Security+ Set 2

¡Supera tus tareas y exámenes ahora con Quizwiz!

Frequency bands for IEEE 802.11 networks include: (Select 2 answers) 5.0 GHz 2.4 GHz 5.4 GHz 2.0 GHz

5.0 GHz 2.4 GHz

Which of the acronyms listed below refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object? CRL NAT BCP ACL

ACL

Which of the following answers applies to a Rule-Based Access Control (RBAC) mechanism implemented on routers, switches, and firewalls? ACL CSR DLP AUP

ACL

Which part of the IPsec protocol suite provides authentication and integrity? CRC AH SIEM AES

AH Authentication Header (AH) is a protocol and part of the Internet Protocol Security (IPsec) protocol suite, which authenticates the origin of IP packets (datagrams) and guarantees the integrity of the data. The AH confirms the originating source of a packet and ensures that its contents (both the header and payload) have not been changed since transmission. If security associations have been established, AH can be optionally configured to defend against replay attacks using the sliding window technique

An infrastructure device designed for connecting wireless/wired client devices to a network is commonly referred to as: Captive portal Access Point (AP) Intermediate Distribution Frame (IDF) Active hub

Access Point (AP)

Which of the following statements describe the function of a forward proxy? (Select 2 answers) Acts on behalf of a client Hides the identity of a client Acts on behalf of a server Hides the identity of a server

Acts on behalf of a client Hides the identity of a client

A company's security policy requires all employee devices to have a software installed that would run as a background service on each device and perform host security health checks before granting/denying it access to the corporate intranet. Based on the given description, which of the answers listed below can be used to describe the software's features? (Select 2 answers) Agentless Dissolvable Agent-based Permanent

Agent-based Permanent

A properly configured antispoofing mechanism on a router should block Internet traffic from IP addresses in the range of: 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 All of the above

All of the above

What type of network traffic filtering criteria can be set on a router? Filtering by IP address Filtering by network protocol Filtering by subnet Filtering by logical port number All of the above

All of the above

In active-active mode, load balancers distribute network traffic across: Least utilized servers None of the servers All servers Most utilized servers

All servers

A situation in which an application writes to or reads from an area of memory that it is not supposed to access is referred to as: DLL injection Buffer overflow Memory leak Integer overflow

Buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. ... Exploiting the behavior of a buffer overflow is a well-known security exploit.

Which functionality allows a DLP system to fulfill its role? Motion detection Environmental monitoring Content inspection Loop protection

Content inspection

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as: DLL ISO EXE INI

DLL Short for Dynamic Link Library, a library of executable functions or data that can be used by a Windows application. Typically, a DLL provides one or more particular functions and a program accesses the functions by creating either a static or dynamic link to the DLL.

Which of the terms listed below describes a type of attack that relies on executing a library of code? Memory leak DLL injection Pointer dereference Buffer overflow

DLL injection In computer programming, DLL injection is a technique used for running code within the address space of another process by forcing it to load a dynamic-link library. DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend

Which of the following acronyms refers to software or hardware-based security solutions designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network? DRP DHE DLP DEP

DLP

Which of the following answers refers to a common antenna type used as a standard equipment on most Access Points (APs) for indoor Wireless Local Area Network (WLAN) deployments? Dipole antenna Dish antenna Unidirectional antenna Yagi antenna

Dipole antenna

Which of the antenna types listed below provide a 360-degree horizontal signal coverage? (Select 2 answers) Unidirectional antenna Dipole antenna Dish antenna Omnidirectional antenna Yagi antenna

Dipole antenna Omnidirectional antenna

Which of the following answers refer to highly directional antenna types used for long-range point-to-point bridging links? (Select 2 answers) Dipole antenna Omnidirectional antenna Dish antenna Non-directional antenna Unidirectional antenna

Dish antenna Unidirectional antenna

What are the characteristic features of a transparent proxy? (Select all that apply) Doesn't require client-side configuration Modifies client's requests and responses Redirects client's requests and responses without modifying them Clients might be unaware of the proxy service Requires client-side configuration

Doesn't require client-side configuration Redirects client's requests and responses without modifying them Clients might be unaware of the proxy service

Which of the IPsec protocols provides authentication, integrity, and confidentiality? AES SHA AH ESP

ESP An Encapsulating Security Payload (ESP) is a protocol within the IPSec for providing authentication, integrity and confidentially of network packets data/payload in IPv4 and IPv6 networks. ESP provides message/payload encryption and the authentication of a payload and its origin within the IPSec protocol suite.

What type of security measures can be implemented on an MX gateway? (Select all that apply) Encryption Security guards DLP Motion detection Spam filter

Encryption DLP Spam filter

An SSL decryptor card is a type of dedicated hardware device that improves performance of a server by taking over computational tasks related to handling of encrypted network traffic. True False

False

SSL/TLS accelerators are used to decode secure communication links for the purpose of content inspection. True False

False

VPNs can be either remote-access (used for connecting networks) or site-to-site (used for connecting a computer to a network). True False

False In a site-to-site VPN configuration, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway Remote-access VPNs connect individual hosts to private networks -- for example, travelers and teleworkers who need to access their company's network securely over the internet.

Stateless inspection is a firewall technology that keeps track of network connections and based on the collected data determines which network packets should be allowed through the firewall. True False

False Packet filtering enables you to inspect the components of incoming or outgoing packets and then perform the actions you specify on packets that match the criteria you specify. The typical use of a stateless firewall filter is to protect the Routing Engine processes and resources from malicious or untrusted packets.

Which of the following terms refers to a situation where no alarm is raised when an attack has taken place? False negative True positive False positive True negative

False negative

An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an example of: Fault tolerance False positive error Quarantine function False negative error

False positive error

A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called: Antivirus Firewall Antispyware Malware

Firewall In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.

What is the name of a security mechanism that protects a network switch against populating its MAC table with invalid source addresses? Honeypot Firewall Flood guard Antivirus

Flood guard

Which of the answers listed below refers to a piece of hardware and associated software/firmware designed to provide cryptographic functions? HSM EFS STP WAF

HSM

An IDS that detects intrusions by comparing network traffic against the previously established baseline can be classified as: (Select all that apply) Heuristic Anomaly-based Behavioral Signature-based

Heuristic Anomaly-based Behavioral

Which of the statements listed below describe the function of a reverse proxy? (Select 2 answers) Acts on behalf of a client Hides the identity of a server Acts on behalf of a server Hides the identity of a client

Hides the identity of a server Acts on behalf of a server

What is the purpose of steganography? Checking data integrity Calculating hash values Hiding data within another piece of data Data encryption

Hiding data within another piece of data

A monitored host containing no valuable data specifically designed to detect unauthorized access attempts is known as: UTM appliance Trojan horse Captive portal Honeypot

Honeypot

Which of the answers listed below illustrates the difference between passive and active security breach response? HIPS vs. NIPS UTM vs. Firewall NIPS vs UTM IDS vs. IPS

IDS vs. IPS The Intrusion Detection System (IDS) provides the network with a level of preventive security against any suspicious activity. The IDS achieves this objective through early warnings aimed at systems administrators. However, unlike IPS, it is not designed to block attacks. An Intrusion Prevention System (IPS) is a device that controls access to IT networks in order to protect systems from attack and abuse. It is designed to inspect attack data and take the corresponding action, blocking it as it is developing and before it succeeds, creating a series of rules in the corporate firewall, for example.

Which of the following answers applies to a situation where an Ethernet switch acts as an authenticator for devices that intend to connect to a network through one of its ports? IEEE 802.1X IEEE 802.11ac IEEE 802.1D IEEE 802.11x

IEEE 802.1X

Which of the following applies to a request that doesn't match the criteria defined in an ACL? Group policy Implicit deny rule Transitive trust Context-aware authentication

Implicit deny rule An implicit deny is when a user or group are not granted a specific permission in the security settings of an object, but they are not explicitly denied either. ... An implicit deny only denies a permission until the user or group is allowed to perform the permission.

Which of the following violates the principle of least privilege? On-boarding process Improperly configured accounts Shared accounts for privileged users Time-of-day restrictions

Improperly configured accounts The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Under POLP, users are granted permission to read, write or execute only the files or resources they need to do their jobs: In other words, the least amount of privilege necessary.

Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it? Buffer overflow Pointer dereference Memory leak Integer overflow

Integer overflow Integer overflow is the result of trying to place into computer memory an integer (whole number) that is too large for the integer data type in a given system. ... Because of this, the condition may lead to a security breach through a buffer overflow or other malicious code.

Examples of password cracking software include: (Select 2 answers) Security Onion John the Ripper Cain & Abel Back Orifice tcpdump

John the Ripper Cain & Abel

Routers operate at: (Select 2 answers) Physical layer of the OSI model Application layer of the OSI model Layer 3 of the OSI model Network layer of the OSI model Layer 5 of the OSI model

Layer 3 of the OSI model Network layer of the OSI model

A network device designed for managing the optimal distribution of workloads across multiple computing resources is known as: Layer 3 switch Access Point (AP) Load balancer Domain controller

Load balancer

Which of the actions listed below can be taken by an IDS? (Select 2 answers) Firewall reconfiguration Closing down connection Logging Terminating process Sending an alert

Logging Sending an alert It provides protection to the individual host and can detect potential attacks and protect critical operating system files. The primary goal of any IDS is to monitor traffic. The role of a host IDS is passive, only gathering, identifying, logging, and alerting.

Which of the following answers refer to the implementations of NAC? (Select 2 answers) IPsec MAC filter BYOD 802.1X HIDS/HIPS

MAC filter 802.1X

A network security access control method whereby the 48-bit physical address assigned to each network card is used to determine access to the network is known as: MAC filtering Network Address Translation (NAT) Static IP addressing Network Access Control (NAC)

MAC filtering

Disabling SSID broadcast: Is one of the measures used in securing wireless networks Makes a WLAN harder to discover Blocks access to a WAP Prevents wireless clients from accessing the network

Makes a WLAN harder to discover

A type of device that translates data between different communication formats is called: Multilayer switch Media gateway Protocol analyzer Media converter

Media gateway

A situation in which an application fails to properly release memory allocated to it or continually requests more memory than it needs is called: Memory leak Buffer overflow DLL injection Integer overflow

Memory leak A memory leak is the gradual loss of available computer memory when a program (an application or part of the operating system) repeatedly fails to return memory that it has obtained for temporary use. ... A memory leak is the result of a program bug.

Which of the answers listed below is an example of exploitation framework? tcpdump Metasploit Security Onion OpenVAS

Metasploit

What is the name of a Linux distribution commonly used as a target system for practicing penetration testing techniques? Kali Linux Debian Metasploitable Red Hat SELinux

Metasploitable

Modifies client's requests and responses Doesn't require client-side configuration Requires client-side configuration Redirects client's requests and responses without modifying them

Modifies client's requests and responses Requires client-side configuration

A type of computer security solution that allows to define and enforce network access policies is known as: NAC NIDS NFC NAT

NAC

Which of the following network security solutions inspects network traffic in real-time and has the capability to stop the ongoing attack? NIPS HIDS NIDS NIST

NIPS A network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.

Which of the following tools offers the functionality of a configuration compliance scanner? Zenmap Roo Nessus DBAN

Nessus

What is Nmap? Network scanner Exploitation framework Protocol analyzer Password cracker

Network scanner

In a round-robin method, each consecutive request is handled by: (Select best answer) First server in a cluster Next server in a cluster Least utilized server in a cluster Last server in a cluster

Next server in a cluster

Which of the tools listed below offers the functionality of a vulnerability scanner? Roo OpenVAS Wireshark pfSense

OpenVAS

A security administrator configured an IDS to receive traffic from a network switch via port mirroring. Which of the following terms can be used to describe the operation mode of the IDS? (Select 2 answers) In-band Passive Inline Out-of-band

Passive Out-of-band

Which of the following terms describes an attempt to read a variable that stores a null value? Integer overflow Pointer dereference Buffer overflow Memory leak

Pointer dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Extended Description. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

A software tool used for capturing and examining contents of the network traffic is known as: Port scanner Honeypot Protocol analyzer Vulnerability scanner

Protocol analyzer

In computer networking, a computer system or an application that acts as an intermediary between another computer and the Internet is commonly referred to as: Bridge Active hub Server Proxy

Proxy

A device designed to filter and transfer IP packets between dissimilar types of computer networks is called: Hub Switch Load balancer Router

Router

A technology that allows for real-time analysis of security alerts generated by network hardware and applications is known as: LACP DSCP SIEM LWAPP

SIEM

Which of the following acronyms is used as a unique identifier for a WLAN (a wireless network name)? BSS SSID ESS IBSS

SSID

Which of the following protocols provide protection against switching loops? (Select 2 answers) RTP SRTP RDP STP RSTP

STP RSTP

Which of the terms listed below refers to a method for permanent and irreversible removal of data stored on a memory device? Sanitization High-level formatting Recycle Bin (MS Windows) Partitioning

Sanitization

In active-passive mode, load balancers distribute network traffic across: All servers Servers marked as active Least utilized servers Servers marked as passive

Servers marked as active

Which of the terms listed below refers to a method that ignores the load balancing algorithm by consistently passing requests from a given client to the same server? Round-robin method Active-active configuration Session affinity Least connection method

Session affinity

Examples of secure VPN tunneling protocols include: (Select 2 answers) bcrypt SCP IPsec WEP TLS

Some of the most commonly used protocols include: Open VPN (SSL/TLS) Internet Protocol Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), Secure Socket Tunneling Protocol (SSTP),

Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by allowing users simultaneously make use of both the VPN and public network links? Tethering Split tunnel Load balancing Full tunnel

Split tunnel Split tunneling is a computer networking concept which allows a mobile user to access dissimilar security domains like a public network and a local LAN or WAN at the same time, using the same or different network connections.

Which of the answers listed below refers to a data link layer (layer 2) device designed to forward data packets between Local Area Network (LAN) segments? Router Hub Switch Repeater

Switch

An effective asset management process provides countermeasures against: (Select all that apply) System sprawl Race conditions Undocumented assets Architecture and design weaknesses User errors

System sprawl Undocumented assets Architecture and design weaknesses

A type of architecture in which most of the network configuration settings of an Access Point (AP) are set and managed with the use of a central switch or controller is called: Thin AP Infrastructure mode Fat AP Ad hoc mode

Thin AP

An IPsec mode providing encryption only for the payload (the data part of the packet) is known as: Protected mode Tunnel mode Transport mode Safe mode

Transport mode The transport mode encrypts only the payload and ESP trailer; so the IP header of the original packet is not encrypted. ... The transport mode is usually used when another tunneling protocol (such as GRE, L2TP) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets.

A common example of channel overlapping in wireless networking could be the 2.4 GHz band used in 802.11 networks, where the 2.401 - 2.473 GHz frequency range is used for allocating 11 channels, each taking up a 22-MHz portion of the available spectrum. Setting up a wireless network to operate on a non-overlapping channel (1, 6, and 11 in this case) allows multiple networks to coexist in the same area without causing interference. True False

True

A network switch equipped with the routing capability is sometimes referred to as a layer 3 switch. True False

True

An IP address that doesn't correspond to any actual physical network interface is called a virtual IP address (VIP/VIPA). True False

True

In a weighted round-robin method, each consecutive request is handled in a rotational fashion, but servers with higher specs are designated to process more workload. True False

True

The process of securing networking devices should include the practice of disabling unused physical ports. True False

True

The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks. True False

True

The term "Always-on VPN" refers to a type of persistent VPN connection the starts automatically as soon as the computer detects a network link. True False

True

The term "Fat AP" refers to a stand-alone Access Point (AP) device type offering extended network configuration options that can be set and managed after logging in to the device. True False

True

A type of IDS that relies on predetermined attack patterns to detect intrusions is referred to as a signature-based IDS. True False

True Signature-based IDS refers to the detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware. This terminology originates from anti-virus software, which refers to these detected patterns as signatures.

In the IT industry, the term "System sprawl" is used to describe poor hardware resource utilization. True False

True The growth is resources that exceeds current capacity to effectively manage.

Which of the IPsec modes provides entire packet encryption? Tunnel Payload Transport Default

Tunnel In this context, tunnel refers only to the method by which IPSec packets are constructed, while IKE and IPSec tunnels are conceptually defined as secure logical connections between hosts. IPSec tunnels can use transport mode or tunnel mode encapsulation.

Which of the answers listed below refer(s) to security solution(s) that can be implemented as a function of a DLP system? (Select all that apply) USB blocking Virtualization Email monitoring Directory services Cloud-based security

USB blocking Email monitoring Cloud-based security

Which of the following statements describing the functionality of SIEM is not true? Data can be collected from many different sources Collected data can be processed into actionable information Automated alerting and triggers Time synchronization Event deduplication Use of rewritable storage media

Use of rewritable storage media

What is the best countermeasure against social engineering? AAA protocols User authentication Strong passwords User education

User education: Not educating your end-users in cybersecurity initiatives is like trying to keep a flood at bay using a screen door. Your end-users are the first line of defense against cybersecurity attacks (like phishing scams).

Which of the answers listed below refers to a dedicated device for managing encrypted connections established over an untrusted network, such as the Internet? VPN concentrator Load balancer Managed switch Multilayer switch

VPN concentrator A VPN concentrator is a type of networking device that provides secure creation of VPN connections and delivery of messages between VPN nodes. It is a type of router device, built specifically for creating and managing VPN communication infrastructures.

What type of IP address would be assigned to a software-based load balancer to handle an Internet site hosted on several web servers, each with its own private IP address? IPv4 address Virtual IP address Non-routable IP address IPv6 address

Virtual IP address

An e-commerce store app running on an unpatched web server is an example of: Architecture/design weakness Risk acceptance Vulnerable business process Security through obscurity

Vulnerable business process: Business Process Compromise (BPC) is a type of attack that has come into focus recently. It particularly targets the unique processes or machines facilitating these processes to quietly manipulate them for the attacker's benefit. Attackers infiltrate the enterprise and look for vulnerable practices, susceptible systems, or operational loopholes.

Which of the tools listed below would be of help in troubleshooting signal loss and low wireless network signal coverage? Logical network diagram Protocol analyzer WAP power level controls Physical network diagram

WAP power level controls

Which of the terms listed below refers to computer data storage systems, data storage devices, and data storage media that can be written to once, but read from multiple times? DVD-RW Tape library Floppy disk WORM

WORM

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against: War chalking Tailgating War driving Shoulder surfing

War driving

What type of device would be the most convenient for interconnecting two or more physically separated network segments? Wireless bridge Layer 3 switch Wireless Access Point (WAP) Cable modem

Wireless bridge

Which of the following tools would be used to perform a site survey? pfSense Wireless scanner OpenVAS Nmap

Wireless scanner

Which of the tools listed below would be used to detect a rogue AP? HIDS Vulnerability scanner Packet sniffer Wireless scanner

Wireless scanner

Which of the following is a GUI packet sniffer? pfSense Nmap tcpdump Wireshark

Wireshark

Zero-day attack exploits: New accounts Patched software Vulnerability that is present in already released software but unknown to the software developer Well known vulnerability

Zero-day attack exploits: Vulnerabilities that are/can be exploited before the vendor is aware.

Which of the following is a CLI packet sniffer? Nmap tcpdump OpenVAS Wireshark

tcpdump


Conjuntos de estudio relacionados

geology ch. 16 air quality issues

View Set

CA Real Estate Finance Course (UNIT QUIZZES)

View Set

ISDS 3115 - Graded Ch. 1 Homework

View Set

Investments Exam 2- Math from Chapters 5, 7, 8

View Set

comp 285 final exam practice questions

View Set

ACCT 3210: Review Chapter 11: PP&E and Intangible Assets-Utilization and Disposition

View Set

Biology - Chapter 5: Cell Division

View Set

Biochem Chapter 6 (Dont think any are from here)

View Set

Section 4 - Transfer and Recording of Title

View Set