B is correct. If the host-based intrusion detection system (HIDS)

identified a known issue, it is using signature-based detection (sometimes

called definition-based detection). A HIDS is not network-based but a

network-based IDS (NIDS) can also use signature-based detection.

Heuristic-based or behavior-based (sometimes called anomaly-based)

detection systems identify issues by comparing current activity against a

baseline. They can identify issues that are not previously known.

C is correct. A heuristic-based (also called behavior-based or anomaly-

based) detection system compares current activity with a previously created

baseline to detect any anomalies or changes. Signature-based systems (also

called definition-based) use signatures of known attack patterns to detect

attacks. A honeypot is a server designed to look valuable to an attacker and

can divert attacks. A Bridge Protocol Data Unit (BPDU) guard is used to

protect against BPDU-related attacks and is unrelated to this question.

C is correct. An inline network-based intrusion prevention system (NIPS)

can dynamically detect, react to, and prevent attacks. An inline system is

placed inline with the traffic, and in this scenario, it can be configured to

detect the logon attempts and block the traffic from the offending IP

addresses before it reaches the internal network. A passive network-based

intrusion detection system (NIDS) is not placed inline with the traffic and

can only detect the traffic after it has reached the internal network, so it

cannot prevent the attack. If you block all traffic from foreign countries,

you will likely block legitimate traffic. You should disable administrator

accounts if they’re not needed. However, if you disable all administrator

accounts, administrators won’t be able to do required work.

C is correct. A honeyfile is a file with a deceptive name (such as

password.txt) that will deceive an attacker and attract his attention. It is not

appropriate to place a file holding credentials on a desktop for any reason.

A honeypot or honeynet diverts attackers from the live network. A file on

an administrator’s desktop is on the live network. It is unlikely that any

application needs a file named password.txt to run. Even if an application

needed such a file, the file would be inaccessible if it is placed on an

administrator’s desktop.

B is correct. Protected EAP (PEAP) can be used for wireless

authentication and it uses Transport Layer Security (TLS) to encapsulate

and encrypt the authentication conversation within a TLS tunnel. Extensible

Authentication Protocol (EAP) is the basic framework for authentication.

By itself, EAP doesn’t provide encryption, but it can be combined with

other encryption protocols. Neither Wi-Fi Protected Access 2 (WPA2) nor

Wi-Fi Protected Access 3 (WPA3) use TLS.

B is correct. Wireless footprinting creates a detailed diagram of wireless

access points and hotspots within an organization. It typically displays a

heat map and dead spots if they exist. A remote access virtual private

network (VPN) provides access to a private network and is unrelated to this

question. Wi-Fi analyzers provide a graph showing channel overlaps but not

a diagram of wireless access points. An architectural diagram is typically

laid on top of a heat map to create the wireless footprint document, but by

itself, it shows the building layout.

A is correct. Open mode is the best choice of those given for a public

wireless hotspot that doesn’t require a password. A pre-shared key (PSK) is

the same as a password and the scenario says a password isn’t desired.

Enterprise mode requires each user to authenticate and is typically enabled

with a RADIUS server. If you disable service set identifier (SSID)

broadcast, it will make it harder for the customers to find the hotspot, but

unless Open mode is used, it will still require a password.