Nicolau is a network engineer for a large online retailer

Question 1

Nicolau is a network engineer for a large online retailer.

He is concerned about the security of his

company’s network connections to its customers, vendors, and partners. Although all of these
sources are generally trusted, he knows they can be hacked by malicious parties and used to steal confidential company data. Which network-based solution should he choose to detect
unauthorized user activity and attacks that is also capable of taking action to prevent a breach?

A. Firewall
B. Router anti-tampering

C. Intrusion detection system/intrusion prevention system (IDS/IPS)
D. Data encryption

Question 2

To secure system/application domain of an IT infrastructure what is the primary focus

A. Educating users about social engineering techniques such as clever wording intimidation to prevent loss of private information and reduction in network security

B. In a collection of servers and virtualized systems, defending both data and server computing power

C. Defending against hackers targeting routers, circuits, switches, firewall,s and equivalent gear at remote locations

D. Protecting a system where the hacker does not have to be physically present to attack the network


Lenita is a network technician. She is setting up a rule set for a firewall in her company’s
demilitarized zone (DMZ). For email, she creates an allow-exception rule permitting Simple Mail
Transfer Protocol (SMTP) traffic on port 25 to leave the internal network for the Internet. Her
supervisor examines Lenita’s work and points out a possible problem. What is it?
A. Lenita used the wrong port: SMTP uses port 21.
B. Lenita should have used a deny-exception rule just prior to the Allow rule.
C. The allow-exception rule could create a bottleneck, slowing down traffic to and from the
Internet.<— Wrong answer
D. The allow-exception rule could create a loophole threatening internal communications on
the same port.

Question 4

Which deployment of a web server uses network address translation (NAT) mapping and is
considered the poorest security choice?
A. Demilitarized zone (DMZ)
B. Reverse proxy
C. Hosting
D. Co-location

Question 5

Determining who or what is trustworthy on a network is an ongoing activity



Question 6

Reid is a network security trainer for a mid-sized company. He is demonstrating alternative
methods of protecting a network using unconventional means. The IT department’s “sandbox”
network is used for testing and is not connected to the production network. Using the sandbox,
Reid shows how to protect a network from external threats without using a firewall. What is
Reid’s approach?
A. Router
B. Switch
C. Intrusion detection system/intrusion protection system (IDS/IPS)
D. Packet sniffer

Question 7
Hajar is a new network administrator. She is inventorying firewalls in her company. She finds one
that has a management interface lacking something and makes a note to replace it immediately.
What critical security measure is the management interface missing?
B. Encryption
C. Multifactor administration
D. Command-line <– wrong Ans

Question 8

The design of firewall placement and configuration in a network infrastructure has many
aspects. Which of the following concerns is most likely related to an upper management decision
that does NOT conform with existing security policy?
A. Political
B. Staffing wrong
C. Technical
D. Educational

Question 9

In a full connection mesh topology, all devices on a network are connected to all other devices



Question 10

Nonrepudiation is the security principle that prevents a user from being able to deny having performed an action



Complete Answer:

Get Instant Help in Homework Asap
Get Instant Help in Homework Asap
Calculate your paper price
Pages (550 words)
Approximate price: -
Open chat
Hello 👋
Thank you for choosing our assignment help service!
How can I help you?