gateway?
27. Your corporate policies require the use of passphrases rather than passwords. Which of the following technical controls could be put in place to best promote the use of passphrases? (Select two.)
28. Your account policies require employees to change their passwords every 30 days. The employees, however, continue to create passwords that are susceptible to dictionary attacks, and they are just alternating between two passwords with each change. Which of the following policies would be the best choices for fixing this? (Select two.)
29. What is the term for disabling, deactivating, or deleting a user identity from the environment based on company policy when the user leaves the company?
30. Every photo taken with a smartphone at an investigation firm includes data on the geographic coordinates where the photograph was taken. What term describes this action?
31. Ramone, a user in your organization, is a member of the accounting group, which has full access permission to a folder named Private Information Assigned. Ramone also belongs to the sales group, which has deny access permission assigned to the same private information folder. What can Ramone do to the private information folder?
32. Which of the following use SAML? (Select two.)
33. Which of the following is a true statement regarding role-based access control?
34. Which of the following statements are correct regarding Shibboleth SSO? (Select two.)
35. What type of access control is often used in government systems, where resources and access are granted based on categorical assignments such as classified, secret, or top secret?
36.  Which of the following is a symmetric key–based authentication protocol that uses a key distribution center?
37. Based on the following permissions for a file, which one of the following statements is not true?
38. Your organization has established a hierarchical PKI and deployed several CAs in the process. Which one of the following steps should your organization be sure to take?
39. What type of key goes into key escrow?
40. Your organization has developed a custom application that requires a check for the validity of digital certificates even when the Internet is not available. Which of the following meets this requirement?
41.  Which of the following types of certificates allows you to digitally sign and encrypt email messages and attachments?
42. You need a fast, secure, and reliable multihomed network perimeter solution that is designed to prevent specific types of network traffic from entering your corporate network. Which solution should you deploy?
43. Due to changes in your network infrastructure, you have been tasked with modifying firewalls to allow and block network traffic. Which aspect of the firewalls
44.  To which of the following does SSL/TLS directly apply? (Choose two.)
45. Currently in your organization, on-premises user app access is limited based on their security clearance and the type of mobile device they are using. You would like to extend this configuration to the cloud. Which security service should be enabled?
46. Which type of cryptographic operation serves as a one-way function resulting in a unique value?
47.  To attract and monitor malicious user activity, you need to deploy a single server with fake data that appears vulnerable. What should you configure?
48. Which term is used to describe network traffic within a data center?
49.  VPN users complain that accessing Internet web sites when connected to the corporate VPN is very slow. Which VPN option should you configure to allow Internet access through the user’s Internet connection when the corporate VPN is active?
50. You need to connect branch office networks securely over the Internet. Which type of VPN should you deploy?