Last Updated on July 20, 2021 by InfraExam
312-38 : Certified Network Defender : Part 21
A local bank wants to protect their card holder data. The bank should comply with the __________ standard to ensure the security of card holder data.
- PCI DSS
Ross manages 30 employees and only 25 computers in the organization. The network the company uses is a peer-to-peer. Ross configures access control measures allowing the employees to set their own control measures for their files and folders. Which access control did Ross implement?
- Mandatory access control
- Non-discretionary access control
- Discretionary access control
- Role-based access control
Fred is a network technician working for Johnson Services, a temporary employment agency in Boston. Johnson Services has three remote offices in New England and the headquarters in Boston where Fred works. The company relies on a number of customized applications to perform daily tasks and unfortunately these applications require users to be local administrators. Because of this, Fred’s supervisor wants to implement tighter security measures in other areas to compensate for the inherent risks in making those users local admins. Fred’s boss wants a solution that will be placed on all computers throughout the company and monitored by Fred. This solution will gather information on all network traffic to and from the local computers without actually affecting the traffic. What type of solution does Fred’s boss want to implement?
- Fred’s boss wants Fred to monitor a NIPS system.
- Fred’s boss wants to implement a HIDS solution.
- Fred’s boss wants a NIDS implementation.
- Fred’s boss wants to implement a HIPS solution.
Which of the following can be used to suppress fire from Class K sources?
- Carbon dioxide
- Dry Chemical
Match the following NIST security life cycle components with their activities:
- 1-iv, 2- iii,3-v,4-i
What is the correct order of activities that a IDS is supposed to attempt in order of detect an intrusion?
- Prevention, Intrusion Monitoring, intrusion Detection, Response
- Intrusion Detection, Response, Prevention, Intrusion Monitoring
- Intrusion Monitoring, Intrusion Detection, Response, Prevention
- Prevention, intrusion Detection, Response, Intrusion Monitoring
Larry is a network administrator working for a manufacturing company in Detroit. Larry is responsible for the entire company’s network which consists of 300 workstations and 25 servers. After using a hosted email service for a year, the company wants to cut back on costs and bring the email control internal. Larry likes this idea because it will give him more control over email. Larry wants to purchase a server for email but he does not want the server to be on the internal network because this might cause security risks. He decides to place the email server on the outside of the company’s internal firewall. There is another firewall connected directly to the Internet that will protect some traffic from accessing the email server; the server will essentially be place between the two firewalls. What logical area is Larry going to place the new email server into?
- He is going to place the server in a Demilitarized Zone (DMZ).
- He will put the email server in an IPSec zone.
- For security reasons, Larry is going to place the email server in the company’s Logical Buffer Zone (LBZ).
- Larry is going to put the email server in a hot-server zone.
Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user’s email is protected. Next, she needs to ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures. What is Stephanie working on?
- Data Integrity
Which of the following interfaces uses hot plugging technique to replace computer components without the need to shut down the system?
Alex is administering the firewall in the organization’s network. What command will he use to check all the remote addresses and ports in numerical form?
- netstat -a
- netstat -ao
- netstat -o
- netstat -an
Which type of wireless network attack is characterized by an attacker using a high gain amplifier from a nearby location to drown out the legitimate access point signal?
- Rogue access point attack
- Ad Hoc Connection attack
- Jamming signal attack
- Unauthorized association
Which of the following RAID storage techniques divides the data into multiple blocks, which are further written across the RAID system?
- None of these
Management decides to implement a risk management system to reduce and maintain the organization’s risk at an acceptable level. Which of the following is the correct order in the risk management phase?
- Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review
- Risk Identification, Risk Assessment, Risk Monitoring & Review, Risk Treatment
- Risk Treatment, Risk Monitoring & Review, Risk Identification, Risk Assessment
- Risk Assessment, Risk Treatment, Risk Monitoring & Review, Risk Identification
You want to increase your network security implementing a technology that only allows certain MAC addresses in specific ports in the switches; which one of the above is the best choice?
- Port Security
- Port Authorization
- Port Detection
- Port Knocking
Blake is working on the company’s updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response. Blake is outlining the level of severity for each type of incident in the plan. Unsuccessful scans and probes are at what severity level?
- Extreme severity level
- Low severity level
- High severity level
- Mid severity level
An IDS or IDPS can be deployed in two modes. Which deployment mode allows the IDS to both detect and stop malicious traffic?
- passive mode
- inline mode
- promiscuous mode
- firewall mode
Which protocol could choose the network administrator for the wireless network design, if he need to satisfied the minimum requirement of 2.4 GHz, 22 MHz of bandwidth, 2 Mbits/s stream for data rate and use DSSS for modulation.
Physical access controls help organizations monitor, record, and control access to the information assets and facility. Identify the category of physical security controls which includes security labels and warning signs.
- Technical control
- Environmental control
- Physical control
- Administrative control
Which Internet access policy starts with all services blocked and the administrator enables safe and necessary services individually, which provides maximum security and logs everything, such as system and network activities?
- Internet access policy
- Paranoid policy
- Permissive policy
- Prudent policy
Daniel who works as a network administrator has just deployed an IDS in his organization’s network. He wants to calculate the False Positive rate for his implementation. Which of the following formulas will he use, to calculate the False Positive rate?
- False Negative/True Negative+True Positive
- False Positive/False Positive+True Negative
- True Negative/False Negative+True Positive
- False Negative/False Negative+True Positive