Correct Answers:

802.1X is correct. 802.1X is implemented on network devices such as switches to provide access control by authenticating connecting clients based on the user or system identity. You can then allow or block network connectivity and apply network access policies based on this authentication.

Incorrect Answers:

Local username and password is incorrect. Using local authentication on the switch is too cumbersome to manage and will not scale for many clients.

LDAP and RADIUS are incorrect. Lightweight Directory Access Protocol (LDAP) and Remote Authentication Dial-In User Service (RADIUS) authentication services are not specific to port security but can be used in conjunction with 802.1X for centralized authentication.

Correct Answer:

To ensure there is no previous knowledge of system that could cause bias is correct. Hiring a third-party company to perform penetration testing on an organization’s networks ensures that the testing simulates a live attack by an unbiased user who is not familiar with the network.

Incorrect Answers:

To conduct an audit of current network administrators and to conduct an audit of current network administrators are incorrect. The purpose of penetration testing conducted by a third party is not to audit or investigate network administrators, but to use additional techniques to discover security issues in the organization’s network.

To perform attacks while the network is in live production is incorrect. Penetration testing is often performed during noncritical work hours so as not to disrupt live operations.

Correct Answer:

Routine account audits is correct. Conducting routine account audits ensures that once a contract is completed, if accounts aren’t properly disabled or deleted, they are detected.

Incorrect Answers:

Limiting logon attempts is incorrect. Limiting logon attempts will not prevent contractors from accessing their accounts after they have left the organization.

Minimum password length and complexity is incorrect. Having a minimum length and complexity level for passwords is used to prevent brute-force hacking attempts on accounts.

Password rotation is incorrect. Password rotation will not prevent contractors from logging in to their accounts.

Correct answer:

Perfect forward secrecy is correct. Perfect forward secrecy (PFS) is designed, through the utilization of complex cryptographic protocols, to prevent the situation where a compromise of one secret key or message leads to a compromise of previous confidential messages.

Incorrect Answers:

Steganography is incorrect. Steganography is a method of hiding data in another type of media that effectively conceals the existence of the data. This is typically performed by hiding messages in media files.

Symmetric cryptography is incorrect. In a symmetric (sometimes referred to as “secret key”) encryption scheme, both parties use the same key for encryption and decryption purposes.

Blockchain is incorrect. Blockchains are publicly accessible ledgers that record online transactions, based on peer-to-peer technology.

Correct Answer:

Create a hash of the file is correct. To validate that a file has not been modified, the file should include a hash or checksum that the user can compare to the checksum of the downloaded file.

Incorrect Answers:

Create a certificate for the file, set a file password, and encrypt the file are incorrect. None of these methods validate the integrity of the file.

Correct Answer:

Work from home is correct. This is not a mobile device deployment model. Any of the common mobile deployment models can work in this situation.

Incorrect Answers:

Bring your own device, corporate-owned personally enabled, and virtual desktop infrastructure are incorrect. Bring your own device (BYOD), corporate-owned personally enabled (COPE), and virtual desktop infrastructure (VDI) are common mobile deployment models.

Correct Answer:

Unknown environment penetration testing is correct. Unknown environment penetration testing examines your system’s security by simulating an attack from a user who is seeing this system or application for the first time and therefore can be a very objective and unbiased evaluator.

Incorrect Answers:

Integration testing, fuzzing, and input validation are incorrect. These are all quality assurance testing techniques that require the tester to be very familiar with the architecture and operation of the application and have standard, established test cases to run against the application.

Correct Answer:

Logic bomb is correct. A logic bomb program will not activate until a specific trigger is set off (for example, reaching a specific time or date or starting a program a specific number of times).

Incorrect Answers:

Backdoor and rootkit are incorrect. A backdoor or rootkit provides unauthorized access for a remote user.

Macro virus is incorrect. A macro virus would not activate on several computers simultaneously.

Correct Answer:

Fuzzing is correct. Fuzzing is used to test input validation through the entry of random and unexpected characters in all the input fields in your application. This ensures that all types of text are entered and tested to make sure they don’t crash the application.

Incorrect Answers:

Escaping is incorrect. Escaping recognizes specific types of command characters that have been inserted into input fields and parses them as simple text data, thus preventing the commands from executing.

Command injection is incorrect. Command injection attacks are a type of attack in which an attacker inserts operating system–level commands into a URL or input form of a web application that lacks proper input validation, allowing the attacker to perform commands on the server with escalated privileges or gain access to sensitive data without authentication or authorization.

Transitive access is incorrect. Transitive access occurs when a user is inadvertently given advanced access to another part of the application or the system on which it is hosted. You must ensure that your application does not allow transitive access in the event of a crash or malfunction.

Correct Answer:

Use strong access point passwords is correct. If a hacker gains management access to the access point through a wired or wireless connection, he can apply brute-force attacks against the admin credentials of the device. Using strong passwords helps prevent these types of attacks.

Incorrect Answers:

Enable UPnP on the access point is incorrect. Encryption is important for the security of wireless communications, but it cannot stop a hacker if he connects directly to the device with a wired connection.

Enable SSID broadcast and lower the power of wireless transmissions on the access points are incorrect. Enabling SSID broadcast or lowering the power of transmissions will not prevent password attacks.