CCBC DCOM 258 MIDTERM EXAM QUESTIONS
A system administrator needs secure remote access into a Linux server. Evaluate the
types of remote administration to recommend which protocol should be used in this
situation - Answers - Secure Shell (SSH)
A technician is configuring Internet Protocol Security (IPSec) for communications over a
Virtual Private Network (VPN). Evaluate the features of available modes and
recommend the best option for implementation - Answers - Tunnel mode because the
whole IP packet is encrypted, and a new IP header is added
A system administrator is setting up a new Simple Mail Transfer Protocol (SMTP)
configuration. Make recommendations for how the administrator should configure the
ports. (Select all that apply.) - Answers - Port 25 should be used for message relay
Port 465 should be used for message submission over implicit TLS
A system administrator needs to implement a secure remote administration protocol and
would like more information on Telnet. Evaluate and select the features of Telnet that
the administrator should consider to accomplish this task. (Select all that apply.) -
Answers - Telnet does not support direct file transfer
Telnet uses TCP port 23
Analyze the methods for authentication to a Secure Shell (SSH) and determine which
statement best summarizes the host-based authentication method. - Answers - The
client sends a request for authentication and the server generates a challenge with the
public key
Transport layer security (TLS) version 1.3 improves upon a vulnerability in TLS1.2.
Which statement correctly describes a remedy for this vulnerability? - Answers - TLS
version 1.3 removes the ability to downgrade to weaker
encryption ciphers and earlier versions of transport layer
security.
If an administrator in an exchange server needs to send digitally signed and encrypted
messages, what messaging implementation will best suit the administrator's needs? -
Answers - Secure/Multipurpose Internet Mail Extensions (S/MIME)
A system administrator is configuring a new Dynamic Host Configuration Protocol
(DHCP) server. Analyze the types of attacks DHCP servers are prone to and determine
which steps the system administrator should take to protect the server. (Select all that
apply.) - Answers - Disable unused ports and perform regular physical inspections to
look for unauthorized devices.
Use scanning and intrusion detection to pick up suspicious activity.
, Enable logging and review the logs for suspicious events.
An organization routinely communicates directly to a partner company via a domain
name. The domain name now leads to a fraudulent site for all users. Systems
administrators find incorrect host records in DNS. What do the administrators believe to
be the root cause? - Answers - An attacker masquerades as an authoritative name
server.
When a company attempts to re-register their domain name, they find that an attacker
has supplied false credentials to the domain registrar and redirected their host records
to a different IP address. What type of attack has occurred? - Answers - Domain
hijacking
Compare and evaluate the various levels and types of platform security to conclude
which option applies to a hardware Trusted Platform Module (TPM) - Answers - Digital
certificates, keys, and hashed passwords are maintained in hardware-based storage.
Evaluate approaches to applying patch management updates to select the accurate
statement. - Answers - Operating System major release updates are known to
frequently cause problems with software application compatibility.
Evaluate the features and vulnerabilities found in medical devices and then select the
accurate statements. (Select all that apply.) - Answers - Main portable devices, such
as cardiac monitors and insulin pumps, run on unsupported operating systems.
Attackers may attempt to gain access in order to kill or injure patients, or hold medical
units ransom.
Contrast vendor support for products and services at the end of their life cycle. Which of
the following statements describes the difference between support available during the
end of life (EOL) phase and end of service life (EOSL) phase? - Answers - During the
end of life (EOL) phase, manufacturers provide limited support, updates, and spare
parts. In the end of service life (EOSL), developers or vendors no longer support the
product and no longer push security updates.
The network manager should ensure all patches are applied and it is appropriately
configured. - Answers - A network manager is installing a new switch on the network.
Which option does the manager use to harden network security after installation?
Compare the features of static and dynamic computing environments and then select
the accurate statements. (Select all that apply.) - Answers - Dynamic computing
environments are easier to update than static computing environments.
Embedded systems are typically static computing environments, while most personal
computers are dynamic computing environments.
A system administrator needs secure remote access into a Linux server. Evaluate the
types of remote administration to recommend which protocol should be used in this
situation - Answers - Secure Shell (SSH)
A technician is configuring Internet Protocol Security (IPSec) for communications over a
Virtual Private Network (VPN). Evaluate the features of available modes and
recommend the best option for implementation - Answers - Tunnel mode because the
whole IP packet is encrypted, and a new IP header is added
A system administrator is setting up a new Simple Mail Transfer Protocol (SMTP)
configuration. Make recommendations for how the administrator should configure the
ports. (Select all that apply.) - Answers - Port 25 should be used for message relay
Port 465 should be used for message submission over implicit TLS
A system administrator needs to implement a secure remote administration protocol and
would like more information on Telnet. Evaluate and select the features of Telnet that
the administrator should consider to accomplish this task. (Select all that apply.) -
Answers - Telnet does not support direct file transfer
Telnet uses TCP port 23
Analyze the methods for authentication to a Secure Shell (SSH) and determine which
statement best summarizes the host-based authentication method. - Answers - The
client sends a request for authentication and the server generates a challenge with the
public key
Transport layer security (TLS) version 1.3 improves upon a vulnerability in TLS1.2.
Which statement correctly describes a remedy for this vulnerability? - Answers - TLS
version 1.3 removes the ability to downgrade to weaker
encryption ciphers and earlier versions of transport layer
security.
If an administrator in an exchange server needs to send digitally signed and encrypted
messages, what messaging implementation will best suit the administrator's needs? -
Answers - Secure/Multipurpose Internet Mail Extensions (S/MIME)
A system administrator is configuring a new Dynamic Host Configuration Protocol
(DHCP) server. Analyze the types of attacks DHCP servers are prone to and determine
which steps the system administrator should take to protect the server. (Select all that
apply.) - Answers - Disable unused ports and perform regular physical inspections to
look for unauthorized devices.
Use scanning and intrusion detection to pick up suspicious activity.
, Enable logging and review the logs for suspicious events.
An organization routinely communicates directly to a partner company via a domain
name. The domain name now leads to a fraudulent site for all users. Systems
administrators find incorrect host records in DNS. What do the administrators believe to
be the root cause? - Answers - An attacker masquerades as an authoritative name
server.
When a company attempts to re-register their domain name, they find that an attacker
has supplied false credentials to the domain registrar and redirected their host records
to a different IP address. What type of attack has occurred? - Answers - Domain
hijacking
Compare and evaluate the various levels and types of platform security to conclude
which option applies to a hardware Trusted Platform Module (TPM) - Answers - Digital
certificates, keys, and hashed passwords are maintained in hardware-based storage.
Evaluate approaches to applying patch management updates to select the accurate
statement. - Answers - Operating System major release updates are known to
frequently cause problems with software application compatibility.
Evaluate the features and vulnerabilities found in medical devices and then select the
accurate statements. (Select all that apply.) - Answers - Main portable devices, such
as cardiac monitors and insulin pumps, run on unsupported operating systems.
Attackers may attempt to gain access in order to kill or injure patients, or hold medical
units ransom.
Contrast vendor support for products and services at the end of their life cycle. Which of
the following statements describes the difference between support available during the
end of life (EOL) phase and end of service life (EOSL) phase? - Answers - During the
end of life (EOL) phase, manufacturers provide limited support, updates, and spare
parts. In the end of service life (EOSL), developers or vendors no longer support the
product and no longer push security updates.
The network manager should ensure all patches are applied and it is appropriately
configured. - Answers - A network manager is installing a new switch on the network.
Which option does the manager use to harden network security after installation?
Compare the features of static and dynamic computing environments and then select
the accurate statements. (Select all that apply.) - Answers - Dynamic computing
environments are easier to update than static computing environments.
Embedded systems are typically static computing environments, while most personal
computers are dynamic computing environments.
