CASP ? 181-210 Network Diagrams

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Bcorazza
B
Bcorazza
Community Contributor
Quizzes Created: 14 | Total Attempts: 4,828
Questions: 30 | Attempts: 436

SettingsSettingsSettings
CASP ? 181-210 Network Diagrams - Quiz

CASP? 181-210 Network Diagrams


Questions and Answers
  • 1. 

    Which of the following are security components provided by an application security library orframework? (Select THREE).

    • A.

      Directory services

    • B.

      Encryption and decryption

    • C.

      Authorization database

    • D.

      Fault injection

    • E.

      Input validation

    • F.

      Secure logging

    Correct Answer(s)
    B. Encryption and decryption
    E. Input validation
    F. Secure logging
    Explanation
    An application security library or framework typically provides several security components to enhance the security of an application. Input validation is one such component that helps validate and sanitize user input to prevent common security vulnerabilities like SQL injection or cross-site scripting. Secure logging is another important component that ensures sensitive information is logged securely, protecting it from unauthorized access. Encryption and decryption are also crucial components that help protect sensitive data by converting it into an unreadable format and then back to its original form when needed, ensuring confidentiality and integrity.

    Rate this question:

  • 2. 

    Which of the following potential vulnerabilities exists in the following code snippet?var myEmail = document.getElementById(“formInputEmail”).value;if (xmlhttp.readyState==4 && xmlhttp.status==200){Document.getElementById(“profileBox”).innerHTML = “Emails will be sent to “ + myEmail +xmlhttp.responseText;}

    • A.

      Javascript buffer overflow

    • B.

      AJAX XHR weaknesses

    • C.

      DOM-based XSS

    • D.

      JSON weaknesses

    Correct Answer
    C. DOM-based XSS
    Explanation
    The potential vulnerability that exists in the given code snippet is DOM-based XSS (Cross-Site Scripting). This vulnerability occurs when untrusted data is included in the DOM (Document Object Model) without proper sanitization or validation. In this code, the value of the "myEmail" variable is directly concatenated with the responseText from the XMLHttpRequest, which could potentially allow an attacker to inject malicious scripts into the DOM and execute them in the user's browser. This can lead to unauthorized access, data theft, or other malicious activities.

    Rate this question:

  • 3. 

    The Chief Information Security Officer (CISO) has just returned from attending a securityconference and now wants to implement a Security Operations Center (SOC) to improve andcoordinate the detection of unauthorized access to the enterprise. The CISO’s biggest concern isthe increased number of attacks that the current infrastructure cannot detect. Which of thefollowing is MOST likely to be used in a SOC to address the CISO’s concerns?

    • A.

      DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC

    • B.

      Forensics, White box testing, Log correlation, HIDS, and SSO

    • C.

      Vulnerability assessments, NIDP, HIDS, SCAP, Analytics and SIEM

    • D.

      EGRC, WIPS, Federated ID, Network enumerator, NIPS and Port Scanners

    Correct Answer
    A. DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC
    Explanation
    The Chief Information Security Officer (CISO) wants to implement a Security Operations Center (SOC) to improve and coordinate the detection of unauthorized access to the enterprise. The CISO's biggest concern is the increased number of attacks that the current infrastructure cannot detect. To address these concerns, the SOC would likely use a combination of tools and technologies such as Data Loss Prevention (DLP), Analytics, Security Information and Event Management (SIEM), Forensics, Network Intrusion Prevention Systems (NIPS), Host Intrusion Prevention Systems (HIPS), Wireless Intrusion Prevention Systems (WIPS), and Enterprise Governance, Risk, and Compliance (eGRC) solutions. These tools and technologies would help enhance the organization's ability to detect and respond to security incidents.

    Rate this question:

  • 4. 

    The IT Manager has mandated that an extensible markup language be implemented which can beused to exchange provisioning requests and responses for account creation. Which of thefollowing is BEST able to achieve this?

    • A.

      XACML

    • B.

      SAML

    • C.

      SOAP

    • D.

      SPML

    Correct Answer
    D. SPML
    Explanation
    SPML (Service Provisioning Markup Language) is the best option to achieve the implementation of an extensible markup language for exchanging provisioning requests and responses for account creation. SPML is specifically designed for managing the provisioning and deprovisioning of services in a distributed network environment. It provides a standardized way to communicate provisioning requests and responses between different systems and applications. XACML (eXtensible Access Control Markup Language) is used for access control policies, SAML (Security Assertion Markup Language) is used for exchanging authentication and authorization data, and SOAP (Simple Object Access Protocol) is a protocol for exchanging structured information in web services. None of these options are specifically designed for provisioning requests and responses like SPML.

    Rate this question:

  • 5. 

    A company is planning to deploy an in-house Security Operations Center (SOC).One of the new requirements is to deploy a NIPS solution into the Internet facing environment.The SOC highlighted the following requirements:Perform fingerprinting on unfiltered inbound traffic to the companyMonitor all inbound and outbound traffic to the DMZ'sIn which of the following places should the NIPS be placed in the network?

    • A.

      In front of the Internet firewall and in front of the DMZs

    • B.

      In front of the Internet firewall and in front of the internal firewall

    • C.

      In front of the Internet firewall and behind the internal firewall

    • D.

      Behind the Internet firewall and in front of the DMZs

    Correct Answer
    A. In front of the Internet firewall and in front of the DMZs
    Explanation
    The NIPS should be placed in front of the Internet firewall and in front of the DMZs because it needs to perform fingerprinting on unfiltered inbound traffic to the company and monitor all inbound and outbound traffic to the DMZs. Placing the NIPS in this location allows it to inspect and analyze the traffic before it reaches the DMZs, providing an additional layer of security and protection for the company's network.

    Rate this question:

  • 6. 

    A company recently experienced a malware outbreak. It was caused by a vendor using anapproved non-company device on the company’s corporate network that impacted manufacturinglines, causing a week of downtime to recover from the attack. Which of the following reduces thisthreat and minimizes potential impact on the manufacturing lines?

    • A.

      Disable remote access capabilities on manufacturing SCADA systems.

    • B.

      Require a NIPS for all communications to and from manufacturing SCADA systems.

    • C.

      Add anti-virus and client firewall capabilities to the manufacturing SCADA systems.

    • D.

      Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.

    Correct Answer
    D. Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.
    Explanation
    Deploying an ACL (Access Control List) that restricts access from the corporate network to the manufacturing SCADA (Supervisory Control and Data Acquisition) systems would reduce the threat and minimize potential impact on the manufacturing lines. By implementing this measure, unauthorized devices or vendors using non-company devices would be prevented from accessing the SCADA systems, reducing the risk of malware outbreaks and potential downtime. This would ensure that only authorized and approved devices have access to the manufacturing systems, enhancing security and protecting against future attacks.

    Rate this question:

  • 7. 

    Capital Reconnaissance, LLC is building a brand new research and testing location, and thephysical security manager wants to deploy IP-based access control and video surveillance. Thesetwo systems are essential for keeping the building open for operations. Which of the followingcontrols should the security administrator recommend to determine new threats against the newIP-based access control and video surveillance systems?

    • A.

      Develop a network traffic baseline for each of the physical security systems.

    • B.

      Air gap the physical security networks from the administrative and operational networks.

    • C.

      Require separate non-VLANed networks and NIPS for each physical security system network.

    • D.

      Have the Network Operations Center (NOC) review logs and create a CERT to respond to breaches.

    Correct Answer
    A. Develop a network traffic baseline for each of the pHysical security systems.
    Explanation
    To determine new threats against the new IP-based access control and video surveillance systems, the security administrator should recommend developing a network traffic baseline for each of the physical security systems. This involves monitoring and analyzing the normal network traffic patterns and behaviors of the access control and video surveillance systems. By establishing a baseline, any deviations or anomalies in network traffic can be identified, indicating potential threats or attacks against the systems. This proactive approach allows for early detection and response to any security breaches or vulnerabilities.

    Rate this question:

  • 8. 

    A company has recently implemented a video conference solution that uses the H.323 protocol.The security engineer is asked to make recommendations on how to secure video conferences toprotect confidentiality. Which of the following should the security engineer recommend?

    • A.

      Implement H.235 extensions with DES to secure the audio and video transport.

    • B.

      Recommend moving to SIP and RTP as those protocols are inherently secure.

    • C.

      Recommend implementing G.711 for the audio channel and H.264 for the video.

    • D.

      Encapsulate the audio channel in the G.711 codec rather than the unsecured Speex.

    Correct Answer
    A. Implement H.235 extensions with DES to secure the audio and video transport.
    Explanation
    The security engineer should recommend implementing H.235 extensions with DES to secure the audio and video transport. H.235 is a security protocol that provides encryption and authentication for H.323 video conferences. DES (Data Encryption Standard) is a symmetric encryption algorithm that can be used to encrypt the audio and video data, ensuring confidentiality. By implementing H.235 extensions with DES, the company can protect the confidentiality of their video conferences and prevent unauthorized access to the audio and video data.

    Rate this question:

  • 9. 

    A healthcare company recently purchased the building next door located on the same campus.The building previously did not have any IT infrastructure. The building manager has selected fourpotential locations to place IT equipment consisting of a half height open server rack with fiveswitches, a router, a firewall, and two servers. Given the descriptions below, where would thesecurity engineer MOST likely recommend placing the rack?The Boiler Room: The rack can be placed 5 feet (1.5 meters) up on the wall, between the secondand third boiler. The room is locked and only maintenance has access to it.The Reception AreA. The reception area is an open area right as customers enter. There is acloset 5 feet by 5 feet (1.5 meters by 1.5 meters) that the rack will be placed in with floor mounts.There is a 3 digit PIN lock that the receptionist sets.The Rehabilitation AreA. The rack needs to be out of the way from patients using the whirlpoolbath, so it will be wall mounted 8 feet (2.4 meters) up as the area has high ceilings. The rehabarea is staffed full time and admittance is by key card only.The Finance AreA. There is an unused office in the corner of the area that can be used for theserver rack. The rack will be floor mounted. The finance area is locked and alarmed at night.

    • A.

      The Rehabilitation Area

    • B.

      The Reception Area

    • C.

      The Boiler Room

    • D.

      The Finance Area

    Correct Answer
    D. The Finance Area
    Explanation
    The security engineer would most likely recommend placing the rack in the Finance Area. This area is locked and alarmed at night, providing an extra layer of security. Additionally, the rack will be floor mounted, which can provide stability and easier access for maintenance. The unused office in the corner of the Finance Area can be utilized for the server rack, ensuring that it is out of the way and not interfering with daily operations.

    Rate this question:

  • 10. 

    A network security engineer would like to allow authorized groups to access network devices witha shell restricted to only show information while still authenticating the administrator's group to anunrestricted shell. Which of the following can be configured to authenticate and enforce these shellrestrictions? (Select TWO).

    • A.

      Single Sign On

    • B.

      Active Directory

    • C.

      Kerberos

    • D.

      NIS+

    • E.

      RADIUS

    • F.

      TACACS+

    Correct Answer(s)
    E. RADIUS
    F. TACACS+
    Explanation
    RADIUS and TACACS+ can be configured to authenticate and enforce shell restrictions. RADIUS (Remote Authentication Dial-In User Service) is a protocol that provides centralized authentication, authorization, and accounting for remote access to network resources. It can be configured to enforce restrictions on the shell access based on user groups. TACACS+ (Terminal Access Controller Access Control System Plus) is a similar protocol that provides authentication, authorization, and accounting services. It can also be configured to enforce shell restrictions based on user groups. Both protocols allow network security engineers to control access to network devices and restrict the shell functionalities for different user groups.

    Rate this question:

  • 11. 

    An administrator is unable to connect to a server via VNC. Upon investigating the host firewallconfiguration, the administrator sees the following lines:A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j DENYA INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j DENYA INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPTA INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j DENYA INPUT -m state --state NEW -m tcp -p tcp --sport 3389 -j ACCEPTWhich of the following should occur to allow VNC access to the server?

    • A.

      DENY needs to be changed to ACCEPT on one line.

    • B.

      A line needs to be added.

    • C.

      A line needs to be removed.

    • D.

      Fix the typo in one line.

    Correct Answer
    B. A line needs to be added.
    Explanation
    Based on the given information, the administrator is unable to connect to the server via VNC. The firewall configuration shows that all incoming connections on ports 3389, 22, and 80 are being denied, while incoming connections on port 10000 are being allowed. However, there is no rule specifically allowing incoming connections on the VNC port (typically port 5900). Therefore, to allow VNC access to the server, a line needs to be added to the firewall configuration to accept incoming connections on the VNC port.

    Rate this question:

  • 12. 

    Company A is trying to implement controls to reduce costs and time spent on litigation. Toaccomplish this, Company A has established several goals:Prevent data breaches from lost/stolen assetsReduce time to fulfill e-discovery requestsPrevent PII from leaving the networkLessen the network perimeter attack surfaceReduce internal fraudWhich of the following solutions accomplishes the MOST of these goals?

    • A.

      Implement separation of duties; enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy.

    • B.

      Eliminate VPN access from remote devices. Restrict junior administrators to read-only shell access on network devices. Install virus scanning and SPAM filtering. Harden all servers with trusted OS extensions.

    • C.

      Create a change control process with stakeholder review board, implement separation of duties and mandatory vacation, create regular SAN snapshots, enable GPS tracking on all cell phones and laptops, and fully encrypt all email in transport.

    • D.

      Implement outgoing mail sanitation and incoming SPAM filtering. Allow VPN for mobile devices; cross train managers in multiple disciplines, ensure all corporate USB drives are provided by Company A and de-duplicate all server storage.

    Correct Answer
    A. Implement separation of duties; enable full encryption on USB devices and cell pHones, allow cell pHones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy.
    Explanation
    The solution that accomplishes the most of the given goals is to implement separation of duties, enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, and enforce a 90-day data retention policy. This solution addresses multiple goals such as preventing data breaches from lost/stolen assets through encryption, reducing time to fulfill e-discovery requests by allowing remote access to e-mail and network VPN, preventing PII from leaving the network through encryption, and reducing internal fraud through separation of duties. The 90-day data retention policy also helps in meeting compliance requirements.

    Rate this question:

  • 13. 

    A security architect is seeking to outsource company server resources to a commercial cloudservice provider. The provider under consideration has a reputation for poorly controlling physicalaccess to datacenters and has been the victim of multiple social engineering attacks. The serviceprovider regularly assigns VMs from multiple clients to the same physical resources. Whenconducting the final risk assessment which of the following should the security architect take intoconsideration?

    • A.

      The ability to implement user training programs for the purpose of educating internal staff about the dangers of social engineering.

    • B.

      The cost of resources required to relocate services in the event of resource exhaustion on a particular VM.

    • C.

      The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.

    • D.

      Annual loss expectancy resulting from social engineering attacks against the cloud service provider affecting corporate network infrastructure.

    Correct Answer
    C. The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.
    Explanation
    The security architect should take into consideration the likelihood that a malicious user will obtain proprietary information by gaining local access to the hypervisor platform. This is because the commercial cloud service provider has a reputation for poorly controlling physical access to datacenters and has been the victim of multiple social engineering attacks. Therefore, there is a higher risk of unauthorized access to the hypervisor platform, which could result in the theft of proprietary information.

    Rate this question:

  • 14. 

    The root cause analysis of a recent security incident reveals that an attacker accessed a printerfrom the Internet. The attacker then accessed the print server, using the printer as a launch padfor a shell exploit. The print server logs show that the attacker was able to exploit multipleaccounts, ultimately launching a successful DoS attack on the domain controller. Defendingagainst which of the following attacks should form the basis of the incident mitigation plan?

    • A.

      DDoS

    • B.

      SYN flood

    • C.

      Buffer overflow

    • D.

      Privilege escalation

    Correct Answer
    D. Privilege escalation
    Explanation
    The incident analysis reveals that the attacker was able to exploit multiple accounts and launch a successful DoS attack on the domain controller. This indicates that the attacker was able to elevate their privileges within the system, which is known as privilege escalation. Therefore, defending against privilege escalation should form the basis of the incident mitigation plan to prevent similar attacks in the future.

    Rate this question:

  • 15. 

    An existing enterprise architecture included an enclave where sensitive research and developmentwork was conducted. This network enclave also served as a storage location for proprietarycorporate data and records. The initial security architect chose to protect the enclave by restrictingaccess to a single physical port on a firewall. All downstream network devices were isolated fromthe rest of the network and communicated solely through the single 100mbps firewall port. Overtime, researchers connected devices on the protected enclave directly to external resources andcorporate data stores. Mobile and wireless devices were also added to the enclave to support highspeed data research. Which of the following BEST describes the process which weakened thesecurity posture of the enclave?

    • A.

      Emerging business requirements led to the de-perimiterization of the network.

    • B.

      Emerging security threats rendered the existing architecture obsolete.

    • C.

      The single firewall port was oversaturated with network packets.

    • D.

      The shrinking of an overall attack surface due to the additional access.

    Correct Answer
    A. Emerging business requirements led to the de-perimiterization of the network.
    Explanation
    The correct answer is "Emerging business requirements led to the de-perimeterization of the network." This means that as the business needs evolved, the network architecture shifted away from a perimeter-based security model where all devices were isolated behind a single firewall port. Instead, devices on the protected enclave started connecting directly to external resources and corporate data stores, and mobile and wireless devices were added. This weakened the security posture of the enclave as it allowed for more direct access to sensitive data and increased the potential attack surface.

    Rate this question:

  • 16. 

    At one time, security architecture best practices led to networks with a limited number (1-3) ofnetwork access points. This restriction allowed for the concentration of security resources andresulted in a well defined attack surface. The introduction of wireless networks, highly portablenetwork devices, and cloud service providers has rendered the network boundary and attacksurface increasingly porous. This evolution of the security architecture has led to which of the following?

    • A.

      Increased security capabilities, the same amount of security risks and a higher TCO but a smaller corporate data center on average.

    • B.

      Increased business capabilities and increased security risks with a lower TCO and smaller physical footprint on the corporate network.

    • C.

      Increased business capabilities and increased security risks with a higher TCO and a larger physical footprint.

    • D.

      Decreased business capabilities and increased security risks with a lower TCO and increased logical footprint due to virtualization.

    Correct Answer
    C. Increased business capabilities and increased security risks with a higher TCO and a larger pHysical footprint.
    Explanation
    The introduction of wireless networks, portable network devices, and cloud service providers has made the network boundary more porous, resulting in increased business capabilities. However, this evolution of security architecture has also led to increased security risks, as the attack surface has become larger. Additionally, maintaining and securing these new technologies and resources can lead to a higher total cost of ownership (TCO). Lastly, the physical footprint of the corporate network may also increase due to the addition of these new technologies.

    Rate this question:

  • 17. 

    An administrator notices the following file in the Linux server’s /tmp directory.-rwsr-xr-x. 4 root root 234223 Jun 6 22:52 bash*Which of the following should be done to prevent further attacks of this nature?

    • A.

      Never mount the /tmp directory over NFS

    • B.

      Stop the rpcidmapd service from running

    • C.

      Mount all tmp directories nosuid, noexec

    • D.

      Restrict access to the /tmp directory

    Correct Answer
    C. Mount all tmp directories nosuid, noexec
  • 18. 

    Company ABC has entered into a marketing agreement with Company XYZ, whereby ABC willshare some of its customer information with XYZ. However, XYZ can only contact ABC customerswho explicitly agreed to being contacted by third parties. Which of the following documents wouldcontain the details of this marketing agreement?

    • A.

      BPA

    • B.

      ISA

    • C.

      NDA

    • D.

      SLA

    Correct Answer
    A. BPA
    Explanation
    A Business Partner Agreement (BPA) would contain the details of the marketing agreement between Company ABC and Company XYZ. This agreement would outline the terms and conditions of sharing customer information and the explicit consent required for XYZ to contact ABC customers.

    Rate this question:

  • 19. 

    Company ABC has a 100Mbps fiber connection from headquarters to a remote office 200km (123miles) away. This connection is provided by the local cable television company. ABC would like toextend a secure VLAN to the remote office, but the cable company says this is impossible sincethey already use VLANs on their internal network. Which of the following protocols should thecable company be using to allow their customers to establish VLANs to other sites?

    • A.

      IS-IS

    • B.

      EIGRP

    • C.

      MPLS

    • D.

      802.1q

    Correct Answer
    C. MPLS
    Explanation
    The cable company should be using MPLS (Multiprotocol Label Switching) to allow their customers to establish VLANs to other sites. MPLS is a protocol that enables the creation of virtual private networks (VPNs) over a shared network infrastructure. It allows for the creation of secure and isolated VLANs, which would meet the requirements of ABC to extend a secure VLAN to the remote office.

    Rate this question:

  • 20. 

    An ecommerce application on a Linux server does not properly track the number of incomingconnections to the server and may leave the server vulnerable to which of following?

    • A.

      Buffer Overflow Attack

    • B.

      Storage Consumption Attack

    • C.

      Denial of Service Attack

    • D.

      Race Condition

    Correct Answer
    C. Denial of Service Attack
    Explanation
    A denial of service (DoS) attack is a type of cyber attack where the attacker overwhelms a server or network with a flood of illegitimate requests, causing it to become unavailable to legitimate users. In this scenario, the ecommerce application's failure to track incoming connections properly means that it cannot effectively manage the number of requests it receives. This vulnerability can be exploited by an attacker to flood the server with a large number of requests, ultimately leading to a denial of service for legitimate users.

    Rate this question:

  • 21. 

    Company A has a remote work force that often includes independent contractors and out of statefull time employees. Company A's security engineer has been asked to implement a solution allowing these users to collaborate on projects with the following goals:-All communications between parties need to be encrypted in transportUsers must all have the same application sets at the same versionAll data must remain at Company A's siteAll users must not access the system between 12:00 and 1:00 as that is the maintenancewindowEasy to maintain, patch and change application environmentWhich of the following solutions should the security engineer recommend to meet the MOSTgoals?

    • A.

      Create an SSL reverse proxy to a collaboration workspace. Use remote installation service to maintain application version. Have users use full desktop encryption. Schedule server downtime from 12:00 to 1:00 PM.

    • B.

      Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.

    • C.

      Create an extranet web portal using third party web based office applications. Ensure that Company A maintains the administrative access.

    • D.

      Schedule server downtime from 12:00 to 1:00 PM, implement a Terminal Server Gateway, use remote installation services to standardize application on user’s laptops.

    Correct Answer
    B. Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.
    Explanation
    This solution meets the most goals outlined in the question. By installing an SSL VPN to Company A's datacenter, all communications between parties will be encrypted in transport. Having users connect to a standard virtual workstation image ensures that they all have the same application sets at the same version. Setting workstation time of day restrictions allows for the system to be inaccessible between 12:00 and 1:00, satisfying that requirement. Additionally, by using a virtual workstation image, it is easy to maintain, patch, and change the application environment.

    Rate this question:

  • 22. 

    • A.

      Option 1

    • B.

      Option 2

    • C.

      Option 3

    • D.

      Option 4

    Correct Answer
    A. Option 1
  • 23. 

    • A.

      Answer: You need to check the hash value of download software with md5 utility.

    • B.

      Option 2

    Correct Answer
    A. Answer: You need to check the hash value of download software with md5 utility.
  • 24. 

    Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more restrictive. Given the following information answer the questions below.User Subnet 192.168.1.0/24Server Subnet 192.168.2.0/24Finance Subnet 192.168.3.0/24Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action and/or rule order columns, Firewall ACLs and read from the top down administrator added a rule to allow their machine terminal server access to the sever subnet. This is not working. Identify this rule and correct this web servers have been changed to communicate soley over SSL. Modify the appropriate rule to allow communications. Administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue. Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

    • A.

      Option 4

    • B.

      192.18.1.0/24 any 192.168.20.0/24 3389 any

    Correct Answer
    B. 192.18.1.0/24 any 192.168.20.0/24 3389 any
    Explanation
    The given correct answer (Option 4) is the rule that the new administrator added to allow their machine terminal server access to the server subnet. However, this rule is not working as intended. The correct configuration should be 192.168.1.0/24 any 192.168.20.0/24 3389 any, which means allowing any traffic from the user subnet (192.168.1.0/24) to the server subnet (192.168.20.0/24) on port 3389 (which is the port used for terminal server access).

    Rate this question:

  • 25. 

    The IDS has detected abnormal behavior on this network. Click on the network devices to view device information. Based on this information, the following tasks need to be completed.1. Select the server that is a victim of a SQL injection attack.2. Select the source of the buffer overflow attack.3. Modify the access control list (ACL) on the routers to ONLY block the buffer overflow attack.

    • A.
    • B.

      Answer: Follow the Steps as 1) Click on the server and find the SQL Server then Note the ip address of the server 2)click on the host machine and find the attacker then note the ip adddress of the host 3)check the host machine ip address in router ac source field and SQL Server ip in destination field and check the deny and uncheck the permit

    Correct Answer(s)
    A.
    B. Answer: Follow the Steps as 1) Click on the server and find the SQL Server then Note the ip address of the server 2)click on the host machine and find the attacker then note the ip adddress of the host 3)check the host machine ip address in router ac source field and SQL Server ip in destination field and check the deny and uncheck the permit
    Explanation
    The explanation provides a step-by-step guide on how to complete the tasks based on the given information. It instructs the user to first identify the SQL Server on the server and note its IP address. Then, they should identify the attacker on the host machine and note its IP address. Finally, they should modify the access control list on the routers by adding the host machine's IP address to the source field and the SQL Server's IP address to the destination field, and then check the deny option and uncheck the permit option.

    Rate this question:

  • 26. 

    Company A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. Modify the proposed network diagram to prevent SQL injections, XSS attacks, smurf attacks, email spam,downloaded malware viruses and ping attacks. The company can spend a maximum of 50,000$ USD. A cost list for each item is listed below.1. Anti-Virus-Server 10,000$2. Firewall 15,000$3. Load Ballance Server 10,000$4. NIDS/NIPS 10,000$5. Packet Analyzer 5,000$6. Patch Server 10,000$7. Proxy Server 10,000$8. Router 10,000$9. Spam Filter 5,000$10. Traffic Shaper 20,000011. Web Application Firewall 10,000$Instructions: Not all placeholders in the diagram need to be filled and items can only be billed once. If you place an object on the network diagram, you can remove it by clicking the (x) in the upper right hand corner of the object.

    • A.

      Answer: Following steps need to do as 8 then 2 replace 6 with 3, 7,11 same segment replace 2 with 1 , put 6 same segment replace 9 with 10 replace 3 with 5 replace 1 with 4

    • B.

      Option 2

    Correct Answer
    A. Answer: Following steps need to do as 8 then 2 replace 6 with 3, 7,11 same segment replace 2 with 1 , put 6 same segment replace 9 with 10 replace 3 with 5 replace 1 with 4
  • 27. 

    A startup company offering software on demand has hired a security consultant to provideexpertise on data security. The company’s clients are concerned about data confidentiality. Thesecurity consultant must design an environment with data confidentiality as the top priority, overavailability and integrity. Which of the following designs is BEST suited for this purpose?

    • A.

      All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment to access the virtualized applications. A secret key kept by the startup encrypts the application virtual memory and data store.

    • B.

      All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment and to access the virtualized applications. Each client has a common shared key, which encrypts the application virtual memory and data store.

    • C.

      Each client is assigned a set of virtual hosts running shared hardware. Physical storage is partitioned into LUNS and assigned to each client. MPLS technology is used to segment and encrypt each of the client’s networks. PKI based remote desktop with hardware tokens is used by the client to connect to the application.

    • D.

      Each client is assigned a set of virtual hosts running shared hardware. Virtual storage is partitioned and assigned to each client. VLAN technology is used to segment each of the client’s networks. PKI based remote desktop access is used by the client to connect to the application.

    Correct Answer
    C. Each client is assigned a set of virtual hosts running shared hardware. pHysical storage is partitioned into LUNS and assigned to each client. MPLS technology is used to segment and encrypt each of the client’s networks. PKI based remote desktop with hardware tokens is used by the client to connect to the application.
    Explanation
    In this scenario, the best design for prioritizing data confidentiality is to assign each client a set of virtual hosts running shared hardware. The physical storage is partitioned into LUNS and assigned to each client, ensuring that their data is kept separate. MPLS technology is used to segment and encrypt each client's networks, providing an additional layer of security. The use of PKI-based remote desktop with hardware tokens adds another level of authentication and secure access for the clients. This design ensures that each client's data is kept confidential and protected from unauthorized access.

    Rate this question:

  • 28. 

    A financial institution wants to reduce the costs associated with managing and troubleshootingemployees’ desktops and applications, while keeping employees from copying data onto externalstorage. The Chief Information Officer (CIO) has asked the security team to evaluate four solutionssubmitted by the change management group. Which of the following BEST accomplishes thistask?

    • A.

      Implement desktop virtualization and encrypt all sensitive data at rest and in transit.

    • B.

      Implement server virtualization and move the application from the desktop to the server.

    • C.

      Implement VDI and disable hardware and storage mapping from the thin client.

    • D.

      Move the critical applications to a private cloud and disable VPN and tunneling.

    Correct Answer
    C. Implement VDI and disable hardware and storage mapping from the thin client.
    Explanation
    Implementing VDI (Virtual Desktop Infrastructure) allows the financial institution to centralize desktop management and troubleshooting, reducing costs associated with managing and troubleshooting employees' desktops and applications. By disabling hardware and storage mapping from the thin client, employees are prevented from copying data onto external storage, ensuring data security. This solution effectively addresses the CIO's objective of reducing costs and preventing data leakage.

    Rate this question:

  • 29. 

    A health service provider is considering the impact of allowing doctors and nurses access to theinternal email system from their personal smartphones. The Information Security Officer (ISO) hasreceived a technical document from the security administrator explaining that the current emailsystem is capable of enforcing security policies to personal smartphones, including screen lockoutand mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost orstolen. Which of the following should the Information Security Officer be MOST concerned withbased on this scenario? (Select THREE).

    • A.

      The email system may become unavailable due to overload.

    • B.

      Compliance may not be supported by all smartphones.

    • C.

      Equipment loss, theft, and data leakage.

    • D.

      Smartphone radios can interfere with health equipment.

    • E.

      Data usage cost could significantly increase.

    • F.

      Not all smartphones natively support encryption.

    • G.

      Smartphones may be used as rogue access points.

    Correct Answer(s)
    B. Compliance may not be supported by all smartpHones.
    C. Equipment loss, theft, and data leakage.
    F. Not all smartpHones natively support encryption.
    Explanation
    The Information Security Officer should be most concerned with the following based on the scenario:

    1. Compliance may not be supported by all smartphones: This is a concern because if not all smartphones support the necessary security policies, it could create vulnerabilities in the system.

    2. Equipment loss, theft, and data leakage: Allowing doctors and nurses to access the internal email system from their personal smartphones increases the risk of equipment loss, theft, and potential data leakage if the phones are not properly secured.

    3. Not all smartphones natively support encryption: Encryption is an important security measure to protect sensitive data. If not all smartphones natively support encryption, it could pose a risk to the confidentiality of the information being transmitted.

    Rate this question:

  • 30. 

    The security administrator at a company has received a subpoena for the release of all the emailreceived and sent by the company Chief Information Officer (CIO) for the past three years. Thesecurity administrator is only able to find one year’s worth of email records on the server and isnow concerned about the possible legal implications of not complying with the request. Which ofthe following should the security administrator check BEFORE responding to the request?

    • A.

      The company data privacy policies

    • B.

      The company backup logs and archives

    • C.

      The company data retention policies and guidelines

    • D.

      The company data retention procedures

    Correct Answer
    B. The company backup logs and archives
    Explanation
    The security administrator should check the company backup logs and archives before responding to the request. This is because the administrator was only able to find one year's worth of email records on the server, indicating that older records may be stored in the backup logs and archives. By checking these sources, the administrator can ensure that all relevant email records are provided in compliance with the subpoena.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 20, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 18, 2013
    Quiz Created by
    Bcorazza
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.