Chapter 11: Practice Test 3 431
- B. EAP was originally intended to be used on physically isolated network channels and
did not include encryption. Fortunately, it was designed to be extensible, and PEAP can
provide TLS encryption. EAP isn’t limited to PEAP as an option as EAP-TLS also exists,
providing an EAP TLS implementation, and the same extensibility allows a multitude of
other authentication methods. - C. The 192.168.0.0 to 192.168.255.255 address range is one of the ranges defined by
RFC 1918 as private, nonroutable IP ranges. Scott’s ISP (and any other organization with
a properly configured router) will not route traffic from these addresses over the public
Internet. - B. She should use a KPI (Key Performance Indicator). KPIs are used to measure
success, typically in relation to an organization’s long-term goals. Metrics are measures,
and although a KPI can be a metric, metrics are not all KPIs. SLAs are service level
agreements, and metrics can help determine whether they are being met. Objectives and
key results (OKRs) are used to connect employee performance to results using subjective
measures for objectives and quantitative measures for key results. - A. A well-designed set of VLANs based on functional groupings will logically separate
segments of the network, making it difficult to have data exposure issues between VLANs.
Changing the subnet mask will only modify the broadcast domain and will not fix issues
with packet sniffing. Gateways would be appropriate if network protocols were different
on different segments. Port security is designed to limit which systems can connect to a
given port.
Chapter 11: Practice Test
- B. NIST SP 800-18 describes system owner responsibilities that include helping to
develop system security plans, maintaining the plan, ensuring training, and identifying,
implementing, and assessing security controls. A data owner is more likely to delegate
these tasks to the system owner. Custodians may be asked to enforce those controls,
whereas a user will be directly affected by them. - C. ESP’s Transport mode encrypts IP packet data but leaves the packet header
unencrypted. Tunnel mode encrypts the entire packet and adds a new header to support
transmission through the tunnel. - B. In level 2, the Repeatable level of the SW-CMM, an organization introduces basic
lifecycle management processes. Reuse of code in an organized fashion begins and
repeatable results are expected from similar projects. The key process areas for this level
include Requirements Management, Software Project Planning, Software Project Tracking
and Oversight, Software Subcontract Management, Software Quality Assurance, and
Software Configuration Management. Software Quality Management is a process that
occurs during level 4, the Managed stage of the SW-CMM.