Time limit: 0
Quiz-summary
0 of 24 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
Information
Network Defense (NetDef) Module 1 - 3 Group Test Online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 24 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- Answered
- Review
-
Question 1 of 24
1. Question
1 pointsWhich security management function is concerned with the inventory and control of hardware and software configurations of systems?Correct
Incorrect
Hint
Security risks can be reduced through secure device configuration. Configuration management addresses the inventory and control of hardware and software configurations of systems. -
Question 2 of 24
2. Question
1 pointsWhat device would be used as a second line of defense in a defense-in-depth approach?Correct
Incorrect
Hint
In a defense-in-depth approach, the edge router would form the first line of defense. The firewall would be the second line of defense followed by the internal router making up the third line of defense. -
Question 3 of 24
3. Question
1 pointsWhich security measure is typically found both inside and outside a data center facility?Correct
Incorrect
Hint
Continuous video surveillance is a security measure found both inside and outside a data center facility. A gate provides outside perimeter security. Security traps, biometrics access, and exit sensors provide inside perimeter security. -
Question 4 of 24
4. Question
1 pointsWhat is a characteristic of the security artichoke, defense-in-depth approach?Correct
Incorrect
Hint
In the security artichoke, defense-in-depth approach not every layer needs to be penetrated by the threat actor in order to get to the data or systems. Each layer provides a layer of protection while simultaneously providing a path to attack. -
Question 5 of 24
5. Question
1 pointsWhich two options are security best practices that help mitigate BYOD risks? (Choose two.)Correct
Incorrect
Hint
Many companies now support employees and visitors attaching and using wireless devices that connect to and use the corporate wireless network. This practice is known as a bring-your-own-device policy or BYOD. Commonly, BYOD security practices are included in the security policy. Some best practices that mitigate BYOD risks include the following: Use unique passwords for each device and account. Turn off Wi-Fi and Bluetooth connectivity when not being used. Only connect to trusted networks. Keep the device OS and other software updated. Backup any data stored on the device. Subscribe to a device locator service with a remote wipe feature. Provide antivirus software for approved BYODs. Use Mobile Device Management (MDM) software that allows IT teams to track the device and implement security settings and software controls. -
Question 6 of 24
6. Question
1 pointsWhich type of business policy establishes the rules of conduct and the responsibilities of employees and employers?Correct
Incorrect
Hint
Business policies set a baseline of acceptable use. Company policies establish the rules and conduct and the responsibilities of both employees andthe employer. Company policies protect the rights of the workers as well as the business interests of the company. -
Question 7 of 24
7. Question
1 pointsMatch the term to the description.Correct
Incorrect
Hint
Place the options in the following order:assets information or equipment valuable enough to an organization to warrant protection threats potential dangers to a protected asset vulnerabilities weaknesses in a system or design -
Question 8 of 24
8. Question
1 pointsWhich network monitoring tool is in the category of network protocol analyzers?Correct
Incorrect
Hint
Wireshark is a network protocol analyzer used to capture network traffic. The traffic captured by Wireshark is saved in PCAP files and includes interface information and timestamps. -
Question 9 of 24
9. Question
1 pointsWhat is a strength of using a hashing function?Correct
Incorrect
Hint
Understanding the properties of a hash function shows its applicability such as one-way function, arbitrary input length, and fixed output. -
Question 10 of 24
10. Question
1 pointsA user has created a new program and wants to distribute it to everyone in the company. The user wants to ensure that when the program is downloaded that the program is not changed while in transit. What can the user do to ensure that the program is not changed when downloaded?Correct
Incorrect
Hint
Hashing is a method to ensure integrity and ensures that the data is not changed. -
Question 11 of 24
11. Question
1 pointsWhat is a purpose of implementing VLANs on a network?Correct
Incorrect
Hint
VLANs are used on a network to separate user traffic based on factors such as function, project team, or application, without regard for the physical location of the user or device. -
Question 12 of 24
12. Question
1 pointsA user is purchasing a new server for the company data center. The user wants disk striping with parity on three disks. Which RAID level should the user implement?Correct
Incorrect
Hint
RAID 5 striping with parity would be the best choice. -
Question 13 of 24
13. Question
1 pointsA company is developing an internet store website. Which protocol should be used to transfer credit card information from customers to the company web server?Correct
Incorrect
Hint
Hypertext Transfer Protocol (HTTP) provides web connectivity and website services. HTTP does not use encryption when transmitting content, leaving the data in transit vulnerable to monitoring and attack. HTTPS uses SSL/TLS to encrypt communication between the client and the server, thus providing confidentiality and preventing eavesdropping and tampering. -
Question 14 of 24
14. Question
1 pointsWhy is asset management a critical function of a growing organization against security threats?Correct
Incorrect
Hint
Asset management is a critical component of a growing organization from a security aspect. Asset management consists of inventorying all assets, and then developing and implementing policies and procedures to protect them. As an organization grows, so does the attack surface in terms of security threats. Each of these assets can attract different threat actors who have different skill levels and motivations. Asset management can help mitigate these threats by inventorying the risks as the attack surface grows. -
Question 15 of 24
15. Question
1 pointsWhat is an example of the implementation of physical security?Correct
Incorrect
Hint
Encrypting data, keeping software up to date, and the use of personal firewalls are all security precautions, but will not restrict physical access to secure areas by only authorized people. -
Question 16 of 24
16. Question
1 pointsA large retail company uses EAP-based authentication in conjunction with 802.1X. When the client first initiates communication on the wireless network, which type of authentication method is used by the client to associate with the AP?Correct
Incorrect
Hint
When 802.1X is used in conjunction with EAP for authentication, a wireless device first uses Open Authentication to associate with the AP. Then, the wireless controller becomes the middleman in the authentication process between the end device and the authentication server. The wireless client cannot pass data onto the wireless network until successful authentication with the authentication server has occurred. -
Question 17 of 24
17. Question
1 pointsWhat are three examples of administrative access controls? (Choose three.)Correct
Incorrect
Hint
Administrative access controls are defined by organizations to implement and enforce all aspects of controlling unauthorized access and include the following: Policies Procedures Hiring practices Background checks Data classification Security training Reviews -
Question 18 of 24
18. Question
1 pointsWhich access control model applies the strictest access control and is often used in military and mission critical applications?Correct
Incorrect
Hint
Military and mission critical applications typically use mandatory access control which applies the strictest access control to protect network resources. -
Question 19 of 24
19. Question
1 pointsWhat is the purpose of the network security authentication function?Correct
Incorrect
Hint
Authentication, authorization, and accounting are network services collectively known as AAA. Authentication requires users to prove who they are. Authorization determines which resources the user can access. Accounting keeps track of the actions of the user. -
Question 20 of 24
20. Question
1 pointsA network administrator is configuring an AAA server to manage RADIUS authentication. Which two features are included in RADIUS authentication? (Choose two.)Correct
Incorrect
Hint
RADIUS authentication supports the following features: RADIUS authentication and authorization as one process Encrypts only the password Utilizes UDP Supports remote-access technologies, 802.1X, and Session Initiation Protocol (SIP) -
Question 21 of 24
21. Question
1 pointsPasswords, passphrases, and PINs are examples of which security term?Correct
Incorrect
Hint
Authentication methods are used to strengthen access control systems. It is important to understand the available authentication methods. -
Question 22 of 24
22. Question
1 pointsAn intern has started working in the support group. One duty is to set local policy for passwords on the workstations. What tool would be best to use?Correct
Incorrect
Hint
Local policies are not group policies and only work on the local machine. Local policies can, however, be overridden if the machine is part of a Windows domain. -
Question 23 of 24
23. Question
1 pointsWhat is privilege escalation?Correct
Incorrect
Hint
With privilege escalation, vulnerabilities are exploited to grant higher levels of privilege. After the privilege is granted, the threat actor can access sensitive information or take control of the system. -
Question 24 of 24
24. Question
1 pointsWhich access control model allows users to control access to data as an owner of that data?Correct
Incorrect
Hint
In the discretionary access control (DAC) model, users can control access to data as owners of the data.