Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 3: Strengthening the Network

Full screen (f)
exit full mode
Question
A network administrator has just configured 802.1x for the wired network within her company's building. She has already configured the switches to verify credentials of the computers that request permission to connect. Which of the following does she need to configure on the client devices?

A) Authenticator
B) Resource
C) Registrant
D) Supplicant
Use Space or
up arrow
down arrow
to flip the card.
Question
The IT management team at an organization has just created a new policy that requires guests to be given authentication credentials through a sponsoring process in order to join the wireless network. Which of the following is most likely to be chosen as the solution to implement this new policy?

A) Authenticate all wireless network users by using 802.1x backed by a RADIUS server.
B) Require the use of 802.3af across the entire wireless network.
C) Configure 802.3a for the wireless network backed by XTACACS.
D) Authenticate all wireless network users by using 802.3at backed by TACACS+.
Question
A solutions architect has designed a new web-based application that will be hosted on a cloud service provider. The web server will be publicly accessible, and the database server it uses will be located in a private subnet that is only accessible from the subnet where the public-facing web server is located. The database server will not be accessible directly from the Internet. Which of the following might the solutions architect implement in order to manage and maintain the database server?

A) DMZ
B) Jump box
C) 802.1Q
D) NAC
Question
An automobile manufacturer has created a new application that needs to be accessible only by its authorized dealership franchisees. What type of configuration would best provide access to the dealerships while protecting it from unauthorized public access?

A) Guest network
B) DMZ
C) Intranet
D) Extranet
Question
A security engineer has found that an industrial control system used in one of his company's manufacturing plants has a vulnerability that could halt production in the entire plant if exploited. The ICS doesn't need to be accessible from the Internet-it should only be accessed from the control room located within the same building. Which of the following could be implemented as the most effective way to prevent this system from being discovered and exploited?

A) Next-generation firewall
B) Proxy server
C) Air gapping
D) Secure admin workstation
Question
A network engineer is designing a new subnet to be deployed in the neighboring building that her organization just purchased. She wants to ensure that certain protocols are not allowed to communicate between the existing subnets and the new subnet. Which of the following should the network engineer configure on the router connecting the two buildings?

A) DAC
B) ACL
C) MAC
D) SID
Question
A security specialist has been hired to find ways to harden an organization's infrastructure. One of the organization's concerns is that if someone gained physical access to the building, there are no detective controls installed. Which of the following might the company choose to implement to correct the security specialist's concerns?

A) Bollards
B) Motion sensors
C) Firewall
D) K-Rated Fencing
Question
A system administrator is looking for solutions to distract any intrudersthat make it past the company's perimeter protections. This would give the security team more time to respond. Which of the following might the system administrator choose to deploy to meet this goal?

A) NIDS
B) ACLs
C) Honeynet
D) VLAN
Question
A system administrator has just been hired at a company that has been experiencing rapid growth in its second year of operation. When the company began, users were simply given permissions for the files or directories to which they needed access by the owners of the files and directories. Which of the following should the system administrator recommend to accommodate this new growth?

A) RBAC
B) DAC
C) TACACS
D) NAC
Question
A user is trying to log into a system and receives the error message below. Which of the following types of access control is the organization most likely using?
Error: You are not allowed to access this resource. Your access: Confidential. Required: Secret. All attempts to access this resource are logged.Please contact the administrator if you believe this message to be in error.

A) DAC
B) RuBAC
C) ABAC
D) MAC
Question
The security administrator is configuring a new technology that will analyze incoming traffic to determine whether it is malicious or an intrusion of any sort. If it is, the system will automatically create a rule to redirect traffic to another network where the traffic can be analyzed. Which of the following terms describes the technology that the security administrator has implemented?

A) Sinkhole
B) Honeypot
C) NIDS
D) NIPS
Question
Which of the following would be the result of a user with the IP address of 10.15.30.45 attempting to access a website located at 10.20.30.40 if a router or firewall is located between the two subnets using the extended ACL below?
10 PERMIT IP ANY ANY
20 PERMIT TCP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 25
20 PERMIT TCP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 143
30 DENY IP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 80
40 DENY IP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 443

A) The user would be able to access email, but not the website.
B) The user would be able to access the website successfully.
C) The user would be able to access the HTTP version of the website, but not HTTPS.
D) The user would be able to access the HTTPS version of the website, but not HTTP.
Question
A system administrator is auditing the accounts on a Windows computer and sees the following output from a command issued at the CLI. Which of the following describes the string of characters beside each username?
Administrator S-1-5-21-3108310220-2736563938-1271586134-500
David S-1-5-21-3108310220-2736563938-1271586134-1001
John S-1-5-21-3108310220-2736563938-1271586134-1002
Natalie S-1-5-21-3108310220-2736563938-1271586134-1003
Mark S-1-5-21-3108310220-2736563938-1271586134-1004
Guest S-1-5-21-3108310220-2736563938-1271586134-501

A) UID
B) SID
C) GID
D) LDAPID
Question
The security administrator for a large organization wants to prevent customer service employees from being able to access control panels or command prompts. Which of the following could the security administrator implement in order to accomplish this goal?

A) NAC
B) Mandatory access control
C) DAC
D) Group policy
Question
A solutions architect is designing a new application and the server requirements to support the application. She has specified that the application should be run on a Linux server and that it needs to use the mandatory access control model. Which of the following should be enabled to implement MAC?

A) SELinux
B) manACL
C) enforce
D) secACL
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/15
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 3: Strengthening the Network
1
A network administrator has just configured 802.1x for the wired network within her company's building. She has already configured the switches to verify credentials of the computers that request permission to connect. Which of the following does she need to configure on the client devices?

A) Authenticator
B) Resource
C) Registrant
D) Supplicant
Supplicant
2
The IT management team at an organization has just created a new policy that requires guests to be given authentication credentials through a sponsoring process in order to join the wireless network. Which of the following is most likely to be chosen as the solution to implement this new policy?

A) Authenticate all wireless network users by using 802.1x backed by a RADIUS server.
B) Require the use of 802.3af across the entire wireless network.
C) Configure 802.3a for the wireless network backed by XTACACS.
D) Authenticate all wireless network users by using 802.3at backed by TACACS+.
Authenticate all wireless network users by using 802.1x backed by a RADIUS server.
3
A solutions architect has designed a new web-based application that will be hosted on a cloud service provider. The web server will be publicly accessible, and the database server it uses will be located in a private subnet that is only accessible from the subnet where the public-facing web server is located. The database server will not be accessible directly from the Internet. Which of the following might the solutions architect implement in order to manage and maintain the database server?

A) DMZ
B) Jump box
C) 802.1Q
D) NAC
Jump box
4
An automobile manufacturer has created a new application that needs to be accessible only by its authorized dealership franchisees. What type of configuration would best provide access to the dealerships while protecting it from unauthorized public access?

A) Guest network
B) DMZ
C) Intranet
D) Extranet
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
5
A security engineer has found that an industrial control system used in one of his company's manufacturing plants has a vulnerability that could halt production in the entire plant if exploited. The ICS doesn't need to be accessible from the Internet-it should only be accessed from the control room located within the same building. Which of the following could be implemented as the most effective way to prevent this system from being discovered and exploited?

A) Next-generation firewall
B) Proxy server
C) Air gapping
D) Secure admin workstation
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
6
A network engineer is designing a new subnet to be deployed in the neighboring building that her organization just purchased. She wants to ensure that certain protocols are not allowed to communicate between the existing subnets and the new subnet. Which of the following should the network engineer configure on the router connecting the two buildings?

A) DAC
B) ACL
C) MAC
D) SID
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
7
A security specialist has been hired to find ways to harden an organization's infrastructure. One of the organization's concerns is that if someone gained physical access to the building, there are no detective controls installed. Which of the following might the company choose to implement to correct the security specialist's concerns?

A) Bollards
B) Motion sensors
C) Firewall
D) K-Rated Fencing
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
8
A system administrator is looking for solutions to distract any intrudersthat make it past the company's perimeter protections. This would give the security team more time to respond. Which of the following might the system administrator choose to deploy to meet this goal?

A) NIDS
B) ACLs
C) Honeynet
D) VLAN
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
9
A system administrator has just been hired at a company that has been experiencing rapid growth in its second year of operation. When the company began, users were simply given permissions for the files or directories to which they needed access by the owners of the files and directories. Which of the following should the system administrator recommend to accommodate this new growth?

A) RBAC
B) DAC
C) TACACS
D) NAC
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
10
A user is trying to log into a system and receives the error message below. Which of the following types of access control is the organization most likely using?
Error: You are not allowed to access this resource. Your access: Confidential. Required: Secret. All attempts to access this resource are logged.Please contact the administrator if you believe this message to be in error.

A) DAC
B) RuBAC
C) ABAC
D) MAC
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
11
The security administrator is configuring a new technology that will analyze incoming traffic to determine whether it is malicious or an intrusion of any sort. If it is, the system will automatically create a rule to redirect traffic to another network where the traffic can be analyzed. Which of the following terms describes the technology that the security administrator has implemented?

A) Sinkhole
B) Honeypot
C) NIDS
D) NIPS
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following would be the result of a user with the IP address of 10.15.30.45 attempting to access a website located at 10.20.30.40 if a router or firewall is located between the two subnets using the extended ACL below?
10 PERMIT IP ANY ANY
20 PERMIT TCP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 25
20 PERMIT TCP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 143
30 DENY IP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 80
40 DENY IP 10.15.30.0 0.0.0.255 10.20.30.0 0.0.0.255 eq 443

A) The user would be able to access email, but not the website.
B) The user would be able to access the website successfully.
C) The user would be able to access the HTTP version of the website, but not HTTPS.
D) The user would be able to access the HTTPS version of the website, but not HTTP.
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
13
A system administrator is auditing the accounts on a Windows computer and sees the following output from a command issued at the CLI. Which of the following describes the string of characters beside each username?
Administrator S-1-5-21-3108310220-2736563938-1271586134-500
David S-1-5-21-3108310220-2736563938-1271586134-1001
John S-1-5-21-3108310220-2736563938-1271586134-1002
Natalie S-1-5-21-3108310220-2736563938-1271586134-1003
Mark S-1-5-21-3108310220-2736563938-1271586134-1004
Guest S-1-5-21-3108310220-2736563938-1271586134-501

A) UID
B) SID
C) GID
D) LDAPID
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
14
The security administrator for a large organization wants to prevent customer service employees from being able to access control panels or command prompts. Which of the following could the security administrator implement in order to accomplish this goal?

A) NAC
B) Mandatory access control
C) DAC
D) Group policy
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
15
A solutions architect is designing a new application and the server requirements to support the application. She has specified that the application should be run on a Linux server and that it needs to use the mandatory access control model. Which of the following should be enabled to implement MAC?

A) SELinux
B) manACL
C) enforce
D) secACL
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 15 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree