FCF – Technical Introduction to Cybersecurity Exam Quiz Answers – Fortinet

Related Articles

Certiprof Prompt Engineering Foundation Professional Certification Answers

November 18, 2024

Itronix Blockchain Professional Certification Program

October 29, 2024

Corporate Finance Professional Certification

October 15, 2024

Fortinet – Technical Introduction to Cybersecurity Exam Quiz Answers

Module 1: Cryptography and the Public Key Infrastructure Quiz Answers

Question 1: Identify two symmetric algorithms. (Choose two.)

• AES
• DSA
• IDEA
• RSA

Question 2: During the encryption process, where symmetric and asymmetric cryptography are used, which key is used to encrypt the session (symmetric) key?

• The sender’s private key
• The receiver’s private key
• The sender’s public key
• The receiver’s public key

Question 3: Which cipher type is used by computers to encrypt data?

• Hashing
• Geyser
• Block-and-tackle
• Stream

Question 4: What ingredient is added during the BCRYPT key stretching process to increase entropy?

• Verification code
• A static known value
• Salt
• MAC

Question 5: Which statement best describes hashing?

• The process of converting plaintext to ciphertext
• The process of converting data of an arbitrary size to a unique value of a fixed size
• The art of writing or solving codes
• The process of generating a unique value that can be tied legally to an entity

Question 6: Which two entities are necessary components of a PKI? (Choose two.)

• Microsoft CAPI
• RA
• CA
• Firewall

Question 7: In a PKI, what is the ultimate source of trust?

• The registration authority
• The private key of the root CA
• PKI policy and procedures
• Local municipal laws in which the CA resides

Question 8: Which two features are characteristics of hashing? (Choose two.)

• Non-reversible process
• Random output value
• Obfuscation data process
• Fixed-length output value

Question 9: Which security requirement does encryption satisfy?

• Data integrity
• Authentication
• Non-repudiation
• Confidentiality

Question 10: Which statement best describes encryption?

• The art of writing or solving codes
• The process of converting an arbitrary-sized value to a fixed-size value
• The process of converting plaintext to ciphertext
• An entity disguised as something else

Question 11: Which two security requirements are satisfied by a digital signature? (Choose two.)

• Confidentiality
• Authorization
• Data integrity
• Authentication

Question 12: Which statement best describes cryptography?

• A method for ensuring network safety
• The study of writing or solving codes
• A secure session between a web browser and a web server
• The process of converting plaintext to ciphertext

Question 13: Identify three cipher method types. (Choose three.)

• Bletchley Park
• Transpositional
• One-time pad
• Substitution
• Abacus

Module 2: Secure Network Quiz Answers

Question 1: Why should a user prefer a security protocol over a non secured one?

• It provides Quality of Service (QoS).
• it adds segmentation.
• It adds confidentiality.
• It provides lower latency.

Question 2: What was missing in the early sandbox generation? (Choose two.)

• An integration with other security devices
• Automation and artificial intelligence
• An isolated environment to test unknown files
• A zero-day attacks detection

Question 3: How can a security engineer secure switching and ports?

• By configuring an application layer gateway
• By configuring firewall policies
• By configuring Network Address Translation (NAT) filtering
• By configuring static or sticky Media Access Control (MAC) address entries in the Content Addressable Memory (CAM) table

Question 4: Why is Fortinet Security Fabric an example of centralized security network management? (Choose two.)

• It can operate only locally.
• It has a broad view of the security with an end to end visibility.
• It can communicate with other devices through Application Programming Interfaces (APIs) or fabric connectors.
• All tasks and configurations are manual.

Question 5: Which network is enclosed by the security perimeter?

• The Demilitarized Zone (DMZ)
• The trusted network
• The Local Area Network (LAN) only
• The Wide Area Network (WAN)

Question 6: how can a security architect better control and protect the east-west traffic in a DeMilitarized Zone (DMZ)?

• Through Simple Network Management Protocol (SNMP)
• Through centralized security management
• Through micro-segmentation
• Through traffic shaping

Question 7: Why would a security architect segment a network? (Choose two.)

• To reduce the network congestions and broadcasts
• To limit the attacks to the specific segment without contaminating all the network
• To facilitate the management access through a connection to each device in the network
• To increase the scope of compliance to the complete network

Question 8: What are objectives of Software Defined Wide Area Network (SD-WAN)? (Choose two.)

• Lower latency
• Increase data protection
• Greater reliability
• Lower Quality of Service (QoS)

Question 9: Which principles are part of the Zero-Trust security model? (Choose two.)

• Assume that your network is breached
• Implement least privilege
• Reduce DeMilitarized Zone (DMZ) surface
• Trust only your Local Area Network (LAN)

Question 10: Why knowing the source IPs of an attack may not be relevant? (Choose two.)

• Source IPs can be forked.
• Attackers can use zero-day attacks.
• Source IPs can be spoofed.
• Attackers can use botnets.

Question 11: When implementing Zero-Trust security, which benefits do you expect? (Choose two.)

• A defined trusted zone
• Tighter restrictions to access resources
• Proofs of trust
• No micro-segmentation

Question 12: Which challenges brought the evolution from a network model with a single, dedicated service provider to Software Defined Wide Area Network (SD-WAN)? (Choose two.)

• Reliability
• Demand for more cloud applications and services
• Data protection
• Compliance requirements

Question 13: Which implementation should be done by a security architect to limit network threats in a network? (Choose two.)

• Zero trust
• Centralized network management
• Network segmentation
• Software Defined Wide Area Network (SD-WAN)

Question 14: What does Secure Multipurpose Internet Mail Extensions (S/MIME) bring over MIME? (Choose two.)

• Integrity with remote access
• repudiation with private connection
• Confidentiality with encryption
• Authentication with digital signature

Question 15: Why may a security architect add a sandbox in a network? (Choose two.)

• To share threat intelligence with other security devices
• To stop known threats like a honeypot
• To provide authentication
• To detect zero day attacks

Question 16: When implementing a data fabric architecture, which benefits do you expect?  (Choose two.)

• The monitoring and data management is centrally governed.
• The attack surface is reduced.
• The different parts of the security network are linked.
• The authentication is enforced.

Question 17: What are two core capabilities of Secure Access Service Edge (SASE)? (Choose two.)

• Simple Network Management Protocol (SNMP)
• Zero-Trust network access
• Traffic shaping
• Data loss prevention

Question 18: View the following exhibit:In this SD-WAN environment, what does the red line represent?

• An overlay network
• An underlay network
• A physical network
• A Wide Area Network (WAN)

Question 19: A security compliance audit must take place. Which implementation can simplify it?

• Centralized security management
• Simple Network Management Protocol (SNMP)
• Application Programming Interface (API)
• Artificial Intelligence

Question 20: Which application could provide the list of open ports to a security engineer, so the unnecessary ones can be closed?

• Syslog
• Machine Learning
• Sandbox
• Network mapper (nmap)

Question 21: View the following exhibit: What will be at least checked by the firewall upon receiving the server reply packet?

• The packet five-tuple
• The firewall session table
• If the implicit firewall policy is set to allow
• Nothing when the packet is encrypted

Question 22: Which required capabilities are included in Secure Access Service Edge (SASE)? (Choose two.)

• Network-as-a-Service
• Software-as-a-Service
• Security-as-a-Service
• Platform-as-a-Service

Question 23: What are the benefits for a bank in taking a Next Generation FireWall (NGFW) to secure its network? (Choose two.)

• Further analysis can be performed with a sandbox.
• An artificial intelligence performs all the security checkpoints.
• Malicious content is checked through Deep Packet Inspection (DPI).
• Machine learning configures automatically micro-segmentation.

Question 24: A security architect would like to add in a network a device able to understand the application layers protocols. Which device should be added?

• A Next Generation FireWall (NGFW)
• A packet filter firewall
• A stateful firewall
• A stateless firewall

Question 25: How could the traffic be filtered at the security perimeter? (Choose two.)

• By performing traffic shaping
• By acting as an application layer gateway
• By logging the incoming traffic
• By performing packet filtering at transport layer

Question 26: A network architect must implement security in a network including Internet of Things (IoT), Bring your own Device (ByoD), and cloud-based workstations. Which model should the architect put in place?

• Packet filtering
• Security perimeter
• Network Address Translation (NAT) filtering
• Zero trust

Question 27: Why should a security engineer secure a switch? (Choose two.)

• The management access is only available through the default Virtual Local Area Networks (VLAN).
• The management access is only available through the default Media Access Control (MAC) address.
• By default, a switch is vulnerable to broadcast storms.
• By default, port authentication is not configured.

Question 28: What does Secure Access Service Edge (SASE) offer to remote off-net users compared to on-net?

• Different login credentials to access different systems
• Better software upgrades including security patches
• Real-time analysis of security alerts
• The same security policies no matter their location

Question 29: how can a security architect segment a network? (Choose two.)

• Through Virtual Local Area Networks (VLANs)
• Through Software Defined Wide Area Network (SD-WAN)
• Through a bastion host
• Through a jump box

Question 30: Which type of attack is handled only by the latest sandbox generation?

• AI-driven attacks
• Zero-day attacks
• Attacks exploiting known vulnerabilities
• Fraggle attacks

Question 31: Which protocols should a security engineer disable for management access? (Choose two.)

• Secure Shell protocol (SSH)
• HyperText Transfer Protocol Secure (HTTPS)
• HyperText Transfer Protocol (HTTP)
• Telnet

Question 32: A security architect must put in place the Zero-Trust model in a network. Which methods could the architect implement? (Choose two.)

• Traffic shaping
• Privilege access management
• The Kipling method
• The Kubernetes method

Question 33: View the following exhibit: How can a security architect secure the switch to reduce a Media Access Control (MAC) flooding attack performed by the device D?

• By grouping the devices in the same Virtual Local Area Network (VLAN)
• By limiting the number of MAC address entries per switch port
• By grouping the switch ports in the same VLAN
• By limiting the number of IP address entries per VLAN

Module 3: Authentication and Access Control Quiz Answers

Question 1: Which is an example of a possession-based authentication method?

• Texting a one-time code through SMS
• Using your eye to pass a biometric lock
• Having your password written down in a secure location
• Carrying your laptop home

Question 2: Which two are aspects of the principle of least privilege? (Choose two.)

• Allowing easy, baseline access for all
• Allowing only what users and devices need
• Allowing access until proven otherwise
• Reducing error by minimizing access

Question 3: Which two are the responsibilities of an authentication governing body? (Choose two.)

• Creating disaster recovery policies
• User onboarding
• Reviewing the password strength policy
• User certification

Question 4: What type of access control allows the device or person performing the authentication the ability to allow or deny access?

• Lattice-based access control
• Discretionary access control
• Role-based access control
• Mandatory access control

Question 5: Which two should be selected to create secure multi-factor authentication to access a computer system? (Choose two.)

• Smart Card
• Voice identification
• Height sensor
• Password

Question 6: Which two are performed by the supplicant in 802.1x authentication? (Choose two.)

• Verifying identity
• Providing identity
• Connecting to a network
• Sending an accept message to the intermediary

Question 7: What does a NAC use to identify attached devices and allow access?

• Retinal pattern
• Device memory size
• Username
• Device profile

Question 8: Which one makes the allow or deny decision in the authentication process?

• Authentication server
• Supplicant
• Access point
• Intermediary

Question 9: Which protocol can perform SSO?

• TCP
• DNS
• CHAP
• Kerberos

Question 10: Which type of access control scheme does a NAC apply?

• Mandatory access control
• Attribute-based access control
• Lattice-based access control
• Discretionary access control

Question 11: In SSO authentication, which two entities know the unhashed credentials? (Choose two.)

• Service provider
• User
• Internet service provider
• Identify provider

Question 12: Which three can be used as attributes in attribute-based access control? (Choose three.)

• MAC address
• DHCP IP address
• Hours in a day
• Time of day

Module 4: Secure Remote Access Quiz Answers

Question 1: Which statement best describes secure remote access?

• Secure remote access allows personal devices (BYOD) to connect to the computer network.
• Secure remote access securely connects two or more local area networks (LANs).
• Secure remote access transmits smart device information to an outside computer network.
• Secure remote access allows outside end entities to connect securely to a computer network.

Question 2: Which characteristic differentiates ZTNA from VPN?

• Encryption algorithms
• Security due to key lengths
• Data integrity checks
• The zero trust concept

Question 3: Which statement best describes the zero trust approach that is the basis for ZTNA design?

• Nothing can be trusted inside or outside the network.
• Remote devices and users cannot be trusted.
• Once devices are authenticated, they are always trusted.
• Internet-of-Things (IoTs) and BYOD must be authenticated before they are trusted.

Question 4: In SSL VPN, what is used to authenticate the web server to the browser?

• A one-time password
• Doman name identification
• IP address identification
• The web server’s digital certificate

Question 5: In which part of a packet is the readable message to the recipient written?

• Data (payload)
• ESP trailer
• AH header
• TCP header

Question 6: Which two security features can be implemented by IPsec VPN? (Choose two.)

• Corrupt packet blocking
• Malicious packet detection
• Packet encryption
• Packet authentication

Question 7: Which two traits differentiate SSL VPN from IPsec VPN? (Choose two).

• It establishes an encrypted session between two or more points.
• User identification permits more granular authorization.
• It protects against replay attacks.
• It secures the transport layer of the OSI model.

Question 8: Which characteristic differentiates SSL VPN from IPsec VPN and ZTNA?

• SSL VPN does not secure the transport layer in the OSI model.
• SSL VPN does not require specialized client software.
• SSL VPN does not use TCP.
• SSL VPN does not use digital certificates to secure sessions.

Module 5: Endpoint Security Quiz Answers

Question 1: Which item would be considered part of the Internet of Things (IoT)?

• Company laptop computer
• Wi-Fi Baby Monitor
• Printer connected to a laptop through USB
• Database server

Question 2: What is the best tool to help counter polymorphic malware?

• Data loss prevention (DLP)
• Endpoint detection and response (EDR)
• BIOS secured with a password
• Web filtering

Question 3: What should you always do before allowing IoT and BYOD endpoints to connect to a secure network?

• Deny access to the secure network until the device is identified.
• Allow the device access to all networks to make it easier to integrate.
• Connect the device to the internal network to allow administrators to log in.
• Disable remote access to the device.

Question 4: What is the first step in securing IoT devices in a company or home?

• Segment all IoT devices on an isolated network.
• Purchase only approved laptops and servers.
• Register IoT devices in a database.
• Identify new and existing endpoints in your network.

Question 5: What are the two most common communication protocols used by IoT devices? (Choose two.)

• Wi-Fi
• Ethernet
• Bluetooth
• Token Ring

Question 6: What is usually performed by the endpoint detection and response (EDR) client and not by the endpoint protection platform (EPP) client?

• Software updates
• Antivirus scanning
• Automatic threat response
• Data loss prevention (DLP)

Question 7: What is the primary concern about endpoint detection and response (EDR)?

• Inability to protect against web-based threats
• Ease of installation and configuration compared to endpoint protection platforms
• Speed at which it detects and handles polymorphic malware threats
• Inability to scan removable media

Question 8: Which three things should you use on all connected devices, if available? (Choose three.)

• Full disk encryption (FDE)
• Manufacturer default password
• Auto-updates
• Endpoint protection platform client (EPP)
• BIOS
• Allow USB devices to copy files

Module 6: Secure Data and Applications Quiz Answers

Question 1: Which two recommendations should you make to a chief security officer in order to block phishing attempts and their effects? (Choose two.)

• Audit the network.
• Install a web application firewall (WAF).
• Implement email content filters.
• Provide security awareness training to users.

Question 2: A security engineer would like to create a browsing group policy for application hardening. Which two features should the policy include? (Choose two.)

• Disable auto-update
• Enable password saving
• Enable pop-up blocker
• Clear cookies on exit

Question 3: Which characteristic could a digital signature lend to a document?

• Non-repudiation
• Storage
• Encryption
• Clarity

Question 4: Which tool could be denying access to the page?

• Real-time blackhole list (RBL)
• Web filter
• Pop-up blocker
• Search engine filter

Question 5: Which two security features are included only in the latest generation WAF? (Choose two.)

• Signature detection
• IP reputation
• Ports allow list
• Data loss prevention (DLP)

Question 6: In a school, which safeguards could a security architect implement to help protect children from inappropriate content?

• Web filter
• Sandbox
• Virtual private network (VPN)
• Real-time blackhole list (RBL)

Question 7: The best position for a WAF is in front of which network component?

• The wireless access points
• The web servers
• The mail servers
• The edge firewall

Question 8: Which two measures should a company take to prevent doxwares and leakwares? (Choose two.)

• Cloud storage
• Security awareness training
• Segmentation
• Data loss prevention (DLP)

Question 9: Which factors should a security engineer verify to ensure an organization’s data comply with data sovereignty laws and policies?

• The compliance of the organization’s in-use data.
• The laws of the nation where the data are collected.
• The risks involved in data destruction.
• The audit performed on data at rest.

Question 10: Which two tasks should a security engineer perform to protect private data for an organization? (Choose two.)

• Encrypt all the documents in the organization.
• Configure Simple Network Management Protocol (SNMP) on all the switches.
• Identify sensitive data and classify them.
• Identify authorized roles, users, and policies.

Question 11: Which product should a security architect use first to prevent zero-day attacks?

• Web application firewall (WAF)
• Network access control (NAC)
• Sandbox
• Firewall

Question 12: For which reason could a data center have a separate disaster recovery center?

• For perfectibility
• For confidentiality
• For integrity
• For high availability

Question 13: A security engineer must manage the devices of a large company. Which measures should they implement as part of application hardening?

• An underlay network
• A patch management system
• A switch audit
• Access only through virtual private networks (VPNs)

Question 14: Which component should a company implement to secure sensitive data in their internal servers?

• Real-time blackhole list (RBL)
• Web application firewall (WAF)
• Data loss prevention (DLP)
• Virtual private network (VPN)

Question 15: A chief security officer would like to prevent ransomware in their organization. Which two techniques should you recommend? (Choose two.)

• Use only third-party applications
• Encrypt all sensitive data
• Apply regular patch maintenances and auto-updates
• Provide security awareness training to users

Module 7: Cloud Security and Virtualization Quiz Answers

Question 1: Why is it important to secure all virtual machines (VMs) on a hypervisor?

• To reduce resource usage for all VMs
• To prevent privilege escalation and VM escape
• To improve the performance of all VMs
• To simplify administration

Question 2: What is the advantage of using a cloud access security broker (CASB) to make application programming interface (API) connections to cloud providers?

• It increases throughput.
• It minimizes points of configuration.
• It prevents denial of service (DoS) attacks.
• It allows for instant updates of cloud applications.

Question 3: What is an example of Infrastructure-as-a-Service (IaaS)?

• Microsoft Office 365
• A VMWare player
• A virtual machine (VM)
• Netflix

Question 4: Which two security services can be performed as Security-as-a-Service (SECaaS)? (Choose two.)

• Local confidential data protection
• Security information and event management (SIEM)
• Hardware forensics
• Intrusion detection and prevention (IDP)
• User deployment

Question 5: Which type of proxy sits in front of the protected server and brokers connections before allowing traffic to pass to its destination?

• Reverse proxy
• Router proxy
• Forward proxy
• Broker proxy

Question 6: Which two roles are responsible for securing cloud applications? (Choose two.)

• Cloud provider
• Application end user
• End user local machine
• Application developer

Question 7: Which two actions should you take to secure your data in the cloud? (Choose two.)

• Secure access to data with authentication.
• Keep a local tape backup.
• Implement data loss prevention (DLP).
• Use only Hyper Text Transfer Protocol (HTTP) to transfer data.
• Always back up to a secure universal serial bus (USB) device.

Question 8: Which three security devices are hosted in the cloud? (Choose three.)

• An email gateway
• A file share server
• An antivirus scanner
• A firewall
• A web server
• A network accelerator

Question 9: Which two protocols can you use as a single sign-on (SSO) protocol for cloud applications? (Choose two.)

• Secure Assertion Markup Language (SAML)
• Remote Authentication Dial-In User Service (RADIUS)
• Lightweight Directory Access Protocol (LDAP)
• Open Authorization (OAuth)
• Hyper Text Transfer Protocol Secure (HTTPS)

Question 10: What is a common threat to cloud environments?

• Shoulder surfing
• Malware on infected universal serial bus (USB) sticks
• Data loss
• Tailgating

Question 11: What is a multi-cloud environment?

• An environment that uses multiple operating systems in the cloud
• An environment that uses local and cloud-based virtual machines
• An environment that uses multiple virtual machines in the cloud
• An environment that has applications hosted on different cloud platforms and vendors

Question 12: Which security product allows visibility into a cloud environment and examines it for risk, threats, and compliance?

• Intrusion Detection
• Data Loss Prevention
• Cloud Native Protection
• Packet Capture and Sniffing

Question 13: Why do virtual machines (VMs) increase the potential attack surface?

• More computers increase the risk of compromise.
• More data used increases risk of corruption.
• More resources used increases power consumption.
• More network traffic increases bandwidth usage.

Question 14: What would you install in front of a protected cloud network to partition it from the internet?

• A cloud access security broker (CASB)
• A router
• A cloud native firewall
• A web gateway
• A security information and event management (SIEM) system

Question 15: What runs on a laptop, desktop, or server, and allows you to create a virtual machine (VM)?

• A hypervisor
• Random access memory (RAM)
• A virtual disk
• A basic input/output system (BIOS)