1. The security team notices that the Always On VPN solution sometimes fails to connect. This leaves remote users unprotected because they cannot connect to the on-premises web proxy. Which of the following changes will best provide web protection in this scenario?
A. Implement network access control.
B. Configure the local gateway to point to the VPN.
C. Create a public NAT to the on-premises proxy.
D. Install a host-based content filtering solution. Correct
Explanation
When the VPN fails, the user's device loses connection to the on-premises web proxy, leaving web traffic unprotected. A host-based content filtering solution runs locally on the endpoint, providing continuous web protection regardless of VPN connectivity. This is the most direct and reliable solution. NAC (A) controls network access but doesn't inherently provide web filtering. Pointing the gateway to the VPN (B) doesn't help if the VPN is down. A public NAT to the proxy (C) exposes the internal proxy to the internet, creating a major security risk.
2. A security manager wants to reduce the number of steps required to identify and contain basic threats. Which of the following will help achieve this goal?
A. SOAR Correct
B. SIEM
C. DMARC
D. NIDS
Explanation
SOAR (Security Orchestration, Automation, and Response) platforms are specifically designed to automate security workflows, reducing manual steps for identifying, investigating, and containing threats. SIEM (B) aggregates and correlates logs but doesn't inherently automate responses. DMARC (C) is an email authentication protocol. NIDS (D) is a detection tool, not an automation platform.
3. When used with an access control vestibule, which of the following would provide the best prevention against tailgating?
A. PIN
B. Access card
C. Security guard Correct
D. CCTV
Explanation
A security guard can physically monitor the vestibule (mantrap) and ensure only one person enters per authorization, directly preventing tailgating. A PIN (A) or access card (B) can be used by one person but doesn't stop a second person from following. CCTV (D) provides surveillance but not real-time prevention.
4. To which of the following security categories does an EDR solution belong?
A. Physical
B. Operational
C. Managerial
D. Technical Correct
Explanation
EDR (Endpoint Detection and Response) is a technical control that involves software agents on endpoints to detect, investigate, and respond to threats. Physical controls (A) are barriers like locks. Operational controls (B) are processes and procedures. Managerial controls (C) are administrative policies and governance.
5. A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?
A. Deploying PowerShell scripts
B. Pushing GPO update Correct
C. Enabling PAP
D. Updating EDR profiles
Explanation
In a Windows domain environment, Group Policy Objects (GPOs) are the standard, efficient way to centrally deploy password policy changes to all domain-joined systems. PowerShell scripts (A) can be used but are less standardized for this specific task. PAP (C) is an insecure authentication protocol. EDR profiles (D) manage endpoint security, not password policies.