312-50v11 Free Practice Test

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.
Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?

1. A. Bob can be right since DMZ does not make sense when combined with stateless firewalls
2. B. Bob is partially righ
3. C. He does not need to separate networks if he can create rules by destination IPs, one by one
4. D. Bob is totally wron
5. E. DMZ is always relevant when the company has internet servers and workstations
6. F. Bob is partially righ
7. G. DMZ does not make sense when a stateless firewall is available

Correct Answer: C

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

1. A. Transport layer port numbers and application layer headers
2. B. Presentation layer headers and the session layer port numbers
3. C. Network layer headers and the session layer port numbers
4. D. Application layer port numbers and the transport layer headers

Correct Answer: A

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

1. A. 113
2. B. 69
3. C. 123
4. D. 161

Correct Answer: C

This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-2S6. MMAC-SHA384, and ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol?

1. A. WPA2 Personal
2. B. WPA3-Personal
3. C. WPA2-Enterprise
4. D. WPA3-Enterprise

Correct Answer: D
Enterprise, governments, and financial institutions have greater security with WPA3-Enterprise.
WPA3-Enterprise builds upon WPA2 and ensures the consistent application of security protocol across the network.WPA3-Enterprise also offers an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to raised protect sensitive data:• Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256)• Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384)• Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) employing a 384-bit elliptic curve• Robust management frame protection: 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256)The 192-bit security mode offered by WPA3-Enterprise ensures the proper combination of cryptographic tools are used and sets a uniform baseline of security within a WPA3 network.
It protects sensitive data using many cryptographic algorithms It provides authenticated encryption using GCMP-256 It uses HMAC-SHA-384 to generate cryptographic keys It uses ECDSA-384 for exchanging keys

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

1. A. Public
2. B. Private
3. C. Shared
4. D. Root

Correct Answer: B