March 25
Security+ Certmaster CE test 3 Complete Questions and
Correct Detailed Answers (Verified Answers)
An authoritative Domain Name System (DNS) server for a zone creates a Resource
Records Set (RRSet) signed with a zone signing key. What is the result of this action?
Ans: DNS Security Extensions
The administrator in an Exchange Server needs to send digitally signed and
encrypted messages. What should the administrator use?
Ans: S/MIME
An organization uses a Session Initiation Protocol (SIP) endpoint for establishing
communications with remote branch offices. Which of the following protocols will
provide encryption for streaming data during the call?
Ans: SRTP
A web server will utilize a directory protocol to enable users to authenticate with
domain credentials. A certificate will be issued to the server to set up a secure tunnel.
Which protocol is ideal for this situation?
Ans: LDAPS
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote
access server listening on port 443 to encrypt traffic with a client machine. An IPSec
pg. 1
, March 25
(Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts
only the payload of the IP packet. The other mode encrypts the whole IP packet
(header and payload). What are these two modes? (Select all that apply.)
Ans: -Tunnel
-Transport
Consider the principles of web server hardening and determine which actions a
system administrator should take when deploying a new web server in a
demilitarized zone (DMZ). (Select all that apply.)
Ans: -Establish a guest zone
-Upload files using SSH
-Use configuration templates
Which of the following protocols would secure a tunnel for credential exchange
using port 636?
Ans: LDAPS
Implementing Lightweight Directory Access Protocol Secure (LDAPS) on a web server
secures direct queries to which of the following?
Ans: Directory services
Select the vulnerabilities that can influence routing. (Select all that apply.)
pg. 2
, March 25
Ans: -Source routing
-Route injection
-Software exploits
Management has set up a feed or subscription service to inform users on regular
updates to the network and its various systems and services. The feed is only
accessible from the internal network. What else can systems administrators do to
limit the service to internal access?
Ans: Provision SSO access.
A small organization operates several virtual servers in a single host environment.
The physical network utilizes a physical firewall with NIDS for security. What would be
the benefits of installing a Host Intrusion Prevention System (HIPS) at the end points?
(Select all that apply.)
Ans: -Prevent malicious traffic between VMs
-Protection from zero day attacks
Which of the following provides attestation and is signed by a trusted platform
module (TPM)?
Ans: Measured boot
pg. 3
Security+ Certmaster CE test 3 Complete Questions and
Correct Detailed Answers (Verified Answers)
An authoritative Domain Name System (DNS) server for a zone creates a Resource
Records Set (RRSet) signed with a zone signing key. What is the result of this action?
Ans: DNS Security Extensions
The administrator in an Exchange Server needs to send digitally signed and
encrypted messages. What should the administrator use?
Ans: S/MIME
An organization uses a Session Initiation Protocol (SIP) endpoint for establishing
communications with remote branch offices. Which of the following protocols will
provide encryption for streaming data during the call?
Ans: SRTP
A web server will utilize a directory protocol to enable users to authenticate with
domain credentials. A certificate will be issued to the server to set up a secure tunnel.
Which protocol is ideal for this situation?
Ans: LDAPS
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote
access server listening on port 443 to encrypt traffic with a client machine. An IPSec
pg. 1
, March 25
(Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts
only the payload of the IP packet. The other mode encrypts the whole IP packet
(header and payload). What are these two modes? (Select all that apply.)
Ans: -Tunnel
-Transport
Consider the principles of web server hardening and determine which actions a
system administrator should take when deploying a new web server in a
demilitarized zone (DMZ). (Select all that apply.)
Ans: -Establish a guest zone
-Upload files using SSH
-Use configuration templates
Which of the following protocols would secure a tunnel for credential exchange
using port 636?
Ans: LDAPS
Implementing Lightweight Directory Access Protocol Secure (LDAPS) on a web server
secures direct queries to which of the following?
Ans: Directory services
Select the vulnerabilities that can influence routing. (Select all that apply.)
pg. 2
, March 25
Ans: -Source routing
-Route injection
-Software exploits
Management has set up a feed or subscription service to inform users on regular
updates to the network and its various systems and services. The feed is only
accessible from the internal network. What else can systems administrators do to
limit the service to internal access?
Ans: Provision SSO access.
A small organization operates several virtual servers in a single host environment.
The physical network utilizes a physical firewall with NIDS for security. What would be
the benefits of installing a Host Intrusion Prevention System (HIPS) at the end points?
(Select all that apply.)
Ans: -Prevent malicious traffic between VMs
-Protection from zero day attacks
Which of the following provides attestation and is signed by a trusted platform
module (TPM)?
Ans: Measured boot
pg. 3
