7..When performing the daily review of the system vulnerability scans ofthe network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number, oe researches the assigned vulnerability identification rurmber from, the vendor website. Joe proceeds with apolving the recommended solution for identified vulnerability ‘Which of the following isthe type of vulnerability described? A. Network based. B. IDs. . Signature based. D. Host based. ‘Questions 7 Answer: C Explanation: A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and, accurately detect any event from its database of signatures. '8.A network administrator has been tasked with securing the WLAN. Which of the following ‘cryptographic products would be used to provide the MOST secure environment for the WLAN? ‘A. WPA2 COMP, 3, WPA C. WPAwith MAC firing. D. WPA2 TKIP. Questions 8 Answer: A Explanation: CCMP is the standard encryption protocol for use with the W>PA2 standard and is much more secure than the WEP protocol and TKIP protocol of WPA. CCMP provides the following security services: Data confidentiality; ensures only authorized parties can access the information Authentication; provides proof of ‘eenuineness of the user Access controlin conjunction with layer management Because CCMP is a block cipher mode using a 128-bit key, itis secure against attacks to the 264 steps of operation. 9. An administrator would lke to review the effectiveness of existing security in the enterprise. ‘Which of the following would be the BEST place to start? A. Roview past security incidents and their resolution B. Rewrite the existing security policy. . Implement an intrusion prevention system. D. Install honey pot systems. ‘Questions 9 Answer: C Explanation: The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity attempt to block/stop it, and report it‘Questions 10 Answer :C Explanation: Firewalls manage traffic using fiters, which s just a rule or setof rules. A recommended guideline for firewall rules is, deny by default allow by exception. This means that if a network connection is not specifically allowed, it willbe denied. 10. Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks? ‘A. Implement a HilDS to protect the SCADA system. B. Implement. Layer 2 switch to access the SCADA system. . Implement firewall to protect the SCADA system. D. Implement a NIDS to protect the SCADA system.