{6 Which of the following best practices makes a wireless network more dificult to find? ‘A. Implement MAC filtering. B, UseWPA2-PSK. . Disable SSID broadcast. . Power down unused WAPS. ‘Questions 6 Answer: C Explanation: Network administrators may chcose to disable SSID broadcast to hide their network from unauthorized personnel. However, te SSID is stil needed to direct packets to and from the base station, soitsa discoverable value using a wireless packet sniffer. Thus, the SSID should be dsabled ifthe network isnt for public use. 7.When performing the daily review of the system vulnerability scans of the network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. oe researches the assigned vulnerability identification nurmber from, the vendor website. Joe proceeds with applying the recommended solution for identified ‘vulnerability ‘Which of the following is the type of vulnerability described? A. Network based, B. IDs. . Signature based. D. Host based. ‘Questions 7 Answer: C Explanation: A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and, accurately detect any event from its database of signatures. '8.A network administrator has been tasked with securing the WLAN. Which of the following ‘cryptographic products would be used to provide the MOST secure environment for the WLAN? ‘A. WPA2 COMP, 3, WPA C. WPAwith MAC firing. D. WPA2 TKIP. Questions 8 Answer: A Explanation: CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than the WEP protocol and TKIP protocol of WPA. CCM provides the following security services: Data confidentiality; ensures oniy authorized parties can access the information Authentication; provides proof of ‘enuineness of the user Access control in conjunction with layer management Because CCMP is a block cipher ‘mode using a 128-bit key, it is secure against attacks to the 264 steps of operation.9. An administrator would lke to review the effectiveness of existing security in the enterprise. ‘Which of the following would be the BEST place to start? A. Roview past security incidents and their resolution B. Rewrite the existing security policy. . Implement an intrusion prevention system. D. Install honey pot systems. ‘Questions 9 Answer: C Explanation: The main funetions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to bleck/stop it, and report it ‘Questions 10 Answer :C Explanation: Firewalls manage traffic using fiters, which s just a rule or setof rules. A recommended guideline for firewall rules is, deny by default allow by exception. This means that if a network connection is not specifically allowed, it willbe denied. 10. Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks? ‘A. Implement a HilDS to protect the SCADA system. B. Implement. Layer 2 switch to access the SCADA system. . Implement firewall to protect the SCADA system. D. Implement a NIDS to protect the SCADA system.