Security+ 401 - Quiz 01
Which of the following network security solutions inspects network traffic in real time and has the capability to stop the ongoing attack? A. NIPS B. HIDS C. HIPS D. NIST
Answer: A. NIPS Explanation: Network Intrusion Prevention System (NIPS) inspects network traffic in real time and has the capability to stop the attack.
Which of the following security solutions provides a countermeasure against denial-of-service attack characterized by increasing number of half-open connections? A. Flood guard B. MAC filter C. Honeypot D. Port scanner
Answer: A. Flood guard Explanation: Flooding is a type of Denial of Service (DoS) attack aimed at providing more input than a networked host can process properly so that it becomes overwhelmed with false requests and in result doesn't have time and/or system resources to handle legitimate requests. Enabling flood detection on networking equipment provides a counter-measure against this type of attack.
Which of the following acronyms refers to a network or host based monitoring system designed to automatically alert administrators of known or suspected unauthorized activity? A. IDS B. AES C. TPM D. EFS
Answer: A. IDS Explanation: Intrusion Detection Systems (IDSs) rely on passive response which might include recording an event in logs or sending a notification alert. An IDS doesn't take any active steps in order to prevent an intrusion.
In which of the cloud computing infrastructure types clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment? A. IaaS B. SaaS C. P2P D. PaaS
Answer: A. IaaS Explanation: Infrastructure as a Service (IaaS) is one of the cloud computing infrastructure types where clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment. The clients usually pay for computational resources on a per-use basis. In IaaS, cost of the service depends on the amount of consumed resources.
Which security measure is in place when a client is denied access to the network due to outdated antivirus software? A. NAC B. DMZ C. VLAN D. NAT
Answer: A. NAC Explanation: Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before or after end-stations gain access to the network. NAC can be implemented as Pre-admission NAC, where a host must, for example, be virus free or have patches applied before it is allowed to connect to the network, and/or Post-admission NAC, where a host is being granted/denied permissions based on its actions after it has been provided with the access to the network.
Which of the following acronyms refers to a solution allowing companies to cut costs related to managing of internal calls? A. PBX B. POTS C. P2P D. PSTN
Answer: A. PBX Explanation: Private Branch Exchange (PBX) is an internal telephone exchange or switching system implemented in a particular business or office. PBX allows for handling of internal communications without the use of paid Public Switched Telephone Network (PSTN) service.
802.1x is an IEEE standard defining: A. Token ring networks B. Port-based network access control C. VLAN tagging D. Wireless networking
Answer: B. Port-based network access control Explanation: 802.1x is an Institute Electrical and Electronics Engineers (IEEE) standard for port-based network access control. 802.1X provides mechanisms to authenticate devices connecting to a Local Area Network (LAN) or Wireless Local Area Network (WLAN). Due to a similar name, 802.1X is sometimes confused with 802.11x (a general term used in reference to a family of wireless networking standards).
Which of the following protocols is used in network management systems for monitoring network attached devices? A. RTP B. SNMP C. IMAP D. RTP
Answer: B. SNMP Explanation: Simple Network Management Protocol (SNMP) is used in network management systems to monitor network-attached devices. SNMP is typically integrated into most modern network infrastructure devices such as routers, bridges, switches, servers, printers, copiers, fax machines, et al.
A cloud computing infrastructure type where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer's own computers is called: A. Thick client B. SaaS C. Virtualization D. IaaS
Answer: B. SaaS Explanation: Software as a Service (SaaS) is a type of cloud computing infrastructure where applications are hosted over a network (typically Internet) eliminating the need to install and run the software on the customer's own computers and simplifying maintenance and support. Compared to conventional software deployment which requires licensing fee and often investment in additional hardware on the client side, SaaS can be delivered at a lower cost by providing remote access to applications and pricing based on monthly or annual subscription fee.
Which type of Intrusion Detection System (IDS) relies on known attack patterns to detect an intrusion? A. Load balancer B. Signature-based C. Protocol analyzer D. Anomaly-based
Answer: B. Signature-based Explanation: Signature-based Intrusion Detection System (IDS) relies on known attack patterns to detect an intrusion. Anomaly-based IDS relies on the previously established baseline of normal network activity in order to detect intrusions. Load balancers are network devices designed for managing the optimal distribution of workloads across multiple computing resources. A protocol analyzer (also known as packet sniffer) is a software tool used to monitor and examine contents of network traffic.
Which of the following answers refers to a dedicated device for managing secure connections established over an untrusted network, such as the Internet? A. Load balancer B. VPN concentrator C. Spam filter D. Web server
Answer: B. VPN concentrator Explanation: Virtual Private Network (VPN) is a logical, restricted-use network created with the use of encryption and tunneling protocols over physical, public network links. A dedicated device for managing VPN connections established over an untrusted network, such as the Internet, is called VPN concentrator.
Which type of Intrusion Detection System (IDS) relies on the previously established baseline of normal network activity in order to detect intrusions? A. Signature-based B. URL filter C. Anomaly-based D. ACL
Answer: C. Anomaly-based Explanation: Anomaly-based Intrusion Detection System (IDS) relies on the previously established baseline of normal network activity in order to detect intrusions. A Signature-based IDS relies on known attack patterns to detect an intrusion.
Which of the following solutions is used to hide the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device? A. NAC B. ACL C. NAT D. DMZ
Answer: C. NAT Explanation: Network Address Translation (NAT) is a technology that provides an IP proxy between a private Local Area Network (LAN) and a public network such as the Internet. Computers on the private LAN can access the Internet through a NAT-capable router which handles the IP address translation. NAT hides the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device.
Which of the following cloud service types would provide the best solution for a web developer intending to create a web app? A. SaaS B. API C. PaaS D. IaaS
Answer: C. PaaS Explanation: Platform as a Service (PaaS) is a category of cloud computing services providing cloud-based application development tools, in addition to services for testing, deploying, collaborating on, hosting, and maintaining applications.
Which of the following protocols protects against switching loops? A. UTP B. SSH C. STP D. HMAC
Answer: C. STP Explanation: Spanning Tree Protocol (STP) is used to prevent switching loops. Switching loop occurs when there's more than one active link between two network switches, or when two ports on the same switch become connected to each other.
Which of the following acronyms refers to a network security solution combining the functionality of a firewall with additional safeguards such as URL filtering, content inspection, or malware inspection? A. MTU B. STP C. UTM D. XML
Answer: C. UTM Explanation: The term Unified Threat Management (UTM) refers to a network security solution (commonly in the form of a dedicated device called UTM appliance) which combines the functionality of a firewall with additional safeguards such as for example URL filtering, spam filtering, gateway antivirus protection, intrusion detection or prevention, content inspection, or malware inspection.
Which of the following answers refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object? A. CRL B. NAT C. BCP D. ACL
Answer: D. ACL Explanation: An Access Control List (ACL) contains a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object.
A lightly protected subnet placed on the outside of the company's firewall consisting of publicly available servers is known as: A. VPN B. Access Point (AP) C. VLAN D. DMZ
Answer: D. DMZ Explanation: In the context of computer security, the term Demilitarized Zone (DMZ) refers to a lightly protected subnet consisting of publicly available servers placed on the outside of the company's firewall.
A software tool used to monitor and examine contents of network traffic is known as: (Select all that apply) A. Port scanner B. Packet sniffer C. Vulnerability scanner D. Protocol analyzer
Answers: B and D. Packet sniffer and Protocol analyzer Explanation: Protocol analyzer is a software tool used to monitor and examine contents of network traffic. Protocol analyzers are also referred to as packet sniffers.
Which of the following actions can be taken by passive IDS? (Select 2 answers) A. Reconfiguring firewall B. Closing down connection C. Logging D. Terminating process E. Sending an alert
Answers: C and E. Logging and Sending an alert Explanation: Intrusion Detection Systems (IDSs) rely on passive response which might include recording an event in logs or sending a notification alert. An IDS doesn't take any active steps in order to prevent an intrusion.