1.

Question
You have been hired as a security expert to implement a security solution to protect an
organization from external threats. The solution should provide packet filtering, VPN
support, network monitoring, and deeper inspection capabilities that give the
organization a superior ability to identify attacks, malware, and other threats.
Which of the following security solutions will you implement to meet the requirement?

• Antivirus
• Anti-malware
• Next-generation firewall (NGFW)
• Endpoint detection and response (EDR)
2. Question
Which of the following statements are true regarding Cloud-based security
vulnerabilities? (Choose all the apply)

• Secure APIs
• Misconfigured Cloud Storage
• Poor Access Control
• Shared Tenancy
Question 3 of 60
3. Question
You have been tasked to implement a solution to send product offers to consumers’
smartphones when they trigger a search in a particular geographic location, enter a mall,
neighborhood, or store.
What solution will you implement in order to achieve that?

• Push notifications
• Remote wipe
• Geofencing
• Geolocation
4. Question
You have been tasked to implement a solution to increase the security of your
company’ s local area network (LAN). All of the company’ s external-facing servers
(Web server, Mail server, FTP server) should be placed in a separate area in order to be
accessible from the internet, but the rest of the internal LAN to be unreachable.
Which of the following techniques will you implement to meet the requirement?

• DNS
• VLAN
• VPN
• DMZ
5. Question
Application whitelisting prevents undesirable programs from executing, while application
blacklisting is more restrictive and allows only programs that have been explicitly
permitted to run.

• TRUE
• FALSE
6. Question
One of the features of SNMPv3 is called message integrity.

• TRUE
• FALSE
7. Question
Which of the following features will you use to remotely clear your phones’ data in the
event of losing your phone?

• Push notifications
• Remote wipe
• Geofencing
• Geolocation
8. Question
As a security expert of your company you are responsible for preventing unauthorized
(rogue) Dynamic Host Configuration Protocols servers offering IP addresses to the
clients.
Which of the following security technology will you implement to meet the requirement?

• Jump server
• DHCP snooping
• BPDU guard
• MAC filtering
9. Question
You have been tasked to access a remote computer for handling some administrative
tasks over an unsecured network in a secure way.
Which of the following protocols will you use to access the remote computer to handle
the administrative tasks?

• SSH
• LDAPS
• SRTP
• HTTPS
10. Question
__________ is the first step where hacker gathers as much information as possible to
find ways to intrude into a target system or at least decide what type of attacks will be
more suitable for the target.

• War Driving
• OSINT
• Footprinting
• Cleanup
11. Question
A hacker attacks a network with the aim of maintaining ongoing access to the targeted
network rather than to get in and out as quickly as possible with the ultimate goal of
stealing information over a long period of time. Which type of attack a hacker used in this
case?

• Advanced persistent threat (APT)

• Insider threat
• State actors
• Hacktivism
12. Question
A zero-day attack is an attack that exploits a potentially serious software security
weakness that the vendor or developer may be unaware of. (True/False)

• FALSE
• TRUE
13. Question
The type of hackers that violates computer security systems without permission, stealing
the data inside for their own personal gain or vandalizing the system is commonly known
as:

• Red-Hat hackers
• Black-Hat hackers
• Gray-Hat hackers
• White-Hat hackers
14. Question
In which of the following load balancer mode, two or more servers aggregate the
network traffic load and work as a team distributes it to the network servers?

• Active/active
• Active/passive
• Passive/active
• Passive/passive
15. Question
The type of hackers that are experts in compromising computer security systems and
use their abilities for good, ethical, and legal purposes rather than bad, unethical, and
criminal purposes is commonly known as:

• Red-Hat hackers
• Gray-Hat hackers
• Black-Hat hackers
• White-Hat hackers
16. Question
It has been noticed the Wi-Fi of your company is slow and sometimes not operational.
After investigation, you noticed this caused by channel interference.
Which of the following solutions will you implement to avoid problems such as channel
interference when you build your WLAN?

• Captive portal
• You can't avoid channel interference
• WiFi Protected Setup
• Heat maps
17. Question
Your manager trying to understand the difference between SFTP and FTPS. So, he
asked you to explain the difference between those.
Which of the following statements are correct? (Choose all that apply.)

• FTPS, also known as FTP Secure or FTP-SSL

• FTPS authenticates your connection using a user ID and password or SSH
Keys
• SFTP protocol is packet-based as opposed to text-based making file
and data transfers faster
• SFTP authenticates your connection using a user ID and password, a
certificate, or both
• SFTP, also known as SSH FTP, encrypts both commands and data while
in transmission
18. Question
A _____________ certificate is a digital certificate that’ s not signed by a publicly trusted
certificate authority (CA). These certificates are created, issued, and signed by the
company or developer who is responsible for the website or software being signed.

• Code signing certificates

• Wildcard
• Self-signed
• Subject alternative name
19. Question
What technique is used for IP address conservation by making private IP addresses to
connect to the Internet?

• NAT
• WAF
• ACL
• UTM
20. Question
Which of the following options are authentication protocols? (Choose all the apply)

• WPA2
• EAP
• WPA3
• PEAP
• RADIUS
21. Question
Which of the following VPN solutions is used to connect two local area networks (LANs)
utilized by businesses large and small that want to provide their employees with secure
access to network resources?

• Proxy server
• Site-to-site
• Split tunnel
• Remote access
22. Question
Which of the following technologies will you use in order to send instant notifications to
your subscribed users each time you publish a new blog post on your website?

• Push notifications
• Remote wipe
• Geolocation
• Geofencing
23. Question
The main goal of performing a wireless site ________________ is to reveal areas of
channel interference and dead zones, helping you avoid problems as you build the
network and prevent obstacles for network users.

• Survey
• Inspection
 • Check
• Scan
24. Question
Assuming you have the domain yourcompany.com with the following sub-domains:
http://www.yourcompany.com
mail.yourcompany.com
intranet.yourcompany.com
secure.yourcompany.com
me.yourcompany.com
Which of the following types of certificates will you choose to secure all the first-level
sub-domains on a single domain name?
• Wildcard
• Self-signed
• Code signing certificates
• Subject alternative name
25. Question
WiFi ____________ Setup is a wireless network security standard that tries to make
connections between a router and wireless devices faster, easier, and more secure.

• Protected
• Secured
• Faster
• Easier
26. Question
The type of network hardware appliance that protects networks against security threats
(malware, attacks) that simultaneously target separate parts of the network by
integrating multiple security services and features is known as:

• Network address translation (NAT)

• Web application firewall (WAF)
• Content/URL filter
• Unified threat management (UTM)
27. Question
Which of the following authentication protocols allows you to use an existing account to
sign in to multiple websites, without needing to create new passwords?

• Kerberos
• TACACS+
• OpenID
• OAuth
28. Question
In the form of Rule-Based Access Control, data are accessible or not accessible based
on the user’ s IP address.

• FALSE
• TRUE
29. Question
You have been tasked to implement a solution to encrypt data as it is written to the disk
and decrypt data as it is read off the disk.
Which of the following solution will you implement to meet the requirement?

• Trusted Platform Module

• Self-encrypting drive (SED) / full-disk encryption (FDE)
• Sandboxing
• Root of trust
30. Question
For security and monitoring purposes your company instructed you to implement a
solution so that all packets entering or exiting a port should be copied and then should
be sent to a local interface for monitoring.
Which of the following solution will you implement in order to meet the requirement?

• Quality of service (QoS)

• File Integrity Monitoring
• Port mirroring
• Access control list (ACL)
31. Question
Which of the following Public key infrastructure (PKI) terms is known as an organization
that acts to validate the identities of entities (such as websites, email addresses,
companies, or individual persons) and bind them to cryptographic keys through the
issuance of electronic documents known as digital certificates?

• Online Certificate Status Protocol (OCSP)

• Registration authority (RA)
• Certificate authority (CA)
• Certificate signing request (CSR)
32. Question
You have been tasked to implement a security solution so all the network events from
your company should be recorded in a central database for further analysis.
Which of the following security solutions will you implement to meet the requirement?

• Endpoint detection and response (EDR)

• Antivirus
• Anti-malware
 • Next-generation firewall (NGFW)
33. Question
The network administrator from your company notices that the network performance has
been degraded due to a broadcast storm.
Which of the following techniques will you recommend to the network administrator in
order to reduce broadcast storms? (Choose all that apply)

• Split up your broadcast domain

• Check how often ARP tables are emptied
• Check for loops in switches
• Allow you to rate-limit broadcast packets
• Split up your collision domain
34. Question
Which of the following options are cryptographic protocols? (Choose all the apply)

• PEAP
• SAE
• WPA2
• CCMP
• EAP
• WPA3
35. Question
Which of the following types of certificates will you use to digitally sign your apps as a
way for end-users to verify that the code they receive has not been altered or
compromised by a third party?

• Subject alternative name

• Code signing certificates
• Self-signed
• Wildcard
36. Question
A/An _______________ is a contract between a service provider and its customers that
documents what services the provider will furnish and defines the service standards the
provider is obligated to meet.

• Non-Disclosure Agreement (NDA)

• Memorandum of understanding (MOU)
• Service level agreement (SLA)
• End of life (EOL)
37. Question
A ___________________ is a legally enforceable contract that establishes
confidentiality between two parties—the owner of protected information and the recipient
of that information.

• Non-Disclosure Agreement (NDA)

• End of life (EOL)
• Service-level agreement (SLA)
• Memorandum of understanding (MOU)
38. Question
Which of the following tools can you use to perform manual DNS lookups? Assuming
you are working on a Linux environment. (Choose all that apply)

• pathping
• ifconfig
• route
• dig
• nslookup
39. Question
______________________ Assertions Markup Language is an important component of
many SSO systems that allow users to access multiple applications, services, or
websites from a single login process. It is used to share security credentials across one
or more networked systems.

• Service
• Sign
• Security
• Single
40. Question
_________________ measures the predicted time that passes between one previous
failure of a mechanical/electrical system to the next failure during normal operation. In
simpler terms, it helps you predict how long an asset can run before the next unplanned
breakdown happens.

• Mean time to repair (MTTR)

• Mean time between failures (MTBF)
• Recovery Time Objective (RTO)
• Recovery point objective (RPO)
41. Question
The log file of your company’ s network status is updated frequently, and the most
critical information is on the first five lines. You want to avoid opening the entire file each
time, only to view the first five lines.
What command will you use to view only the first five lines of the log file?
 • chmod
• cat
• head
• tail
42. Question
In the form of Role-Based Access Control, data are accessible or not accessible based
on the user’ s IP address.

• TRUE
• FALSE
43. Question
You have been noticed that the email server doesn’ t work. Your manager said that
someone from the company changed the DNS records (MX) of the email server.
Which of the following commands will you type to find the new MX records of the server?

• tracert
• nslookup
• ping
• ipconfig
44. Question
Which of the following process describes how long businesses need to keep a piece of
information (a record), where it’ s stored, and how to dispose of the record when its
time?

• Retention policy
• Business continuity plan
• Incident response team
• Disaster recovery plan
45. Question
_________________ is a strategy that ensures continuity of operations with minimal
service outage or downtime. It is designed to protect personnel or assets and make sure
they can function quickly when a disaster strikes such as natural disasters or cyber-
attacks.

• Annualized loss expectancy (ALE)

• Single loss expectancy (SLE)
• Business continuity plan
• Annualized rate of occurrence (ARO)
46. Question
The _________________ is described as an estimated frequency of the threat occurring
in one year.
 • Annualized rate of occurrence (ARO)
• Business continuity plan
• Single loss expectancy (SLE)
• Annualized loss expectancy (ALE)
47. Question
Wireshark is a command-line utility that allows you to capture and analyze network traffic
going through your system. It is often used to help troubleshoot network issues, as well
as a security tool. (True/False)

• FALSE
• TRUE
48. Question
Access _________________ List is a network traffic filter that controls incoming or
outgoing traffic. It works on a set of rules that define how to forward or block a packet at
the router’ s interface.

• Filter
• Security
• Service
• Control
49. Question
The ____________ is the duration of time and a service level within which a business
process must be restored after a disaster in order to avoid unacceptable consequences
associated with a break in continuity.

• Recovery Time Objective (RTO)

• Mean time to repair (MTTR)
• Recovery point objective (RPO)
• Mean time between failures (MTBF)
50. Question
______________ is a set of rules designed to give EU citizens more control over their
personal data.

• Payment Card Industry Data Security Standard (PCI DSS)

• International Organization for Standardization (ISO)
• General Data Protection Regulation (GDPR)
• National Institute of Standards and Technology (NIST)
51. Question
You have been tasked to configure the Wi-Fi of your company’ s LAN to allow certain
computers to have access to the Internet and the rest computers need to be blocked.
Which of the following security technology will you implement to meet the requirement?
 • DHCP snooping
• BPDU guard
• Jump server
• MAC filtering
52. Question
PC1 can ping the printer device on the Marketing team network but can’ t ping the
printer on the Sales team network. Assuming you are working on a Linux environment,
which of the following commands will you type to get details about the route that packets
go through from the PC1 to the printer on the Sales team network?

• tracert
• ifconfig
• traceroute
• dig
53. Question
_________________ is the average time it takes to recover from a product or system
failure. This includes the full time of the outage—from the time the system or product fails
to the time that it becomes fully operational again.

• Recovery point objective (RPO)

• Recovery Time Objective (RTO)
• Mean time to repair (MTTR)
• Mean time between failures (MTBF)
54. Question
Assuming you are working on a Windows environment. What command will you type to
identify the number of hops and the time it takes for a packet to travel between your
local computer and your web server?

• tracert
• ipconfig
• nslookup
• ping
55. Question
Which of the following VPN solutions is used to connect a personal user device to a
remote server on a private network?

• Split tunnel
• Remote Access
• Site-to-site
• Proxy server
56. Question
Which of the following process is designed to protect personnel or assets and make sure
they can function quickly when a disaster strikes (natural disasters, cyber-attacks)?

• Retention policy
• Disaster recovery plan
• Incident response team
• Business continuity plan
57. Question
Assuming you are working on a Windows environment. For troubleshooting reasons, you
need to discover your IP information, including DHCP and DNS server addresses from
your current workstation.
Which of the following commands will help you to troubleshoot the network?

• nslookup
• tracert
• ping
• ipconfig
58. Question
A _______________ is an agreement between two or more parties outlined in a formal
document. It is not legally binding but signals the willingness of the parties to move
forward with a contract.

• Service level agreement (SLA)

• End of life (EOL)
• Memorandum of understanding (MOU)
• Non-Disclosure Agreement (NDA)
59. Question
You need to mitigate all the networking attacks that exploit open unused TCP ports on
your system.
Which of the following command displays active TCP connections and ports on which
the computer is listening?

• netstat
• route
• arp
• sn1per
60. Question
In cloud computing, the ability to scale up and down resources based on the user’ s
needs is known as:

• Dynamic resource allocation

• Virtual private cloud
• Network segmentation
• Public subnet