Test 5 MC Questions
what IEEE standard includes an encryption key generation and management scheme known as TKIP? a. 802.11i b. 802.1X c. 802.11j d. 802.11h
a. 802.11i
how is a posture assessment performed on an organization? a. a thorough examination of each aspect of the organization's network is performed to determine how it might be compromised b. an assessment of how a network will perform under stress is performed to determine if the network throughput is adequate c. a third party organization is tasked with attempting to break into the organization and compromise security in order to determine threat vectors d. a report of data that is subject to special regulation is created, such that the organization is aware of what data needs protection
a. a thorough examination of each aspect of the organization's network is performed to determine how it might be compromised
which of the following scenarios represents a phishing attempt? a. an e-mail was sent to a manager at your company that appeared to be from the company's CTO, asking for access b. a person posing as an employee tried to access a secured area at your organization c. an employee at your company has received a malware-infected file in their email d. a gift was offered to an employee with access to secured information in exchange for details
a. an e-mail was sent to a manager at your company that appeared to be from the company's CTO, asking for access
in a red team-blue team exercise, what is the purpose of the blue team? a. blue team is charged with defense of the network b. blue team is tasked with attacking the network c. blue team must observe the actions of the red team d. the blue team consists of regulators that ensure no illegal activity is undertaken
a. blue team is charged with defense of the network
what kind of firewall can block designated types of traffic based on application data contained within packets? a. content filtering firewall b. packet-filtering firewall c. stateless firewall d. stateful firewall
a. content filtering firewall
in regards to local authentication, what statement is accurate? a. local authentication is network and server failure tolerant b. local authentication is scalable for large networks c. local authentication does not allow for strong enough passwords d. local authentication provides the most security
a. local authentication is network and server failure tolerant
an attack that relies on redirected and captured secure transmissions as they occur is known as what type of attack? a. man in the middle attack b. buffer overflow c. banner grabbing attack d. session hijacking attack
a. man in the middle attack
which legacy authentication software requires mutual authentication? a. microsoft challenge handshake authentication protocol, version 2 (MS-CHAPv2) b. challenge handshake authentication protocol (CHAP) (NOT this one) c. microsoft challenge handshake authentication protocol (MS-CHAP) d. password authentication protocol (PAP)
a. microsoft challenge handshake authentication protocol, version 2 (MS-CHAPv2)
which adaptation of EAP utilizes EAP-MSCHAPv2 inside of an encrypted TLS tunnel? a. protected EAP (PEAP) b. EAP-FAST c. EAP-TLS d. LEAP
a. protected EAP (PEAP)
what descendant of the spanning tree protocol (STP) is defined by the IEEE 802.1W standard, and can detect as well as correct for link failures in miliseconds? a. rapid spanning tree protocol (RSTP) b. multiple spanning tree protocol (MSTP) c. shortest path bridging (SPB) d. transparent interconnection of lots of links (TRILL)
a. rapid spanning tree protocol (RSTP)
in the typical social engineering cycle, what occurs at phase 3? a. the attacker exploits an action undertaken by the victim in order to gain access b. the attacker builds trust with the target and attempts to gain more information c. the attacker researches the desired target for clues as to vulnerabilities d. the attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion
a. the attacker exploits an action undertaken by the victim in order to gain access
you have been asked by your superior to configure all Cisco network switches to allow only acceptable MAC addresses through switch access ports. How is this accomplished? a. use the switchport port-security command to enable MAC filtering b. use the secure port mac-address command to limit the port to learned addresses only c. use the mac-limit command to prevent more than one MAC from being accepted d. Use the allowed-mac command to filter by MAC address
a. use the switchport port-security command to enable MAC filtering
By far the most popular AAA service, what open source service runs in the Application layer and can use UDP or TCP in the Transport layer? a. google authenticator b. RADIUS c. Kerberos d. TACACS+
b. RADIUS
what statement regarding the different versions of the SHA hashing algorithm is accurate? a. SHA-2 only supports a 256-bit hash b. SHA-2 and SHA-3 both support the same hash lengths c. SHA-1 supports a 128-bit hash function d. SHA-0 is the most secure version of SHA
b. SHA-2 and SHA-3 both support the same hash lengths
an RFID label on a box is an example of what type of physical security detection method? a. video surveillance via CCTV b. asset tracking tagging c. motion detection technology d. tamper detection
b. asset tracking tagging
what type of door access control is a physical or electronic lock that requires a code in order to open the door? a. encrypted lock b. cipher lock c. key FOB lock d. biometric lock
b. cipher lock
enforcing a virtual security perimeter using a client's geographic location is known by what term? a. geolocking b. geofencing c. geohashing d. geolocking
b. geofencing
what is the Nmap utility used for? a. it is used to identify unsecured private data on the network, such as credit cards b. it is a port scanning utility that can identify open ports on a host c. it is an automated vulnerability and penetration testing framework d. it is a software firewall that can be used to secure a vulnerable host
b. it is a port scanning utility that can identify open ports on a host
the wired equivalency privacy standard (WEP) had what significant disadvantage? a. it only encrypted the initial connection authentication, but did not encrypt subsequent traffic b. it used a shared encryption key for all clients, and the key might never change c. it did not allow the use of a password for access to the network d. it provided no encryption for traffic sent over the air
b. it used a shared encryption key for all clients, and the key might never change
a virus that remains dormant until a specific condition is met, such as the changing of a file or a match of the current date is known as what type of malware? a. worm b. logic bomb c. encrypted virus d. boot sector virus
b. logic bomb
VMware's AirWatch and Cisco's Meriaki Systems Manager are both examples of what type of software? a. software defined network software b. mobile device management software c. cloud network management software d. virtual device management software
b. mobile device management software
A person posing as an employee strikes up a conversation with a legitimate employee as they walk into a secured area, in an attempt to gain access. What kind of social engineering is this? a. phishing b. tailgating c. baiting d. quid pro quo
b. tailgating
a variant of BYOD, what does CYOD allow employees or students to do? a. they can supply their own software on a computer of mobile device b. they can choose a device from a limited number of options c. the can supply their choice of cloud application or storage d. they can use whatever devices the wish to bring
b. they can choose a device from a limited number of options
which of the following scenarios would necessitate the use of a non-disclosure agreement? a. your company would like to allow employees to bring their own devices b. your company needs to to prevent a new contractor from sharing information with a potential competitor c. your company needs to impose password restrictions on new users in the network d. your company wishes to educate users on the proper use of the network
b. your company needs to to prevent a new contractor from sharing information with a potential competitor
in ACL statements, using the "any" keyword is equivalent to using a wildcard mask of what value? a. 255.255.0.0 b. 0.0.255.255 c. 255.255.255.255 d. 0.0.0.0
c. 255.255.255.255
which command can be used on a Windows system to create a hash of a file? a. Compute-FileHash b. shasum c. Get-FileHash d. md5
c. Get-FileHash
which of the following utilities performs sophisticated vulnerability scans and can identify unencrypted data such as credit card numbers? a. Nmap b. L0phtcrack c. Nessus d. Metasploit
c. Nessus
which statement regarding denial of service (DoS) attacks is accurate? a. a denial of service attack occurs when a MAC address is impersonated on the network b. a denial of service attack is generally a result of a disgruntled employee c. a denial of service attack prevents legitimate users from accessing normal network resources d. a denial of service attack is no longer a major concern due to the increased throughput available on most networks
c. a denial of service attack prevents legitimate users from accessing normal network resources
what statement correctly describes a stateless firewall? a. a stateless firewall blocks designated types of traffic based on application data contained within packets b. a stateless firewall filters packets based on source and destination IP addresses c. a stateless firewall manages each incoming packet as a stand-alone entity, without regard to currently active connections d. a stateless firewall inspects each incoming packet to determine whether it belongs to a currently active connection
c. a stateless firewall manages each incoming packet as a stand-alone entity, without regard to currently active connections
where would restrictions regarding what users can and cannot do while accessing a network's resources be found? a. terms of service agreement b. non-disclosure agreement document c. acceptable use policy document d. license restrictions document
c. acceptable use policy document
the Group Policy utility can be opened by typing what name into a run box? a. grppol.msc b. grouppol.msc c. gpedit.msc d. secpol.msc
c. gpedit.msc
If multiple honeypots are connected to form a larger network, what term is used to describe the network? a. honeycomb b. lurenet c. honeynet d. combolure
c. honeynet
on a linux system, which command allows you to modify settings used by the built in packet filtering firewall? a. modfire b. netwall c. iptables d. ipl
c. iptables
what is a SIEM (security information and event manager) system utilized for? a. it is a system that monitors security device hardware availability b. it is an intellectual property protection software that prevents data links, and generates alerts c. it is a system used to evaluate data from security devices and generate alerts d. it is an advanced intrusion protection system with a GUI-frontend
c. it is a system used to evaluate data from security devices and generate alerts
when using kerberos, what is the purpose of a ticket? a. it is the event that is generated when auditing a resource and unauthorized access is attempted b. it is a key used by the client to gain access to services that are protected by the key on the network c. it is a temporary set of credentials that a client uses to prove to other servers that its identity has been validated d. it is the name for a kerberos client or user
c. it is a temporary set of credentials that a client uses to prove to other servers that its identity has been validated
which of the following statements correctly describes the malware characteristic of polymorphism? a. polymorphic malware is software that disguises itself as a legitimate program, or replaces a legitimate program's code with destructive code b. polymorphic malware utilizes encryption to prevent detection c. polymorphic malware can change in characteristics every time it is transferred to a new system d. polymorphic malware is designed to activate on a particular date, remaining harmless until that time
c. polymorphic malware can change in characteristics every time it is transferred to a new system
which of the following terms is used to describe the configuration of a port to copy all traffic passing through the switch to the device at the other end of the port? a. port lurking b. port shadowing c. port mirroring d. port supertrunking
c. port mirroring
which protocol designed to replace STP operates a layer 3 of the OSI model? a. multiple spanning tree protocol (MSTP) b. rapid spanning tree protocol (RSTP) c. shortest path bridging (SPB) d. transparent interconnection of lots of links (TRILL)
c. shortest path bridging (SPB)
In open systems authentication, how does authentication occur? a. the client requests an encrypted tunnel, after which the client's MAC address serves as the authentication b. the client sends a pre-shared key along with the access point's SSID c. the client "authenticates" using only the SSID name. In other words, no real authentication occurs d. the access point forces the client to authenticate via a captive portal, after which all communication is encrypted
c. the client "authenticates" using only the SSID name. In other words, no real authentication occurs
what is NOT a variable that a network access control list can filter traffic with? a. the source or destination TCP/UDP port number in the packet b. the transport layer protocol used for the packet c. the operating system used by the source or destination device d. the network layer protocol used for the packet
c. the operating system used by the source or destination device
in order to prevent ports that are serving network hosts from being considered as best paths, what should be enabled to block BPUDs? a. BPDU drop b. BPUD filter c. root guard d. BPDU guard
d. BPDU guard
utilized by China's "Great Firewall," what type of attack can prevent user access to web pages, or even redirect them to illegitimate web pages? a. MAC address spoofing b. denial of service attack (DoS) c. rogue DHP server d. DNS poisoning
d. DNS poisoning
when using spanning tree protocol (STP), what is the first step in selecting paths through a network? a. STP examines the possible paths between all other bridges b. STP begins to block BPDU's on non-designated ports c. STP disables links that are not part of the shortest path d. STP must first select the root bridge, or master bridge
d. STP must first select the root bridge, or master bridge
which of the following is an example of proxy server software? a. Snort b. BIND c. Apache d. Squid
d. Squid
which of the following statements describes a worm? a. a program that disguises itself as something useful but actually harms your system b. a program that locks a user's data or computer system until a ransom is paid c. a process that runs automatically, without requiring a person to start or stop it d. a program that runs independently of other software and travels between computers and across networks
d. a program that runs independently of other software and travels between computers and across networks
what aspect of AAA is responsible for determining what a user can and cannot do with network resources? a. accessibility b. accounting c. authentication d. authorization
d. authorization
what type of attack forces clients off a wireless network, creating a form of Wi-Fi DOS? a. man in the middle attack b. channel hopping attack c. ARP poisoning attack d. deauthorization attack
d. deauthorization attack
which type of DoS attack involves an attack that is bounced off uninfected computers before being directed at the target? a. permanent denial of service attack b. distributed denial of service attack c. cached denial of service attack d. distributed reflection denial of service attack
d. distributed reflection denial of service attack
how often should you require users to change their passwords? a. every 90 days b. every 120 days c. every 30 days d. every 60 days
d. every 60 days
when using a host based intrusion detection system, what additional feature might be available to alert the system of any changes made to files that shouldn't change? a. file change management (FCM) b. file checksum watching (FCW) c. file access auditing (FAA) d. file integrity monitoring (FIM)
d. file integrity monitoring (FIM)
when using spanning tree protocol, which port on non-root bridges can forward traffic toward the root bridge? a. only one root port, which is the bridge's port that is furthest from the root bridge, can forward b. all ports can forward frames to the root bridge, provided they are not in a down state c. all ports will forward frames to the root bridge, unless a BPDU is received back on the same port d. only one root port, which is the bridge's port that is closest to the root bridge, can forward
d. only one root port, which is the bridge's port that is closest to the root bridge, can forward
if someone offered a free gift or service in exchange for private information or access to a computer system, what type of social engineering is taking place? a. tailgating b. baiting c. phishing d. quid pro quo
d. quid pro quo
which encryption standard was originally utilized with WPA's TKIP? a. advanced encryption standard (AES) b. data encryption standard (DES) c. blowfish d. rivest cipher 4 (RC4)
d. rivest cipher 4 (RC4)
on a Linux based system, what command can you use to create a hash of a file using SHA-256? a. sha1sum b. shasum -a256 c. md5sum d. sha256sum
d. sha256sum
