IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor
product-related issues. Drag and drop the following security controls to match the associated security concern.
Options may be used once or not at all.
Select and Place:

An organization is implementing a project to simplify the management of its firewall network flows and
implement security controls. The following requirements exist. Drag and drop the BEST security solution to
meet the given requirements. Options may be used once or not at all. All placeholders must be filled.
Select and Place:

Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address.
The company uses the following internal IP address ranges: 192.10.1.0/24 for the corporate site and
192.10.2.0/24 for the remote site. The Telco router interface uses the 192.10.5.0/30 IP range.
Instructions: Click on the simulation button to refer to the Network Diagram for Company A.
Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.
Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces.
Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server
and other servers on the corporate network.

An administrator wants to install a patch to an application. Given the scenario, download, verify and install the
patch in the most secure manner.
Instructions: The last install that is completed will be the final submission.

Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to
conduct this review on the internal firewall sitting between several Internal networks. The intent of this firewall is
to make traffic more restrictive. Given the following information answer the questions below:
User Subnet: 192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24
Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order
columns. Firewall ACLs are read from the top down
Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This
rule is not working. Identify the rule and correct this issue.
Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to
allow communications.
Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This
rule is not working. Identify and correct this issue.
Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is
allowed.

Company A has experienced external attacks on their network and wants to minimize the attacks from
reoccurring. Modify the network diagram to prevent SQL injections, XSS attacks, smurf attacks, e-mail spam,
downloaded malware, viruses and ping attacks. The company can spend a MAXIMUM of $50,000 USD. A cost
list for each item is listed below:
1. Anti-Virus Server – $10,000
2. Firewall-$15,000
3. Load Balanced Server – $10,000
4. NIDS/NIPS-$10,000
5. Packet Analyzer – $5,000
6. Patch Server-$15,000
7. Proxy Server-$20,000
8. Router-$10,000
9. Spam Filter-$5,000
10. Traffic Shaper – $20,000
11. Web Application Firewall – $10,000
Instructions: Not all placeholders in the diagram need to be filled and items can only be used once. If you place
an object on the network diagram, you can remove it by clicking the (x) in the upper right-hand of the object.

A manufacturer is planning to build a segregated network. There are requirements to segregate development
and test infrastructure from production and the need to support multiple entry points into the network depending
on the service being accessed. There are also strict rules in place to only permit user access from within the
same zone. Currently, the following access requirements have been identified:
1. Developers have the ability to perform technical validation of development applications.
2. End users have the ability to access internal web applications.
3. Third-party vendors have the ability to support applications.
In order to meet segregation and access requirements, drag and drop the appropriate network zone that the
user would be accessing and the access mechanism to meet the above criteria. Options may be used once or
not at all. All placeholders must be filled.
Select and Place:

A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit
and had been presented with a potential problem on their network. Vendors were authenticating directly to the
retailer’s AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit
card servers were kept. The firewall rule was needed for an internal application that was developed, which
presents risk. The retailer determined that because the vendors were required to have site to site VPN’s no
other security action was taken.
To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?

A small company is developing a new Internet-facing web application. The security requirements are:
1. Users of the web application must be uniquely identified and authenticated.
2. Users of the web application will not be added to the company’s directory services.
3. Passwords must not be stored in the code.
Which of the following meets these requirements?

An educational institution would like to make computer labs available to remote students. The labs are used for
various IT networking, security, and programming courses. The requirements are:
1. Each lab must be on a separate network segment.
2. Labs must have access to the Internet, but not other lab networks.
3. Student devices must have network access, not simple access to hosts on the lab networks.
4. Students must have a private certificate installed before gaining access.
5. Servers must have a private certificate installed locally to provide assurance to the students.
6. All students must use the same VPN connection profile.
Which of the following components should be used to achieve the design in conjunction with directory services?