Remote access dial-in user service radius from radius clients

Question	Answer Option 1	Answer Option 2	Answer Option 3

1Risk Management
You are reviewing Web server logs after		Detective	Preventative	Compensating
1	a Web application security breach. To what type of security control do log
reviews relate?
After analyzing the risk associated with		Risk acceptance	Risk mitigation	Risk transfer
working with an external organization
to fulfil a government contract, you
2
agreement after applying security
settings to the external organization.
What type of risk treatment is this?
3		Multiply the Annual	Multiply the Asset	Multiply the Annual
		Rate of Occurrence	Multiply the Asset	Rate of Occurrence
		Rate of Occurrence	Value (AV) by the	Rate of Occurrence
		(ARO) by the	Value (AV) by the	(ARO) by the Asset
		(ARO) by the	Exposure Factor (EF).	(ARO) by the Asset
		Exposure Factor (EF).	Exposure Factor (EF).	Value (AV).

		Multiply the Asset	Multiply the Annual
	Rate of Occurrence	Multiply the Asset	Rate of Occurrence
	Rate of Occurrence	Value (AV) by the	Rate of Occurrence
(ALE) calculated?	(ARO) by the	Value (AV) by the	(ARO) by the Asset
	(ARO) by the	Exposure Factor (EF).	(ARO) by the Asset
		Exposure Factor (EF).	Value (AV).

5	Which type of risk assessment is based		Qualitative	Risk register
	on subjective opinions regarding threat

1	Which technique is used to enhance	Password length	Key pinning	Multifactor
1	the security of password hashes?	Password length	Key pinning

authentication

1	Which type of device records	Common Access Card
1		Common Access Card

2		Bollard	Security guards	Access control
2		Bollard	Security guards

3	Your company runs sensitive medical	VLANs		Air-gapping
	research equipment and servers on a
	network named RNET-A. You need to

	RNET-A is not possible. Which
	technique should you use?
4	Why is it important to install blanking	Rack security is		Visual equipment
	panels on equipment rack spaces that	Rack security is		inspection is made
	panels on equipment rack spaces that	enhanced		inspection is made
		enhanced		easier
5		Cold aisles	Hot aisles	Air conditioning
	focuses on pulling warm equipment
	exhaust air away from equipment?

1

Which of the following constitutes multifactor authentication (MFA)?

Username + password

Fingerprint scan

Facial recognition

device PIN

2			Availability
	application using a digitally signed
	security token in the form of a Web


3		Multifactor	One-time password
3	generates a code for use only once?		One-time password

	User home directory	User home directory
authentication for a Linux host that will		User home directory
be managed from a Windows		on the Windows
be managed from a Windows	on the Linux server	on the Windows	the Linux server
computer. Where must the public key		host
		host

5		ABAC	RBAC

	Finance” are accessible only to full-time
	users in the Finance department. What

	configuring?
6	Which technique adds location	Geofencing	Global positioning
			Global positioning
			system
			system

7		LDAP	RADIUS	Identity federation
	used with IEEE 802.1x network access

8			Applicant	Supplicant
	device attempting to connect to an IEEE

	network authentication?

You are building a Web application that

Multifactor

Identity federation

SAML

will allow users to sign in with their

authentication

1

BAT

PS1

You are a Linux sys admin attempting to

Use the sudo

Use the chmod

execute privileged commands in Linux

but you keep receiving “Permission

command

denied” messages. What should you

do?

Which Linux command can be used to

sha256sum

ssh

pair?

You are logged into a Linux host and

dig

nslookup

ipconfig

command should you use?

6Securing Individual Systems
Which of the following Wi-Fi	WPA3	RADIUS authentication
1
weakest?
You are planning the configuration of
You are planning the configuration of	Client PKI certificates Server PKI certificate		Enable security
2			protocols that
should be acquired/configured?

2	You are planning the configuration of	Client PKI certificates Server PKI certificate			Enable security


3	Which type of security flaw is not	Firmware	Denial of service		Application
3		Firmware	Denial of service		Application
5		Dictionary		Brute-force

	numbers and symbols?

While comparing previous and current	Client devices are	Client devices are
While comparing previous and current	Client devices are	performing normal
network traffic patterns, you notice	performing normal	performing normal
network traffic patterns, you notice	performing normal	reverse lookup DNS
	forward lookup DNS	reverse lookup DNS
	forward lookup DNS	queries for IP	remove the
TXT records. What might this indicate?	queries for Web sites.	queries for IP	remove the
TXT records. What might this indicate?	queries for Web sites.	addresses.

7		Layer 4 firewall
	that can not only detect, but also stop
	current suspicious activity. What should			prevention system
				prevention system
8		RAID 0	RAID 1	RAID 5
	so that in the event of a single disk loss,

	the data. Which RAID level should you

You are ordering laptops for sales	Order laptops with	Order laptops with	Order laptops with
executives that travel for work. The

	HSM chips and	HSM chips and	TPM chips and
	configure BitLocker	configure EFS	configure EFS
	disk encryption.	encryption.	encryption.
encryption must be tied to the specific
laptop. What should you do?

7Secuirng the Basic LAN

1			RSA	Symmetric
1			RSA	Symmetric
2		CFB	ECB	CBC
	ciphertext from the previous block to
	be fed into the algorithm to encrypt the

3	You are decrypting a message sent over	Your public key	Sender public key	Your private key
	the network. Which key will be used for

4		Your public key	Sender public key	Your private key
4		Your public key	Sender public key	Your private key
5	Your company has numerous public-	Generate self-signed	Acquire public	Acquire a wildcard
	facing Web sites that use the same DNS
	domain suffix. You need to use PKI to
	domain suffix. You need to use PKI to	certificates for each	certificates for each
		certificates for each	certificates for each	certificate
		Web sit	Web site


6	TCP port numbers apply to which layer	2	3	4
6		2	3	4
7	What is the general premise of ARP	Network devices	Network devices	Network devices
		modify their DNS	modify their ARP	modify their ARP
		cache to use the	cache to use the	cache to use the
	cache poisoning?	attacker MAC address	attacker IP address	attacker MAC
		for the default	for the default	address for the
		gateway.	gateway.	default gateway.
8		Disable link auto	MAC filtering	Intrusion detection
8		negotiation	MAC filtering	sensor
9		Weighted	Active/passive	Round robin

	backend virtual machine?

9	Which load balancing algorithm sends	Weighted


10	To which OSI layer do packet filtering	2	3	4
10	firewalls apply?	2	3	4

You need to force user authentication	Port address


Internet. You also need to ensure client
Internet. You also need to ensure client	translation	translation
device IP addresses are not exposed to

1

WPA

WPS

WEP

Your hotel provides free Wi-Fi to

Send automated

Provide guests with

Use RFID tags that

guests. The Wi-Fi network is secured.

You would like to provide a simple

emails to registered

a printout of Wi-Fi

contain Wi-Fi

convenient way for guests to

guests with Wi-Fi

connection

immediately connect to the Wi-Fi

connection

information.

information.

network using their smartphones. What

information.

should you do?

10 feet

30 feet

60 feet

You are performing a Wi-Fi site survey

-120 dBm

-80 dBm

-50 dBm

due to complaints about slow wireless

provide the best wireless network

speeds?

To forcibly disconnect

To forcibly

To test RADIUS

disconnect Wi-Fi

Wi-Fi clients to

clients to prevent

authentication

observe

their Wi-Fi

resiliency.

authentication

Which Wi-Fi EAP configuration uses both client and server PKI certificates?

EAP-FAST

EAP-TTLS

EAP-TLS

hotspot you are presented with a Web

authentication

access. What is this?

9Securing Virtual and Cloud Environments
			sudo docker run –d –	sudo docker run –d

container image has a small HTTP Web
1	server stack configure for TCP port 443	4443:443 cust-dev-	p 443:4443 cust-dev-	–p 4443:443 cust-
but you want connectivity to occur		lamp1	lamp1	dev-lamp1
			Type 2	Type A
command should you use?
2	Which type of hypervisor runs within	Type 1
2		Type 1
3			Hybrid	Community
3			Hybrid	Community

4	With which cloud service model is the	SaaS	IaaS	SECaaS
	cloud tenant responsible for patching

5		CSP	CASB	SLA

10Securing Dedicated and Mobile Systems
Which term describes a specialized		PLC	SLA	ICS
1	computer interface that controls industrial devices such as
manufacturing robots and centrifuges?

1		PLC	SLA	ICS



2	Which smart home wireless networking	ICS	PLC	Zigbee
2	protocol does not use TCP/IP?	ICS	PLC	Zigbee

3	What is the proposed maximum speed	1 Gbps	3 Gbps	10 Gbps
3		1 Gbps	3 Gbps	10 Gbps
4		1 mile	3 miles	6 miles
4		1 mile	3 miles	6 miles
5		ECC	RSA	MD5
	smaller keys but provides just as much
	crypto strength as other algorithms

6	Which term describes installing a smart		Geofencing	Registering

11Secure Protocols and Applications
You need to ensure that DNS client		IPsec	DNSSEC	PKI
1	query responses are authentic and have not been tampered with. What
should you configure?
Which TCP/IP protocol is used for		SNMP	DNSEC	IPsec
2
network host statistics?

3		Cross-site scripting	Denial of service

				forgery
	client and a server?			forgery
4	Which language is commonly used by	PowerShell	Python	Perl
4		PowerShell	Python	Perl

5			In the client Web
5			browser	operating system

6	You are developing a Web application		Secure	HTTPOnly
	that uses cookies. You want to prevent

	Which HTTP response header attribute


What type of document is often signed		MOU	NDA	ISA
1	by pen testers before starting a pen
test engagement?
2	What are some options we can scan for possible vulernabilities		A host

3		Impoersonation	Urgency	Misinformation/
				Misinformation/

13Business Security Impact

1	Your company is hiring new employees	ISA	NDA	MOU
	that may come into contact with
	sensitive data during the course of their


	the user on-boarding process to ensure


2	The General Data Protection	It protects EU	It protects EU	It protects EU
	The General Data Protection	It protects EU	citizens data based	citizen's data
	Regulation protects EU citizens data	citizen's data based	citizens data based	citizen's data
	Regulation protects EU citizens data	citizen's data based	on time, location,	regardless of
	under what conditions?	on location	on time, location,	regardless of
	under what conditions?	on location	and data useless	location
3		Operating	Backout plans	Employee Results
		Operating
		procedures
		procedures


1	Which type of planning is designed to deal with security events as they occur?	Disaster recovery plan	Business continuity	Incident response
1		Disaster recovery plan	plan	plan

2	Your company has determined that	SOAR	SIEM	ICS

3	You have determined that your	SLA	HSM	RPO
	department can withstand the loss of

Answer Option 4	Correct	Explanation

	Detective

		controls are used when it is not feasible to implement the preferred control
		due to cost, time or complexity. Technical controls use technology to safeguard

Risk avoidance	Risk mitigation

		mitigate risk. Risk transfer shifts some or all risk responsibility to a third party,
		as is the case with cybersecurity attack insurance. With risk avoidance, the risk

Multiply the	Multiply the Asset	Correct Answer: Multiple the Asset Value (AV) by the Exposure Factor (EF). The


Exposure Factor (EF)	Value (AV) by the
Exposure Factor (EF)	Value (AV) by the
by the risk severity	Exposure Factor
by the risk severity	Exposure Factor	where the EF is a percentage expressing how much of an asset’s value is loss
rating.	(EF).
rating.	(EF).	due to a negative event.

Multiply the Single	Multiply the	Correct Answer: Multiply the Single Loss Expectancy (SLE) by the Annual Rate
	Single Loss
	Single Loss
Loss Expectancy	Expectancy (SLE)
Loss Expectancy	Expectancy (SLE)	related to the downtime of an asset over a one-year period. It is calculated by
(SLE) by the Annual	by the Annual
(SLE) by the Annual	by the Annual	multiplying the Single Loss Expectancy (SLE) by the Annual Rate of Occurrence
Rate of Occurrence	Rate of
Rate of Occurrence	Rate of
(ARO).	Occurrence
	(ARO).
	(ARO).	calculate the ALE.

Correct Answer: A qualitative risk assessment organizes risks by a severity or threat rating which may differ from one organization to another.

Quantitative	Qualitative

		severity. A risk register is a centralized list of risks that includes details such as


		and percentages) to calculate the impact realized threats can have on assets;
		the goal is to determine if the cost of protecting an asset is less than the
		projected annual cost of negative security incidents.

Salting	Salting	Incorrect Answers: The listed items do not enhance the security of password
		hashes. The password length does not affect the password hash; the hash is


		(MFA) uses multiple factors for authentication, such as a username (something
		you know) and a private key (something you have).

	Keylogger
module

		computer systems. Ransomware is malware that encrypts user data files and
		demands a ransom payment in exchange for a decryption key. A Hardware
		Security Module (HSM) is a tamper-proof device used for cryptographic

	Bollard	Incorrect Answers: Security guards cannot effectively prevent vehicles from
		ramming buildings. Access control vestibules (man traps) prevent a second

		prevent physical entry to a room but do not mitigate vehicles ramming
		buildings.

	Air-gapping

		proxy), but these options do not ensure external network access to RNET-A is
		impossible.
Air flow is improved

	improved
	improved	panels.
Blanking panels	Hot aisles
Blanking panels	Hot aisles

Username +	Username +
		categories of authentication such as something you know (username,
		password) along with something you have (a device on which you receive a

password + answer	password device
to security question	PIN

	Authorization	Incorrect Answers: Accounting, also referred to as auditing, is used to track

Digital signature	One-time password

Root directory on

	directory on the	“authorized_keys”.
the Windows host	directory on the
	Linux server
		Incorrect Answers: None of the listed options specifies the correct location of

	ABAC
		collections of related permissions, to control resource access. Discretionary
		Access Control (DAC) allows the data custodian to set permissions in

Triangulation	Geotagging



		geographical region.

Correct Answer: Remote Authentication Dial-In User Service (RADIUS) servers are centralized authentication servers that receive authentication requests from RADIUS clients such as network switches and Wi-Fi routers.

RADIUS requester	Supplicant

Correct Answer: Identity federation uses a central trusted Identity Provider (IdP) to allow access to resources such as Web sites.

LDAP	Identity	Incorrect Answers: Multifactor authentication (MFA) combines authentication
	federation


		security tokens which are then used to gain resource access. The Lightweight

		directory.
SH	PS1	Correct Answer: PS1. Microsoft PowerShell scripts normally use a .PS1 file
SH	PS1

Disable SELinux
		privileged commands as long as they are granted this permission in the
		sudoers file.



		powerful account. Security Enhanced Linux (SELinux) is not causing permission
		denied messages in this scenario.

Correct Answer: The ssh-keygen command creates an SSH public and private key pair.

ifconfig	ifconfig
		troubleshoot DNS name resolution. The name server lookup (nslookup)
		command is used to test and troubleshoot DNS name resolution in both

WEP	WEP
		network security protocol. Remote Access Dial-in User Service (RADIUS)
		authentication uses a central authentication server to service authentication
		requests from RADIUS clients. Disabling DHCP is a hardening technique


		certificate to secure communications and normally use TCP port 443.
protocols that
protocols that

		Incorrect Answers: Client PKI certificates are not required to enable an HTTPS
protocols that
protocols that

		Web application. TLS v1.2 should be configured on clients and servers as the

Correct Answer: Zero-days are security flaws not yet known by vendors.

Zero-day	Zero-day	Incorrect Answers: The listed flaw types do not reflect security problems
Zero-day	Zero-day

Offline	Brute-force	Incorrect Answers: Dictionary attacks use dictionary word or phrase files to try

		Password spraying blasts many accounts with a best-guess common password

		traditional attacks and is less likely to trigger account lockout thresholds.
		Offline password attacks use an offline copy of passwords for cracking

Client devices are	Client devices are
Client devices are	infected and are
infected and are	infected and are
infected and are	attempting to
attempting to	attempting to
attempting to	discover a	IPv6 AAAA records to resolve FQDNs to IP addresses. Clients querying DNS TXT
discover a command	discover a
discover a command	command and
and control server.	command and
and control server.	control server.	Incorrect Answers: The listed reasons are invalid in this scenario.

Correct Answer: A network intrusion prevention system can not only detect but also be configured to stop suspicious activity.

Network intrusion	Network intrusion	Incorrect Answers: Layer 4 firewalls are packet filtering firewalls which do not
Network intrusion	prevention
detection system	prevention
	system

		Intrusion detection systems only detect and report, log, or notify of suspicious

RAID 6	RAID 1	Incorrect Answers: RAID 0 (disk striping) writes data across an array of disks to
		improve performance. RAID 5 (disk striping with distributed parity) writes data
		across an array of disks but also write parity (error recovery information)
		across the disks in the array, thus providing a performance improvement in



Order laptops with	Order laptops
		encryption. A Trusted Platform Module (TPM) chip in a computer is used to
		secure the integrity of the machine boot process and to store disk volume

	with TPM chips
TPM chips and	with TPM chips
TPM chips and	and configure
configure BitLocker	and configure
configure BitLocker	BitLocker disk
disk encryption.	BitLocker disk
	encryption.

		operations and the storage of encryption keys. Encrypting File System (EFS) file

Correct Answer: Symmetric encrypting uses a single “secret” key for encrypting and decrypting.

SHA256 Symmetric

OFB	CFB

		Block Chaining (CBC) is similar to ECB except that it used a random Initialization
		Vector (IV). Output Feedback Mode (OFB) uses a keystream of bits to encrypt
		data blocks.
Sender private key	Your private key
Sender private key	Your private key

Sender private key	Sender public key
Sender private key	Sender public key	the sender’s public key (the sender’s private key creates the digital signature).

Incorrect Answers: The listed keys are not used to verify a digital signature.

Acquire an extended	Acquire a
	Acquire a
	wildcard
	wildcard	Incorrect Answers: Using self-signed or public certificates for each Web site
	certificate

		certificates require the certificate issuer to perform extra due diligence in
		ensuring that the certificate request is legitimate.
7	4

Network devices	Network devices
modify their DNS	modify their ARP
cache to use the	cache to use the
cache to use the	cache to use the	MAC address for the default gateway. ARP cache poisoning forces client traffic
attacker IP address	attacker MAC
attacker IP address	attacker MAC
for the default	address for the
gateway.	default gateway.	Incorrect Answers: The listed items do not properly describe ARP cache
Spanning Tree	Spanning Tree	poisoning.


Protocol	Protocol	Incorrect Answers: The listed mitigations are not designed to prevent network
Protocol	Protocol

Least connections Round robin

Least connections	Round robin	Incorrect Answers: Weighted load balancing uses a configured relative weight

		Active/passive is a load balancing redundancy configuration where a standby


7	4
7	4	headers (OSI layers 2-4).

Incorrect Answers: The listed layers do not correctly represent where packet filtering firewalls fit into the OSI model.


server	server
		numbers to internal servers. Port Address Translation (PAT) allows many
		internal clients to get to the Internet using a single public IP address. Network
		Address Translation (NAT) is similar to a reverse proxy server except it cannot


TKIP	WPS

Use NFC tags that	Use NFC tags that	Correct Answer: Use NFC tags that contain Wi-Fi connection information. With
contain Wi-Fi	contain Wi-Fi
connection
information.	information.

Incorrect Answers: The listed options are not as convenient as using NFC tags.

150 feet	30 feet
150 feet	30 feet

	-30 dBm	Correct Answer: A -30 dBm wireless signal strength is considered excellent.

Incorrect Answers: The listed wireless signal strengths are sub-standard.

To perform offline	To forcibly	Correct Answer: To forcibly disconnect Wi-Fi clients to observe authentication.
	To forcibly


dictionary attacks.
		Incorrect Answers: The listed explanations do not explain why
	authentication
	authentication	deauthentication is often used with Wi-Fi pen testing.
Protected EAP	EAP-TLS
Protected EAP	EAP-TLS

	Captive portal	Correct Answer: Captive portals present a Web page when users connect to a
		Wi-Fi network; sometimes a user account is required (often users must agree
		to the terms of use before connecting to the Internet).

	sudo docker run –
	sudo docker run –
–p 443:4443 cust-	d –p 4443:443
–p 443:4443 cust-	d –p 4443:443	after the colon is the configured listening port number within the application
dev-lamp1	cust-dev-lamp1
dev-lamp1	cust-dev-lamp1	container.

	Type 2	Incorrect Answers: Type 1 hypervisors are a specialized operating system

		hypervisor types.

Correct Answer: Private clouds are owned and used by a single organization.

	Private


		cloud usage.

Correct Answer: Infrastructure as a Service (IaaS) includes storage, network and virtual machines. IaaS virtual machine software patching is the
responsibility of the cloud tenant.

Incorrect Answers: Cloud Service Providers (CSPs) host cloud services. Service Level Agreements (SLAs) guarantee cloud service uptime. Infrastructure as a Service (IaaS) includes storage, network and virtual machines. IaaS virtual machine software patching is the responsibility of the cloud tenant.

Correct Answer: Programmable Logic Controllers (PLCs) are used extensively in manufacturing and various industries such as oil refining, electricity and water treatment.

IoT	Zigbee	Incorrect Answers: An Industrial Control System (ICS) refers to a collection of
		computerized solution used for industrial process control. Programmable Logic
		Controllers (PLCs) are used extensively in manufacturing and various industries

		refers to devices that connect to and send and receive data over the Internet.
	10 Gbps
	10 Gbps
20 miles	6 miles	Correct Answer: 4G cell towers have an approximate range of 6 miles.

		Correct Answer: Elliptic Curve Cryptography (ECC) uses small keys to achieve
	ECC
	ECC

Correct Answer: Sideloading refers to installing mobile device apps directly from installation files, without using an app store.

Sideloading Sideloading

	DNSSEC
		that can be used to encrypt and authenticate network messages. Public Key
		Infrastructure (PKI) is a hierarchy of digital security certificates. Hyper Text
		Transfer Protocol Secure (HTTPS) encrypts HTTP network transmissions
		between clients and servers.

	SNMP

		security (IPsec) is a suite of network security protocols that can be used to
		encrypt and authenticate network messages. Hyper Text Transfer Protocol
		Secure (HTTPS) encrypts HTTP network transmissions between clients and
		servers.