Protocols
Which of the following protocols can make accessing data using man-in-the-middle attacks difficult while web browsing?
a. HTTP
b. DNSSEC
c. IPv6
d. SFTP
c. Correct. IPv6 can implement end-to-end encryption, making man-in-the-middle attacks significantly more difficult.
Which of the following is a feature of secrets management?
a. Decreased latency
b. Data availability
c. Default encryption
d. Data redundancy
c. Default encryption. When secrets management is implemented, data is encrypted in transit and at rest with AES-256-bit encryption keys.
What is a Type I hypervisor?
a. A hypervisor that runs directly on computer hardware
b. A hypervisor that runs on host operating system
c. A hypervisor that uses binary files for virtualization
d. A hypervisor that runs on security devices
a. Correct. A Type I hypervisor runs directly on computer hardware.
Which of the following statements correctly defines jamming?
a. An attacker creates false deauthentication or disassociation management frames that appear to come from another client device, causing the client to disconnect from the AP.
b. An attacker intentionally floods the RF spectrum with extraneous RF signal "noise" that creates interference and prevents communications.
c. An attacker circumvents the security protections in the company's network, accessing the network behind the firewall.
d. An attacker tries to mimic an authorized AP, so a user's mobile device such as a laptop or tablet unknowingly connects to the evil twin instead.
b. Correct. Jamming occurs when an attacker intentionally floods the radio frequency (RF) spectrum with extraneous RF signal "noise" that creates interference and prevents communications from occurring.
John is instructed by his CEO to introduce an employee attendance system that replaces the current manual-sign register. The organization doesn't allow personal electronic devices into the premises.
What method should John use for this system?
a. NFC
b. RFID
c. Bluetooth
d. WLAN network
b. Correct. Radio frequency identification (RFID) is commonly used to transmit information between paper-based tags that can be detected by a proximity reader. RFID tags do not require a power supply as they are small and thinner than a sheet of paper. This tag can be added to the employee's ID and tapped on the reader to mark attendance and prevent employees from physically touching the same surface and spreading communicable diseases.
Which of the following protocol can be used for secure routing and switching?
a. DNSSEC
b. IPsec
c. HTTPS
d. HTTP
b. Correct. Internet protocol security (IPSec) is a secure network protocol that authenticates and encrypts the data.
Which site survey tool is used to visually represent wireless network details such as channel bandwidth, channel coverage, data rate, and interference, among others?
a. Wi-Fi analyzers
b. Heat maps
c. Channel overlays
d. Channel selection
a. Correct. A Wi-Fi analyzer helps to visualize essential details of the wireless network. An analyzer can provide information such as signal strength, network health, channel bandwidth, channel coverage, data rate, and interference (noise).
Which of the following tools can be used to secure multiple VMs?
a. Firewall
b. Intrusion detection system
c. Antivirus
d. Firewall virtual appliance
d. Correct. A firewall virtual appliance is a virtualized version of a firewall by which VMs can be protected.
In which type of RFID attack can unauthorized users listen to communications between RFID tags and readers?
a. Unauthorized tag access
b. Eavesdropping
c. Fake tags
d. Data theft
b. Correct. In eavesdropping, unauthorized users can listen to communications between RFID tags and readers.
Mike, an employee at your company, approached you seeking help with his virtual machine. He wants to save the current state of the machine to roll back to the saved state in case of a malfunction. Which of the following techniques can help Mike?
a. Apply sandboxing to save the virtual machine state
b. Take snapshots to save the virtual machine state
c. Use containers to save the virtual machine state
d. Use LDAP to save the virtual machine state
b. Correct. Saved snapshots allow a virtual machine to roll back to the state when the snapshot was taken.
Which of the following protects SNMP-managed devices from unauthorized access?
a. Community string
b. Resource records
c. X.500
d. X.500 lite
a. Correct. The community string is a password that protects SNMP-managed devices from unauthorized access.
Which wireless probe can be designed by configuring a laptop computer to scan and record wireless signals within its range at regular intervals and report the information to a centralized database?
a. Access point probe
b. Dedicated probes
c. Desktop probe
d. Wireless device probe
d. Correct. A standard wireless device, such as a portable laptop computer, can be configured to act as a wireless probe. At regular intervals during the normal course of operation, the device can scan and record wireless signals within its range and report this information to a centralized database. The scanning is performed when the device is idle and not receiving any transmissions. Using several mobile devices as wireless device probes can provide a high degree of accuracy in identifying rogue access points.
In an interview, you are asked about the role played by virtual machines in load balancing. Which of the following should be your reply?
a. If the load on a virtual machine increases, the RAM or disk space of the VM can be extended until the load is balanced.
b. If the load on a virtual machine increases, the virtual machine can balance the load by rejecting low-priority requests.
c. If the virtual machine's load increases, the virtual machine can be migrated to another physical machine with more capabilities.
d. If the virtual machine's load increases, the virtual machines can balance the load by denying further access.
c. Correct. A virtual machine can be easily migrated to another physical device with more capabilities when the load increases.
Which of the following tools can be used to protect containers from attack?
a. Software-defined visibility
b. Software-defined networking
c. Security-Enhanced Linux
d. Virtual machine manager
c. Correct. Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.
In an interview, you were asked to briefly describe how emails containing malware or other contents are prevented from being delivered. Which of the following should be your reply?
a. SMTP relays prevent unwanted mails from being delivered.
b. X.500 prevents unwanted mails from being delivered.
c. Mail gateways prevent unwanted mails from being delivered.
d. LDAP prevents unwanted mails from being delivered.
c. Correct. Mail gateways monitor emails for unwanted content and prevent these messages from being delivered.
You are asked to transfer a few confidential enterprise files using the file transfer protocol (FTP). For ensuring utmost security, which variant of FTP should you choose?
SFTP. The SSH file transfer protocol (SFTP) encrypts and compresses all data and commands to provide utmost security.
NOT FTPS - The file transfer protocol secure (FTPS) does not encrypt data port commands; thus, utmost security cannot be achieved.
What type of APs can be managed by wireless LAN controllers (WLCs)?
Controller AP. Controller APs can be managed through a dedicated wireless LAN controller (WLC). The WLC is a single device that can be configured and then used to automatically distribute the settings to all controller APs. A remote office WLAN controller manages multiple WLCs at remote sites from a central location.
David is asked to test a new configuration on a virtual machine; if it does not work, it should roll back to the older state. What should David do before testing the new configuration so he can roll it back to the previous state if needed?
Take a snapshot of the virtual machine before loading the configuration. Taking a snapshot of the virtual machine (VM) before testing the configuration will allow it to be rolled back to the snapshot if the configuration is not working.
Which type of wireless attack is designed to capture wireless transmissions coming from legitimate users?
Evil twin. An evil twin is designed to mimic an authorized access point (AP) so that a user's mobile device, such as a laptop or tablet, unknowingly connects to the evil twin instead. Attackers can then capture the transmissions from users to the evil twin access point (AP).
Suzanne is a cybersecurity expert. She was approached by Alex with a complaint that his payment information has leaked even though he has not made any online payments or shared information with anyone. Suzanne concluded that attackers most likely bumped a portable reader against Alex's smartphone to make an NFC connection and steal the payment information stored on the phone.
What should Suzanne suggest to Alex to prevent this type of attack from happening in the future?
Alex should configure his device pairing so one device can only send and the other only receive. Alex was the victim of data theft through NFC. He can prevent this in the future by ensuring his NFC is turned off when he is in crowded areas.
Which of the following protocols allows John to prevent unwanted network access, provide security, and be configured to permit traffic only from specific addresses?
MAC. The media access control address (MAC) is a hardware address that uniquely identifies each network node. It is a unique 48-bit number "burned" into the network interface card adapter when it is manufactured. MAC filtering is a security measure to prevent unwanted network access by hackers.
Which wireless technology will John use to provide wide-range cellular service that focuses on indoor coverage, low cost, long battery life, high connection density, and has a low-power wide-area network?
Narrowband IoT. The narrowband internet of things (NB-IoT) is a low-power wide-area network (LPWAN) radio technology standard. NB-IoT is a wide-range cellular service that focuses on indoor coverage, low cost, long battery life, and high connection density.
Sherlin is the owner of a cosmetics store. She wanted to introduce a wireless network in the store, but her IT department was against it. Sherlin ended up purchasing an inexpensive wireless router and secretly connected it to the wired network. Unfortunately, this unknowingly provided open access to the wireless signal.
What type of attack has Sherlin made her store's network vulnerable to?
Rogue access point. A rogue AP is an unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks. For example, although firewalls are typically used to restrict specific attacks from entering a network, an attacker who can access the network through a rogue AP is behind the firewall.
Which type of attack can give an attacker access to a device and allow them to copy personal information using an unauthorized radio frequency connection?
Bluesnarfing. Bluesnarfing is a type of attack that uses unauthorized access to steal information from a wireless device through a Bluetooth connection. In a Bluesnarfing attack, the attacker can copy emails, calendars, contact lists, cell phone pictures, or videos by connecting to the Bluetooth device without the owner's knowledge or permission.
Sherry needs to suggest a technology that can enable smartphones or laptops to control multiple devices like speakers, mice, etc., within a 100-meter distance. The device should also be connected without any wired connection.
Which technology should Sherry suggest?
Bluetooth technology can be used to connect devices without any wired connection. Bluetooth is a wireless technology that uses short-range RF transmissions. It enables users to connect wirelessly to a wide range of computing and telecommunications devices by providing rapid "on-the-fly" connections between Bluetooth-enabled devices. This can be of use in medical and health services.