270
Appendix ■ Answers to Practice Tests
17. A. The correct answer is to disable WiFi if it is not absolutely needed. Many peripheral devices are WiFi enabled. If you don’t require this functionality, then disabling it is a very basic and essential security measure you can take. For example, WiFi enabled MiroSD cards is vulnerable to attacks. Option B is incorrect. Very few peripheral devices will even have a BIOS. Option C is incorrect. Encryption may be warranted for some specific peripherals, but many don’t have storage that can be encrypted, and this would not be the first step one takes. Option D is incorrect. Many peripherals don’t have a hard drive to install antivirus on. 18. A. A DMZ provides limited access to public facing servers, for outside users, but blocks outside users from accessing systems inside the LAN. It is a common practice to place web servers in the DMZ. Option B is incorrect. A VLAN is most often used to segment the internal network. Option C is incorrect. Routers direct traffic based on IP address. Option D is incorrect. A guest network allows internal users who are not employees to get access to the Internet. 19. B. Physically portioning your network is the physical equivalent of a VLAN. A VLAN is designed to emulate physical partitioning. Option A is incorrect. Perimeter security does not segment the network. Option C is incorrect. Security zones are useful, but don’t, by themselves, segment a network. Often a network is segmented, using physical partitions or VLAN, to create security zones. Option D is incorrect. A firewall is meant to block certain traffic, not to segment the network. 20. D. Honeypots are designed to attract a hacker by appearing to be security holes that are ripe and ready for exploitation. A honeynet is a network honeypot. This security technique is used to observe hackers in action while not exposing vital network resources. Option A is incorrect. Active detection is not a term used in the industry. Option B is incorrect. False subnet is not a term used in the industry. Option C is incorrect. An intrusion detection system is used to detect activity that could indicate an intrusion or attack. 21. A. Nonessential protocols provide additional areas for attack. The fact that all protocols have weaknesses would be sufficient to eliminate nonessential protocols. Those nonessential protocols’ ports provide possible avenues of attack. You should always follow the principle of least privilege. Option B is incorrect. Any port can be secured. This is an example of security control. Option C is incorrect. It is not the case that specific ports are less secure. But every port that is open provides a possible mode of entry into a system. Option D is incorrect. There is no additional effort to secure a port that is nonessential.