Unix Final
A first-year student in a computer networking class is studying different addressing types and attempting to identify them. Which of these does she determine is a Media Access Control (MAC) address?
00-14-22-01-23-45
Which of the following is an authentication method that supports smart cards, biometrics, and credit cards, and is a fully scalable architecture?
802.1x
A company uses an Internet Protocol Security (IPSec) virtual private network (VPN) solution. It allows remote users to connect to the main office and allows communication between the main office and branch offices securely over the Internet. The main office network uses network address translation (NAT) with an internal IP address range of 192.168.0.1 to 192.168.0.254. Which of the following ranges must remote offices and users NOT use on their internal networks?
192.168.0.x
When setting up port forwarding on an external firewall to pass HTTP traffic from the Internet to an internal web server, the external address and port are 208.40.235.38:8081. What is the internal IP address and port, assuming the most common port for that protocol?
192.168.5.74:80
Tonya is a student. She is working through a network addressing scheme example for a class. She has read that the 128-bit address 2001:0f58:0000:0000:0000:0000:1986:62af can be shortened but is trying to understand how. What is the correct solution?
2001:0f58::1986:62af
While fragmentation of IP packets is supported when they encounter network segments that have a smaller maximum transmission unit (MTU), that feature can be manipulated by malicious parties in overlapping attacks. In calculating a defense for such an exploit, what is the only reliable defense?
A dynamic filtering system that performs virtual reassembly.
Cassie is an IT helpdesk representative. She just received a trouble ticket from a remote user stating they cannot connect to the company network over the virtual private network (VPN). Cassie begins troubleshooting the matter, checking on recent configuration changes to the VPN equipment, looking at the unit's logs for error messages, and so on. She has examined the VPN-related features and potential problems but still doesn't understand why the end user's connection failed. She has been assured that both the end user and the company have Internet connectivity. What is the most likely reason the user cannot connect?
A network engineer has inadvertently changed the IP address of the firewall's internal interface that connects to the VPN's outward-facing port.
Which of the following can affect the confidentiality of documents stored on a server?
A server breach
A company's cybersecurity trainer is recording a Lunch and Learn video for new employees. The trainer discusses the dangers of spam. Besides being annoying, what other problem could spam cause?
A spam email could contain a link to what appears as a benign or beneficial website that could, if clicked, upload malicious software to the user's computer.
Maria is a network engineer assigned to select a new virtual private network (VPN) solution for her company. She is weighing the benefits of commercial versus open-source VPNs. Which of the following is a benefit of open-source platforms?
Access to Internet-based support
In preserving the confidentiality of users on a corporate network, which party is responsible for setting up security policies to guarantee users' privacy?
Administrator
Elissa is a network technician. She is configuring firewall rules for one of her company's branch offices, which provides online retail sales of their products. She is configuring rules to block traffic based on a traditional model but needs to allow a particular type of traffic. What should she allow?
All traffic from port 80 originating from the office's web server, which is in a protected subnet
Alphonse is a networking contractor who has been hired by a small-to-mid-sized company to configure their firewall. The firewall comes preconfigured with a common ruleset that allows web, email, instant messaging, and file transfer traffic using default ports. The company wants to allow access to secure websites and common website protocols but block access to insecure Internet websites. Which of the following is the best solution?
Allow access to HTTPS, SQL, and Java, but deny access to HTTP
Torri is a network technician. She needs to configure the edge firewalls for her company's IT infrastructure. Her supervisor has told her she must find a configuration method that assumes all network traffic is safe and, as malicious traffic is identified, it is added to a list of exceptions. Which of the following configuration methods does Torri select?
Allow by default/deny by exception
Which of the following is a feature of NTFS that allows complete additional files to successfully hide beneath any normal file object and are almost undetectable?
Alternate data Streams (ADS)
Teodora is the procurement manager for her company's IT department. She is researching firewalls that come with enhancements beyond basic traffic filtering. Which of the following is considered a firewall enhancement?
Anti-malware scanning
The IT security officer for a large company has spent the past year upgrading security for the corporate network. Employees working from home have personal firewalls running on their computers. They use a virtual private network (VPN) to connect to the corporate network. The corporate network utilizes the latest devices and techniques, including an intrusion detection system/intrusion prevention system (IDS/IPS), anti-malware protection, and firewalls. What security threat most likely still needs to be addressed?
An internal threat, such as a disgruntled employee or contractor
In executing the processes of risk assessment and risk management, what calculates the potential number of times the threat could be a realized attack in a year's time?
Annualized rate of occurrence
Which of the following can perform authentication to provide integrity protection, although not for the outermost IP header?
Authentication Header (AH)
Virtual private networks (VPNs) allow external entities to connect to and interact with a private network. What does identity verification require?
Authentication
Diego is a network consultant. He is explaining the benefits of virtual private network (VPN) connections for remote clients to the owner of a company who wants to allow most staff to work remotely. He says that a VPN is both private and secure. What does he say allows for this?
Authentication provides privacy and encryption provides security
Arturo is troubleshooting a firewall that may have been hacked by a malicious outsider. He is under pressure and immediately tries a fix that, if it fails, will not be easy to back out of. Before he makes the attempt, his supervisor warns him of the danger. What does Arturo's supervisor say?
Avoid destructive or irreversible solutions until last.
Charles is an IT help desk technician. He gets a ticket from a branch office saying that they lost Internet connectivity. He investigates remotely over a backup maintenance link and determines that this was done by design; the office's firewall deliberately severed the connection. Which is the following does this functionality define?
Bastion host
Before an Internet user can access a demilitarized zone (DMZ), extranet, or private network resource, it first encounters an entity that is sturdy enough to withstand any sort of attack. What is this entity called?
Bastion host operating system
Bill is a network engineer. On Monday morning he learns that the firewalls between network segments are not operating as expected. He checks the activity sheet for the on-call techs who worked the weekend and sees one of them performed an unscheduled patch. Bill suspects the patch made modifications to the firewalls. Of the following , what is the best way to check this?
Bill compares screenshots of the optimal firewall configuration against their current settings.
Lauren is a network technician monitoring performance on the LAN. She becomes alarmed when the network utilization reaches 95 percent for a particular time of day. How does she know what the utilization is normally like?
Benchmarks
A malicious person wants to use tunneling to get through a company's firewall using a vulnerability. Micah, a network security engineer, is aware of this and configures the firewall to do what to combat this?
Block all encryption
Isaac is designing a network infrastructure as a class project. He determines that one device he requires must have the capacity to act as a repeater, operate at the Data Link Layer of the OSI model, be able to filter packets based on their MAC address, and allow communication between two local area networks (LANs). Which device will fulfill these specifications?
Bridge
A bank's online infrastructure has been under attack by hackers. In addition to standard security methods, the bank's IT security manager has requested website code to be examined and modified, where necessary, to address possible arbitrary code execution. What will the code modifications prevent?
Buffer overflows
Which of the following virtual private network (VPN) solutions typically accepts a wider variety of client operating system types?
Cloud-based VPN
Hong is a network engineer. He is developing a firewall policy that addresses troubleshooting a firewall that has either failed or is under attack. In his plan, what should be included as a best practice?
Collect firewall documentation before an attack.
Jiang is a network technician. He is programming a web server to provide clients with dynamically produced web content in real-time based on several attributes the connecting user enters. This includes any forms they may fill out. Martha is the cybersecurity chief. She says that the technology Jiang is using could expose sensitive customer data to hackers if it were ever accessed. What web server technology is Jiang using?
Common User Interface (CGI )
What is a type of assessment that judges how well an organization is accomplishing set goals or requirements?
Compliance auditing
Marta is a network technician intern at a mid-sized company. She is learning hardware virtual private network (VPN) best practices from one of the engineers. What does the engineer tell Marta is NOT a best practice?
Connecting a client computer to more than one network interface while connected to the office via VPN
Logical topologies are primarily about which of the following?
Connections
What is the first step in deploying a firewall?
Construct a firewall policy.
Temika is the IT security officer for her company. She is developing a plan to measure effectiveness of network security success. Which of the following will accomplish that goal?
Continually improving the state of security so that, as time passes, the network is better protected than it was in the past
What form of attack is described as throttling the bandwidth consumption on an Internet link at a specific interval as a method of transmitting small communication streams such as user credentials?
Covert channels
A malicious person has installed ransomware on a company user's computer. The ransomware message states that the malicious software will be removed if the user pays a certain amount of money digitally. What is a typical form of payment?
Cryptocurrency
Which OSI model layer deals with frames?
Data Link Layer
Which term describes a technology that performs deep-content inspection within a scope defined by a central management console?
Data leakage prevention (DLP)
A social networking website has been gathering a great deal of personal information on its users for years. This presents the potential danger of exposure if the site is hacked, and the data could be sold by the social networking platform without the users' knowledge or consent. What technology does the social media company most likely use to gather data, such as the users' buying preferences?
Data mining
What is an intrusion detection system/intrusion prevention system (IDS/IPS) that uses patterns of known malicious activity similar to how antivirus applications work?
Database-based detection
Devaki is an engineer who is designing network security for her company's infrastructure. She is incorporating protections for programming flaws, default settings, maximum values, processing capabilities, and memory capacities on devices, as well as malicious code and social engineering. What is this called?
Defense in depth
Isabelle is a network engineer deploying an IT infrastructure in one of her company's new branch offices. Currently, she is designing a local subnetwork that contains and exposes the office's external services to a larger, untrusted network, specifically the Internet. What is this called?
Demilitarized zone (DMZ)
Which of the following is NOT an example of a vanishing network perimeter?
Demilitarized zone (DMZ)
Which of the following is unlikely to support at-firewall authentication?
Demilitarized zone (DMZ) firewall
Which of the following is a common firewall philosophy?
Deny by default
Which of the following is a firewall implementation best practice?
Different firewall products should be used depending on firewall placement, such as different products for border firewalls versus internal host firewalls.
Which network index technology allows users to locate resources on a private network, keeps track of which servers and clients are online, and the resources network hosts share?
Directory services
Agents, bots, and zombies are part of what attack?
Distributed denial of service (DDoS) attack
Alejandro is a cybersecurity contractor. He was hired by a Fortune 500 company to redesign their network security system, which was originally implemented when they were a much smaller organization. The company's current solution is to use multiple firewall platforms from different vendors to protect internal resources. Alejandro proposes a type of infrastructure security method that, in addition to firewalls, adds tools such as an intrusion detection system (IDS), antivirus, strong authentication, virtual private network (VPN) support, and granular access control. What is this solution called?
Diversity of defense
Which form of social engineering has the malicious person physically going through trash cans and other refuse looking for valuable information about a network such as IP addresses, usernames, and passwords?
Dumpster diving
The network engineer of a mid-size company needs to have all servers, network printers, and other online resources possess the same IPv6 address over time. The engineer does not want to perform manual address assignments on all of these resources. Additionally, she wants to prevent any rogue device from having an IPv4 address dynamically assigned just by making the request. What is her solution?
Dynamic Host Configuration Protocol (DHCP) reservation
Carl is a network technician who has been assigned to select a dedicated hardware device to act as the company's termination point for the secured virtual private network (VPN) tunnel. He chooses a device that allows the firewall to filter traffic exiting the VPN to move into the local area network (LAN). It is one that is best suited for controlled access into the demilitarized zone (DMZ). What is the solution that he recommends?
Edge router
Hajar is a new network administrator. She is inventorying firewalls in her company. She finds one that has a management interface lacking something and makes a note to replace it immediately. What is the missing firewall management interface?
Encryption
During which step of firewall incident response is the compromised resolved?
Eradication
James is a network engineer. He has been assigned the responsibility of designing a virtual private network (VPN) solution that will allow customers, suppliers, and business partners access to network resources without exposing the secure private LAN. The parties accessing these resources must use digital certificates issues by a certification authority (CA). What form of VPN is he setting up?
Extranet
Which of the following is a security state that reverts to a state of being unavailable or locked?
Fail-close
A small fire breaks out in the lunch room of a branch office and the fire alarms sound. The employees are directed to leave the building and assemble in the parking lot. What condition is required for them to cross restricted access areas normally locked?
Fail-open
Malika is a network engineer who is configuring firewalls separating both the Accounting and HR departments from the rest of the business divisions on the local area network (LAN). She wants to allow only certain traffic into those subnets from both internal employees and those working from home. The traffic may include email, chat, and video conferencing. She wants to prevent access to the company intranets in order to protect confidential employee and financial data. How has she configured these firewalls?
Filter
A malicious party has discovered the IP address of a host inside a network she wants to hack. She employs a form of port scanning, attempting to establish a connection with the host using multiple different ports. Which technique is she using?
Firewalking
The following are firewall management best practices, EXCEPT:
Focus on establishing a philosophy of default allow rather than default deny.
Ambrose is testing his IT department's new firewall deployment. He is using a collection of applications that employ a brute-force technique to craft packets and other forms of input directed toward a target. What is this called?
Fuzzing tools
Which of the following is best described as processes and procedures that help to ensure that employees will follow security policies?
Governance
You are a network professional. You want to overcome the security shortcomings of the Domain Name System (DNS) and protect the IP address locations of sensitive resources on the internal network. What alternative can you use?
HOSTS file
Removing all unnecessary protocols, uninstalling all unnecessary applications and services, and installing the latest final releases of all device drivers are part of what security process?
Hardening
Which of the following is closely associated with maintaining data integrity?
Hash
A chief information officer (CIO) works for a mid-sized company located on the California coast. The CIO is developing a disaster plan for the IT infrastructure in the event of an earthquake powerful enough to damage or destroy network and computing equipment, including the database servers. What can she do to protect valuable company data even under the worst circumstances?
Have the data regularly backed up and stored in a secure, off-site facility not prone to such environmental dangers.
Location-aware anti-theft software will periodically upload its location to a centralized site in the event that the mobile device is lost or stolen. What can defeat this?
If the thief reformats the mobile device's drive
Juan is a network engineer. His manager has tasked him with gathering concrete metrics on network security and operations. Juan selects the most popular of performance metrics methodologies. What is it?
Information Technology Infrastructure Library (ITIL)
Which Internet Protocol Security (IPSec) core component negotiates, creates, and manages security associations?
Internet Key Exchange (IKE)
Internet Protocol Security (IPSec) is a standards-based protocol suite designed specifically for securing ____________ communications.
Internet Protocol (IP)
What form of addressing uses 32 bits, subnetting, and suffers from a lack of integrated security?
Internet Protocol version 4 (IPv4)
Tomika is a network architect. A co-worker is helping to design a more secure placement of the company's virtual private network (VPN) device. The co-worker suggests that the device be placed between the Internet-facing firewall and the internal network. What is Tomika's opinion of this deployment strategy?
It is somewhat secure but does not address possible security issues involving untrustworthy VPN connections.
Which of the following is true of an Internet Protocol Security (IPSec) virtual private network (VPN) when compared to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) VPN?
It requires client software.
Mohammad is presenting IPv6 cryptographic security features to his networking class. A student asks him to explain data origin authentication. How does he answer the question?
It uses a checksum that incorporates a shared encryption key so that the receiver can verify that it was actually sent by the apparent sender.
Devaki is developing a backup and recovery strategy for the network and server system. She needs a way to address and quickly restore small events where a bit of data has accidentally been deleted, as well as situations where the entire facility is compromised. What is her plan?
Keep a local backup for quick retrieval to deal with small events and an encrypted remotely stored copy for major incidents.
Maria is a new network engineer for a company that was established over 30 years ago. She is examining the IT infrastructure and discovers that the virtual private network (VPN) solution employs an older encryption protocol for backward compatibility. This protocol has largely been replaced, but it used to be popular in early VPN solutions. What is this protocol?
Layer 2 Tunneling Protocol (L2TP)
Jahi is a security engineer for a U.S. Department of Defense contractor. He is implementing a more secure method for remote users to log in to an internal system over a virtual private network (VPN). In addition to requiring a password, this method also asks the user to enter a PIN number texted to their mobile phone, and to use a fingerprint reader mounted to their company-issued laptop. What is the method that Jahi is deploying?
Multifactor authentication
Which boundary network creates a series of subnets separated by firewalls?
N-tier
Which of the following can be described as putting each resource on a dedicated subnet behind a demilitarized zone (DMZ) and separating it from the internal local area network (LAN)?
N-tier deployment
Marcus is studying networking with an emphasis on cybersecurity at a local university. As part of his research, he wants to visit certain hacker sites but is concerned that his laptop would be vulnerable to passive threats while visiting them. He doesn't have the funds for expensive security equipment. What is the least expensive option he has at hand?
Native firewall
A malicious person is attempting to subvert a company's virtual private network (VPN). She is using a tool that creates TCP and UDP network connections that can link to or from any port. What is this tool?
Netcat
Chang is a network engineer. He is revising the company's firewall implementation procedure. He's reviewing the procedural element requiring placement of network firewalls at chokepoints and mapping out the network structure to pinpoint the location where firewalls are to be placed. Which of the following is he focusing on?
Network design
Protecting computers, hard disks, databases, and other computer equipment attached directly or indirectly to the Internet can be categorized as what kind of security area?
Network security
Which of the following is considered a node?
Networked printer
Jae is a network consultant hired by a small business client. He has been asked to recommend a firewall solution. Given the relatively small size of the infrastructure, he suggests a firewall that provides integrated intrusion detection system/intrusion prevention system (IDS/IPS) functionality because a single device offering multiple functions is cost- and space-effective. What is the solution?
Next-gen firewall (NGFW)
Which of the following is an advantage of Secure Sockets Layer/Transport Layer Security (SSL/TLS) virtual private networks (VPNs) versus Internet Protocol Security (IPSec) VPNs?
No network address translation (NAT) problems
What is a mathematical operation that is easily performed but that is highly unlikely to reverse in a reasonable amount of time?
One-way function
Which of the following helps you verify that the internal network port of a virtual private network (VPN) device is available?
Open a command line interface and uses the ping command.
Oscar is deploying a virtual private network (VPN) solution for his company. The VPN needs to connect to remote servers by their Internet Protocol (IP) addresses rather than using network address translation (NAT). What type of VPN is Oscar deploying?
Operating system (OS)
Chad is a network engineer. He is tasked with selecting a virtual private network (VPN) platform for his company. He chooses a solution that is inexpensive and runs on UNIX, although it is less scalable and less stable than other solutions. What has he chosen?
Operating system-based VPN
A major online retailer was recently hacked. Tens of thousands of users' secure banking data and other personal information were stolen. Who or what is the most likely culprit?
Organized crime group
Which of the following can cause a full or partial overwriting of datagram components, creating new datagrams out of parts of previous datagrams?
Overlapping
A firewall is a filtering device that watches for traffic that fails to comply with rules defined by the firewall administrator. What does the firewall inspect?
Packet header
Reid is a network security trainer for a mid-sized company. He is demonstrating alternate methods of protecting a network using unconventional means. The IT department's "sandbox" network is used for testing and not connected to the production network. Using the sandbox, Reid shows how to protect a network from external threats without using a firewall. What is Reid's approach?
Packet sniffer
Thuan is a new network engineer. He is increasing the security of end user computers. Which of the following is a security feature every client computer needs?
Password-protected screen saver
A company hires security experts to play the role of hackers. The experts are asked to attempt to breach the infrastructure to determine how secure the company is from threats. The experts are also asked to recommend improvements. What is this activity called?
Penetration testing
Geraldine is a freelance network technician. She has been hired to design and build a small office/home office (SOHO) network. She is considering what firewall solution to select, keeping in mind that her client has a tight budget and the network is made up of no more than six nodes. Which of the following is the best solution?
Personal hardware firewall integrated in the wireless access point or modem
Werner is a security manager for a health insurance company. He is examining the organization's compliance with patient privacy. While investigating how staff handle verbal and email communications, he discovers that some staff members are lax about how well they protect details that, when combined, might be used to reveal sensitive details about some customers. What is the focus of his concern?
Personally identifiable information (PII)
There are many aspects to the design of firewall placement and configuration in a network infrastructure. Which of the following is most likely related to an upper management decision that does NOT conform with existing security policy?
Political
Which of the following statements about ciphertext is true?
Properly encrypted data produces ciphertext that does not contain redundancies or recognizable patterns.
A major U.S. online retailer has discovered that thousands of purchases have been paid for by stolen credit card numbers. An initial analysis of the location of the buyers reveals IP addresses from within the U.S. Upon further investigation, it is found that the actual origin point of the fraudulent buyer is a series of IP addresses located in Asia. What technology is the fraudster using?
Proxy server
Opal is the chief technology officer for her company. She is working with the legal department to acquire virtual private network (VPN) service through a cloud implementation. Unless it is spelled out in the contract, Opal is afraid that a critical element in the VPN service will not be present, leaving remote access services vulnerable in case of a failure. What is she concerned about?
Redundancy
Eduardo is configuring a system that allows multiple users working from home to connect to the office network over a wide area network (WAN) link. The platform is required to accept inbound connections from those user computers, allowing the clients to interact with the network is as if they were locally connected. What is he working on?
Remote access server (RAS)
Otto is one of many employees working from home. Because his home is located in a rural area, the only form of connectivity available is dial-up. To connect to his office located in an urban community, what must the IT department set up?
Remote access server (RAS)
The chief information officer (CIO) is working with the chief financial officer (CFO) on next year's budget for new networking equipment. The CIO is explaining that lowest cost equipment isn't the only deciding factor. The hardware must conform to high security standards to prevent a malicious person from hacking into the network and accessing valuable company data. Which of the following considerations does not specifically require a hacker to have physical access to the equipment?
Remote connection
Which of the following is a protocol that replaces telnet and rlogin in order to log in to a shell on a remote host?
Secure Shell (SSH)
The IT department of a company has just rolled out a virtual private network (VPN) solution that offers greater flexibility, delegation of management, and added security over the previous implementation. What is this called?
Secure Sockets Layer (SSL) virtualization
Various virtual private network (VPN) encryption technologies offer access to virtually any network application or resource. Which one offers additional features, such as easy connectivity from non-company- managed desktops, little or no desktop software maintenance, and user-customized web portals upon login?
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
What is a virtual private network (VPN) protocol that requires public key infrastructure (PKI) support to obtain and use a certificate?
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
The combination of certain techniques allows for relevant information collected by this solution from multiple systems and processes to be aggregated and analyzed to be used in decision making. What is the name of this solution?
Security information and event management (SIEM)
Which of the following is the best defense against wireless and mobile risks?
Security policies and technology
Leandro is writing a firewall policy. He needs to define which type of firewall he needs for each portion of the infrastructure based on differing areas of risk and trust. What are these areas called?
Security zones
Lin is a disgruntled IT technician. She believes she is about to be discharged from her job. While she still has access to her company's network infrastructure, she decides to reset the main firewall to its factory settings so she will know the default administrative username and password. Which of the following is the most likely method she uses?
She uses a straightened paper clip to press the pinhole-sized reset button in the back of the firewall for 30 seconds.
Landon is a network contractor. He has been hired to design security for the network of a small company. The company has a limited budget. Landon is asked to create a system that will protect the company's workstations and servers without undo expense. Landon decides to deploy one hardware firewall between the Internet and the local area network (LAN). What is this solution called?
Single defense
In deploying security for a network, which method is no longer seen as truly secure or sufficient for protecting logins?
Single-factor authentication
Mazie is a network engineer designing a virtual private network (VPN) architecture. The architecture must have the ability of establishing and maintaining a secure link between the company's main office and a branch office over the Internet, effectively creating a single distributed LAN. What solution does she recommend be applied?
Site-to-site
Every morning when James logs into his computer and attempts to access Microsoft 365, he is asked to enter his password. After that, he is sent a text on his mobile phone with a six-digit code he must enter. In terms of multifactor authentication, his password is something he knows. What is the text message?
Something he has
Analisa is a sales rep who travels extensively. At a trade show, Analisa uses her virtual private network (VPN) connection to simultaneously connect to the office LAN and her personal computer at home. What security risk does this pose?
Split tunneling
Configuration, location, software version, and underlying operating system of a virtual private network (VPN) are factors that most likely affect which of the following?
Stability
Which network device differentiates network traffic using Layer 2 of the OSI model?
Switch
Which of the following best describes devices NOT traditionally thought of as networked, such as wearable activity trackers, thermostats, and building automation?
The Internet of Things (IoT)
Susan is a network professional at a mid-sized company. Her supervisor has assigned her the task of designing a virtual private network (VPN) implementation. She has set up strong authentication and encryption in a test environment, and the VPN appliance is directly facing the Internet. When her work is evaluated, what does her supervisor immediately notice?
The VPN device is not protected by a firewall.
Jacob is a sixth grade student. He has logged in to his school account. Online learning is a new implementation for the school district, and they do not have their own data center to host services. They use a cloud service instead. Halfway through class, Jacob's connection goes down and he cannot re-establish it. The network connection seems fine and nothing appears wrong with his school-issued laptop. What is the likely cause?
The cloud service
Aileen is a help desk technician. She and her co-workers start getting a lot of calls from remote workers saying that their virtual private network (VPN) connection to the office abruptly dropped. Last month, she helped deploy a new VPN solution that uses redundant VPN devices with their own power sources connecting to an Internet circuit. What is the most likely cause of the problem?
The company's single Internet circuit went down.
Shamika is a networking student who has just moved into a small house with two other roommates. She has purchased a new DSL modem and is planning on configuring the built-in firewall. She needs to change the default username and password for the device first. What is her concern
The default username and password are likely available on the Internet and anyone could use those credentials to hack into the modem and access the home network.
Jacob is a network technician who works for a publishing company. He is setting up a new hire's access permissions. The new hire, Latisha, is an editor. She needs access to books that have been accepted for publication but are in the review stage. Jacob gives her access to the network drive containing only books in review, but not access to administrative or human resources network drives. What principle is Jacob applying?
The principle of least privilege
Which of the following is true of connections between a corporate local area network (LAN) and a remote client, such as a remote worker?
The remote client can have a dedicated or nondedicated connection to the Internet.
Samantha is a network engineer. She is writing a proposal to her company's chief information office (CIO) about the deployment of a group of end-user nodes to replace the office's aging workstations. Her solution is to use PCs with only display screens, keyboards, and mice, with all of the computing work and storage hosted on servers. What is her solution?
Thin client
A hacker is attempting to access a company's router using false Internet Control Message Protocol (ICMP) type 5 redirect messages. What is the hacker's goal?
To spoof or manipulate routing data
Which of the following is a virtual private network (VPN) encryption encapsulation method best suited for linking individual computers together, even though it does not encrypt the original IP header?
Transport
Rachel is a network technician. She is writing a proposal that recommends which firewall type to purchase to replace an aging and failing unit. She wants to be able to protect two separate internal network segments with one hardware firewall. What is her recommendation?
Triple-homed
Carl is a networking student reading about methods of encryption and how they work with firewalls. Right now, he is studying a form of encryption that encrypts the entire original payload and header of a packet. However, because the header contains only information about endpoints, it is not useful in terms of a firewall filtering malicious traffic. Which of the following is the encryption method being described?
Tunnel mode
In theory, a hacker with a small but powerful directional antenna could access a wireless network from more than one mile away. In a real-world situation, what is the more likely range involved?
Under 1,000 feet
Nahla is a network engineer charged with maintaining the routine operations of equipment in her company's server room. She is aware that fluctuations in electrical power flow can damage delicate circuitry. While configuring redundancy into a number of systems, which component does she choose that offers both redundancy and power conditioning?
Uninterruptable power supply (UPS)
A company vice president (VP) finds that the network security restrictions imposed by the security manager are too confining. To that end, the VP habitually uses weak passwords, shares accounts with his assistant, and installed unapproved software. What security principle is the VP violating?
Universal participation
Which of the following is a vulnerability of both hardware and software virtual private networks (VPNs)?
Unpublished vulnerabilities in the code
Carl is a student in a computer networking class studying virtual private network (VPN) implementations. He is learning the basics about VPN. Which of the following does he find is true?
VPNs are both hardware and software solution.
Many company employees work from home full-time. What technology is commonly used to communicate securely with the organization's network?
Virtual private network (VPN)
Which of the following must be done first to accomplish an organization's security goals?
Write down security goals
Arturo is a new network technician. He wants to use Remote Desktop Protocol (RDP) to connect to a server from his computer. The server is on the other side of the building. His computer is running Windows 10. Will he be able to make the connection?
Yes, because the RDP protocol has clients that work on most common operating systems
A combination of intrusion detection and prevention, as well as logging and monitoring, provides the best defense against what kind of attack?
Zero-day exploit
Alice is a network technician designing infrastructure security based on compartmentalization. Which of the following does she employ?
Zones of access that are separated from other parts of the network by routers, switches, and firewalls
Strong encryption supports ________.
confidentiality
The hypervisor layer is ________.
the hardware or software on which virtual machines run
A hashing cryptographic function takes the input of any file or message and creates a fixed length output based on _________.
the hashing algorithm being used
Tonya is a network engineer. She is developing a new security policy for her company's IT infrastructure. She explains to one of the helpdesk techs that the heart of performing a risk assessment, which is a necessary part of policy development, is understanding assets, likelihoods, threats, and _________.
vulnerabilities