Key Phrase: "SNMP trap"

Explanation:
Correct Answer (C): SNMP traps can be configured to provide additional information, but typical SNMP traps provide information about issues such as links going down, authentication failures, and reboots.
Why others are wrong:

• A: Notification of a vulnerability would be identified by a vulnerability management tool, not typically via SNMP traps.

• B: Notification of a patch being installed is not something typically sent via SNMP traps.

• D: Notification of a user being created is not a use case for SNMP traps.

Key Phrase: "observe malicious behavior and capture attack tools"

Explanation:
Correct Answer (C): A honeynet is a group of systems that intentionally exposes vulnerabilities so that defenders can observe attacker behaviors, techniques, and tools to help them design better defenses.
Why others are wrong:

• A: A honeypot is a single system designed to attract attackers, not multiple systems.

• B: A bear trap is not a standard security term related to monitoring or observing attacks.

• D: A tarpit intentionally slows down attackers, but it is not designed for documenting all attacks in a comprehensive way.

Key Phrase: "replace Telnet"

Explanation:
Correct Answer (B): SSH (Secure Shell) is the secure alternative to Telnet and runs on port 22. It encrypts the communication, providing a secure way to access systems remotely.
Why others are wrong:

• A: SFTP is a secure file transfer protocol, but it does not replace Telnet for remote command-line access.

• C: HTTPS is used for secure web browsing, not for command-line access.

• D: RDP is used for remote desktop access, not for command-line access.

Key Phrase: "DNS filtering to prevent malicious sites"

Explanation:
Correct Answer (D): DNS reputation services can provide Jill with an automated feed of malicious sites that she can include in her DNS filter.
Why others are wrong:

• A: OSINT (Open Source Intelligence) is typically gathered without scans and won’t provide DNS block lists.

• B: STP (Spanning Tree Protocol) prevents loops in networks but is not related to DNS filtering.

• C: An ACL monitoring service would not provide information about malicious sites.

Key Phrase: "secure, monitored access"

Explanation:
Correct Answer (B): Jump servers are used to provide secure, monitored access to a protected network. Users log in to the jump server, which then grants access to the network.
Why others are wrong:

• A: Proxies are used to filter or manage traffic and might be used in this scenario, but jump servers are preferred for secure access.

• C: A VLAN logically separates network segments, but it does not directly provide secure, monitored access.

• D: An air gap is a physical disconnection between networks, not a method for providing monitored access.

Key Phrase: "firewall that handles large traffic and advanced tasks"

Explanation:
Correct Answer (A): An NGFW (Next-Generation Firewall) is designed to provide advanced firewalling tasks such as deep packet inspection and intrusion prevention while being capable of handling high throughput.
Why others are wrong:

• B: A WAF (Web Application Firewall) is specialized for protecting web applications and is not designed for high traffic handling.

• C: A UTM (Unified Threat Management) device provides a broad range of services but may not perform as efficiently as an NGFW for large traffic volumes.

• D: SD-FW is not a common acronym in firewall technology.

Key Phrase: "prevent DNS poisoning"

Explanation:
Correct Answer (A): DNSSEC (DNS Security Extensions) validates both the origin of DNS information and ensures that DNS responses have not been modified, making it the best option to prevent DNS poisoning attacks.
Why others are wrong:

• B: SDNS is not a valid technology for DNS security.

• C: SASE (Secure Access Service Edge) is used for securing networks, but it does not specifically prevent DNS poisoning.

• D: SD-WAN provides dynamic wide area networking but does not protect against DNS poisoning.