NSE 2 Firewall
Q1. What was a limitation of first-generation firewalls?
Select one:
Could not distinguish between malicious and legitimate applications
Granular policy capability made managing the firewall too complex
Produced many false positives, thereby overwhelming IT security
Filtered only at layer 3 of the OSI model
Q2. Which three traits are characteristics of a next generation firewall (NGFW)? (Choose three.)
Select one or more:
Inspects only unencrypted packets
Controls network traffic based on network address only
Can segment a network based on user, device, and application type
Controls applications based on type or who the user is
Delivers high-performance inspection
Q3. Complete the sentence. A packet filter firewall controls network traffic based on
Select one:
network addresses, protocols, and ports.
application behaviour or characteristics.
filtering layers 2—7 of the OSI model.
the behaviour of the network connections.
Q4. Which two types of firewalls can block a connection based on application type? (Choose two.)
Select one or more:
Second generation stateful
Application layer
Packet filter
Next-generation firewall (NGFW)
Q5. Which firewall generation can you configure to allow a user to connect to Facebook, but not watch videos from that site?
Select one:
Stateful firewall
Packet filter firewall
Dynamic packet firewall
Next-generation firewall (NGFW)
NSE 2 Network Access Control
Q1. Why are IoT devices potential conduits of contagion?
Select one:
There are too many incompatible IoT security standards in use
Not able to install security software
IoT devices are often cheaply made
Does not support two-factor authentication
Q2. What action do you typically need to do to join a public network, such as one in a coffee shop?
Select one:
Submit your personal digital certificate
Provide biometric information
Register your handheld device
Agree to the legal terms for using the network
Q3. Which three parties participate in network authentication, according to the IEEE 802.1X standards? (Choose three.)
Select one or more:
Certification authority
Client device
Authenticator
Router
Authentication server
Q4. How does NAC effectively segment a network?
Select one:
User role
Device profile
Routers
IP address
Q5. What drives organizations to buy IoT devices?
Select one:
Mandated by government
Provide valuable data to the CFO
Required as part of an air-gap solution
Can save time and money
NSE 2 Endpoint Security
Q1. Which description best identifies file-based malware?
Select one:
A downloaded file, which when opened, runs malicious code or a script
A large number of irrelevant or inappropriate messages sent over the internet
The use of deception to manipulate individuals into divulging confidential information
Exploits security loopholes and spreads only in the device memory
Q2. Which type of malware seriously reduced the effectiveness of signature-based antivirus?
Select one:
Adware
Social engineering
File-based
Polymorphic
Q3. Which three prevention-focused services are found in endpoint protection platform (EPP)? (Choose three.)
Select one or more:
Forensics
Remediation tools
Data protection through encryption
Antivirus (AV)
Web filtering
Q4. Which two prevention-focused attributes are found in most contemporary endpoint security solutions? (Choose two.)
Select one or more:
Virtual patches
Machine learning (ML)
Forensics
Remediation
Q5. Why do threat actors target endpoints in a network?
Select one:
Antivirus software on endpoints is inferior to that on servers.
Compromising endpoints offers a greater challenge.
They are an easy point of entry into a network.
Endpoints have a greater monetary value than other assets, such as a database.
NSE 2 Wi-Fi
Q1. Which two features of Wi-Fi Protected Access 3 (WPA3) strengthened security? (Choose two.)
Select one or more:
The handshake for establishing connections became more secure.
Digital signatures were introduced to help identify valid access points (APs).
Complex passphrases were enforced.
The encryption key size was lengthened.
Q2. What weakness of Wired Equivalent Privacy (WEP) made it unsuitable to secure Wi-Fi communications?
Select one:
It did not enforce complex passwords.
The RC4 encryption algorithm was easily defeated.
It did not support digital signatures.
It was susceptible to man-in-middle attacks.
Q3. Which two security practices make your home wireless network safer? (Choose two.)
Select one or more:
Install antivirus software on all Wi-Fi devices.
Keep your router firmware up to date.
Pick passphrases that are hard to guess.
Consult with NIST as to the latest security strategies.
Q4. What is Wi-Fi?
Select one:
An Ethernet networking protocol
Fiber that makes wireless technology possible
Technology for radio wireless local area networks
Quality audio technology
Q5. Wi-Fi is based on which standard?
Select one:
10Base-T
RFC 826
IEEE 802.11
ISO 5750
NSE 2 Cloud Security
Q1. Identify the correct description for IaaS.
Select one:
Integrates multi-cloud environments with the on-premises network
Provides an online platform for developing software delivered over the internet
Allows you to rent, or use for free, software, like Google Mail
Allows you to rent virtualized data infrastructure without having to physically manage it on premises
Q2. What is an example of SaaS?
Select one:
FortiWeb
Google mail
AWS
OS patching
Q3. Who has ultimate responsibility for the safety of the customer’s data and services hosted in the cloud?
Select one:
The cloud service provider
The Interpol cloud security service
The cloud security syndicate
The customer
Q4. Identify a potential problem that customers risk if they rely solely on vendor cloud security tools.
Select one:
The tools can be expensive because they are based on a metered per-incident basis.
The tools provide basic security and do not secure all facets of a multi-cloud environment.
The tools can interfere with BYOD and other Wi-Fi devices.
The tools are too complicated and consume too many valuable MIS resources..
Q5. Which reason drove organizations to use cloud services?
Select one:
Use of browser-based applications that on-premises servers could not.
Greater security for organizational data and services.
Cost savings by paying for only what computer services were needed.
Greater access and control of the business data..
NSE 2 Threat Intelligence Services
Q1. Which method best defeats unknown malware?
Select one:
Predicted malware detection
Signature-based detection
Web filtering
Sandboxing
Q2. Which two organizations are examples of a threat intelligence service that serves the wider security community? (Choose two.)
Select one or more:
NIST
Malware-as-a-Service
Cyber Threat Alliance
FortiGuard Labs
Q3. Which statement best describes an indicator of compromise (IoC)?
Select one:
A list of network devices that are known to be compromised
Sources of potential threat actors and their sponsors
Evidence that a cyberattack has happened or is ongoing
Valuable information about computer systems and the network
Q4. What is the sandbox detection method known as?
Select one:
Heuristic detection
Rule-based detection
Check sum detection
Signature-based detection
Q5. In the early days, with which three frequencies did vendors update AV signatures? (Choose three.)
Select one or more:
Bi-annually
Monthly
Weekly
Annually
Quarterly
NSE 2 Sandbox
Q1. Which feature in early networks made aggregating threat intelligence difficult?
Select one:
Virtualization
Segmentation
Point solutions
Hybrid cloud environments
Q2. Within the computer security context, what is a sandbox?
Select one:
A service in the Cloud used to collect and share threat intelligence
A segment of the network reserved for testing unknown programs
An isolated virtual environment to test suspicious files and hyperlinks
A process used to identify, describe, and categorize malware
Q3. Which feature characterizes third-generation sandbox technology?
Select one:
Streamlines manual testing
Scanning of encrypted data streams
Faster network speeds
Automation and artificial intelligence
Q4. Which new development in malware caused sandbox technology to automate and introduce artificial intelligence learning?
Select one:
Ransomware
AI-driven attacks
Polymorphic viruses
Trojan horse
Q5. What is a zero-day attack?
Select one:
Malware that converts all data bits to zeros
A new and unknown computer virus
A cyberattack that exploits an unknown software vulnerability
A computer virus that receives instructions from a Command and Control server
NSE 2 Secure Email Gateway
Q1. Which option identifies the trend of phishing?
Select one:
Increasing
Plateaued
Erratic
Declining
Q2. Which challenge caused secure email gateway (SEG) to adopt automation and machine learning?
Select one:
Volume of attacks
Data loss
Success of click-bait
Delay in implementing the sender policy framework
Q3. Which technique used by threat actors is known as phishing?
Select one:
An attacker observes websites that a targeted group visits, and herds them into an infected website
A fraudulent practice of sending emails purporting to be reputable in order to steal information
Fraudulent messages that target a specific role or person within an organization
Irrelevant or inappropriate messages sent on the Internet to a large number of recipients
Q4. Which method did the earliest spam filter use to stop spam?
Select one:
Detected unusual behaviour
Detected illegitimate email addresses
Tested emails in a sandbox environment
Identified specific words or patterns
Q5. Which two methods are used by threat actors to compromise your device when conducting phishing campaigns? (Choose two.)
Select one or more:
Click bait
An infected thumb drive
An embedded hyperlink within an email
An attachment to an email
NSE 2 Web Filter
Q1. Which two reasons gave rise to web filters? (Choose two.)
Select one or more:
Web filters promote education.
Web filters stop objectionable content.
Web filters improve security.
Web filters reduce network traffic.
Q2. Which two actions describe how web filters work? (Choose two.)
Select one or more:
Web filters consult a threat actor database.
Web filters apply heuristic analysis.
Web filters consult URL deny lists and allow lists.
Web filters filter sites by keywords and predefined content.
Q3. Which attribute best describes how early web filters worked?
Select one:
Web filter use heuristics.
Web filters use big data comparative analysis.
Web filters are rule-based.
Web filters are role-based.
Q4. What task can other types of web filters perform?
Select one:
Facilitating network traffic throughput
Categorizing content
Testing files on segregated VMs
Searching for content
Q5. How did web filters improve computer security?
Select one:
They blocked lewd websites.
They blocked adware, spam, viruses, and spyware.
They prevented denial of service attacks.
They tested all URLs in segregated VMs to see what they would do.
NSE 2 Security Information & Event Management
Q1. Which feature is a characteristic of later SIEMs?
Select one:
Automatic backups and integrity checking
User and entity behavior analytics (UEBA)
Deciphering encrypted data flows
Collect, normalize, and store log events and alerts
Q2. Which problem was a barrier to the general acceptance of first-generation SIEM?
Select one:
Cost to purchase was prohibitive
Did not have the features needed by organizations
The point solution approach to network security
High-level of skill was required
Q3. Which compliance, if ignored by businesses, hospitals, and other organizations, can result in punitive fines?
Select one:
Complying to machine learning checks
Complying to automatic backups and integrity checks
Complying to User and entity behavior analytics (UEBA)
Complying to regulations
Q4. Which feature provides SIEM greater visibility into the entire network?
Select one:
Complying with regulations
Analyzing logs and alerts from a single-pane-of-glass
Sharing of logs by IoTs and BYODs
Deciphering encrypted logs and alerts
Q5. Which two requirements were the motivation for SIEM? (Choose two.)
Select one or more:
Complying to regulations
Increasing number of alerts
Exploiting Big Data
Remaining competitive
NSE 2 SASE
Q1. What does the term “Thin Edge” refer to?
Select one:
Branch locations with minimal security that are attached to a core network
Remote users
A poorly protected network
An organization that consumes little to no cloud-based services
Q2. Which statement is true regarding how SASE is delivered?
Select one:
SASE must be delivered using cloud-based services only
SASE is delivered only to remote users, and not to branch offices
SASE must be delivered using a combination of physical on premise devices and cloud-based services
SASE is delivered using a combination of cloud-based services and optional physical on premise devices
Q3. What are three core capabilities of SASE? (Choose three)
Select one or more:
Zero-Trust network access
Threat intelligence sharing
Next-Generation firewall
Data loss prevention
Security Fabric management
Q4. What are two benefits of SASE? (Choose two)
Select one or more:
Consistent security for mobile workforces
Optimized paths for all users to all clouds to improve performance and agility
Limits “Bring-Your-Own-Device” behavior in the organization
Shift from operating expense to capital expense
Limits the number of remote off network users connecting to cloud-based applications
Q5. For network security, which three challenges have emerged as a result of rapid and disruptive digital innovation? (Choose three)
Select one or more:
Expanding attack surface
Too few security vendors to choose from
Evolving compliance requirements
Resistance to multi-cloud adoption from the enterprise
Growing number of off-network users accessing the central data center, without proper security
NSE 2 SD-WAN
Q1. Which two benefits are gained from using an SD-WAN centralized management console? (Choose two.)
Select one or more:
Greater network visibility
An ability to prioritize business-critical applications
Greater data protection
A diversity of management consoles and processes
Q2. Which business trend caused greater latency to the internet in the network model for the single, dedicated service provider?
Select one:
Demand for more cloud applications and services
Greater expenditures on research and development
Moving from physical appliances to virtual appliances
A focus on more capital expenditures
Q3. Complete the sentence. WAN is a computer network that
Select one:
spans a large geographic area and typically consists of two or more LANs.
limits the number of switches and routers to reduce maintenance and administration.
uses primarily virtual computers, thus expanding the east-west axis.
is a hybrid of on-premise devices and virtual servers across multiple cloud vendors.
Q4. Why might managing multiple point products cause greater complexity for IT security? (Choose two.)
Select one or more:
Lack of integration between security products
Greater streamlined security processes
Usually, multiple management consoles are required
Understaffed IT security teams who lacked expertise
Q5. Earlier businesses used a single, dedicated service provider to connect to the internet. What was the primary weakness of this design?
Select one:
Inexpensive
Overly complex
Unsecure
Unreliable
NSE 2 Web Application Firewall
Q1. Which protocol traffic does a web application firewall (WAF) monitor?
Select one:
TCP
HTTP
IP
CLNP
Q2. Which firewall is positioned between a web application and the Internet?
Select one:
Segmentation firewall
Edge firewall
Packet filter firewall
Web application firewall
Q3. Which event was the motivation for web application firewall (WAFs)?
Select one:
The first wide area network (WAN)
ARPANET was brought online
The debut of the World Wide Web
The development of the hypertext transfer protocol
Q4. Which new feature characterized second-generation WAFs?
Select one:
Machine learning without human supervision
Port and protocol blocking
Packet analysis
Heuristics
Q5. Which three features are characteristics of the latest generation WAF? (Choose three.)
Select one or more:
DDoS defense
Network segmentation
DLP
SPU
IP reputation
NSE 2 SOAR
Q1. What is a common use case for an implementation of SOAR by customers?
Select one:
Guarding against DoS attacks
Logging events and alerts
Phishing investigations
Detecting zero-day attacks
Q2. Which statement best describes SOAR?
Select one:
SOAR connects all security tools together into defined workflows that can be run automatically
SOAR orients the security team by defining and categorizing cyberattacks
SOAR collects logs from all security tools to improve network visibility
SOAR plays out potential cyberattacks to improve network security preparedness
Q3. Which is a benefit of SOAR?
Select one:
It increases security team efficacy by automating repetitive processes
It reports on which endpoints require patching and have security vulnerabilities
It analyzes and generates a security score to measure improvements in network security
It deflects DDoS attacks and identifies the Command and Control source
Q4. What are playbooks used for?
Select one:
To plan a set of manual tasks to be completed by analysts
To automate the actions that an analyst would typically do manually
To describe the order in which analysts complete tasks
To provide a set of scenarios of predicted cyberattack methods
Q5. What are three reasons SOAR is used? (Choose three.)
Select one or more:
Analyze workload
Reduce alert fatigue
Compensate for the skill shortage
Collaborate with other analysts
Accelerate response times
Q1. What was a limitation of first-generation firewalls?
Select one:
Could not distinguish between malicious and legitimate applications
Granular policy capability made managing the firewall too complex
Produced many false positives, thereby overwhelming IT security
Filtered only at layer 3 of the OSI model
Q2. Which three traits are characteristics of a next generation firewall (NGFW)? (Choose three.)
Select one or more:
Inspects only unencrypted packets
Controls network traffic based on network address only
Can segment a network based on user, device, and application type
Controls applications based on type or who the user is
Delivers high-performance inspection
Q3. Complete the sentence. A packet filter firewall controls network traffic based on
Select one:
network addresses, protocols, and ports.
application behaviour or characteristics.
filtering layers 2—7 of the OSI model.
the behaviour of the network connections.
Q4. Which two types of firewalls can block a connection based on application type? (Choose two.)
Select one or more:
Second generation stateful
Application layer
Packet filter
Next-generation firewall (NGFW)
Q5. Which firewall generation can you configure to allow a user to connect to Facebook, but not watch videos from that site?
Select one:
Stateful firewall
Packet filter firewall
Dynamic packet firewall
Next-generation firewall (NGFW)
NSE 2 Network Access Control
Q1. Why are IoT devices potential conduits of contagion?
Select one:
There are too many incompatible IoT security standards in use
Not able to install security software
IoT devices are often cheaply made
Does not support two-factor authentication
Q2. What action do you typically need to do to join a public network, such as one in a coffee shop?
Select one:
Submit your personal digital certificate
Provide biometric information
Register your handheld device
Agree to the legal terms for using the network
Q3. Which three parties participate in network authentication, according to the IEEE 802.1X standards? (Choose three.)
Select one or more:
Certification authority
Client device
Authenticator
Router
Authentication server
Q4. How does NAC effectively segment a network?
Select one:
User role
Device profile
Routers
IP address
Q5. What drives organizations to buy IoT devices?
Select one:
Mandated by government
Provide valuable data to the CFO
Required as part of an air-gap solution
Can save time and money
NSE 2 Endpoint Security
Q1. Which description best identifies file-based malware?
Select one:
A downloaded file, which when opened, runs malicious code or a script
A large number of irrelevant or inappropriate messages sent over the internet
The use of deception to manipulate individuals into divulging confidential information
Exploits security loopholes and spreads only in the device memory
Q2. Which type of malware seriously reduced the effectiveness of signature-based antivirus?
Select one:
Adware
Social engineering
File-based
Polymorphic
Q3. Which three prevention-focused services are found in endpoint protection platform (EPP)? (Choose three.)
Select one or more:
Forensics
Remediation tools
Data protection through encryption
Antivirus (AV)
Web filtering
Q4. Which two prevention-focused attributes are found in most contemporary endpoint security solutions? (Choose two.)
Select one or more:
Virtual patches
Machine learning (ML)
Forensics
Remediation
Q5. Why do threat actors target endpoints in a network?
Select one:
Antivirus software on endpoints is inferior to that on servers.
Compromising endpoints offers a greater challenge.
They are an easy point of entry into a network.
Endpoints have a greater monetary value than other assets, such as a database.
NSE 2 Wi-Fi
Q1. Which two features of Wi-Fi Protected Access 3 (WPA3) strengthened security? (Choose two.)
Select one or more:
The handshake for establishing connections became more secure.
Digital signatures were introduced to help identify valid access points (APs).
Complex passphrases were enforced.
The encryption key size was lengthened.
Q2. What weakness of Wired Equivalent Privacy (WEP) made it unsuitable to secure Wi-Fi communications?
Select one:
It did not enforce complex passwords.
The RC4 encryption algorithm was easily defeated.
It did not support digital signatures.
It was susceptible to man-in-middle attacks.
Q3. Which two security practices make your home wireless network safer? (Choose two.)
Select one or more:
Install antivirus software on all Wi-Fi devices.
Keep your router firmware up to date.
Pick passphrases that are hard to guess.
Consult with NIST as to the latest security strategies.
Q4. What is Wi-Fi?
Select one:
An Ethernet networking protocol
Fiber that makes wireless technology possible
Technology for radio wireless local area networks
Quality audio technology
Q5. Wi-Fi is based on which standard?
Select one:
10Base-T
RFC 826
IEEE 802.11
ISO 5750
NSE 2 Cloud Security
Q1. Identify the correct description for IaaS.
Select one:
Integrates multi-cloud environments with the on-premises network
Provides an online platform for developing software delivered over the internet
Allows you to rent, or use for free, software, like Google Mail
Allows you to rent virtualized data infrastructure without having to physically manage it on premises
Q2. What is an example of SaaS?
Select one:
FortiWeb
Google mail
AWS
OS patching
Q3. Who has ultimate responsibility for the safety of the customer’s data and services hosted in the cloud?
Select one:
The cloud service provider
The Interpol cloud security service
The cloud security syndicate
The customer
Q4. Identify a potential problem that customers risk if they rely solely on vendor cloud security tools.
Select one:
The tools can be expensive because they are based on a metered per-incident basis.
The tools provide basic security and do not secure all facets of a multi-cloud environment.
The tools can interfere with BYOD and other Wi-Fi devices.
The tools are too complicated and consume too many valuable MIS resources..
Q5. Which reason drove organizations to use cloud services?
Select one:
Use of browser-based applications that on-premises servers could not.
Greater security for organizational data and services.
Cost savings by paying for only what computer services were needed.
Greater access and control of the business data..
NSE 2 Threat Intelligence Services
Q1. Which method best defeats unknown malware?
Select one:
Predicted malware detection
Signature-based detection
Web filtering
Sandboxing
Q2. Which two organizations are examples of a threat intelligence service that serves the wider security community? (Choose two.)
Select one or more:
NIST
Malware-as-a-Service
Cyber Threat Alliance
FortiGuard Labs
Q3. Which statement best describes an indicator of compromise (IoC)?
Select one:
A list of network devices that are known to be compromised
Sources of potential threat actors and their sponsors
Evidence that a cyberattack has happened or is ongoing
Valuable information about computer systems and the network
Q4. What is the sandbox detection method known as?
Select one:
Heuristic detection
Rule-based detection
Check sum detection
Signature-based detection
Q5. In the early days, with which three frequencies did vendors update AV signatures? (Choose three.)
Select one or more:
Bi-annually
Monthly
Weekly
Annually
Quarterly
NSE 2 Sandbox
Q1. Which feature in early networks made aggregating threat intelligence difficult?
Select one:
Virtualization
Segmentation
Point solutions
Hybrid cloud environments
Q2. Within the computer security context, what is a sandbox?
Select one:
A service in the Cloud used to collect and share threat intelligence
A segment of the network reserved for testing unknown programs
An isolated virtual environment to test suspicious files and hyperlinks
A process used to identify, describe, and categorize malware
Q3. Which feature characterizes third-generation sandbox technology?
Select one:
Streamlines manual testing
Scanning of encrypted data streams
Faster network speeds
Automation and artificial intelligence
Q4. Which new development in malware caused sandbox technology to automate and introduce artificial intelligence learning?
Select one:
Ransomware
AI-driven attacks
Polymorphic viruses
Trojan horse
Q5. What is a zero-day attack?
Select one:
Malware that converts all data bits to zeros
A new and unknown computer virus
A cyberattack that exploits an unknown software vulnerability
A computer virus that receives instructions from a Command and Control server
NSE 2 Secure Email Gateway
Q1. Which option identifies the trend of phishing?
Select one:
Increasing
Plateaued
Erratic
Declining
Q2. Which challenge caused secure email gateway (SEG) to adopt automation and machine learning?
Select one:
Volume of attacks
Data loss
Success of click-bait
Delay in implementing the sender policy framework
Q3. Which technique used by threat actors is known as phishing?
Select one:
An attacker observes websites that a targeted group visits, and herds them into an infected website
A fraudulent practice of sending emails purporting to be reputable in order to steal information
Fraudulent messages that target a specific role or person within an organization
Irrelevant or inappropriate messages sent on the Internet to a large number of recipients
Q4. Which method did the earliest spam filter use to stop spam?
Select one:
Detected unusual behaviour
Detected illegitimate email addresses
Tested emails in a sandbox environment
Identified specific words or patterns
Q5. Which two methods are used by threat actors to compromise your device when conducting phishing campaigns? (Choose two.)
Select one or more:
Click bait
An infected thumb drive
An embedded hyperlink within an email
An attachment to an email
NSE 2 Web Filter
Q1. Which two reasons gave rise to web filters? (Choose two.)
Select one or more:
Web filters promote education.
Web filters stop objectionable content.
Web filters improve security.
Web filters reduce network traffic.
Q2. Which two actions describe how web filters work? (Choose two.)
Select one or more:
Web filters consult a threat actor database.
Web filters apply heuristic analysis.
Web filters consult URL deny lists and allow lists.
Web filters filter sites by keywords and predefined content.
Q3. Which attribute best describes how early web filters worked?
Select one:
Web filter use heuristics.
Web filters use big data comparative analysis.
Web filters are rule-based.
Web filters are role-based.
Q4. What task can other types of web filters perform?
Select one:
Facilitating network traffic throughput
Categorizing content
Testing files on segregated VMs
Searching for content
Q5. How did web filters improve computer security?
Select one:
They blocked lewd websites.
They blocked adware, spam, viruses, and spyware.
They prevented denial of service attacks.
They tested all URLs in segregated VMs to see what they would do.
NSE 2 Security Information & Event Management
Q1. Which feature is a characteristic of later SIEMs?
Select one:
Automatic backups and integrity checking
User and entity behavior analytics (UEBA)
Deciphering encrypted data flows
Collect, normalize, and store log events and alerts
Q2. Which problem was a barrier to the general acceptance of first-generation SIEM?
Select one:
Cost to purchase was prohibitive
Did not have the features needed by organizations
The point solution approach to network security
High-level of skill was required
Q3. Which compliance, if ignored by businesses, hospitals, and other organizations, can result in punitive fines?
Select one:
Complying to machine learning checks
Complying to automatic backups and integrity checks
Complying to User and entity behavior analytics (UEBA)
Complying to regulations
Q4. Which feature provides SIEM greater visibility into the entire network?
Select one:
Complying with regulations
Analyzing logs and alerts from a single-pane-of-glass
Sharing of logs by IoTs and BYODs
Deciphering encrypted logs and alerts
Q5. Which two requirements were the motivation for SIEM? (Choose two.)
Select one or more:
Complying to regulations
Increasing number of alerts
Exploiting Big Data
Remaining competitive
NSE 2 SASE
Q1. What does the term “Thin Edge” refer to?
Select one:
Branch locations with minimal security that are attached to a core network
Remote users
A poorly protected network
An organization that consumes little to no cloud-based services
Q2. Which statement is true regarding how SASE is delivered?
Select one:
SASE must be delivered using cloud-based services only
SASE is delivered only to remote users, and not to branch offices
SASE must be delivered using a combination of physical on premise devices and cloud-based services
SASE is delivered using a combination of cloud-based services and optional physical on premise devices
Q3. What are three core capabilities of SASE? (Choose three)
Select one or more:
Zero-Trust network access
Threat intelligence sharing
Next-Generation firewall
Data loss prevention
Security Fabric management
Q4. What are two benefits of SASE? (Choose two)
Select one or more:
Consistent security for mobile workforces
Optimized paths for all users to all clouds to improve performance and agility
Limits “Bring-Your-Own-Device” behavior in the organization
Shift from operating expense to capital expense
Limits the number of remote off network users connecting to cloud-based applications
Q5. For network security, which three challenges have emerged as a result of rapid and disruptive digital innovation? (Choose three)
Select one or more:
Expanding attack surface
Too few security vendors to choose from
Evolving compliance requirements
Resistance to multi-cloud adoption from the enterprise
Growing number of off-network users accessing the central data center, without proper security
NSE 2 SD-WAN
Q1. Which two benefits are gained from using an SD-WAN centralized management console? (Choose two.)
Select one or more:
Greater network visibility
An ability to prioritize business-critical applications
Greater data protection
A diversity of management consoles and processes
Q2. Which business trend caused greater latency to the internet in the network model for the single, dedicated service provider?
Select one:
Demand for more cloud applications and services
Greater expenditures on research and development
Moving from physical appliances to virtual appliances
A focus on more capital expenditures
Q3. Complete the sentence. WAN is a computer network that
Select one:
spans a large geographic area and typically consists of two or more LANs.
limits the number of switches and routers to reduce maintenance and administration.
uses primarily virtual computers, thus expanding the east-west axis.
is a hybrid of on-premise devices and virtual servers across multiple cloud vendors.
Q4. Why might managing multiple point products cause greater complexity for IT security? (Choose two.)
Select one or more:
Lack of integration between security products
Greater streamlined security processes
Usually, multiple management consoles are required
Understaffed IT security teams who lacked expertise
Q5. Earlier businesses used a single, dedicated service provider to connect to the internet. What was the primary weakness of this design?
Select one:
Inexpensive
Overly complex
Unsecure
Unreliable
NSE 2 Web Application Firewall
Q1. Which protocol traffic does a web application firewall (WAF) monitor?
Select one:
TCP
HTTP
IP
CLNP
Q2. Which firewall is positioned between a web application and the Internet?
Select one:
Segmentation firewall
Edge firewall
Packet filter firewall
Web application firewall
Q3. Which event was the motivation for web application firewall (WAFs)?
Select one:
The first wide area network (WAN)
ARPANET was brought online
The debut of the World Wide Web
The development of the hypertext transfer protocol
Q4. Which new feature characterized second-generation WAFs?
Select one:
Machine learning without human supervision
Port and protocol blocking
Packet analysis
Heuristics
Q5. Which three features are characteristics of the latest generation WAF? (Choose three.)
Select one or more:
DDoS defense
Network segmentation
DLP
SPU
IP reputation
NSE 2 SOAR
Q1. What is a common use case for an implementation of SOAR by customers?
Select one:
Guarding against DoS attacks
Logging events and alerts
Phishing investigations
Detecting zero-day attacks
Q2. Which statement best describes SOAR?
Select one:
SOAR connects all security tools together into defined workflows that can be run automatically
SOAR orients the security team by defining and categorizing cyberattacks
SOAR collects logs from all security tools to improve network visibility
SOAR plays out potential cyberattacks to improve network security preparedness
Q3. Which is a benefit of SOAR?
Select one:
It increases security team efficacy by automating repetitive processes
It reports on which endpoints require patching and have security vulnerabilities
It analyzes and generates a security score to measure improvements in network security
It deflects DDoS attacks and identifies the Command and Control source
Q4. What are playbooks used for?
Select one:
To plan a set of manual tasks to be completed by analysts
To automate the actions that an analyst would typically do manually
To describe the order in which analysts complete tasks
To provide a set of scenarios of predicted cyberattack methods
Q5. What are three reasons SOAR is used? (Choose three.)
Select one or more:
Analyze workload
Reduce alert fatigue
Compensate for the skill shortage
Collaborate with other analysts
Accelerate response times
