Unit 3 - Practice Quiz

INT249 60 Questions
0 Correct 0 Wrong 60 Left
0/60

1 What is the primary function of a network firewall?

configure firewalls Easy
A. To automatically back up server data
B. To monitor and control incoming and outgoing network traffic based on security rules
C. To increase the speed of the internet connection
D. To scan for viruses on user computers

2 Which protocol provides a secure, encrypted method for remote command-line administration of a server?

configure security protocols Easy
A. FTP
B. HTTP
C. Telnet
D. SSH (Secure Shell)

3 What is the main purpose of an Intrusion Detection System (IDS)?

implement intrusion detection systems Easy
A. To manage user passwords and permissions
B. To encrypt all data on the server's hard drive
C. To monitor network traffic and alert administrators to suspicious activity
D. To actively block malicious network traffic

4 The principle of giving users only the permissions they need to perform their job and no more is known as what?

implement logical access control methods Easy
A. The Principle of Full Trust
B. The Principle of Least Privilege
C. The Principle of Open Access
D. The Principle of Maximum Permissions

5 What is the primary goal of data encryption?

implement data security models Easy
A. To speed up data transmission
B. To make data files smaller
C. To organize data more efficiently
D. To convert data into a coded format to prevent unauthorized access

6 Which of the following is a common first step in hardening a new server?

apply server hardening techniques Easy
A. Changing default passwords and disabling unnecessary services
B. Granting all users administrator access
C. Connecting it directly to the public internet
D. Installing social media applications

7 Which of the following is a measure of physical security for a server room?

implement physical security Easy
A. Keeping the server room door locked
B. Encrypting network traffic
C. Using a strong administrator password
D. Installing a software firewall

8 What does a VLAN (Virtual Local Area Network) allow an administrator to do?

create virtual networks Easy
A. Create backups of virtual machines
B. Provide wireless internet access
C. Increase the physical speed of the network cables
D. Logically segment a single physical network into multiple separate networks

9 In a firewall's ruleset, what is the purpose of an implicit 'deny all' rule at the very end?

configure firewalls Easy
A. To speed up the firewall's processing
B. To log all network activity
C. To allow all traffic by default
D. To ensure that any traffic not explicitly allowed by a previous rule is blocked

10 What does the 'S' in HTTPS stand for?

configure security protocols Easy
A. Server
B. Simple
C. Secure
D. Standard

11 Using your password (something you know) and a code from a mobile app (something you have) is an example of:

implement logical access control methods Easy
A. Multi-Factor Authentication (MFA)
B. Role-Based Access Control (RBAC)
C. Password complexity requirement
D. Single-Factor Authentication (SFA)

12 Why is it important to regularly apply security patches to a server?

apply server hardening techniques Easy
A. To free up disk space
B. To add new features to the operating system
C. To change the server's hostname
D. To fix known security vulnerabilities that could be exploited

13 What is the function of an Uninterruptible Power Supply (UPS) in a server closet?

implement physical security Easy
A. It provides temporary battery power in case of an electrical outage.
B. It cools the server hardware.
C. It provides a secondary internet connection.
D. It serves as a backup hard drive for the server.

14 What is the primary benefit of using a VPN (Virtual Private Network)?

create virtual networks Easy
A. To manage user account passwords
B. To create a secure, encrypted connection over an untrusted public network
C. To physically connect two different buildings
D. To increase the processing power of a server

15 What is the key difference between an IDS and an IPS?

implement intrusion detection systems Easy
A. An IDS is for networks, while an IPS is for single computers.
B. An IDS is software, while an IPS is hardware.
C. There is no difference; the terms are interchangeable.
D. An IDS only detects and alerts, while an IPS can also take action to block the threat.

16 The Bell-LaPadula model is a data security model focused primarily on enforcing what?

implement data security models Easy
A. Data Recovery
B. Data Confidentiality
C. Data Integrity
D. Data Availability

17 Assigning permissions to groups like 'Sales' or 'HR' and then adding users to those groups is an example of what access control method?

implement logical access control methods Easy
A. Attribute-Based Access Control (ABAC)
B. Discretionary Access Control (DAC)
C. Role-Based Access Control (RBAC)
D. Mandatory Access Control (MAC)

18 A packet-filtering firewall operates at which layers of the OSI model?

configure firewalls Easy
A. Layers 3 and 4 (Network and Transport)
B. Layer 7 (Application)
C. Layers 5 and 6 (Session and Presentation)
D. Layers 1 and 2 (Physical and Data Link)

19 Which of the following describes the process of reducing a server's attack surface?

apply server hardening techniques Easy
A. Server hardening
B. Intrusion detection
C. Network segmentation
D. Data encryption

20 What is the name of the software that creates and runs virtual machines?

create virtual networks Easy
A. A firmware
B. A hypervisor
C. A compiler
D. An operating system

21 A system administrator needs to configure a firewall to allow web traffic on ports 80 and 443 and allow SSH access from a specific management network (10.10.0.0/24), while denying all other inbound traffic. What is the most secure and efficient way to write these rules, assuming the firewall processes rules in order?

configure firewalls Medium
A. 1. DENY IN from any to any port 22; 2. ALLOW IN from 10.10.0.0/24 to any port 22; 3. ALLOW IN from any to any port 80, 443
B. 1. ALLOW IN from any to any; 2. DENY IN from not 10.10.0.0/24 to any port 22; 3. DENY IN from any to any port not 80, 443
C. 1. DENY IN from any to any; 2. ALLOW IN from 10.10.0.0/24 to any port 22; 3. ALLOW IN from any to any port 80, 443
D. 1. ALLOW IN from any to any port 80; 2. ALLOW IN from any to any port 443; 3. ALLOW IN from 10.10.0.0/24 to any port 22; 4. DENY IN from any to any

22 An administrator is tasked with securing a new web server. The requirement is to ensure all communication between clients and the server is encrypted, authenticated, and its integrity is verifiable. The company policy strictly forbids using protocols with known major vulnerabilities like POODLE.

configure security protocols Medium
A. Implement FTP over SSL (FTPS) to handle web traffic.
B. Implement SSL 3.0, as it is widely supported.
C. Implement HTTPS using a self-signed certificate for internal use.
D. Implement TLS 1.3, disabling all older SSL/TLS versions.

23 A security analyst receives an alert about unusual network traffic patterns from a server at 2 AM, a time when legitimate traffic is typically nonexistent. The traffic does not match any known malware signatures. Which type of Intrusion Detection System (IDS) is most likely to have generated this alert?

implement intrusion detection systems Medium
A. A honeypot
B. Anomaly-based Host-based Intrusion Detection System (HIDS)
C. A stateful firewall
D. Signature-based Network Intrusion Detection System (NIDS)

24 A system administrator is hardening a newly deployed Linux server. Which of the following actions best applies the 'principle of least functionality' to reduce the server's attack surface?

apply server hardening techniques Medium
A. Uninstalling unnecessary services and packages, such as mail servers or compilers, if not needed.
B. Enforcing a strong password policy for all user accounts.
C. Disabling direct root login over SSH.
D. Changing the default SSH port from 22 to a non-standard port like 2222.

25 A company policy states that permissions should be assigned to job functions, not to individual employees. A new employee joining the 'Database Admins' team should automatically receive all necessary permissions to manage the company's databases. Which access control model best supports this requirement?

implement logical access control methods Medium
A. Discretionary Access Control (DAC)
B. Attribute-Based Access Control (ABAC)
C. Mandatory Access Control (MAC)
D. Role-Based Access Control (RBAC)

26 A datacenter wants to implement a control to prevent 'tailgating,' where an unauthorized person follows an authorized individual into a secure area. Which physical security measure is specifically designed to mitigate this threat?

implement physical security Medium
A. A mantrap with interlocking doors.
B. An armed security guard posted at the door.
C. Video surveillance (CCTV) cameras aimed at the door.
D. Biometric retina scanners at the entrance.

27 A developer needs to create a virtual lab with three VMs: a web server, an application server, and a database server. For security testing, these VMs must be able to communicate with each other but must be completely isolated from the host machine's physical network. Which virtual network type should be used for these VMs?

create virtual networks Medium
A. Bridged Networking
B. Host-only Networking
C. Internal-only Networking
D. Network Address Translation (NAT) Networking

28 A financial services application needs to enforce integrity rules. Specifically, it must ensure that a user cannot modify data in a way that is less trustworthy than their own clearance level (e.g., a 'trusted' user cannot write 'untrusted' data). This principle is often summarized as 'no write down'. Which security model is primarily focused on this type of data integrity?

implement data security models Medium
A. Clark-Wilson Model
B. Biba Integrity Model
C. Bell-LaPadula Model
D. Discretionary Access Control (DAC)

29 An administrator is using iptables on a Linux server to allow established and related connections for return traffic, while dropping invalid packets. Which iptables command accomplishes this for the INPUT chain?

configure firewalls Medium
A. iptables -A INPUT -p all -j ACCEPT
B. iptables -A INPUT -m state --state NEW -j DROP
C. iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
D. iptables -A INPUT -p tcp --syn -j ACCEPT

30 An Intrusion Prevention System (IPS) is deployed in-line on a network segment. If the IPS appliance loses power or fails, all traffic passing through it stops, causing a network outage. What is the term for this behavior?

implement intrusion detection systems Medium
A. Fail-open
B. Fail-closed
C. Fail-safe
D. Fail-secure

31 An administrator needs to harden a Windows Server that runs a critical application. The application's service account currently runs with Local System privileges. To adhere to the principle of least privilege, what is the best alternative?

apply server hardening techniques Medium
A. Switch the service to run as a member of the Domain Admins group.
B. Configure the service to run as the built-in Network Service account.
C. Create a Managed Service Account (MSA) and grant it only the specific file and registry permissions it requires.
D. Run the service as the Local Administrator account.

32 A sysadmin is configuring a VPN server and needs to decide which protocol to use. The primary requirement is security, and performance is a secondary concern. Which VPN protocol is generally considered obsolete and should be avoided due to significant security flaws?

configure security protocols Medium
A. IPsec with IKEv2
B. PPTP (Point-to-Point Tunneling Protocol)
C. OpenVPN
D. WireGuard

33 A company wants to strengthen its server authentication by requiring users to provide a password and then tap a physical USB security key (like a YubiKey) to log in. This approach combines which two authentication factors?

implement logical access control methods Medium
A. Something you know and Somewhere you are
B. Something you know and Something you have
C. Something you know and Something you are
D. Something you have and Something you are

34 To prevent a compromised web server from being able to access or modify the underlying operating system files, an administrator decides to run the web server process within an isolated environment with its own virtualized filesystem and process space. What is this technique called?

apply server hardening techniques Medium
A. Role-Based Access Control (RBAC)
B. Kernel patching
C. Chroot jail or containerization
D. Port knocking

35 A server room's environmental monitoring system alerts an administrator that the temperature has exceeded the safe operating threshold. Which physical security control has failed or is inadequate?

implement physical security Medium
A. Fire Suppression System
B. Access Control Vestibule
C. HVAC (Heating, Ventilation, and Air Conditioning)
D. UPS (Uninterruptible Power Supply)

36 An administrator places a specially configured, vulnerable-looking server on the public network with no production data on it. The server's purpose is to be attacked, so the administrator can study the attackers' methods and gather threat intelligence. What is this type of server called?

implement intrusion detection systems Medium
A. Honeypot
B. Bastion Host
C. Proxy Server
D. Jump Box

37 A hospital's patient record system must ensure that only authorized doctors can access patient files, and that every access, modification, or deletion is logged to a non-repudiable audit trail. This focus on controlled, logged transactions and maintaining data integrity aligns best with which security model?

implement data security models Medium
A. Clark-Wilson Model
B. Bell-LaPadula Model
C. Take-Grant Model
D. Biba Model

38 A company has a web server in a DMZ with the IP address 192.168.100.10. An administrator wants to use Network Address Translation (NAT) on the external firewall to map the public IP address 203.0.113.5 to the internal DMZ server for inbound web traffic. What is this specific type of NAT configuration called?

configure firewalls Medium
A. NAT Overload
B. Static NAT (or Port Forwarding)
C. Dynamic NAT
D. Port Address Translation (PAT)

39 An administrator is configuring sudo on a Linux server to allow the user webadmin to restart the apache web server service, but nothing else. Which of the following /etc/sudoers entries is the most secure and precise way to grant this permission?

implement logical access control methods Medium
A. webadmin ALL=(ALL) /bin/bash
B. webadmin ALL=(ALL) NOPASSWD: ALL
C. webadmin ALL=(ALL) /usr/sbin/service
D. webadmin ALL=(ALL) /usr/sbin/service httpd restart

40 A server administrator needs to transfer log files securely from a production server to an analysis server. The process must be automated via a script and must use key-based authentication instead of passwords. Which protocol is best suited for this task?

configure security protocols Medium
A. SCP (Secure Copy Protocol) or SFTP (SSH File Transfer Protocol)
B. FTP
C. Telnet
D. TFTP

41 A stateful firewall monitors a network segment. An attacker sends a TCP packet with the FIN, PSH, and URG flags set (an 'Xmas scan') to a closed port on a target server. The firewall's connection tracking table has no existing entry for this source IP and port. How will a properly configured stateful firewall most likely respond to this packet?

configure firewalls Hard
A. Send an ICMP Destination Unreachable message back to the attacker, since there is no listening service on the destination port.
B. Send a TCP RST packet back to the attacker on behalf of the server to actively reject the connection attempt.
C. Drop the packet silently and log the event as a potential scan, as it's a non-SYN packet attempting to initiate a connection.
D. Forward the packet to the server, as the packet is technically valid according to RFC 793, and wait for the server's RST response to determine the connection state.

42 A critical Linux server is being hardened. A security engineer has enabled Address Space Layout Randomization (ASLR) at the kernel level (kernel.randomize_va_space = 2), compiled all key binaries as Position-Independent Executables (PIE), and enabled a strict SELinux policy. A zero-day exploit attempts a buffer overflow to execute a return-to-libc attack. Which hardening measure provides the primary and most direct mitigation against this specific attack technique?

apply server hardening techniques Hard
A. Position-Independent Executables (PIE), as it randomizes the base address of the executable's code segment.
B. Data Execution Prevention (DEP/NX bit), by marking the stack and heap as non-executable.
C. SELinux policy, by preventing the exploited process from calling forbidden library functions.
D. Address Space Layout Randomization (ASLR), as it randomizes the base address of loaded shared libraries, including libc.

43 A Network IDS (NIDS) is monitoring traffic and flags a potential SQL injection attack based on the signature /(?i)union\s+all\s+select/. The traffic is over HTTPS (port 443). The NIDS is placed on a SPAN port on a core switch, but it does not have access to the web server's private SSL/TLS keys. What is the most likely outcome of this detection scenario?

implement intrusion detection systems Hard
A. A true positive alert, as the NIDS can analyze the payload of the encrypted packets using advanced deep packet inspection.
B. A false positive alert, because the NIDS is misinterpreting encrypted data as a malicious string.
C. A true positive alert, as the NIDS can infer the attack based on the size and timing of the encrypted packets.
D. A false negative, because the NIDS cannot inspect the encrypted payload and will not see the SQL injection string.

44 A multi-level security system is designed to handle classified military intelligence. A user with 'Secret' clearance attempts to write a summary of a 'Secret' document into a file designated as 'Top Secret'. In a separate action, the same user attempts to read data from a file with 'Confidential' classification. Which statement correctly analyzes these actions based on the Bell-LaPadula model?

implement data security models Hard
A. Both the Simple Integrity Axiom and the *-Integrity Axiom were violated.
B. The *-Integrity Axiom ('no write up') was violated, and the Simple Integrity Axiom ('no read down') was enforced.
C. The Simple Integrity Axiom ('no read down') was violated, and the *-Integrity Axiom ('no write up') was enforced.
D. Both the Simple Integrity Axiom and the *-Integrity Axiom were enforced correctly.

45 You are configuring an IPsec VPN tunnel between two gateways. The internal network behind Gateway A is 10.10.0.0/16 and the internal network behind Gateway B is 10.20.0.0/16. The requirement is to encrypt all traffic between any host in network A and any host in network B, while leaving the original source and destination IP headers intact for internal routing inspection tools. However, the path between the gateways includes a NAT device. Which IPsec configuration is required?

configure security protocols Hard
A. Transport Mode with ESP and NAT Traversal (NAT-T), because it only encrypts the payload and NAT-T handles the NAT issue.
B. Tunnel Mode with ESP, because it encapsulates the entire original IP packet.
C. Transport Mode with AH, because it provides authentication for the original IP header.
D. Tunnel Mode with ESP and NAT Traversal (NAT-T), because it encapsulates the original packet and NAT-T allows ESP to pass through NAT.

46 In a software-defined network (SDN) environment using OpenFlow, a network administrator pushes a policy to block all FTP traffic (TCP port 21) from the engineering segment to the public internet. However, monitoring tools show that FTP connections are still being established successfully. The SDN controller dashboard confirms the policy is active and has been sent to the switches. What is the most probable cause of this policy failure?

create virtual networks Hard
A. A pre-existing, higher-priority flow rule on the switches allows all TCP traffic, and the new rule was inserted with a lower priority.
B. The SDN controller has a bug and is not translating the policy into the correct OpenFlow rules.
C. The Northbound API failed to properly transmit the administrator's intent to the controller's policy engine.
D. The Southbound API (e.g., OpenFlow) is incompatible with the physical switches.

47 A company is migrating from TOTP-based MFA to FIDO2/WebAuthn using hardware security keys. A security team is analyzing the resilience of this new system against a sophisticated Man-in-the-Middle (MitM) phishing attack. The attacker sets up a proxy that perfectly clones the company's login portal and forwards credentials in real-time. How does FIDO2/WebAuthn defeat this specific attack where TOTP would fail?

implement logical access control methods Hard
A. The FIDO2 protocol includes the domain name (origin) of the requesting site in the cryptographic challenge-response signature.
B. The hardware key requires a biometric or PIN input, which cannot be captured and relayed by the proxy.
C. The hardware key encrypts the password with a secret that the MitM proxy cannot decrypt.
D. The user would see a browser warning that the site's SSL certificate is invalid, stopping the attack.

48 A secure data center is designed with a 'man-trap' system at its entrance, consisting of two interlocking doors where only one can be open at a time. To mitigate tailgating, the system integrates an overhead sensor. Which type of sensor would be most effective at detecting a tailgating attempt (two people entering on one authentication) while minimizing false positives from carried equipment like a large server chassis?

implement physical security Hard
A. A simple infrared beam sensor placed at waist height.
B. A passive infrared (PIR) motion sensor that detects body heat.
C. A pressure-sensitive mat calibrated for the weight of one average person.
D. A 3D imaging or stereoscopic vision sensor that performs object counting and volumetric analysis.

49 A network architect is designing a multi-tenant environment and must choose between VLANs and VXLAN for tenant isolation. The design requires over 5000 isolated tenant networks, and some tenant VMs must be able to migrate live between physical data centers connected via a Layer 3 WAN. Why is VXLAN the only viable solution in this scenario?

create virtual networks Hard
A. VXLAN provides superior encryption by default compared to the clear-text nature of 802.1Q VLAN tags.
B. VLANs cannot be routed over a Layer 3 WAN, whereas VXLAN is designed for L2-over-L3 encapsulation.
C. The VLAN standard supports a maximum of 4094 usable VLANs, which is insufficient for the 5000 required networks.
D. Both A and B are correct and represent fundamental limitations of VLANs for this design.

50 You are hardening a web server that processes user-uploaded files. To mitigate malware execution, you have mounted the /var/www/uploads directory with the noexec, nosuid, and nodev options in /etc/fstab. An attacker successfully uploads a PHP script disguised as a JPEG file. They then try to execute it by making a web request to http://server/uploads/shell.jpg. Why might this attack still succeed despite the noexec mount option?

apply server hardening techniques Hard
A. The noexec flag only applies to binaries, not interpreted scripts.
B. The attacker can use a chmod +x command via another vulnerability to make the file executable, overriding the mount option.
C. The nosuid flag is not present, which allows the script to gain root privileges and bypass the noexec flag.
D. The web server process itself (e.g., Apache with mod_php) reads and interprets the script file, and it is the interpreter's process that is executing, not the file itself.

51 A company uses a Next-Generation Firewall (NGFW) for perimeter defense and a Web Application Firewall (WAF) in front of its public web servers. An attacker launches a sophisticated attack that involves exploiting a zero-day remote code execution (RCE) vulnerability in the web application's file upload feature. The exploit is delivered within a TLS-encrypted session and is obfuscated to evade common string-based signatures. Which firewall is more likely to detect and block this specific attack, and why?

configure firewalls Hard
A. The NGFW, because it has application-layer visibility and can identify the protocol as HTTP and apply malware signatures.
B. Both are equally likely to fail, as the traffic is encrypted and the exploit is a zero-day.
C. The NGFW, because its primary function is to block RCE attempts, whereas a WAF focuses only on SQL injection and XSS.
D. The WAF, because it is designed to perform deep inspection of HTTP/S traffic, understand application logic, and detect anomalies and attack patterns specific to web applications.

52 A financial institution implements the Clark-Wilson integrity model for its core transaction system. A developer introduces a bug into a Transformation Procedure (TP) that is supposed to debit one account and credit another. The bug causes the TP to occasionally fail to complete the credit operation after the debit has already been committed, violating the system's integrity. Which specific part of the Clark-Wilson model has failed in this scenario?

implement data security models Hard
A. The access control triple (user, TP, CDI), as the user should not have been granted access to this faulty TP.
B. The Integrity Verification Procedure (IVP), because it failed to scan the CDI for an invalid state.
C. The certification of the TP, as the procedure was not properly vetted to ensure it transforms Constrained Data Items (CDIs) from one valid state to another.
D. The Separation of Duty principle, as one developer should not have been able to modify a critical TP alone.

53 A web server is configured to support TLS 1.3 exclusively. A client initiates a connection, and after the initial handshake, the client's browser needs to reconnect to download an additional resource. The server supports 0-RTT (Zero Round-Trip Time) resumption. What is the primary security risk associated with the server enabling and the client using 0-RTT, and what is the mitigation?

configure security protocols Hard
A. The handshake is vulnerable to downgrade attacks to TLS 1.2; mitigation is to disable all older protocols.
B. The 0-RTT data is not forward-secret and is vulnerable to replay attacks; mitigation is to ensure the 0-RTT data is idempotent.
C. Perfect Forward Secrecy is lost; mitigation involves using a DHE cipher suite.
D. The server is vulnerable to denial-of-service from session exhaustion; mitigation is to limit the number of resumable sessions.

54 In a complex RBAC model for a cloud provider, a user is a member of two roles: DatabaseAdmin and ProjectAuditor. The DatabaseAdmin role grants db:Write permission. The ProjectAuditor role grants db:Read permission but also has a Deny policy attached for the db:Write permission for auditing purposes. Assuming the system evaluates policies with an explicit 'Deny' overriding any 'Allow', what is the user's effective permission on the database, and which security principle does this illustrate?

implement logical access control methods Hard
A. The user receives no permissions due to a role conflict, resulting in a denial of all access. This illustrates a fail-safe default.
B. The permissions are merged, granting both db:Read and db:Write. This illustrates role aggregation.
C. Effective permission is db:Read. This illustrates the precedence of explicit denial.
D. Effective permission is db:Write. This illustrates the Principle of Least Privilege.

55 A security analyst is investigating an IDS alert that has triggered on a high volume of single, small UDP packets sent from a single source to a wide range of high, random ports on a target server. The IDS signature is labeled SCAN UDP Portscan. However, the analyst knows the source is a legitimate partner's server running a real-time monitoring application. The application works by sending a UDP packet and waiting for an ICMP Port Unreachable response to determine if the partner's service is down. How should this activity be classified?

implement intrusion detection systems Hard
A. True Negative: The IDS correctly identified the traffic as benign and did not alert.
B. True Positive: The activity matches the technical definition of a UDP port scan, regardless of intent.
C. False Negative: The IDS has failed to detect the true malicious nature of the traffic.
D. False Positive: The activity is benign, and the IDS signature is too broad, lacking the context of the application's normal behavior.

56 A system administrator is hardening a minimal-footprint API gateway server. The server's only function is to terminate TLS and proxy requests to backend services. Which of the following service daemons, often found on standard Linux installations, represents the most significant and unnecessary attack surface that should be disabled on this specific server?

apply server hardening techniques Hard
A. chronyd or ntpd (NTP Daemon)
B. sshd (OpenSSH Server)
C. rsyslogd (System Logging Daemon)
D. rpcbind (RPC Portmapper)

57 Consider the following nftables ruleset on a Linux router. What is the effect of this configuration on a new SSH connection attempt from a client at 192.168.1.10 to a server at 10.0.0.5?


table inet filter {
chain forward {
type filter hook forward priority 0; policy drop;
ip saddr 192.168.1.0/24 tcp dport 22 ct state new,established accept
ct state related,established accept
}
}

configure firewalls Hard
A. The connection is dropped because the first rule only allows new and established, but not related.
B. The connection is accepted because the second rule will match the return packets, establishing the connection.
C. The connection is accepted because the first rule explicitly allows new SSH connections from the source subnet.
D. The connection is dropped because the first rule, which is more specific, is placed before the general ct state related,established accept rule, and return packets will not match it.

58 A ransomware worm is propagating rapidly within a data center. The existing security architecture uses VLANs to segment the production, development, and database tiers. However, the worm is spreading laterally between different production web servers within the same 'Production' VLAN. Which modern network security concept would be most effective at preventing this specific type of lateral movement?

create virtual networks Hard
A. Deploying a Next-Generation Firewall (NGFW) at the data center edge.
B. Migrating from VLANs to VXLANs for better scalability.
C. Implementing a microsegmentation policy that creates a default-deny firewall rule between each individual workload.
D. Implementing 802.1X port-based authentication on the physical switches.

59 A web application in Active Directory uses a service account configured for Kerberos 'Unconstrained Delegation'. A threat actor compromises the web server. Which of the following attack chains is now possible due to this specific misconfiguration?

configure security protocols Hard
A. The attacker can pass-the-hash to move laterally to other servers using the web server's NTLM hash.
B. The attacker can use the web server's service account to access any resource the web server itself is authorized to access.
C. The attacker can wait for a Domain Admin to authenticate to the web application, extract the admin's forwarded Ticket-Granting Ticket (TGT) from the web server's memory, and use it to impersonate the Domain Admin across the entire domain.
D. The attacker can perform a Kerberoasting attack to crack the service account's password offline.

60 A government facility needs to protect a server room containing highly classified data from eavesdropping via electromagnetic emissions (e.g., TEMPEST attacks). The budget is constrained. Which of the following is the most practical and cost-effective solution to mitigate this specific threat for a single room within a larger, non-secured building?

implement physical security Hard
A. Constructing a full six-sided Faraday cage around the server room using copper mesh embedded in the walls, floor, and ceiling.
B. Deploying broadband RF jamming equipment within the room to overwhelm any potential eavesdropping receivers.
C. Enforcing a 20-meter physical 'red-black' separation perimeter around the room where no unencrypted (black) data lines can cross.
D. Replacing all copper network cables with fiber-optic cables and ensuring all server chassis are properly grounded.