The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website?
A. Use certificates signed by the company CA B. Use a signing certificate as a wild card certificate C. Use certificates signed by a public ca D. Use a self-signed certificate on each internal server
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?
A. Transitive access B. Spoofing C. Man-in-the-middle D. Replay
A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this?
A. Enforce authentication for network devices B. Configure the phones on one VLAN, and computers on another C. Enable and configure port channels D. Make users sign an Acceptable use Agreement
After a merger, it was determined that several individuals could perform the tasks of a network administrator in the merged organization. Which of the following should have been performed to ensure that employees have proper access?
A. Time-of-day restrictions B. Change management C. Periodic auditing of user credentials D. User rights and permission review
The SSID broadcast for a wireless router has been disabled but a network administrator notices that unauthorized users are accessing the wireless network. The administor has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled. Which of the following would further obscure the presence of the wireless network?
A. Upgrade the encryption to WPA or WPA2 B. Create a non-zero length SSID for the wireless router C. Reroute wireless users to a honeypot D. Disable responses to a broadcast probe request
Given the log output:
Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: msmith] [Source: 10.0.12.45]
[localport: 23] at 00:15:23:431 CET Sun Mar 15 2015
Which of the following should the network administrator do to protect data security?
A. Configure port security for logons B. Disable telnet and enable SSH C. Configure an AAA server D. Disable password and enable RSA authentication
After correctly configuring a new wireless enabled thermostat to control the temperature of the company’s meeting room, Joe, a network administrator determines that the thermostat is not connecting to the internet-based control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet?
A. The company implements a captive portal B. The thermostat is using the incorrect encryption algorithm C. the WPA2 shared likely is incorrect D. The company’s DHCP server scope is full
A network administrator was to implement a solution that will allow authorized traffic, deny unauthorized traffic and ensure that appropriate ports are being used for a number of TCP and UDP protocols. Which of the following network controls would meet these requirements?
A. Stateful firewall B. Web security gateway C. URL filter D. proxy server E. web application firewall
A network administrator argues that WPA2 encryption is not needed, as MAC filtering is enabled on the access point. Which of the following would show the administrator that wpa2 is also needed?
A. Deploy an evil twin with mac filtering B. Flood access point with random mac addresses C. Sniff and clone a mac address D. DNS poison the access point