Chapter 1 Fundamentals of network Security Assessment
E. Signal propagation
What is the primary security concern with wireless connections? A. Encrypted traffic B. Support for IPv6 C. Speed of connection D. Filtering of content E. Signal propagation
E. They all have flaws or limitations.
What is true about all security components and devices? A. They are all interoperable. B. They are all compatible with both IPv4 and IPv6. C. They always enforce confidentiality, integrity, and availability. D. They are sold with pre-defined security plans. E. They all have flaws or limitations.
A. Tunneling and encapsulation
What two terms are closely associated with VPNs? A. Tunneling and encapsulation B. Bridging and filtering C. Path and network management D. encapsulation and decapsulation E. Port forwarding and port blocking
A. Nonrepudiation B. Confidentiality C. Integrity D. Availability E. All of the above
Which of the following are common security objectives? A. Nonrepudiation B. Confidentiality C. Integrity D. Availability E. All of the above
B. RFC 1918 address
Which of the following are not benefits of IPv6? A. Native communication encryption B. RFC 1918 address C. Simplified routing D. Large address space E. Smaller packet header
E. Access to remediation servers
Which of the following is allowed under NAC if a host is lacking a security patch? A. Access to the Internet B. Access to e-mail C. Access to Web-based technical support D. Access to file servers E. Access to remediation servers
E. MAC address filtering
Which of the following is not a feature of proxy server? A. Caching Internet content B. Filtering content C. Hiding the identity of a requester D. Offering NAT services E. MAC address filtering
B. Centralized authentication
What distinguishes workgroups from client/server networks? (In other words, what feature is common to one of the these but not both?) A. DNS B. Centralized authentication C. List of shared resources D. User accounts E. Encryption
B. Single point of failure C. Bottlenecks
What elements of network design have the greatest risk of causing a Dos? (Select two.) A. Directory service B. Single point of failure C. Bottlenecks
A. VPN required for access
What is a difference between a DMZ and an extranet? A. VPN required for access B. Hosted resources C. External user access D. Border or boundary network E. Isolation from the private LAN
A. Anything used in a business task
What is an asset? A. Anything used in a business task B. Only objects of monetary value C. A business process D. Job descriptions E. Security policy
C. Examining traffic as it leaves a network
What is egress filtering? A. Investigating packets as they enter a subnet B. Allowing by default, allowing by exception C. Examining traffic as it leaves a network D. Prioritizing access based on job description E. Allowing all outbound communications without restriction
B. Protecting vulnerabilities before they are compromised
What is the benefit of learning to think like a hacker? A. Exploiting weaknesses in targets B. Protecting vulnerabilities before they are compromised C. Committing crimes without getting caught D. Increase in salary E. Better network design
D. Denying by default, allowing by exception
What is the most common default security stance employed on firewalls? A. Allowing by default B. Custom configuring of access based on user account C. Caching Internet content D. Denying by default, allowing by exception E. Using best available path
C. It is written down.
What is the most important characteristic of an effective security goal? A. It is inexpensive. B. It is possible with currently deployed technologies. C. It is written down. D. It is approved by all personnel. E. It is a green initiative.
C. Trusted third party
An outsider needs access to a resource hosted on your extranet. The outsider is a stranger to you, but one of your largest distributors vouches for him. if you allow him access to the resource, this is known as implementing what? A. DMZ B. Virtualization C. Trusted third party D. Remote control E. Encapsulation
D. Zero day
For what type of threat are there no current defenses? A. Information leakage B. flooding C. Buffer overflow D. Zero day E. Hardware failure
B. VPN
Remote control is to thin clients as remote access is to? A. NAC B. VPN C. DNS D. IPS E. ACL
B. Layer 2 address contains a network number C. Layer 2 address can be filtered with MAC address filtering E. Both C and D are true
Which of the following is true regarding a Layer 2 address and Layer 3 address? A. MAC address is at Layer 2 and is routable B. Layer 2 address contains a network number C. Layer 2 address can be filtered with MAC address filtering D. Network Layer address is at Layer 3 and is routable E. Both C and D are true
D. Everyone
Who is responsible for network security? A. Senior management B. IT and security staff C. End users D. Everyone E. Consultants