Question 1

Which of the following is NOT a component of using SNMP for network monitoring?&#10;A) software agent&#10;B) MIB&#10;C) management station&#10;D) event log

Accepted Answer

The components of using SNMP for network monitoring are software agent, MIB, and management station. The event log is not a component of using SNMP.

Question 2

One of the goals of a security policy is to implement control.

Accepted Answer

One of the main objectives of a security policy is to implement controls to protect the confidentiality, integrity, and availability of an organization's assets. These controls can include technical, physical, and administrative measures to enforce policies and procedures that mitigate risks and threats.

Question 3

Successful social engineering attacks rely on the weakness of people.

Accepted Answer

Social engineering attacks aim to manipulate people into divulging sensitive information or performing certain actions. The success of such attacks often relies on exploiting human weaknesses such as trust, naivety, curiosity, fear or desire for reward. Therefore, social engineering attacks can be highly effective because people can be tricked or coerced into doing something that they would not do under normal circumstances.

Question 4

A threat agent is software installed on a computer that monitors for potential threats to the computer.

Accepted Answer

A threat agent is actually a person or group of individuals who seek to exploit vulnerabilities in computer systems or networks to steal, damage or access sensitive information. It is not a software that monitors for potential threats.

Question 5

Which form of social engineering often takes place as an e-mail message falsely claiming to be from a legitimate sender in an attempt to get private information?&#10;A) exploitation&#10;B) phishing&#10;C) sandbagging&#10;D) hacking

Accepted Answer

Phishing is a form of social engineering where attackers send emails or messages pretending to be a legitimate sender, such as a bank or company, in an attempt to trick the recipient into giving them sensitive information such as passwords or credit card numbers.

Question 6

Which of the following are NOT among the several defenses against attacks?&#10;A) using security policies&#10;B) security training&#10;C) random employee security scans&#10;D) physical security

Accepted Answer

Random employee security scans are not a common defense against attacks, whereas security policies, security training, and physical security are all important measures to prevent and mitigate potential security breaches.

Question 7

What is a difference between RMON and SNMP?&#10;A) RMON uses MIBs&#10;B) SNMP gathers network statistics&#10;C) RMON uses dedicated devices&#10;D) RMON is found on enterprise-level APs

Accepted Answer

RMON (Remote Monitoring) uses dedicated devices known as probes or monitors to collect network data, whereas SNMP (Simple Network Management Protocol) can be implemented on various network devices without the need for specialized hardware.

Question 8

Which of the following is a flaw or weakness that allows an attacker to bypass security?&#10;A) exploiting&#10;B) vulnerability&#10;C) threat agent&#10;D) risk

Accepted Answer

A vulnerability is a flaw or weakness in a system's design, implementation, or operation that can be exploited by attackers to bypass security controls and gain unauthorized access to sensitive data or systems. Exploiting a vulnerability is one way that an attacker can take advantage of a weakness in the security of a system, but the vulnerability itself is the root cause of the problem. Threat agents are the entities that pose a potential danger to a system or its resources, while risk is the likelihood of a vulnerability being exploited by a threat agent and the potential impact of such an event.

Question 9

As an insurance company,the customer data that you store on your servers should be considered which of the following?&#10;A) threat&#10;B) vulnerability&#10;C) risk&#10;D) asset

Accepted Answer

The customer data that an insurance company stores on its servers should be considered an asset as it contains valuable information that enables the company to provide its services to customers. This data is crucial to the functioning of the company and needs to be protected from threats and vulnerabilities which could lead to risks. Therefore, while threats, vulnerabilities, and risks are relevant to the protection of this data, the most appropriate categorization of the data itself is as an asset.

Question 10

What does an updated enterprise-level AP use to distribute the latest update to other APs on the WLAN?&#10;A) IP multicast&#10;B) TCP unicast&#10;C) Data Link broadcast&#10;D) UDP simulcast

Accepted Answer

IP multicast is the best choice for distributing the latest update to other APs on the WLAN at an enterprise-level because it can efficiently send data simultaneously to multiple recipients without overwhelming the network. It is optimized for this type of scenario, making it the most suitable option. TCP unicast and UDP simulcast are not optimal for this purpose, while data link broadcast can cause unnecessary network congestion.

Question 11

Risk mitigation involves determining the damage that would result from an attack and the likelihood that the vulnerability is a risk to the organization.

Accepted Answer

The answer of Risk mitigation involves determining the damage that...

Question 12

Which of the following is NOT typically included in an impact analysis?&#10;A) asset identification&#10;B) remediation process&#10;C) threat evaluation&#10;D) risk mitigation

Accepted Answer

The answer of Which of the following is NOT typically...

Question 13

Which of the following is true of security policies?&#10;A) users will always comply with the policies&#10;B) once a policy is in affect,monitoring is not necessary&#10;C) policies should not be too restrictive&#10;D) users accept that security policies enhance their productivity

Accepted Answer

The answer of Which of the following is true of...

Question 14

The point of RF site tuning is to locate where APs should be mounted.

Accepted Answer

The answer of The point of RF site tuning is...

Question 15

What is the first phase of the development of a security policy likely to involve?&#10;A) remediation of employees that violate the policy&#10;B) review of the policy for compliance&#10;C) vulnerability assessment&#10;D) an outline of how the organization will respond to attacks

Accepted Answer

The answer of What is the first phase of the...

Question 16

Which type of policy defines the actions users may perform while accessing the network?&#10;A) acceptable use policy&#10;B) password policy&#10;C) system-specific policy&#10;D) physical device policy

Accepted Answer

The answer of Which type of policy defines the actions...

Question 17

Which of the following is NOT an option when dealing with risk?&#10;A) accept the risk&#10;B) exploit the risk&#10;C) diminish the risk&#10;D) transfer the risk

Accepted Answer

The answer of Which of the following is NOT an...

Question 18

What is the most common method for updating an AP's capabilities?&#10;A) installing a new EEPROM&#10;B) downloading new firmware&#10;C) sending the AP back to the manufacturer&#10;D) rebooting with a new installation CD

Accepted Answer

The answer of What is the most common method for...

Question 19

Impersonation falls into which category of attack?&#10;A) man-in-the-middle&#10;B) virus&#10;C) social engineering&#10;D) Trojan horse

Accepted Answer

The answer of Impersonation falls into which category of attack?&#10;A)...

Question 20

Which best describes kinesthetic learners?&#10;A) learn by watching presentations&#10;B) work well with hands-on environments&#10;C) learn best through lectures&#10;D) tend to like taking notes

Accepted Answer

The answer of Which best describes kinesthetic learners?&#10;A) learn by...

Question 21

List and describe three RF site tuning settings.

Accepted Answer

The answer of List and describe three RF site tuning...

Question 22

List three types of security policy.

Accepted Answer

The answer of List three types of security policy....

Question 23

In order to use SNMP,a software ____________________ is loaded onto each network device that will be managed using SNMP.

Accepted Answer

The answer of In order to use SNMP,a software ____________________...

Question 24

____________________ is software that is embedded into hardware to control the device.

Accepted Answer

The answer of ____________________ is software that is embedded into...

Question 25

What are the two aspects of procedural security defenses?

Accepted Answer

The answer of What are the two aspects of procedural...

Question 26

Which of the following are functions an organization's security policy can serve? (Choose all that apply.)&#10;A)describe an overall intention and direction&#10;B)detail specific risks&#10;C)help to instill security awareness&#10;D)dictate the tools the IT department must use to maintain security

Accepted Answer

The answer of Which of the following are functions an...

Question 27

Describe social engineering.

Accepted Answer

The answer of Describe social engineering....

Question 28

Although data from the access point and devices can be beneficial,there are drawbacks to relying solely on these sources of information.What are the drawbacks?

Accepted Answer

The answer of Although data from the access point and...

Question 29

What is RMON?

Accepted Answer

The answer of What is RMON?...

Question 30

What are frequently the weakest link in information security?&#10;A) wireless networks&#10;B) passwords&#10;C) unmanaged switches&#10;D) malfunctioning routers

Accepted Answer

The answer of What are frequently the weakest link in...

Question 31

Which of the following types of information can you expect from an enterprise-level AP?&#10;A)DNS query attempts&#10;B)event log&#10;C)routing table data&#10;D)wireless transmission statistics

Accepted Answer

The answer of Which of the following types of information...

Question 32

List the five assessments involved in creating a vulnerability assessment.

Accepted Answer

The answer of List the five assessments involved in creating...

Question 33

A ___________________ assessment attempts to identify what needs to be protected,what the pressures are against it,and how susceptible the current protection is.

Accepted Answer

The answer of A ___________________ assessment attempts to identify what...

Question 34

Which of the following are drawbacks of relying solely on wireless devices and APs as sources network monitoring information?&#10;A)data collection can be time consuming&#10;B)data is not gathered in real time&#10;C)gathered data may not be timely&#10;D)data retention can be difficult

Accepted Answer

The answer of Which of the following are drawbacks of...

Question 35

Provide a thorough definition of security policy.

Accepted Answer

The answer of Provide a thorough definition of security policy....

Question 36

Many enterprise-level access points provide utilities that offer three types of information.What are they?

Accepted Answer

The answer of Many enterprise-level access points provide utilities that...

Question 37

____________________ engineering relies on tricking or deceiving someone to give a hacker access to a system.

Accepted Answer

The answer of ____________________ engineering relies on tricking or deceiving...

Question 38

____________________ is a nonvolatile storage chip that uses byte-wise writable memories.

Accepted Answer

The answer of ____________________ is a nonvolatile storage chip that...

Question 39

Which of the following are RF site tuning settings? (Choose all that apply.)&#10;A)adjust transmission frequency&#10;B)adjust radio power levels on APs&#10;C)adjust channel settings&#10;D)validate coverage area

Accepted Answer

The answer of Which of the following are RF site...

Question 40

What is the final phase of developing a security policy?

Accepted Answer

The answer of What is the final phase of developing...

Question 41

Match between columns&#10;                        Premises: the task of identifying and categorizing assets&#10;the task of identifying and categorizing assets&#10;the task of identifying and categorizing assets&#10;the task of identifying and categorizing assets&#10;the task of identifying and categorizing assets&#10;the task of identifying and categorizing assets&#10;the task of identifying and categorizing assets&#10;the task of identifying and categorizing assets&#10;the task of identifying and categorizing assets&#10;the task of identifying and categorizing assets&#10;a systematic and methodical evaluation of the exposure of assets to attackers,forces of nature,or any other entity that is a potential harm&#10;a systematic and methodical evaluation of the exposure of assets to attackers,forces of nature,or any other entity that is a potential harm&#10;a systematic and methodical evaluation of the exposure of assets to attackers,forces of nature,or any other entity that is a potential harm&#10;a systematic and methodical evaluation of the exposure of assets to attackers,forces of nature,or any other entity that is a potential harm&#10;a systematic and methodical evaluation of the exposure of assets to attackers,forces of nature,or any other entity that is a potential harm&#10;a systematic and methodical evaluation of the exposure of assets to attackers,forces of nature,or any other entity that is a potential harm&#10;a systematic and methodical evaluation of the exposure of assets to attackers,forces of nature,or any other entity that is a potential harm&#10;a systematic and methodical evaluation of the exposure of assets to attackers,forces of nature,or any other entity that is a potential harm&#10;a systematic and methodical evaluation of the exposure of assets to attackers,forces of nature,or any other entity that is a potential harm&#10;a systematic and methodical evaluation of the exposure of assets to attackers,forces of nature,or any other entity that is a potential harm&#10;a policy that defines the actions users may perform while accessing systems and networking equipment&#10;a policy that defines the actions users may perform while accessing systems and networking equipment&#10;a policy that defines the actions users may perform while accessing systems and networking equipment&#10;a policy that defines the actions users may perform while accessing systems and networking equipment&#10;a policy that defines the actions users may perform while accessing systems and networking equipment&#10;a policy that defines the actions users may perform while accessing systems and networking equipment&#10;a policy that defines the actions users may perform while accessing systems and networking equipment&#10;a policy that defines the actions users may perform while accessing systems and networking equipment&#10;a policy that defines the actions users may perform while accessing systems and networking equipment&#10;a policy that defines the actions users may perform while accessing systems and networking equipment&#10;taking advantage of a vulnerability&#10;taking advantage of a vulnerability&#10;taking advantage of a vulnerability&#10;taking advantage of a vulnerability&#10;taking advantage of a vulnerability&#10;taking advantage of a vulnerability&#10;taking advantage of a vulnerability&#10;taking advantage of a vulnerability&#10;taking advantage of a vulnerability&#10;taking advantage of a vulnerability&#10;a type of action that has the potential to cause harm&#10;a type of action that has the potential to cause harm&#10;a type of action that has the potential to cause harm&#10;a type of action that has the potential to cause harm&#10;a type of action that has the potential to cause harm&#10;a type of action that has the potential to cause harm&#10;a type of action that has the potential to cause harm&#10;a type of action that has the potential to cause harm&#10;a type of action that has the potential to cause harm&#10;a type of action that has the potential to cause harm&#10;the likelihood that a threat agent will exploit a vulnerability&#10;the likelihood that a threat agent will exploit a vulnerability&#10;the likelihood that a threat agent will exploit a vulnerability&#10;the likelihood that a threat agent will exploit a vulnerability&#10;the likelihood that a threat agent will exploit a vulnerability&#10;the likelihood that a threat agent will exploit a vulnerability&#10;the likelihood that a threat agent will exploit a vulnerability&#10;the likelihood that a threat agent will exploit a vulnerability&#10;the likelihood that a threat agent will exploit a vulnerability&#10;the likelihood that a threat agent will exploit a vulnerability&#10;a flaw or weakness that allows a threat agent to bypass security&#10;a flaw or weakness that allows a threat agent to bypass security&#10;a flaw or weakness that allows a threat agent to bypass security&#10;a flaw or weakness that allows a threat agent to bypass security&#10;a flaw or weakness that allows a threat agent to bypass security&#10;a flaw or weakness that allows a threat agent to bypass security&#10;a flaw or weakness that allows a threat agent to bypass security&#10;a flaw or weakness that allows a threat agent to bypass security&#10;a flaw or weakness that allows a threat agent to bypass security&#10;a flaw or weakness that allows a threat agent to bypass security&#10;a record of events&#10;a record of events&#10;a record of events&#10;a record of events&#10;a record of events&#10;a record of events&#10;a record of events&#10;a record of events&#10;a record of events&#10;a record of events&#10;adjustments to a WLAN performed as part of routine maintenance&#10;adjustments to a WLAN performed as part of routine maintenance&#10;adjustments to a WLAN performed as part of routine maintenance&#10;adjustments to a WLAN performed as part of routine maintenance&#10;adjustments to a WLAN performed as part of routine maintenance&#10;adjustments to a WLAN performed as part of routine maintenance&#10;adjustments to a WLAN performed as part of routine maintenance&#10;adjustments to a WLAN performed as part of routine maintenance&#10;adjustments to a WLAN performed as part of routine maintenance&#10;adjustments to a WLAN performed as part of routine maintenance&#10;the storage area in which SNMP software agents store their data&#10;the storage area in which SNMP software agents store their data&#10;the storage area in which SNMP software agents store their data&#10;the storage area in which SNMP software agents store their data&#10;the storage area in which SNMP software agents store their data&#10;the storage area in which SNMP software agents store their data&#10;the storage area in which SNMP software agents store their data&#10;the storage area in which SNMP software agents store their data&#10;the storage area in which SNMP software agents store their data&#10;the storage area in which SNMP software agents store their data

Accepted Answer

The Answer of exploiting and MIB and threat and impact is...

Deck 11: Managing a Wireless LAN