9.0 Quizzez

A network administrator sets up a network access control solution throughout the enterprise, which allows them to see ports with multiple devices connected to a switch port.

The administrator uses this to help identify wireless access points throughout the enterprise, especially older ones that may have been forgotten.

Which of the following legacy wireless encryption mechanisms is the administrator going to change? (Select two.)

WEP and WPA

• WEP is completely insecure, so any AP using it must be upgraded to at least WPA2 or WPA3.

• WPA1 is also insecure, mainly because TKIP is weak and can be exploited with modern attacks.

• Goal: Replace legacy APs using WEP/WPA with WPA2-AES or WPA3 for strong encryption, authentication, and protection against interception or rogue APs.

A network administrator wants to enable authentication for wireless access points against an Active Directory database.

Which of the following will the administrator need to use?

RADIUS

• When you want APs to authenticate users against AD: use RADIUS.

• It forwards credentials securely and handles the authentication without exposing passwords to the APs.

You are setting up a wireless network for a small business that requires enhanced security to protect against key recovery attacks and ensure that intercepted data cannot be decrypted.

The network will support modern devices, and you want to avoid vulnerabilities associated with WPA2.

Which configuration should you choose to meet these requirements?

Configure the network to use WPA3-Personal with Simultaneous Authentication of Equals (SAE).

Which of the following statements BEST describes WPA2 Pre-shared Key (PSK) Authentication?

WPA2 Pre-shared Key (PSK) Authentication relies on a shared passphrase to generate a key for encrypting communications. The passphrase is shared among all users, and if it is weak or poorly chosen, it becomes vulnerable to attacks such as brute force or dictionary attacks.

WPA2 PSK does not generate unique keys for each user. Instead, all users share the same passphrase, which is converted into a pairwise master key (PMK) for encryption. The lack of unique keys is one of the vulnerabilities of this method.

Which of the following wireless security methods uses a common shared key that is configured on the wireless access point and all wireless clients?

WEP, WPA Personal, and WPA2 Personal

You are configuring the firewall on a home router for a small office. The office uses a web server that needs to be accessible to external clients over the Internet.

However, you want to ensure that no other inbound traffic is allowed and that all outbound traffic from internal devices remains unrestricted.

Which of the following configurations would BEST meet the requirements described in the scenario?

Blocking all inbound traffic by default ensures that unauthorized external access is prevented, which is a standard security practice. Configuring port forwarding for the web server's IP address and port allows external clients to access the web server without exposing other internal devices to potential threats. Allowing all outbound traffic ensures that internal devices can access the Internet without restrictions, meeting the requirements of the scenario.

You are setting up a SOHO router for a small remote office with five employees.

The office layout requires you to decide on the best physical placement for the router to ensure both security and optimal performance.

Which of the following options is the BEST course of action?

Position the router near the minimum point of entry for the service provider's cabling.

What is the primary purpose of Universal Plug-and-Play (UPnP) in a SOHO network?

Universal Plug-and-Play (UPnP) is a protocol that allows devices on the same network to discover each other and establish communication automatically. This simplifies the process of setting up devices like printers, gaming consoles, and smart home devices, making it easier for them to share data and resources without manual configuration.

You are setting up a SOHO network for a small office.

One of the employees wants to use a network printer and a gaming console that require automatic configuration to connect and communicate with other devices on the network.

Which of the following actions should you take to meet this requirement?

Enable Universal Plug-and-Play (UPnP) on the router.

Correct Answer:

A human resources specialist has started working from home. The specialist is somewhat security conscious and wants to keep their home network secure.

What else besides the router operating system patches should the specialist keep patched?

Firmware

You are setting up a home office network for a small business. The business requires a web server to be accessible from the internet.

The web server has been assigned a static IP address of 192.168.1.100. You need to ensure that external users can access the web server using the business's public IP address.

Additionally, the business wants to ensure that the web server's IP address does not change over time.

What is the BEST configuration to achieve this?

Port forwarding is required to direct incoming traffic on port 80 (HTTP) to the web server's internal IP address (192.168.1.100). Assigning a static IP address to the web server ensures that the port forwarding rule remains valid, as the server's IP address will not change. This configuration meets the requirements of making the web server accessible from the internet while maintaining a consistent internal IP address.

What is the primary purpose of placing devices in a screened subnet within a SOHO network?

A screened subnet (also known as a DMZ or demilitarized zone) is used to isolate devices that need to be accessible from external networks (e.g., web servers or email servers) while protecting the internal network from potential threats. It provides a layer of security by limiting access to only specific services and devices.

A technician receives a notification from a SOHO router manufacturer of a specific vulnerability that allows attackers to exploit SNMP traps to take over routers. The technician verifies the settings outlined in the notification.

Which of the following actions should the technician take NEXT?

Manufacturers often accompany a vulnerability notification with firmware updates to address the vulnerability. You should apply these updates immediately.

Parental controls or content filters restrict or block specific web traffic based on keywords, URLs, or time of day. They do not address network vulnerabilities.

Disabling DHCP will require static IP addresses. This does nothing to address network vulnerabilities.

MAC filtering limits connectivity to a list of MAC addresses. This does nothing to address network vulnerabilities.

A technician is installing a network-enabled smart home control system in a SOHO.

Which of the following configurations is MOST likely required on the SOHO router in order to access the system from the internet?

Explanation

Access to the smart home control system from the internet through the SOHO router is most likely achieved with port forwarding.

QoS gives priority to certain types of network traffic, such as VoIP phone traffic.

DHCP dynamically assigns IP addresses to clients on the local network.

NAT translates private IP addresses on the local network to public IP addresses on the internet.

A small business has set up a SOHO network with a screened subnet (DMZ) to host a public-facing email server. The internal network contains sensitive devices, such as employee workstations and a database server.

Recently, the business has noticed unusual traffic patterns and suspects that an attacker is trying to gain unauthorized access to the internal network by exploiting the email server in the screened subnet.

What is the MOST effective step to analyze and mitigate the potential threat while maintaining the functionality of the email server?

Analyzing traffic logs helps identify the source and nature of the unusual traffic. Implementing stricter firewall rules ensures that only legitimate traffic is allowed to access the email server while maintaining its functionality. This approach balances security and operational needs.