Exam Questions and CORRECT Answers
Vulnerability Scanner - CORRECT ANSWER - An application that identifies security
issues on a network and gives suggestions on how to prevent the issues. A management control
type.
Port Scanner - CORRECT ANSWER - An application that identifies ports and services
that are at risk on a network.
IDS - CORRECT ANSWER - An application that detects when network intrusions occur
and identifies the appropriate personnel..
Virus Scanner - CORRECT ANSWER - An application that protects a system against
viruses.
NAT Server - CORRECT ANSWER - Presents public IP addresses to the internet on
behalf of computers on a private network.
Proxy Server - CORRECT ANSWER - Can be used to enable hosts to access Internet
resources. Can increase the performance of a network by cachig Web pages, which can reduce
the amount of time required for clients to access Web pages.
Isolation Mode - CORRECT ANSWER - Ensures that wireless clients can only
communicate with the wireless access point and not with other wireless clients.
PEAP - CORRECT ANSWER - Protected Extensible Authentication Protocol. A secure
password-based authentication protocol created to simplify secure authentication.
LEAP - CORRECT ANSWER - Lightweight Extensible Authentication Protocol. An
authentication protocol used exclusively by Cisco.
, RAID Level 0 - CORRECT ANSWER - Disk striping. Stripes data across the drives to
improve disk read/write efficiency. Does not provide redundancy.
RAID Level 1 - CORRECT ANSWER - Disk mirroring or disk duplexing. Any data
written to disk one is also written to disk two. Provides redundancy.
RAID Level 5 - CORRECT ANSWER - Disk striping with parity and data across all disks
in the array. Requires at least three hard disks.
Protection against PBX attacks - CORRECT ANSWER - Turn off remote maintenance
features when not needed. Use strong authentication on the remote maintenance ports. Keep
PBX terminals in a locked, restricted area. Replace or disable embedded logins and passwords.
Technical Controls - CORRECT ANSWER - Used to restrict data access and operating
system components, security applications, network devices, protocols, and encryption
techniques. Include all authentication mechanisms.
Detective Controls - CORRECT ANSWER - Used to detect intrusion when it occurs.
Preventative Controls - CORRECT ANSWER - Used to prevent intrusion before it occurs.
Administrative/Management Controls - CORRECT ANSWER - Dictates how security
policies are implemented to fulfill the company's security goals.
Physical/Operation controls - CORRECT ANSWER - Implemented to secure physical
access to an object.
Bit-level copy of original disk - CORRECT ANSWER - Making a copy at the sector level
to cover every part of the area that can store user data. Preferred for forensic investigation.