Two universities are making their 802.11n wireless networks available to the other university’s students. Theinfrastructure will pass the student’s credentials back to the home school for authentication via the Internet.
The requirements are:
Mutual authentication of clients and authentication server The design should not limit connection speeds
Authentication must be delegated to the home school No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
RADIUS proxy servers will be used to forward authentication requests to the home school
The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?

Which of the following BEST constitutes the basis for protecting VMs from attacks from other VMs hosted on
the same physical platform?

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for
over 20 years. He has designed a network defense method which he says is significantly better than prominent
international standards. He has recommended that the company use his cryptographic method. Which of the
following methodologies should be adopted?

An industry organization has implemented a system to allow trusted authentication between all of its partners.
The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was
able to set up a malicious server and conduct a successful man-in-the- middle attack. Which of the following
controls should be implemented to mitigate the attack in the future?

Two separate companies are in the process of integrating their authentication infrastructure into a unified single
sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The
system administrators have configured a trust relationship between the authentication backend to ensure
proper process flow. How should the employees request access to shared resources before the authentication
integration is complete?

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to
ensure that the software will not be modified by a third party or end users before being installed on mobile
devices. Which of the following should Ann implement to stop modified copies of her software from running on
mobile devices?

A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN
is currently configured to authenticate VPN users against a backend RADIUS server. New company policies
require a second factor of authentication, and the Information Security Officer has selected PKI as the second
factor. Which of the following should the security administrator configure and implement on the VPN
concentrator to implement the second factor and ensure that no error messages are displayed to the userduring the VPN connection? (Select TWO).

In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It
will allow access to email and remote connections to the corporate enterprise from personal devices; provided
they are on an approved device list. Which of the following security measures would be MOST effective in
securing the enterprise under the new policy? (Select TWO).

Due to a new regulatory requirement, ABC Company must now encrypt all WAN transmissions. When speaking
with the network administrator, the security administrator learns that the existing routers have the minimum
processing power to do the required level of encryption. Which of the following solutions minimizes the
performance impact on the router?