Network Security Midterm
For Milestone 4 (Reach Your Network), which of the following would be considered a secure protocol to use to reach your network?
SSH
Which of the following is another name for a firewall that performs router functions?
Screening router
Any attack involving human interaction of some kind is referred to as what?
Social engineering
Which VPN tunnel style routes only certain types of traffic?
Split
The Application layer of the security model includes which of the following? (Select two.)
Web application security User management
In which of the following situations would you most likely implement a demilitarized zone (DMZ)?
You want to protect a public web server from attack.
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Bastion or sacrificial host
A collection of zombie computers have been set up to collect personal information. Which type of malware do the zombie computers represent?
Botnet
An attacker has gained access to the administrator's login credentials. Which type of attack has most likely occurred?
Password cracking
When training your employees on how to identify various attacks, which of the following policies should you be sure to have and enforce? (Select two.)
Password policies Clean desk policies
Which of the following NAC agent types is the most convenient agent type?
Permanent
Which VPN implementation uses routers on the edge of each site?
Site-to-site VPN
Which kind of malware provides an attacker with administrative control over a target computer through a backdoor?
Remote Access Trojan (RAT)
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the internet from the library's computers. The students use the computers to search the internet for research paper content. The school budget is limited. Which content filtering option would you choose?
Restrict content based on content categories.
A proxy server can be configured to do which of the following?
Restrict users on the inside of a network from getting out to the internet.
Which of the following NAC agent types creates a temporary connection?
Dissolvable
What needs to be configured on a firewall to allow traffic directed to the public resource in the DMZ?
Packet filters
Which of the following devices can apply quality of service and traffic-shaping rules based on what created the network traffic?
Application-aware devices
Which classification of attack type does packet sniffing fall under?
Passive
Which of the steps in the Network Access Control (NAC) implementation process occurs once the policies have been defined?
Apply
Which of the following is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device
You connect your computer to a wireless network available at the local library. You find that you can access all of the websites you want on the internet except for two. What might be causing the problem?
A proxy server is blocking access to the websites
How many network interfaces does a dual-homed gateway typically have?
3
How many concurrent connections does NAT support?
5,000
Which of the following BEST describes a honeyfile?
A single file setup to entice and trap attackers.
Which of the following is an example of an internal threat?
A user accidentally deletes the new product designs.
You are the security analyst for your organization and have discovered evidence that someone is attempting to brute-force the root password on the web server. Which classification of attack type is this?
Active
Which of the following NAC agent types would be used for IoT devices?
Agentless
You are the office manager of a small financial credit business. Your company handles personal financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records, but the budget is an issue for your company. Which item would provide the BEST security for this situation?
All-in-one security appliance
Which of the following describes how access control lists can be used to improve network security?
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
Which of the following defines all the prerequisites a device must meet in order to access a network?
Authentication
Which of the following applies the appropriate policies in order to provide a device with the access it's defined to receive?
Authorization
An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later. Which type of attack is this an example of?
Backdoor
In an effort to increase the security of your organization, programmers have been informed they can no longer bypass security during development. Which vulnerability are you attempting to prevent?
Backdoor
While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. Which type of security weakness does this describe?
Backdoor
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
Circuit-level gateway
A network device is given an IP address of 172.16.0.55. Which type of network is this device on?
Class B private network
When designing a firewall, what is the recommended approach for opening and closing ports?
Close all ports; open only ports required by applications inside the DMZ.
Which of the following are often identified as the three main goals of security? (Select three.)
Confidentiality Availability Integrity
A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration? (Select two.)
Configure the VPN connection to use IPsec Configure the browser to send HTTPS requests through the VPN connection
Which of the following are characteristics of a complex password? (Select two.)
Consists of letters, numbers, and symbols Has a minimum of eight characters
As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same network segment as the human resources department. Which of the following steps can be used to isolate these departments?
Create a separate VLAN for each department.
Which of the following items would be implemented at the Data layer of the security model?
Cryptography
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
DDoS
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?
DMZ
Where should an organization's web server be placed?
DMZ
Which special network area is used to provide added protection by isolating publicly accessible servers?
DMZ
DNS tunneling is a common method that allows an attacker to accomplish which attack?
Data exfiltration
You have just installed a packet-filtering firewall on your network. Which options are you able to set on your firewall? (Select all that apply.)
Destination address of a packet Source address of a packet Port number
Which of the following best describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Documenting procedures and processes are part of which milestone in the NSA's Manageable Network Plan?
Document Your Network
Which area of focus helps to identify weak network architecture or design?
Documentation
You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. Which type of Network Address Translation (NAT) should you implement?
Dynamic
Which NAT implementation assigns two IP addresses to the public NAT interface, allowing traffic to flow in both directions?
Dynamic and static
Which IPSec subprotocol provides data encryption?
ESP
A Faraday cage is used to prevent what from leaving an area?
Electromagnetic emissions
In addition to Authentication Header (AH), IPsec is comprised of what other service?
Encapsulating Security Payload (ESP)
Which area of focus do public-facing servers, workstations, Wi-Fi networks, and personal devices fall under?
Entry points
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
Extranet
Which kind of virus operates only in memory and usually exploits a trusted application like PowerShell to circumvent traditional endpoint security solutions?
Fileless virus
Which of the following are characteristics of a packet-filtering firewall? (Select two.)
Filters IP address and port Stateless
Which device is NAT typically implemented on?
Gateway router
By definition, what is the process of reducing security exposure and tightening security controls?
Hardening
Jessica needs to set up a firewall to protect her internal network from the internet. Which of the following would be the BEST type of firewall for her to use?
Hardware
You want to create a collection of computers on your network that appear to have valuable data but actually store fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the attacker's methods. Which feature should you implement?
Honeynet
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?
Host-based firewall
Most equipment is cooled by bringing cold air in the front and ducting the heat out of the back. What is the term for where the heat is sent in this type of scenario?
Hot aisle
What is Cisco's Network Access Control (NAC) solution called?
Identity Services Engine (ISE)
Having a legitimate reason for approaching someone to ask for sensitive information is called what?
Impersonation
Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, which protection does the hashing activity provide?
Integrity
A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the BEST defense against script kiddie attacks?
Keep systems up to date and use standard security practices.
Which VPN protocol typically employs IPsec as its data encryption mechanism?
L2TP
At which layer of the OSI model do NAT routers operate?
Layer 3 (Network layer)
Which of the following is a security approach that combines multiple security controls and defenses?
Layered security
In which of the following zones would a web server most likely be placed?
Low-trust zone
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers could pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches are installed. Which solution should you use?
NAC
You are configuring the security settings for your network. You have decided to configure a policy that requires any computer connecting to the network to run at least Windows 10 version 2004. Which of the following have you configured?
NAC
In which phase of an attack does the attacker gather information about the target?
Reconnaissance
Your network devices are categorized into the following zone types: No-trust zone Low-trust zone Medium-trust zone High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network?
Network segmentation
By definition, which security concept uses the ability to prove that a sender undeniably sent an encrypted message?
Non-repudiation
Which of the following BEST describes zero-trust security?
Only devices that pass both authentication and authorization are trusted.
Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails?
Only the servers in the DMZ are compromised, but the LAN will stay protected.
Which of the following does a NAT router use to identify where a host is connected on the switch?
PAT
Which of the following VPN protocols is no longer considered secure?
PPTP
Drag the network attack technique on the left to the appropriate description or example on the right. (Each technique may be used once, more than once, or not at all.)
Perpetrators attempt to compromise or affect the operations of a system: Active attack Unauthorized individuals try to breach a network from off-site: External Attack Attempting to find the root password on a web server by brute force: Active attack Attempting to gather information without affecting the flow of information on the network: Passive attack Sniffing network packets or performing a port scan: Passive attack
You are part of a committee that is meeting to define how Network Access Control (NAC) should be implemented in the organization. Which step in the NAC process is this?
Plan
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Put the web server inside the DMZ. Put the database server on the private network.
A type of malware that prevents the system from being used until the victim pays the attacker money is known as what?
Ransomware
You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?
Static
You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. What should you use to allow access?
Static NAT
Which of the following are features of an application-level gateway? (Select two.)
Stops each packet at the firewall for inspection Reassembles entire messages
A VPN is primarily used for which of the following purposes?
Support secured communications over an untrusted network
Which statement BEST describes IPsec when used in tunnel mode?
The entire data packet, including headers, is encapsulated
Which problem does NAT help address?
The shortage of IPv4 addresses
A honeypot is used for which purpose?
To delay intruders in order to gather auditing data
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?
Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the MOST important aspect of maintaining network security against this type of attack?
User education and training
Which of the following is commonly created to segment a network into different zones?
VLANs
Which of the following is the BEST solution to allow access to private resources from the internet?
VPN
A group of salesmen would like to remotely access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?
VPN concentrator