B.3.4 Network+ Domain 4: Network Security
-The tester has detailed information about the target system prior to starting the test. -The tester has the same amount of information that would be available to a typical insider in the organization. -The tester has no prior knowledge of the target system. -Either the attacker has prior knowledge about the target system or the administrator knows that the test is being performed. -The tester does not have prior information about the system, and the administrator has no knowledge that the test is being performed.
Drag each penetration test characteristic on the left to the appropriate penetration test name on the right. Known test Partially known test Unknown test Single-blind test Double-blind test
three
How many network interfaces does a dual-homed gateway typically have?
You want to protect a public host from attack.
In which of the following situations would you MOST likely implement a screened subnet?
You want to protect a public web server from attack.
In which of the following situations would you MOST likely implement a screened subnet?
-War dialing -Wardriving -Banner grabbing -Firewalking
Match each network enumeration technique on the left with its corresponding description on the right .Identifying phone numbers with modems. Scanning for wireless access points. Identifying operating system type and version number. Identifying services that can pass through a firewall.
-Something you know -Something you have -Something you know -Something you are -Something you are -Something you have -Something you are -Somewhere you are -Something you do
Match the authentication factor types on the left with the appropriate authentication factor on the right. (You can use each authentication factor type more than once.) PIN Smart card Password Retina scan Fingerprint scan Hardware token Voice recognition Wi-Fi triangulation Typing behaviors
NAC
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches have been installed. Which solution should you use?
screened subnet
Of the following security zones, which one can serve as a buffer network between a private, secured network and the untrusted internet?
Zero knowledge team
Which of the following types of penetration test teams provides you with information that is most pertinent to a real-world attack?
Screened router
Which of the following uses access control lists (ACLs) to filter packets as a form of security?
Penetration testing
Which of the following uses hacking techniques to proactively discover internal vulnerabilities?
SSL
Which protocol does HTTPS use to offer greater security for web transactions?
EAP
Which remote access authentication protocol allows the use of smart cards?
DNS poisoning
While using the internet, you type the URL of one of your favorite sites in your browser. Instead of going to the correct site, the browser displays a completely different website. When you use the web server's IP address, the correct site is displayed. Which type of attack has likely occurred?
Ticket
With Kerberos authentication, which of the following terms describes the token that verifies the user's identity to the target system?
EAP
You are a contractor that has agreed to implement a new remote access solution based on a Windows Server 2016 system for a client. The customer wants to purchase and install a smart card system to provide a high level of security to the implementation. Which of the following authentication protocols are you MOST likely to recommend to the client?
Double tagging
Which of the following is a method of VLAN hopping?
RADIUS
Which of the following is a platform-independent authentication system that maintains a database of user accounts and passwords to centralize the maintenance of those accounts?
Denial-of-service attack
Which of the following is an attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?
A user accidentally deletes the new product designs.
Which of the following is an example of an internal threat?
Token device, keystroke analysis, cognitive question
Which of the following is an example of three-factor authentication?
A token device and a PIN
Which of the following is an example of two-factor authentication?
Screening router
Which of the following is another name for a firewall that performs router functions?
FTP server
Which of the following is likely to be located in a screened subnet?
VPN
Which of the following is the BEST solution to allow access to private resources from the internet?
Only the servers in the screened subnet will be compromised.
Which of the following is the MOST likely to happen if the firewall managing traffic into the screened subnet fails?
The DDoS attack uses zombie computers.
Which of the following is the main difference between a DoS attack and a DDoS attack?
Password
Which of the following is the most common form of authentication?
A password, a biometric scan, and a token device
Which of the following is the strongest form of multi-factor authentication?
ARP poisoning
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network?
Hacktivism, profit, and damage reputation
Which of the following motivates attackers to use DoS and DDoS attacks?
49
Which of the following ports does TACACS use?
Fingerprinting
Which of the following processes identifies an operating system based on its response to different types of network traffic?
-SSL -TLS
Which of the following protocols are often added to other protocols to provide secure data transmission? (Select two.)
SSH
Which of the following protocols can you use to securely manage a network device from a remote connection?
Screened-host gateway
Which of the following resides within the screened subnet, requiring users to authenticate to access resources within the screened subnet or the intranet.
Controlling access through a switch.
Which of the following scenarios would typically utilize 802.1x authentication?
Periodically verifies the identity of a peer using a three-way handshake.
Which of the following security functions does CHAP perform?
ARP spoofing/poisoning
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?
Switch spoofing
Which of the following switch attacks bypasses the normal functions of a router to communicate between VLANs and gain unauthorized access to traffic on another VLAN?
SOAR
Which of the following systems is able to respond to low-level security events without human assistance?
Active fingerprinting
A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses Nmap to probe various network hosts to see which operating system they are running. Which process did the administrator use for the penetration test in this scenario?
Posture assessment
A network utilizes a network access control (NAC) solution to defend against malware. When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied. What is this process called?
Passive fingerprinting
A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try and determine which operating systems are running on network hosts. Which process did the administrator use for the penetration test in this scenario?
Credentialed scan
A security administrator logs on to a Windows server on her organization's network. Then she runs a vulnerability scan on that server. Which type of scan did she conduct in this scenario?
Non-credentialed scan
A security administrator needs to run a vulnerability scan that analyzes a system from the perspective of a hacker attacking the organization from the outside. Which type of scan should he or she use?
Any device that can communicate over the internet.
An attacker may use compromised websites and emails to distribute specially designed malware to poorly secured devices. This malware provides an access point to the attacker, which he or she can use to control the device. Which of the following devices can the attacker use?
DDoS
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. Which kind of attack is this an example of?
-Pharming -DNS poisoning
An attacker uses an exploit to push a modified HOSTS file to client systems. This HOSTS file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. Which kind of exploit has occurred in this scenario? (Select two. Both responses are different names for the same exploit.)
-Offers attackers a target that occupies their time and attention while distracting them from valid resources. -Reveals information about an attacker's methods and gathers evidence for identification or prosecution purposes.
Creating fake resources such as honeypots, honeynets, and tarpits fulfills which of the following main intrusion detection and prevention goals? (Select two.)
SSH
Telnet is inherently unsecure because its communication is in plaintext and is easily intercepted. Which of the following is an acceptable alternative to Telnet?
Bastion
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Packet filters
What do you need to configure on a firewall to allow traffic directed to the public resources on the screened subnet?
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter.
What is the main difference between vulnerability scanning and penetration testing?
Authenticate remote clients before access to the network is granted.
What is the primary purpose of RADIUS?
Test your security perimeter's effectiveness.
What is the primary purpose of penetration testing?
Quantitative
When analyzing assets, which analysis method assigns financial values to assets?
EAP-TLS
Which EAP implementation is MOST secure?
Collectors
Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?
Screened subnet
Which firewall implementation creates a buffer network you can use to host email or web servers?
An attack that associates an attacker's MAC address with the IP address of a victim's device.
Which of the following BEST describes an ARP spoofing attack?
An unintentional threat actor (the most common threat).
Which of the following BEST describes an inside attacker?
Multiple authentication credentials may be required, but they are all of the same type.
Which of the following BEST describes single-factor authentication?
Attackers use numerous computers and connections.
Which of the following BEST describes the key difference between DoS and DDoS?
Playbook
Which of the following Security Orchestration, Automation, and Response (SOAR) system components helps to document the processes and procedures that are to be used by a human during a manual intervention?
-Controlling access through a wireless access point. -Controlling access through a switch.
Which of the following actions typically involve the use of 802.1x authentication? (Select two.)
-Running a port scanner. -Attempting social engineering.
Which of the following activities are typically associated with a penetration test? (Select two.)
-Allows three different servers (one each for authentication, authorization, and accounting). -Uses TCP.
Which of the following are characteristics of TACACS+? (Select two.)
-Fraggle -Smurf
Which of the following are denial-of-service attacks? (Select two.)
RADIUS combines authentication and authorization into a single function, while TACACS+ allows these services to be split between different servers.
Which of the following are differences between RADIUS and TACACS+?
-Photo ID -Smart card
Which of the following are examples of Type 2 authentication credentials? (Select two.)
-TACACS+ -RADIUS
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)
VLAN spoofing
Which of the following attacks manipulates a switch's auto-negotiation setting to access a virtual local area network that's connected to the same switch as the attacker's virtual local area network?
Kerberos
Which of the following authentication methods uses tickets to provide single sign-on?
PAP
Which of the following authentication protocols transmits passwords in cleartext and is considered too unsecure for modern networks?
Screened subnet
Which of the following can serve as a buffer zone between a private, secured network and an untrusted network?
-Time server -Ticket granting server
Which of the following does Kerberos use for authentication and authorization? (Select two.)
Username
Which of the following identification and authentication factors are often well-known or easily discovered by others on the same network or system?
Honeypot
Which of the following intrusion detection and prevention systems uses fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data?
Encrypts the entire packet, not just authentication packets.
Which of the following is a characteristic of TACACS+?
Mutual authentication
Which of the following is a feature of MS-CHAPv2 that is not included in CHAP?
Smurf
Which of the following is a form of denial-of-service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?
PKI
Which of the following is a mechanism for granting and validating certificates?
-Put the web server inside the screened subnet. -Put the database server on the private network.
You are managing a network and have used firewalls to create a screened subnet. You have a web server that internet users need to access. It must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?
Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to the internet users. Which solution should you use?
Obtain a certificate from a public PKI.
You have a web server that will be used to secure transactions for customers who access your website over the internet. The web server requires a certificate to support SSL. Which method would you use to get a certificate for your server?
Configure the remote access servers as RADIUS clients.
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the following would be a required part of your configuration?
Inform senior management.
You have decided to perform a double-blind penetration test. Which of the following actions should you perform first?
Run the vulnerability assessment again.
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?
-Put the database server on the private network. -Put the web server inside the screened subnet.
You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. Where should you place devices to best protect both servers? (Select two.)
-Put the web server inside the screened subnet. -Put the database server on the private network.
You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Remote access
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office to access needed files. You want the connection to be as secure as possible. Which type of connection do you need?
SSL
You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations, including airports, hotels, and public access points (like coffee shops and libraries). As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols is MOST likely to be allowed through the widest number of firewalls?
Vulnerability scanner
You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need?
EAP
You want to implement an authentication method that uses public and private key pairs. Which authentication method should you use?
802.1x
You want to increase your network security by allowing only authenticated users to access network devices through a switch. Which of the following should you implement?
802.1x authentication
You want to increase your network security by allowing only authenticated users to access network devices through a switch. Which of the following should you implement?
Port scanner
You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services. Which tool should you use?