









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Which in-line security technology proactively examines, detects, and prevents an attacker from exploiting a vulnerability in a system? Vulnerability scanner Port scanner Intrusion detection system (IDS) Intrusion prevention system - Intrusion prevention system Which plane can have security problems such as cross-site scripting and cross-site request forgery? Application Data Management Control - Application Which communication protocol makes it possible for the SDN controller to interact with devices such as the switch or the router? Transport Layer Security (TLS) Secure Shell Protocol (SSH) Secure file transfer protocol (SFTP) OpenFlow - OpenFlow Which device prohibits virtual networks from communicating with other networks during the implementation of virtual extensible local networks (VXLANs)? Hub Virtual switch Gateway Virtual router - Virtual Router
Typology: Exams
1 / 16
This page cannot be seen from the preview
Don't miss anything!










Which in-line security technology proactively examines, detects, and prevents an attacker from exploiting a vulnerability in a system?
Vulnerability scanner Port scanner Intrusion detection system (IDS) Intrusion prevention system - ✔️ ✔️ Intrusion prevention system
Which plane can have security problems such as cross-site scripting and cross-site request forgery?
Application Data Management Control - ✔️ ✔️ Application
Which communication protocol makes it possible for the SDN controller to interact with devices such as the switch or the router?
Transport Layer Security (TLS) Secure Shell Protocol (SSH) Secure file transfer protocol (SFTP) OpenFlow - ✔️ ✔️ OpenFlow
Which device prohibits virtual networks from communicating with other networks during the implementation of virtual extensible local networks (VXLANs)?
Hub Virtual switch Gateway Virtual router - ✔️ ✔️ Virtual Router
What is a benefit of using network automation?
Backing up and restoring data Using infrastructure as code to maintain a reliable state Dynamic allocation of IP addresses Boosting storage - ✔️ ✔️ Using infrastructure as code to maintain a reliable state
Which service introduces flexibility, dynamism, and automation into the management of network objects?
Open source for network functions virtualization (NFV) OpenStack Network functions virtualization (NFV) Software-defined networking (SDN) - ✔️ ✔️ Software-defined networking (SDN)
Which OpenStack unit provides authentication?
Cinder Nova Keystone Neutron - ✔️ ✔️ Keystone
Which interface in SDN allows the controller to communicate, interact, and manage forwarding elements?
Westbound Flow ID Southbound Eastbound - ✔️ ✔️ Southbound
Which OpenFlow SDN controller has a multi-threaded, cross-platform, and modular emphasis?
FlowVisor OpenDaylight (ODL) Project Floodlight Beacon - ✔️ ✔️ Beacon
Which port number is used as the destination of a server by Dynamic Host Configuration Protocol?
23 53 67 68 - ✔️ ✔️ 67
Which IPv6 address identifies each network interface?
Multicast Broadcast Anycast Unicast - ✔️ ✔️ Anycast
Which network virtualization (NV) approach refers to a logical local area network (LAN) based on physical LANs?
Virtual private networks (VPN) Virtual private LAN services (VPLS)
Internet Key Exchange version 2 (IKEv2) Secure Socket Layer (SSL) - ✔️ ✔️ Layer 2 Tunneling Protocol (L2TP)
What is the AAA mechanism responsible for granting user privileges to network resources?
Authorization Authentication Accounting Availability - ✔️ ✔️ Authorization
Which authentication type validates a user based on what the person knows?
Retinal scans Swipe card Password Unique tokens - ✔️ ✔️ Password
Which phase of an attack involves the attacker gathering information about the target?
Escalating privileges Exploiting the system Clearing tracks Reconnaissance - ✔️ ✔️ Reconnaissance
Which term refers to a weakness or gap in a security system that can be exploited by an attacker?
Threat Vulnerability Attack Risk - ✔️ ✔️ Vulnerability
Which cyber kill chain term implies actual detonation of the attack?
Exploitation Command and control Installation Delivery - ✔️ ✔️ Exploitation
Which defensive in-depth mechanism watches activities on systems and networks to determine attacks and repair the damages?
Preventive solutions Detection and response Survivability and recovery Reconnaissance - ✔️ ✔️ Detection and response
Which organization is responsible for publishing security frameworks and standards to help an organization achieve security outcomes?
Open Web Application Security Project (OWASP) Internet Assigned Numbers Authority (IANA) National Institute of Standards and Technology (NIST) International Organization for Standardization (ISO) - ✔️ ✔️ National Institute of Standards and Technology (NIST)
Which security process can help obtain a deep insight into events in the existing system?
Vulnerability Logging Threat agent Reconnaissance - ✔️ ✔️ Logging
Which term describes a network security solution that inspects packets and provides filtering as well as monitoring for virtual machines within a virtualized environment?
Proxy server Virtual firewall Physical firewall Network address translation - ✔️ ✔️ Virtual Firewall
Which SDN microsegmentation consideration significantly reduces the available attack surface that a network presents?
Zero trust zones Tools for supporting legacy networks Fine-grained data flow and policy management Leveraging cloud-based resource management and support - ✔️ ✔️ Fine-grained data flow and policy management
Which benefit of distributed firewalls ensures that telecommuters are protected whether the tunnel is set up or not?
Topology independence Protection from internal attacks Elimination of single point of failure Improved host decision-making - ✔️ ✔️ Topology independence
Which firewall term refers to a program that deals with external devices on behalf of internal clients?
Network address translation Dual-homed host
Internet Engineering Task Force (IETF) - ✔️ ✔️ Network functions virtualization (NFV)
A network utilizes virtualized environments with virtual machines running delay-sensitive applications. Which recommendation should be used to protect the virtual workload in accordance with NIST 800-125B?
Virtual firewalls should be deployed for traffic flow control instead of physical firewalls. Two identical bastion hosts should be used instead of one primary host. The logical network topology should be either a star topology or a bus topology. - ✔️ ✔️ Virtual firewalls should be deployed for traffic flow control instead of physical firewalls.
A virtualized network uses a subnet-level virtual firewall. Which recommendation should be used to protect the virtual workload in accordance with NIST 800-125B?
The firewall should be integrated with a virtualization management platform. The firewall should be accessible only through a standalone console. The firewall should be located at the center of the network topology. The firewall should be reconfigured and optimized on a daily basis. - ✔️ ✔️ The firewall should be integrated with a virtualization management platform.
A network uses event logging for auditing purposes. How should the audit records be managed according to the recommendations in NIST 800-53?
Generate time stamps for audit records. Store audit records for a period of 36 months. Use a designated local device for audit record storage. Manually inspect audit records at specified intervals. - ✔️ ✔️ Generate time stamps for audit records.
How has network functions virtualization (NFV) changed network functions?
It has moved network functions from stand-alone appliances to software running on any server. It has moved network functions from software running on any server to stand-alone appliances. It has moved network functions from the network presentation layer to the transport layer. It has moved network functions from the network transport layer to the presentation layer. - ✔️ ✔️ It has moved network functions from stand-alone appliances to software running on any server.
Which financial benefit does network functions virtualization (NFV) offer to carriers?
The opportunity for pay-as-you-go services without a large up-front investment The opportunity to own specialized network hardware rather than rent it The opportunity to materially participate in and profit from software development
The opportunity for reduced complexity and cost of network security methods - ✔️ ✔️ The opportunity for pay-as-you-go services without a large up-front investment
What are the software applications within a network functions virtualization (NFV) architecture that perform specific network tasks?
Virtual network functions (VNFs) Application programming interfaces (APIs) Network address translators (NATs) Domain name systems (DNSs) - ✔️ ✔️ Virtual network functions (VNFs)
How are network functions virtualization (NFV) and software-defined networks (SDNs) related?
They are two network infrastructure improvement models that are mutually beneficial and often used together. They are both designed to improve network infrastructure but on different sides of the provider-client relationship. They each improve networking, where SDN addresses only software and NFV addresses only hardware. - ✔️ ✔️ They are two network infrastructure improvement models that are mutually beneficial and often used together.
Which concept is used to create differentiated access based on entitlement to administer a network device or controller?
Role-based administration control (RBAC) Role-based access control (RBAC) Authentication, authorization, and accounting (AAA) Amortization, adjudication, and allowance (AAA) - ✔️ ✔️ Role-based access control (RBAC)
What are the advantages of using centralized network infrastructure?
It helps in the easy deployment and management of systems and devices within the network infrastructure. It helps in the easy removal of malicious software from systems and devices within the network infrastructure. It helps in easy access for end users to edge systems and devices within the network infrastructure. It helps in easy information retrieval by the end users of the network infrastructure. - ✔️ ✔️ It helps in the easy deployment and management of systems and devices within the network infrastructure.
What is a direct benefit of using network programmability instead of manual configuration when implementing configuration changes?
Increased network stability owing to high latency Reduced user error due to manual configuration
OpenStack Network functions virtualization (NFV) OpenFlow Network functions virtualization infrastructure (NFVI) - ✔️ ✔️ OpenStack
How do virtual overlay networks function in relation to existing network structures?
Provision and manage networks alongside other virtual resources Link physical computers through secured wired connections Establish a well-defined trusted domain barrier without multiple firewalls Interchange protocols among the application, transport, and network layers - ✔️ ✔️ Provision and manage networks alongside other virtual resources
A network administrator designed a three-layer security system for the network. An attack on the system has exploited a hole in the first layer of the security system. Which layer does the attack face next?
Detection and response mechanisms Preventative mechanisms Recovery mechanisms Encapsulation and encryption mechanisms - ✔️ ✔️ Detection and response mechanisms
Which technique can a network administrator use to identify potential weaknesses that would be accessible to a trusted network user?
Authenticated vulnerability scan Network communication scan Corrupted packet log scan VNF service flooding scan - ✔️ ✔️ Authenticated vulnerability scan
Which tool can a developer use to ensure that the code loaded in the VNF execution environment is authentic?
Secure Boot OpenFlow VNF Manager Ruby vSphere - ✔️ ✔️ Secure Boot
Which method improves network partitioning to reduce threat effectiveness?
Physical segregation of hardware Consolidation of controllers Merging of communication channels Expanding demilitarized zones - ✔️ ✔️ Physical segregation of hardware
Which function does an intrusion prevention system (IPS) perform in a network?
It scans for patterns that could be a threat and only alerts the administrator via text message. It scans for patterns that could be a threat and takes the configured action against them. It scans for threats, logs them as a nuisance, and then allows the traffic through. It scans for nonthreatening traffic and blocks all other traffic to a network. - ✔️ ✔️ It scans for patterns that could be a threat and takes the configured action against them.
How are security threats that happen within a computer network classified?
As detectable and unknown As malicious and robust As divisive and destructive As intentional and unintentional - ✔️ ✔️ As intentional and unintentional
Why does an intrusion detection system (IDS) use a TAP or SPAN port to analyze a copy of the inline traffic stream?
To ensure that inline network performance is not impacted To act as a gatekeeper through which all network traffic must pass To prevent damage to any packet data that is analyzed To facilitate the storage and tracking of network packet data - ✔️ ✔️ To ensure that inline network performance is not impacted
What is a function of the bastion host in a screened subnet firewall architecture?
To serve as the main point of contact for incoming connections To protect the perimeter and internal networks from the internet To perform most of the data packet filtering for the firewall To define a clear boundary between trusted and untrusted domains - ✔️ ✔️ To serve as the main point of contact for incoming connections
Which problem do traditional firewalls fail to protect against?
Internal attacks Unauthorized access Malicious traffic Non-compliant packets - ✔️ ✔️ Internal attacks
Which approach improves the strength of software-defined networking (SDN) security and intrusion tolerance?
Controller diversity Controller consolidation Logging Virtualization - ✔️ ✔️ Controller diversity
Which design component is incorporated in the software-defined networking (SDN) framework security?
Removing the time- and error-prone human middleware via greater automation Transitioning security packages to offshore industry-specific firms Ranking network users based on probabilistic threat and risk assessments - ✔️ ✔️ Enabling policy-driven and automated security orchestration and management Removing the time- and error-prone human middleware via greater automation
Instead of defending a network infrastructure by detecting, preventing, tracking, and remediating threats, a new model changes the attack surface over time. What is the new model referred to as?
Proactive security Attack representation Virtualized security Service function chaining - ✔️ ✔️ Proactive security
What is an open-source security metric framework that quantifies a network's attack surface?
Common Vulnerability Scoring System Cumulative Network Risk Assessment Objective Systematic Threat Value Probabilistic Risk-Threat Quotient - ✔️ ✔️ Common Vulnerability Scoring System
What is an advantage of Simple Network Monitoring Protocol (SNMP) over NetFlow?
SNMP has real-time management functionality. SNMP provides more information on bandwidth use. SNMP gives more detail on network traffic sources. SNMP uses agentless push technology. - ✔️ ✔️ SNMP has real-time management functionality.
Which network security component restricts access between a protected network and the internet?
Firewall Router OpenFlow Network address translation (NAT) - ✔️ ✔️ Firewall
Which tool has the functionality to reset a network connection automatically in response to analyzed incoming network traffic flows?
Intrusion prevention system (IPS) Virtual local area network (VLAN) Network address translation (NAT) Open virtual switch (OVS) - ✔️ ✔️ Intrusion prevention system (IPS)
Which two interdependent services should be established when providing a centralized logging service for a data center networking environment? Choose 2 answers.
Collect logs Transport logs Publish logs Repair logs - ✔️ ✔️ Collect logs Transport logs
Which kind of device is needed for communication to happen between two local area networks?
Router L2 Switch Hub Access point - ✔️ ✔️ Router
A network administrator uses a telemetry system to monitor and troubleshoot a network. The system uses event-based telemetry to perform these functions.Which information would be exposed by this type of system?
An employee logging into a switch and using commands to show the output of the configuration A link going from the "up up" state into the "up down" state A device connected to the wireless network transmitting data with malicious code - ✔️ ✔️ A link going from the "up up" state into the "up down" state
Which network function commonly blocks the connectivity between a controller and a southbound interface?
Virtual private network (VPN) Domain name server (DNS) Firewall Access point - ✔️ ✔️ Firewall
Which function of a device is needed to have accurate data for time-sensitive network event correlation?
An Internet Engineering Task Force (IETF) 5905 synchronized clock An Institute of Electrical and Electronics Engineers (IEEE) 1588 synchronized clock An Internet Engineering Task Force (IETF) 1361 synchronized clock An Institute of Electrical and Electronics Engineers (IEEE) 957 synchronized clock - ✔️ ✔️ An Institute of Electrical and Electronics Engineers (IEEE) 1588 synchronized clock
Which phase of the system design life cycle (SDLC) includes security categorization and preliminary risk assessment?
McAfee Antivirus Windows Defender Firewall - ✔️ ✔️ Nessus
Which firewall type in a network is configured to withstand attacks and is often placed in the DMZ?
Circuit-level gateway Bastion Stateful inspection Packet filtering - ✔️ ✔️ Bastion
Which SDN plane was developed for telemetry?
Data Northbound Control Application - ✔️ ✔️ Application
Which harware end-of-life (EOL) problem has to do with reduced or eliminated support for security fixes, patches, firmware updates by the manufacturer?
Problems with scalability High maintenance costs Compromised data security Decreased productivity - ✔️ ✔️ Compromised data security