Question 91: ___________ code is a derogatory term for computer programming that is unnecessarily complicated.
Correct Answer: A. Spaghetti
Explanation: Spaghetti code is a derogatory term for computer programming that is unnecessarily convoluted, and particularly programming code that uses frequent branching from one section of code to another. Spaghetti code sometimes exists as the result of older code being modified a number of times over the years.
Question 92: Which of the following is a feature of a mobile device management (MDM) or unified endpoint management (UEM) platform?
A. Encrypts company data
B. Replaces VPN and encrypts company data
C. Separates company data from the rest of the device
D. Encrypts company data and separates company data from the rest of the device
Correct Answer: D. Encrypts company data and separates company data from the rest of the device
Explanation: Enrolling BYOD endpoints in an MDM or UEM platform enables IT teams to encrypt corporate data and separate it from the rest of the device.
Question 93: Which of the following tools gives organizations visibility into endpoints connected to their network to better address IoT security issues?
A. Device discovery tool
B. Threat intelligence platform
C. IoT gateway
Correct Answer: A. Device discovery tool
Explanation: Organizations need device discovery tools to achieve visibility into the endpoints connected to their networks and address potential security issues. Some device discovery tool features go beyond discovering IoT and other endpoint devices to include threat detection or endpoint profiling as well.
Question 94: Which term describes the capability of a remote router or endpoint to connect to more than one network service?
A. Double encryption
B. Split tunneling
C. Traffic sniffing
Correct Answer: B. Split tunneling
Explanation: Split tunneling is the capability of a remote router or endpoint to connect to more than one network service. While commonplace, split tunneling presents a challenge to VPN security because it enables direct internet access for some services, which can be a vector for attacks or exfiltration.
Question 95: Which is not a use case of AI for endpoint security?
A. Endpoint risk scoring
B. Replacing human security analysts
C. Cross-platform attack surface visibility
D. Facilitating regulatory compliance
Correct Answer: B. Replacing human security analysts
Explanation: All of the above are AI endpoint security tool use cases except replacing human analysts. The future of endpoint security will rest on the combination of human security professionals and AI technology to counter sophisticated threats.
Question 96: Which is the most effective way for IT to address endpoint security issues caused by users?
A. Control user desktop permissions
B. Control user behavior online
C. Tell users how to avoid harmful actions
D. Prohibit BYOD
Correct Answer: A. Control user desktop permissions
Explanation: IT cannot control user behavior, but it can control users’ desktop permissions. To curb endpoint security issues caused by users, enforcing security policies designed to prevent harmful user behavior is more effective than telling them what actions they can or cannot take.
Question 97: What type of security model do endpoint security systems typically employ?
A. Zero trust
Correct Answer: D. Client-server
Explanation: Advanced endpoint security systems typically employ a client-server security model, which consists of a centrally managed security tool to protect the network and client software installed on each endpoint accessing the network.
Question 98: Which of the following is not a typical feature of endpoint antimalware protection suites?
A. Endpoint detection and response (EDR)
B. Antivirus and antispyware
C. Cloud workload protection platform
D. Integrated firewall
Correct Answer: C. Cloud workload protection platform
Explanation: Endpoint antimalware suites incorporate multiple layers of protection capabilities, including EDR, antivirus, antispyware, integrated firewall, encryption tools and data loss prevention, as well as email and web browser protection. Cloud workload protection platforms are a separate category of cloud-specific security systems.
Question 99: Where is the network perimeter in a Secure Access Service Edge (SASE) architecture?
A. At the endpoint
B. In the data center
C. In a public cloud
D. In a private cloud
Correct Answer: A. At the endpoint
Explanation: SASE envisions the network perimeter where the endpoint exists, even if it is on a network outside of the organization’s control. There, SASE dynamically applies security policies based on the endpoint’s role.
Question 100: To protect endpoints and both cloud and on-premises environments from attack, organizations should integrate cloud-based SASE with which of the following?
A. Endpoint protection
C. Cloud access security broker and EDR
D. Endpoint protection and EDR
Correct Answer: D. Endpoint protection and EDR
Explanation: SASE is a cloud-based security model. For organizations to protect hybrid environments, they should integrate SASE with endpoint protection, as well as EDR.