4. Atan organization, unauthorized users have been accessing network resources via unused. network wall jacks. Which of the folowing would be used to stop unauthorized access? ‘A. Configure an access list B, Configure spanning tree protocol . Configure port security D. Configure loop protection. ‘Questions 4 Answer :C Explanation: Port security in IT can mean several things. It can mean the physical control of all connection points, such as RI-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. This can be accomplished by locking, down the wiring closet and server vaults and then disconnecting the workstation run from the patch panel (or punch-down block) that leads to a rooms wall jack. Any unneeded or unused wall jacks can (end should) be physically disabled in this manner. Another option isto use a smart patch panel that can monitor the MAC address of any device connected to each and every wall port across a building and detect not just when a new device is connected to an empty port, but also when a valid device is disconnected or replaced by an invalid device. 5. FIP/S uses which of the following TCP ports by default? A 20and 21. B 139 and 445, © 443 and 22. . 989 and 990. ‘Questions 5 Answer :D Explanation: FTPS uses ports 989 and 990. 66 Which of the following best practices makes a wireless network more difficult to find? ‘A. Implement MAC filtering. B, UsolWPA2-PSk. . Disable SSID broadcast. . Power down unused WAPS. ‘Questions 6 Answer: C Explanation: Network administrators may choose to disable SSID broadcast to hide their network from Unauthorized personnel. However, the SSID is stil needed to direct packets to and from the base station, soitsa discoverable value using a wireless packet sniffer. Thus, the SSID should be dsabled ifthe network isnt for public use.7..When performing the daily review of the system vulnerability scans ofthe network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number, oe researches the assigned vulnerability identification rurmber from, the vendor website. Joe proceeds with apolving the recommended solution for identified vulnerability ‘Which of the following isthe type of vulnerability described? A. Network based. B. IDs. . Signature based. D. Host based. ‘Questions 7 Answer: C Explanation: A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and, accurately detect any event from its database of signatures. '8.A network administrator has been tasked with securing the WLAN. Which of the following ‘cryptographic products would be used to provide the MOST secure environment for the WLAN? ‘A. WPA2 COMP, 3, WPA C. WPAwith MAC firing. D. WPA2 TKIP. Questions 8 Answer: A Explanation: CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than the WEP protocol and TKIP protocol of WPA. CCM provides the following security services: Data confidentiality; ensures oniy authorized parties can access the information Authentication; provides proof of ‘enuineness of the user Access control in conjunction with layer management Because CCMP is a block cipher ‘mode using a 128-bit key, it is secure against attacks to the 264 steps of operation. 9. An administrator would lke to review the effectiveness of existing security in the enterprise. ‘Which of the following would be the BEST place to start? A. Roview past security incidents and their resolution B. Rewrite the existing security policy. . Implement an intrusion prevention system. D. Install honey pot systems. ‘Questions 9 Answer: C Explanation: The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity attempt to block/stop it, and report it ‘Questions 10 Answer :C Explanation: Firewalls manage traffic using filters, which just a rule or setof rules. A recommended guideline for firewall rules is, deny by default; allow by exception. This means that if a network connection is not specifically allowed, it willbe denied.10. Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks? ‘A. Implement a HIDS to protect the SCADA system. B, Implement. Layer 2 switch to access the SCADA system. C. Implement firewall to protect the SCADA system. D. Implement a NIDS to protect the SCADA system,