Correct Answer:

Virtual private cloud is correct. By using a virtual private cloud (VPC), you can run a public-facing web application but still maintain a private back end with servers that aren’t publicly accessible.

Incorrect Answers:

Proxy server is incorrect. A proxy server only processes requests on a client’s behalf.

Network address translation is incorrect. Network address translation (NAT) is used to translate private internal IP addresses to routable public addresses.

Private IP addressing is incorrect. Internal private IP addressing does not help subdivide networks.

Correct Answer:

The maximum amount of time that is considered tolerable for a service to be unavailable is correct. The recovery time objective (RTO) is the maximum amount of time that is considered tolerable for a service or certain business function to be unavailable. For example, a critical web server that takes customer orders over the Internet may have an RTO of 30 minutes.

Incorrect Answers:

The maximum acceptable amount of lost data because of an outage is incorrect. It refers to the recovery point objective (RPO).

The average length of time a specific device is expected to work until it fails is incorrect. It refers to the mean time between failures (MTBF).

The average length of time from the moment a component fails until it is repaired is incorrect. It refers to the mean time to repair (MTTR).

Correct Answer:

A, C, B, D is correct. When a client connects to the secure HTTPS site, the web server sends a certificate to the web browser to establish its identity. If the browser accepts the certificate and finds no validation issues with the certificate, Transport Layer Security (TLS) is then activated between the server and client, securing subsequent banking transactions.

Incorrect Answers:

All other choices are incorrect. No other communication can occur between the server and client until the certificate is validated and accepted.

Correct Answer:

Protocol analyzer is correct. You can use a protocol analyzer to examine the network packets sent from the web server to the database server. Through detailed analysis, you can discover which of the requests is sending malformed data and thus causing your database server to crash.

Incorrect Answers:

Proxy server is incorrect. A proxy server is only used to process requests on another network device’s behalf.

Content filter is incorrect. A content filter can only analyze content in requests and filter them based on the data contents.

Intrusion detection system is incorrect. An intrusion detection system is used for detecting threats and anomalous events on a host device and cannot provide detailed protocol analysis.

Correct Answer:

Whaling is correct. In a whaling attack, the target victim is usually a high-profile member of the organization, such as an executive, who has much more critical information to expose than the average user.

Incorrect Answers:

Kiting is incorrect. Kiting refers to an attack on domain name registrations.

Vishing is incorrect. Vishing takes the form of a phone or VoIP attack.

Spear phishing is incorrect. Although spear phishing is a type of targeted attack, it is not targeted at a high-profile person.

Correct Answer:

Shut down mail delivery on the e-mail server to stop the malware from spreading is correct. You should immediately initiate actions for damage and loss control. In this case, you can disable the sending of e-mails on the server to stop messages from being sent to other clients and infecting their computers.

Incorrect Answers:

Run antivirus scans on each infected client computer is incorrect. The malware will continue to spread while you are running scans on each computer.

Escalate the issue to your manager is incorrect. The malware will continue to spread, and your manager cannot provide any assistance.

Restart the mail server is incorrect. Restarting the e-mail server will only temporarily stop the spread of the malware.

Correct Answer:

LDAP server is correct. Users only need to log in once through the VPN to access any resources they are authorized for on the network. A directory service such as Lightweight Directory Access Protocol (LDAP) provides the central database for the users’ credentials, instead of having separate usernames and passwords for each resource.

Incorrect Answers:

Local username and password, security token, and call-back security are incorrect. These services do not provide a centralized authentication method.

Correct Answer:

SSH is correct. Secure Shell (SSH) provides an encrypted remote access channel to a host system.

Incorrect Answers:

Telnet and Modem dial-up are incorrect. Neither of these methods provides encrypted remote access.

Web application is incorrect. A web management application can use HTTPS as a protocol, but allowing any web application access to the outside world for a critical management console is dangerous.

Correct Answer:

Unauthorized access is correct. Unauthorized access to your secure server room is the highest probability risk. Therefore, adequate access control security is required for the server room entrance.

Incorrect Answers:

Fire is incorrect. Although fire is possible, it is a rare event.

Low temperatures is incorrect. Air conditioning to keep temperatures low is vital for keeping systems from overheating.

War driving is incorrect. War driving would affect wireless access throughout your facility, not just the server room.

Correct Answer:

Fuzzing is correct. Fuzzing is a testing technique used to test input validation by entering random, unexpected data into application fields to see how the software program reacts.

Incorrect Answers:

Escaping is incorrect. Escaping is a secure coding technique that ensures that any system commands are not processed and executed as actual commands; instead, they are only recognized as text.

XML injection and SQL injection are incorrect. These are actual application attacks and not testing techniques. SQL and XML injection refer to entering into input forms SQL and XML commands, respectively, that are erroneously executed by the application.