A security solutions architect has argued consistently to implement the most secure method of encrypting
corporate messages. The solution has been derided as not being cost effective by other members of the IT
department. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to
unauthorized decryption. The method also requires special handling and security for all key material that goes
above and beyond most encryption systems. Which of the following is the solutions architect MOST likely trying
to implement?

VPN users cannot access the active FTP server through the router but can access any server in the data
center. Additional network information:DMZ network 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network 192.168.1.0/24 Datacenter –
192.168.2.0/24 User network – 192.168.3.0/24 HR network 192.168.4.0/24\\ Traffic shaper configuration: VLAN
Bandwidth Limit (Mbps) VPN50 User175 HR250
Finance250 Guest0
Router ACL: ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24
Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24
Permit192.168.3.0/24192.168.1.0/24 Permit192.168.5.1/32192.168.1.0/24 Deny192.168.4.0/24192.168.1.0/24
Deny192.168.1.0/24192.168.4.0/24
Denyanyany
Which of the following solutions would allow the users to access the active FTP server?

VPN users cannot access the active FTP server through the router but can access any server in the data
center. Additional network information:DMZ network 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network 192.168.1.0/24 Datacenter –
192.168.2.0/24 User network – 192.168.3.0/24 HR network 192.168.4.0/24\\ Traffic shaper configuration: VLAN
Bandwidth Limit (Mbps) VPN50 User175 HR250
Finance250 Guest0
Router ACL: ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24
Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24
Permit192.168.3.0/24192.168.1.0/24 Permit192.168.5.1/32192.168.1.0/24 Deny192.168.4.0/24192.168.1.0/24
Deny192.168.1.0/24192.168.4.0/24
Denyanyany
Which of the following solutions would allow the users to access the active FTP server?

DRAG DROP
An organization is implementing a project to simplify the management of its firewall network flows and
implement security controls. The following requirements exist. Drag and drop the BEST security solution to
meet the given requirements. Options may be used once or not at all.
All placeholders must be filled.

An educational institution would like to make computer labs available to remote students. The labs are used for
various IT networking, security, and programming courses. The requirements are:
1. Each lab must be on a separate network segment.
2. Labs must have access to the Internet, but not other lab networks.
3. Student devices must have network access, not simple access to hosts on the lab networks.
4. Students must have a private certificate installed before gaining access.
5. Servers must have a private certificate installed locally to provide assurance to the students.
6. All students must use the same VPN connection profile. Which of the following components should be used
to achieve the design in conjunction with directory services?

A recently hired security administrator is advising developers about the secure integration of a legacy in-house
application with a new cloud based processing system. The systems must exchange large amounts of fixed
format data such as names, addresses, and phone numbers, as well as occasional chunks of data in
unpredictable formats. The developers want to construct anew data format and create custom tools to parse and process the data. The security administrator instead
suggests that the developers:

CORRECT TEXT
Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to
conduct this review on the internal firewall sitting between several Internal networks. The intent of this firewall is
to make traffic more restrictive. Given the following information answer the questions below: User Subnet:
192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24 Instructions: To perform the
necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are
read from the top down Task 1) An administrator added a rule to allow their machine terminal server access to
the server subnet. This rule is not working. Identify the rule and correct this issue. Task 2) All web servers have
been changed to communicate solely over SSL. Modify the
appropriate rule to allow communications.
Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This
rule is not working. Identify and correct this issue. Task 4) Other than allowing all hosts to do network time and
SSL, modify a rule to ensure that no other traffic is allowed.

CORRECT TEXT
Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address.
The company uses the following internal IP address ranges: 192.10.1.0/24 for the corporate site and
192.10.2.0/24 for the remote site. The Telco router interface uses the 192.10.5.0/30 IP range. Instructions:
Click on the simulation button to refer to the Network Diagram for Company A. Click on Router 1, Router 2, and
the Firewall to evaluate and configure each device.
Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces. Task 2:
Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other
servers on the corporate network.

A security tester is testing a website and performs the following manual query:
https://www.comptia.com/cookies.jsp?products=5%20and%201=1 The following response is received in the
payload: “ORA-000001: SQL command not properly ended” Which of the following is the response an example
of?

Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).