CIT 182 Final
Which of the following is a feature of NTFS that allows complete additional files to successfully hide beneath any normal file object and be almost undetectable?
Alternate Data Streams (ADS)
Agents, bots, and zombies are part of which type of attack?
Distributed denial of service (DDoS) attack
Which of the following is described as an approach to network security in which each administrator is given sufficient privileges only within a limited scope of responsibility?
Separation of duties
A company's cybersecurity trainer is recording a Lunch and Learn video for new employees. The trainer discusses the dangers of spam. Besides being annoying, what other problem could spam cause?
A spam email could contain a link to what appears as a benign or beneficial website that could, if clicked, upload malicious software to the user's computer.
Although it is not recommended, a company chief information officer (CIO) wants to configure and use the ff02::1 group on his new IPv6 network to send traffic to every node in the infrastructure. What group must he enable?
Anycast
Devaki is an engineer who is designing network security for her company's infrastructure. She is incorporating protections for programming flaws, default settings, maximum values, processing capabilities, and memory capacities on devices, as well as malicious code and social engineering. What is this type of protection called?
Defense in depth
Which network index technology allows users to locate resources on a private network, keeps track of which servers and clients are online, and identifies the resources that network hosts share?
Directory services
Alejandro is a cybersecurity contractor. He was hired by a Fortune 500 company to redesign its network security system, which was originally implemented when the company was a much smaller organization. The company's current solution is to use multiple firewall platforms from different vendors to protect internal resources. Alejandro proposes an infrastructure security method that, in addition to firewalls, adds tools such as an intrusion detection system (IDS), antivirus, strong authentication, virtual private network (VPN) support, and granular access control. What is this solution called?
Diversity of defense
The network engineer of a mid-size company needs to have all servers, network printers, and other online resources possess the same IPv6 address over time. The engineer does not want to perform manual address assignments on all of these resources. Additionally, she wants to prevent any rogue device from having an IPv4 address dynamically assigned just by making the request. What is her solution?
Dynamic Host Configuration Protocol (DHCP) reservation
Jacob is a network technician who works for a publishing company. He is setting up a new hire's access permissions. The new hire, Latisha, is an editor. She needs access to books that have been accepted for publication but are in the review stage. Jacob gives her access to the network drive containing only books in review, but not access to administrative or human resources network drives. What principle is Jacob applying?
The principle of least privilege
Nahla is a network engineer charged with maintaining the routine operations of equipment in her company's server room. She is aware that fluctuations in electrical power flow can damage delicate circuitry. While configuring redundancy into a number of systems, which component does she choose that offers both redundancy and power conditioning?
Uninterruptable power supply (UPS)
The IT security officer for a large company has spent the past year upgrading security for the corporate network. Employees working from home have personal firewalls running on their computers. They use a virtual private network (VPN) to connect to the corporate network. The corporate network utilizes the latest devices and techniques, including an intrusion detection system/intrusion prevention system (IDS/IPS), anti-malware protection, and firewalls. What security threat most likely still needs to be addressed?
An internal threat, such as a disgruntled employee or contractor
In executing the processes of risk assessment and risk management, which statistic calculates the potential number of times the threat could be a realized attack in a year's time?
Annualized rate of occurrence
Estefan is a network professional for an e-commerce company. The chief information officer (CIO) wants the customer web portal downtime to be reduced from 5 minutes per year to 30 seconds per year. The change should occur over the next 6 months. Which security objective must Estefan employ to accomplish this goal?
Availability
Temika is the IT security officer for her company. She is developing a plan to measure the effectiveness of the organization's network security. Which of the following will accomplish that goal?
Continually improving the state of security so that, as time passes, the network is better protected than it was in the past
Isabelle is a network engineer deploying an IT infrastructure in one of her company's new branch offices. Currently, she is designing a local subnetwork that contains and exposes the office's external services to a larger, untrusted network, specifically the Internet. What is this called?
Demilitarized zone (DMZ)
Isabelle is the cybersecurity engineer for a medium-sized company. She is setting up a firewall for examining inbound network traffic for a variety of characteristics. While remote users working from home should be allowed access to network resources, malicious traffic should be blocked. To differentiate between the two, Isabelle is looking at factors such as whether the inbound traffic is a response to a previous request inside the network; whether it includes blocked domain names, IP addresses, and protocols; and whether it conforms to known malicious patterns or is otherwise abnormal. What is she setting up the firewall to practice?
Filtering
A chief financial officer's (CFO's) business account has been leaked onto the Internet, including the CFO's username, password, and financial data. The firm's security manager scanned the CFO's computer for viruses, which was clean. However, the manager is still convinced that the CFO's computer is somehow compromised, allowing whatever is typed to be disclosed. The manager recalls that six weeks ago, the CFO's assistant was caught illicitly accessing secure financial files and was subsequently dismissed. What is the likely problem?
Hardware keystroke logger
Location-aware anti-theft software will periodically upload its location to a centralized site in the event that the mobile device is lost or stolen. What can defeat this?
If the thief reformats the mobile device's drive
To secure the System/Application Domain of an IT infrastructure, what is the primary focus?
In a collection of servers and virtualized systems, defending both data and server computing power
Which of the following is unlikely to support at-firewall authentication?
Demilitarized zone (DMZ) firewall
Which form of firewall filtering is NOT as clear or distinct as other types?
Filtering on whether an address is real or spoofed
Alice is a network engineer who has been tasked with researching a virtual private network (VPN) tunneling protocol to be used by her company. It must be able to pass traffic through a network address translation (NAT) server and be compatible with a number of well-known proprietary and open source platforms. What solution does she select?
Internet Key Exchange v2 (IKEv2)
In theory, a hacker with a small but powerful directional antenna could access a wireless network from more than one mile away. In a real-world situation, what is the more likely range involved?
Less than 1,000 feet
Which deployment of a web server uses network address translation (NAT) mapping and is considered the poorest security choice?
Reverse proxy
The combination of certain techniques allows for relevant information collected by this solution from multiple systems and processes to be aggregated and analyzed for use in decision making. What is the name of this solution?
Security information and event management (SIEM)
A hacker is attempting to access a company's router using false Internet Control Message Protocol (ICMP) type 5 redirect messages. What is the hacker's goal?
To spoof or manipulate routing data
Many company employees work from home on a full-time basis. What technology do they commonly use to communicate securely with the organization's network?
Virtual private network (VPN)
Kristin's position in IT focuses on using antivirus, anti-spyware, and vulnerability software patch management to maintain security and integrity. Which IT infrastructure domain is she protecting?
Workstation Domain
Which of the following must be done first to accomplish an organization's security goals?
Write down security goals.
Thirty years ago, a major corporation purchased and still owns IP addresses within the IPv4 Class A range. The corporation uses these addresses to connect to the Internet. To which IPv4 address range do they belong?
1.0.0.1 to 126.255.255.254
A company uses an Internet Protocol Security (IPSec) virtual private network (VPN) solution. It allows remote users to connect to the main office and allows communication between the main office and branch offices securely over the Internet. The main office network uses network address translation (NAT) with an internal IP address range of 192.168.0.1 to 192.168.0.254. Which of the following ranges must remote offices and users NOT use on their internal networks?
192.168.0.x
Which of the following is an authentication method that supports smart cards, biometrics, and credit cards, and is a fully scalable architecture?
802.1x
Mario is the network security engineer for his company. He discovered that, periodically, a remote user working from home accesses certain resources on the network that are not part of her regular duties. Mario has questioned the user and her supervisor, and has accessed the user's workstation. Mario believes the user is not the source of these intrusions and strongly suspects a malicious source is responsible. What is the most likely explanation?
An external hacker has gained access to the user's authentication and is accessing confidential company resources.
Which of the following roles is most commonly responsible for observing system and user activity, looking for violations, trends toward bottlenecks, and attempts to perform violations?
Auditor
Before an Internet user can access a demilitarized zone (DMZ), extranet, or private network resource, it first encounters an entity that is sturdy enough to withstand any sort of attack. What is this entity called?
Bastion host operating system
You are setting up a small home network. You want all devices to communicate with each other. You assign IPv4 addresses between 192.168.0.1 and 192.168.0.6 to the devices. What processes must still be configured so that these nodes can communicate with the Internet?
Both network address translation (NAT) and port address translation (PAT) must be enabled to allow private network addresses to be translated to a random external port and public IP address.
A bank's online infrastructure has been under attack by hackers. In addition to standard security methods, the bank's IT security manager has requested website code to be examined and modified, where necessary, to address possible arbitrary code execution. What will the code modifications prevent?
Buffer overflows
Marta is a network technician intern at a mid-sized company. She is learning hardware virtual private network (VPN) best practices from one of the engineers. Which of the following does the engineer tell Marta is NOT a best practice?
Connecting a client computer to more than one network interface while connected to the office via VPN
Dhruv is a network engineer using a command-line interface on his computer. He types the command mstsc/v and then a server name. What is he doing?
Connecting to a Windows server running a virtual private network (VPN)
Which form of attack is described as throttling the bandwidth consumption on an Internet link at a specific interval as a method of transmitting small communication streams such as user credentials?
Covert channels
A malicious person has installed ransomware on a company user's computer. The ransomware message states that the malicious software will be removed if the user pays a certain amount of money digitally. What is a typical form of payment?
Cryptocurrency
Wen, a network engineer for a mid-sized company, is rolling out a virtual private network (VPN) solution that is easy to set up, manage, and maintain and represents the majority of VPN platforms on the market. What type of VPN is Wen deploying?
Customer premise equipment (CPE)
Which OSI model layer deals with frames?
Data Link Layer
What is an intrusion detection system/intrusion prevention system (IDS/IPS) that uses patterns of known malicious activity similar to how antivirus applications work?
Database-based detection
Bill's work-issued Windows laptop has been configured so he can remotely connect to his office from home without having to initiate a virtual private network (VPN) connection. What technology is he using?
DirectAccess
In which form of social engineering does the malicious person physically go through trash cans and other refuse looking for valuable information about a network such as IP addresses, usernames, and passwords?
Dumpster diving
James is a network engineer. He has been assigned the responsibility of designing a virtual private network (VPN) solution that will allow customers, suppliers, and business partners access to network resources without exposing the secure private LAN. The parties accessing these resources must use digital certificates issues by a certification authority (CA). What form of VPN is he setting up?
Extranet
You are a network professional. You want to overcome the security shortcomings of the Domain Name System (DNS) and protect the IP address locations of sensitive resources on the internal network. What alternative can you use?
HOSTS file
Removing all unnecessary protocols, uninstalling all unnecessary applications and services, and installing the latest final releases of all device drivers are part of which security process?
Hardening
A chief information officer (CIO) works for a mid-sized company located on the California coast. The CIO is developing a disaster plan for the IT infrastructure in the event of an earthquake powerful enough to damage or destroy network and computing equipment, including the database servers. What can she do to protect valuable company data even under the worst circumstances?
Have the data regularly backed up and stored in a secure, off-site facility not prone to such environmental dangers.
Rachel is the cybersecurity engineer for a company that fulfills government contracts on Top Secret projects. She needs to find a way to send highly sensitive information by email in a way that won't arouse the suspicion of malicious parties. If she encrypts the emails, everyone will assume they contain confidential information. What is her solution?
Hide messages in the company's logo within the email.
What is the basic service of a reverse proxy?
Hides the identity of a web server accessed by a client over the Internet
Tonya is an accountant working from home. She connects to her office each day over a virtual private network (VPN). The IT department for her company has deployed a VPN appliance to assist employees such as Tonya in performing their tasks remotely. What solution does Tonya use to access her files on the company's accounting server?
Host-to-gateway
Nicolau is a network engineer for a large online retailer. He is concerned about the security of his company's network connections to its customers, vendors, and partners. Although all of these sources are generally trusted, he knows they can be hacked by malicious parties and used to steal confidential company data. Which network-based solution should he choose to detect unauthorized user activity and attacks that is also capable of taking action to prevent a breach?
Intrusion detection system/intrusion prevention system (IDS/IPS)
The chief information officer (CIO) of a large company has been informed by the board of directors that their corporation is anticipating rapid growth over the next two years. She calculates the contingency of building additional capacity into the current network infrastructure. Based on the board's growth estimates, what percentage of additional capacity should she plan for?
More than 50 percent
An IT infrastructure manager is reviewing his company's computer assets, particularly the mean time to failure (MTTF) of the PC and server hard drives. The manufacturer of the hard drives typically used in the company states that the MTTF is approximately 11 years. Because servers and some high-priority workstations must operate continuously except for brief periods of maintenance, how many hours, on average, can these hard drives be expected to operate before failure?
More than 90,000 hours
Which of the following can be described as putting each resource on a dedicated subnet behind a demilitarized zone (DMZ) and separating it from the internal local area network (LAN)?
N-tier deployment
Which network security technology can block or restrict access if a computer does NOT have the latest antivirus update, a certain security patch, or a host firewall?
Network access control (NAC)
Which of the following is considered a node?
Networked printer
Amy is a network engineering consultant who is designing security for a small office/home office (SOHO) company. The network consists of 10 workstations plus a wireless printer, but it needs remote authentication. The client has a limited budget and the network design needs to be relatively simple. What type of authentication solution does she deploy?
One that authenticates at the firewall and doesn't integrate with single sign-on (SSO)
Oscar is deploying a virtual private network (VPN) solution for his company. The VPN needs to connect to remote servers by their Internet Protocol (IP) addresses rather than using network address translation (NAT). What type of VPN is Oscar deploying?
Operating system (OS)
Which fragmentation attack results in full or partial overwriting of datagram components?
Overlap
Thuan is a new network engineer. He is increasing the security of end-user computers. Which of the following is a security feature every client computer needs?
Password-protected screen saver
Which of the following BEST describes a technology with inherent security risks and that can reveal information a user did NOT intend to share?
Peer-to-peer (P2P)
Nimi has deployed a new virtual private network (VPN) solution in her company's IT infrastructure. She is testing the connection to the server from a client. Which tool is the best choice for her to use?
Ping
Which of the following network zones has the lowest risk and the highest trust?
Private network
Which operating system (OS) for a bastion host runs on most appliance firewalls as well as many Internet service provider (ISP) connection devices?
Proprietary OS
Remote Desktop Connection (RDC) is a built-in application that uses what proprietary protocol?
Remote Desktop Protocol (RDP)
A mid-sized company's IT security engineer is attempting to make it more difficult for the company's wireless network to be compromised. She is using techniques such as random challenge-response dialogue for authentication, timestamps on authentication exchanges, and one-time pad or session-based encryption. What form of wireless attack is she defending against?
Replay
Several times this week, the IT infrastructure chief of a small company has suspected that wireless communications sessions have been intercepted. After investigating, he believes some form of insertion attack is happening. He is considering encrypted communications and preconfigured network access as a defense. What type of insertion attack is suspected?
Rogue device insertion
Which type of hackers often lack the knowledge or motivation to write their own malicious code, depend on programs written by others to use in their attacks, and may not understand the full consequences of their actions?
Script kiddie
What is a virtual private network (VPN) protocol that requires public key infrastructure (PKI) support to obtain and use a certificate?
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Landon is a network contractor. He has been hired to design security for the network of a small company. The company has a limited budget. Landon is asked to create a system that will protect the company's workstations and servers without undo expense. Landon decides to deploy one hardware firewall between the Internet and the local area network (LAN). What is this solution called?
Single defense
Every morning when James logs into his computer and attempts to access Microsoft 365, he is asked to enter his password. After that, he is sent a text on his mobile phone with a six-digit code he must enter. In terms of multifactor authentication, his password is something he knows. What is the text message?
Something he has
Susan is a network professional at a mid-sized company. Her supervisor has assigned her the task of designing a virtual private network (VPN) implementation. Susan has set up strong authentication and encryption in a test environment, and the VPN appliance is directly facing the Internet. When her work is evaluated, what does her supervisor immediately notice?
The VPN device is not protected by a firewall.
A major social networking site has been hacked. The usernames, passwords, and security questions of more than 500 million users were compromised. The company disclosed the breach to all users, advising them to immediately change their passwords and security questions. The vulnerability that lead to the breach has been discovered and patched. However, the security engineer suspects there is still a problem left unaddressed. What is the most likely problem?
The hackers may have left malicious tools within the network that will allow them continued access.
Lin is designing a virtual private network (VPN) implementation as a class project. The assignment includes a budget she has to follow. To save money, she decided to use a VPN without a firewall. What is the problem with her decision?
This approach will not work because VPNs cannot take the place of firewalls.
Carl is a network engineer for a mid-sized company. He has been assigned the task of positioning hardware firewalls in the IT infrastructure based on common pathways of communication. After analyzing the problem, on which aspect of the network does he base his design?
Traffic patterns
A company's IT security engineer has noticed several employees periodically checking their social media accounts. One such platform allows chat, which can include sharing links, photos, and videos. When the engineer casually observes one user about to click a link to view a video, she stops the worker. Afterward, she approaches the chief information officer (CIO) and advises that all social media accounts be blocked, and that only online training videos authorized by the company be allowed to be viewed. What threat is the IT security engineer concerned about?
Trojan horse
Which of the following is described as confidence in your expectation that others will act in your best interest?
Trust
What is an example of security through obscurity?
Using a nonstandard operating system for workstations such as FreeBSD
Carl is a student in a computer networking class who is studying virtual private network (VPN) implementations. He is learning the basics about VPNs. Which of the following statements does he find is TRUE?
VPNs are both hardware and software solutions.
Santiago is a new network engineer for a mid-sized company. It is his responsibility to ensure that all employees working from home are able to connect to the office network in an efficient and secure manner. He must provide a service that allows communications between out-of-office staff and network resources to be encrypted at the protocol level and to be performed by either client or server software. The solution must also ensure that even if protocol encryption fails, the data is safe by its own encryption. What solution does he select?
Virtual private network (VPN)
Arturo is a new network technician. He wants to use Remote Desktop Protocol (RDP) to connect to a server from his computer. The server is on the other side of the building. His computer is running Windows 10. Will he be able to make the connection?
Yes, because the RDP protocol has clients that work on most common operating systems.
A combination of intrusion detection and prevention, as well as logging and monitoring, provides the best defense against what kind of attack?
Zero-day exploit
A filter pathway is designed to:
make it hard to bypass a network filtering system and force all traffic through one route.
A major U.S. online retailer has discovered that thousands of purchases have been paid for by stolen credit card numbers. An initial analysis of the location of the buyers reveals IP addresses from within the United States. Upon further investigation, it is found that the actual origin point of the fraudulent buyer is a series of IP addresses located in Asia. What technology is the fraudster using?
Proxy server
Jacob is a remote employee. He clicks the Start menu button in Windows and selects an application to run. Most of the time, he is unaware that he is really accessing the application on a server at his company's main office several miles away. What solution is he using?
RD RemoteApp
Gino is an ethical hacker hired as a consultant to test the security of a mid-sized company's network. As part of his assignment, he has been given physical access to the system. He has built a dictionary of hashed passwords from the hard drive of the device. Which type of attack is he planning to launch?
Rainbow
The chief information officer (CIO) is working with the chief financial officer (CFO) on next year's budget for new networking equipment. The CIO is explaining that lowest-cost equipment is not the sole deciding factor. The hardware must conform to high security standards to prevent a malicious person from hacking into the network and accessing valuable company data. Which of the following considerations does not specifically require a hacker to have physical access to the equipment?
Remote connection
The imitation of source email, Internet Protocol (IP), or Media Access Control (MAC) addresses is part of which type of attack?
Spoofing
Mei is working from home and speaking with her department manager on a Voice over IP (VoIP) phone connection. This technology allows telephone conversations to be routed over the Internet. During a VoIP conversation, Mei loses a few moments of what the manager has said to her. What is the problem?
The OSI model Transport Layer was unable to guarantee reliable packet delivery.
A company has discovered that confidential business information has been repeatedly acquired by a competitor over the past six months. The IT security team has been unable to find the leaks. The team suspects a form of side-channel eavesdropping may be involved. What is the suspected hacking method?
The competitor is using a phreaking attack.
A company vice president (VP) finds that the network security restrictions imposed by the security manager are too confining. To counter them, the VP habitually uses weak passwords, shares accounts with his assistant, and installed unapproved software. What security principle is the VP violating?
Universal participation
Dhruv is the lead network engineer for his three-year-old company. He is writing a proposal that recommends the network protocol to use in several branch offices. Based on the age of the networking equipment, what is his recommendation to the chief information officer (CIO)?
Upgrade to IPv6
As part of the bring your own device (BYOD) program, the company CIO is encouraging employees to use their personal devices for business purposes. However, an attacker with the right kind of antenna can access the wireless network from a great distance, putting personal devices at risk. What is the best solution?
Use subnets and filtering
Joaquin is a senior network technician for a mid-sized company who has been assigned the task of improving security for the IT infrastructure. He has been given a limited budget and must increase security without redesigning the network or replacing all internetworking security devices. He focuses on an approach that will identify a single vulnerability. What does he recommend?
Weakest link