FGT Certificate FGT NSE 02 Network Security Associate Quiz Lesson - FULL


NSE 2 Firewall

Q1. What was a limitation of first-generation firewalls?

Select one:

Could not distinguish between malicious and legitimate applications

Granular policy capability made managing the firewall too complex

Produced many false positives, thereby overwhelming IT security

Filtered only at layer 3 of the OSI model

Q2. Which three traits are characteristics of a next generation firewall (NGFW)? (Choose three.)

Select one or more:

Inspects only unencrypted packets

Controls network traffic based on network address only

Can segment a network based on user, device, and application type

Controls applications based on type or who the user is

Delivers high-performance inspection

Q3. Complete the sentence. A packet filter firewall controls network traffic based on

Select one:

network addresses, protocols, and ports.

application behaviour or characteristics.

filtering layers 2—7 of the OSI model.

the behaviour of the network connections.

Q4. Which two types of firewalls can block a connection based on application type? (Choose two.)

Select one or more:

Second generation stateful

Application layer

Packet filter

Next-generation firewall (NGFW)

Q5. Which firewall generation can you configure to allow a user to connect to Facebook, but not watch videos from that site?

Select one:

Stateful firewall

Packet filter firewall

Dynamic packet firewall

Next-generation firewall (NGFW)

NSE 2 Network Access Control

Q1. Why are IoT devices potential conduits of contagion?

Select one:

There are too many incompatible IoT security standards in use

Not able to install security software

IoT devices are often cheaply made

Does not support two-factor authentication

Q2. What action do you typically need to do to join a public network, such as one in a coffee shop?

Select one:

Submit your personal digital certificate

Provide biometric information

Register your handheld device

Agree to the legal terms for using the network

Q3. Which three parties participate in network authentication, according to the IEEE 802.1X standards? (Choose three.)

Select one or more:

Certification authority

Client device



Authentication server

Q4. How does NAC effectively segment a network?

Select one:

User role

Device profile


IP address

Q5. What drives organizations to buy IoT devices?

Select one:

Mandated by government

Provide valuable data to the CFO

Required as part of an air-gap solution

Can save time and money

NSE 2 Endpoint Security

Q1. Which description best identifies file-based malware?

Select one:

A downloaded file, which when opened, runs malicious code or a script

A large number of irrelevant or inappropriate messages sent over the internet

The use of deception to manipulate individuals into divulging confidential information

Exploits security loopholes and spreads only in the device memory

Q2. Which type of malware seriously reduced the effectiveness of signature-based antivirus?

Select one:


Social engineering



Q3. Which three prevention-focused services are found in endpoint protection platform (EPP)? (Choose three.)

Select one or more:


Remediation tools

Data protection through encryption

Antivirus (AV)

Web filtering

Q4. Which two prevention-focused attributes are found in most contemporary endpoint security solutions? (Choose two.)

Select one or more:

Virtual patches

Machine learning (ML)



Q5. Why do threat actors target endpoints in a network?

Select one:

Antivirus software on endpoints is inferior to that on servers.

Compromising endpoints offers a greater challenge.

They are an easy point of entry into a network.

Endpoints have a greater monetary value than other assets, such as a database.

NSE 2 Wi-Fi

Q1. Which two features of Wi-Fi Protected Access 3 (WPA3) strengthened security? (Choose two.)

Select one or more:

The handshake for establishing connections became more secure.

Digital signatures were introduced to help identify valid access points (APs).

Complex passphrases were enforced.

The encryption key size was lengthened.

Q2. What weakness of Wired Equivalent Privacy (WEP) made it unsuitable to secure Wi-Fi communications?

Select one:

It did not enforce complex passwords.

The RC4 encryption algorithm was easily defeated.

It did not support digital signatures.

It was susceptible to man-in-middle attacks.

Q3. Which two security practices make your home wireless network safer? (Choose two.)

Select one or more:

Install antivirus software on all Wi-Fi devices.

Keep your router firmware up to date.

Pick passphrases that are hard to guess.

Consult with NIST as to the latest security strategies.

Q4. What is Wi-Fi?

Select one:

An Ethernet networking protocol

Fiber that makes wireless technology possible

Technology for radio wireless local area networks

Quality audio technology

Q5. Wi-Fi is based on which standard?

Select one:


RFC 826

IEEE 802.11

ISO 5750

NSE 2 Cloud Security

Q1. Identify the correct description for IaaS.

Select one:

Integrates multi-cloud environments with the on-premises network

Provides an online platform for developing software delivered over the internet

Allows you to rent, or use for free, software, like Google Mail

Allows you to rent virtualized data infrastructure without having to physically manage it on premises

Q2. What is an example of SaaS?

Select one:


Google mail


OS patching

Q3. Who has ultimate responsibility for the safety of the customer’s data and services hosted in the cloud?

Select one:

The cloud service provider

The Interpol cloud security service

The cloud security syndicate

The customer

Q4. Identify a potential problem that customers risk if they rely solely on vendor cloud security tools.

Select one:

The tools can be expensive because they are based on a metered per-incident basis.

The tools provide basic security and do not secure all facets of a multi-cloud environment.

The tools can interfere with BYOD and other Wi-Fi devices.

The tools are too complicated and consume too many valuable MIS resources..

Q5. Which reason drove organizations to use cloud services?

Select one:

Use of browser-based applications that on-premises servers could not.

Greater security for organizational data and services.

Cost savings by paying for only what computer services were needed.

Greater access and control of the business data..

NSE 2 Threat Intelligence Services

Q1. Which method best defeats unknown malware?

Select one:

Predicted malware detection

Signature-based detection

Web filtering


Q2. Which two organizations are examples of a threat intelligence service that serves the wider security community? (Choose two.)

Select one or more:



Cyber Threat Alliance

FortiGuard Labs

Q3. Which statement best describes an indicator of compromise (IoC)?

Select one:

A list of network devices that are known to be compromised

Sources of potential threat actors and their sponsors

Evidence that a cyberattack has happened or is ongoing

Valuable information about computer systems and the network

Q4. What is the sandbox detection method known as?

Select one:

Heuristic detection

Rule-based detection

Check sum detection

Signature-based detection

Q5. In the early days, with which three frequencies did vendors update AV signatures? (Choose three.)

Select one or more:






NSE 2 Sandbox

Q1. Which feature in early networks made aggregating threat intelligence difficult?

Select one:



Point solutions

Hybrid cloud environments

Q2. Within the computer security context, what is a sandbox?

Select one:

A service in the Cloud used to collect and share threat intelligence

A segment of the network reserved for testing unknown programs

An isolated virtual environment to test suspicious files and hyperlinks

A process used to identify, describe, and categorize malware

Q3. Which feature characterizes third-generation sandbox technology?

Select one:

Streamlines manual testing

Scanning of encrypted data streams

Faster network speeds

Automation and artificial intelligence

Q4. Which new development in malware caused sandbox technology to automate and introduce artificial intelligence learning?

Select one:


AI-driven attacks

Polymorphic viruses

Trojan horse

Q5. What is a zero-day attack?

Select one:

Malware that converts all data bits to zeros

A new and unknown computer virus

A cyberattack that exploits an unknown software vulnerability

A computer virus that receives instructions from a Command and Control server

NSE 2 Secure Email Gateway

Q1. Which option identifies the trend of phishing?

Select one:





Q2. Which challenge caused secure email gateway (SEG) to adopt automation and machine learning?

Select one:

Volume of attacks

Data loss

Success of click-bait

Delay in implementing the sender policy framework

Q3. Which technique used by threat actors is known as phishing?

Select one:

An attacker observes websites that a targeted group visits, and herds them into an infected website

A fraudulent practice of sending emails purporting to be reputable in order to steal information

Fraudulent messages that target a specific role or person within an organization

Irrelevant or inappropriate messages sent on the Internet to a large number of recipients

Q4. Which method did the earliest spam filter use to stop spam?

Select one:

Detected unusual behaviour

Detected illegitimate email addresses

Tested emails in a sandbox environment

Identified specific words or patterns

Q5. Which two methods are used by threat actors to compromise your device when conducting phishing campaigns? (Choose two.)

Select one or more:

Click bait

An infected thumb drive

An embedded hyperlink within an email

An attachment to an email

NSE 2 Web Filter

Q1. Which two reasons gave rise to web filters? (Choose two.)

Select one or more:

Web filters promote education.

Web filters stop objectionable content.

Web filters improve security.

Web filters reduce network traffic.

Q2. Which two actions describe how web filters work? (Choose two.)

Select one or more:

Web filters consult a threat actor database.

Web filters apply heuristic analysis.

Web filters consult URL deny lists and allow lists.

Web filters filter sites by keywords and predefined content.

Q3. Which attribute best describes how early web filters worked?

Select one:

Web filter use heuristics.

Web filters use big data comparative analysis.

Web filters are rule-based.

Web filters are role-based.

Q4. What task can other types of web filters perform?

Select one:

Facilitating network traffic throughput

Categorizing content

Testing files on segregated VMs

Searching for content

Q5. How did web filters improve computer security?

Select one:

They blocked lewd websites.

They blocked adware, spam, viruses, and spyware.

They prevented denial of service attacks.

They tested all URLs in segregated VMs to see what they would do.

NSE 2 Security Information & Event Management

Q1. Which feature is a characteristic of later SIEMs?

Select one:

Automatic backups and integrity checking

User and entity behavior analytics (UEBA)

Deciphering encrypted data flows

Collect, normalize, and store log events and alerts

Q2. Which problem was a barrier to the general acceptance of first-generation SIEM?

Select one:

Cost to purchase was prohibitive

Did not have the features needed by organizations

The point solution approach to network security

High-level of skill was required

Q3. Which compliance, if ignored by businesses, hospitals, and other organizations, can result in punitive fines?

Select one:

Complying to machine learning checks

Complying to automatic backups and integrity checks

Complying to User and entity behavior analytics (UEBA)

Complying to regulations

Q4. Which feature provides SIEM greater visibility into the entire network?

Select one:

Complying with regulations

Analyzing logs and alerts from a single-pane-of-glass

Sharing of logs by IoTs and BYODs

Deciphering encrypted logs and alerts

Q5. Which two requirements were the motivation for SIEM? (Choose two.)

Select one or more:

Complying to regulations

Increasing number of alerts

Exploiting Big Data

Remaining competitive


Q1. What does the term “Thin Edge” refer to?

Select one:

Branch locations with minimal security that are attached to a core network

Remote users

A poorly protected network

An organization that consumes little to no cloud-based services

Q2. Which statement is true regarding how SASE is delivered?

Select one:

SASE must be delivered using cloud-based services only

SASE is delivered only to remote users, and not to branch offices

SASE must be delivered using a combination of physical on premise devices and cloud-based services

SASE is delivered using a combination of cloud-based services and optional physical on premise devices

Q3. What are three core capabilities of SASE? (Choose three)

Select one or more:

Zero-Trust network access

Threat intelligence sharing

Next-Generation firewall

Data loss prevention

Security Fabric management

Q4. What are two benefits of SASE? (Choose two)

Select one or more:

Consistent security for mobile workforces

Optimized paths for all users to all clouds to improve performance and agility

Limits “Bring-Your-Own-Device” behavior in the organization

Shift from operating expense to capital expense

Limits the number of remote off network users connecting to cloud-based applications

Q5. For network security, which three challenges have emerged as a result of rapid and disruptive digital innovation? (Choose three)

Select one or more:

Expanding attack surface

Too few security vendors to choose from

Evolving compliance requirements

Resistance to multi-cloud adoption from the enterprise

Growing number of off-network users accessing the central data center, without proper security


Q1. Which two benefits are gained from using an SD-WAN centralized management console? (Choose two.)

Select one or more:

Greater network visibility

An ability to prioritize business-critical applications

Greater data protection

A diversity of management consoles and processes

Q2. Which business trend caused greater latency to the internet in the network model for the single, dedicated service provider?

Select one:

Demand for more cloud applications and services

Greater expenditures on research and development

Moving from physical appliances to virtual appliances

A focus on more capital expenditures

Q3. Complete the sentence. WAN is a computer network that

Select one:

spans a large geographic area and typically consists of two or more LANs.

limits the number of switches and routers to reduce maintenance and administration.

uses primarily virtual computers, thus expanding the east-west axis.

is a hybrid of on-premise devices and virtual servers across multiple cloud vendors.

Q4. Why might managing multiple point products cause greater complexity for IT security? (Choose two.)

Select one or more:

Lack of integration between security products

Greater streamlined security processes

Usually, multiple management consoles are required

Understaffed IT security teams who lacked expertise

Q5. Earlier businesses used a single, dedicated service provider to connect to the internet. What was the primary weakness of this design?

Select one:


Overly complex



NSE 2 Web Application Firewall

Q1. Which protocol traffic does a web application firewall (WAF) monitor?

Select one:





Q2. Which firewall is positioned between a web application and the Internet?

Select one:

Segmentation firewall

Edge firewall

Packet filter firewall

Web application firewall

Q3. Which event was the motivation for web application firewall (WAFs)?

Select one:

The first wide area network (WAN)

ARPANET was brought online

The debut of the World Wide Web

The development of the hypertext transfer protocol

Q4. Which new feature characterized second-generation WAFs?

Select one:

Machine learning without human supervision

Port and protocol blocking

Packet analysis


Q5. Which three features are characteristics of the latest generation WAF? (Choose three.)

Select one or more:

DDoS defense

Network segmentation



IP reputation


Q1. What is a common use case for an implementation of SOAR by customers?

Select one:

Guarding against DoS attacks

Logging events and alerts

Phishing investigations

Detecting zero-day attacks

Q2. Which statement best describes SOAR?

Select one:

SOAR connects all security tools together into defined workflows that can be run automatically

SOAR orients the security team by defining and categorizing cyberattacks

SOAR collects logs from all security tools to improve network visibility

SOAR plays out potential cyberattacks to improve network security preparedness

Q3. Which is a benefit of SOAR?

Select one:

It increases security team efficacy by automating repetitive processes

It reports on which endpoints require patching and have security vulnerabilities

It analyzes and generates a security score to measure improvements in network security

It deflects DDoS attacks and identifies the Command and Control source

Q4. What are playbooks used for?

Select one:

To plan a set of manual tasks to be completed by analysts

To automate the actions that an analyst would typically do manually

To describe the order in which analysts complete tasks

To provide a set of scenarios of predicted cyberattack methods

Q5. What are three reasons SOAR is used? (Choose three.)

Select one or more:

Analyze workload

Reduce alert fatigue

Compensate for the skill shortage

Collaborate with other analysts

Accelerate response times