• Author / Uploaded
• Nayeem

Citation preview

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

____________________________________________________________ Module 1 – SORA 1. What are playbooks used for? Select one: To optimize manual processes. To describe the order analyst’s complete tasks. The plan an analyst creates to complete a task manually. To automate actions an analyst typically would have to complete manually. 2. Identify a benefit of SOAR. Select one: Increases your security teams efficiency by automating repetitive manual processes. Reports on all endpoints that require patching. Analyzes and generates a security score to better measure improvements in network security. Elevates the security team’s sense of success.

Question text 3.

From the choices below, what is the best description of S.O.A.R?

Select one: Combines the processes and the security tools available to exploit opportunities given a particular situation. Correctly orients the security team to address the cyber threat according to the situation. Connects all tools in your security stack together into defined workflows that can be run automatically. 4. What is alert fatigue? Select one: When a SOAR solution is overloaded with alerts. When an analyst is overwhelmed from the number of alerts coming in. When a team reduces the number of alerts coming in using SOAR. When the number of alerts decline. 5. Why is SOAR used? Select one:

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

To analyze workload, organize an analysts tasks, and allow teams to respond using their own processes. To collaborate with other analysts during investigations. To replace tier 1 analysts and automate all of their tasks. To synchronize tools, accelerate response times, reduce alert fatigue, and compensate for the skill shortage gap.

____________________________________________________________ Module 2 – Cloud Computing 1. What is cloud computing? Select one: The practice of using in-house servers with high speed Internet links. The practice of connecting various computers and other network devices together using hubs, switches, and routers. A collection of computers interconnected through virtual private networks. The practice of using a network of remote servers hosted on the Internet to store, manage, and process data. 2. When a customer’s data and services are moved to the cloud, who is ultimately responsible for the security of the data? Select one: The device provider The Internet service provider The customer The cloud provider 3. What drove organizations to move from the traditional network architecture to the cloud? Select one: The cloud can make network security more complicated. The cloud can double the throughput of network devices. The cloud allows for potential cost savings, and moves costs from capital to operational budgets. The cloud allows you to move data centers and other services to a third-party network.

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

4. What was the technology that made cloud computing possible? Select one: Legislation Virtualization IAAS Data centers 5. Which three cloud service vendors does the Fortinet Security Fabric integrate with? (Choose three.) Select one or more: VMware ESXi Google Cloud Azure AWS SAP

____________________________________________________________ Module 3 SD-WAN 1. What are two major weaknesses of SD-WAN? (Choose two.) Select one or more: No inherent defense against advanced threats Traffic steering can be controlled Encrypting data conceals viruses that can bypass an antivirus check Direct internet access is possible

2. What are two advantages of having integrated security and SD-WAN in a single appliance? (Choose two.) Select one or more: Backhauls all traffic to the data center for inspection Needs additional security device for inspection Provides secure direct Internet access Allows all incoming traffic without inspection Provides application control for encrypted traffic

3. What are two attributes of an SD-WAN network? (Choose two.)

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

Select one or more: Risks application failure due to dedicated link Augments MPLS with affordable broadband connections Has no application visibility Simplifies with zero-touch provisioning and centralized control

4. In which two ways does FortiGate solve security issues with SD-WAN? (Choose two.) Select one or more: Supports basic network firewall only Includes application control, URL filtering, IPS Does not support user authentication and malware detection Integrates with FortiSandbox and provides SSL inspection

5. Which two statements about SD-WAN are true? (Choose two.) Select one or more: Malware protection is always built into SD-WAN. SD-WAN adds complexity to network deployment. Traffic control is a significant feature of SD-WAN. SD-WAN can provide application visibility.

____________________________________________________________ Module 4 ENDPOINTS ____________________________________________________________ 1. What were early endpoint security products known as? Select one: Floppy disks Sandboxes Antivirus software Disk or Data recovery tools 2. Which device is not considered an endpoint device? Select one: Ethernet switch Laptop

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

Smartphone IoT device 3. In addition to existing, known threats, what other types of threats must modern endpoint solutions detect? Select one: Network latency or network traffic analysis Wi-Fi interference Hard drive crashes Unknown threats 4. What must modern endpoint solutions do to be effective today? Select one: Block network connections that use the IPX protocol Go beyond simple signature comparisons Block spam emails Block all network traffic 5. How did the rise of the Internet affect the rate at which new malware variants appear? Select one: The rate stayed the same The rate increased slightly The rate decreased The rate increased tremendously _________________________________________________________________________

Module 5 Threat Intelligence Services 1. Which are three functions of sandboxing? (Choose three.) Select one or more: Sandboxes can send the details to the vendor’s threat intelligence service so that the details can be shared worldwide. Sandboxing quarantines suspicious files and immediately flags them as malware. Sandboxing products take a suspect file and places it in an environment where its behaviors can be closely analyzed.

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

Depending on the configuration, the owner of the sandbox can propagate this new knowledge across their network security environment. After some time, if nothing malicious is detected in the quarantined files, the sandbox declares them as safe and releases them from quarantine. 2. In the early days of threat intelligence service, in which three timeframes were vendor updates released? (Choose three.) Select one or more: Every week Monthly Quarterly Twice a year Once a year 3. What happened when malware became more sophisticated and able to change its own file content? Select one: A single type of malware became an entire malware family, consisting of perhaps thousands of different files, but each file performing the same bad behaviors. A single type of malware did not multiply and no bad behavior was detected. One new type of malware was detected per year, resulting in the growth of the malware family. Less sophisticated malware was still able to evade classic signature-based scanning. Malware signatures did not change, and it was not able to sneak by older antivirus products. 4. Which statement about cyber-attacks is true? Select one: Security products and threat intelligence services that can act together in real time stand the best chance of stopping these attacks. It is important that individuals become more aware of and knowledgeable about any attacks. Sharing intelligence among security vendors is the best way to fight threats. There is no secrecy within security vendors and all information is shared. As bad actors continue to evolve it is important to invest in expensive security products. 5. What happens when each known malware file is represented by a one-to-one signature approach?

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

Select one: It does not scale well, because the number of malware files increases by millions or more each day. The malware count increases daily, however it can be detected early by a one-to-one signature approach. The variations of malware are easily detected thanks to the affordability of malware kits. Malware-as-a-service organizations provide do-it-yourself malware kits as a solution. There are more vendor organizations that are able to keep up with the increasing number of malware files. ____________________________________________________________________________

Module 6 Firewall 1. What is Fortinet’s range of next-generation firewall devices called? Select one: FortiFirewall FortiGuard FortiBlocker FortiGate 2. What three key, additional security features do next-generation firewalls provide, that legacy firewalls do not? (Choose three.) Select one or more: Application visibility and control Intrusion prevention system (IPS) Web application firewall Packet-filtering based on IP address 3. What works closely with FortiGate next-generation firewall products to provide the highest level of network security? Select one: RFCs NSS Labs FortiGuard Labs Gartner

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

4. With the explosion of the World Wide Web, the composition of network protocols skewed heavily towards HTTP. What challenge did this shift pose to legacy firewalls? Select one: HTTP request methods were too complex and diverse. HTTP was an application layer protocol that relied heavily on TCP. Different web applications used the same HTTP port number, making it difficult for firewalls to distinguish between applications. Firewalls did not have visibility into HTTP ports. 5. What did early packet filter firewalls do when they detected a packet that did not comply with their rules? (Choose two.) Select one or more: Marked the packet as suspect, but continued to send to the destination IP address Blocked the packet and sent a message to the sender Launched a DDOS attack on the sender’s IP address Silently dropped the packet

____________________________________________________________ Module 7 Network Access Control 1. When NAC is first deployed, what is one of the first tasks it performs? Select one: Configures the firewall Installs AV software Compares the signature of the file with a list of known virus signatures Profiles all connected devices 2. What is one characteristic of headless devices? Select one: Devices that have only AV software installed Devices that cannot take a 3rd party security agent Devices that are connected only to a wired network Devices that provide only centralized architecture

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

3. What two security challenges do IoT devices present to IT security professionals? (Choose two.) Select one or more: They can be exploited by bad actors. They are time consuming to deploy. They often do not support security programs. They are frequently stolen. 4. Which three statements are advantages of implementing a FortiNAC solution? (Choose three.) Select one or more: The FortiNAC solution has complete visibility into the network. FortiNAC is integrated into the security framework. The FortiNAC solution only supports BYOD environments. The FortiNAC solution supports only wireless networks. FortiNAC can profile headless devices that are not equipped with an agent. 5. Which two network security concerns have grown dramatically for businesses in recent years? (Choose two.) Select one or more: Malware protection requirements IoT devices connecting to a network Need for AVs Need for overall network visibility _________________________________________________________________________

Module 8 Sandbox

1. What is a zero-day attack? Select one: Vulnerability scanning from the zero-day Exploiting a vulnerability scanner Exploiting only zero-day configured firewalls. Exploiting an unknown deficiency in code. 2. How does sandbox solve the problem of aggregating threat intelligence data?

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

Select one: By alerting administrators to threats By sharing valuable threat intelligence to the security devices on its network By executing malicious code in multiple isolated environments By sharing malicious code with all devices on the network

3.

What is the purpose of the sandbox?

Select one: To flag and pass the known exploit to the endpoint to handle To observe the activity of unknown code in a quarantined environment To run vulnerability scans on all network endpoints To stop all BYOD network traffic 4. What are two characteristics of a sandbox? (Choose two.) Select one or more: If something unexpected or malicious happens, it affects only the sandbox. A sandbox only provides completely independent protection of IOT devices. A sandbox confines the actions of code to the sandbox device and in isolation to the rest of the network. A sandbox provides full network security. 5. Which two problems was network security experiencing before the introduction of a sandbox solution? (Choose two.) Select one or more: AVs were not introduced into network security. Network security was unable to handle a coordinated attack using different threat vectors and methods. Firewalls were non-existent. Security devices did not communicate with other security devices on the network.

____________________________________________________________ Module 9 Secure Email Gateway

1. What is phishing? Select one:

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

The process of scanning for network vulnerabilities The practice of changing user credentials The practice of tricking unsuspecting people into revealing sensitive information or to handing over money The process of installing a fake firewall instance on the network

2. Which feature can be added to secure email gateway? Select one: Data storage processing (DSP) Data level protection (DLP) Distributed leak prevention (DLP) Data leak prevention (DLP) 3. What are two characteristics of FortiMail? (Choose two.) Select one or more: FortiMail integrates with firewalls and sandboxing solutions. FortiMail is a sandboxing solution. FortiMail is a next-generation firewall (NGFW). FortiMail is a secure email gateway (SEG).

4. What are two benefits of FortiMail integration? (Choose two.) Select one or more: FortiMail can be integrated with segmentation firewalls. FortiMail does not need to be continually updated. FortiMail can be integrated with edge firewalls. FortiMail does not need to be centrally managed. 5. For which two reasons do you need to deploy Sender Policy Framework (SPF)? (Choose two.) Select one or more: SPF secures the network by strengthening the authentication method. SPF is an email authentication method that detects fake sender addresses and emails. SPF is able to stop unknown threats; firewalls cannot.

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

SPF scans only the network traffic, and it became a standard in 2014.

____________________________________________________________ Module 10 SIEM

1. How did SIEM evolve? Select one: As a threat intelligence center only From an information platform to a fully integrated and automated center for security and network operations From an information platform to a threat intelligence center As an information platform only

2. Which two requirements led to the development of SIEM? (Choose two.) Select one or more: To measure and prove compliance to various legislations To perform vulnerability scanning To contend with the flood of alerts issued from IPSs and IDSs To simulate phishing attacks 3. What does the term SIEM stand for? Select one: Security Information and Emergency Management Security Information and Event Manager Security Information and Electronic Messaging Security Information and Email Management 4. Which three regulatory standards and acts must businesses, hospitals, and other organizations comply with? (Choose three.) Select one or more: PCI XSLT HIPAA GDPR

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

SPML

5. Which three problems does SIEM solve? (Choose three.) Select one or more: More sophisticated and stealthy cyber attacks The lack of security awareness by employees The lack of implementation of authentication methods The complexity of technology and the difficulty with identifying attacks The long delay in discovering security breaches by security teams

____________________________________________________________ Module 11 Forti Web

1. Which was the predecessor to a web application firewall? Select one: Internet filter Antivirus software Application firewall Web firewall 2. What does a web application firewall do? Select one: It allows applications to access online content. It prevents applications from accessing the web at certain times of the day. It monitors and blocks malicious HTTP/HTTPS traffic to and from a web application. It provides a means for businesses to monitor which web applications their users are accessing. 3. Which statement about integrating FortiGuard Labs with FortiWeb, is true? Select one: FortiGuard Labs is an optional feature that does not provide any benefits to FortiWeb. FortiGuard Labs provides vital updates to FortiWeb about new threats.

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

FortiGuard Labs can be integrated with other Fortinet products, as well as FortiWeb. FortiGuard Labs provides machine learning features to FortiWeb. 4. In which two ways does machine learning help make modern web application firewalls more effective? (Choose two.) Select one or more: It allows them to perform behavior analysis at machine speed. It allows them to adapt to the ever-changing attributes of threats. It allows them to choose the most appropriate web application for a given task. It allows them to return search results quicker than using traditional filtering methods. 5. Which two products can be integrated with FortiWeb? (Choose two.) Select one or more: FortiPhone FortiConnect FortiGate FortiFax FortiSandbox

____________________________________________________________ Module 12 Web Filter 1. Which method do web filters typically use to block web sites? Select one: They consult a URL database of websites and domains that are known to be harmful. They examine email links to ensure that URLs have not been spoofed. They inspect web pages in a secure container for viruses. They return search results from only sanctioned web sites. 2. What are two reasons our customers need web filters? (Choose two.) Select one or more: To prevent users from accessing objectionable content To allow users to customize the content they want To comply with regulatory policies such as GDPR To prevent users from accessing websites containing malware

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

3. Web filters use rules to determine which web sites are blocked. Who or what sets the rules in place? Select one: Governments Device manufacturers Law enforcement agencies The company or individual installing the application 4. Web filters can provide a safe browsing experience by blocking which three threats? (Choose three.) Select one or more: Spyware Viruses DHCP requests Adware 5. Which three products has Fortinet integrated web filters into? (Choose three.) Select one or more: FortiClient FortiGate FortiSandbox FortiAP FortiSIEM

____________________________________________________________ Module 13 Wi-Fi

IT Study Materials & Practical QAs NSE2 (Network Security Associate)

IT Study Materials & Practical QAs NSE2 (Network Security Associate)