Exam 3: Strengthening the Network

An automobile manufacturer has created a new application that needs to be accessible only by its authorized dealership franchisees. What type of configuration would best provide access to the dealerships while protecting it from unauthorized public access?

A system administrator is looking for solutions to distract any intrudersthat make it past the company's perimeter protections. This would give the security team more time to respond. Which of the following might the system administrator choose to deploy to meet this goal?

A security specialist has been hired to find ways to harden an organization's infrastructure. One of the organization's concerns is that if someone gained physical access to the building, there are no detective controls installed. Which of the following might the company choose to implement to correct the security specialist's concerns?

Which of the following would be the result of a user with the IP address of 10.15.30.45 attempting to access a website located at 10.20.30.40 if a router or firewall is located between the two subnets using the extended ACL below? 10 PERMIT IP ANY ANY 20 PERMIT TCP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 25 20 PERMIT TCP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 143 30 DENY IP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 80 40 DENY IP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 443

A network engineer is designing a new subnet to be deployed in the neighboring building that her organization just purchased. She wants to ensure that certain protocols are not allowed to communicate between the existing subnets and the new subnet. Which of the following should the network engineer configure on the router connecting the two buildings?

The security administrator is configuring a new technology that will analyze incoming traffic to determine whether it is malicious or an intrusion of any sort. If it is, the system will automatically create a rule to redirect traffic to another network where the traffic can be analyzed. Which of the following terms describes the technology that the security administrator has implemented?

A security engineer has found that an industrial control system used in one of his company's manufacturing plants has a vulnerability that could halt production in the entire plant if exploited. The ICS doesn't need to be accessible from the Internet-it should only be accessed from the control room located within the same building. Which of the following could be implemented as the most effective way to prevent this system from being discovered and exploited?

A solutions architect has designed a new web-based application that will be hosted on a cloud service provider. The web server will be publicly accessible, and the database server it uses will be located in a private subnet that is only accessible from the subnet where the public-facing web server is located. The database server will not be accessible directly from the Internet. Which of the following might the solutions architect implement in order to manage and maintain the database server?

A user is trying to log into a system and receives the error message below. Which of the following types of access control is the organization most likely using? Error: You are not allowed to access this resource. Your access: Confidential. Required: Secret. All attempts to access this resource are logged.Please contact the administrator if you believe this message to be in error.

The security administrator for a large organization wants to prevent customer service employees from being able to access control panels or command prompts. Which of the following could the security administrator implement in order to accomplish this goal?

A system administrator is auditing the accounts on a Windows computer and sees the following output from a command issued at the CLI. Which of the following describes the string of characters beside each username? Administrator S-1-5-21-3108310220-2736563938-1271586134-500 David S-1-5-21-3108310220-2736563938-1271586134-1001 John S-1-5-21-3108310220-2736563938-1271586134-1002 Natalie S-1-5-21-3108310220-2736563938-1271586134-1003 Mark S-1-5-21-3108310220-2736563938-1271586134-1004 Guest S-1-5-21-3108310220-2736563938-1271586134-501

A network administrator has just configured 802.1x for the wired network within her company's building. She has already configured the switches to verify credentials of the computers that request permission to connect. Which of the following does she need to configure on the client devices?

A solutions architect is designing a new application and the server requirements to support the application. She has specified that the application should be run on a Linux server and that it needs to use the mandatory access control model. Which of the following should be enabled to implement MAC?

A system administrator has just been hired at a company that has been experiencing rapid growth in its second year of operation. When the company began, users were simply given permissions for the files or directories to which they needed access by the owners of the files and directories. Which of the following should the system administrator recommend to accommodate this new growth?

The IT management team at an organization has just created a new policy that requires guests to be given authentication credentials through a sponsoring process in order to join the wireless network. Which of the following is most likely to be chosen as the solution to implement this new policy?