Students also studied
Study guides
Practice questions for this set
High-interaction honeypot
A high-interaction honeypot is designed for capturing much more information from the threat actor. Usually, it is configured with a mặc định login and loaded with software, data files that appear đồ sộ be authentic but are actually imitations of real data files (honeyfiles), and fake telemetry.
Which statement regarding a demilitarized zone (DMZ) is NOT true?
a. It typically includes an gmail or trang web server.
b. It contains servers that are used only by internal network users.
c. It provides an extra degree of security.
d. It can be configured đồ sộ have one or two firewalls.
Hanna has received a request for a data phối of actual data for testing a new tiện ích that is being developed. She does not want the sensitive elements of the data đồ sộ be exposed. What technology should she use?
a. Masking
b. PII Hiding
c. Tokenization
d. Data Object Obfuscation (DOO)
Which of the following contains honeyfiles and fake telemetry?
a. Honeypotnet
b. Attacker-interaction honeypot
c. High-interaction honeypot
d. Honeyserver
Which of these is NOT used in scheduling a load balancer?
a. Round-robin
b. Data within the application message itself
c. The IP address of the destination packet
d. Affinity
Which firewall rule action implicitly denies all other traffic unless explicitly allowed? a. Force Deny
b. Bypass
c. Allow
d. Force Allow
Allow Allow implicitly denies all other traffic unless explicitly allowed.
Which of the following is NOT a NAC option when it detects a vulnerable endpoint? a. Give restricted access đồ sộ the network.
b. Update Active Directory đồ sộ indicate the device is vulnerable.
c. Deny access đồ sộ the network.
d. Connect đồ sộ a quarantine network.
Update Active Directory đồ sộ indicate the device is vulnerable. NAC does not update Active Directory.
How does BPDU guard provide protection? a. All firewalls are configured đồ sộ let BPDUs pass đồ sộ the external network.
b. BPDUs are encrypted so sánh that attackers cannot see their contents.
c. It sends BPDU updates đồ sộ all routers.
d. It detects when a BPDU is received from an endpoint.
It detects when a BPDU is received from an endpoint.
Which statement regarding a demilitarized zone (DMZ) is NOT true? a. It typically includes an gmail or trang web server.
b. It contains servers that are used only by internal network users.
c. It provides an extra degree of security.
d. It can be configured đồ sộ have one or two firewalls.
It contains servers that are used only by internal network users. It contains servers that are used only by external and not internal network users.
Which type of monitoring methodology looks for statistical deviations from a baseline? a. Heuristic monitoring
b. Signature-based monitoring
c. Anomaly monitoring
d. Behavioral monitoring
Anomaly monitoring Anomaly monitoring is designed for detecting statistical anomalies.
Maja has been asked đồ sộ investigate DDoS mitigations. Which of the following should Maja consider? a. MAC pit
b. DDoS Prevention System (DPS)
c. IP denier
d. DNS sinkhole
DNS sinkhole A DNS sinkhole changes a normal DNS request đồ sộ a pre-configured IP address that points đồ sộ a firewall that has a rule of Deny phối for all packets so sánh that every packet is dropped with no return information provided đồ sộ the sender. DNS sinkholes are commonly used đồ sộ counteract DDoS attacks. Many enterprises contract with a DDoS mitigation service that helps identify DDoS traffic so sánh that it is sent đồ sộ a sinkhole while allowing legitimate traffic đồ sộ reach its destination.
Which of the following is NOT a firewall rule parameter? a. Action
b. Time
c. Context
d. Visibility
Visibility There is no visibility firewall parameter.
Which of these is NOT used in scheduling a load balancer?
a. Round-robin
b. Data within the application message itself
c. The IP address of the destination packet
d. Affinity
Data within the application message itself A load balancer does not consider the contents of the payload in scheduling.
Leah is researching information on firewalls. She needs a firewall that allows for more generic statements instead of creating specific rules. What type of firewall should Leah consider purchasing that supports her need? a. Policy-based firewall
b. Content/URL filtering firewall
c. Proprietary firewall
d. Hardware firewall
Policy-based firewall A more flexible type of firewall phàn nàn a rule-based firewall is a policy-based firewall. This type of firewall allows for more generic statements đồ sộ be used instead of specific rules.
What is a virtual firewall? a. A firewall that runs in the cloud
b. A firewall appliance that runs on a LAN
c. A firewall that runs in an endpoint virtual machine
d. A firewall that blocks only incoming traffic
A firewall that runs in the cloud A virtual firewall is one that runs in the cloud. Virtual firewalls are designed for settings, such as public cloud environments, in which deploying an appliance firewall would be difficult or even impossible.
Which device intercepts internal user requests and then processes those requests on behalf of the users? a. Reverse proxy server
b. Intrusion prevention device
c. Host detection server
d. Forward proxy server
Forward proxy server A forward proxy is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user.
Emilie is reviewing a log tệp tin of a new firewall. She notes that the log indicates packets are being dropped for incoming packets for which the internal endpoint did not initially create the request. What kind of firewall is this? a. Packet filtering firewall
b. Stateful packet filtering
c. Proxy firewall
d. Connection-aware firewall
Stateful packet filtering Stateful packet filtering uses both the firewall rules and the state of the connection: that is, whether the internal device requested each packet. A stateful packet filtering firewall keeps a record of the state of a connection between an internal endpoint and an external device.
Sofie needs đồ sộ configure the VPN đồ sộ preserve bandwidth. Which configuration would she choose? a. Split tunnel
b. Narrow tunnel
c. Full tunnel
d. Wide tunnel
Split tunnel Not all traffic—such as trang web surfing or reading personal email—needs đồ sộ be protected through a VPN. In this case, a split tunnel, or routing only some traffic over the secure VPN while other traffic directly accesses the Internet, may be used instead. This can help đồ sộ preserve bandwidth and reduce the load on the VPN concentrator.
Which of the following is NOT correct about L2TP? a. It must be used on HTML5 compliant devices.
b. It is used as a VPN protocol.
c. It is paired with IPSec.
d. It does not offer encryption.
It must be used on HTML5 compliant devices. L2TP does not have đồ sộ be used in conjunction with HTML5.
Hanna has received a request for a data phối of actual data for testing a new tiện ích that is being developed. She does not want the sensitive elements of the data đồ sộ be exposed. What technology should she use? a. Masking
b. PII Hiding
c. Tokenization
d. Data Object Obfuscation (DOO)
Masking When the data is used only for testing purposes, such as determining if a new tiện ích functions properly, masking may be used. Data masking involves creating a copy of the original data but obfuscating (making unintelligible) any sensitive elements such as a user's name or Social Security number.