Monday , June 17 2024
Breaking News

FCF – Technical Introduction to Cybersecurity Exam Quiz Answers – Fortinet

Fortinet – Technical Introduction to Cybersecurity Exam Quiz Answers

Module 1: Cryptography and the Public Key Infrastructure Quiz answers

Question: Identify two symmetric algorithms. (Choose two.)

  • AES
  • DSA
  • IDEA
  • RSA

Question: During the encryption process, where symmetric and asymmetric cryptography are used, which key is used to encrypt the session (symmetric) key?

  • The sender’s private key
  • The receiver’s private key
  • The sender’s public key
  • The receiver’s public key

Question: Which cipher type is used by computers to encrypt data?

  • Hashing
  • Geyser
  • Block-and-tackle
  • Stream

Question: What ingredient is added during the BCRYPT key stretching process to increase entropy?

  • Verification code
  • A static known value
  • Salt
  • MAC

Question: Which statement best describes hashing?

  • The process of converting plaintext to ciphertext
  • The process of converting data of an arbitrary size to a unique value of a fixed size
  • The art of writing or solving codes
  • The process of generating a unique value that can be tied legally to an entity

Question: Which two entities are necessary components of a PKI? (Choose two.)

  • Microsoft CAPI
  • RA
  • CA
  • Firewall

Question: In a PKI, what is the ultimate source of trust?

  • The registration authority
  • The private key of the root CA
  • PKI policy and procedures
  • Local municipal laws in which the CA resides

Question: Which two features are characteristics of hashing? (Choose two.)

  • Non-reversible process
  • Random output value
  • Obfuscation data process
  • Fixed-length output value

Question: Which security requirement does encryption satisfy?

  • Data integrity
  • Authentication
  • Non-repudiation
  • Confidentiality

Question: Which statement best describes encryption?

  • The art of writing or solving codes
  • The process of converting an arbitrary-sized value to a fixed-size value
  • The process of converting plaintext to ciphertext
  • An entity disguised as something else

Question: Which two security requirements are satisfied by a digital signature? (Choose two.)

  • Confidentiality
  • Authorization
  • Data integrity
  • Authentication

Question: Which statement best describes cryptography?

  • A method for ensuring network safety
  • The study of writing or solving codes
  • A secure session between a web browser and a web server
  • The process of converting plaintext to ciphertext

Question: Identify three cipher method types. (Choose three.)

  • Bletchley Park
  • Transpositional
  • One-time pad
  • Substitution
  • Abacus

Module 2: Secure Network Quiz answers

Question: Why should a user prefer a security protocol over a non secured one?

  • It provides Quality of Service (QoS).
  • it adds segmentation.
  • It adds confidentiality.
  • It provides lower latency.

Question: What was missing in the early sandbox generation? (Choose two.)

  • An integration with other security devices
  • Automation and artificial intelligence
  • An isolated environment to test unknown files
  • A zero-day attacks detection

Question: How can a security engineer secure switching and ports?

  • By configuring an application layer gateway
  • By configuring firewall policies
  • By configuring Network Address Translation (NAT) filtering
  • By configuring static or sticky Media Access Control (MAC) address entries in the Content Addressable Memory (CAM) table

Question: Why is Fortinet Security Fabric an example of centralized security network management? (Choose two.)

  • It can operate only locally.
  • It has a broad view of the security with an end to end visibility.
  • It can communicate with other devices through Application Programming Interfaces (APIs) or fabric connectors.
  • All tasks and configurations are manual.

Question: Which network is enclosed by the security perimeter?

  • The Demilitarized Zone (DMZ)
  • The trusted network
  • The Local Area Network (LAN) only
  • The Wide Area Network (WAN)

Question: how can a security architect better control and protect the east-west traffic in a DeMilitarized Zone (DMZ)?

  • Through Simple Network Management Protocol (SNMP)
  • Through centralized security management
  • Through micro-segmentation
  • Through traffic shaping

Question: Why would a security architect segment a network? (Choose two.)

  • To reduce the network congestions and broadcasts
  • To limit the attacks to the specific segment without contaminating all the network
  • To facilitate the management access through a connection to each device in the network
  • To increase the scope of compliance to the complete network

Question: What are objectives of Software Defined Wide Area Network (SD-WAN)? (Choose two.)

  • Lower latency
  • Increase data protection
  • Greater reliability
  • Lower Quality of Service (QoS)

Question: Which principles are part of the Zero-Trust security model? (Choose two.)

  • Assume that your network is breached
  • Implement least privilege
  • Reduce DeMilitarized Zone (DMZ) surface
  • Trust only your Local Area Network (LAN)

Question: Why knowing the source IPs of an attack may not be relevant? (Choose two.)

  • Source IPs can be forked.
  • Attackers can use zero-day attacks.
  • Source IPs can be spoofed.
  • Attackers can use botnets.

Question: When implementing Zero-Trust security, which benefits do you expect? (Choose two.)

  • A defined trusted zone
  • Tighter restrictions to access resources
  • Proofs of trust
  • No micro-segmentation

Question: Which challenges brought the evolution from a network model with a single, dedicated service provider to Software Defined Wide Area Network (SD-WAN)? (Choose two.)

  • Reliability
  • Demand for more cloud applications and services
  • Data protection
  • Compliance requirements

Question: Which implementation should be done by a security architect to limit network threats in a network? (Choose two.)

  • Zero trust
  • Centralized network management
  • Network segmentation
  • Software Defined Wide Area Network (SD-WAN)

Question: What does Secure Multipurpose Internet Mail Extensions (S/MIME) bring over MIME? (Choose two.)

  • Integrity with remote access
  • repudiation with private connection
  • Confidentiality with encryption
  • Authentication with digital signature

Question: Why may a security architect add a sandbox in a network? (Choose two.)

  • To share threat intelligence with other security devices
  • To stop known threats like a honeypot
  • To provide authentication
  • To detect zero day attacks

Question: When implementing a data fabric architecture, which benefits do you expect?  (Choose two.)

  • The monitoring and data management is centrally governed.
  • The attack surface is reduced.
  • The different parts of the security network are linked.
  • The authentication is enforced.

Question: What are two core capabilities of Secure Access Service Edge (SASE)? (Choose two.)

  • Simple Network Management Protocol (SNMP)
  • Zero-Trust network access
  • Traffic shaping
  • Data loss prevention

Question: View the following exhibit:In this SD-WAN environment, what does the red line represent?

  • An overlay network
  • An underlay network
  • A physical network
  • A Wide Area Network (WAN)

Question: A security compliance audit must take place. Which implementation can simplify it?

  • Centralized security management
  • Simple Network Management Protocol (SNMP)
  • Application Programming Interface (API)
  • Artificial Intelligence

Question: Which application could provide the list of open ports to a security engineer, so the unnecessary ones can be closed?

  • Syslog
  • Machine Learning
  • Sandbox
  • Network mapper (nmap)

Question: View the following exhibit: What will be at least checked by the firewall upon receiving the server reply packet?

  • The packet five-tuple
  • The firewall session table
  • If the implicit firewall policy is set to allow
  • Nothing when the packet is encrypted

Question: Which required capabilities are included in Secure Access Service Edge (SASE)? (Choose two.)

  • Network-as-a-Service
  • Software-as-a-Service
  • Security-as-a-Service
  • Platform-as-a-Service

Question: What are the benefits for a bank in taking a Next Generation FireWall (NGFW) to secure its network? (Choose two.)

  • Further analysis can be performed with a sandbox.
  • An artificial intelligence performs all the security checkpoints.
  • Malicious content is checked through Deep Packet Inspection (DPI).
  • Machine learning configures automatically micro-segmentation.

Question: A security architect would like to add in a network a device able to understand the application layers protocols. Which device should be added?

  • A Next Generation FireWall (NGFW)
  • A packet filter firewall
  • A stateful firewall
  • A stateless firewall

Question: How could the traffic be filtered at the security perimeter? (Choose two.)

  • By performing traffic shaping
  • By acting as an application layer gateway
  • By logging the incoming traffic
  • By performing packet filtering at transport layer

Question: A network architect must implement security in a network including Internet of Things (IoT), Bring your own Device (ByoD), and cloud-based workstations. Which model should the architect put in place?

  • Packet filtering
  • Security perimeter
  • Network Address Translation (NAT) filtering
  • Zero trust

Question: Why should a security engineer secure a switch? (Choose two.)

  • The management access is only available through the default Virtual Local Area Networks (VLAN).
  • The management access is only available through the default Media Access Control (MAC) address.
  • By default, a switch is vulnerable to broadcast storms.
  • By default, port authentication is not configured.

Question: What does Secure Access Service Edge (SASE) offer to remote off-net users compared to on-net?

  • Different login credentials to access different systems
  • Better software upgrades including security patches
  • Real-time analysis of security alerts
  • The same security policies no matter their location

Question: how can a security architect segment a network? (Choose two.)

  • Through Virtual Local Area Networks (VLANs)
  • Through Software Defined Wide Area Network (SD-WAN)
  • Through a bastion host
  • Through a jump box

Question: Which type of attack is handled only by the latest sandbox generation?

  • AI-driven attacks
  • Zero-day attacks
  • Attacks exploiting known vulnerabilities
  • Fraggle attacks

Question: Which protocols should a security engineer disable for management access? (Choose two.)

  • Secure Shell protocol (SSH)
  • HyperText Transfer Protocol Secure (HTTPS)
  • HyperText Transfer Protocol (HTTP)
  • Telnet

Question: A security architect must put in place the Zero-Trust model in a network. Which methods could the architect implement? (Choose two.)

  • Traffic shaping
  • Privilege access management
  • The Kipling method
  • The Kubernetes method

Question: View the following exhibit: How can a security architect secure the switch to reduce a Media Access Control (MAC) flooding attack performed by the device D?

  • By grouping the devices in the same Virtual Local Area Network (VLAN)
  • By limiting the number of MAC address entries per switch port
  • By grouping the switch ports in the same VLAN
  • By limiting the number of IP address entries per VLAN

Module 3: Authentication and Access Control Quiz answers

Question: Which is an example of a possession-based authentication method?

  • Texting a one-time code through SMS
  • Using your eye to pass a biometric lock
  • Having your password written down in a secure location
  • Carrying your laptop home

Question: Which two are aspects of the principle of least privilege? (Choose two.)

  • Allowing easy, baseline access for all
  • Allowing only what users and devices need
  • Allowing access until proven otherwise
  • Reducing error by minimizing access

Question: Which two are the responsibilities of an authentication governing body? (Choose two.)

  • Creating disaster recovery policies
  • User onboarding
  • Reviewing the password strength policy
  • User certification

Question: What type of access control allows the device or person performing the authentication the ability to allow or deny access?

  • Lattice-based access control
  • Discretionary access control
  • Role-based access control
  • Mandatory access control

Question: Which two should be selected to create secure multi-factor authentication to access a computer system? (Choose two.)

  • Smart Card
  • Voice identification
  • Height sensor
  • Password

Question: Which two are performed by the supplicant in 802.1x authentication? (Choose two.)

  • Verifying identity
  • Providing identity
  • Connecting to a network
  • Sending an accept message to the intermediary

Question: What does a NAC use to identify attached devices and allow access?

  • Retinal pattern
  • Device memory size
  • Username
  • Device profile

Question: Which one makes the allow or deny decision in the authentication process?

  • Authentication server
  • Supplicant
  • Access point
  • Intermediary

Question: Which protocol can perform SSO?

  • TCP
  • DNS
  • CHAP
  • Kerberos

Question: Which type of access control scheme does a NAC apply?

  • Mandatory access control
  • Attribute-based access control
  • Lattice-based access control
  • Discretionary access control

Question: In SSO authentication, which two entities know the unhashed credentials? (Choose two.)

  • Service provider
  • User
  • Internet service provider
  • Identify provider

Question: Which three can be used as attributes in attribute-based access control? (Choose three.)

  • MAC address
  • DHCP IP address
  • Hours in a day
  • Time of day

Module 4: Secure Remote Access Quiz answers

Question: Which statement best describes secure remote access?

  • Secure remote access allows personal devices (BYOD) to connect to the computer network.
  • Secure remote access securely connects two or more local area networks (LANs).
  • Secure remote access transmits smart device information to an outside computer network.
  • Secure remote access allows outside end entities to connect securely to a computer network.

Question: Which characteristic differentiates ZTNA from VPN?

  • Encryption algorithms
  • Security due to key lengths
  • Data integrity checks
  • The zero trust concept

Question: Which statement best describes the zero trust approach that is the basis for ZTNA design?

  • Nothing can be trusted inside or outside the network.
  • Remote devices and users cannot be trusted.
  • Once devices are authenticated, they are always trusted.
  • Internet-of-Things (IoTs) and BYOD must be authenticated before they are trusted.

Question: In SSL VPN, what is used to authenticate the web server to the browser?

  • A one-time password
  • Doman name identification
  • IP address identification
  • The web server’s digital certificate

Question: In which part of a packet is the readable message to the recipient written?

  • Data (payload)
  • ESP trailer
  • AH header
  • TCP header

Question: Which two security features can be implemented by IPsec VPN? (Choose two.)

  • Corrupt packet blocking
  • Malicious packet detection
  • Packet encryption
  • Packet authentication

Question: Which two traits differentiate SSL VPN from IPsec VPN? (Choose two).

  • It establishes an encrypted session between two or more points.
  • User identification permits more granular authorization.
  • It protects against replay attacks.
  • It secures the transport layer of the OSI model.

Question: Which characteristic differentiates SSL VPN from IPsec VPN and ZTNA?

  • SSL VPN does not secure the transport layer in the OSI model.
  • SSL VPN does not require specialized client software.
  • SSL VPN does not use TCP.
  • SSL VPN does not use digital certificates to secure sessions.

Module 5: Endpoint Security Quiz answers

Question: Which item would be considered part of the Internet of Things (IoT)?

  • Company laptop computer
  • Wi-Fi Baby Monitor
  • Printer connected to a laptop through USB
  • Database server

Question: What is the best tool to help counter polymorphic malware?

  • Data loss prevention (DLP)
  • Endpoint detection and response (EDR)
  • BIOS secured with a password
  • Web filtering

Question: What should you always do before allowing IoT and BYOD endpoints to connect to a secure network?

  • Deny access to the secure network until the device is identified.
  • Allow the device access to all networks to make it easier to integrate.
  • Connect the device to the internal network to allow administrators to log in.
  • Disable remote access to the device.

Question: What is the first step in securing IoT devices in a company or home?

  • Segment all IoT devices on an isolated network.
  • Purchase only approved laptops and servers.
  • Register IoT devices in a database.
  • Identify new and existing endpoints in your network.

Question: What are the two most common communication protocols used by IoT devices? (Choose two.)

  • Wi-Fi
  • Ethernet
  • Bluetooth
  • Token Ring

Question: What is usually performed by the endpoint detection and response (EDR) client and not by the endpoint protection platform (EPP) client?

  • Software updates
  • Antivirus scanning
  • Automatic threat response
  • Data loss prevention (DLP)

Question: What is the primary concern about endpoint detection and response (EDR)?

  • Inability to protect against web-based threats
  • Ease of installation and configuration compared to endpoint protection platforms
  • Speed at which it detects and handles polymorphic malware threats
  • Inability to scan removable media

Question: Which three things should you use on all connected devices, if available? (Choose three.)

  • Full disk encryption (FDE)
  • Manufacturer default password
  • Auto-updates
  • Endpoint protection platform client (EPP)
  • BIOS
  • Allow USB devices to copy files

Module 6: Secure Data and Applications Quiz answers

Question: Which two recommendations should you make to a chief security officer in order to block phishing attempts and their effects? (Choose two.)

  • Audit the network.
  • Install a web application firewall (WAF).
  • Implement email content filters.
  • Provide security awareness training to users.

Question: A security engineer would like to create a browsing group policy for application hardening. Which two features should the policy include? (Choose two.)

  • Disable auto-update
  • Enable password saving
  • Enable pop-up blocker
  • Clear cookies on exit

Question: Which characteristic could a digital signature lend to a document?

  • Non-repudiation
  • Storage
  • Encryption
  • Clarity

Question: Which tool could be denying access to the page?

  • Real-time blackhole list (RBL)
  • Web filter
  • Pop-up blocker
  • Search engine filter

Question: Which two security features are included only in the latest generation WAF? (Choose two.)

  • Signature detection
  • IP reputation
  • Ports allow list
  • Data loss prevention (DLP)

Question: In a school, which safeguards could a security architect implement to help protect children from inappropriate content?

  • Web filter
  • Sandbox
  • Virtual private network (VPN)
  • Real-time blackhole list (RBL)

Question: The best position for a WAF is in front of which network component?

  • The wireless access points
  • The web servers
  • The mail servers
  • The edge firewall

Question: Which two measures should a company take to prevent doxwares and leakwares? (Choose two.)

  • Cloud storage
  • Security awareness training
  • Segmentation
  • Data loss prevention (DLP)

Question: Which factors should a security engineer verify to ensure an organization’s data comply with data sovereignty laws and policies?

  • The compliance of the organization’s in-use data.
  • The laws of the nation where the data are collected.
  • The risks involved in data destruction.
  • The audit performed on data at rest.

Question: Which two tasks should a security engineer perform to protect private data for an organization? (Choose two.)

  • Encrypt all the documents in the organization.
  • Configure Simple Network Management Protocol (SNMP) on all the switches.
  • Identify sensitive data and classify them.
  • Identify authorized roles, users, and policies.

Question: Which product should a security architect use first to prevent zero-day attacks?

  • Web application firewall (WAF)
  • Network access control (NAC)
  • Sandbox
  • Firewall

Question: For which reason could a data center have a separate disaster recovery center?

  • For perfectibility
  • For confidentiality
  • For integrity
  • For high availability

Question: A security engineer must manage the devices of a large company. Which measures should they implement as part of application hardening?

  • An underlay network
  • A patch management system
  • A switch audit
  • Access only through virtual private networks (VPNs)

Question: Which component should a company implement to secure sensitive data in their internal servers?

  • Real-time blackhole list (RBL)
  • Web application firewall (WAF)
  • Data loss prevention (DLP)
  • Virtual private network (VPN)

Question: A chief security officer would like to prevent ransomware in their organization. Which two techniques should you recommend? (Choose two.)

  • Use only third-party applications
  • Encrypt all sensitive data
  • Apply regular patch maintenances and auto-updates
  • Provide security awareness training to users

Module 7: Cloud Security and Virtualization Quiz answers

Question: Why is it important to secure all virtual machines (VMs) on a hypervisor?

  • To reduce resource usage for all VMs
  • To prevent privilege escalation and VM escape
  • To improve the performance of all VMs
  • To simplify administration

Question: What is the advantage of using a cloud access security broker (CASB) to make application programming interface (API) connections to cloud providers?

  • It increases throughput.
  • It minimizes points of configuration.
  • It prevents denial of service (DoS) attacks.
  • It allows for instant updates of cloud applications.

Question: What is an example of Infrastructure-as-a-Service (IaaS)?

  • Microsoft Office 365
  • A VMWare player
  • A virtual machine (VM)
  • Netflix

Question: Which two security services can be performed as Security-as-a-Service (SECaaS)? (Choose two.)

  • Local confidential data protection
  • Security information and event management (SIEM)
  • Hardware forensics
  • Intrusion detection and prevention (IDP)
  • User deployment

Question: Which type of proxy sits in front of the protected server and brokers connections before allowing traffic to pass to its destination?

  • Reverse proxy
  • Router proxy
  • Forward proxy
  • Broker proxy

Question: Which two roles are responsible for securing cloud applications? (Choose two.)

  • Cloud provider
  • Application end user
  • End user local machine
  • Application developer

Question: Which two actions should you take to secure your data in the cloud? (Choose two.)

  • Secure access to data with authentication.
  • Keep a local tape backup.
  • Implement data loss prevention (DLP).
  • Use only Hyper Text Transfer Protocol (HTTP) to transfer data.
  • Always back up to a secure universal serial bus (USB) device.

Question: Which three security devices are hosted in the cloud? (Choose three.)

  • An email gateway
  • A file share server
  • An antivirus scanner
  • A firewall
  • A web server
  • A network accelerator

Question: Which two protocols can you use as a single sign-on (SSO) protocol for cloud applications? (Choose two.)

  • Secure Assertion Markup Language (SAML)
  • Remote Authentication Dial-In User Service (RADIUS)
  • Lightweight Directory Access Protocol (LDAP)
  • Open Authorization (OAuth)
  • Hyper Text Transfer Protocol Secure (HTTPS)

Question: What is a common threat to cloud environments?

  • Shoulder surfing
  • Malware on infected universal serial bus (USB) sticks
  • Data loss
  • Tailgating

Question: What is a multi-cloud environment?

  • An environment that uses multiple operating systems in the cloud
  • An environment that uses local and cloud-based virtual machines
  • An environment that uses multiple virtual machines in the cloud
  • An environment that has applications hosted on different cloud platforms and vendors

Question: Which security product allows visibility into a cloud environment and examines it for risk, threats, and compliance?

  • Intrusion Detection
  • Data Loss Prevention
  • Cloud Native Protection
  • Packet Capture and Sniffing

Question: Why do virtual machines (VMs) increase the potential attack surface?

  • More computers increase the risk of compromise.
  • More data used increases risk of corruption.
  • More resources used increases power consumption.
  • More network traffic increases bandwidth usage.

Question: What would you install in front of a protected cloud network to partition it from the internet?

  • A cloud access security broker (CASB)
  • A router
  • A cloud native firewall
  • A web gateway
  • A security information and event management (SIEM) system

Question: What runs on a laptop, desktop, or server, and allows you to create a virtual machine (VM)?

  • A hypervisor
  • Random access memory (RAM)
  • A virtual disk
  • A basic input/output system (BIOS)

About Clear My Certification

Check Also

ISRO

ISRO Launched 5 Days Free Course with Certification in May 2024

ISRO Launched 5 Days Free Course with Certification in May 2024 About the Course : …

Leave a Reply

Your email address will not be published. Required fields are marked *