When setting up a new firewall on a network segment to allow web traffic while hardening the network, which action would best correct the issue of users receiving errors stating the website could not be located?

Ensuring that port 53 has been explicitly allowed in the rule set

Setting an explicit deny to all traffic using port 80 instead of 443

Moving the implicit deny from the bottom of the rule set to the top

Configuring the first line in the rule set to allow all traffic

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

A company needs to centralize its records to create a baseline and have visibility over its security events. Which of the following technologies will achieve this goal?

Security information and event management

Which of the following is the most likely reason for a wireless network outage if the access points are up and running but users in a building near the parking lot cannot connect?

Someone near the building is jamming the signal.

A user has set up a rogue access point near the building.

Someone set up an evil twin access point in the affected area.

The APs in the affected area have been unplugged from the network.

Sec+ Study Quiz 13

Authored by Pat Johnson

Computers

Professional Development

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

42 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following documents specifies what to do in the event of catastrophic loss of a physical or virtual system?

Data retention plan

Incident response plan

Disaster recovery plan

Communication plan

Answer explanation

The correct choice is the Disaster recovery plan, which specifies what to do in the event of catastrophic loss of a physical or virtual system.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following roles is responsible for defining the protection type and classification type for a given set of files?

General counsel

Data owner

Risk manager

Chief Information Officer

Answer explanation

The data owner is responsible for defining the protection type and classification type for a given set of files.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An employee's company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:

a push notification

a password

an SMS message

an authentication application

Answer explanation

The correct choice for MFA in the scenario described is an authentication application, which is an example of a method used for multi-factor authentication.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is a security implication of newer ICS devices that are becoming more common in corporations?

Devices with cellular communication capabilities bypass traditional network security controls

Many devices do not support elliptic-curve encryption algorithms due to the overhead they require

These devices often lack privacy controls and do not meet newer compliance regulations

Unauthorized voice and audio recording can cause loss of intellectual property

Answer explanation

Devices with cellular communication capabilities bypass traditional network security controls, posing a security risk in corporations.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

Hashing

DNS sinkhole

TLS inspection

Data masking

Answer explanation

TLS inspection is required for an IDS and a WAF to be effective on HTTPS traffic as it allows for the decryption and analysis of encrypted traffic.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

MOU

SLA

EOL

NDA

Answer explanation

The company is complying with the SLA policy by requiring third-party suppliers to self-report data breaches within a specific time frame.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

While troubleshooting service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user's password failed to meet password complexity requirements. Which of the following would be the best solution to securely prevent future issues?

Using an administrator account to run the processes and disabling the account when it is not in use

Implementing a shared account the team can use to run automated processes

Configuring a service account to run the processes

Removing the password complexity requirements for the user account

Answer explanation

Configuring a service account to run the processes is the best solution as it ensures secure automation without relying on individual user accounts.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

40 questions

Evaluación Diagnótica

Quiz

•

Professional Development

43 questions

[AZ-900] Simulado #02

Quiz

•

Professional Development

40 questions

2ºDAW - Desarrollo Web Ent.Cliente - Trim.2 - Prof. C. Boni

Quiz

•

University - Professi...

40 questions

MSP430

Quiz

•

12th Grade - Professi...

38 questions

RL Tema 19. Cuestionario

Quiz

•

Professional Development

40 questions

Classification & Regression - 2

Quiz

•

Professional Development

40 questions

ITIL 4-Practice Test 1

Quiz

•

Professional Development

47 questions

AZ-900 MÓDULO 01

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

10 questions

Probability Practice

Quiz

•

4th Grade

15 questions

Probability on Number LIne

Quiz

•

4th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

6 questions

Appropriate Chromebook Usage

Lesson

•

7th Grade

10 questions

Greek Bases tele and phon

Quiz

•

6th - 8th Grade

Discover more resources for Computers

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

12 questions

Mardi Gras Trivia

Quiz

•

Professional Development

7 questions

Copy of G5_U5_L14_22-23

Lesson

•

KG - Professional Dev...

12 questions

Unit 5: Puerto Rico W1

Quiz

•

Professional Development

42 questions

LOTE_SPN2 5WEEK2 Day 4 We They Actividad 3

Quiz

•

Professional Development

15 questions

Balance Equations Hangers

Quiz

•

Professional Development

31 questions

Servsafe Food Manager Practice Test 2021- Part 1

Quiz

•

9th Grade - Professio...

Sec+ Study Quiz 13

Which of the following documents specifies what to do in the event of catastrophic loss of a physical or virtual system?

The correct choice is the Disaster recovery plan, which specifies what to do in the event of catastrophic loss of a physical or virtual system.

Which of the following roles is responsible for defining the protection type and classification type for a given set of files?

The data owner is responsible for defining the protection type and classification type for a given set of files.

An employee's company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:

The correct choice for MFA in the scenario described is an authentication application, which is an example of a method used for multi-factor authentication.

Which of the following is a security implication of newer ICS devices that are becoming more common in corporations?

Devices with cellular communication capabilities bypass traditional network security controls, posing a security risk in corporations.

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

TLS inspection is required for an IDS and a WAF to be effective on HTTPS traffic as it allows for the decryption and analysis of encrypted traffic.

A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

The company is complying with the SLA policy by requiring third-party suppliers to self-report data breaches within a specific time frame.

Configuring a service account to run the processes is the best solution as it ensures secure automation without relying on individual user accounts.

A security analyst is assessing a newly developed web application by testing SQL injection, CSRF, and XML injection. Which of the following frameworks should the analyst consider?

The analyst should consider OWASP as it provides guidelines and tools for web application security testing, including SQL injection, CSRF, and XML injection.

A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user most likely experiencing?

The user is likely experiencing an Evil Twin attack, where a malicious access point impersonates a legitimate one to intercept network traffic and access sensitive information.

Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

Lessons learned would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring by applying knowledge gained from the incident.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers