S+ Certmaster Domain 3.0 Exm Questions and Answers

S+ Certmaster Domain 3.0 Exm Questions and Answers An authoritative Domain Name System (DNS) server for a zone creates a Resource Records Set (RRSet) signed with a zone signing key. What is the result of this action? DNS Security Extensions The administrator in an exchange server needs to send digitally signed and encrypted messages. What should the administrator use? S/MIME An organization uses a Session Initiation Protocol (SIP) endpoint for establishing communications with remote branch offices. Which of the following protocols will provide encryption for streaming data during the call? SRTP A web server will utilize a directory protocol to enable users to authenticate with domain credentials. A certificate will be issued to the server to set up a secure tunnel. Which protocol is ideal for this situation? LDAPS A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote access server listening on port 443 to encrypt traffic with a client machine. An IPSec (Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts only the payload of the IP packet. The other mode encrypts the whole IP packet (header and payload). What are these two modes? (Select all that apply.) Tunnel Transport Consider the principles of web server hardening and determine which actions a system administrator should take when deploying a new web server in a demilitarized zone (DMZ). (Select all that apply.) Establish a guest zone Upload files using SSH Use configuration templates Which of the following protocols would secure file transfer services for an internal network? FTPES Implementing Lightweight Directory Access Protocol Secure (LDAPS) on a web server secures direct queries to which of the following? Directory services Select the vulnerabilities that can influence routing. (Select all that apply.) Source routing Route injection Software exploits Management has set up a feed or subscription service to inform users on regular updates to the network and its various systems and services. The feed is only accessible from the internal network. What else can systems administrators do to limit the service to internal access? Provision SSO access. A small organization operates several virtual servers in a single host environment. The physical network utilizes a physical firewall with NIDS for security. What would be the benefits of installing a Host Intrusion Prevention System (HIPS) at the end points? (Select all that apply.) Prevent malicious traffic between VMs Protection from zero day attacks Which of the following provides attestation and is signed by a trusted platform module (TPM)? Measured boot A support technician reviews a computer's boot integrity capabilities and discovers that the system supports a measured boot process. Which statement accurately describes this process? Measured boot will record the presence of unsigned kernel-level code. A developer writes code for a new application, and wants to ensure protective countermeasures against the execution of SQL injection attacks. What secure coding technique will provide this? Input validation A web administrator notices a few security vulnerabilities that need to be addressed on the company Intranet site. The portal must force a secure browsing connection, mitigate script injection, and prevent caching on shared client devices. Determine the secure options to set on the web server's response headers. (Select all that apply.) HTTP Strict Transport Security (HSTS) Content Security Policy (CSP) Cache-Control Which of the following is used to review application code for signatures of known issues before it is packaged as an executable? Static code analysis During the functional testing phase of application development, an application tests for vulnerabilities against the running code. What type of code testing is this? Dynamic analysis