Start off the mock exam with a clean sheet of paper and note down the questions that you cannot answer or are guessing at, because you need to revise those areas. When you take this test, follow these instructions:
DO:
- Read the questions carefully. Do not scan. Draw diagrams on questions you are unsure of.
- Rule out the wrong answers to leave the correct answer.
- When you get the answers down to two answers there is a 50-50 chance of being right. Read the question again and look for the finer detail that will make one of those selections a 60-40.
- Flag up for review (top-right of screen) the questions that you don't like. Do not answer them as the review screen shows those items in red. Don't waste time trying to work them out at this stage.
- Before ending your review, go down the columns left to right and ensure all questions have an answer.
- End review—check all questions and answers and then end the exam.
DON'T:
- Scan the questions, especially if English is not your first language
- Second guess yourself
- Change answers
- Re-read the whole exam if you have spare time
Answer the following questions:
1. The network administrator has received a support call from the CEO stating that he cannot download a book from the internet. The publisher is using an FTP server for the book download. The firewall rules are shown as follows:
- Inbound rules
- HTTP port 80 allow
- HTTPS port 443 allow
- DNS port 53 allow
Which of the following options prevents the download? Choose the BEST answer.
a. There is no allow rule for FTP traffic.
b. There is an explicit deny rule.
c. Implicit deny is preventing the download.
d. He needs to change the web browser to support FTP traffic.
2. The network security team have been informed by the customer services department that visitors in the waiting area keep plugging their laptops into a spare wall jack to obtain internet access. The network team realize that this is a security risk. What is the BEST solution to prevent this?
a. Ask customers to hand their laptops into reception when they arrive.
b. Enable 802.1x on the router to prevent internet access.
c. Place a sign in the waiting room.
d. Enable port security on the router to prevent internet access.
e. Enable port security on the switch.
3. A network administrator has just informed the cyber security team that he is going to set up network access control using host health checks without using a quarantined network. Which of the following best describes what will happen if a host is non-compliant?
a. The remote client will not be authenticated.
b. The remote client will be authenticated then the connection will drop.
c. The remote client will be authenticated.
d. The remote client will not be authenticated and the connection will be successful.
4. The network team have just installed another switch into the network and the network traffic is going extremely slowly. What can they do to ensure the traffic has less latency?
a. Use a packet sniffer to identify which traffic is going slowly and deny it access to the network.
b. Use spanning tree protocol to prevent looping.
c. Reduce the number of VLANs on the switch.
d. Use a network load balancer to balance the traffic.
5. The systems administrator went to a local shop for lunch and paid using a contactless payment method. Which of the following connection methods was he using to purchase lunch?
a. Wi-Fi
b. Cellular
c. NFC
d. KFC
e. Bluetooth
6. A network administrator is setting up a new VPN server and is using a CISCO VPN Series 3000 concentrator. What is the purpose of the VPN concentrator?
a. It increases the concurrent connections on the VPN.
b. It allows the VPN to connect to a RADIUS server.
c. It allows the VPN to connect to a TACACS+ server.
d. It establishes the secure sessions for the VPN.
7. Your company network has recently been attacked by remote users. The cyber security team need to use tools that will identify the established sessions so that they can be identified. Which of the following tools will show established sessions? Choose two.
a. Protocol analyzer
b. Netstat
c. Netcat (nc)
d. Tcpdump
8. During an internal audit, users complained that the quality of the videoconferencing has been intermittent. What is the BEST solution to ensure a better videoconferencing experience?
a. Ensure that they are using SRTP instead of RTP.
b. Use a VPN.
c. Put the voice traffic into a VLAN.
d. Use an iSCSi connector.
9. An exchange engineer has recommended that the mail server is upgraded as the current mail protocol does not keep a copy on the server. What mail protocol is being used?
a. POP 3
b. HTTPS
c. TLS
d. IMAP4
e. Webmail
10. The auditor has carried out an inspection of the finance department and has made recommendations, that the file server holding the financial data and the desktops of the financial department should use IPSec to secure the sessions between them. The network administrator has asked the security analyst what mode of IPSec should be used? What did the security analyst recommend?
a. IPSec in tunnel mode
b. IPSec in split tunnel mode
c. IPSec in transport mode
d. IPSec in full tunnel mode
11. What are the similarities and differences between a proxy server and a UTM firewall? Choose all that apply.
a. The proxy server can perform malware inspection.
b. The UTM can perform malware inspection.
c. The proxy server can perform URL filtering.
d. The UTM can perform URL filtering.
e. The proxy server can perform content filtering.
f. The UTM can perform content filtering.
g. The proxy server can perform web page caching.
h. The UTM can perform web page caching.
12. The system administrator has just installed a new finance application onto the financial director's laptop. The application will not run and the event viewer shows an error running the payroll.dll. What is the BEST solution to ensure that the application works?
a. Add the application to the whitelist.
b. Add the application to the blacklist.
c. Add the application's EXE file to the whitelist.
d. Add the DLL binary for the payroll application to the whitelist.
e. Remove the DLL binary for the payroll application from the blacklist.
13. A security administrator installed a new inline NIPS that has been inspecting all traffic flowing through it with great success. A medium sized packet flowing through the inline NIPS could not be inspected. What is the BEST reason that it could not be inspected?
a. The packet was not recognized by the NIPS
b. The packet was encrypted before arriving at the NIPS
c. The NIPS was using the wrong input filter
d. The NIPS had an exception rule for the packet
14. A cyber security team has carried out an audit of the mail server and has recommended that mail between the mail servers must not be monitored or captured by protocol analyzers. The mail must remain confidential. Which of the following protocols should the auditor recommend?
a. POP secure
b. IMAP secure
c. TLS
d. SSL
e. HTTPS
15. A company refurbishes a lecture theatre with state-of-the-art presentation equipment valued at over $25,000. What can the security administrator install to prevent the theft of the equipment from the theatre? Choose the BEST answer.
a. NFC
b. Geolocation
c. Asset tracking
d. Tagging
16. Which of the following authentication systems could allow a user access to a system while creating an access violation?
a. Smart card authentication
b. Username and password authentication
c. Biometric authentication
d. Federation services authenticated
17. The financial director stores credit card information on his laptop. Therefore, the cyber security team have installed full disk encryption to prevent exfiltration of this data. A DLP solution has also been installed to prevent PII and sensitive information such as credit cards from leaving the laptop via USB drive or email. What can be installed on his laptop to prevent remote attacks?
a. HIDS
b. HIPS
c. NIDS
d. NIPS
18. A company is removing its expensive lease line between London and Glasgow sites and is going to replace it with a VPN solution. What type of VPN will they use as a replacement and which mode is the BEST to use? Choose two.
a. L2TP/IPSec
b. IPSec transport mode
c. Always on mode
d. IPSec tunnel mode
e. Site-to-site VPN
f. PPTP VPN
g. SSL VPN
19. A network administrator needs to be alerted when new hosts join the network. Which of the following tools can help them to achieve this? Choose two.
a. HIDS
b. Nmap
c. Netstat
d. NIDS
20. The security administrator needs to purchase a new biometrics authentication system for a multinational corporation. Which of the following products will he decide is the BEST option to purchase?
a. Product A – low FAR
b. Product B – high FAR
c. Product C – high FRR
d. Product D – low FRR
e. Product E – low CER
f. Product F – high CER
21. The cyber security team have been collecting the security logs from all of the servers and network appliances and storing them in a WORM drive. Why have they chosen this type of drive? Select the MOST suitable answer.
a. It can be protected by a password.
b. It is a portable drive that can be locked away at night.
c. It is an industry-standard drive for cyber security.
d. The information cannot be altered.
22. A systems administrator for a large multinational company is replacing 1,000 hard drives from company desktops. Which of the following data sanitation tools should he use to destroy the data on the old hard drives?
a. Pulverizing
b. Degaussing
c. Low-level formatting
d. Shredding
23. A cyber security analyst obtained the following information:
John Scott 5f4dcc3b5aa765d61d8327deb882cf99
Which tool did the cyber security analyst use and what does it represent? Choose two.
a. It is his employee ID.
b. Packet sniffer.
c. Password hash.
d. Hash of his employee ID.
e. Password cracker.
f. Wireless scanner.
24. The backup operator backs up the company data on a daily basis. Which of the following is the fastest backup?
a. Full backup
b. Differential backup
c. Snapshot
d. Incremental backup
25. A SIEM system notifies the system administrator that a computer with a hardened operating system has a vulnerability. When a manual check is done, no vulnerabilities exist. Why is the system producing the wrong information? Choose the BEST two options.
a. The SIEM system is missing some system updates.
b. The SIEM system is using the incorrect input filters.
c. The host-based firewall is preventing monitoring.
d. The SIEM system is producing false negatives.
e. The SIEM system is producing false positives.
26. The cyber security team wish to prevent mobile devices from operating outside of the United Kingdom. What is the best way to achieve this?
a. Geolocation
b. GPS tracking
c. Context-aware authentication
d. All of the above
27. Your company has been very successful and has an enormous volume of web traffic coming to the company's web servers. However, the load balancer has failed and you are waiting for a replacement. What can we use to manage the web traffic coming in until a new load balancer arrives?
a. NAT server
b. Stateful firewall
c. Round robin
d. Stateless firewall
28. You are a systems administrator for a company hosting the G4 summit. Which of the following data sanitation tools should you use to destroy all of the paperwork used in the summit?
a. Shred
b. Burn
c. Pulverize
d. Pulp
29. An auditor from FAST carried out an audit of the company software and made three observations:
|
Product |
Licenses |
In use |
|
A |
100 |
102 |
|
B |
25 |
26 |
|
C |
30 |
41 |
Which of the following BEST describes the auditor's recommendations?
a. Company policy violation
b. Overuse of licenses
c. License compliance violation
d. License compliance warning
30. There has been a number of successful cyber attacks on corporate websites where hackers have managed to steal credit card information. What is the BEST way for your cyber security team to discover the attack methods used?
a. Speak to a company that was attacked
b. Read bulletins from security websites
c. Set up a honeynet
d. Monitor the SQL database holding the information
31. An auditor was carrying out a network audit on the wireless network that was not broadcasting the SSID. He managed to use two different tools to discover the SSID. Which two tools did he use?
a. Tcpdump
b. SSID decloak device
c. Wireless scanner
d. Protocol analyzer
e. Packet sniffer
32. The backup operator backs up the company data on a daily basis. Which of the following is the fastest physical backup?
a. Full backup
b. Differential backup
c. Snapshot
d. Incremental backup
33. The network team have placed the voice traffic in a VLAN so that it is segmented from the rest of the network and has guaranteed bandwidth. The auditor has recommended that the voice traffic should be secured so that it cannot be monitored or captured by a protocol analyzer. Which of the following protocols should the network team select?
a. SCP
b. SFTP
c. SRTP
d. TLS
34. The cyber security team is rolling out new mobile phones that will hold sensitive company data. Which of the following is the BEST solution to protect the phones? Choose three.
a. Context-aware authentication
b. Strong password
c. Device encryption
d. TLS encryption
e. GPS tracking
f. Cable locks
g. Screen locks
35. Which of the following protocols should secure traffic in transit between two mail servers?
a. SSL
b. HTTPS
c. S/MIME
d. TLS
36. A sales person logged into the company VPN to download some files. During the download, the sales person went online to look at the availability for flights for next month. During this session, the company network was hacked by someone gaining access via the web browser. What was the vulnerability that caused the attack?
a. Man-in-the-browser attack
b. Man-in-the-middle attack
c. Split tunneling
d. Session hijacking
37. A member of the sales team managed to connect remotely to the company network, but then a few seconds later his laptop was placed in a quarantined network and was asked to contact the remediation server. Why was this done?
a. The remediation server must scan all incoming traffic to prevent a virus attack.
b. The sales person's password has just expired.
c. Network access control disabled the salesperson's account.
d. The device that the salesperson's logged in with was not fully patched.
38. A small company has only one wireless access point, but today nobody can connect to the network. What tool should the system administrator use to troubleshoot, and why is the wireless access point not working?
a. Protocol analyzer
b. Tcpdump
c. SSID decloak device
d. Wireless scanner
39. A company has over twelve wireless access points that need to be configured centrally. How will this be achieved with the minimum amount of effort?
a. Set up and roll out a group policy.
b. Use a fat wireless controller.
c. Update the wireless controllers using SSH.
d. Use a thin wireless controller.
e. Update the wireless access points using SNMP v 3.
40. A network administrator has just installed a new firewall and finds that traffic cannot flow through it. What is the default setting for a firewall? Choose the BEST two answers.
a. Allow only HTTP and HTTPS traffic.
b. Block all traffic.
c. Allow by exception.
d. The firewall is switched off and needs to be powered on.
41. A cyber security analyst needs to run a scan to discover the hostname, IP address, and missing patches on three separate servers without causing any damage to them. What is the BEST type of scan for him to use?
a. Intrusive scan
b. Non-credentialed scan
c. Credentialed scan
d. Active scan
42. The financial director has notified the IT director that employees have been emailing VISA credit card details to outside agencies. One of the programmers inserted a regular expression into an XML template, so that if any emails matches the following pattern, that mail will automatically get blocked:
^(?:4 [0-9] {12] (?: {0-9] {3} )?
What type of technology is being adopted to prevent the credit card details being emailed out?
a. DLR
b. NFX
c. NFC
d. DLP
43. What do a SIEM server and Kerberos have in common? Choose the BEST answer.
a. They work in real time.
b. You need admin rights to access them.
c. They require time synchronization with the atomic clock.
d. They are both Microsoft products.
44. The network administrator needs to ensure that the data passing through the inline NIPS is decrypted. Which of the following devices will he use to decrypt incoming packets?
a. Load balancer
b. Stateful firewall
c. Proxy server
d. Reverse proxy
e. UTM
f. WAF
45. A salesperson arrives at his hotel at 6:30 pm and realizes that he should have made a credit card payment today. He checks into his room and finds that the free Wi-Fi does not have any encryption. What is the BEST solution that he should take to ensure the payment is as secure as possible? Choose two, each providing part of the solution.
a. Connect to the hotel Wi-Fi.
b. Use a L2TP/IPSec VPN to connect to the credit card portal.
c. Tether his phone to his laptop.
d. Use SSL encryption to connect to the credit card portal.
e. Use a SSL VPN to connect to the credit card portal.
46. Your company has been very successful and has an enormous volume of web traffic coming to the company's web servers. What can you use to help manage the web requests in a timely fashion?
a. NAT server
b. Stateful firewall
c. UTM
d. Load balancer
47. What is the most common method of authentication? Choose two.
a. PIN
b. Password
c. CAC card
d. Username
e. Smart card
f. Biometrics
48. A person at a market stall advertises that he can unlock a mobile and add third-party applications to your phone without the vendor finding out. Which of the following options is he using to achieve this? Choose two.
a. Screen locks
b. Routing/jailbreaking
c. Degaussing
d. Third-party app store
e. Sideloading
49. Your company has been very successful and has an enormous volume of DDoS traffic coming to the company's web servers. What can you use to deal with the DDoS traffic? Choose the best answer.
a. NAT server
b. Stateful firewall
c. Load balancer
d. UTM
50. A network technician is going to set up a L2TP/IPSec VPN so that salespeople can remotely connect to the company offices. He needs to set up the VPN with the most secure protocol and the appropriate mode for its purpose. Which mode and encryption level with be used? Choose two.
a. IPS transport mode
b. Always on mode
c. IPSec tunnel mode
d. 3DES
e. AES
f. RS