Which of the following summarizes the key advantage of IMAPS over POP3S for a mobile workforce?

Multiple devices can maintain synchronized mailbox folders on the server.

Messages are automatically deleted from the server, freeing storage.

IMAPS eliminates the need for TLS certificates.

IMAPS sends less metadata over the wire, preserving privacy.

Which TWO features are typically combined in a modern email gateway?

C. Data-loss-prevention content inspection

D. Port-based network segmentation

What security service does S/MIME provide that PGP/MIME does NOT guarantee by default?

Digital signatures bound to an X.509 certificate hierarchy

Mutual TLS between mail servers

Domain-level policy enforcement via DNS

Why is DNS filtering considered a proactive control against phishing campaigns?

It blocks domain resolution before a malicious site is reached.

It hashes and stores all visited URLs for forensic review.

It scans downloaded payloads in a browser sandbox.

It forces users to connect through a corporate VPN.

DNSSEC defends primarily against which attack vector?

On-path spoofing of authoritative responses

Brute-force credential stuffing

Distributed denial-of-service floods on port 53

Insider theft of zone-signing keys

Within DNSSEC, what is the MAIN purpose of the Key Signing Key (KSK)?

Validating the Zone Signing Key in the chain of trust

Encrypting zone transfers between primary and secondary servers

Generating NSEC records to prevent footprinting

Providing confidentiality for resolver queries

Static application security testing (SAST) is MOST effective for:

Identifying insecure coding patterns before compilation

Finding configuration drift in production containers

Detecting zero-day exploits in running binaries

What limitation should security analysts remember when relying on code signing to vet third-party software?

A valid signature does not guarantee the absence of vulnerabilities.

Certificates automatically expire every 90 days.

Code signing prevents decompilation of binaries.

Each update requires a new root certificate in the trust store.

Which practice BEST prevents an attacker from learning internal application details through crash screens?

Implementing custom error handling that returns generic messages

Enabling verbose debug mode only for authenticated users

Allowing the web server to display default 500 errors

Why should client-side input validation never be the sole validation mechanism?

Users can bypass or tamper with client-side checks.

Browsers always strip malicious payloads before submission.

Server-side validation increases page-load latency.

HTML5 forms automatically sanitize input.

Which secure-coding enhancement MOST directly helps a SOC analyst detect brute-force attacks in near real time?

Generating structured audit logs and alert triggers

Using a hardware security module for key storage

Signing software releases with an EV certificate

When selecting a secure replacement for an existing protocol, administrators should FIRST consider:

The sensitivity of the data being transmitted

Whether the new protocol uses UDP instead of TCP

How many cipher suites the protocol supports

Whether protocol debugging is easier over plaintext

Which characteristic of TLS 1.3 prevents classic downgrade attacks present in earlier versions?

C. Removal of insecure fallback negotiation options

A. Deprecation of RSA key exchange

B. Mandatory use of AES-GCM ciphers

D. Fixed initialization-vector length for CBC mode

Which of the following represents a valid TLS 1.3 cipher suite string?

ECDHE-ECDSA-CHACHA20-POLY1305-SHA256

Which statement BEST describes an advantage of SNMPv3 over earlier versions?

It supports strong user-based authentication and encryption of payloads.

It uses TCP instead of UDP for lower latency.

It eliminates the need for community strings.

It allows traps only, preventing polling overhead.

Restricting zone transfers on an internal DNS server primarily mitigates which threat?

Footprinting of the private network

Why might a video-streaming service choose DTLS over UDP instead of TLS over TCP?

TCP introduces additional handshake latency undesirable for real-time traffic.

UDP guarantees packet delivery, improving quality.

DTLS cannot be inspected by firewalls, enhancing privacy.

TLS over TCP requires mutual client certificates.

Administrators sometimes disable HTTPS inspection on outbound proxies because:

C. Terminating and re-encrypting TLS adds operational complexity and cost.

A. HTTPS lacks backward compatibility with legacy browsers.

B. Decrypting traffic complicates troubleshooting malware callbacks.

D. Certificates cannot be renewed automatically in large environments.

Which operational task is MOST critical to prevent unexpected outages in services that rely on TLS?

Monitoring certificate-expiration dates and renewing in advance

Rotating symmetric keys every 90 seconds

Blocking port 80 inbound on all firewalls

Enabling Perfect Forward Secrecy on FTP servers

Lesson 11

Authored by Benjamin Fenton

Other

University

Used 3+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

40 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following BEST explains why Telnet should be replaced with SSH for device administration across a routed network?

Telnet uses a non-standard port that firewalls commonly block.

Telnet transmits credentials and session data in plaintext.

SSH consumes less bandwidth than Telnet for the same tasks.

SSH does not require user authentication by default.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A security engineer is configuring a web server to support TLS. Which item MUST the engineer install before clients can establish an HTTPS session on port 443?

A valid CRL distribution point

A public root certificate in the server trust store

A server digital certificate signed by a trusted CA

An OCSP stapling service on the firewall

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An organization wants to harden its directory service so that user credentials are never sent in clear text. Which protocol and port combination satisfies this requirement?

LDAP over TCP 389

LDAPS over TCP 636

LDAP with anonymous bind over TCP 389

Kerberos over UDP 88

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

During an LDAP security review, an auditor discovers several service accounts using simple bind. What is the PRIMARY risk of continuing to use simple bind?

Passwords are hashed with weak ciphers.

Passwords are transmitted without encryption.

The server cannot verify a user’s distinguished name.

Anonymous access to all directory objects is enabled.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A network device currently accepts SNMPv1 queries from any host that knows the community string. Which remediation will MOST improve the security of the management plane?

Change the default community string to “public2”.

Enable SNMPv2c and limit access to port 162.

Disable SNMP entirely and rely on Syslog.

Upgrade to SNMPv3 and enforce user-based authentication with encryption.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A systems administrator needs to secure file transfers while keeping the control connection on port 21. Which solution should the administrator deploy?

SFTP

FTPS implicit TLS

FTPES (explicit TLS)

TFTP with IPSec tunnel

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An email gateway submits messages to the organization’s SMTP server over port 587. Which statement BEST describes how STARTTLS is typically used in this scenario?

The SMTP server automatically encrypts every session before greeting the client.

The client requests to upgrade the plaintext connection to TLS after the initial HELO/EHLO.

Port 587 is reserved exclusively for SMTP over implicit TLS.

STARTTLS provides end-to-end message encryption that replaces S/MIME.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

45 questions

Module I: Understanding Operating Systems

Quiz

•

12th Grade - University

40 questions

Quiz de 40 questions sur le Brevetage des Inventions

Quiz

•

University

40 questions

UTS Workshop Pengendalian Proses

Quiz

•

University

37 questions

TIN 5 CĐ F

Quiz

•

5th Grade - University

45 questions

RBT T3 B1

Quiz

•

11th Grade - University

35 questions

Panghuling Pagsusulit

Quiz

•

University

36 questions

Tuần 4_T10_Học kiến thức hàng tuần cùng Quizizz

Quiz

•

University

45 questions

QUECHUA CURSO BASICO

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Other

7 questions

How James Brown Invented Funk

Interactive video

•

10th Grade - University

5 questions

Helping Build the Internet: Valerie Thomas | Great Minds

Interactive video

•

11th Grade - University

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

19 questions

Review2-TEACHER

Quiz

•

University

15 questions

Pre2_STUDENT

Quiz

•

University

20 questions

Ch. 7 Quadrilateral Quiz Review

Quiz

•

KG - University

Lesson 11

Which of the following BEST explains why Telnet should be replaced with SSH for device administration across a routed network?

A security engineer is configuring a web server to support TLS. Which item MUST the engineer install before clients can establish an HTTPS session on port 443?

An organization wants to harden its directory service so that user credentials are never sent in clear text. Which protocol and port combination satisfies this requirement?

During an LDAP security review, an auditor discovers several service accounts using simple bind. What is the PRIMARY risk of continuing to use simple bind?

A network device currently accepts SNMPv1 queries from any host that knows the community string. Which remediation will MOST improve the security of the management plane?

A systems administrator needs to secure file transfers while keeping the control connection on port 21. Which solution should the administrator deploy?

An email gateway submits messages to the organization’s SMTP server over port 587. Which statement BEST describes how STARTTLS is typically used in this scenario?

A desktop mail client is configured for POP3S. Which default port should the firewall allow to permit the connection?

Which of the following summarizes the key advantage of IMAPS over POP3S for a mobile workforce?

Which email-security mechanism checks the sender’s IP against a list of authorized IP addresses declared in the sender domain’s DNS TXT record?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other