Which method could be used to protect against data leakage

Assignment Help Computer Engineering
Reference no: EM131372235

QUESTION 1: Which type of attack is primarily intended to disrupt the availability of critical business functions?

1. Covert channel

2. Eavesdropping

3. Denial-of-Service

4. Man-in-the-middle

QUESTION 2: Classify each attack method in relation to its direct impact on the CIA triad.

Answer options may be used more than once or not at all. Select your answers from the pull-down list.

Options: Confidentiality; Integrity; Availability

DNS poisoning _________________________

DDoS _________________________

Key logger _________________________

Covert channels _________________________

QUESTION 3: A security administrator has configured a small key size to protect the VPN. Which security objective does this affect?

a. Integrity

b. Confidentiality

c. Availability

d. Authentication

QUESTION 4: A laptop has been stolen, and the data has been seen for sale on the dark net. Which process could have protected the confidentiality of the data?

a. BIOS password

b. Hard drive encryption

c. Two-factor authentication

d. Host-based IDS

QUESTION 5: When browsing to a financial website, a user receives an error on the browser that points to the certificate on the Website. The user reviews the certificate and maps it to a known certificate authority. Why did the user need to perform these actions?

a. To monitor communications

b. To validate client authority

c. To ensure connection is available and reliable

d. To establish a trust relationship

QUESTION 6: A team of scientists is working on a secure project. The network administrator needs to configure a network for the team that is not routable from the Internet. A firewall is protecting the scientists' network and using network address translation (NAT) to translate the internal IP addresses to public IP addresses. Which IP address should the network administrator configure on the inside interface of the firewall?

a. 192.169.255.12

b. 9.131.162.1

c. 172.32.255.1

d. 10.14.15.16

QUESTION 7: An ad hoc network design team has just finished a presentation on the latest updates to the organization's network infrastructure. The team ensured that plenty of redundancy has been built in and bottlenecks have been eliminated. Which security objective has the team bolstered through these improvements?

a. Availability

b. Confidentiality

c. Non-repudiation

d. Integrity

QUESTION 8: A company has recently implemented a new email encryption system that uses public key infrastructure (PKI). The company is now requiring all employees to sign and encrypt internal communication. An employee wants to send a digitally signed message to the IT director. What does the IT director use to decode the employee's signature under the new system?

a. The employee's public key

b. The IT director's private key

c. The employee's private key

d. The IT director's password

e. The employee's password

f. The IT director's public key

QUESTION 9: An administrator at a small office is tasked with supporting a new time clock that has been installed on the network. The outsourced company managing the time clock states that the connection protocol it uses with the clock is encrypted, but it needs to allow incoming connections from the Internet. Which action should allow the outsourced company to securely manage the time clock with a minimal amount of configuration effort?

a. Configuring a virtual private network (VPN) between the outsourced company and the small office

b. Creating an access rule on the firewall allowing the clock to connect to the outsourced company

c. Creating a transparent forward proxy to allow the encrypted protocol to traverse the Internet

d. Setting up a port forward on the firewall from the outsourced company to the time clock

QUESTION 10: A small nonprofit company has received several legacy wireless access points (APs) as a donation. The security administrator discovers that the encryption protocol the devices use is not very secure. The encryption key can be discovered by a malicious hacker in only a few minutes. After discussions with the other security professionals, the administrator learns the Aps can implement a key protocol that can change the encryption key every few seconds and provide a per-packet verification at each side of the communication. Which security measure is the key protocol implemented to protect?

a. Availability of the key

b. Confidentiality of the key

c. Accountability of the key

d. Integrity of the key

e. Privacy of the key

QUESTION 11: A recently terminated employee from accounting use several widely available programs in an amateur attempt to exploit a company's database. Which term describes the terminated employee?

a. Black hat hackers

b. Script kiddies

c. Hacktivists

d. White hat hackers

QUESTION 12: An organization has recently undergone a period of growth, both in terms of business operations and personnel. The network infrastructure has kept pace, growing to accommodate the new size and structure. Mapping and auditing of the expanded network needs to be done. One of the first findings is that the router has permissive rights to all unassigned ports. What is this finding an example of?

a. A vulnerability

b. A threat

c. An opportunity

d. A good security practice

QUESTION 13: A company has been the target of multiple social engineering attacks and is implementing a new mandatory security awareness training program to reduce the risk of a future compromise. The security administrator is mainly concerned with the following attack vectors:

- Spoofed emails containing fake password reset links aimed at harvesting employees' password

- Phone calls to the helpdesk by a malicious user pretending to be an employee needing a password reset

- A malicious user tailgating while impersonating a contractor to steal employee's mobile devices

What are the two vulnerabilities that the company needs to address to meet the above requirements?

Choose 2 answers.

a. Weak passwords

b. Disgruntled employees

c. Untrained users

d. Compromised email system

e. Lack of secure access control

QUESTION 14: An email link takes a user to an online store. After clicking the link, the user is redirected to a spoofed online store. Which type of attack is occurring?

a. Cross-site scripting

b. Distributed denial-of-service

c. SQL injection

d. Session hijacking

QUESTION 15: Which device is responsible for performing stateful packet inspection on traffic traversing connected segments?

a. VPN appliance

b. Layer 3 switch

c. Screening router

d. Firewall

QUESTION 16: Which device is Layer 7 aware and provides both filtering of unwanted source IP traffic from accessing a network and policy on which ports may be used?

a. Application firewall

b. Circuit firewall

c. IPSec VPN

d. Packet filter firewall

QUESTION 17: A software circuit firewall is on the network providing protection for a web server. There is a cross-site scripting vulnerability on the web server. How will the software circuit firewall react to an exploit of this vulnerability?

a. It will filter traffic at each layer of the OSI model

b. It will filter based solely on initial session setup

c. It will protect against application vulnerabilities

d. It will be restricted to protecting against low-volume attacks

QUESTION 18: During preproduction testing, a key security control is found to be missing. This oversight inadvertently allows users to view data they are not authorized to access. Upon review of the initial security requirements, it was stated that authentication, authorization, and accounting (AAA) of users was required in the design of the system. What occurred during the systems development life cycle (SDLC) that caused this problem?

a. Penetration testing was not performed during the implementation phase.

b. AAA requirements were not clear in the system security requirements.

c. Identity and access management (IAM) assessments were not conducted to ensure authentication was enforced during the testing phase.

d. No objective security reviews were conducted to ensure security requirements were being met during the development phase.

QUESTION 19: Many of the devices a company uses are stand-alone, third-party appliances. While the appliances are evaluated for security concerns at the time of purchase, many have reached the end of their support and will need to be replaced soon. What should a security administrator do to protect these assets before they are disposed of and replaced?

a. Develop custom, in-house patches

b. Implement security through obscurity

c. Follow a strict compliance methodology

d. Use a defense-in-depth strategy

QUESITON 20: During the initiation phase of the systems development life cycle (SDLC), an administrator is working on a new system that will support remote access to the organization's disaster recovery environment. As part of the effort, the administrator is attempting to calculate the bandwidth required to support systems identified in the business impact analysis. Why is the calculation of this required bandwidth vital to the tenets of security?

a. The organization will not have the desired level of availability without sufficient bandwidth

b. Failure to provide adequate bandwidth will be a violation of the Internet service provider's service level agreement

c. Limited bandwidth will impact the organizations' ability to cut over to a hot site

d. The integrity of critical data will be compromised without sufficient bandwidth

QUESTION 21: A technician is configuring the security features of a new, built-in-house software. After configuring the application, the technician tests the new security controls. At which phase of the systems development life cycle (SDLC) process is this technical operating?

a. Initiation

b. Operation

c. Deployment

d. Implementation

QUESTION 22: In the diagram provided, three network zones containing servers are depicted. As the security architect, only one host intrusion sensor and one network intrusion sensor will be allowed in the design.

496_Figure.png

Where should the sensors be deployed to maximize detection of threats against this organization's extranet implementation?

a. Host-based Intrusion Detection Systems (HIDS) on the DB server and Network Intrusion Prevention System (NIPS) in the LAN

b. HIDS on the web server and NIPS in the DMZ

c. HIDS on the DB server and NIPS in the DMZ

d. HIDS on the app server and NIPS in the LAN

e. HIDS on the laptop and NIPS in the DMZ

QUESTION 23: An information security project manager has been tasked with implementing a new system designed to detect and response to network security threats to user workstations as well as systems in a screened subnet. As part of the configuration, the project team will implement a new network topology. Which network topology should the project team implement?

a. IDS along with sensors in the DMZ and network address translation (NAT)

b. IPS along with sensors in the metropolitan area network (MAN) and multiprotocol label switching (MPLS)

c. Intrusion prevent system (IPS) along with sensors in the demilitarized zone (DMZ) and local area network (LAN)

d. Intrusion detection system (IDS) along with sensors in the LAN and DMZ

e. IPS along with sensors in the wide area network (WAN) and LAN

QUESTION 24: A security administrator receives an intrusion detection system (IDS) alert identifying suspicious traffic on the network between two sites. In order to identify whether the traffic was malicious or not, the administrator enables a packet capture both inside and outside of one site's firewall. While monitoring the internal packet captures, the administrator determines that a rouge IP address is generating a lot of address resolution protocol (ARP) traffic. Further monitoring of the external packet capture reveals that the secure socket layer (SSL) certificate that certain clients were using was changed to a self-signed certificate. What type of attack is occurring based on the on the packet captures?

a. Main-in-middle

b. DNS poisoning

c. Cross-site scripting

d. Roque access point

QUESTION 25: As a fundamental concept of network security, backups are vital to incident recovery. A security administrator has been tasked with reporting on the pros and cons of various backup/recovery technologies and is preparing a list of these technologies.

Match the advantages and disadvantages with each backup/recovery technology to assist the security administrator.

Answer options may be used more than once or not at all. Select your answers from the pull-down list.

Options: Offsite storage; Onsite storage

Prompts (Advantages)

Offers access to data from any Internet connection

Better option when faced with possible major catastrophes affecting connectivity

Provides for quick recoveries while controlling the physical/logical information

Prompts (Disadvantages)

Puts data on someone else's hardware

Requires rented/lease space for storage

Subject to physical threats under the organizations control

Better option when faced with possible major catastrophes affecting connectivity _________________

Puts data on someone else's hardware ____________________

Provides for quick recoveries while controlling the physical/logical information ____________________

Offers access to data from any Internet connection ____________________

Subject to physical threats under the organizations control ____________________

Requires rented/leased space for storage ____________________

QUESTION 26: A company is concerned about employee usernames and passwords being obtained through phishing campaigns. Which emerging technology should the company employ to keep this from happening?

a. Permissioning

b. ITIL

c. Cloud computing

d. Tokens

QUESTION 27: Which method could be used to protect against data leakage?

a. Deep-content inspection

b. Hashing

c. Data caching

d. Steganography

QUESTION 28: A large organization will be heavily dependent on a number of in-house web services that are Internet-facing. Which control should be used by this organization to protect against Internet-based attackers?

a. Application whitelisting

b. Application firewall

c. Data loss prevention solution

d. Hardened security appliance

QUESTION 29: A security administrator has decided that it is important to simplify the management of many of the edge security devices through a single web interface. The administrator decides to purchase a replacement security device that can filter common website attacks, allow users remote access to their network resources, and scan emails for malware. What should the administrator deploy to meet these goals?

a. Web application firewall

b. Hybrid firewall

c. Stateful packet inspection device

d. DLP server

QUESTION 30: Recently, many organizations are embracing Bring Your Own Device (BYOD) as a means to reduce cost. What is the primary reason these organizations must endure malware detection remains a top priority?

a. To protect employee's personal financial transaction and files

b. To protect the organization from attacks introduced by the lack of a perimeter

c. To reduce the number of external network-based attacks of internal corporate resources

d. To gain better visibility over the security posture of competitors

QUESTION 31: A security administrator has recently subscribed to online threat feeds that discuss continual security improvement, better log visibility, and improved risk mitigation techniques. Which explanation should be given as the reasoning for improving continuous detection processes in these discussions?

a. To provide more granular reporting to management

b. The detection process may not have addressed all immediately identified risks

c. New vulnerabilities are identified every day, and such networks need to adapt

d. So that networks are better protected than they were in the past.

QUESTION 32: A company is in the process of separating valid network traffic from malicious traffic. Currently, the company does not want to block valid traffic that would cause an outage to an application. Which device will monitor and classify potential malicious traffic to improve current policies?

a. Load balancer

b. Intrusion Detection System (IDS)

c. VPN

d. Firewall

QUESTION 33: What are two security controls that are applicable to the LAN-to-WAN domain?

Choose 2 answers.

a. Antivirus software

b. Stateful packet inspection

c. Network topology

d. Proxy server

QUESTION 34: A company's chief executive officer (CEO) is traveling overseas for a business meeting and wants to protect emails and video conference calls from a breach in confidentiality. Which strategy should be used to achieve this objective?

a. Ensure that the CEO's operating system uses genuine copies of its programs

b. Define and implement a secure cloud solution

c. Secure a VPN back into the corporate offices

d. Ensure that antivirus and application patches are up-to-date

QUESTION 35: An enterprise environment has multiple stakeholders, each of who has a unique role, responsibility, and level of access. What is a cost-effective method of segmenting the network for this environment?

a. Create Virtual Local Area Networks (VLANs) to segment network traffic.

b. Define and implement secure cloud architecture.

c. Configure a demilitarized zone (DMZ) at the network perimeter.

d. Implement an array of routing topologies to segment.

QUESTION 36: Match each network security strategy with the appropriate IT domain.

Answer options may be used more than once or not at all. Select your answers from the pull-down list.

Options: Remote access domain; User domain; Workstation domain; Local Area Network (LAN) doman

Secured via encrypted tunnels for VPN communication ______________________

Focused on training, strong authentication, granular authorization, and detailed accounting (AAA) ___________________

System hardening, communication protection, and device positioning _________________________

Protocols, addressing, topology, and communication encryption are critical to securing this domain _____________________

Acceptable Use Policy (AUP) signed prior to being granted access to IT resources and infrastructure _____________________

QUESTION 37: Which concept is appropriate for system hardening, given the workstation domain?

Choose 2 answers

a. Synchronize the clock

b. Implement network access control

c. Define a guest account

d. Filter RFC 1918 addresses

e. Enable host firewall

QUESTION 38: A security administrator has discovered the following on a public website:

root: A4D7CF982CB1E5F83CB2FF4DACE8911E

user: A4D7CF982CB1E5F83CB2FF4DACE8911E

The security administrator is asked to mitigate the risks that these types of attacks expose the company to in the future. What is an effective countermeasure that can be executed?

a. Implement tokens.

b. Configure a custom subnet.

c. Set up an egress filter.

d. Create strong firewall Access Control Lists (ACLs).

QUESTION 39: A device on a network is pining over 100 endpoints on the infrastructure. The IP and MAC addresses belong to the network management system. However, the MAC address has been spoofed. The machine is tracked down, and it is an unknown rogue device that somehow got past the network admission control (NAC) device. Which action should be taken from this point forward?

a. Make an image of this device for forensic analysis.

b. Contain and unplug this device from the network.

c. Perform a memory dump.

d. Run an antivirus scan on this device.

QUESTION 40: A network has been subjected to a series of simple yet aggressive attacks for a number of weeks. The company's leadership and security team want to know the type of information the attacker is searching for, and the ways in which the attacker has been successful. What are three methods that should be used to research the attacker's intentions and capabilities?

Choose 3 answers.

a. Honeypot

b. Hairpin

c. Backdoor

d. Honeynet

e. Mantrap

f. Padded cell

QUESTION 41: An alarm has been trigged based on the Intrusion Detection System (IDS) thresholds on a company's main operational network. An immediate analysis of the IDS logs shows an intruder successfully breached the perimeter network defenses and began data exfiltration. Although the network security administrator managed to lock out the intruder and deny access from the source, the company must now go into "incident response" mode. Which three goals should the administrator accomplish as quickly as possible?

Choose 3 answers.

a. Retaliate against the intruder and attack the access point.

b. Restore the environment back to a secured normal state.

c. Retrain the security team for allowing the intruder access.

d. Minimize loss (e.g., financial, reputational, data, intellectual property).

e. Purchase the next generation of firewall implementation to further secure the perimeter.

f. Minimize operational and network downtime.

QUESTION 42: An application server was recently attacked, resulting in compromise of all transactional credit card information via the website. It was revealed that the attacker was able compromise a system administrator's computer via a spear phishing attack. This gave the attacker the ability to compromise the application server. Which network security management practice should be applied to treat these operational weaknesses?

a. Increase physical security for all personnel accessing the servers.

b. Institute a patch policy for the application servers.

c. Install antivirus, malware, Host-Intrusion Prevention System (HIPS), and host firewalls on database servers.

d. Increase training of information technology staff on the dangers of social engineering.

QUESTION 43: An attacker compromises an Internet-facing web server. The attacker then uses the compromised web server to gain unauthorized access to other internal servers. Which control or design consideration prevents exploitation of the internal network?

a. Network address translation

b. Outbound firewall rules

c. Antivirus

d. Demilitarized zones

QUESTION 44: Recently, a company experienced several malware infections. Though the virus scanners have been regularly updated, re-infections happen regularly. An investigation of the infected PCs show that several critical OS files have not been updated in more than a year. Which two strategies should the company deploy in the future to detect and minimize the possibility of this kind of infection?

Choose 2 answers.

a. Full disk encryption

b. Patch management

c. Vulnerability assessments

d. Web application firewall

e. Honeypot

QUESTION 45: Company A has established a business partnership with Company B. Company A and Company B need to securely interconnect their networks, while minimally impacting the end-user experience. How should access to these two networks be granted?

a. Remote Access VPN

b. Host these devices in the cloud

c. Site-to-site VPN

d. Thin client or terminal services

QUESTION 46: A company's chief information officer (CI0) has tasked the network security team with a set of requirements for the next iteration of network security. The CIO wants a solution that will implement the following items:

- Access control

- Connectionless data integrity checking

- Data origin authentication

- Replay detection and rejection

- Confidentiality using encryption

- Traffic flow confidentiality

What provides this set of services?

a. Internet Protocol Security (IPSec)

b. Secure Sockets Layers / Transport Layer Security (SSL/TLS)

c. Point-to-Point Protocol (PPP)

d. Layer 2 Tunneling Protocol (L2TP)

QUESTION 47: A company decides to implement Network Address Translation (NAT) and strict inbound access control after experiencing multiple breaches from external hosts connecting to its publicly available IP addresses. The system administrator verifies the Access Control List (ACL) is configured properly, but firewall log analysis still shows multiple external malicious hosts connected to internal company hosts. What should the security administrator do to reduce the risk of further malicious connections?

a. Implement an outbound ACL.

b. Block Internet Control Message Protocol (ICMP) at the border firewall.

c. Block incoming external port scans.

d. Implement a remote access VPN.

QUESTION 48: A network administrator wants to harden the configuration of the company's VPN. Which two steps must the administrator take to ensure the VPN server is hardened and the VPN tunnel implements strong confidentiality controls?

Choose 2 answers.

a. Implement Data Encryption Standard (DES).

b. Change the server's password.

c. Configure Advanced Encryption Standard (AES).

d. Use Secure Hashing Algorithm 1 (SHA-1).

e. Employ authentication headers.

QUESTION 49: After a new firewall was installed, the security administrator has reported that a large number of fragments and overlapping packets are filling the logs and causing abnormal network behavior. Which two features can be implemented on the firewall to resolve the issue?

Choose 2 answers.

a. 802.1x authentication

b. Deep packet inspection

c. Encrypted payload

d. Intrusion detection system (IDS)

e. Dynamic filtering

QUESTION 50: A security administrator working for a large organization has been asked to implement a remote access solution that would facilitate telecommuting employees. Employees must be able to access the internal network and securely perform work-related functions from home. The solution must allow for a minimum of 20 simultaneous connections at any given time. Which remote access solution is the proper solution?

a. Implement a PKI solution.

b. Separate Local Area Network (LAN) segments via virtual LAN (VLAN).

c. Install a VPN concentrator.

d. Enable remote desktop connection on the internal network.

e. Implement end-to-end data encryption.

QUESTION 51: During an annual security audit, a company discovered that the development team has been committing code to production, which breaches the compliance requirement of separation of duties. Which security measure needs to be implemented?

a. Prioritize log aggregation network traffic.

b. Create an incident response plan.

c. Set up proper storage encryption.

d. Adopt the principle of least privilege.

QUESTION 52: A security network specialist has been asked to configure secure Internet access for a small company made up of 20 computers. The company must provide remote services to its mobile workers. Which solution should be implemented?

a. Endpoint-based firewalls and secure shell (SSH) remote access

b. Small office, home office (SOHO) hardware firewall with secure sockets layer (SSL) port forwarding

c. Bastion firewall acting as the firewall and a VPN

d. Endpoint-based firewalls and secured remote desktop services

QUESTION 53: A company needs an alternative to a VPN solution to provide secure communications between clients and servers within the extended organization. In addition to secure communications, eavesdropping and tampering with data while in transport must be prevented. Finally, endpoint authentication and confidentiality of communications must be provided. Which solution should be implemented based on these requirements?

a. Layer 2 Tunneling Protocol (L2TP)

b. Generic Routing Encapsulation (GRE)

c. Secure Sockets Layer / Transport Layer Security (SSL/TLS)

d. Point-to-Point Tunneling Protocol (PPTP)

QUESTION 54: An organization is looking for a better way to communicate across the Internet. The organization has done an exhaustive study of both present and future requirements, and has determined the need for the following specifications in the new communication infrastructure:

- Increased address space

- More efficient routing functionality

- Reduced management requirements

- Better quality of service

- Enhanced security

What should the organization implement across their enterprise based on these requirements?

a. Internet Protocol Security (IPSec)

b. Network Address Translation

c. Internet Protocol Version 6 (IPv6)

d. User Datagram Protocol (UDP)

QUESTION 55: A VPN solution was compromised with traffic from the Internet was seen on the internal network. This traffic bypassed the company's firewall policies. Specifically, a large amount of command-and-control data was seen by network intrusion detection systems (NIDS) from the VPN user's connection. Which scenario potentially caused this compromised?

a. The VPN authentication, authorization, and accounting (AAA) server did not adequately limit privilege escalation of the VPN user and resulted in malware injection attacks.

b. The VPN user's credentials were compromised, allowing an attacker to route Internet traffic into the VPN.

c. Split tunneling was allowed where a connected VPN client could route traffic to and from the Internet into the VPN connection.

d. A VPN user's laptop was compromised with malware, causing an Internet backdoor to occur even though split tunneling was not allowed.

QUESTION 56: A firewall policy has an Access Control List (ACL), which allows a connection from a university that is not part of the company. Which description depicts what the company is currently doing that directly relates to this ACL?

a. Allowing a remote employee to access a secure webpage on port 443

b. Running a web server on port 80

c. Allowing a local administrator to secure the firewall on port 161

d. Utilizing a remote connection on port 22

QUESTION 57: A network technician needs to securely connect a remote office over the commercial Internet. The technician wants to ensure the local headquarters' virtual local area networks (VLANs) are visible at the remote site, and that the remote site uses the headquarters' Dynamic Host Configuration Protocol (DHCP) server for addressing. Which solution will allow the two offices to implement the requirements?

a. Secure Shell (SSH)

b. Point-to-Point Protocol (PPP)

c. Internet Protocol Security (IPSec) transport mode

d. Layer 2 Tunneling Protocol (L2TP)

QUESTION 58: A network security engineer has been contracted by a small organization to develop a remote connection solution. The organization is extremely concerned with privacy and secure communications. The organization owns the entire network, including all switches, routers, cabling, and hardware infrastructure. Which solution should the network security engineer implement?

a. Hybrid VPN solution

b. Trusted VPN solution

c. Private branch exchange

d. Secure VPN solution

e. Remote Authentication Dial-In User Server (RADIUS) access

QUESTION 59: A firewall has been placed between two networks. Each network implements a VPN concentrator to enable secure communication via a VPN in tunnel mode. What information regarding the VPN will the firewall logs provide?

a. Information about the temporary encapsulation header

b. Information about the packet payload content

c. Information about the internal endpoints' source IP addresses

d. Information about the origin and destination of original headers

QUESTION 60: Use the following configuration of an access control list (ACL) to answer the question below:

PROTO SRC_IP SRC_PORT  DST_IP            DST_PORT  ACTION

TCP               ANY                  ANY                     192.168.4.0/24           >1024            ALLOM                                

Which type of firewall should the company be using?

a. Stateful inspection

b. Circuit proxy

c. Static filtering

d. Application layer

QUESTION 61: During a routine penetration test of an organization's perimeter firewall, an analyst discovers that port 25 is open on the wide area network (WAN) interface of the firewall. What is causing this finding?

a. Local POP access to the firewall was enabled by default

b. Network Address Translation (NAT) is passing Simple Mail Transfer Protocol (SMTP) traffic to an internal email server

c. Remote console access to the firewall was not disabled

d. Port Address Translation (PAT) is passing webmail traffic to an internal web server.

QUESTION 62: A firewall administrator is setting up the necessary rule to allow an email server to send and receive email. Which three elements does the Access Control List (ACL) need?

Choose 3 answers.

a. Email address domain

b. DNS MX records

c. Dynamic Host Configuration Protocol (DHCP) scope

d. Source IP

e. Base protocol

f. Destination port

QUESTION 63: What are remote access, site-to-site, host-to-host, and extranet access examples of?

a. VPN architecture

b. VPN policies

c. VPN devices

d. VPN encryption

QUESTION 64: New requirements state that secure communication a company's remote sites and its corporate headquarters should be encrypted. The administrator decides to encrypt both the packet headers and packet payloads between the sites. What did the administrator deploy to accomplish this?

a. VPN in transport mode

b. VPN in Network Address Translation (NAT) traversal mode

c. VPN in clientless mode

d. VPN in tunnel mode

QUESTION 65: Match each VPN concept with its appropriate characteristic.

Answer options may be used more than once or not at all. Select your answers from the pull-down list.

Options: Encrypts only the payload; Encryption protocol VPNs use; Encrypts the entire payload and the header

Tunnel mode ______________________________

Secure Sockets Layer/Top Level Specification (SSL/TLS) ______________________________

Transport mode ______________________________

QUESTION 66: A security administrator is reviewing the VPN deployment to understand why the VPN connection is not affected when making firewall changes. The security administrator tests the connection, and the web content filter does not work for the VPN connection. Which type of VPN deployment is being used?

a. Internally connected

b. Demilitarized zone (DMZ)-based

c. Bypass

d. Inline-based

Verified Expert

Network security is the task handled by the top professionals as it is sensitive field. This assignment was regarding MCQ which I have answered.

Reference no: EM131372235

Questions Cloud

Determining the strategy and market planning : Analyze the steps involved in building a strategic plan for a health care organization and determine which step is the most difficult to get execute correctly. Explain your rationale.
Consolidate a number of hr functions from different business : One of the actions taken was to consolidate a number of HR functions from different business units into a corporate HR Service Center. This center performs many administrative transactions and has added Internet-based systems to make HR services m..
Design a family of vee engines to be built : Find the best compromise of vee angle to provide a good mix of balance and even firing in all engines.
Activities with zero slack : The parts of a network that represent the origins are, Activities with zero slack.
Which method could be used to protect against data leakage : Which method could be used to protect against data leakage? A company is concerned about employee usernames and passwords being obtained through phishing campaigns. Which emerging technology should the company employ to keep this from happening
Problem that currently exists in our healthcare system : This course project gives you the opportunity to select a problem that currently exists in our healthcare system and analyze its implications on our healthcare system.
Compare and contrast the three models of culture : Compare and contrast the three models of culture. Next, select one of the researched international competitors, and ascertain the model of culture that is most appropriate for the selected international competitor.
Four steps in the lead generation and management process : Describe the four steps in the lead generation and management process. (Hint: Generate leads, Qualifying leads, Lead distribution, Following-up to convert on the leads)(another hint: subject e-marketing)
Design a pair of nakamura balance shafts : Design a pair of Nakamura balance shafts to cancel the shaking force and reduce torque oscillations in the engine shown in Figure 14-18 (p. 662).

Reviews

inf1372235

5/22/2017 5:14:09 AM

Dear Expertsmind, much obliged for your reaction and please might you be able to say thanks to the expert for my sake. I may require her assistance later on as I was awed with her work and she is a magnificent expert. Much appreciated once more.

Write a Review

 

Computer Engineering Questions & Answers

  Identify various arithmetic operations

Create a 400-600 word report to identify various arithmetic operations. Give two examples for addition, subtraction, multiplication and division using integer and floating point arithmetic operations.

  How agile processes adapt to embrace

Explain the difference between change control and version control.

  Explain analog signal conditioning

Analog Signal Conditioning, An LVDT with associated signal conditioning will be used to measure work-piece motion from -20 to +20 cm. The static transfer function is 2.5 mV/mm. The output will be interfaced to a computer via an ADC.

  Is a shift toward dna based identifications a good idea

What are some of the benefits and limitations of using DNA to identify victims of mass causalities. When answering take into account available resources, types of attacks, evidence collection and preservation, etc.

  Implement the interior penalty function method

Write a computer program to implement the interior penalty function method with the DFP method of unconstrained minimization and the cubic interpolation method of one-dimensional search.

  Explain the following statements as logic expressions

Please state the following statements as logic expressions.

  Write an article analyze and assess how to mitigate the risk

Write an Article Paper that have details mobile application vulnerabilities and analyze and assess how to mitigate the risks.

  Short paper on your servers performance

A solid amount of statistics, you should write a short paper on your server's performance. Point out bottlenecks and analyze the data that you've gathered, as well as coming up with a few suggestions on how you may be able to increase performance

  Se using your own knowledgehpw an atm is used develop a set

using your own knowledgehpw an atm is used develop a set of use that could be used to derive the requirements for an

  Design a web page named taxes.html

design a Web page named taxes.html and enter the IncomeTax function into the HEAD (enclosed in SCRIPT tags). In the BODY of the page, prompt the user to enter values representing his or her income and itemized deduction. The page should call the I..

  Which of the following demotes a bullet point from the

1 two information systems that support the entire organization area. enterprise resource planning systems and

  Research the firm and its industry environment

Select a realfirm as the focus of your report. This can be a pure-play internet company, or a traditional firm that is engaged in eBusiness activities.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd