CERTMASTER CE SECURITY EXAM
QUESTIONS WITH ALL CORRECT
ANSWERS
What are the benefits of using Wi-Fi heat maps for wireless networks? (Select all that
apply.) -Answer-Survey a site for signal strength
&
Determine where to place access points
A cyber analyst is drafting a memorandum on the impacts of exposures tied to
successful attacks and route security. What are the vulnerabilities associated with route
security? (Select all that apply.) -Answer-Source Routing
&
Route injection
&
Software exploits
A network administrator set up a basic packet-filtering firewall using an open-source
application running on a Linux virtual machine. The immediate benefit of this
deployment is the quick configuration of basic firewall rules. What are the key functions
that stateless and stateful firewalls provide to secure a network? (Select all that apply.) -
Answer-Block TCP ports
&
Allow network protocols
A new cloud service provider (CSP) leases resources to multiple organizations (or
customers) around the world. Each customer is independent and does not share the
same logical cloud storage resource. The customers use an on-demand payment plan.
Which cloud model is the CSP most likely providing to its customers? -Answer-Public
cloud
In a Public Key Infrastructure (PKI), which option best describes how users and multiple
Certificate Authorities (CA) interact with each other in a large environment? -Answer-
Trust model
A developer writes code for a new application, and wants to ensure protective
countermeasures against the execution of SQL injection attacks. What secure coding
technique will provide this? -Answer-Input validation
An organization moves its data to the cloud. Engineers utilize regional replication to
protect data. Review the descriptions and conclude which ones apply to this
, configuration. (Select all that apply.) -Answer-A solution that is known as zone-
redundant storage.
&
Access is available if a single data center is destroyed.
Which of the following protocols would secure a tunnel for credential exchange using
port 636? -Answer-LDAPS
Which certificate format allows the transfer of private keys and is password protected? -
Answer-PFX
When implementing a native-cloud firewall, which layer of the Open Systems
Interconnection (OSI) model will require the most processing capacity to filter traffic
based on content? -Answer-Layer 7
A public key infrastructure (PKI) is being set up for a logistics company, utilizing
OpenSSL hosted on Red Hat Enterprise Linux. Which of the following commands can
the team use, when setting up the PKI, to create an encrypted RSA private key? -
Answer-openssl genrsa -aes256 -out server.key 2048
A large firm requires better control over mobile users' access to business applications in
the cloud. This will require single-sign on and support for different device types. What
solution should the company consider using? -Answer-CASB
A network administrator is importing a list of certificates from an online source, so that
employees can use a chain of trust and communicate securely with public websites.
Which type of certificates are the network administrator currently importing? -Answer-
Root
A company with archived and encrypted data looks to archive the associated private
keys needed for decryption. The keys should be externally archived and heavily
guarded. Which option should the company use? -Answer-Key escrow
A web administrator notices a few security vulnerabilities that need to be addressed on
the company Intranet site. The portal must force a secure browsing connection, mitigate
script injection, and prevent caching on shared client devices. Determine the secure
options to set on the web server's response headers. (Select all that apply.) -Answer-
B.HTTP Strict Transport Security (HSTS)
&
C.Content Security Policy (CSP)
&
D.Cache-Control
An organization uses a Session Initiation Protocol (SIP) endpoint for establishing
communications with remote branch offices. Which of the following protocols will
provide encryption for streaming data during the call? -Answer-SRTP
QUESTIONS WITH ALL CORRECT
ANSWERS
What are the benefits of using Wi-Fi heat maps for wireless networks? (Select all that
apply.) -Answer-Survey a site for signal strength
&
Determine where to place access points
A cyber analyst is drafting a memorandum on the impacts of exposures tied to
successful attacks and route security. What are the vulnerabilities associated with route
security? (Select all that apply.) -Answer-Source Routing
&
Route injection
&
Software exploits
A network administrator set up a basic packet-filtering firewall using an open-source
application running on a Linux virtual machine. The immediate benefit of this
deployment is the quick configuration of basic firewall rules. What are the key functions
that stateless and stateful firewalls provide to secure a network? (Select all that apply.) -
Answer-Block TCP ports
&
Allow network protocols
A new cloud service provider (CSP) leases resources to multiple organizations (or
customers) around the world. Each customer is independent and does not share the
same logical cloud storage resource. The customers use an on-demand payment plan.
Which cloud model is the CSP most likely providing to its customers? -Answer-Public
cloud
In a Public Key Infrastructure (PKI), which option best describes how users and multiple
Certificate Authorities (CA) interact with each other in a large environment? -Answer-
Trust model
A developer writes code for a new application, and wants to ensure protective
countermeasures against the execution of SQL injection attacks. What secure coding
technique will provide this? -Answer-Input validation
An organization moves its data to the cloud. Engineers utilize regional replication to
protect data. Review the descriptions and conclude which ones apply to this
, configuration. (Select all that apply.) -Answer-A solution that is known as zone-
redundant storage.
&
Access is available if a single data center is destroyed.
Which of the following protocols would secure a tunnel for credential exchange using
port 636? -Answer-LDAPS
Which certificate format allows the transfer of private keys and is password protected? -
Answer-PFX
When implementing a native-cloud firewall, which layer of the Open Systems
Interconnection (OSI) model will require the most processing capacity to filter traffic
based on content? -Answer-Layer 7
A public key infrastructure (PKI) is being set up for a logistics company, utilizing
OpenSSL hosted on Red Hat Enterprise Linux. Which of the following commands can
the team use, when setting up the PKI, to create an encrypted RSA private key? -
Answer-openssl genrsa -aes256 -out server.key 2048
A large firm requires better control over mobile users' access to business applications in
the cloud. This will require single-sign on and support for different device types. What
solution should the company consider using? -Answer-CASB
A network administrator is importing a list of certificates from an online source, so that
employees can use a chain of trust and communicate securely with public websites.
Which type of certificates are the network administrator currently importing? -Answer-
Root
A company with archived and encrypted data looks to archive the associated private
keys needed for decryption. The keys should be externally archived and heavily
guarded. Which option should the company use? -Answer-Key escrow
A web administrator notices a few security vulnerabilities that need to be addressed on
the company Intranet site. The portal must force a secure browsing connection, mitigate
script injection, and prevent caching on shared client devices. Determine the secure
options to set on the web server's response headers. (Select all that apply.) -Answer-
B.HTTP Strict Transport Security (HSTS)
&
C.Content Security Policy (CSP)
&
D.Cache-Control
An organization uses a Session Initiation Protocol (SIP) endpoint for establishing
communications with remote branch offices. Which of the following protocols will
provide encryption for streaming data during the call? -Answer-SRTP
