A file on a Linux server has default permissions of rw-rw-r–. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file?
A. User ownership information for the file in question B. Directory permissions on the parent directory of the file in question C. Group memberships for the group owner of the file in question D. The file system access control list (FACL) for the file in question
Answer: C
Explanation: The file permissions according to the file system access control list (FACL) are rw-rw-r–. The first ‘rw-‘ are the file owner permissions (read and write). The second ‘rw-‘ are the group permissions (read and write) for the group that has been assigned the file. The third ‘r–‘ is the All Users permissions; in this case read only. To enable Ann to access the file, we should add Ann to the group that has been assigned to the file.
Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO).
A. 10.4.4.125 B. 10.4.4.158 C. 10.4.4.165 D. 10.4.4.189 E. 10.4.4.199
Answer: C,D
Explanation: With the given subnet mask, a maximum number of 30 hosts between IP addresses 10.4.4.161 and 10.4.4.190 are allowed. Therefore, option C and D would be hosts on the same subnet, and the other options would not.
Which of the following provides the HIGHEST level of confidentiality on a wireless network?
A. Disabling SSID broadcast B. MAC filtering C. WPA2 D. Packet switching
Answer: C
Explanation: The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) authentication protocols were designed to address the core, easy-to-crack problems of WEP.
Emily, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Emily configure?
A. PAT B. NAP C. DNAT D. NAC
Answer: A
Explanation: Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP address to the home network’s router. When Computer X logs on the Internet, the router assigns the client a port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique address. If Computer Z logs on the Internet at the same time, the router assigns it the same local IP address with a different port number. Although both computers are sharing the same public IP address and accessing the Internet at the same time, the router knows exactly which computer to send specific packets to because each computer has a unique internal address.
Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need?
A. Implement voice encryption, pop-up blockers, and host-based firewalls. B. Implement firewalls, network access control, and strong passwords. C. Implement screen locks, device encryption, and remote wipe capabilities. D. Implement application patch management, antivirus, and locking cabinets.
Answer: C
Explanation: Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications. Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.
According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?
A. NIDS B. DMZ C. NAT D. VLAN
Answer: D
Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches.
Ann would like to forward some Personal Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely?
A. Digital Signatures B. Hashing C. Secret Key D. Encryption
Answer: D
Explanation: Encryption is used to prevent unauthorized users from accessing data. Data encryption will support the confidentiality of the email.