- Email support@dumps4free.com
After a security incident, a network security engineer discovers that a portion of the
company’s sensitive external traffic has been redirected through a secondary ISP that is
not normally used.
Which of the following would BEST secure the routes while allowing the network to function
in the event of a single provider failure?
A.
Disable BGP and implement a single static route for each internal network.
B.
Implement a BGP route reflector.
C.
Implement an inbound BGP prefix list.
D.
Disable BGP and implement OSPF.
Implement a BGP route reflector.
A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot
phase, services are not connecting properly to secure LDAP. Block is an except of output
from the troubleshooting session:
Which of the following BEST explains why secure LDAP is not working? (Select TWO.)
A.
The clients may not trust idapt by default.
B.
The secure LDAP service is not started, so no connections can be made.
C.
Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.
D.
Secure LDAP should be running on UDP rather than TCP.
E.
The company is using the wrong port. It should be using port 389 for secure LDAP.
F.
Secure LDAP does not support wildcard certificates.
G.
The clients may not trust Chicago by default.
The secure LDAP service is not started, so no connections can be made.
The company is using the wrong port. It should be using port 389 for secure LDAP.
A security is assisting the marketing department with ensuring the security of the
organization’s social media platforms. The two main concerns are:
The Chief marketing officer (CMO) email is being used department wide as the username
The password has been shared within the department
Which of the following controls would be BEST for the analyst to recommend?
A.
Configure MFA for all users to decrease their reliance on other authentication.
B.
Have periodic, scheduled reviews to determine which OAuth configuration are set for
each media platform.
C.
Create multiple social media accounts for all marketing user to separate their actions.
D.
Ensue the password being shared is sufficiently and not written down anywhere.
Configure MFA for all users to decrease their reliance on other authentication.
A company is looking for a solution to hide data stored in databases. The solution must
meet the following requirements:
Be efficient at protecting the production environment
Not require any change to the application
Act at the presentation layer
Which of the following techniques should be used?
A.
Masking
B.
Tokenization
C.
Algorithmic
D.
Random substitution
Masking
A security analyst receives an alert from the SIEM regarding unusual activity on an
authorized public SSH jump server. To further investigate, the analyst pulls the event logs
directly from /var/log/auth.log: graphic.ssh_auth_log.
Which of the following actions would BEST address the potential risks by the activity in the
logs?
A.
Alerting the misconfigured service account password
B.
Modifying the AllowUsers configuration directive
C.
Restricting external port 22 access
D.
Implementing host-key preferences
Restricting external port 22 access
Reference: https://www.rapid7.com/blog/post/2017/10/04/how-to-secure-ssh-server-usingport-
knocking-on-ubuntu-linux/
| Page 6 out of 40 Pages |
| Previous |