Certmaster CE Security + Exam Questions and Answers Latest Update 2025
An authoritative Domain Name System (DNS) server for a zone creates a Resource Records Set (RRSet)
signed with a zone signing key. What is the result of this action? - Answers DNS Security Extensions
A cloud service provider (CSP) dashboard provides a view of all applicable logs for cloud resources and
services. When examining the application programming interface (API) logs, the cloud engineer sees
some odd metrics. Which of the following are examples that the engineer would have concerns for?
(Select all that apply.) - Answers Spike in API calls
&
78% average error rate
A company would like to deploy a software service to monitor traffic and enforce security policies in
their cloud environment. What tool should the company consider using? - Answers CASB
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote access server listening
on port 443 to encrypt traffic with a client machine. An IPSec (Internet Protocol Security) VPN can
deliver traffic in two modes. One mode encrypts only the payload of the IP packet. The other mode
encrypts the whole IP packet (header and payload). What are these two modes? (Select all that apply.) -
Answers Tunnel
&
Transport
If managed improperly, which of the following would be most detrimental to access management of
cloud-based storage resources? - Answers Resource policies
Which of the following is used to review application code for signatures of known issues before it is
packaged as an executable? - Answers Static code analysis
A security engineer must install an X.509 certificate to a computer system, but it is not accepted. The
system requires a Base64 encoded format. What must the security engineer execute to properly install
this certificate? - Answers Convert to a .pem file.
Cloud service providers make services available around the world through a variety of methods. The
concept of a zone assumes what type of service level? (Select all that apply.) - Answers Regional
replication
&
High availability
, Which of the following reduces the risk of data exposure between containers on a cloud platform?
(Select all that apply.) - Answers Namespaces
&
Control groups
There are several ways to check on the status of an online certificate, but some introduce privacy
concerns. Consider how each of the following is structured, and select the option with the best ability to
hide the identity of the certificate status requestor. - Answers OCSP stapling
An administrator navigates to the Windows Firewall with Advanced Security. The inbound rules show a
custom rule, which assigned the action, "Allow the connection" to all programs, all protocols, and all
ports with a scope of 192.168.0.0/24. This is an example of what type of security setting? - Answers ACL
What are the differences between WPA and WPA2? (Select all that apply.) - Answers Unlike WPA, WPA2
supports an encryption algorithm based on the Advanced Encryption Standard (AES) instead of the
version of RC4 "patched" with the Temporal Key Integrity Protocol (TKIP).
&
Unlike WPA, WPA2 uses the Advanced Encryption Standard (AES) cipher with 128-bit keys.
A network analyst reviews risks associated with certificates traveling across a SSL/TLS. What refers to
several techniques that can be used to ensure that when a client inspects the certificate presented by a
server or a code-signed application, it is inspecting the proper certificate? - Answers Use Certificate
Pinning
Which wireless configurations provide the most up-to-date and secure way of connecting wireless
devices to an office or home network? (Select all that apply.) - Answers WPA3
&
SAE
An administrator deploys a basic network intrusion detection system (NIDS) device to identify known
attacks. What detection method does this device use? - Answers Signature-based
Which of the following provides attestation and is signed by a trusted platform module (TPM)? -
Answers Measured boot
A support technician reviews a computer's boot integrity capabilities and discovers that the system
supports a measured boot process. Which statement accurately describes a part of this process? -
Answers Measured boot will record the presence of unsigned kernel-level code.
An authoritative Domain Name System (DNS) server for a zone creates a Resource Records Set (RRSet)
signed with a zone signing key. What is the result of this action? - Answers DNS Security Extensions
A cloud service provider (CSP) dashboard provides a view of all applicable logs for cloud resources and
services. When examining the application programming interface (API) logs, the cloud engineer sees
some odd metrics. Which of the following are examples that the engineer would have concerns for?
(Select all that apply.) - Answers Spike in API calls
&
78% average error rate
A company would like to deploy a software service to monitor traffic and enforce security policies in
their cloud environment. What tool should the company consider using? - Answers CASB
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote access server listening
on port 443 to encrypt traffic with a client machine. An IPSec (Internet Protocol Security) VPN can
deliver traffic in two modes. One mode encrypts only the payload of the IP packet. The other mode
encrypts the whole IP packet (header and payload). What are these two modes? (Select all that apply.) -
Answers Tunnel
&
Transport
If managed improperly, which of the following would be most detrimental to access management of
cloud-based storage resources? - Answers Resource policies
Which of the following is used to review application code for signatures of known issues before it is
packaged as an executable? - Answers Static code analysis
A security engineer must install an X.509 certificate to a computer system, but it is not accepted. The
system requires a Base64 encoded format. What must the security engineer execute to properly install
this certificate? - Answers Convert to a .pem file.
Cloud service providers make services available around the world through a variety of methods. The
concept of a zone assumes what type of service level? (Select all that apply.) - Answers Regional
replication
&
High availability
, Which of the following reduces the risk of data exposure between containers on a cloud platform?
(Select all that apply.) - Answers Namespaces
&
Control groups
There are several ways to check on the status of an online certificate, but some introduce privacy
concerns. Consider how each of the following is structured, and select the option with the best ability to
hide the identity of the certificate status requestor. - Answers OCSP stapling
An administrator navigates to the Windows Firewall with Advanced Security. The inbound rules show a
custom rule, which assigned the action, "Allow the connection" to all programs, all protocols, and all
ports with a scope of 192.168.0.0/24. This is an example of what type of security setting? - Answers ACL
What are the differences between WPA and WPA2? (Select all that apply.) - Answers Unlike WPA, WPA2
supports an encryption algorithm based on the Advanced Encryption Standard (AES) instead of the
version of RC4 "patched" with the Temporal Key Integrity Protocol (TKIP).
&
Unlike WPA, WPA2 uses the Advanced Encryption Standard (AES) cipher with 128-bit keys.
A network analyst reviews risks associated with certificates traveling across a SSL/TLS. What refers to
several techniques that can be used to ensure that when a client inspects the certificate presented by a
server or a code-signed application, it is inspecting the proper certificate? - Answers Use Certificate
Pinning
Which wireless configurations provide the most up-to-date and secure way of connecting wireless
devices to an office or home network? (Select all that apply.) - Answers WPA3
&
SAE
An administrator deploys a basic network intrusion detection system (NIDS) device to identify known
attacks. What detection method does this device use? - Answers Signature-based
Which of the following provides attestation and is signed by a trusted platform module (TPM)? -
Answers Measured boot
A support technician reviews a computer's boot integrity capabilities and discovers that the system
supports a measured boot process. Which statement accurately describes a part of this process? -
Answers Measured boot will record the presence of unsigned kernel-level code.
