SECURITY+ CERTMASTER CE TEST 3 QUESTIONS WITH CORRECT DETAILED ANSWERS

SECURITY+ CERTMASTER CE TEST 3 QUESTIONS WITH CORRECT DETAILED ANSWERS HTML5 VPN -Answer-Systems administrators want to set up a way to perform remote administration from home. Rather than installing a software agent, the solution should use an underlying technology that is available to an application, such as a web browser. Which option would best support these requirements? Broadcast storms -Answer-A network engineer is plugging in new patch cables and wants to prevent inadvertent disruptions to the network while doing so. What will the engineer prevent if Spanning Tree Protocol (STP) is configured on the switches? Provide secure access to DMZ servers. -Answer-What is a jump server commonly used for? Reverse Proxy -Answer-A company hosts internal web servers between two firewalls: one firewall at the edge network and another near the internal gateways. A recent security audit advised the company to utilize filtering rules for connections between remote clients and these internal web servers. Which of the following will satisfy the security advice? Signature-based -Answer-An administrator deploys a basic network intrusion detection system (NIDS) device to identify known attacks. What detection method does this device use? -Block TCP ports -Allow network protocols -Answer-A network administrator set up a basic packet filtering firewall using an open-source application running on a Linux virtual machine. The immediate benefit to this deployment is the quick configuration of basic firewall rules. What other functionality would influence a decision to deploy a stateless, rather than stateful, firewall? (Select all that apply.) ACL -Answer-An administrator navigates to the Windows Firewall with Advanced Security. The inbound rules show a custom rule, which assigned the action, "Allow the connection" to all programs, all protocols, and all ports with a scope of 192.168.0.0/24. This is an example of what type of security setting? -Message authentication -Block source routed packets -Answer-A company is renovating a new office space and is updating all Cisco routers. The up-to-date Internetwork Operating System (IOS) will provide the best protection from zero-day exploits. What other options could a network administrator configure for route security? (Select all that apply.) Use 802.1p header. -Answer-Users are reporting jittery video communication during routine video conferences. What can a system administrator implement to improve video quality and overall use of the network bandwidth? -Unlike WPA, WPA2 supports an encryption algorithm based on the Advanced Encryption Standard (AES) instead of the version of RC4 "patched" with the Temporal Key Integrity Protocol (TKIP). - - - -Answer-What are the differences between WPA and WPA2? (Select all that apply.) -WPA3 -SAE -Answer-Which wireless configurations provide the most up-to-date and secure way of connecting wireless devices to an office or home network? (Select all that apply.) -Survey a site for signal strength -Determine where to place access points -Answer-What are the benefits of using Wi-Fi heat maps for existing wireless networks? (Select all that apply.) Configure VPC endpoint interface. -Answer-A cloud administrator deploys two cloud servers on the Amazon Web Services (AWS) platform, each in a separately defined virtual network. How does the administrator get both servers to communicate with each other without using an Internet gateway? Use separate VPCs for each network segment. -Answer-A cloud customer prefers separating storage resources that hold different sets of data in virtual private clouds (VPCs). One of those data sets must comply with Health Insurance Portability and Accountability Act (HIPAA) guidelines for patient data. How should the customer configure these VPCs to ensure the highest degree of network security? -Spike in API calls -78% average error rate -Answer-A cloud service provider (CSP) dashboard provides a view of all applicable logs for cloud resources and services. When examining the application programming interface (API) logs, the cloud engineer sees some odd metrics. Which of the following are examples that the engineer would have concerns for? (Select all that apply.) The provider is responsible for the availability of any application software. -Answer-A company is looking into integrating on-premises services and cloud services with a cloud service provider (CSP) under an Infrastructure as a Service (IaaS) plan. Which of the following statements would NOT apply in this case? Allow list -Answer-A company set up controls to allow only a specific set of software and tools to install on workstations. A user navigates to a software library to make a selection. What type of method prevents installation of software that is not a part of a library? CASB -Answer-A company would like to deploy a software service to monitor traffic and enforce security policies in their cloud environment. What tool should the company consider using? CASB -Answer-A large firm requires better control over mobile users' access to business applications in the cloud. This will require single-sign on and support for different device types. What solution should the company consider using? -A solution that is known as zone-redundant storage. -Access is available if a single data center is destroyed. -Answer-An organization moves its data to the cloud. Engineers utilize regional replication to protect data. Review the descriptions and conclude which ones apply to this configuration. (Select all that apply.) -Regional replication -High availability -Answer-Cloud service providers make services available around the world through a variety of methods. The concept of a zone assumes what type of service level? (Select all that apply.) Next-generation secure web gateway -Answer-Determine a solution that can combine with a cloud access security broker (CASB) to provide a wholly cloud-hosted platform for client access. Resource policies -Answer-If managed improperly, which of the following would be most detrimental to access management of cloud-based storage resources? Layer 7 -Answer-When implementing a native-cloud firewall, which layer of the Open Systems Interconnection (OSI) model will require the most processing capacity to filter traffic based on content? Dynamic resource allocation -Answer-Which of the following makes it possible for cloud service providers (CSP) to create a virtual instance and container simultaneously? -Namespaces -Control groups -Answer-Which of the following reduces the risk of data exposure between containers on a cloud platform?(Select all that apply.) Storage -Answer-Which aspect of certificate and key management should an administrator practice when trying to prevent the loss of private keys? In the Subject Alternative Name (SAN) -Answer-The system administrator is installing a web server certificate and receives an error indicating the server does not accept wildcard certificates. After examining the certificate, the system admin notices the problem. Determine the specific location where the admin found the problem. Code signing -Answer-Employees have the ability to download certain applications onto their workstations to complete work functions. The CIO enacted a policy to ensure that no modifications to the application have occurred. What method of validation did the CIO implement? Root -Answer-A network administrator is importing a list of certificates from an online source, so that employees can use a chain of trust and communicate securely with public websites. Which type of certificates are the network administrator currently importing? Convert to a .pem file. -Answer-A security engineer must install an X.509 certificate to a computer system, but it is not accepted. The system requires a Base64 encoded format. What must the security engineer execute to properly install this certificate? PFX -Answer-Which certificate format allows the transfer of private keys and is password protected?