Module Group Exam 1 – Network Defense (NetDef) Module 1 – 3 Group Exam Answers
1. Which security management function is concerned with the inventory and control of hardware and software configurations of systems?
- configuration management
- vulnerability management
- risk management
- asset management
2. What device would be used as a second line of defense in a defense-in-depth approach?
- edge router
- internal router
3. Which security measure is typically found both inside and outside a data center facility?
- biometrics access
- continuous video surveillance
- a gate
- exit sensors
- security traps
4. What is a characteristic of the security artichoke, defense-in-depth approach?
- Threat actors can easily compromise all layers safeguarding the data or systems.
- Each layer has to be penetrated before the threat actor can reach the target data or system.
- Threat actors no longer have to peel away each layer before reaching the target data or system.
- Threat actors can no longer penetrate any layers safeguarding the data or system.
5. Which two options are security best practices that help mitigate BYOD risks? (Choose two.)
- Only turn on Wi-Fi when using the wireless network.
- Only allow devices that have been approved by the corporate IT team.
- Use paint that reflects wireless signals and glass that prevents the signals from going outside the building.
- Keep the device OS and software updated.
- Decrease the wireless antenna gain level.
- Use wireless MAC address filtering.
6. Which type of business policy establishes the rules of conduct and the responsibilities of employees and employers?
7. Match the term to the description.
8. Which network monitoring tool is in the category of network protocol analyzers?
9. What is a strength of using a hashing function?
- It is a one-way function and not reversible.
- Two different files can be created that have the same output.
- It is not commonly used in security.
- It can take only a fixed length message.
- It has a variable length output.
10. A user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded?
- Encrypt the program and require a password after it is downloaded.
- Create a hash of the program file that can be used to verify the integrity of the file after it is downloaded.
- Turn off antivirus on all the computers.
- Install the program on individual computers.
- Distribute the program on a thumb drive.
11. What is a purpose of implementing VLANs on a network?
- They eliminate network collisions.
- They prevent Layer 2 loops.
- They can separate user traffic.
- They allow switches to forward Layer 3 packets without a router.
12. A user is purchasing a new server for the company data center. The user wants disk striping with parity on three disks. Which RAID level should the user implement?
13. A company is developing an internet store website. Which protocol should be used to transfer credit card information from customers to the company web server?
14. Why is asset management a critical function of a growing organization against security threats?
- It serves to preserve an audit trail of all new purchases.
- It allows for a build of a comprehensive AUP.
- It identifies the ever increasing attack surface to threats.
- It prevents theft of older assets that are decommissioned.
15. What is an example of the implementation of physical security?
- ensuring that all operating system and antivirus software is up to date
- encrypting all sensitive data that is stored on the servers
- requiring employees to use a card key when entering a secure area
- establishing personal firewalls on each computer
16. A large retail company uses EAP-based authentication in conjunction with 802.1X. When the client first initiates communication on the wireless network, which type of authentication method is used by the client to associate with the AP?
- Open Authentication
17. What are three examples of administrative access controls? (Choose three.)
- hiring practices
- background checks
- guard dogs
- policies and procedures
- intrusion detection system (IDS)
18. Which access control model applies the strictest access control and is often used in military and mission critical applications?
19. What is the purpose of the network security authentication function?
- to keep track of the actions of a user
- to require users to prove who they are
- to determine which resources a user can access
- to provide challenge and response questions
20. A network administrator is configuring an AAA server to manage RADIUS authentication. Which two features are included in RADIUS authentication? (Choose two.)
- single process for authentication and authorization
- encryption for only the data
- encryption for all communication
- separate processes for authentication and authorization
- hidden passwords during transmission
21. Passwords, passphrases, and PINs are examples of which security term?
22. An intern has started working in the support group. One duty is to set local policy for passwords on the workstations. What tool would be best to use?
- password policy
- system administration
- account policy
23. What is privilege escalation?
- Everyone is given full rights by default to everything and rights are taken away only when someone abuses privileges.
- A security problem occurs when high ranking corporate officials demand rights to systems or files that they should not have.
- Someone is given rights because she or he has received a promotion.
- Vulnerabilities in systems are exploited to grant higher levels of privilege than someone or some process should have.
24. Which access control model allows users to control access to data as an owner of that data?
- nondiscretionary access control
- mandatory access control
- attribute-based access control
- discretionary access control