CDS-424 Final
To avoid confusion, an organization should have a written security policy for a minimum number of security components.
False
A Dynamic Host Configuration Protocol (DHCP) system automatically assigns IP addresses on network.
True
A Media Access Control (MAC) address is the 48-bit physical hardware address of a network interface card (NIC) assigned by the manufacturer.
True
A best practice when troubleshooting issues is to make one change at a time, and then test the change before making any other changes.
True
A firewall serves as a clear and distinct boundary between one network area and another.
True
An access control list (ACL) focuses on controlling a specific user's or client's access to a protocol or port.
True
IT infrastructure growth can be expected, unexpected, gradual, or abrupt.
True
In a full connection mesh topology, all devices on a network are connected to all other devices.
True
Including photos of configuration screens in firewall procedures can speed up restoration after a network incident.
True
Remote control is the ability to use a local computer system to remotely take control of another computer.
True
Side attacks against the encrypted link of a virtual private network (VPN) are nearly eliminated, while data entering or leaving the VPN is at risk.
True
The Secure Shell (SSH) protocol is a method for secure remote login and other secure network services over a public network.
True
The source address and the port address of outbound firewall rules are often set as ANY, unless the rule is to apply to specific systems or ports.
True
Which fragmentation attack results in full or partial overwriting of datagram components? a. Overflow b. Overlap c. Overrun d. Overdrive
b. Overlap
What is the first step in deploying a firewall? a. Install an intrusion detection system/intrusion prevention system (IDS/IPS). b. Create a comprehensive rule set. c. Construct a firewall policy. d. Use a packet sniffer to get a baseline of network traffic.
c. Construct a firewall policy.
What prevents firewall filtering? a. Authentication b. Session length c. Encryption d. Remote access
c. Encryption
Which type of boundary network creates a series of subnets separated by firewalls? a. Demilitarized zone (DMZ) b. Extranet c. Intranet d. N-tier
d. N-tier
Virtual private networks (VPNs) and which standard have historically suffered from conflicts when used together? a. Hypertext Transfer Protocol (HTTP) b. Point-to-Point Tunneling Protocol (PPTP) c. Layer 2 Forwarding (L2F) Protocol d. Network address translation (NAT)
d. Network address translation (NAT)
Which of the following is considered a node? a. Keyboard b. Network cable c. Patch panel d. Networked printer
d. Networked printer
Mei is a new network technician for a mid-sized company. She is trying to determine what is causing a performance lag on the infrastructure's virtual private network (VPN). The lags typically occur between 8 a.m. and 9 a.m., and again between 1 p.m. and 2 p.m. What is the most likely cause? a. Bandwidth b. Client configuration c. Encryption d. Peak usage loads
d. Peak usage loads
Demetrice is a network consultant. She has been hired to design security for a network that hosts 25 employees, many of whom need remote access. The client recently opened another small office in a neighboring community and wants to be able to routinely establish secure network connections between the two locations. The client often deals with customer bank information and requires a particularly secure solution. What is her response to these requirements? a. Intrusion detection system/intrusion prevention system (IDS/IPS) with Remote Desktop Connection support b. Snort intrusion detection system (IDS) c. Small office/home office (SOHO) virtual private network (VPN) d. Web proxy with content filtering and network address translation (NAT) mapping
c. Small office/home office (SOHO) virtual private network (VPN)
The imitation of source email, Internet Protocol (IP), or Media Access Control (MAC) addresses is part of which type of attack? a. Man-in-the-middle b. Session hijacking c. Spoofing d. Spyware
c. Spoofing
Aileen is a help desk technician. She and her coworkers start getting a lot of calls from remote workers saying that their virtual private network (VPN) connection to the office abruptly dropped. Last month, Aileen helped deploy a new VPN solution that uses redundant VPN devices with their own power sources connecting to an Internet circuit. What is the most likely cause of the problem? a. Both VPNs coincidentally went down at the same time. b. Someone accidently turned off the power strip supplying electricity to the VPN units. c. The company's single Internet circuit went down. d. Too many remote workers attempted to connect via the VPN and crashed both units.
c. The company's single Internet circuit went down.
Felicia is a network engineer deploying a virtual private network (VPN) solution. The VPN operates using Secure Shell (SSH). When asked by a new help desk tech about which layer of the OSI model it employs, how does Felicia answer? a. 2 b. 3 c. 5 d. 7
d. 7
Which of the following is an authentication method that supports smart cards, biometrics, and credit cards, and is a fully scalable architecture? a. TACACS b. RADIUS c. Kerberos d. 802.1x
d. 802.1x
Which of the following is an advantage of Secure Sockets Layer/Transport Layer Security (SSL/TLS) virtual private networks (VPNs) versus Internet Protocol Security (IPSec) VPNs? a. Requires UNIX-based operating systems b. More vendor-created workarounds on the network address translation (NAT) tool c. More firewall rules d. No NAT problems
d. No NAT problems
What does a digital signature provide? a. Authentication b. Confidentiality c. Integrity d. Nonrepudiation
d. Nonrepudiation
Which of the following is a firewall, proxy, and routing service that does NOT support caching, encryption endpoint, or load balancing? Note that this service can be found on almost any service or device that supports network address translation. a. Bastion host b. Demilitarized zone (DMZ) c. Port address translation (PAT) d. Port forwarding
d. Port forwarding
Gino is an ethical hacker hired as a consultant to test the security of a mid-sized company's network. As part of his assignment, he has been given physical access to the system. He has built a dictionary of hashed passwords from the hard drive of the device. Which type of attack is he planning to launch?] a. Brute force b. Dictionary c. Hybrid d. Rainbow
d. Rainbow
Which of the following is a protocol that supports Advanced Encryption Standard (AES) with 128, 192, and 256 keys? a. Authentication Header (AH) b. RSA c. Secure Sockets Layer (SSL) d. Transport Layer Security (TLS)
d. Transport Layer Security (TLS)
What is an example of security through obscurity? a. Assuming your system will not be noticed when connecting to the Internet b. Using the default service port of a network service c. Keeping an encryption algorithm secret d. Using a nonstandard operating system for workstations such as FreeBSD
d. Using a nonstandard operating system for workstations such as FreeBSD
Consuela is a business analyst for her company. She is working from home and on a video conference with several other team members. Her video-conferencing client displays a message indicating that the quality of her connection is unstable. What is the most likely problem? a. Her computer's CPU is unable to process all of the data. b. Her laptop has insufficient memory to sustain the connection. c. Latency between her VPN client removing encryption and making it available to the video-conferencing client is causing poor performance. d. VPNs over the Internet can easily suffer from latency, fragmentation, traffic congestion, and dropped packets.
d. VPNs over the Internet can easily suffer from latency, fragmentation, traffic congestion, and dropped packets.
Vivienne has been commissioned to design a workgroup network infrastructure for a small office that includes five workstations, three laptops, and a printer. Given that some of the nodes are stationary and others are mobile, what is the best solution for interconnectivity? a. Cable modem b. Smart hub c. Router d. Wireless access point (WAP) and wired switch
d. Wireless access point (WAP) and wired switch
While there is no single rule as to the size of this network type, which network is usually made up of fewer than 10 computers and rarely more than 20? a. Access group b. Local area network (LAN) c. Wide area network (WAN) d. Workgroup
d. Workgroup
A drawback of multiple-vendor environments is the amount of network staff training that is typically needed.
True
Hardware failures are a primary cause of unexpected downtime.
True
In a bypass virtual private network (VPN), traffic to the VPN and from the VPN to the internal network is not firewalled.
True
Insecure default configuration is a vulnerability of a hardware virtual private network (VPN).
True
Insertion attacks involve the introduction of unauthorized content or devices into an otherwise secured infrastructure.
True
Internet Protocol Security (IPSec) has three major components: Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE).
True
Security objectives are goals that an organization strives to achieve through its security efforts.
True
With edge routers as the virtual private network (VPN) termination point, the VPN link exists only over the public intermediary networks, not within the private LAN(s).
True
Which of the following statements is TRUE of an Internet Protocol Security (IPSec) virtual private network (VPN) when compared to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) VPN? a. It requires client software. b. It is typically less expensive. c. It offers more client flexibility. d. It requires fewer firewall rules.
a. It requires client software.
Although it is not recommended, a company chief information officer (CIO) wants to configure and use the ff02::1 group on his new IPv6 network to send traffic to every node in the infrastructure. What group must he enable? a. Anycast b. Multicast c. Multicast to the all-nodes group d. Unicast
a. Anycast
Jiang is a network technician. He is programming a web server to provide clients with dynamically produced web content in real time based on several attributes that the connecting user enters. This includes any forms the user may fill out. Martha is the cybersecurity chief. She says that the technology Jiang is using could expose sensitive customer data to hackers if it were ever accessed. What web server technology is Jiang using? a. Common User Interface (CGI ) b. Hypertext Transfer Protocol Secure (HTTPS) c. Network News Transfer Protocol (NNTP) d. Kernel panics
a. Common User Interface (CGI )
Which of the following is one of the most common and easily exploited vulnerabilities on any hardware network device? a. Default password b. Application conflicts c. Malware d. Undistributed authentication credentials
a. Default password
Which of the following network zones has the lowest risk and the highest trust? a. Private network b. Demilitarized zone (DMZ) c. Extranet d. Internet
a. Private network
Shoshana is a network technician for a mid-sized organization. She is configuring firewall rules. She is in a firewall's graphical interface and sets a rule as TCP, 192.168.42.0/24, ANY, ANY, 443, Allow. In what order is this rule organizing protocols, source addresses, source and target ports, and actions? a. Protocol, source address, source port, target address, target port, action b. Action, target port, target address, source port, source address, protocol c. Source port, source address, protocol, target port, target address, action d. Target port, source address, source port, target address, protocol, action
a. Protocol, source address, source port, target address, target port, action
Tonya is a student. She is working through a network addressing scheme example for a class. She has read that the 128-bit address 2001:0f58:0000:0000:0000:0000:1986:62af can be shortened but is trying to understand how. What is the correct solution? a. 2001:0f58:1986:62af b. 2001:0f58::1986:62af c. 2001:0f58:0:1986:62af d. 2001:0f58:0:0:0:0:1986:62af
b. 2001:0f58::1986:62af
The network engineer of a mid-size company needs to have all servers, network printers, and other online resources possess the same IPv6 address over time. The engineer does not want to perform manual address assignments on all of these resources. Additionally, she wants to prevent any rogue device from having an IPv4 address dynamically assigned just by making the request. What is her solution? a. Dynamic Host Configuration Protocol (DHCP) b. Dynamic Host Configuration Protocol (DHCP) reservation c. Static addressing of the most vital network resources d. Using static addressing and a hardware firewall
b. Dynamic Host Configuration Protocol (DHCP) reservation
Carl is a network technician who has been assigned to select a dedicated hardware device to act as the company's termination point for the secured virtual private network (VPN) tunnel. He chooses a device that allows the firewall to filter traffic that is exiting the VPN and moving into the local area network (LAN). It is the choice that is best suited for controlled access into the demilitarized zone (DMZ). What is the solution that he recommends? a. Corporate firewall b. Edge router c. Software VPN d. VPN appliance
b. Edge router
What is the basic service of a reverse proxy? a. Hides the identity of a client connecting to the Internet b. Hides the identity of a web server accessed by a client over the Internet c. Hides the identity of subnet hosts connecting to a database server d. Hides the identity of hackers trying to defraud online retailers
b. Hides the identity of a web server accessed by a client over the Internet
The design of firewall placement and configuration in a network infrastructure has many aspects. Which of the following concerns is most likely related to an upper management decision that does NOT conform with existing security policy? a. Financial b. Political c. Staffing d. Technical
b. Political
Eduardo is configuring a system that allows multiple users working from home to connect to the office network over a wide area network (WAN) link. The platform is required to accept inbound connections from those user computers, allowing the clients to interact with the network is as if they were locally connected. What is he working on? a. Access control b. Remote access server (RAS) c. Remote control d. Terminal services
b. Remote access server (RAS)
A first-year student in a computer networking class is studying different addressing types and attempting to identify them. Which of the following does she determine is a Media Access Control (MAC) address? a. 192.168.10.5 b. 2001:0db8:85a3:0000:0000:8a2e:-370:7334 c. 00-14-22-01-23-45 d. 10.0.0.0/8
c. 00-14-22-01-23-45
Which of the following can affect the confidentiality of documents stored on a server? a. A distributed denial of service (DDoS) attack b. Information about the server being accessed c. A server breach d. A denial of service (DoS) attack
c. A server breach
In executing the processes of risk assessment and risk management, which statistic calculates the potential number of times the threat could be a realized attack in a year's time? a. Exposure factor b. Single loss expectancy c. Annualized rate of occurrence d. Annualized loss expectancy
c. Annualized rate of occurrence
Diego is a network consultant. He is explaining the benefits of virtual private network (VPN) connections for remote clients to the owner of a company who wants to allow most staff to work remotely. He says that a VPN is both private and secure. What does he say is the rationale? a. Authentication provides privacy and security. b. Encryption provides privacy and security. c. Authentication provides privacy and encryption provides security. d. Encryption provides privacy and authentication provides security.
c. Authentication provides privacy and encryption provides security.
Which of the following is a common firewall philosophy? a. Allow by default b. Deny by exception c. Deny by default d. Fail by exception
c. Deny by default
Which of the following statements is TRUE of encryption? a. A 64-bit encryption is currently the minimum length that is considered strong. b. A 128-bit key encryption creates a keyspace exactly twice as long as 64-bit key encryption. c. Every time an additional bit is added to a key length, it doubles the size of the possible keyspace. d. The algorithms involved are very complex and only privately known.
c. Every time an additional bit is added to a key length, it doubles the size of the possible keyspace.
Montel is the newly hired IT administrator at a long-established company. In studying its IT infrastructure, he discovers that the main office is connected to four other branch offices in their large city, with each office being linked to the others by dedicated leased lines that allow for direct communications from one location to the next. This mesh network is used only by the company. Montel tells the company's CIO that he has discovered an issue with this design. Compared to a virtual private network (VPN), what main drawback does Montel report? a. Access b. Encryption c. Expense d. Privacy
c. Expense
While there is no single way to troubleshoot a virtual private network (VPN) issue, what is the MOST appropriate first step? a. Call the vendor. b. Answer phone calls, emails, and texts from users asking when the problem will be fixed. c. Identify the specific symptoms of the problem. d. Try the most likely solution.
c. Identify the specific symptoms of the problem.
Otto is one of many employees working from home. Because his home is located in a rural area, the only form of connectivity available is dial-up. To connect to his office located in an urban community, what must the IT department set up? a. Cable b. DSL c. Remote access server (RAS) d. Virtual private network (VPN) server
c. Remote access server (RAS)
A chief information officer (CIO) works for a mid-sized company located on the California coast. The CIO is developing a disaster plan for the IT infrastructure in the event of an earthquake powerful enough to damage or destroy network and computing equipment, including the database servers. What can she do to protect valuable company data even under the worst circumstances? a. Have the data regularly backed up and stored in a secure, off-site facility not prone to such environmental dangers. b. Use RAID to create redundant database servers on the company's grounds so that if one server is damaged or destroyed, its mirror server may survive, preserving the data. c. Structurally reinforce the data center so that it can withstand the most powerful earthquake or other disaster, even if the rest of the business campus is destroyed. d. Purchase special insurance that will protect the company from permanent and excessive financial loss.
A. Have the data regularly backed up and stored in a secure, off-site facility not prone to such environmental dangers.
Allow-by-default automatically prevents most malicious communications by default.
False
Hypertext Transfer Protocol Secure (HTTPS) does NOT encrypt private transactions made over the Internet.
False
In an internally connected virtual private network (VPN), the Internet-facing VPN connection is front of a firewall.
False
In terms of networking, permission is the abilities granted on the network.
False
Static IP addressing hands out IP addresses to hosts from a pool.
False
The LAN Domain of an IT infrastructure includes routers, firewalls, and switches.
False
The functionalities of software and hardware virtual private network (VPN) solutions are fundamentally different.
False
The physical topology is how the network appears from any device or user and is governed by policy and access rather than by physical connectivity.
False
The sole use of ingress and egress filtering is to eliminate spoofing.
False
The weakest link security strategy gains protection by using abnormal configurations.
False
With multifactor authentication, facial geometry is an example of something you know.
False
Network router security is primarily about preventing unauthorized access.
True
Static packet filtering uses a static or fixed set of rules to filter network traffic.
True
Under the universal participation security stance, every employee, consultant, vendor, customer, business partner, and outsider must be forced to work within the security policy's limitations.
True
When monitoring a virtual private network (VPN), multiple concurrent employee connections may indicate a security issue.
True
Which type of boundary network hosts resource servers for the public Internet? a. Demilitarized zone (DMZ) b. Extranet c. Intranet d. N-tier
a. Demilitarized zone (DMZ)
To secure the System/Application Domain of an IT infrastructure, what is the primary focus? a. In a collection of servers and virtualized systems, defending both data and server computing power b. Protecting a system where the hacker does not have to be physically present to attack the network c. Defending against hackers targeting routers, circuits, switches, firewalls, and equivalent gear at remote locations d. Educating users about social engineering techniques, such as clever wording intimidation, to prevent loss of private information and reduction in network security
a. In a collection of servers and virtualized systems, defending both data and server computing power
Internet Protocol Security (IPSec) is a standards-based protocol suite designed specifically for securing ____________ communications. a. Internet Protocol (IP) b. Authentication Header (AH) c. Encapsulating Security Payload (ESP) d. Transmission Control Protocol (TCP)
a. Internet Protocol (IP)
Which of the following can be described as putting each resource on a dedicated subnet behind a demilitarized zone (DMZ) and separating it from the internal local area network (LAN)? a. N-tier deployment b. Simplicity c. Single defense d. Virtual LAN (VLAN)
a. N-tier deployment
A firewall is a filtering device that watches for traffic that fails to comply with rules defined by the firewall administrator. What does the firewall inspect? a. Packet header b. Packet trailer c. Packet encryption d. Packet latency
a. Packet header
A hacker is attempting to access a company's router using false Internet Control Message Protocol (ICMP) type 5 redirect messages. What is the hacker's goal? a. To spoof or manipulate routing data b. To add false entries into the router's access control list c. To bypass the firewall d. To delete all of the device's routing protocols
a. To spoof or manipulate routing data
Which of the following best describes a network chokepoint? a. A load balancing system that acts as a funnel point for traffic, that is an ideal place to enforce policy, and that is done through the firewall b. A specialized kind of gateway that focuses on traffic to a single concentrated pathway to streamline the process of filtering c. A device that analyzes traffic based on destination address d. A proxy installed between a firewall and a web server
b. A specialized kind of gateway that focuses on traffic to a single concentrated pathway to streamline the process of filtering
Alphonse is a networking contractor who has been hired by a small to medium-sized company to configure its firewall. The firewall comes preconfigured with a common rule set that allows web, email, instant messaging, and file transfer traffic using default ports. The company wants to allow access to secure websites and common website protocols but block access to insecure Internet websites. Which of the following is the best solution? a. Allow access to HTTP, HTTPS, and SQL and Java, but deny access to TCP and UDP b. Allow access to HTTPS, SQL, and Java, but deny access to HTTP c. Deny access to HTTP, HTTPS, SQL, and Java, but allow access to TCP and UDP d. Allow access to SMTP, POP3, and HTTP, but deny access to HTTPS, SQL, and Java
b. Allow access to HTTPS, SQL, and Java, but deny access to HTTP
Hajar is a new network administrator. She is inventorying firewalls in her company. She finds one that has a management interface lacking something and makes a note to replace it immediately. What is the missing firewall management interface? a. Command-line b. Encryption c. GUI d. Multifactor administration
b. Encryption
Marcus is studying networking with an emphasis on cybersecurity at a local university. As part of his research, he wants to visit certain hacker sites but is concerned that his laptop would be vulnerable to passive threats while visiting them. He doesn't have the funds for expensive security equipment. What is the least expensive option he has at hand? a. Active firewall b. Native firewall c. Passive firewall d. Secure firewall
b. Native firewall
Which of the following statements about ciphertext is TRUE? a. Ciphertext requires multiple redundancies to encrypt data. b. Properly encrypted data produces ciphertext that does not contain redundancies or recognizable patterns. c. Ciphertext removes redundancies and recognizable patterns. d. Decryption converts plaintext data into ciphertext
b. Properly encrypted data produces ciphertext that does not contain redundancies or recognizable patterns.
Armand is the IT director of his organization. He is working with accounting to determine a budget for upgrading the company's virtual private network (VPN) equipment. Several options are available, and after narrowing down his requirements, he still needs more technical assistance to make a decision. Rather than going with award-winning VPN products he has found in industry magazines and websites, what option does he select that will gain him assistance in doing "legwork"? a. Purchasing manager b. Reseller c. VPN policy writer d. Help desk staff
b. Reseller
The combination of certain techniques allows for relevant information collected by this solution from multiple systems and processes to be aggregated and analyzed for use in decision making. What is the name of this solution? a. Security event management (SEM) b. Security information and event management (SIEM) c. Security information management (SIM) d. Write-once read-many (WORM)
b. Security information and event management (SIEM)
Manuela has researched a third-party software firewall she wants to install on her PC since she believes it is a better quality than the operating system's onboard firewall. She has read the installation instructions. The firewall is compatible with her operating system and has gotten good customer reviews. After performing the installation last week, she notices that numerous malicious exploits are successfully hacking her computer. What went wrong? a. She forgot to see if the third-party and native software programs were compatible. b. She forgot to disable the native firewall when she installed the third-party firewall. c. She forgot to disable the third-party firewall after installation and left the native firewall running. d. She forgot to make sure that the rule sets of both software firewalls were identical.
b. She forgot to disable the native firewall when she installed the third-party firewall.
Lenita is a network technician. She is setting up a rule set for a firewall in her company's demilitarized zone (DMZ). For email, she creates an allow-exception rule permitting Simple Mail Transfer Protocol (SMTP) traffic on port 25 to leave the internal network for the Internet. Her supervisor examines Lenita's work and points out a possible problem. What is it? a. Lenita used the wrong port: SMTP uses port 21. b. The allow-exception rule could create a loophole threatening internal communications on the same port. c. Lenita should have used a deny-exception rule just prior to the Allow rule. d. The allow-exception rule could create a bottleneck, slowing down traffic to and from the Internet.
b. The allow-exception rule could create a loophole threatening internal communications on the same port.
A company has discovered that confidential business information has been repeatedly acquired by a competitor over the past six months. The IT security team has been unable to find the leaks. The team suspects a form of side-channel eavesdropping may be involved. What is the suspected hacking method? a. An employee has been paid to leak company secrets to the competitor. b. The competitor is using a phreaking attack. c. A zero-day exploit has breached a previously unknown vulnerability. d. The company's wireless network has been hacked.
b. The competitor is using a phreaking attack.
Kristin's position in IT focuses on using antivirus, anti-spyware, and vulnerability software patch management to maintain security and integrity. Which IT infrastructure domain is she protecting? a. User Domain b. Workstation Domain c. LAN Domain d. LAN-to-WAN Domain
b. Workstation Domain
Logical topologies are primarily about: a. arrangement. b. connections. c. gateways. d. peripherals.
b. connections.
Which of the following records every connection outside the network on the Internet by IP address and URL requested? a. Access server b. Mail server c. Proxy server d. Web server
c. Proxy server
Temika is the IT security officer for her company. She is developing a plan to measure the effectiveness of the organization's network security. Which of the following will accomplish that goal? a. Installing a single, comprehensive defense component designed to prevent all possible attacks b. Developing a written network security policy that addresses multiple contingency plans for a variety of exploits c. Continually improving the state of security so that, as time passes, the network is better protected than it was in the past d. Establishing and deploying a roadmap for securing the entire IT infrastructure based on written goals
c. Continually improving the state of security so that, as time passes, the network is better protected than it was in the past
Which OSI model layer deals with frames? a. Application Layer b. Network Layer c. Data Link Layer d. Physical Layer
c. Data Link Layer
Isabelle is the cybersecurity engineer for a medium-sized company. She is setting up a firewall for examining inbound network traffic for a variety of characteristics. While remote users working from home should be allowed access to network resources, malicious traffic should be blocked. To differentiate between the two, Isabelle is looking at factors such as whether the inbound traffic is a response to a previous request inside the network; whether it includes blocked domain names, IP addresses, and protocols; and whether it conforms to known malicious patterns or is otherwise abnormal. What is she setting up the firewall to practice? a. Access management b. Encryption c. Filtering d. Modeling
c. Filtering
Which of the following is a protocol that allows web servers to complete secure transactions over the Internet? a. Demilitarized zone (DMZ) b. Hypertext Markup Language (HTML) c. Hypertext Transfer Protocol Secure (HTTPS) d. Transmission Control Protocol/Internet Protocol (TCP/IP)
c. Hypertext Transfer Protocol Secure (HTTPS)
Location-aware anti-theft software will periodically upload its location to a centralized site in the event that the mobile device is lost or stolen. What can defeat this? a. If the mobile device is taken more than five miles away from its original location b. If the thief uploads an anti-malware program onto the mobile device c. If the thief reformats the mobile device's drive d. If the thief disables Wi-FI
c. If the thief reformats the mobile device's drive
Which Internet Protocol Security (IPSec) core component negotiates, creates, and manages security associations? a. Authentication Header (AH) b. Encapsulating Security Payload (ESP) c. Internet Key Exchange (IKE) d. Transport Layer Security (TLS)
c. Internet Key Exchange (IKE)
All firewalls, including those using static packet filtering, stateful inspection, and application proxy, have one thing in common. What is it? a. Default permit b. Default reject c. Rules d. Transport Layer Security (TLS)
c. Rules
Mei is working from home and speaking with her department manager on a Voice over IP (VoIP) phone connection. This technology allows telephone conversations to be routed over the Internet. During a VoIP conversation, Mei loses a few moments of what the manager has said to her. What is the problem? a. The OSI model Physical Layer failed to convert data into transmittable bits. b. The OSI model Network Layer failed to reassemble some of the bits into audible data. c. The OSI model Transport Layer was unable to guarantee reliable packet delivery. d. The OSI model Session Layer momentarily dropped the communication channel.
c. The OSI model Transport Layer was unable to guarantee reliable packet delivery.
Kasim is a network technician. He is tasked with deploying a virtual private network (VPN) in his company's IT infrastructure. He wants to place the VPN device where it is directly connected to both the Internet and the internal LAN. He believes that security will not be a concern because the VPN is already encrypted point-to-point. Which of the following statements is TRUE about this configuration? a. A VPN has a built-in firewall and is therefore protected from Internet threats. b. This configuration could leave the VPN device vulnerable to social engineering. c. The VPN device itself is still capable of being attacked. d. Without a firewall, an employee on the internal LAN could use the VPN to make an insecure connection to a remote host.
c. The VPN device itself is still capable of being attacked.
Samantha is a network engineer. She is writing a proposal to her company's chief information office (CIO) about the deployment of a group of end-user nodes to replace the office's aging workstations. Her solution is to use PCs with only display screens, keyboards, and mice, with all of the computing work and storage hosted on servers. What is her solution? a. Remote access b. Remote control c. Thin client d. Virtual private network (VPN)
c. Thin client
Which of the following is a vulnerability of both hardware and software virtual private networks (VPNs)? a. Application conflict b. Operating system vulnerability c. Unpublished vulnerabilities in the code d. Weak default password
c. Unpublished vulnerabilities in the code
A combination of intrusion detection and prevention, as well as logging and monitoring, provides the best defense against what kind of attack? a. SQL injection b. Distributed denial of service (DDoS) c. Zero-day exploit d. Malicious code
c. Zero-day exploit
A hashing cryptographic function takes the input of any file or message and creates a fixed length output based on: a. the size of the message. b. the type of encryption. c. the hashing algorithm being used. d. the level of security checksum required.
c. the hashing algorithm being used.
A company vice president (VP) finds that the network security restrictions imposed by the security manager are too confining. To counter them, the VP habitually uses weak passwords, shares accounts with his assistant, and installed unapproved software. What security principle is the VP violating? a. Defense in diversity b. Fail-open c. Simplicity d. Universal participation
d. Universal participation
Estefan is a network professional for an e-commerce company. The chief information officer (CIO) wants the customer web portal downtime to be reduced from 5 minutes per year to 30 seconds per year. The change should occur over the next 6 months. Which security objective must Estefan employ to accomplish this goal? a. Nonrepudiation b. Authorization c. Authentication d. Availability
d. Availability
Charles is an IT help desk technician. He gets a ticket from a branch office saying that they lost Internet connectivity. He investigates remotely over a backup maintenance link and determines that this was done by design; the office's firewall deliberately severed the connection. Which is the following does this functionality define? a. Bump-in-the-stack b. Bump-in-the-wire c. Client firewall d. Bastion host
d. Bastion host
Which of the following is a type of virtual private network (VPN) architecture that places a firewall in front of the VPN to protect it from Internet-based attacks as well as a firewall behind the VPN to protect the internal network? a. Bypass b. Internally connected c. Two-factor d. DMZ architecture
d. DMZ architecture
What is an intrusion detection system/intrusion prevention system (IDS/IPS) that uses patterns of known malicious activity similar to how antivirus applications work? a. Anomaly-based detection b. Baseline-based detection c. Behavioral-based detection d. Database-based detection
d. Database-based detection
Which elements do digital certificate contain that can be used to increase the reliability of authenticity and nonrepudiation? a. Each digital certificate host stores only the trusted private keys of the certificate authority (CA). b. Digital certificates use a private key pair signed by a third party. c. Digital certificates use a public key pair signed by a trusted third party. d. Digital certificates use a public key and private key pair signed by a trusted third party.
d. Digital certificates use a public key and private key pair signed by a trusted third party.
Which of the following can perform authentication to provide integrity protection, although not for the outermost IP header? a. Layer 2 Forwarding (L2F) b. Internet Key Exchange (IKE) c. Authentication Header (AH) d. Encapsulating Security Payload (ESP)
d. Encapsulating Security Payload (ESP)
You are a network professional. You want to overcome the security shortcomings of the Domain Name System (DNS) and protect the IP address locations of sensitive resources on the internal network. What alternative can you use? a. Microsoft Active Directory b. Intrusion detection system (IDS) c. Fully qualified domain name (FQDN) d. HOSTS file
d. HOSTS file
The chief information officer (CIO) of a large company has been informed by the board of directors that their corporation is anticipating rapid growth over the next two years. She calculates the contingency of building additional capacity into the current network infrastructure. Based on the board's growth estimates, what percentage of additional capacity should she plan for? a. 10 percent b. 20 percent c. 30 percent d. More than 50 percent
d. More than 50 percent
An IT infrastructure manager is reviewing his company's computer assets, particularly the mean time to failure (MTTF) of the PC and server hard drives. The manufacturer of the hard drives typically used in the company states that the MTTF is approximately 11 years. Because servers and some high-priority workstations must operate continuously except for brief periods of maintenance, how many hours, on average, can these hard drives be expected to operate before failure? a. 25,000 to 50,000 hours b. 50,000 to 75,000 hours c. 75,000 to 90,000 hours d. More than 90,000 hours
d. More than 90,000 hours
Which network security technology can block or restrict access if a computer does NOT have the latest antivirus update, a certain security patch, or a host firewall? a. Firewall b. Intrusion detection system (IDS) c. Intrusion prevention system (IPS) d. Network access control (NAC)
d. Network access control (NAC)
Tiffany is a network engineer for her company. To enhance the performance of the network, she uses a method that assigns incoming transactions as they arrive in sequence to each of the infrastructure's three firewalls. Transaction 1 goes to firewall 1, transaction 2 goes to firewall 3, transaction 3 to firewall 2, and so on. Which technique is Tiffany using? a. Caching b. Fair queuing c. Load balancing d. Round-robin
d. Round-robin
Which type of hackers often lack the knowledge or motivation to write their own malicious code, depend on programs written by others to use in their attacks, and may not understand the full consequences of their actions? a. Opportunistic b. Professional c. Recreational d. Script kiddie
d. Script kiddie
Which of the following is a protocol that replaces the use of telnet and rlogin to log in to a shell on a remote host? a. Authentication Header (AH) b. Encapsulating Security Payload (ESP) c. Layer 2 Tunneling Protocol (L2TP) d. Secure Shell (SSH)
d. Secure Shell (SSH)
The IT department of a company has just rolled out a virtual private network (VPN) solution that offers greater flexibility, delegation of management, and added security over the previous implementation. What is this solution called? a. Desktop virtualization b. Operating system virtualization c. Small office/home office (SOHO) virtualization d. Secure Sockets Layer (SSL) virtualization
d. Secure Sockets Layer (SSL) virtualization
Landon is a network contractor. He has been hired to design security for the network of a small company. The company has a limited budget. Landon is asked to create a system that will protect the company's workstations and servers without undo expense. Landon decides to deploy one hardware firewall between the Internet and the local area network (LAN). What is this solution called? a. Defense in depth b. N-tier deployment c. Fail-safe d. Single defense
d. Single defense
Which network device differentiates network traffic using Layer 2 of the OSI model? a. Active hub b. Dumb hub c. Router d. Switch
d. Switch
Which of the following is an encryption method that is very fast and is based on a single, shared key? a. Asymmetric b. Ciphertext c. Hashing d. Symmetric
d. Symmetric
Carl is a network engineer for a mid-sized company. He has been assigned the task of positioning hardware firewalls in the IT infrastructure based on common pathways of communication. After analyzing the problem, on which aspect of the network does he base his design? a. Wireless access points b. Network structure c. Remote access d. Traffic patterns
d. Traffic patterns
Joaquin is a senior network technician for a mid-sized company who has been assigned the task of improving security for the IT infrastructure. He has been given a limited budget and must increase security without redesigning the network or replacing all internetworking security devices. He focuses on an approach that will identify a single vulnerability. What does he recommend? a. Chokepoint b. Fail-open c. Single defense d. Weakest link
d. Weakest link
Chang is a network engineer. He is revising the company's firewall implementation procedure. As part of this work, he is reviewing the procedural element requiring placement of network firewalls at chokepoints and mapping out the network structure to pinpoint the locations where firewalls are to be placed. Which of the following is he focusing on? a. Firewall requirements b. Network design c. Change documentation d. Journaling firewall deployment
v
A backdoor acts like a device driver, positioning itself between the kernel (the core program of an operating system) and the hardware.
False
Multiple firewalls in a series is considered diversity of defense but not defense in depth.
False
Recreational hackers are criminals whose sole career objective is to compromise IT infrastructures.
False
Whereas privacy is the ability of a network or system user to remain unknown, anonymity is keeping information about a network or system user from disclosure.
False
A gateway is a device that connects two networks that use dissimilar protocols for communication.
True
A hardware virtual private network (VPN) is a standalone device, dedicated to managing VPN functions.
True
A host virtual private network (VPN) software product allows a single host access to VPN services, while a VPN appliance allows an entire network to access VPN services.
True
A small office/home office (SOHO) environment can be a workgroup or a client/server network.
True
A small office/home office (SOHO) virtual private network (VPN) hardware firewall provides remote access.
True
A virtual firewall can protect physical networks as well as virtual clients and servers.
True
A virtual private network (VPN) appliance can be positioned outside the corporate firewall so that all VPN traffic passes through firewall filters
True
An active threat is one that takes some type of initiative to seek out a target to compromise.
True
Authentication Header (AH) provides integrity protection for packet headers and data, as well as user authentication.
True
Authentication is the proof or verification of a user's identity before granting access to a secured area.
True
Banner grabbing is the activity of probing services running behind an open port to obtain information.
True
Firewall implementation documentation should include every action taken from the moment the firewall arrives on site through the point of enabling the filtering of production traffic.
True
Firewalls filter traffic using rules or filters.
True
When the defense in depth security strategy is followed, a single component failure does not result in compromise or intrusion.
True
Wired topologies have a physical wire between devices, allowing for communication among those devices.
True
Thirty years ago, a major corporation purchased and still owns IP addresses within the IPv4 Class A range. The corporation uses these addresses to connect to the Internet. To which IPv4 address range do they belong? a. 1.0.0.1 to 126.255.255.254 b. 10.0.0.0 to 10.255.255.255 c. 172.16.0.0 to 172.31.255.255 d. 192.168.0.0 to 192.168.255.255
a. 1.0.0.1 to 126.255.255.254
A company's cybersecurity trainer is recording a Lunch and Learn video for new employees. The trainer discusses the dangers of spam. Besides being annoying, what other problem could spam cause? a. A spam email could contain a link to what appears as a benign or beneficial website that could, if clicked, upload malicious software to the user's computer. b. The spam email could be an advertisement that convinces the user to buy unwanted products. c. Reading spam emails continuously could prevent users from performing their work, resulting in a loss of productivity. d. Spam emails may overflow the spam folder of the user's email client, causing the client program to crash.
a. A spam email could contain a link to what appears as a benign or beneficial website that could, if clicked, upload malicious software to the user's computer.
Maria is a network engineer assigned to select a new virtual private network (VPN) solution for her company. She is weighing the benefits of commercial versus open-source VPNs. Which of the following is a benefit of open-source platforms? a. Access to Internet-based support b. Available hardware maintenance c. Available management tools d. Ease of installation and management
a. Access to Internet-based support
In preserving the confidentiality of users on a corporate network, which party is responsible for setting up security policies to guarantee users' privacy? a. Administrator b. Hardware engineer c. Infrastructure designer d. The Vice President of Information Services
a. Administrator
Torri is a network technician. She needs to configure the edge firewalls for her company's IT infrastructure. Her supervisor has told her she must find a configuration method that assumes all network traffic is safe and, as malicious traffic is identified, it is added to a list of exceptions. Which of the following configuration methods does Torri select? a. Allow by default/deny by exception b. Allow by default/allow by exception c. Deny by default/allow by exception d. Deny by default/deny by exception
a. Allow by default/deny by exception
Teodora is the procurement manager for her company's IT department. She is researching firewalls that come with enhancements beyond basic traffic filtering. Which of the following is considered a firewall enhancement? a. Anti-malware scanning b. IP address scanning c. MAC address scanning d. Protocol scanning
a. Anti-malware scanning
Which of the following roles is most commonly responsible for observing system and user activity, looking for violations, trends toward bottlenecks, and attempts to perform violations? a. Auditor b. Network administrator c. Senior management d. Support supervisor
a. Auditor
Virtual private networks (VPNs) allow external entities to connect to and interact with a private network. What does identity verification require? a. Authentication b. Authorization c. Accounting d. Accessibility
a. Authentication
Nina is a corporate attorney for a San Francisco firm. The chief information and security officer (CISO) told her that the firm's data center had been hacked 24 hours ago. The personal information of more than 3 million users was accessed, including their full names, addresses, and login credentials. Nina discusses the company's liability under the law, including the requirement to implement and maintain reasonable security procedures and practices. If it can be proven that the firm was negligent, it may need to pay damages. Which of the following regulates this issue? a. California Consumer Privacy Act (CCPA) b. Common Gateway Intrusion Amendment c. Electronic Privacy Information Center (EPIC) d. National Information Infrastructure (NII)
a. California Consumer Privacy Act (CCPA)
Which of the following virtual private network (VPN) solutions typically accepts a wider variety of client operating system types? a. Cloud-based VPN b. Hardware VPN c. Software VPN d. Traditional VPN
a. Cloud-based VPN
Which form of attack is described as throttling the bandwidth consumption on an Internet link at a specific interval as a method of transmitting small communication streams such as user credentials? a. Covert channels b. ICMP redirects c. Slack space d. Unpartitioned bandwidth
a. Covert channels
A malicious person has installed ransomware on a company user's computer. The ransomware message states that the malicious software will be removed if the user pays a certain amount of money digitally. What is a typical form of payment? a. Cryptocurrency b. Credit card c. Debit card d. PayPal
a. Cryptocurrency
Which of the following is unlikely to support at-firewall authentication? a. Demilitarized zone (DMZ) firewall b. Intrusion detection system (IDS) c. Web server d. Virtual private network (VPN) firewall
a. Demilitarized zone (DMZ) firewall
Rachel is a network technician. She is writing a proposal that recommends which firewall type to purchase to replace an aging and failing unit. She wants to be able to protect two separate internal network segments with one hardware firewall. What is her recommendation? a. Dual-homed b. Next-generation c. Triple-homed d. Virtual
a. Dual-homed
Khalilah is a network engineer. She is devising a plan to help her company's infrastructure transition from IPv4 to IPv6 addressing. She selects a solution where both IPv4 and IPv6 protocol stacks coexist in the same network equipment, allowing network communication using both protocols. Which solution did she choose? a. Dual-stack b. Internet Protocol Security (IPSec) c. Translation d. Tunneling
a. Dual-stack
In which form of social engineering does the malicious person physically go through trash cans and other refuse looking for valuable information about a network such as IP addresses, usernames, and passwords? a. Dumpster diving b. Cold calling c. Tailgating d. Reconnaissance
a. Dumpster diving
In balancing competing concerns while deploying a personal virtual private network (VPN) solution, Yee values his privacy more than his anonymity. Which is he most concerned about? a. Having the endpoints of his VPN connection tracked b. Passing his username and password c. Revealing his credit card number d. Unencrypted traffic
a. Having the endpoints of his VPN connection tracked
Amy is a network engineering consultant who is designing security for a small office/home office (SOHO) company. The network consists of 10 workstations plus a wireless printer, but it needs remote authentication. The client has a limited budget and the network design needs to be relatively simple. What type of authentication solution does she deploy? a. One that authenticates at the firewall and doesn't integrate with single sign-on (SSO) b. One that operates using IEEE 802.1x c. One that uses port-based network access (admission) control (PNAC) d. One that uses RADIUS
a. One that authenticates at the firewall and doesn't integrate with single sign-on (SSO)
Israel is a network technician who has just deployed a new firewall. Before putting it in production, he wants to test the firewall's ability to filter traffic according to its rule set, without risking the internal network. What is the best solution? a. Place the firewall in a virtual network environment and simulate traffic. b. Place the firewall outside the demilitarized zone (DMZ) with a production firewall behind it protecting the internal network. c. Place the firewall outside the DMZ and use the tracert command. d. Place the firewall within the DMZ and use the ping command.
a. Place the firewall in a virtual network environment and simulate traffic.
Miriam is the cybersecurity manager for her company's IT department. She is updating the computing and networking-related policies that apply company-wide. She learns that Wyatt, an engineer responsible for maintaining VPN access for remote employees, has written a VPN usage policy specifying parameters for use that is independent of what she is crafting. What is the most likely problem? a. The two independent policies might describe conflicting requirements such as differing password lengths. b. The two independent policies might define the logical network infrastructure differently. c. The process of IT policy making should be handled only at the level of the chief information officer (CIO). d. Wyatt's policy may be more comprehensive than Miriam's documentation.
a. The two independent policies might describe conflicting requirements such as differing password lengths.
Many company employees work from home on a full-time basis. What technology do they commonly use to communicate securely with the organization's network? a. Virtual private network (VPN) b. Proxy server c. Host d. Firewall
a. Virtual private network (VPN)
Asymmetric cryptography that uses key pairs is commonly known as: a. public key cryptography. b. private key cryptography. c. single key cryptography. d. Twofish key cryptography.
a. public key cryptography.
Mario is the network security engineer for his company. He discovered that, periodically, a remote user working from home accesses certain resources on the network that are not part of her regular duties. Mario has questioned the user and her supervisor, and has accessed the user's workstation. Mario believes the user is not the source of these intrusions and strongly suspects a malicious source is responsible. What is the most likely explanation? a. The user has fooled Mario into believing her innocence and she really is the malicious intruder. b. An external hacker has gained access to the user's authentication and is accessing confidential company resources. c. Mario has erroneously interpreted the firewall logs, and the user has not accessed such data. d. The user requires periodic access to data that is only sometimes part of her job duties.
b. An external hacker has gained access to the user's authentication and is accessing confidential company resources.
A bank's online infrastructure has been under attack by hackers. In addition to standard security methods, the bank's IT security manager has requested website code to be examined and modified, where necessary, to address possible arbitrary code execution. What will the code modifications prevent? a. Session hijacking b. Buffer overflows c. Spoofing attacks d. Man-in-the-middle attacks
b. Buffer overflows
Which of the following is a firewall implementation best practice? a. A single firewall model should be used for all firewall placements. b. Different firewall products should be used depending on firewall placement, such as different products for border firewalls versus internal host firewalls. c. Firewalls should be placed within the demilitarized zone (DMZ) to protect server and internal networks separately. d. Host firewalls should be deployed as chokepoints.
b. Different firewall products should be used depending on firewall placement, such as different products for border firewalls versus internal host firewalls.
The IT security officer for a large company has spent the past year upgrading security for the corporate network. Employees working from home have personal firewalls running on their computers. They use a virtual private network (VPN) to connect to the corporate network. The corporate network utilizes the latest devices and techniques, including an intrusion detection system/intrusion prevention system (IDS/IPS), anti-malware protection, and firewalls. What security threat most likely still needs to be addressed? a. Weak remote access security b. An internal threat, such as a disgruntled employee or contractor c. A distributed denial of service (DDoS) attack during a network maintenance cycle d. An unpatched web server
b. An internal threat, such as a disgruntled employee or contractor
Duncan runs a small writing and editing business. He employs two people in his small office/home office (SOHO). He also has general knowledge of networking, including how to configure a basic firewall to protect the network. His off-the-shelf firewall has rule sets built in with several main elements. Duncan is currently setting rules for TCP and UDP. What element is he working with? a. Source address b. Base protocol c. Source port d. Target port
b. Base protocol
Chris is a network engineer deploying a virtual private network (VPN) solution. He needs an implementation of Secure Sockets Layer/Transport Layer Security (SSL/TLS) that adds a layer of authentication to the access. What feature does he require? a. Advanced Encryption Standard (AES) b. Bidirectional authentication c. Identity services d. One-way authentication
b. Bidirectional authentication
You are setting up a small home network. You want all devices to communicate with each other. You assign IPv4 addresses between 192.168.0.1 and 192.168.0.6 to the devices. What processes must still be configured so that these nodes can communicate with the Internet? a. None. The IP address range is routable. b. Both network address translation (NAT) and port address translation (PAT) must be enabled to allow private network addresses to be translated to a random external port and public IP address. c. Each device must be assigned a public IP address for it to be routable on the Internet. d. The RFC 1918 addressing protocol must be enabled on the external router.
b. Both network address translation (NAT) and port address translation (PAT) must be enabled to allow private network addresses to be translated to a random external port and public IP address.
saac is designing a network infrastructure as a class project. He determines that one device he requires must have the capacity to act as a repeater, operate at the Data Link Layer of the OSI model, be able to filter packets based on their MAC address, and allow communication between two local area networks (LANs). Which device will fulfill these specifications? a. Active hub b. Bridge c. Router d. Switch
b. Bridge
Hyon is a network consultant. She was hired by a client company to examine the effectiveness of its IT infrastructure. She discovers that the company's Internet-facing firewall is not capable of automatically handling and adjusting for random source ports when a session is being established to its web and gaming servers. How should she correct this? a. Allow all source ports above 1023 b. Create a custom rule to manage random source ports c. Deny all source ports above 1023 d. Enable port forwarding
b. Create a custom rule to manage random source ports
A social networking website has been gathering a great deal of personal information on its users for years. This presents the potential danger of exposure if the site is hacked. In addition, the data could be sold by the social networking platform without the users' knowledge or consent. What technology does the social media company most likely use to gather data, such as users' buying preferences? a. Access control b. Data mining c. Targeted advertising d. Firewall logging
b. Data mining
A malicious party has discovered the IP address of a host inside a network she wants to hack. She employs a form of port scanning, attempting to establish a connection with the host using multiple different ports. Which technique is she using? a. Buffer overflow b. Firewalking c. Fragmentation attack d. Zero-day exploit
b. Firewalking
A chief financial officer's (CFO's) business account has been leaked onto the Internet, including the CFO's username, password, and financial data. The firm's security manager scanned the CFO's computer for viruses, which was clean. However, the manager is still convinced that the CFO's computer is somehow compromised, allowing whatever is typed to be disclosed. The manager recalls that six weeks ago, the CFO's assistant was caught illicitly accessing secure financial files and was subsequently dismissed. What is the likely problem? a. Backdoor b. Hardware keystroke logger c. Logic bomb d. Trapdoor
b. Hardware keystroke logger
Nicolau is a network engineer for a large online retailer. He is concerned about the security of his company's network connections to its customers, vendors, and partners. Although all of these sources are generally trusted, he knows they can be hacked by malicious parties and used to steal confidential company data. Which network-based solution should he choose to detect unauthorized user activity and attacks that is also capable of taking action to prevent a breach? a. Router anti-tampering b. Intrusion detection system/intrusion prevention system (IDS/IPS) c. Firewall d. Data encryption
b. Intrusion detection system/intrusion prevention system (IDS/IPS)
Tomika is a network architect. A coworker is helping to design a more secure placement of the company's virtual private network (VPN) device. The coworker suggests that the device be placed between the Internet-facing firewall and the internal network. What is Tomika's opinion of this deployment strategy? a. It is a highly secure deployment and the plan should be proposed to the chief technology officer (CTO). b. It is somewhat secure but does not address possible security issues involving untrustworthy VPN connections. c. Along with the firewall, an intrusion detection system/intrusion prevention system (IDS/IPS) solution should be placed between the firewall and the VPN device. d. Although the firewall adds more security, it will slow down traffic to the VPN device.
b. It is somewhat secure but does not address possible security issues involving untrustworthy VPN connections.
Mohammad is presenting IPv6 cryptographic security features to his networking class. A student asks him to explain data origin authentication. How does he answer this question? a. It encrypts network traffic and cannot be deciphered without the appropriate encryption key. b. It uses a checksum that incorporates a shared encryption key so that the receiver can verify that the data was actually sent by the apparent sender. c. It involves a checksum that can be used by the receiver to verify that the packet wasn't modified in transit. d. It is a solution that creates a tunnel for traffic between two IPv6 hosts through an IPv4 network.
b. It uses a checksum that incorporates a shared encryption key so that the receiver can verify that the data was actually sent by the apparent sender.
hich layer of the OSI model is the Data Link Layer? a. Layer 1 b. Layer 2 c. Layer 3 d. Layer 4
b. Layer 2
Maria is a new network engineer for a company that was established more than 30 years ago. She is examining the IT infrastructure and discovers that the virtual private network (VPN) solution employs an older encryption protocol for backward compatibility. This protocol has largely been replaced, but it used to be popular in early VPN solutions. What is this protocol? a. Layer 2 Forwarding (L2F) Protocol b. Layer 2 Tunneling Protocol (L2TP) c. Point-to-Point Protocol (PPP) d. Point-to-Point Tunneling Protocol (PPTP)
b. Layer 2 Tunneling Protocol (L2TP)
Dhruv is the lead network engineer for his three-year-old company. He is writing a proposal that recommends the network protocol to use in several branch offices. Based on the age of the networking equipment, what is his recommendation to the chief information officer (CIO)?\ a. Continue to use IPv4 b. Upgrade to IPv6 c. Transition from Post Office Protocol (POP) to Simple Mail Transfer Protocol (SMTP) d. Transition to IPX/SPX
b. Upgrade to IPv6
When setting up port forwarding on an external firewall to pass HTTP traffic from the Internet to an internal web server, the external address and port are 208.40.235.38:8081. What is the internal IP address and port, assuming the most common port for that protocol? a. 192.168.5.74:21 b. 192.168.5.74:25 c. 192.168.5.74:80 d. 192.168.5.74:123
c. 192.168.5.74:80
While the design of a hardware firewall requires it to filter all inbound and outbound traffic, it can also act as a bottleneck for that traffic if the wire speed it filters at is too slow. For a 1 gigabits per second (Gbps) network, what filtering wire speed should the firewall possess? a. 1 Gbps or higher b. 1.5 Gbps or higher c. 2.5 Gbps or higher d. 4 Gbps or higher
c. 2.5 Gbps or higher
Alphonse is a network engineer who is developing his IT infrastructure's virtual private network (VPN) deployment plan. He has decided to place the VPN device between the externally facing and internally facing firewalls in the demilitarized zone (DMZ). He is determining the rule sets with which to configure both firewalls. His VPN device is a Secure Sockets Layer (SSL) VPN and he wants to use default settings. Which port should he allow the firewalls to pass traffic through? a. 115 b. 194 c. 443 d. 500
c. 443
Cassie is an IT help desk representative. She just received a trouble ticket from a remote user stating they cannot connect to the company network over the virtual private network (VPN). Cassie begins troubleshooting the matter, checking on recent configuration changes to the VPN equipment, looking at the unit's logs for error messages, and so on. She has examined the VPN-related features and potential problems but still doesn't understand why the end user's connection failed. She has been assured that both the end user and the company have Internet connectivity. What is the most likely reason the user cannot connect? a. Patching for the VPN unit is out of date. b. The VPN's firmware needs to be flashed. c. A network engineer has inadvertently changed the IP address of the firewall's internal interface that connects to the VPN's outward-facing port. d. The end user's computer had a memory failure.
c. A network engineer has inadvertently changed the IP address of the firewall's internal interface that connects to the VPN's outward-facing port.
Elissa is a network technician. She is configuring firewall rules for one of her company's branch offices, which supports online retail sales of the company's products. She is configuring rules to block traffic based on a traditional model but needs to allow a particular type of traffic. What should she allow? a. All Internet Control Message Protocol (ICMP) traffic coming from the Internet b. Any traffic specifically directed to the firewall c. All traffic from port 80 originating from the office's web server, which is in a protected subnet d. Inbound Transmission Control Protocol (TCP) traffic on port 53 to external Domain Name System (DNS) zone transfer requests
c. All traffic from port 80 originating from the office's web server, which is in a protected subnet
Which of the following virtual private network (VPN) policy requirements is valid? a. Impose strict single-factor authentication. b. Avoid strong access control restrictions on the primary VPN connection. c. Define the mechanisms that provide remote technical support for VPN telecommuters. d. Disable detailed auditing, because it introduces a security concern.
c. Define the mechanisms that provide remote technical support for VPN telecommuters.
Malika is a network engineer who is configuring firewalls separating both the Accounting and HR departments from the rest of the business divisions on the local area network (LAN). She wants to allow only certain traffic into those subnets from both internal employees and those working from home. The traffic may include email, chat, and video conferencing. She wants to prevent access to the company intranets to protect confidential employee and financial data. How has she configured these firewalls? a. Blocker b. Examiner c. Filter d. Sieve
c. Filter
Thuan is a new network engineer. He is increasing the security of end-user computers. Which of the following is a security feature every client computer needs? a. BYOD b. Clustering c. Password-protected screen saver d. RAID
c. Password-protected screen saver
Geraldine is a freelance network technician. She has been hired to design and build a small office/home office (SOHO) network. She is considering what firewall solution to select, keeping in mind that her client has a tight budget and the network is made up of no more than six nodes. Which of the following is the best solution? a. Next-generation firewall b. Commercial software firewall c. Personal hardware firewall integrated in the wireless access point or modem d. Commercial hardware firewall
c. Personal hardware firewall integrated in the wireless access point or modem
Logan is a network administrator. He is considering a firewall purchase for a branch office being built by his company. Above all other considerations, the design requires a device capable of a high degree of imposing user access restrictions. What is this called? a. Audit capacities b. Authentication c. Privilege control d. Security assurance
c. Privilege control
Fatima has been hired as a contractor to decommission a network topology that has been employed by a small company since the 1990s. In studying the project specifications, she reads that this physical topology uses a special packet called tokens, and can be unidirectional or bidirectional. Although it has fewer collisions than other types of networks, this topology is rarely seen in the twenty-first century. Baffled as to what type of network this is, she goes on the Internet and researches the technology. What sort of topology does she find? a. Bus b. Mesh c. Ring d. Star
c. Ring
Several times this week, the IT infrastructure chief of a small company has suspected that wireless communications sessions have been intercepted. After investigating, he believes some form of insertion attack is happening. He is considering encrypted communications and preconfigured network access as a defense. What type of insertion attack is suspected? a. Cross-site scripting (XSS) b. Intrusion detection system (IDS) insertion c. Rogue device insertion d. SQL insertion
c. Rogue device insertion
Sebastian is the HR department's trainer. He is developing various materials to teach the fundamentals of using a virtual private network (VPN) to a variety of audiences, from the president and vice presidents of the corporation to newly hired mid-level managers and entry-level employees. After implementing his training program some weeks ago, he began getting calls from the IT help desk stating that users are contacting them with troubleshooting issues for their VPN sessions. The help desk technicians do not know how to respond. What is the most likely problem? a. Sebastian forgot to add basic troubleshooting to his end-user training. b. Sebastian neglected to direct the end users to consult their training manual first before contacting the help desk. c. Sebastian neglected to train IT personnel on troubleshooting remote connections d. Sebastian did not make recordings of his training sessions available on the company intranet so end users could get a refresher if needed
c. Sebastian neglected to train IT personnel on troubleshooting remote connections
Isabella is a network administrator. She is researching virtual private network (VPN) options for company employees who work from home. The solution must provide encryption over public networks, including the Internet; not rely upon pathways the company owns; be reliable; and not be subject to eavesdropping. It must also be cost-effective. Which solution does she choose? a. Channeled VPN b. Hybrid VPN c. Secured VPN d. Trusted VPN
c. Secured VPN
A major social networking site has been hacked. The usernames, passwords, and security questions of more than 500 million users were compromised. The company disclosed the breach to all users, advising them to immediately change their passwords and security questions. The vulnerability that lead to the breach has been discovered and patched. However, the security engineer suspects there is still a problem left unaddressed. What is the most likely problem? a. The company's web servers could still be at risk of banner grabbing. b. The network may still be attacked using a zero-day exploit. c. The hackers may have left malicious tools within the network that will allow them continued access. d. Wardialing over telephone lines could discover active and answering modems in the system.
c. The hackers may have left malicious tools within the network that will allow them continued access.
Carl is a networking student who is reading about methods of encryption and how they work with firewalls. Right now, he is studying a form of encryption that encrypts the entire original payload and header of a packet. However, because the header contains only information about endpoints, it is not useful for a firewall filtering malicious traffic. Which of the following is the encryption method being described? a. Secure Shell (SSH) b. Transport mode c. Tunnel mode d. 801.x
c. Tunnel mode
Bill is a network technician. He is currently configuring the infrastructure's Internet-facing firewalls. He knows that the Internet Control Message Protocol (ICMP) echo type often referred to as "ping" is used by malicious persons to probe networks. He wants to set up a rule that will deny ping attempts from outside the network. What does he deny? a. Type 0 b. Type 3 c. Type 8 d. Type 11
c. Type 8
Hao is a network security engineer for a mid-sized company. She is redesigning the infrastructure and its resources to provide greater protection from both external and internal threats. She wants to place firewall devices not only where the local area network (LAN) connects to the Internet, but also within the network. Although she doesn't suspect any employees of misusing computer resources, there is always the potential that one might send unauthorized emails or other messages containing confidential company information to a competitor. Which redundant solution should she select that will be most likely to detect malicious behavior by an internal employee? a. Firewall in the demilitarized zone (DMZ) b. Firewalls at each subnet c. Host firewalls d. Host firewalls and firewalls at each subnet
d. Host firewalls and firewalls at each subnet
A mid-sized company's IT security engineer is attempting to make it more difficult for the company's wireless network to be compromised. She is using techniques such as random challenge-response dialogue for authentication, timestamps on authentication exchanges, and one-time pad or session-based encryption. What form of wireless attack is she defending against? a. Eavesdropping b. Insertion c. Hijack d. Replay
d. Replay
Susan is a mid-level executive at her corporation who works remotely. Today, she worked from a restaurant using her company-issued laptop and connected to the Internet using the restaurant's free Wi-Fi. Once she made a connection, she authenticated to her virtual private network (VPN) client that links to her office network over a private, secure tunnel. While working, she contacted Lelah, who works in IT. She casually mentioned where she is working. How did Lelah respond? a. As long as Susan connected to the work network via VPN, security is not a problem. b. Because Susan used a publicly accessible Wi-Fi link, her connection is no longer secure. c. If Susan plans on working while using a publicly accessible Wi-Fi link in the future, IT will have to add additional security features to her laptop. d. The data on the laptop was vulnerable in the time between when the laptop's wireless network interface connected to the Wi-Fi access point and when Susan enabled the VPN connection.
d. The data on the laptop was vulnerable in the time between when the laptop's wireless network interface connected to the Wi-Fi access point and when Susan enabled the VPN connection.
A network infrastructure supervisor is designing a firewall placement strategy that will protect the organization's Internet-facing web and email servers and the internal network. Which design will best protect both? a. Placing the firewall between the Internet and a single network hosting both the servers and the internal network, using port forwarding to direct traffic to the servers b. Placing the web and email servers, configured with the latest patches and anti-malware applications, on the Internet in front of the firewall, while placing the internal network behind the firewall c. Using a perimeter network design where all Internet traffic enters the firewall; one interface of the firewall connects to a perimeter network hosting the web and email servers, while the internal network receives traffic from a separate firewall interface d. Using two firewalls to create a demilitarized zone (DMZ); one firewall is placed between the Internet and the servers, the other firewall is located behind the first firewall and the servers protecting the internal network
d. Using two firewalls to create a demilitarized zone (DMZ); one firewall is placed between the Internet and the servers, the other firewall is located behind the first firewall and the servers protecting the internal network
Norman is a network engineer. He is creating a series of logical networks based on different departments for a new branch office. Although the physical locations of the computers for a particular department may be in different areas or on different floors of the building, they have to operate as if they are on a single physical network. Norman's solution involves putting the accounting, engineering, and marketing computer nodes on different subnets. What sort of network topology does Norman create? a. Access point b. Local area network (LAN) c. Star d. Virtual local area network (VLAN)
d. Virtual local area network (VLAN)
Santiago is a new network engineer for a mid-sized company. It is his responsibility to ensure that all employees working from home are able to connect to the office network in an efficient and secure manner. He must provide a service that allows communications between out-of-office staff and network resources to be encrypted at the protocol level and to be performed by either client or server software. The solution must also ensure that even if protocol encryption fails, the data is safe by its own encryption. What solution does he select? a. Authentication, authorization, and accounting (AAA) b. Implementation of a demilitarized zone (DMZ) c. Identity and access management (IAM) d. Virtual private network (VPN)
d. Virtual private network (VPN)
Which of the following must be done first to accomplish an organization's security goals? a. Create a security group. b. Develop a graphic security design. c. Create a continuous improvement plan. d. Write down security goals.
d. Write down security goals.
The configuration, location, software version, and underlying operating system of a virtual private network (VPN) are all factors that are most likely to affect: a. bandwidth. b. tunneling. c. security. d. stability.
d. stability.