March 25
Certmaster CE Security + Complete Questions and Correct
Detailed Answers (Verified Answers)
An authoritative Domain Name System (DNS) server for a zone creates a Resource
Records Set (RRSet) signed with a zone signing key. What is the result of this action?
Ans: DNS Security Extensions
A cloud service provider (CSP) dashboard provides a view of all applicable logs for
cloud resources and services. When examining the application programming
interface (API) logs, the cloud engineer sees some odd metrics. Which of the
following are examples that the engineer would have concerns for? (Select all that
apply.)
Ans: Spike in API calls
&
78% average error rate
A company would like to deploy a software service to monitor traffic and enforce
security policies in their cloud environment. What tool should the company consider
using?
Ans: CASB
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote
access server listening on port 443 to encrypt traffic with a client machine. An IPSec
pg. 1
, March 25
(Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts
only the payload of the IP packet. The other mode encrypts the whole IP packet
(header and payload). What are these two modes? (Select all that apply.)
Ans: Tunnel
&
Transport
If managed improperly, which of the following would be most detrimental to access
management of cloud-based storage resources?
Ans: Resource policies
Which of the following is used to review application code for signatures of known
issues before it is packaged as an executable?
Ans: Static code analysis
A security engineer must install an X.509 certificate to a computer system, but it is
not accepted. The system requires a Base64 encoded format. What must the security
engineer execute to properly install this certificate?
Ans: Convert to a .pem file.
pg. 2
, March 25
Cloud service providers make services available around the world through a variety
of methods. The concept of a zone assumes what type of service level? (Select all
that apply.)
Ans: Regional replication
&
High availability
Which of the following reduces the risk of data exposure between containers on a
cloud platform?(Select all that apply.)
Ans: Namespaces
&
Control groups
There are several ways to check on the status of an online certificate, but some
introduce privacy concerns. Consider how each of the following is structured, and
select the option with the best ability to hide the identity of the certificate status
requestor.
Ans: OCSP stapling
An administrator navigates to the Windows Firewall with Advanced Security. The
inbound rules show a custom rule, which assigned the action, "Allow the connection"
pg. 3
Certmaster CE Security + Complete Questions and Correct
Detailed Answers (Verified Answers)
An authoritative Domain Name System (DNS) server for a zone creates a Resource
Records Set (RRSet) signed with a zone signing key. What is the result of this action?
Ans: DNS Security Extensions
A cloud service provider (CSP) dashboard provides a view of all applicable logs for
cloud resources and services. When examining the application programming
interface (API) logs, the cloud engineer sees some odd metrics. Which of the
following are examples that the engineer would have concerns for? (Select all that
apply.)
Ans: Spike in API calls
&
78% average error rate
A company would like to deploy a software service to monitor traffic and enforce
security policies in their cloud environment. What tool should the company consider
using?
Ans: CASB
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote
access server listening on port 443 to encrypt traffic with a client machine. An IPSec
pg. 1
, March 25
(Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts
only the payload of the IP packet. The other mode encrypts the whole IP packet
(header and payload). What are these two modes? (Select all that apply.)
Ans: Tunnel
&
Transport
If managed improperly, which of the following would be most detrimental to access
management of cloud-based storage resources?
Ans: Resource policies
Which of the following is used to review application code for signatures of known
issues before it is packaged as an executable?
Ans: Static code analysis
A security engineer must install an X.509 certificate to a computer system, but it is
not accepted. The system requires a Base64 encoded format. What must the security
engineer execute to properly install this certificate?
Ans: Convert to a .pem file.
pg. 2
, March 25
Cloud service providers make services available around the world through a variety
of methods. The concept of a zone assumes what type of service level? (Select all
that apply.)
Ans: Regional replication
&
High availability
Which of the following reduces the risk of data exposure between containers on a
cloud platform?(Select all that apply.)
Ans: Namespaces
&
Control groups
There are several ways to check on the status of an online certificate, but some
introduce privacy concerns. Consider how each of the following is structured, and
select the option with the best ability to hide the identity of the certificate status
requestor.
Ans: OCSP stapling
An administrator navigates to the Windows Firewall with Advanced Security. The
inbound rules show a custom rule, which assigned the action, "Allow the connection"
pg. 3
