SEC 110 CH 5
Virtual LAN (VLAN)
A logical grouping of computers based on switch port.
Which of the following is an appropriate definition of a VLAN? *A device used to filter WAN traffic. *A device used to route traffic between separate networks. *A physical collection of devices that belong together and are connected to the same wire or physical switch. *A logical grouping of devices based on service need, protocol, or other criteria.
A logical grouping of devices based on service need, protocol, or other criteria.
Network Address Translation
A method used by routers to translate multiple private IP addresses into a single registered IP address.
demilitarized zone
A network that contains publicly accessible resources and is located between the private network and an untrusted network, such as the internet. It is protected by a firewall.
Wireless network
A network that does not require a physical connection.
Guest network
A network that grants internet access only to guest users. A guest network has a firewall to regulate guest user access.
Network access control
A policy driven control process that allows or denies network access to devices connecting to a network.
Bring your own device (BOYD)
A policy that allows an employee to use a personal device, such as laptop computer or phone, to connect to the organization's network to accomplish daily work tasks.
Intranet zone
A private network that employs internet information services for internal use only.
Extranet
A privately controlled network distinct from but located between the internet and a private LAN.
Transport Layer Security(TLS)
A protocol that evolved from SSL and provides privacy and data integrity between two communicating applications.
You connect your computer to a wireless network available at the local library. You find that you can access all of the websites you want on the internet except for two. What might be causing the problem? *The router has not been configured to perform port forwarding. *A firewall is blocking ports 80 and 443. *A proxy server is blocking access to the websites. *Port triggering is redirecting traffic to the wrong IP address.
A proxy server is blocking access to the websites.
internet
A public network that includes all publicly available web servers, FTP servers and other services.
Virtual Private Network
A remote access connection that uses encryption to securely send data over an untrusted network.
common vulnerabilities and Exposures (CVEs)
A repository of vulnerabilities hosted by MITRE Corporation
Dynamic Host Configuration protocol (DHCP) snooping
A security feature on some switches that filters out untrusted DHCP messages.
Dynamic ARP Inspection (DAI)
A security feature on some switches that verifies each ARP request has a valid IP to MAC binding.
Internet Protocol Security(IPsec)
A set of protocols that provides security for Internet Protocol (IP) that can be used in conjunction with L2TP or to set up a VPN solution.
Which of the following BEST describes a honeyfile? A file used to authenticate. A file that has been digitally signed. A single file setup to entice and trap attackers. A default file in the /etc/security directory.
A single file setup to entice and trap attackers.
privilege escalation
A software bug or design flaw in an application that allows an attacker to gain access to system resources or additional privileges that aren't typically available.
zero day vulnerability
A software vulnerability that is unknown to the vendor that can be exploited by attackers.
Honeynet
A special zone or network created to trap potential attackers.
How has Network Address Translation (NAT) extended the use of IPv4?
"translates" multiple private addresses into 1 registered IP address.
What are three types of protocols used by a VPN?
*Carrier Protocol (such as IP) *Tunneling Protocol (such as PPTP or L2TP) *Passenger protocol(for the data being transmitted)
Which of the following are characteristics of a complex password? (Select two.) *Has a minimum of six characters *Consists of letters, numbers, and symbols *Has a maximum of fifteen characters *Consists of letters and numbers only *Has a minimum of eight characters
*Consists of letters, numbers, and symbols *Has a minimum of eight characters
Which of the following are characteristics of a packet-filtering firewall? (Select two.) *Filters IP address and port *Filters based on sessions *Filters based on URL *Stateful *Stateless
*Filters IP address and port *Stateless
What are the two stages in the network access control (NAC) process?
1- authentication: defines all the prerequisites a device must meet to access the network. 2-authorization: looks at the authentication information and applies the appropriate policies to provide device with the access it's defined to reeive.
You have two VLANs configured on a single switch. How many broadcast domains are there? How many collision domains are there?
2
How many network interfaces does a dual-homed gateway typically have? 2 1 4 3
3
How many network interfaces does a dual-homed gateway typically have? 4 3 1 2
3
Duel-homed gateway
A firewall device that typically has three network interfaces. One interface connects to the internet, one interface connects to the public subnet, and one interface connects to the private network.
Stateful firewall
A firewall that allows or denies traffic based on virtual circuits of sessions. A stateful firewall is also known as a circuit-level proxy or circuit-level gateway.
Stateless firewall
A firewall that allows or denies traffic by examining information in IP packet headers.
Network firewall
A firewall that is used to regulate traffic in and out of an entire network.
Screened subnet
A subnet protected by two firewalls; an external firewall is connected to the internet and an internal firewall is connected to a private network.
Port authentication
A switch feature that follows the 802.11x protocol to allow only authenticated devices to connect.
MAC filtering/ port security
A switch feature that restricts connection to a given port based on the MAC address
content addressable memory (CAM) table
A table maintained by a switch that contains MAC addresses and their corresponding port locations.
content-addressable memory (CAM) table
A table maintained by a switch that contains MAC addresses and their corresponding port locations.
Layer 2 Forwarding(L2F)
A tunneling protocol developed by Cisco to establish virtual private network connections over the internet
Proxy server
A type of firewall that stands as an intermediary between clients requesting resources from other servers.
Secure Sockets Layer(SSL)
A well-established protocol to secure IP protocols, such as HTTP and FTP.
An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later. Which type of attack is this an example of? Backdoor Social engineering Replay Privilege escalation
Backdoor
In an effort to increase the security of your organization, programmers have been informed they can no longer bypass security during development. Which vulnerability are you attempting to prevent? Backdoor Social engineering Privilege escalation Replay
Backdoor
While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. Which type of security weakness does this describe? Weak password Privilege escalation Buffer overflow Backdoor
Backdoor
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks? Multi-homed Bastion or sacrificial host Circuit proxy Kernel proxy
Bastion or sacrificial host
Why do private networks have a limited range of IP addresses?
Because all the non private network IP's are used by hosts on the internet.
Which of the following is a typical goal of MAC spoofing? *Reroute local switch traffic to a specified destination *Bypass 802.1x port-based security *Cause incoming packets to broadcast to all ports *Cause a switch to enter fail open mode
Bypass 802.1x port-based security
Which of the following does a router use to determine where packets are forwarded to? Anti-spoofing rules Firewall Routing table Access control list
Routing table
Which of the following is another name for a firewall that performs router functions? Screening router Screened-host gateway Screened subnet Dual-homed gateway
Screening router
You manage a single subnet with three switches. They are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches? *PoE *0802.1x *Trunking *Spanning Tree Protocol *Bonding
Spanning Tree Protocol
You have configured your ACL to block outgoing traffic from a device with the IP address 192.168.1.52. Which type of ACL have you configured? Standard Basic Extended Advanced
Standard
Which of the following best describes a stateful inspection? *Offers secure connectivity between many entities and uses encryption to provide an effective defense against sniffing. *Allows all internal traffic to share a single public IP address when connecting to an outside entity. *Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. *Designed to sit between a host and a web server and communicate with the server on behalf of the host.
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist? Tarpit Drop Flag Block
Flag
You want to create a collection of computers on your network that appear to have valuable data but actually store fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the attacker's methods. Which feature should you implement? NIDS Extranet Honeynet NIPS
Honeynet
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? Proxy server Host-based firewall VPN concentrator Network-based firewall
Host-based firewall ----------------------- A host-based firewall inspects traffic received by a host. Use a host-based firewall to protect against attacks when there is no network-based firewall, such as when you connect to the internet from a public location.
What is Cisco's Network Access Control (NAC) solution called? Talos Identity Services Engine (ISE) Network Address Translation (NAT) Network Access Protection
Identity Services Engine (ISE)
How does segmenting your network increase network security?
If different departments are segmented and protected, and a threat is evident they will not be able to access everything at once.
Which of the following is susceptible to social engineering exploits? Peer-to-peer software Real-time communication Group Policy Instant messaging
Instant messaging
How is a honeypot used to increase network security?
It is set up to look like an easy target but is actually a distraction for attackers while the network is made aware of the attacker. Prevents an attack, and learns information about the attacker.
Why is a honeynet useful?
It is used to trap potential attackers. That way your system is not touched.
Which of the following is considered a major problem with instant messaging applications? Loss of productivity Freely available for use Real-time communication Transfer of text and files
Loss of productivity
In which of the following zones would a web server most likely be placed? Low-trust zone No-trust zone High-trust zone Medium-trust zone
Low-trust zone
What causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called Fail Open Mode?
MAC flooding
Which of the following attacks, if successful, causes a switch to function like a hub? Replay attack MAC spoofing ARP poisoning MAC flooding
MAC flooding
What can be used to hide the identity of the attacker's computer or impersonate another device on the network?
MAC spoofing
Which of the following can make passwords useless on a router? *Using the MD5 hashing algorithm to encrypt the password *Using SSH to remotely connect to a router *Storing the router configuration file in a secure location *Not controlling physical access to the router
Not controlling physical access to the router
What needs to be configured on a firewall to allow traffic directed to the public resource in the DMZ? Packet filters Subnet FTP VPN
Packet filters
An attacker has gained access to the administrator's login credentials. Which type of attack has most likely occurred? Password cracking Privilege escalation Backdoor Buffer overflow
Password cracking
The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN? *You can load-balance wireless guest network traffic to have a lower priority than the rest of the traffic on the network. *You can create a wireless guest network more affordably with a VLAN than you can with a router. *You can control security by isolating wireless guest devices within this VLAN. *You can control broadcast traffic and create a collision domain for just the wireless guest devices.
You can control security by isolating wireless guest devices within this VLAN.
n which of the following situations would you most likely implement a demilitarized zone (DMZ)? -You want internet users to see a single IP address when accessing your company network. -You want to detect and respond to attacks in real time. -You want to encrypt data sent between two hosts using the internet. -You want to protect a public web server from attack.
You want to protect a public web server from attack.
n which of the following situations would you most likely implement a demilitarized zone (DMZ)? You want to protect a public web server from attack. You want internet users to see a single IP address when accessing your company network. You want to encrypt data sent between two hosts using the internet. You want to detect and respond to attacks in real time.
You want to protect a public web server from attack.
You are the security analyst for your organization and have discovered evidence that someone is attempting to brute-force the root password on the web server. Which classification of attack type is this? Active Passive External Inside
active
What is a VPN concentrator?
advanced routers that can create and maintain many secure connections to the network through VPN tunnels
For security, what is the first thing you should do when new hardware and software is turned on for the first time?
change default passwords and usernames.
What is the difference between full tunnel and split tunnel?
full tunnel will send all of a user's network traffic via the VPN tunnel. split tunnel routes only certain types of traffic, usually determined by destination IP address, through the VPN tunnel. All other traffic is passed through the normal internet connection.
What is the difference between the intranet and the internet?
intranet is a private network that employs internet information services for internal use only. internet is a public network that includes all publicly available web servers, FTP servers and other servers.
Which types of malware are commonly spread through instant messaging?
malicious code propagation, worms and viruses
What is the difference between a network-based firewall and an application/host-based firewall?
network based firewall sits on the perimeter of your network and is usually a hardware device. Host based firewall is software installed on your device (such as laptop/pc). Host based can be configured to meet the security requirements of the specific host and be an extra layer of security even if you have network based firewall.
Where is NAT typically implemented?
on a default gateway router
Where should a network-based firewall be placed?
on the perimeter of the network.
When would you choose to implement a host-based firewall?
When there is no network based firewall.
How can network access controls (NACs) improve a network's security?
-they don't allow computers to access network resources unless they meet certain predefined security requirements.
Screened host gateway
A device residing within the DMZ that requires users to authenticate in order to access resources within the DMZ or the intranet.
application-aware devices
A device that has the ability to analyze and manage network traffic based on the application layer protocol.
Router
A device that transmits data from one network to another.
Point-to-Point Tunneling Protocol(PPTP)
A early tunneling protocol developed by Microsoft
Web threat filter
A filter that prevents users from visiting websites with known malicious content.
What are the features of an all-in-one security appliance?
-spam filters -url filters -web content filters -malware inspection -intrusion detection systems
Which of the following are features of an application level gateway? (choose 2) -Allows only valid packets within approved sessions -uses access control lists -reassembles entire messages -stops each packet at the firewall for inspection -verifies that packets are properly sequenced
*Reassembles entire messages *Stops each packet at the firewall for inspection ------------------------------- Application-level gateways: -Operate up to OSL Layer 7 (Application layer) -Stop each packet at the firewall for inspection (no IP forwarding) -Inspect encrypted packets, such as an SSL inspection -Examine the entire content that is sent (not just individual packets) -Understand or interface with the application-layer protocol -Can filter based on user, group, and data (such as URLs within an HTTP request) -Is the slowest form of firewall protection because entire messages are reassembled at the Application layer Allowing only valid packets within approved sessions and verifying that packets are properly sequenced are features of a stateful firewall. Using access control lists is a feature of a packet-filtering firewall.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID for access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a username of admin and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? (Select two.) *Use a web browser to access the router configuration using an HTTP connection. *Use TFTP to back up the router configuration to a remote location. *Use an SSH client to access the router configuration. *Change the default administrative username and password. *Use encrypted Type 7 passwords.
*Use an SSH client to access the router configuration. *Change the default administrative username and password.
What are three ways a Virtual Private Network (VPN) can be implemented?
*host to host *site to site *remote access VPN
Which traffic characteristics can you specify in a filtering rule for a packet filtering firewall?
*the interface to which the rule applies *the direction of traffic(inbound or outbound) *packet information, such as the source or destination IP address or port number *the action to take when the traffic matches the filter criteria
What are the uses of a demilitarized zone (DMZ)?
-
You have just installed a packet-filtering firewall on your network. Which options are you able to set on your firewall? (Select all that apply.) *Destination address of a packet *Sequence number *Digital signature *Acknowledgement number *Source address of a packet *Checksum *Port number
-Destination address of a packet -source address of a packet -port number
What are the three ways NAT can be implemented?
-Network Address and Port Translation (dynamic NAT, many to one NAT, IP masquerade) -Static NAT (one-to-one NAT and port forwarding) maps an internal IP address to a static port assignment or even to a specific public IP address. -Dynamic and Static NAT, where 2 IP addresses are given to the public NAT interface(1 for dynamic, 1 for static) allows traffic to flow in both directions.
What makes bastion hosts vulnerable to attack? How can you harden bastion hosts?
-The bastion host is meant to be exposed so attackers try to hack into it. -you can harden a bastion host by... *separate roles of bastion hosts by placing a single application on each server *fully patch your bastion host on the operating system and on applications *run current versions of antivirus and anti-spyware software *include a personal firewall *uninstall any unnecessary services and ports *tighten security on the registry and the user database *add IP filters *run lockdown facilities, such as IIS lockdown and URL scan
What are the benefits and risks of using proxy servers?
-can restrict users on the inside of a network from getting out to the internet/accessing a specific website. -restrict users from using certain protocols. -cache heavily accessed web content to improve performance. -can be used to circumvent network security and even attack a network.
What security concerns should you be aware of when using instant messaging software?
-client side scripting allows attackers to send messages on behalf of other IM users and can be used to create social engineering attacks. -IM clients often indicate when you are online, even without your consent. -IM software comes with ads, may track your use for marketing purposes.
What type of computer might exist inside a demilitarized zone (DMZ)?
-database server
What areas of your network should you focus on to best understand it?
-entry points -inherent vulnerabilities -documentation -network baseline
A screened subnet uses two firewalls. What is the function of each firewall?
-external firewall is connected to the internet and allows access to the public resources. -internal firewall connects the screened subnet to the private network.
What kinds of security problems might occur with P2P software?
-files posted may be illegal -files could contain malware -file sharing uses network bandwidth and could consume so much bandwidth that regular traffic is affected. -weaknesses in P2P software could allow attackers to access more than just the files
What security measures should you incorporate to control the use of networking software?
-have a written policy that identifies the allowed or prohibited usage of all software. -use group policy or other methods to prevent installation of the software. -block firewall ports that are used by the software. -consider implementing an application control solution.
Why is it important to apply new firmware or patches for devices?
-keeps your system/network up to date. The patches and updated firmware are fixing holes that have been discovered. Hackers can get into your system through known weak points if it has not been updated.
What are characteristics of a complex password?
-over 8 characters long -mix of character types(numbers and symbols) -not words/variations of words -derivatives of the username
What size organization should employ a all-in-one security appliance?
-small companywithout the budget for individual components or physical space. -remote office without a technician.
What is the typical configuration for a DMZ configured as a dual-homed gateway?
3 interfaces -one connected to the internet -one connected to the public subnet -one connected to the private network.
Which 802.1Q priority is IP phone traffic on a voice VLAN tagged with by default? 1 5 8 3
5
You are adding switches to your network to support additional VLANs. Unfortunately, the new switches are from a different vendor than the current switches. Which standard do you need to ensure that the switches are supported? *802.11 *802.1Q *802.1x *802.3
802.1Q ============================= If you want to implement VLANs when using multiple vendors in a switched network, be sure each switch supports the 802.1Q standard. 802.1x defines port-based network access controls. 802.11 defines wireless standards. 802.3 defines Ethernet standards
Web filter
A content filter that prevents users from visiting restricted websites.
Ad hoc
A decentralized network allows connections without a traditional base station or router. It allows users to connect two or more devices directly to each other for a specific purpose.
What is described: The source device sends frames to the attacker's MAC address instead of to the correct device.
ARP spoofing/poisoning
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices? MAC spoofing Cross-site scripting (XSS) DNS poisoning ARP spoofing/poisoning
ARP spoofing/poisoning
Which of the following should be configured on the router to filter traffic at the router level? Access control list Telnet SSH Anti-spoofing rules
Access control list ============================= Router access control lists (ACLs) can be configured to increase security and limit traffic, much like a firewall but on the router level. ACLs filter the traffic and determine if the data should be blocked or forwarded.
Which of the following NAC agent types would be used for IoT devices? Zero-trust Agentless Permanent Dissolvable
Agentless
Which of the following happens by default when you create a new ACL on a router? The ACL is ignored until applied. ACLs are not created on a router. All traffic is permitted. All traffic is blocked.
All traffic is blocked.
You are the office manager of a small financial credit business. Your company handles personal financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records, but the budget is an issue for your company. Which item would provide the BEST security for this situation? Firewall on your gateway server to the internet Network access control system Proxy server with access controls All-in-one security appliance
All-in-one security appliance
Which of the following describes how access control lists can be used to improve network security? -An access control list identifies traffic that must use authentication or encryption. -An access control list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. -An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number -An access control list filters traffic based on the frame header, such as source or destination MAC address.
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
all-in-one security appliance
An appliance that combines many security functions into a single device.
Application firewall
An application firewall is typically installed on a workstation and used to protect a single device. An application firewall is also known as a host-based firewall.
Active attack
An attack in which perpetrators attempt to compromise or affect the operations of a system in some way.
Passive attack
An attack in which perpetrators gather information without affecting the targeted network's flow of information.
ARP spoofing
An attack in which the attacker's MAC address is associated with the IP address of a targets device.
Double tagging
An attack in which the attacking host adds two VLAN tags instead of one to the header of the frames that it transmits.
MAC spoofing
An attack in which the source MAC address is changed in the header of a frame.
VLAN hopping
An attack in which the source MAC address is changed on frames sent by the attacker.
MAC flooding
An attack that overloads a switch's MAC forwarding table to make the switch function like a hub.
Port Address Translation(PAT
An extension of NAT that associates a port number with a request from a private host.
Layer 2 Tunneling Protocol(L2TP)
An open standard for secure multi-protocol routing.
Dynamic Trunking Protocol (DTP)
An unsecure protocol that could allow unauthorized devices to modify a switch's configuration.
Bastion or sacrificial host
Any host that is exposed to attack and has been hardened or fortified against attack.
What do application control solutions use to identify specific applications? Whitelists Application signatures Packet inspection Flags
Application signatures
Which of the following devices can apply quality of service and traffic-shaping rules based on what created the network traffic? Application-aware devices Network access control All-in-one security appliances Proxy server
Application-aware devices
Which of the steps in the Network Access Control (NAC) implementation process occurs once the policies have been defined? Test Apply Review Plan
Apply
Which of the following defines all the prerequisites a device must meet in order to access a network? Authentication Identity Services Engine (ISE) Zero-trust security Authorization
Authentication
Which of the following applies the appropriate policies in order to provide a device with the access it's defined to receive? Authorization Identity Services Engine Authentication Zero-trust security
Authorization
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use? *Packet-filtering firewall *Application-level gateway *VPN concentrator *Circuit-level gateway
Circuit-level gateway ---------------------- A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level gateway: Operates at OSI Layer 5 (Session layer). Keeps a table of known connections and sessions. Packets directed to known sessions are accepted. Verifies that packets are properly sequenced. Ensures that the TCP three-way handshake process occurs only when appropriate. Does not filter packets. Rather, it allows or denies sessions.
When designing a firewall, what is the recommended approach for opening and closing ports? *Open all ports; close ports that expose common network attacks. *Close all ports; open ports 20, 21, 53, 80, and 443. *Close all ports; open only ports required by applications inside the DMZ. *Open all ports; close ports that show improper traffic or attacks in progress. *Close all ports.
Close all ports; open only ports required by applications inside the DMZ.
Tunneling
Communication method that encrypts packet contents and encapsulates them for routing though a public network.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do? *Configure port security on the switch. *Remove the hub and place each library computer on its own access port. *Create a VLAN for each group of four computers. *Create static MAC addresses for each computer and associate each address with a VLAN.
Configure port security on the switch.
Which of the following scenarios would typically utilize 802.1x authentication? Authenticating VPN users through the internet Controlling access through a router Authenticating remote access clients Controlling access through a switch
Controlling access through a switch ========================== 802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. 802.1x is used for port authentication on switches and requires an authentication server for validating user credentials. This server is typically a RADIUS server.
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack? Replay Backdoor Spamming DDoS
DDoS
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet? -intranet -DMZ -padded cell -extranet
DMZ
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet? Padded cell DMZ Intranet Extranet
DMZ
Where should an organization's web server be placed? DMZ Extranet Intranet Honeynet
DMZ
Which protocol should you disable on the user access ports of a switch? DTP IPsec TCP PPTP
DTP
When setting up a new wireless access point, what is the first configuration change that should be made? Default login Encryption protocol SSID MAC filtering
Default login
Which of the following best describes the concept of a virtual LAN? *Devices on the same network logically grouped as if they were on separate networks. *Devices on different networks that can receive multicast packets. *Devices connected by a transmission medium other than a cable (microwave, radio transmissions). *Devices connected through the internet that can communicate without using a network address. *Devices in separate networks (different network addresses) logically grouped as if they were in the same network.
Devices on the same network logically grouped as if they were on separate networks.
Which of the following NAC agent types creates a temporary connection? Permanent Agentless Dissolvable Zero-trust
Dissolvable
Which area of focus helps to identify weak network architecture or design? Entry points Documentation Inherent vulnerabilities Network baseline
Documentation ===================== Documentation is one of the most important components of knowing a network. Proper network documentation and diagrams not only help identify a weak network architecture or design, but they also protect against system sprawl and unknown systems.
What should be disabled on the switch's end user(access) ports before implementing the switch configuration into the network?
Dynamic Trunking Protocol
Which area of focus do public-facing servers, workstations, Wi-Fi networks, and personal devices fall under? Network baseline Inherent vulnerabilities Entry points Network segmentation
Entry points
Which type of ACL should be placed as close to the source as possible? Advanced Basic Standard Extended
Extended ============================ Extended ACLs are used to filter traffic based on a lot more parameters than standard ACLs. In addition to filtering based on source host name or host IP address, an extended ACL can filter based on source IP protocol, source or destination socket number, and destination host name or host IP address. Extended ACLs should be placed as close to the source as possible.
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities? Extranet MAN Intranet Internet
Extranet
How is a gateway different from a router?
Gateways have to be logged on to, whereas routers pass traffic through without user authentication.
Jessica needs to set up a firewall to protect her internal network from the internet. Which of the following would be the BEST type of firewall for her to use? *Hardware *Stateful *Software *Tunneling
Hardware ------------------------- Hardware firewalls are physical devices that are usually placed at the junction or gateway between two networks, generally a private network and a public network like the internet. Hardware firewalls can be a standalone product or can also be built into devices like broadband routers.
network segmentation
Network segmentation is the division of a network into smaller networks or pieces for performance or security reasons.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? *Use encrypted Type 7 passwords. *Use a Telnet client to access the router configuration. *Change the default administrative username and password. *Move the router to a secure server room.
Move the router to a secure server room.
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers could pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches are installed. Which solution should you use? NAC VLAN DMZ NIDS
NAC
You are configuring the security settings for your network. You have decided to configure a policy that requires any computer connecting to the network to run at least Windows 10 version 2004. Which of the following have you configured? NAC ISE NAT NAP
NAC ======================== Network Access Control (NAC) is a policy-driven control process that allows or denies network access to devices connecting to a network. For example, you may want to have policies that require connecting devices to meet certain criteria, such as having a particular version of Windows, the latest antivirus definitions, or Windows Firewall enabled. Network Address Translation (NAT) translates multiple private addresses into a single registered IP address. Network Access Protection (NAP) is Microsoft's NAC solution. Identity Services Engine (ISE) is Cisco's NAC solution.
What is a NAC agent? What types of NAC agents are available?
NAC agent is a software that is designed solely for to be a NAC. types: *permanent-resides on a device permanently. *dissolvable- is downloaded or a temporary connection is established. *agentless-is on the domain controller. When the user logs into the domain, it authenticates with the network.
How does a NAT router associate a port number with a request from a private host?
NAT router uses Port Address Translation(PAT) to associate a port number with a request from a private host. *returning data is sent to the port number specified in the request -NAT router uses its translation table to determine the private host associated with that port number and forwards the data to the appropriate host.
Your network devices are categorized into the following zone types: No-trust zone Low-trust zone Medium-trust zone High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network? Virtual local area networking Network firewalling Trust-zone networking Network segmentation
Network segmentation
The IT manager has asked you to create four new VLANs for a new department. As you are going through the VLAN configurations, you find some VLANs numbered 1002-1005. However, they are not in use. What should you do with these VLANs? *Delete them since they are not being used. *Renumber them and assign them to ports on the switch. *Nothing. They are reserved and cannot be used or deleted. *Configure them so they can be used on the new network.
Nothing. They are reserved and cannot be used or deleted. ============================ You should do nothing and leave these VLANs alone. VLANs 1002 through 1005 are reserved for backward compatibility with old VLAN implementations, which are no longer being used. You cannot use or delete these VLANs.
Which of the following BEST describes zero-trust security? Only devices that pass authentication are trusted. Only devices that pass both authentication and authorization are trusted. All devices are trusted. Only devices that pass authorization are trusted.
Only devices that pass both authentication and authorization are trusted.
Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails? -Nothing will happen - all devices will stay protected. -All devices in the DMZ and LAN will be compromised. -The LAN is compromised, but the DMZ stays protected. -Only the servers in the DMZ are compromised, but the LAN will stay protected.
Only the servers in the DMZ are compromised, but the LAN will stay protected.
Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails? Nothing will happen - all devices will stay protected. The LAN is compromised, but the DMZ stays protected. All devices in the DMZ and LAN will be compromised. Only the servers in the DMZ are compromised, but the LAN will stay protected.
Only the servers in the DMZ are compromised, but the LAN will stay protected.
Which common design feature among instant messaging clients make them less secure than other means of communicating over the internet? Freely available for use Transfer of text and files Peer-to-peer networking Real-time communication
Peer-to-peer networking
Which of the following methods did Microsoft introduce in Windows 10 to help distribute OS updates? File Transfer Protocol Server download Peer-to-peer software Group Policy
Peer-to-peer software
Which type of application allows users to share and access content without using a centralized server? Peer-to-peer software Group Policy Real-time communication Instant messaging
Peer-to-peer software
Which of the following NAC agent types is the most convenient agent type? Permanent Zero-trust Agentless Dissolvable
Permanent
You are part of a committee that is meeting to define how Network Access Control (NAC) should be implemented in the organization. Which step in the NAC process is this? Apply Plan Define Review
Plan
Security Zone
Portions of the network or system that have specific security concerns or requirements.
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred? Privilege escalation Physical security External attack Social engineering
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions? Social engineering Impersonation Privilege escalation Replay
Privilege escalation
Travis and Craig are both standard users on the network. Each user has a folder on the network server that only they can access. Recently, Travis has been able to access Craig's folder. This situation indicates which of the following has occurred? Social engineering External attack Privilege escalation Replay
Privilege escalation
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) Put the web server on the private network. Put the database server on the private network. Put the database server inside the DMZ. Put the web server inside the DMZ.
Put the web server inside the DMZ. Put the database server on the private network.
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the internet from the library's computers. The students use the computers to search the internet for research paper content. The school budget is limited. Which content filtering option would you choose? Restrict content based on content categories. Block specific DNS domain names. Allow all content except for the content you have identified as restricted. Block all content except for content you have identified as permissible.
Restrict content based on content categories.
A proxy server can be configured to do which of the following? Block all content except for the content you have identified as permissible. Restrict users on the inside of a network from getting out to the internet. Allow all content except for the content you have identified as restricted. Act as a unified threat security device or web security gateway.
Restrict users on the inside of a network from getting out to the internet.
Which of the following is a benefit of P2P applications? Real-time communication Shared resources Strong security Low-upload bandwidth
Shared resources
Peer to peer software (P2P)
Software that allows users to share content without centralized servers or centralized access control.
network access control
Software that controls access to the network by not allowing computers to access network resources unless they meet certain predefined security requirements.
Anti-phishing software
Software that scans content to identify and dispose of phishing attempts.
Internet content filter
Software used to monitor and restrict content delivered across the web to an end user.
A virtual LAN can be created using which of the following? Switch Hub Gateway Router
Switch
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to? MAC address IP address Host name Switch port
Switch port
How are switches indirectly involved in Address Resolution Protocol (ARP) poisoning?
Switches are indirectly involved in the attack because they do not verify the MAC address/IP address association.
You have implemented a new application control solution. After monitoring traffic and use for a while, you have noticed an application that continuously circumvents blocking. How should you configure the application control software to handle this application? Drop Flag Tarpit Block
Tarpit
network baseline
The network baseline is the normal activity including typical traffic patterns, data usage, and server loads. Activity that deviates from the baseline can indicate an attack.
Internal address
The private IP address that is translated to an external IP address by NAT.
Internal network
The private network where devices use private IP addresses to communicate with each other.
External address
The public IP address that NAT uses to communicate with the external network.
External network
The public network that a NAT device connects to with a single public IP address.
Screening router
The router that is most external to the network and closest to the internet.
How does the attacker hide his identity when performing media access control (MAC) address spoofing?
The source MAC address is hanged on the frame. The switch reads the spoofed MAC address and associates it with the port where the attacker is connected.
What happens if two devices on the same switch are assigned to different VLANs?
They cannot communicate, as if they are on separate networks.
How do remediation servers and auto remediation help clients become compliant?
They do a health check for the necessary requirements and if not met, they require it. After the client is up to date, the NAC will allow it into the network.
A honeypot is used for which purpose? To disable an intruder's system To entrap intruders To delay intruders in order to gather auditing data To prevent sensitive data from being accessed
To delay intruders in order to gather auditing data
When configuring VLANs on a switch, which type of switch ports are members of all VLANs defined on the switch? *Gigabit and higher Ethernet ports *Uplink ports *Any port not assigned to a VLAN *Each port can only be a member of a single VLAN *Trunk ports
Trunk ports
You are deploying a brand new router. After you change the factory default settings, what should you do next? Secure the configuration file. Update the firmware. Configure anti-spoofing rules. Configure SSH to access the router configuration.
Update the firmware.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? *Use encrypted Type 7 passwords. *Move the router to a secure data center. *Use SCP to back up the router configuration to a remote location. *Use an SSH client to access the router configuration.
Use SCP to back up the router configuration to a remote location.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You've configured the management interface with a username of admin and a password of password. What should you do to increase the security of this device? *Include hard-coded passwords and hidden service accounts. *Use an SSH client to access the router configuration. *Use a stronger administrative password. *Move the device to a secure data center.
Use a stronger administrative password.
You are the security analyst for your organization and have recently noticed a large amount of spim on the company mobile devices. Employees rely on the IM app to communicate with each other. Which of the following countermeasures should you implement? Disable instant messaging. Encrypt all IM traffic. Create a blacklist. Use an IM blocker.
Use an IM blocker.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use? -Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ. -Use a single firewall. Put the web server in front of the firewall and the private network behind the firewall. -Use a single firewall. Put the web server and the private network behind the firewall. -Use firewalls to create a DMZ. Place the web server and the private network inside the DMZ.
Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use? Use a single firewall. Put the web server in front of the firewall and the private network behind the firewall. Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ. Use firewalls to create a DMZ. Place the web server and the private network inside the DMZ. Use a single firewall. Put the web server and the private network behind the firewall.
Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the MOST important aspect of maintaining network security against this type of attack? -Identifying inherent vulnerabilities -User education and training -Identifying a network baseline -Documenting all network assets in your organization -Network segmentation
User education and training
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation? VLAN VPN Port security Spanning Tree Protocol
VLAN
Which of the following is commonly created to segment a network into different zones? DNS VPNs VLANs DMZ
VLANs
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and internet access. Which feature should you implement? *DMZ *VLANs *NAT *Port authentication
VLANs
Which of the following is the BEST solution to allow access to private resources from the internet? FTP Packet filters Subnet VPN
VPN
How does a packet filtering firewall differ from a circuit-level gateway?
packet filtering(stateless): makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination address, ports and service protocols. *operates at OSI layer 3(network layer) *uses ACL's or filter rules to control traffic *offers high performance because it only examines addressing information in the packet header *can be implemented using features already setup in most routers *not very intelligent, subject to DoS and buffer overflow attacks *easy to implement and maintain, has minimal impact on system performance, fairly inexpensive circuit-level gateway (stateful): makes decisions about which traffic to allow based on virtual circuits or sessions. Considered stateful because it keeps track of the state of a session. *operates up to OSI layer 5(session layer) *keeps track of known connections in a session table *allows only valid packets within approved sessions *verifies that packets are properly sequenced *ensures that the TCP 3way handshake process occurs only when appropriate *can filter traffic that uses dynamic ports because the firewall matches the session information(not the port number) for filtering. *stateful inspection firewall can be faster after the initial session table has been created.
Which classification of attack type does packet sniffing fall under? External Passive Inside Active
passive
How does a passive attack differ from an active attack?
passive-hacker is trying to gather information without affecting the flow of that information on the network. active attack is attempting to compromise or affect the operations of a system in some way.
What are the four steps of the NAC process?
plan- a committee should convene and make decisions that define how NAC should work. define- the roles, identities and permissions (policies) must be defined. apply- once defined, the policies must be applied. review/revise- as business needs change, the process must be reviewed to determine whether changes are required.
You are creating a VLAN for voice over IP (VoIP). Which command should you use? switchport voip vlan [number] switchport vlan voice [number] switchport vlan voip [number] switchport voice vlan [number]
switchport voice vlan [number]
What function do VPN endpoints provide?
tunnel endpoints are devices that can encrypt and decrypt packets.
What is the purpose of a content filtering server?
used to monitor and restrict content delivered across the web to an end user.
