CIS 288 Final

Ted is working in an organization. He is trying to access an application using port 80 but he's unable to establish the connection. How will Ted get access to the application?

- By supplying the port number in his connection URL Answer C is correct. Ted will supply the port number, which his organization is using in his connection URL to get access to the application. He can supply that port number using the following steps: Determine the port the server uses for connections. Get the correct domain needed for establishing a connection. Connect to the server using the correct port.

What is an open standard commonly used in VPNs that actually employs a suite of protocols for encrypting and authenticating IP communications?

-IPsec Internet Protocol Security (IPsec) is an open standard commonly used in Virtual Private Networks (VPNs) that actually employs a suite of protocols for encrypting and authenticating IP communications.

What is the best way to minimize the impact of exploits like CryptoLocker?

-Incremental Backups Frequent and incremental backups are the best way to minimize the impact of exploits like CryptoLocker.

What is the maximum power for Bluetooth class 1 devices?

- 100 mW Answer C is correct. Bluetooth class 1 devices operate at maximum power of 100 mW (20 dBm).

Which practice do spammers adapt to guess email addresses at a domain and then connect to the email server of that domain?

- DHA Spammers perform directory harvest attacks (DHAs), where they simply guess email addresses at a domain and then connect to the email server of that domain

What is the maximum number of devices that can be grouped together under the Bluetooth specification to form a piconet?

- Eight Answer D is correct. Under the Bluetooth specification, up to eight devices can be grouped together to form a piconet.

Which process refers to the conversion of electronic data into a form called ciphertext?

- Encryption Encryption is the conversion of electronic data into a form called ciphertext.

Which of the following statements are true about the Password Authentication Protocol (PAP)? Each correct answer represents a complete solution. Choose two.

- It is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. - It is a form of authentication, in which a user's name and password are transmitted over a network and compared to a table of name-pa pairs. Answers A and C are correct. The following are the correct statements about the Password Authentication Protocol (PAP): It is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. It is a form of authentication, in which a user's name and password are transmitted over a network and compared to a table of namepassword pairs. Answer B is incorrect. All network operating system remote servers support PAP. Answer D is incorrect. PAP is not considered a strong authentication protocol as it doesn't support encryption

What is another name for zoning?

- Network segmentation Network segmentation is also known as zoning

Mary is a security specialist in an organization. She needs to implement some specific standards to enable automated vulnerability management in her organization. Which of the following methods should Mary implement?

- SCAP Answer B is correct. Mary should implement Security Content Automation Protocol (SCAP), which is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, for example, FISMA compliance. The National Vulnerability Database (NVD) is the U.S. government content repository for SCAP. An example of an implementation of SCAP is OpenSCAP. Answer C is incorrect. Common Vulnerabilities and Exposures (CVE) is a system for referencing publicly known vulnerabilities. Answer D is incorrect. Open Vulnerability and Assessment Language (OVAL) is a security community standard for communicating security information such as configuration, vulnerabilities, patch levels, and so on. Answer A is incorrect. Common Vulnerability Scoring System (CVSS) is a system for scoring vulnerabilities from CVE, making it easier to understand security risks

Which protocol is used to send an email?

- SMTP Answer B is correct. Email is communicated using the Simple Mail Transfer Protocol (SMTP).

Which method creates a connection between a remote host and a local device through which services can be relayed?

- SSH tunneling Answer B is correct. SSH tunneling creates a connection between a remote host and a local device or computer through which services can be relayed

Alicia has used Bluetooth to establish communication between her computer and other wireless devices. What is the maximum number of devices can she pair with her computer using this technology?

- Seven Answer B is correct. Alicia can pair upto seven devices with her computer using Bluetooth, which is a wireless technology standard for exchanging data between fixed and mobile devices over short distances using short-wavelength UHF radio waves in the industrial, scientific and medical radio bands, and building personal area networks (PANs). In the computer networking environment, the Bluetooth specification enables several Bluetooth peripheral devices to simultaneously communicate with a host device. Bluetooth is used with local host computers communicating with wireless input and output devices such as mice, keyboards, and printers. Up to eight devices can communicate simultaneously using Bluetooth.

Which practice is used to prevent a common hacking technique known as port scanning?

- Stateful packet inspection Answer D is correct. Stateful packet inspection is used to prevent a common hacking technique known as port scanning.

What are the differences between Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)? Each correct answer represents a complete solution. Choose all that apply

- TCP is a connection-oriented pro protocol, whereas UDP is a connection-less protocol. -TCP allows data sequencing, whereas there is no sequencing of data in UDP. -TCP provides extensive error checking mechanisms, whereas UDP has only the basic error checking mechanism using checksums. Answers A, C, and D are correct. The following are the differences between Transmission Control Protocol (TCP) and User Datagram Protocol (UDP): TCP provides extensive error checking mechanisms, whereas UDP has only the basic error checking mechanism using checksums. TCP is a connection-oriented protocol, whereas UDP is a connection-less protocol. TCP allows data sequencing, whereas there is no sequencing of data in UDP. Answer B is incorrect. TCP is highly reliable, whereas UDP is not reliable.

Which user authentication protocol WPA uses to provide increased security?

- TKIP Answer B is correct. WPA uses the Temporary Key Integrity Protocol (TKIP) and IEEE 802.1X Extensible Authentication Protocol (EAP) user authentication protocol to provide increased security

Which of the following terms describes a packet that contains VLAN information?

- Tagged Answer C is correct. A tagged packet contains VLAN information

What is a broadband wireless access standard designed to provide Internet access across large geographic areas?

- WiMAX Answer A is correct. WiMAX is a broadband wireless access standard designed to provide Internet access across large geographic areas such as cities, counties, and in some cases countries.

Which type of cookie uses local browser HTML5 database storage?

- super Super cookies use local browser HTML5 database storage or Adobe Flash data storage

Which protocol provides data integrity and origin authentication to protect against replay attacks?

-AH Authentication Header (AH) provides data integrity and origin authentication to protect against replay attacks.

Which protocol offers a single login system that can lead to access to many services?

-LDAP The Lightweight Directory Access Protocol (LDAP) offers a single login system that can lead to access to many services

Which attack exploits the prime number sieve used in the key-generation process?

-Logjam The logjam attack exploits the prime number sieve used in the key-generation process, forcing it to use a 512-bit prime.

What is another name for tarpitting?

-Sticky honeypot Tarpitting is sometimes known as a sticky honeypot.

Which layer of the OSI model does a DDoS attack target?

-Transport A distributed DoS (DDoS) attack targets transport and network layers.

What is a mature, open-source, and cross-platform network protocol analyzer?

-Wireshark Wireshark is a mature, open-source, and cross-platform network protocol analyzer.

Which protocol segments a network to minimize the risks of a broadcast storm?

Spanning-tree protocol (STP) segments a network to minimize the risks of a broadcast storm.

Which attack involves intercepting and modifying communication between users?

The man-in-the-middle attack involves intercepting and modifying communication between users

What is a packet analyzer that helps the user to view traffic flows and troubleshoot network problems?

- Microsoft Network Monitor Microsoft Network Monitor is a packet analyzer that helps the user to view traffic flows and troubleshoot network problems

William is a network administrator in an organization. To efficiently manage his organization's network, he has used an application that exam traffic and generates a customized report. Which of the following computer application has he used?

- Packet analyzer Answer D is correct. William has used packet analyzer, which is an application that examines network traffic and generates a customized report. A packet analyzer is a computer application used to track, intercept, and log the network traffic that passes over a digital network. Answer B is incorrect. A proxy server is a barrier that prevents outsiders from entering a local area network and prevents insiders from directly connecting to outside resources. Answer A is incorrect. A honeypot is a decoy server, network device, or network segment designed to attract attackers away from the real network. Answer C is incorrect. The demilitarized zone (DMZ) is a separate perimeter network that isolates the secure intranet from the outside world, yet enables public access to outward-facing dedicated resources.

What is a barrier that prevents outsiders from entering a local area network and prevents insiders from directly connecting to outside resources?

- Proxy server A proxy server is a barrier that prevents outsiders from entering a local area network and prevents insiders from directly connecting to outside resources.

Which of the following functionalities can be a way to allocate bandwidth effectively on a busy network?

- QoS Quality of Service (QoS) can be a way to share or allocate bandwidth effectively on a busy network.

What is the process of translating an IP address used in one network to an IP address in another network?

- Routing Routing is the translation of an IP address used in one network to an IP address in another network.

Which of the following processes selects the best pathway for transmitting data over a network?

- Routing Answer C is correct. Routing is the process of selecting the best pathway for transmitting data over a network or between networks.

Which of the following wireless standards is also known as Wireless Fidelity?

- IEEE 802.11x Answer C is correct. The IEEE 802.11x wireless standard is also known as Wireless Fidelity or Wi-Fi.

Which of the following are the examples of generic top-level domains (gTLDs)? Each correct answer represents a complete solution. Choose two.

- .edu - .com Answer B and C are correct. Generic top-level domains (gTLDs) are one of the categories of top-level domains (TLDs) maintained by the Internet Assigned Numbers Authority (IANA) for use in the Domain Name System of the Internet. Examples of gTLDs include .com, .net, .edu, and .gov. Answers D and A are incorrect. A country code top-level domain (ccTLD) is an Internet top-level domain generally used or reserved for a country, sovereign state, or dependent territory identified with a country code. Examples of ccTLDs include .us and .uk.

Henry has installed a home automation system using Zigbee technology. What is the maximum range for his home appliances to establish successful communication?

- 10-meters Answer C is correct. Henry should place his home appliances at a maximum range of 10 meters so that they can communicate successfully. The ZigBee (IEEE 802.15.4) standard is a wireless, mesh-networked PAN protocol that provides for a 10-meter communication range with data transfer rates at 250 Kbps. The ZigBee standard has been embraced by the smart home automation and industrial controls communities, as well as several areas of the smart grid consortium. Zigbee devices are used in Smart Homes, enabling the user to remotely control equipment and temperature, monitor energy consumption, and control home security

Which of the following port numbers does Microsoft SQL Server use?

- 1433 or 1434 Answer B is correct. Microsoft SQL Server uses port 1433 or 1434.

Which of the following are considered as registered ports? Each correct answer represents a complete solution. Choose two.

- 1512 - 1433 Answers A and D are correct. Port numbers from 1024 to 49151 are registered ports assigned by the Internet Assigned Numbers Authority (IANA). For example, Microsoft SQL Server uses ports 1433 and 1434. Microsoft Windows Internet Name Service (WINS) uses port 1512. Answers C and B are incorrect. Ports in the range 49152 to 65535 are not assigned, controlled, or registered. They are used for temporary or private ports. They are also known as private or non-reserved ports.

Which of the following port numbers does Microsoft Windows Internet Name Service use?

- 1512 Answer C is correct. Microsoft Windows Internet Name Service (WINS) uses port 1512.

What is the data transfer rate for Bluetooth version 1.1 and 1.2 devices?

- 723.1 Kbps Answer A is correct. The data transfer rate for Bluetooth version 1.1 and 1.2 devices is 723.1 Kbps

Which layer of the TCP/IP determines how data is received and processed?

- Application Answer A is correct. The application layer of the TCP/IP determines how data is received and processed.

Which firewall is configured to view entire packets for consistency and appropriate ports?

- Application-level Proxy-filtering firewalls or application-level firewalls are configured to view entire packets for consistency, type of application, and appropriate ports.

What is a measure of how much signal loss occurs as the information moves across the medium?

- Attenuation Answer A is correct. Attenuation is a measure of how much signal loss occurs as the information moves across the medium.

Which term denotes the media's capacity to carry data?

- Bandwidth Answer A is correct. Bandwidth is the media's capacity to carry data.

Richard, a network specialist, has decided to implement network segmentation in his organization's communication network. Which of the following advantages of network segmentation can be the reason behind this decision? Each correct answer represents a complete solution. Choose all that apply.

- Better Access Control - - Improved Performance - Improved Monitoring Answers A, B, and C are correct. Network segmentation is essentially the separation of the network into subnetworks, each of which becomes a segment. The following advantages of network segmentation is the reason behind Richard's decision: Improved Monitoring: With fewer hosts per subnet, local traffic is minimized. Broadcast traffic can be isolated to the local subnet. Improved Performance: Provides an opportunity to log events, monitor allowed and denied internal connections, and detect suspicious behavior. Better Access Control: Allow users to only access specific network resources. Answer D is incorrect. Network segmentation requires expensive memory management algorithms, which is a drawback of its implementation. So, it cannot be considered as the reason behind Richard's decision of implementing network segmentation in his organization.

Which term refers to sending messages to all possible destinations?

- Broadcast messaging Answer B is correct. Broadcast messaging refers to sending messages to all possible destinations

Stella is working as a cybersecurity specialist in an organization. Her organization is facing a security threat and she needs to get information about this threat and the best way to prevent it. Which of the following can help her to choose the most appropriate solutions for her need?

- CVE Answer B is correct. Stella should refer to the Common Vulnerabilities and Exposures (CVEs) to find out the most appropriate solution for the security threat and its prevention. CVEs consist of CVE Identifiers, which are unique, common identifiers for publicly known information security vulnerabilities. By using the CVE Identifier (CVE ID) for a particular vulnerability or exposure, organizations can quickly and accurately obtain information from a variety of CVE-Compatible information sources. By facilitating better comparisons between different security tools and services, CVE can help an organization choose the most appropriate solution for its needs. Answer C is incorrect. Security Content Automation Protocol (SCAP) is a method of using various open standards for evaluating vulnerabilities and measuring the potential impact of these vulnerabilities. Answer D is incorrect. Open Vulnerability and Assessment Language (OVAL) is a security community standard for communicating security information such as configuration, vulnerabilities, patch levels, and so on. Answer A is incorrect. Common Platform Enumeration (CPE) is a standardized method of describing and identifying the operating system, hardware devices, and application classes on the network

Ryan needs a cable to connect DVD players, speakers, digital cable set-top boxes. Which cable is suitable for this purpose?

- Co-axial Answer A is correct. Ryan must use coaxial cable to connect DVD players, speakers, digital cable set-top boxes. It is constructed with an insulated solid or stranded wire core surrounded by a dielectric insulating layer and a solid or braided metallic shield. The specialty of the coaxial cable is that it can ward off external interferences and transmit a strong signal without loss of quality. Answer D is incorrect. Twisted pair cables are used in telephone networks, data networks, and cable shielding. Answer B is incorrect. Fiber optic cables are widely used in data centers where a large volume of data needs to be transmitted. Answer C is incorrect. Ethernet cables are used on wired networks to connect devices like PCs, routers, and switches to LANs

What is a separate perimeter network that isolates the secure intranet from the outside world, yet enables public access to outward-facing dedicated resources?

- Demilitarized zone Answer B is correct. The Demilitarized zone (DMZ) is a separate perimeter network that isolates the secure intranet from the outside world, yet enables public access to outward-facing dedicated resources.

Stephen, the CEO of an organization, has decided to implement an Extranet in his organization. What benefits does his organization get by implementing such a network? Each correct answer represents a complete solution. Choose all that apply.

- Develop and use training progra - Share product catalogs exclusiv - Exchange large volumes of data Answers A, B, and C are correct. Stephen's organization will get the following benefits by implementing extranet: Share product catalogs exclusively with trade partners. Develop and use training programs with other organizations. Exchange large volumes of data using Electronic Data Interchange (EDI). Answer D is incorrect. Extranets can be expensive to implement and maintain within an organization.

Which attack can be eliminated by limiting the number of login attempts that can be performed in a given period of time?

- Dictionary A dictionary attack is a systematic, brute-force attack using every word in a dictionary as a password. This type of attack can be eliminated by limiting the number of login attempts that can be performed in a given period of time.

Which of the following is a unique realm assigned by a registrar?

- Domain Answer D is correct. Domains are unique realms assigned by an agent, known as a registrar, which has been authorized by the Internet Corporation for Assigned Names and Numbers (ICANN)

Which configuration options does a managed switch offer that are designed to prevent MITM attacks? Each correct answer represents a complete solution. Choose two.

- Dynamic ARP Inspection -DHCP snooping Answers A and C are correct. Managed switches offer DHCP snooping and Dynamic ARP Inspection (DAI) configuration options that are designed to prevent man-in-the-middle (MITM) attacks. DHCP snooping is used to filter and block ingress (incoming) DHCP server messages and build an IP-to-MAC address database. DAI uses the DHCP snooping database to check and validate ARP requests to prevent ARP spoofing attacks. Answer B is incorrect. IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host's IP address. Answer D is incorrect. IP spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets.

Which cable is designed to carry digital data in the form of light pulses?

- Fiber-optic Answer C is correct. Fiber-optic cable is a plastic or glass cable designed to carry digital data in the form of light pulses.

Olivia is working as a telecommunication engineer in a company. She needs to replace the copper cable her company is using in the transmission network as it causes high attenuation. Which type of cable will Olivia find suitable to replace the copper cable?

- Fiber-optic Answer C is correct. Olivia should replace the copper cable with the fiber-optic cable. Light moving through a fiber-optic cable does not attenuate (lose energy) as quickly as electrical signals moving along a copper conductor. Answers B, D, and A are incorrect. Shielded twisted pair, unshielded twisted pair, and coaxial cable are the categories of copper cable. The attenuation in copper conductors is directly proportional to the frequency of the signal it carries.

Stephen is working as a network designer in an organization. He has observed that an error has occurred multiple times in his organization's communication network, which he reported to the Internet Engineering Task Force (IETF). How will the IETF handle such an issue?

- Implement an RFC, mentioning the error Answer A is correct. The Internet Engineering Task Force (IETF) will implement Request for Comments (RFCs) mentioning the use of the standard protocol for removing the error. The mission of the IETF is to make the Internet work better by producing high quality, relevant technical documents that influence the way people design, use, and manage the Internet. RFCs cover many aspects of computer networking, including protocols, procedures, programs, and concepts, as well as meeting notes, opinions, and sometimes humor.

Which of the following are advantages of using NAT? Each correct answer represents a complete solution. Choose all that apply.

- Increases flexibility when connecting to the internet - Reduces address overlap occurrence - Conserves legally registered address Answers A, B, and D are correct. Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. It conserves global addresses, which allow users to add millions of hosts to the Internet. This provides flexibility in our corporate networks. NAT also allows users to use the same subnet more than once in the same network without overlapping networks. Answer C is incorrect. Some TCP/IP applications like peer to peer application, end to end IPSec, multicast routing protocol do not work well with NAT.

What are the advantages of shielded twisted pair cable? Each correct answer represents a complete solution. Choose all that apply.

- It can be easily terminated with modular connector. - It reduces chances of crosstalk and provides protection from interference - It offers better electrical characteristics than unshielded cables. Answers A, B, and C are correct. Shielded twisted pair (STP) cables have a conducting shield made of metallic foil encasing the twisted wire pairs, which blocks out electromagnetic interference, allowing it to carry data at a faster rate of speed. Following are the advantages of shielded twisted pair (STP): It reduces chances of crosstalk and provides protection from interference. It offers better electrical characteristics than unshielded cables. It can be easily terminated with modular connector. Answer D is incorrect. Shielding increases the overall diameter and weight of the shielded twisted pair (STP) cable. Hence it is more difficult to install them

Which of the following statements is true about the external network in single-firewall Demilitarized Zones (DMZs)?

- It is formed from the ISP to the firewall in the first network interface. Answer A is correct. The external network is formed from the ISP to the firewall in the first network interface. Answer B is incorrect. The internal network is formed in the second network interface. Answer C is incorrect. The DMZ is formed in the third network interface. Answer D is incorrect. The fourth network interface doesn't exist in single-firewall Demilitarized Zones (DMZs)

Kate, a network security specialist, has implemented WPA-PSK authentication in her small office network. Why would she choose this security mechanism over the others?

- It is simple to implement. Answer D is correct. Kate should choose Wi-Fi Protected Access Pre-Shared Key (WPA-PSK) as it is simple to implement. It is used to authenticate and validate users on a wireless LAN (WLAN) or Wi-Fi connection. This type of authentication mechanism is most suitable for small networks as it does not require an authentication server and manual user configuration. Answers C, A, and B are incorrect. WPA2 Enterprise authentication supports Network Access Protection (NAP). It eliminates the security risks of shared passwords and also enables enhanced security methods

Ronaldo, the CEO of an organization, conducts a meeting with the security specialists of his organization to gain more knowledge on the pre methods for social engineering attacks. Which of the following tips can they provide him that he can then impart to the employees of his orga after this meeting? Each correct answer represents a complete solution. Choose all that apply.

- Keep their antivirus/antimalware software updated - Don't open emails and attachments from suspicious sources - - Use multifactor authentication Answers B, C, and D are correct. Social engineering is the technique practiced by an attacker that is used to exploit human behavior to make the network vulnerable to attacks. It is the psychological manipulation of people into performing actions or divulging confidential information. Ronaldo can provide the following tips to the employees to prevent social engineering attack: Don't open emails and attachments from suspicious sources Use multifactor authentication Keep their antivirus/antimalware software updated Answer A is incorrect. Social engineers can and will either request employee's help with information or offer to help them. If the employees did not request any assistance from the sender, they should consider any requests or offers as scams and reject them.

Ryan is a network administrator. He has set up access levels in his organization based on an idea, which allows the user, program, or process to have only the minimum access necessary to perform its function. On which of the following principles has Ryan set up the access levels?

- Least privilege Answer D is correct. The principle of least privilege is based on the idea, which describes that any user, program, or process should have only the bare minimum privileges necessary to perform its function. In an IT environment, adhering to the principle of least privilege reduces the risk of attackers gaining access to critical systems or sensitive data by compromising a low-level user account, device, or application. Answer B is incorrect. SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used to add encryption to legacy applications. Answer C is incorrect. Network segmentation is essentially the separation of the network into subnetworks, each of which becomes a segment. Answer A is incorrect. Network virtualization is a way to segment the user's network by creating overlay networks.

Stella wants to know the gateway IP address of her Windows system. Which of the following tools will Stella use?

- ipconfig Answer B is correct. Stella will use ipconfig to know the gateway's IP address, where the system sends DNS queries, whether the system was served its IP address by DHCP or it was assigned statically, and other useful information. ipconfig is a command line tool used to control the network connections on Windows NT/2000/XP machines. Answer C is incorrect. PING is a software utility used to evaluate the ability to reach any other IP host. Answer D is incorrect. ifconfig is a system administration utility in Unix-like operating systems for network interface configuration. Answer A is incorrect. nslookup is a command-line tool available in many computer operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mapping.

Jerry, a network specialist, has decided to install a computer network using fiber optic cable. Which of the following advantages can be the reason behind Jerry's decision? Each correct answer represents a complete solution. Choose all that apply.

- Less attenuation - High bandwidth and speed - High data carrying capacity Answers A, B, and C are correct. The following advantages are the reason behind Jerry's decision of using fiber optic cable in his computer network: Less attenuation: Light moving through a fiber-optic cable does not attenuate (lose energy) as quickly as electrical signals moving along a copper conductor. High bandwidth and speed: Fiber optic cables provide more bandwidth for carrying more data than copper cables of the same diameter. Fiber optic cables have a core that carries light to transmit data. This allows fiber optic cables to carry signals at high speeds. High data carrying capacity: Fiber optic cables have high bandwidth which provides it a high data carrying capacity. Answer D is incorrect. Fiber optic cable is highly susceptible to cut or damage during installation or construction activities. All these make it difficult to install.

Which attack involves an attacker manipulating IP packets to create a false IP address so they can gain access to the network?

- Masquerade Masquerade attacks involve an attacker manipulating IP packets to create a false IP address so they can gain access to the network or inject false data into it.

Which of the following is a group of XML schemas that describe a language to provide the details needed to assess a network resource for security vulnerabilities?

- OVAL Answer B is correct. Open Vulnerability and Assessment Language (OVAL) is a security community standard for communicating security information such as configuration, vulnerabilities, patch levels, etc. OVAL is essentially a group of XML schemas that describe a language to provide the details needed to assess a network resource for security vulnerabilities. Answer C is incorrect. Common Platform Enumeration (CPE) is a standardized method of describing and identifying the operating system, hardware devices, and application classes on the network. Answer D is incorrect. Security Content Automation Protocol (SCAP) is a method of using various open standards for evaluating vulnerabilities and measuring the potential impact of these vulnerabilities. Answer A is incorrect. Common Vulnerability Scoring System (CVSS) is a system for scoring vulnerabilities from CVE, making it easier to understand security risks

Which configuration supports the concept of mapping multiple private IPs to a single public IP address?

- PAT Port Address Translation (PAT) supports the concept of mapping multiple private IPs to a single public IP address.

Stella is working in a company that accepts credit or debit card payments on its website. Which of the following standards must her company adhere to for reducing the risk of debit and credit card data loss?

- PCI-DSS Answer D is correct. Stella's company must adhere to the Payment Card Industry Data Security Standard (PCI-DSS). The main purpose of the PCI DSS is to reduce the risk of debit and credit card data loss. This standard suggests how the data loss could be prevented and detected. It protects both merchants and cardholders. Answer B is incorrect. The Cloud Security Alliance's Cloud Controls Matrix (CCM) is a set of controls designed to maximize the security of information for organizations that take advantage of cloud technologies. Answer C is incorrect. The ISO 27001 is an information risk management standard designed to provide guidance in the selection of adequate and proportionate controls to protect information. Answer A is incorrect. The NIST Cybersecurity Framework (NIST CSF) consists of standards, guidelines, and best practices to manage cybersecurity-related risk.

Stella has set up a home network. Everyone in her house wants to connect to the Internet using her network. Therefore, she needs to connect multiple devices to the Internet. To accomplish this, she has a setup where the system's router is assigned a discrete IP address allowing multiple users to access the Internet over the router. Which of the following has she used?

- Port Address Translation Answer C is correct. Stella has used Port Address Translation (PAT), which supports the concept of mapping multiple or private IPs to a single or public IP address. PAT is used for setting up a home network that is connected to the Internet. Within this setup, the system's router is assigned a discrete IP address. Multiple users can access the Internet over the router and are each assigned a unique port number. Answer B is incorrect because port forwarding is the process of intercepting traffic bound for a certain port combination and redirecting to a different port. Answer D is incorrect because SSH tunneling is used to implement VPNs (Virtual Private Networks) and access intranet services across firewalls. Answer A is incorrect because port scanning refers to the surveillance of computer ports, most often by hackers for malicious purposes

Which protocol manages authentication and communication between clients and servers using both public key and private key?

- SSL Secure Sockets Layer (SSL) manages authentication and communication between clients and servers using both public key and private key.

Which cookie enables the user to identify and track his movements within the website?

- Session A session cookie enables the user to identify and track his movements within the website.

Which of the following protocols does Wi-Fi Protected Access (WPA) use for authentication? Each correct answer represents a complete solution. Choose two.

- TKIP - EAP Answers A and C are correct. Wi-Fi Protected Access (WPA) is a security standard for users of computing devices equipped with wireless internet connections. It uses the Temporary Key Integrity Protocol (TKIP) and IEEE 802.1X Extensible Authentication Protocol (EAP) user authentication protocol to provide increased security. Answer B is incorrect. WPA2 uses the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP). Answer D is incorrect. Challenge-Handshake Authentication Protocol (CHAP) is an authentication scheme used by Point-to-Point Protocol (PPP) servers to validate the identity of remote clients

Edward is working as a network administrator in an organization. To prevent his organization's network from the dictionary attack, he has use security process in his organization's network server through which he can slow down the propagation of mass emails. Which security proce Edward used?

- Tarpitting Answer D is correct. To prevent his organization's server from the dictionary attack, Edward has used tarpitting in his organization's network server, which is a network security and optimization process through which he can slow down the propagation of mass emails by restricting spammers from sending bulk messages. Answer C is incorrect because clickjacking is a type of attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. Answer A is incorrect because Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Answer B is incorrect because clickstream tracking involves tracking a user's activity on the Internet, including every Web site and every page of every Web site that the user visits

John is trying to log on to a coffee shop's Wi-Fi, he will first be redirected to a sign-in page. He will only be connected to the Internet after he agrees to their terms and conditions. Which of the following proxies authenticates users in this way?

- Transparent A transparent proxy is a server that sits between user's computer and the Internet and redirects his requests and responses without modifying them. In the given scenario, the coffee shop is using a public WiFi that uses a transparent proxy to authenticate users. When John is trying to log on to the coffee shop's WiFi, he will first be redirected to a sign-in page. He will only be connected to the Internet after he agrees to their terms and conditions. This way, the coffee shop can verify John as a user and track the websites he visits while on their network. Answers B and D are incorrect. Both these proxies don't authenticate users. A distorting proxy includes incorrect IP information in the HTTP headers. A reverse proxy is used to provide an SSL connection to allow the web server cluster to share a single secure certificate. Answer C is incorrect. A non-transparent proxy server first modifies and then redirects user's requests and responses.

Which protocol is a connectionless protocol that sents multiple messages as packets in data chunks, without waiting to verify they're received?

- UDP Answer B is correct. User Datagram Protocol (UDP) is a much simpler, connectionless protocol that sents multiple messages as packets in data chunks, without waiting to verify they're received.

Stella has set up a computer network in which one device will send the message to exactly one device at the destination. Which type of communication is needed for such implementation?

- Unicast Answer D is correct. A unicast communication is a one-to-one communication that passes from a single source to a single receiver or destination. It is the most common method of information transfer which takes place on networks. Traffic in the form of streams of data packets typically moves from a single host (such as a web server) to a single endpoint (such as a client app, computer, or browser)

Which security feature provides a 128-bit mathematical key encryption scheme for encrypting data transmissions and authenticating each computer on the network?

- WEP Answer D is correct. Wired Equivalent Privacy (WEP) provides a 128-bit mathematical key encryption scheme for encrypting data transmissions and authenticating each computer on the network.

Which wireless security feature offers the best defense for wireless networking?

- WPA Answer A is correct. Wi-Fi Protected Access WPA adds improved data encryption, using the Temporary Key Integrity Protocol (TKIP) and IEEE 802.1X Extensible Authentication Protocol (EAP) user authentication protocol to provide increased security. Answer D is incorrect. Although WEP is a strong encryption method, serious attackers can crack it. This has led the wireless industry to create a stronger Wi-Fi Protected Access (WPA) standard. Answer C is incorrect. Bluetooth (IEEE 802.15.1) is a wireless networking specification for personal area networks (PANs). Answer B is incorrect. WiMAX is a broadband wireless access standard designed to provide Internet access across large geographic areas.

What is the practice of explicitly allowing some specified users access to a network segment?

- Whitelisting Whitelisting is the practice of explicitly allowing some specified users access to a network segment.

Jack is a wireless network specialist. As part of his current project, he needs to provide wireless broadband access to areas of his city that are difficult for wired infrastructure to reach. Which wireless technology will help Jack accomplish this purpose?

- WiMAX Answer A is correct. Jack will use WiMAX to provide wireless broadband access to areas of his city that are difficult for wired infrastructure to reach. The WiMAX specification was established to provide guidelines for wider area wireless networking capabilities. WiMAX is a broadband wireless access standard designed to provide Internet access across large geographic areas. Answer B is incorrect. Wi-Fi is used for providing connectivity to shorter ranges like within an office or home. Answer C is incorrect. Bluetooth is a widely used wireless personal area network (WPAN) technology. It is designed for short-range communications with a range of about 10 m. Answer D is incorrect. The ZigBee (IEEE 802.15.4) standard is a wireless, mesh-networked PAN protocol that provides a 10-meter communication range with a data transfer rate of 250 Kbps.

Richeal wants to set up a network connection using a device which will allow the wireless network devices to connect to a wired network. Which device will Richael use?

- Wireless access point Answer C is correct. Richael will use a wireless access point, which allows the wireless network devices to connect to a wired network. Wireless access points commonly used in LANs employ antennas and a radio receiver/transmitter to communicate with other network devices using radio frequency signals in the unlicensed 2.4 GHz or 5 GHz radio bands. Answer B is incorrect. A wireless repeater is a wireless network device that repeats wireless signals to extend range without being connected with a cable to router or modem. Answer A is incorrect. The wireless extender has the same functionality as a repeater. Extenders are devices that only do repeating, and can't be set in any other mode. Answer D is incorrect. Wireless adapters are electronic devices that allow computers to connect to the Internet and other computers without using wires.

Stephen, a network specialist, recently became aware of the man-in-the middle attack, which allows an attacker to intrude into the communic between two communication networks and inject false information. Which of the following techniques does an attacker use for this purpose?

-ARP spoofing Answer D is correct. An attacker uses ARP spoofing, which is a technique in which an attacker sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. By using this technique, the man-in-the-middle attack allows the attacker to intrude into the communication between two communication networks, inject false information, and intercept the data transferred between the communication networks. Answer B is incorrect. Port forwarding is the process of intercepting traffic bound for a certain port combination and redirecting to a different port. Answer A is incorrect. Port scanning refers to the surveillance of computer ports, most often by hackers for malicious purposes. Answer C is incorrect. Greylisting is a powerful anti-spam technology that is used to detect if the sending server of a message is RFC compliant.

Stella, a security architect, discovered a zero-day vulnerability in the software application that her company uses. This vulnerability needs to immediately to prevent damage to her organization's network. Which of the following cybersecurity tools must she own in such a situation? Each correct answer represents a complete solution. Choose all that apply.

-Behavior monitoring -Intrusion Prevention Systems - Fast incident response A zero-day vulnerability is a software, hardware, or firmware flaw unknown to the manufacturer. When hackers leverage that flaw to conduct a cyberattack, it's called a zero-day exploit. Stella must own the following cybersecurity tools to fix this vulnerability immediately: Behavior monitoring: This detects suspicious patterns, like cyberattacks, in the network's traffic. Intrusion Prevention Systems: These are triggered after a behavior monitoring system notifies them. They attempt to stop any incoming threats from entering your network. Fast incident response: The earlier a team of trained professionals responds to a threat, the less damage it will cause. Answer B is incorrect. The zero-day vulnerability needs to be fixed immediately to prevent damage to Stella's organization's network and for this she can't rely on manufacturers to patch zero-day vulnerabilities immediately.

Which attack employs deceptive frame techniques to trick a user into clicking on their content rather than the intended content?

-Clickjacking A clickjacking attack employs deceptive frame techniques to trick a user into clicking on their content rather than the intended content.

Jenifer works as a security administrator at Infosoft Inc. Her network is being flooded by ICMP packets. She observes that the packets came multiple different IP addresses. Which type of attack can be the result of such situation?

-DDoS Answer C is correct. A distributed denial-of-service (DDoS) attack on a network or web-based system is designed to bring down the network or prevent access to a particular device by flooding it with useless traffic. A DDoS or distributed denial-of-service attack involves multiple different machines initiating a simultaneous denial-of-service attack on the target. Answer D is incorrect. A clickjacking attack employs deceptive frame techniques to trick the user into clicking on their content rather than the intended content. Answer A is incorrect. Embezzlement is the risk of fraudulent appropriation of money or services from an organization. Various types of controls should be implemented to prevent this type of exposure. Answer B is incorrect. A syn flood attack involves half opened connections that are never completed.

Alicia is unable to access an SQL database online due to an SQL injection vulnerability. Which of the following security controls should she t prevent this type of breach in the future? Each correct answer represents a complete solution. Choose two.

-Database activity monitoring -Input validation Answers B and C are correct. To prevent this type of breach in the future, Alicia should do proper input validation and database activity monitoring. If the database and the underlying OS do not have the proper security controls in place, the attacker can create queries against the database that disclose unauthorized information. Database activity monitor (DAM) systems have emerged because companies face many more threats such as SQL injection than in the past. Answers D and A are incorrect. Secure coding standards and browser security updates cannot prevent SQL injection.

Stephen, a network specialist, is aware of the dictionary attack and fears that his organization's email accounts can be accessed by spamme the following preventive measures should he adopt? Each correct answer represents a complete solution. Choose two.

-Enforce a strict password methodology - Limit the number of login attempts that can be performed in a given period of time Answers A and D are correct. A dictionary attack is simply a systematic, brute-force attack using every word in a dictionary as a password. This type of attack is commonly used by spammers who guess passwords of email accounts to gain access to an account and then use it for their spam distribution. Stephen should adopt the following preventive measures: Enforce a strict password methodology Limit the number of login attempts that can be performed in a given period of time Answer B is incorrect. A slightly delayed response from the server prevents a hacker or spammer from checking multiple passwords within a short period of time. Answer C is incorrect. Tarpitting is the practice of slowing the transmission of e-mail messages sent in bulk as a means of thwarting spammers. It is used to prevent the DoS attack. In email addresses, tarpitting is implemented for slowing down bulk email delivery to block spam.

Which of the following is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast within a network?

-Fraggle Answer A is correct. Fraggle Attack is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast address within a network. Answers B, C, and D are incorrect. Man-in-the-middle (MitM), SQL injection, and cross-site scripting are not DoS attacks.

Which of the following protocols is used to set up a security association in IPsec?

-IKE Internet Key Exchange (IKE) is the protocol used to set up a security association in IPsec.

Which tool is used at the command line and presents user with the basic network-configuration information?

-IPconfig IPconfig is used at the command line and presents user with the basic network-configuration information.

Rhea's organization wants to establish a secure connection with a trusted supplier. She has decided to establish a Virtual Private Network (V between the two company networks. Which of the following protocols are combined to accomplish this goal? Each correct answer represents a part of the solution. Choose two.

-L2TP -IPSec Answers A and B are correct. Virtual Private Networks (VPNs) can be established by using IPsec with Layer 2 Tunneling Protocol (L2TP). L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication, and integrity. The combination of these two protocols is generally known as L2TP/IPsec. Answer D is incorrect. The Simple Network Management Protocol (SNMP) is an application-layer protocol used to manage and monitor network devices and their functions. It is considered as insecure because SNMP messages are not encrypted. Answer C is incorrect. The Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Despite built-in security features, IMAP is extremely vulnerable to malicious attacks.

Alicia has installed an open-source monitoring system for her organization's computer systems that enable organizations to identify and resolve IT infrastructure problems before they affect critical business processes. Which of the following monitoring systems has she installed?

-Nagios Answer A is correct. Alicia has installed Nagios, which is an open-source monitoring system for her organization's computer systems that enable organizations to identify and resolve IT infrastructure problems before they affect critical business processes. It runs periodic checks on critical parameters of application, network, and server resources. Answer D is incorrect because a logjam is a type of attack. It targets Diffie-Hellman key exchange, convincing the connection to use DHE Export ciphers. Answer C is incorrect because Whois is a search tool. It is used to find information concerning ownership, administrative, and technical responsibility. Answer B is incorrect because Telnet is an application client-server protocol. It can use the Telnet client software to establish a connection between a computer and any remote Telnet server listening on the port 23.

Which tool is used to examine, profile, and assess systems in any network?

-Nmap Answer C is correct. Nmap is used to examine, profile, and assess systems in any network

Which tool uses SCAP and can perform several network vulnerability tests?

-OpenVAS OpenVAS uses Security Content Automation Protocol (SCAP) and can perform several network vulnerability tests (NVT).

What is inserted into the network so that network traffic flows through it allowing packets to be captured in real time?

-Packet analyzer A packet analyzer is inserted into the network so that network traffic flows through it allowing packets to be captured in real time.

An attacker, masquerading as a trusted entity, tricks a victim into opening an email. The user is then tricked into clicking a malicious link, whi to the installation of malware and revealing sensitive information. This is an example of which of the following attacks?

-Phishing Answer C is correct. Phishing is a criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Answer B is incorrect. Spyware is a software application that covertly gathers information about a user's Internet usage and activity and then exploits this information by sending adware and pop-up ads similar in nature to the user's Internet usage history. Answer A is incorrect. Logic bomb is a dangerous attack that waits for a predetermined event or time to execute its payload. Situational awareness is the best defense against this attack. Answer D is incorrect. Denial of Service (DoS) occurs when an attacker consumes the resources on the computer, thus preventing the normal use of the network resources for legitimate purposes.

Which type of firewall disassembles each packet, evaluates it, and then reassembles it, making the network connection significantly slower than other firewall types?

-Proxy filtering firewall Answer B is correct. Proxy servers, or proxy filtering firewalls, are servers configured to filter out unwanted packets. Proxy filtering is a much more complex process than packet filtering. During the filtering process, each packet is disassembled, evaluated, and reassembled, making the network connection significantly slower than other firewall types. Answer D is incorrect. The stateful firewall keeps track of the state of connection flows for all the packets, in both directions - entering and exiting the firewall. Answer C is incorrect. Static packet filtering firewalls control access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP addresses of the source and destination. Answer A is incorrect. Stateful inspection firewalls monitor the state of active connections and use this information to determine which network packets to allow through the firewall.

What are the differences between public key cryptography and private key cryptography? Each correct answer represents a complete solution. Choose all that apply

-Public key is used to encrypt the message, whereas private key is used to decrypt the message. -Pubic key is widely distributed, whereas private key is kept secret. -Public key converts the message to an unreadable form, whereas private key converts the received message back to the original message. Answers A, C, and D are correct. The following are the differences between public key cryptography and private key cryptography: Public key is used to encrypt the message, whereas private key is used to decrypt the message. Pubic key is widely distributed, whereas private key is kept secret. Public key converts the message to an unreadable form, whereas private key converts the received message back to the original message. Answer B is incorrect. Public key and private key are used in asymmetric encryption of cryptography

Which of the following is an electronic unsolicited message sent to a user's email address?

-Spam Answer B is correct. Spams are electronic unsolicited messages sent to a user's email address, which are commercial in nature and also carry malicious contents. Answer A is incorrect. A virus is a malicious piece of code that is designed to infiltrate a user's computer via an infected email attachment. Answer C is incorrect. Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, and so on. Answer D is incorrect. Malware is designed to cause damage to a stand alone computer or a networked personal computer.

Mathew wants to troubleshoot DNS related network problems. Which command-line tool will he use?

-nslookup Answer A is correct. Mathew will use nslookup, which is a command-line tool available in many computer operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mapping. The main use of nslookup is for troubleshooting DNS related problems. Answer C is incorrect. PING is a software utility used to evaluate the ability to reach any other IP host. Answer D is incorrect. ifconfig is a system administration utility in Unix-like operating systems for network interface configuration. Answer B is incorrect. ipconfig is a command-line tool used to control the network connections on Windows NT/2000/XP machines.