Which of the following summarizes the key advantage of IMAPS over POP3S for a mobile workforce?

Multiple devices can maintain synchronized mailbox folders on the server.

Messages are automatically deleted from the server, freeing storage.

IMAPS eliminates the need for TLS certificates.

IMAPS sends less metadata over the wire, preserving privacy.

Which TWO features are typically combined in a modern email gateway?

C. Data-loss-prevention content inspection

D. Port-based network segmentation

What security service does S/MIME provide that PGP/MIME does NOT guarantee by default?

Digital signatures bound to an X.509 certificate hierarchy

Mutual TLS between mail servers

Domain-level policy enforcement via DNS

Why is DNS filtering considered a proactive control against phishing campaigns?

It blocks domain resolution before a malicious site is reached.

It hashes and stores all visited URLs for forensic review.

It scans downloaded payloads in a browser sandbox.

It forces users to connect through a corporate VPN.

DNSSEC defends primarily against which attack vector?

On-path spoofing of authoritative responses

Brute-force credential stuffing

Distributed denial-of-service floods on port 53

Insider theft of zone-signing keys

Within DNSSEC, what is the MAIN purpose of the Key Signing Key (KSK)?

Validating the Zone Signing Key in the chain of trust

Encrypting zone transfers between primary and secondary servers

Generating NSEC records to prevent footprinting

Providing confidentiality for resolver queries

Static application security testing (SAST) is MOST effective for:

Identifying insecure coding patterns before compilation

Finding configuration drift in production containers

Detecting zero-day exploits in running binaries

What limitation should security analysts remember when relying on code signing to vet third-party software?

A valid signature does not guarantee the absence of vulnerabilities.

Certificates automatically expire every 90 days.

Code signing prevents decompilation of binaries.

Each update requires a new root certificate in the trust store.

Which practice BEST prevents an attacker from learning internal application details through crash screens?

Implementing custom error handling that returns generic messages

Enabling verbose debug mode only for authenticated users

Allowing the web server to display default 500 errors

Why should client-side input validation never be the sole validation mechanism?

Users can bypass or tamper with client-side checks.

Browsers always strip malicious payloads before submission.

Server-side validation increases page-load latency.

HTML5 forms automatically sanitize input.

Which secure-coding enhancement MOST directly helps a SOC analyst detect brute-force attacks in near real time?

Generating structured audit logs and alert triggers

Using a hardware security module for key storage

Signing software releases with an EV certificate

When selecting a secure replacement for an existing protocol, administrators should FIRST consider:

The sensitivity of the data being transmitted

Whether the new protocol uses UDP instead of TCP

How many cipher suites the protocol supports

Whether protocol debugging is easier over plaintext

Which characteristic of TLS 1.3 prevents classic downgrade attacks present in earlier versions?

C. Removal of insecure fallback negotiation options

A. Deprecation of RSA key exchange

B. Mandatory use of AES-GCM ciphers

D. Fixed initialization-vector length for CBC mode

Which of the following represents a valid TLS 1.3 cipher suite string?

ECDHE-ECDSA-CHACHA20-POLY1305-SHA256

Which statement BEST describes an advantage of SNMPv3 over earlier versions?

It supports strong user-based authentication and encryption of payloads.

It uses TCP instead of UDP for lower latency.

It eliminates the need for community strings.

It allows traps only, preventing polling overhead.

Restricting zone transfers on an internal DNS server primarily mitigates which threat?

Footprinting of the private network

Why might a video-streaming service choose DTLS over UDP instead of TLS over TCP?

TCP introduces additional handshake latency undesirable for real-time traffic.

UDP guarantees packet delivery, improving quality.

DTLS cannot be inspected by firewalls, enhancing privacy.

TLS over TCP requires mutual client certificates.

Administrators sometimes disable HTTPS inspection on outbound proxies because:

C. Terminating and re-encrypting TLS adds operational complexity and cost.

A. HTTPS lacks backward compatibility with legacy browsers.

B. Decrypting traffic complicates troubleshooting malware callbacks.

D. Certificates cannot be renewed automatically in large environments.

Which operational task is MOST critical to prevent unexpected outages in services that rely on TLS?

Monitoring certificate-expiration dates and renewing in advance

Rotating symmetric keys every 90 seconds

Blocking port 80 inbound on all firewalls

Enabling Perfect Forward Secrecy on FTP servers

Lesson 11

University

•

40 Qs

Similar activities

Formative assessment 1

University

•

35 Qs

Practice quiz -Corporate Law

University

•

42 Qs

HMPE11 MIDTERM EXAM

University

•

45 Qs

Module I: Understanding Operating Systems

12th Grade - University

•

45 Qs

Credit and Loans

8th Grade - University

•

42 Qs

Diuretics- Khan

University

•

42 Qs

Kế Kiểm Học gì? Làm gì?

University

•

45 Qs

UJI WAWASAN MU Belajar Bersama Kang Ocep

University - Professional Development

•

40 Qs

Lesson 11

Quiz

•

Other

•

University

•

Practice Problem

•

Medium

Benjamin Fenton

Used 3+ times

FREE Resource

40 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following BEST explains why Telnet should be replaced with SSH for device administration across a routed network?

Telnet uses a non-standard port that firewalls commonly block.

Telnet transmits credentials and session data in plaintext.

SSH consumes less bandwidth than Telnet for the same tasks.

SSH does not require user authentication by default.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A security engineer is configuring a web server to support TLS. Which item MUST the engineer install before clients can establish an HTTPS session on port 443?

A valid CRL distribution point

A public root certificate in the server trust store

A server digital certificate signed by a trusted CA

An OCSP stapling service on the firewall

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An organization wants to harden its directory service so that user credentials are never sent in clear text. Which protocol and port combination satisfies this requirement?

LDAP over TCP 389

LDAPS over TCP 636

LDAP with anonymous bind over TCP 389

Kerberos over UDP 88

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

During an LDAP security review, an auditor discovers several service accounts using simple bind. What is the PRIMARY risk of continuing to use simple bind?

Passwords are hashed with weak ciphers.

Passwords are transmitted without encryption.

The server cannot verify a user’s distinguished name.

Anonymous access to all directory objects is enabled.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A network device currently accepts SNMPv1 queries from any host that knows the community string. Which remediation will MOST improve the security of the management plane?

Change the default community string to “public2”.

Enable SNMPv2c and limit access to port 162.

Disable SNMP entirely and rely on Syslog.

Upgrade to SNMPv3 and enforce user-based authentication with encryption.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A systems administrator needs to secure file transfers while keeping the control connection on port 21. Which solution should the administrator deploy?

SFTP

FTPS implicit TLS

FTPES (explicit TLS)

TFTP with IPSec tunnel

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An email gateway submits messages to the organization’s SMTP server over port 587. Which statement BEST describes how STARTTLS is typically used in this scenario?

The SMTP server automatically encrypts every session before greeting the client.

The client requests to upgrade the plaintext connection to TLS after the initial HELO/EHLO.

Port 587 is reserved exclusively for SMTP over implicit TLS.

STARTTLS provides end-to-end message encryption that replaces S/MIME.

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

39 questions

Beyblade Metal Series

Quiz

•

1st Grade - Professio...

42 questions

SOAL PSAS GANJIL 2024 PAI KELAS 9 24 SMPN 57

Quiz

•

9th Grade - University

36 questions

Level 3 Electrics

Quiz

•

University

40 questions

Material Management

Quiz

•

University

40 questions

UTS MK METODOLOGI PENELITIAN EKONOMI ISLAM KUANTITATIF PENGANTAR

Quiz

•

University

40 questions

Elementos Pilosos y Fibras

Quiz

•

University

40 questions

POST TEST TOT PPK DAN PPS GEL III

Quiz

•

University

41 questions

ಕ್ವಿಜ್ ಸರಣಿ 82: ಡಾ|| ಬಿ. ಆರ್ ಅಂಬೇಡ್ಕರ್ ಜಯಂತಿ ವಿಶೇಷ ಕಾರ್ಯಕ್ರಮ

Quiz

•

University

Popular Resources on Wayground

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

4:3 Model Multiplication of Decimals by Whole Numbers

Quiz

•

5th Grade

10 questions

The Best Christmas Pageant Ever Chapters 1 & 2

Quiz

•

4th Grade

12 questions

Unit 4 Review Day

Quiz

•

3rd Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

15 questions

Solving Equations with Variables on Both Sides Review

Quiz

•

8th Grade

Discover more resources for Other

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

7 questions

Different Types of Energy

Interactive video

•

4th Grade - University

7 questions

Transition Words and Phrases

Interactive video

•

4th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

7 questions

Biomolecules (Updated)

Interactive video

•

11th Grade - University

34 questions

Unit 5 Review - The Middle Ages in Europe-B

Quiz

•

9th Grade - University

26 questions

Day2 classwork: Permutation and combination

Quiz

•

2nd Grade - University

5 questions

Using Context Clues

Interactive video

•

4th Grade - University

Lesson 11

40 questions

Which of the following BEST explains why Telnet should be replaced with SSH for device administration across a routed network?

A security engineer is configuring a web server to support TLS. Which item MUST the engineer install before clients can establish an HTTPS session on port 443?

An organization wants to harden its directory service so that user credentials are never sent in clear text. Which protocol and port combination satisfies this requirement?

During an LDAP security review, an auditor discovers several service accounts using simple bind. What is the PRIMARY risk of continuing to use simple bind?

A network device currently accepts SNMPv1 queries from any host that knows the community string. Which remediation will MOST improve the security of the management plane?

A systems administrator needs to secure file transfers while keeping the control connection on port 21. Which solution should the administrator deploy?

An email gateway submits messages to the organization’s SMTP server over port 587. Which statement BEST describes how STARTTLS is typically used in this scenario?

A desktop mail client is configured for POP3S. Which default port should the firewall allow to permit the connection?

Which of the following summarizes the key advantage of IMAPS over POP3S for a mobile workforce?

Which email-security mechanism checks the sender’s IP against a list of authorized IP addresses declared in the sender domain’s DNS TXT record?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other