1. Actively monitoring data streams in search of malicious code or behavior is an example of: a. load balancing. b. an Internet proxy. c. URL filtering. d. content inspection. ANS: D 2. Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network? a. Firewall b. NIDS c. NIPS d. HIDS ANS: B 3. The security administrator is getting reports from users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffic on the network. Which of the following is the MOST likely cause? a. NIPS is blocking activities from those specific websites. b. NIDS is blocking activities from those specific websites. c. The firewall is blocking web activity. d. The router is denying all traffic from those sites. ANS: A 2 4. Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text? a. Protocol analyzer b. Port scanner c. Vulnerability scanner d. Honeypot ANS: A 5. Which of the following can a security administrator implement to help identify smurf attacks? a. Load balancer b. Spam filters c. NIDS d. Firewall ANS: C 6. Which of the following functions is MOST likely performed by a web security gateway? a. Protocol analyzer b. Content filtering c. Spam filtering d. Flood guard ANS: B 7. Which of the following devices is often used to cache and filter content? a. Proxies b. Firewall c. VPN d. Load balancer ANS: A 3 8. Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks? a. Load balancer b. URL filter c. VPN concentrator d. Protocol analyzer ANS: A 9. An IT administrator wants to provide 250 staff with secure remoteaccess to the corporate network. Which of the following BEST achieves this requirement? a. Software based firewall b. Mandatory Access Control (MAC) c. VPN concentrator d. Web security gateway ANS: C 10. Which of the following should be installed to prevent employees fromreceiving unsolicited emails? a. Pop-up blockers b. Virus definitions c. Spyware definitions d. Spam filters ANS: D 11. Which of the following should a security administrator implement to prevent users from disrupting network connectivity, if a user connects both ends of a network cable to different switch ports? a. VLAN separation b. Access control c. Loop protection d. DMZ ANS: C 4 12. A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check? a. Anti-virus software b. ACLs c. Anti-spam software d. NIDS ANS: B 13. Which of the following BEST describes the proper method and reason to implement port security? a. Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network. b. Apply a security control which ties specific networks to end-device IP addresses and prevents new devices from being connected to the network. c. Apply a security control which ties specific ports to end-device MAC addresses and prevents all devices from being connected to the network. d. Apply a security control which ties specific ports to end-device IP addresses and prevents mobile devices from being connected to the network. ANS: A 14. Which of the following would need to be configured correctly to allow remote access tothe network? a. ACLs b. Kerberos c. Tokens d. Biometrics ANS: A