COMPtia
SNMP uses which port by default? 139 22 80 161 110 53
161
What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)? A NIPS is much slower because it uses protocol analysis. A NIPS can take actions more quickly to combat an attack. There is no difference; a NIDS and a NIPS are equal. A NIDS provides more valuable information about attacks.
A NIPS can take actions more quickly to combat an attack.
Ximena noticed that Sofia had created a network bridge on her new laptop between the unsecured wireless network and the organization's secure intranet. Ximena explained to Sofia the problem associated with setting up the bridge. What did Ximena tell Sofia? A bridge will block packets between two different types of networks. A bridge could permit access to the secure wired network from the unsecured wireless network. A bridge would block packets from reaching the Internet. A bridge cannot be used on any Internet connection.
A bridge could permit access to the secure wired network from the unsecured wireless network
In which of the following configurations are all the load balancers always active? Passive-active-passive Active-passive Active-active Active-load-passive-load
Active-active
Which of the following can protect "data at rest"? (Select FOUR) -BitLocker -CPU-based key storage -Enclaves -Full memory encryption -Bitlocker To Go -Transparent database encryption (TDE) -Encrypted file system (EFS)
Bitlocker, Encrypted file system (EFS), Bitlocker to go, Transparent database encryption(TDE)
Which trust model has multiple CAs, one of which acts as a facilitator?
Bridge
You are examining the types of overflow attacks. Which type of attack attempts to store data in RAM that is beyond the fixed-length storage boundaries?
Buffer overflow attacks
When preparing a cloud computer security solution for your organization, you implement a "gatekeeper" to guarantee your security policies. Which choice correctly identifies this method of policy enforcement? CASB SDN SASS SecAAS
CASB (Cloud access security broker)
Sebastian was explaining to his supervisor why the enterprise needed to implement port security. His supervisor asked what security action a flood guard could do when a MAC flooding attack occurred. Which of the following was NOT an answer that was given by Sebastian? Block the port entirely Ignore the new MAC addresses while allowing normal traffic from the single pre-approved MAC address Record new MAC addresses up to a specific limit Cause the device to enter a fail-open mode
Cause the device to enter a fail-open mode.
An entity that issues digital certificates is a _______________.
Certificate Authority (CA)
A centralized directory of digital certificates is called a(n)
Certificate Repository (CR)
Which of the following statements are true about client-side DNS? (Choose all that apply). Check out DNS settings using the DIG command If a web site can be reached by IP address and not by host name, then DNS or the Hosts file would be the problem If an APIPA address is assigned, then DNS is the problem Check out DNS settings using the NSLookup command The Root Hints file has the IP addresses of the 13 root DNS servers The cache.dns file has the IP addresses of the 13 root DNS servers Client-side DNS should be configured to point towards the DNS server that is authoritative for the domain that client wants to join
Check out DNS settings using the DIG command The cache.dns file has the IP addresses of the 13 root DNS servers Check out DNS settings using the NSLookup command Client-side DNS should be configured to point towards the DNS server that is authoritative for the domain that client wants to join If a web site can be reached by IP address and not by host name, then DNS or the Hosts file would be the problem The Root Hints file has the IP addresses of the 13 root DNS servers
Which of the following block ciphers XORs each block of plaintext with the previous block of ciphertext before being encrypted? -Electronic Code Book (ECB) -Galois/Counter (GCM) -Cipher Block Chaining (CBS) -Counter (CTR)
Cipher Block Chaining (CBS)
What functions of a switch does a software defined network separate? Host and virtual Control plane and physical plane Network level and resource level RAM and hard drive
Control plane and physical plane
Which of the following is NOT a method for strengthening a key? Randomness Cryptoperiod Variability Length
D. Variability
One way to secure data is through Data Loss Prevention (DLP). Which of the choices is not a data type protected by DLP? Data-at-rest Data-to-disclose Data-in-transit Data-in-use
Data-to-disclose
When defining data policies, what areas or issues must be covered? (Select FOUR) -Disposing -Relations -Retention -Storage -Wiping
Disposing, Retention, Wiping, Storage
What is the difference between a DoS and a DDoS attack? DoS attacks use more memory than a DDoS attack DoS attacks are faster than DDoS attacks DoS attacks do not use DNS servers as DDoS attacks do DoS attacks use fewer computers than DDoS attacks
DoS attacks use fewer computers than DDoS attacks
Which digital certificate displays the name of the entity behind the website?
Extended Validation (EV) Certificate
Which device intercepts internal user requests and then processes those requests on behalf of the users? Forward proxy server Host detection server Intrusion prevention device Reverse proxy server
Forward proxy server
Which of the following services only requires a single port be opened on the firewall? RDP SSH SNMP FTP DHCP DNS HTTP
HTTP
Which of the following is NOT a service model in cloud computing? Hardware as a Service (HaaS) Infrastructure as a Service (IaaS) Software as a Service (SaaS) Platform as a Service (PaaS)
Hardware as a Service (HaaS)
Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she would need to protect? Web browser and browser add-on Host table and external DNS server Reply referrer and domain buffer Web server buffer and host DNS server
Host table and external DNS server
Considering the implications of virtual servers on a host, what poses the greatest threat to them? -Host compromise -Hosted service compromise -Hypervisor compromise -None of these are correct
Hypervisor compromise
A security administrator wants to empty the DNS cache after a suspected attack that may have corrupted the DNS server. The server has been repaired, however it is feared that DNS entries may remain in client computer caches. Which of the following tools can be used to flush the DNS cache on a Windows client? PING NET NSLOOKUP IPCONFIG
IPCONFIG
To increase fault-tolerance, the security administrator for Corp.com has installed an active/passive firewall cluster where the second firewall is held in reserve in case of primary firewall failure. Stateful firewall inspection is being used in the firewall implementation. There have been numerous reports of dropped connections with external clients. Which of the following is MOST likely the cause of this problem? The heartbeat between the firewalls is not enabled All packets are traversing the passive firewall causing the connections to be dropped. All packets are traversing the active firewall causing the connections to be dropped. Inbound packets are traversing the active firewall and return traffic is being sent through the passive firewall
Inbound packets are traversing the active firewall and return traffic is being sent through the passive firewall
Aideen sent an email to her supervisor explaining the Domain Name System Security Extensions (DNSSEC). Which of the following statements would Aideen have NOT included in her email? It is fully supported in BIND9. It adds message header information. It adds additional resource records. It can prevent a DNS transfer attack.
It can prevent a DNS transfer attack
Which statement regarding a demilitarized zone (DMZ) is NOT true? It contains servers that are used only by internal network users. It typically includes an email or a web server. It provides an extra degree of security. It can be configured to have one or two firewalls.
It contains servers that are used only by internal network users.
How does network address translation (NAT) improve security? It filters based on protocol. It discards unsolicited packets. NATs do not improve security. It masks the IP address of the NAT device.
It discards unsolicited packets.
Which statement is NOT true regarding hierarchical trust models?
It is designed for use on a large scale.
Which statement about network address translation (NAT) is true? It can be found only on core routers. It removes private addresses when the packet leaves the network. It substitutes MAC addresses for IP addresses. It can be stateful or stateless.
It removes private addresses when the packet leaves the network.
refers to a situation in which keys are managed by a third party, such as a trusted CA
Key escrow
To achieve server scalability, more servers may be added to a configuration and make use of:
Load balancers
Which of the choices identifies an attack that intercepts communications between a browser and the host security system? -MIM -MITB -MITM -MTM
MITB
A replay attack is a variation of this attack type
MITM
What type of attack intercepts legitimate communication and forges a fictitious response to the sender? interceptor SQL intrusion SIDS MITM
MITM
What type of attack involves manipulating third-party ad networks? Clickjacking Malvertising Directory traversal Session advertising
Malvertising
Which of the DLP sensor choices requires communication with the DLP server? DLP network DLP agent DLP storage None of these are correct
None of these are correct
Kyle asked his supervisor which type of computing model was used when the enterprise first started. She explained that the organization purchased all the hardware and software necessary to run the company. What type of model was she describing to Kyle? Hosted services Off-premises Virtual services On-premises
On-premises
Francisco was asked by a student intern to explain the danger of a MAC flooding attack on a switch. What would Francisco say? -A MAC flooding attack with filter to the local host computer's MAC-to-IP address tables and prevent these hosts from reaching the network. -A MAC flooding attack will prevent load balances from identifying the correct VIP of the servers. -Once the MAC address table is full the switch functions like a network hub. -In a defense of a MAC flooding attack network routers will freeze and not permit any incoming traffic.
Once the MAC address table is full the switch functions like a network hub.
Which device is connected to a port on a switch in order to receive network traffic?
Passive IDS
Online Certificate Status Protocol (OCSP)
Performs a real-time lookup of a digital certificate's status
Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser? Extensions Plug-ins Add-ons Scripts
Plug-ins
Catriona needed to monitor network traffic. She did not have the resources to install an additional device on the network. Which of the following solutions would meet her needs? Correlation engine Network tap Aggregation switch Port mirroring
Port mirroring
Newton is concerned that attackers could be exploiting a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. What type of attack is he worried about? Privilege escalation Scaling exploit Amplification Session replay
Privilege escalation
What hardware based solutions are measures for fault tolerance? (Choose all that apply.) Caching Proxying RAID Clustering Load balancing
RAID, Clustering, and Load balancing
A mail gateway can have many functions. Which choice is NOT one of those functions? Block Spam Monitor outbound email Monitor inbound email Perform automatic encryption Require full tunnel
Require full tunnel
Which of these is the most secure protocol for transferring files? FTP FTPS TCP SFTP
SFTP
What is the recommended secure protocol for voice and video applications? Secure/Multipurpose Internet Mail Extensions (S/MIME) Secure Real-time Transport Protocol (SRTP) Network Time Protocol (NTP) Hypertext Transport Protocol Secure (HTTPS)
Secure Real-time Transport Protocol (SRTP)
is a protocol for securely accessing a remote computer
Secure Shell (SSH)
are symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity
Session keys
Which of the following is NOT a means used by an attacker to do reconnaissance on a network? Christmas tree attack DNS footprinting TCP/IP Stack fingerprinting Smurf attack Port scan attack Banner grabbing
Smurf attack
Raul was asked to configure the VPN to preserve bandwidth. Which configuration would he choose? Split tunnel Full tunnel Wide tunnel Narrow tunnel
Split tunnel
Both DNS poisoning and ARP poisoning involves: DoS? Distributed DoS Eavedropping Spoofing Replaying
Spoofing
What attack involves impersonating another device?
Spoofing
Which of these is considered the strongest cryptographic transport protocol? SSL v2.0 SSL v2.0 TLS v1.0 TLS v1.2
TLS v1.2
Which of the following are available protocols for security purposes? (Choose all that apply.) IPSec SSH SSL TLS NetBIOS
TLS, SSL, IPSec, SSH
Which of the following technologies are necessary for implementing USB drive encryption or hard drive encryption? (Choose two that apply) -TACAC -HSM -FAT32 -TPM -RADIUS -HFS
TPM & HSM
You are planning to deploy several patches and updates to a virtual server. Which step do you take just before implementation? -Check file size of the package -Take system snapshot -Log off any users -All of these are correct
Take system snapshot
Which of these is NOT used in scheduling a load balancer? Round-robin Data within the application message itself The IP address of the destination packet Affinity
The IP address of the destination packet
Why are extensions, plug-ins, and add-ons considered to be security risks? They are written in Java, which is a weak language. They use bitcode. They cannot be uninstalled. They have introduced vulnerabilities in browsers.
They have introduced vulnerabilities in browsers.
Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks? -The complex nature of TCP/IP allows for too many ping sweeps to be blocked. -Web application attacks use web browsers that cannot be controlled on a local computer. -Network security devices cannot prevent attacks from web resources. -Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks.
Packet sniffing can be helpful in detecting rogues
True
Attackers who register domain names that are similar to legitimate domain names are performing _____. URL hijacking Address resolution HTML squatting HTTP manipulation
URL hijacking
Which of the following is a multipurpose security device? Hardware security module Unified Threat Management (UTM) Media gateway Intrusion Detection/Prevention (ID/P)
Unified Threat Management
Which application stores the user's desktop inside a virtual machine that resides on a server and is accessible from multiple locations? Application cell VDI Container VDE
VDI
Crypto service provider
What entity calls in crypto modules to perform cryptographic tasks?
Salt
What is a value that can be used to ensure that hashed plaintext will not consistently result in the same digest?
Which attack uses the user's web browser settings to impersonate that user? Domain hijacking Session hijacking XDD XSRF
XSRF
John was explaining about an attack that accepts user input without validating it and uses that input in a response. What type of attack was he describing? XSS DDoS DNS XSRF SQL
XSS
Which of the following CANNOT be used to hide information about the internal network? network address translation (NAT) a subnetter a proxy server a protocol analyzer
a protocol analyzer
Certificate Policy (CP)
a published set of rules that govern the operation of PKI
What is a session token? another name for a third-party cookie a unique identifier that includes the user's email address XML code used in an XML injection attack a random string assigned by a web server
a random string assigned by a web server
You are examining the security implications of virtual machines. A condition exists where the virtual machine can potentially harm the host. Which choice describes this? -Sprawl -Escape -Container leak -All of these are correct
all
Which of the following devices can identify the application that sends packets and then makes decisions about filtering based on it? application-based firewall reverse proxy Internet content filter web security gateway
application-based firewall
Which of these is NOT part of the certificate life cycle? -authorization -creation -expiration -revocation
authorization
Which of these would NOT be a filtering mechanism found in a firewall ACL rule? direction date source address protocol
date
The strongest technology that would assure Alice that Bob is the sender of a message is a(n) _____________.
digital certificate
You are asked to design a VLAN using a Type 1 Hypervisor. Which technology will you use as a base? -Host operating system -Specialized 64-bit applications -Hardware -All of these are correct
host
Which device is easiest for an attacker to take advantage of to capture and analyze packets? hub switch load balancer router
hub
An attacker who manipulates the maximum size of an integer type would be performing what kind of attack? number overflow buffer overflow heap overflow integer overflow
integer overflow
Which function does an Internet content filter NOT perform? intrusion detection malware inspection URL filtering content inspection
intrusion detection
Public key infrastructure (PKI)
is the management of digital certificates
A replay attack _____. replays the attack over and over to flood the server is considered to be a type of DoS attack makes a copy of the transmission for use at a later time can be prevented by patching the web browser
makes a copy of the transmission for use at a later time
Which attack intercepts communications between a web browser and the underlying computer? replay man-in-the-middle (MITM) ARP poisoning man-in-the-browser (MITB)
man-in-the-browser (MITB)
Which device watches for attacks and sounds an alert only when one occurs? network intrusion detection system (NIDS) firewall proxy intrusion device network intrusion prevention system (NIPS)
network intrusion detection system (NIDS)
Which command is used in testing and troubleshooting DNS servers? nslookup netsh netdom netstat
nslookup
What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another? transverse attack horizontal access attack cross-site attack privilege escalation
privilege escalation
What can be deployed to intercept and log network traffic passing through the network? NIPSs proxy catchers protocol analyzers NIDSs event viewers
protocol analyzers
Which of these is NOT a DoS attack? push flood smurf attack SYN flood DNS amplification
push flood
Which action cannot be performed through a successful SQL injection attack? discover the names of different fields in a table display a list of customer telephone numbers erase a database table reformat the web application server's hard drive
reformat the web application server's hard drive
DNSSEC adds additional _____ and message header information, which can be used to verify that the requested data has not been altered in transmission. resource records zone transfers hash sequences field flags
resource records
Isabella is a security support manager for a large enterprise. In a recent meeting, she was asked which of the standard networking devices already present on the network could be configured to supplement the specific network security hardware devices that were recently purchased. Which of these standard networking devices would Isabella recommend? SIEM device virtual private network hub router
router
Which is the most secure type of firewall? stateful packet filtering reverse proxy analysis stateless packet filtering network intrusion detection system replay
stateful packet filtering
DNS poisoning _____. -floods a DNS server with requests until it can no longer respond -is the same as ARP poisoning -substitutes DNS addresses so that the computer is automatically redirected to another device -is rarely found today due to the use of host tables
substitutes DNS addresses so that the computer is automatically redirected to another device
A digital certificate associates
the user's identity with his public key
What is the basis of an SQL injection attack? -to have the SQL server attack client web browsers -to link SQL servers into a botnet -to insert SQL statements through unfiltered user input -to expose SQL code so that it can be examined
to insert SQL statements through unfiltered user input
Digital certificates can be used for each of these EXCEPT -to encrypt channels to provide secure communication between clients and servers -to encrypt messages for secure email communications -to verify the authenticity of the Registration Authorizer -to verify the identity of clients and servers on the Web
to verify the authenticity of the Registration Authorizer
