Correct Answer:

Behavioral-based monitoring is correct. Behavioral-based monitoring uses a baseline of normal behavior and then detects anomalies to that baseline. This helps prevent zero-day threats by detecting network anomalies that could be a network attack.

Incorrect Answers:

Signature-based monitoring is incorrect. Signature-based monitoring systems can become out of date and cannot detect threats that have never been previously encountered.

Rule-based monitoring is incorrect. Rule-based monitoring is dependent on administrator-created rules that search for specific behaviors; it is not useful for zero-day threats.

Active-based monitoring is incorrect. Active-based monitoring systems take active steps to prevent network intrusions but do not provide specific protection against zero-day threats.

Correct Answer:

CRL is correct. Revoked certificate serial numbers are stored in certificate revocation lists (CRLs). Certificates may be revoked because of fraudulent use, certificate theft, or compromise. Applications can refer to a CRL to ensure that certificates in use are valid.

Incorrect Answers:

PKI describes the overall collection of related certificates used for integrity and confidentiality.

Trusted root web site is a fictitious term.

CAL is a client access license used to license certain types of software.

Correct Answer:

Application baseline with macros disabled is correct. By installing your word processing applications with a baseline that prohibits the use of macros, you ensure that whenever users receive a document with a macro, it will be prevented from running.

Incorrect Answers:

Host-based firewall is incorrect. A host-based firewall will not prevent a macro virus from being run.

Anti-spam software scanning of inbound e-mail messages is incorrect. Anti-spam software will not detect macro code in e-mail attachments.

Regular full-computer virus scanning is incorrect. A user may receive malicious macro code from another user before the next scheduled scan and that code might evade live scanning services.

Correct Answer:

23 is correct. Telnet utilizes TCP port 23 and is not required for remote access to this web and FTP server.

Incorrect Answers:

443 is incorrect. HTTPS utilizes TCP port 443.

80 is incorrect. HTTP utilizes TCP port 80.

21 is incorrect. FTP utilizes TCP port 21.

Correct Answer:

A content filter that encrypts outbound e-mail containing an SSN is correct. To protect your clients’ SSN numbers in transit, you should use a content filter to analyze outbound e-mail and encrypt any messages that contain an SSN.

Incorrect Answers:

All other choices are incorrect. These options will not detect an SSN number in an e-mail message.

Correct Answer

A content filter that blocks downloads greater than a specified size is correct. You can use a content-filtering appliance to block all large downloads, such as files greater than 1GB in size, to prevent users from downloading movies and other files that are not business related.

Incorrect Answers:

A proxy server that caches web content before it is sent to the client is incorrect. A proxy server only caches the content; it doesn’t inspect or filter it.

A load-balancing device to distribute bandwidth usage is incorrect. A load-balancing device will not reduce usage.

An anti-spam filter that inspects all HTTP requests is incorrect. An anti-spam filter is not designed to scan and filter web traffic.

Correct Answer:

Perform penetration testing is correct. Penetration testing evaluates the security of a system by actively simulating an attack and is best suited for testing solutions used to resolve past vulnerabilities.

Incorrect Answers:

Put the web server back into production, run an antivirus scan, and run a port scan are incorrect. These options will not help test how your solutions to your vulnerability issues hold up to a real attack on your server.

Correct Answer:

Conduct routine user account and permission audits is correct. By regularly auditing user accounts and permissions, you ensure that current users only have the rights and permissions required for their current positions. If you find accounts from users who have left the organization, you can disable those accounts.

Incorrect Answers:

Set account expiration dates is incorrect. Only contracted employees should have expiration dates on their accounts for when their contract is completed.

Use password rotation is incorrect. Password rotation does not ensure that user accounts are disabled if the user has left the company.

Change HR policy to notify you of any employee status changes is incorrect. Although this information is helpful, you must still perform regular reviews if you do not receive a notification from HR or the account management was never completed.

Correct Answer:

Single sign-on to a directory server is correct. Single sign-on (SSO) means that users need to log in only once to access any resources they are authorized for on the network. A directory service such as LDAPS provides the central database for the users’ credentials, instead of having separate usernames and passwords for each resource.

Incorrect Answers:

Two-factor authentication and three-factor authentication are incorrect. Two- and three-factor authentication methods add steps to the login process and still require separate logins for each resource.

Group password policies is incorrect. A password policy has no bearing on the authentication method used.

Correct Answer:

Acceptable use policy is correct. An acceptable use policy (AUP) is a set of established guidelines for the appropriate use of computer networks within an organization. The policy is a written agreement, read and signed by an employee, that outlines the organization’s terms, conditions, and rules for Internet and internal network use.

Incorrect Answers:

Mandatory vacation policy is incorrect. A mandatory vacation policy requires employees to use their vacation days at specific times of the year or to use all their vacation days allotted for a single year.

Service-level agreement is incorrect. A service-level agreement (SLA) is an understanding among a supplier of services and the users of those services that the service in question will be available for a certain percentage of time.

Due care is incorrect. Due care refers to the company’s ability to implement and maintain security procedures consistently to protect the company’s facilities, assets, and employees.