CIST 2611

What is an example of security through obscurity? Assuming your system will not be noticed when connecting to the internet. B. Using a nonstandard operating system for workstation such as FreeBSD C. Using the default Service port of a network service

Using a nonstandard operating system for workstations such as FreeBSD

The most effective method to promote network security is:

implement a multi-layered security strategy

Tonya is a network engineer. She is developing a new security policy for her company's IT infrastructure. She understands that the heart of performing a risk assessment, which is a necessary part of policy development, is understanding assets, likelihoods, threats, and _________. admission control. network access. restrictions. vulnerabilities

vulnerabilities

While fragmentation of IP packets is supported when they encounter network segments that have a smaller maximum transmission unit (MTU), that feature can be manipulated by malicious parties in overlapping attacks. In calculating a defense for such an exploit, what is the only reliable defense? A. A dynamic filtering system that performs header reassembly B. A dynamic filtering system that performs packet reassembly C. A dynamic filtering system that performs footer reassembly D. A dynamic filtering system that performs virtual reassembly

A dynamic filtering system that performs virtual reassembly

Werner is a security manager for a health insurance company. He is examining the organization's compliance with patient privacy. While investigating how staff handle verbal and email communications, he discovers that some staff members are lax about how well they protect details that, when combined, might be used to reveal sensitive details about some customers. What is the focus of his concern?

Personally identifiable information (PII)

Opal is the chief technology officer for her company. She is working with the legal department to acquire virtual private network (VPN) service through a cloud provider. She wants the contract to address failover specifically. What is she most likely concerned about?

Redundancy

A first-year student in a computer networking class is studying different addressing types and attempting to identify them. Which of the following does she determine is a Media Access Control (MAC) address? a) 192.168.10.5 b) 2001:0db8:85a3:0000:0000:8a2e:-370:7334 c) 00-14-22-01-23-45 d) 10.0.0.0/8

00-14-22-01-23-45

A company's cybersecurity trainer is recording a Lunch and Learn video for new employees. The trainer discusses the dangers of spam. Besides being annoying, what other problem could spam cause?

A spam email could contain a link to what appears as a benign or beneficial website that could, if clicked, upload malicious software to eh user's computer

Which of the following best describes a network chokepoint? A proxy installed between a firewall and a web server b. A device that analyzes traffic based on destination address c. A load balancing system that acts as a funnel point for traffic, that is an ideal place to enforce policy, and that is done through the firewall d. A specialized kind of gateway that focuses on traffic to a single concentrated pathway to streamline the process of filtering

A specialized kind of gateway that focuses on traffic to a single concentrated pathway to streamline the process of filtering

Which network device concentrates communications signals, accepts only basic commands, and provides statistics such as throughput measures and uptime percentages? a) Active hub b) Dumb hub c) Router d) Switch

Active hub

Alphonse is a networking contractor who has been hired by a small to medium-sized company to configure its firewall. The firewall comes preconfigured with a common rule set that allows web, email, instant messaging, and file transfer traffic using default ports. The company wants to allow access to secure websites and common website protocols but block access to insecure Internet websites. Which of the following is the best solution? A.Allow access to SMTP,pop3, and HTTP, but deny access to HTTPS, SQL, and java B. Allow access to HTTPS, SQL, and java, but deny access to HTTP c. Deny access to HTTP, HTTPS, SQL, and java but allow access to TCP and UDP

Allow access to HTTPS, SQL, and Java, but deny access to HTTP

Torri is a network technician. She needs to configure the edge firewalls for her company's IT infrastructure. Her supervisor has told her she must find a configuration method that assumes all network traffic is safe and, as malicious traffic is identified, it is added to a list of exceptions. Which of the following configuration methods does Torri select?

Allow by default/deny by exception

Estefan is a network professional for an e-commerce company. The chief information officer (CIO) wants the customer web portal downtime to be reduced from 5 minutes per year to 30 seconds per year. The change should occur over the next 6 months. Which security objective must Estefan employ to accomplish this goal? a. Nonrepudiation bAuthorization cAuthentication dAvailability

Availability

Lauren is a network technician monitoring performance on the local area network (LAN). She becomes alarmed when the network utilization reaches 95 percent for a particular time of day. How does she know what the utilization is normally like? Benchmarks Whitelists KISS Standards

Benchmarks

A bank's online infrastructure has been under attack by hackers. In addition to standard security methods, the bank's IT security manager has requested website code to be examined and modified, where necessary, to address possible arbitrary code execution. What will the code modifications prevent? session hijacking buffer over flow MIMAttack spoofing attack

Buffer overflows

. Nina is a corporate attorney for a San Francisco firm. The chief information and security officer (CISO) told her that the firm's data center had been hacked 24 hours ago. The personal information of more than 3 million users was accessed, including their full names, addresses, and login credentials. Nina discusses the company's liability under the law, including the requirement to implement and maintain reasonable security procedures and practices. If it can be proven that the firm was negligent, it may need to pay damages. Which of the following regulates this issue?

California Consumer Privacy Act (CCPA)

Which of the following virtual private network (VPN) solutions typically accepts a wider variety of client operating system types? Cloud-based VPN Hardware VPN Software VPN Traditional VPN

Cloud-based VPN

A malicious person has installed ransomware on a company user's computer. The ransomware message states that the malicious software will be removed if the user pays a certain amount of money digitally. What is a typical form of payment?

Cryptocurrency

Wen, a network engineer for a mid-sized company, is rolling out a virtual private network (VPN) solution that is easy to set up, manage, and maintain and represents the majority of VPN platforms on the market. What type of VPN is Wen deploying? Customer premise equipment (CPE) Do it yourself (DIY) Network Policy and Access Services (NPAS) Operating system (OS)─based

Customer premise equipment (CPE)

Which term describes a technology that performs deep-content inspection within a scope defined by a central management console? IP Multimedia Subsystem (IMS) Information Technology Infrastructure Library (ITIL) Governance, risk, and compliance (GRC) Data leakage prevention (DLP)

Data leakage prevention (DLP)

Devaki is an engineer who is designing network security for her company's infrastructure. She is incorporating protections for programming flaws, default settings, maximum values, processing capabilities, and memory capacities on devices, as well as malicious code and social engineering. What is this type of protection called? a) Defense in depth b) Divide and conquer c) Security through obscurity d) Single point of failure avoidance

Defense in depth

Brianna is an IT technician. She is studying a threat that holds the communication channel open when a TCP handshake does not conclude. What kind of attack does this involve? A. Unauthorized persons breaching a server's document tree B. Denial of service (DoS) attack C. Hackers accessing information on a server D. The interception of transaction data

Denial of service (DoS) attack

Which of the following is a common firewall philosophy? Fail by exception Deny by exception Allow by default Deny by default

Deny by default

Although encryption standards and methods have become increasingly more sophisticated over time, what other evolving technology is making it easier to defeat encryption?

Faster computers with more memory

Rachel is the cybersecurity engineer for a company that fulfills government contracts on Top Secret projects. She needs to find a way to send highly sensitive information by email in a way that won't arouse the suspicion of malicious parties. If she encrypts the emails, everyone will assume they contain confidential information. What is her solution? A. Hide Message in the time index of the email B. Hide Message in the front of the email's text C. Hide Message in the company's logo within the email

Hide messages in the company's logo within the email

Tonya is an accountant working from home. She connects to her office each day over a virtual private network (VPN). The IT department for her company has deployed a VPN appliance to assist employees such as Tonya in performing their tasks remotely. What solution does Tonya use to access her files on the company's accounting server? Gateway-to-gateway B. Do it yourself (DIY) C. Demilitarized zone (DMZ) D. Host-to-gateway

Host-to-gateway

Juan is a network engineer. His manager has tasked him with gathering concrete metrics on network security and operations. Juan selects the most popular performance metrics methodology. What is it?

Information Technology Infrastructure Library (ITIL)

Hacker tunneling uses two techniques. The first is to install a server component on an internal system and then have an external client make a connection. What is the second? A. Install a client component on an external system and then have another external system make the connection. B. Install a server component on an internal system and then have an internal client make the connection. C. Install a client component on an internal system and then have an external system make the connection. D. Install a server component on an external system and then use an internal client to make the connection.

Install a server component on an external system and then use an internal client to make the connection.

Which of the following is a limitation of Internet Protocol Security (IPSec)? It is not reliable for network encryption. It does not encrypt data on client computers. It cannot be used to encrypt data packets. It is not used for virtual private networks (VPNs).

It does not encrypt data on client computers

Juan is a technician designing a physical security strategy for his company's network. He wants to convince potential hackers that it would be too difficult and complex for them to mount a successful assault or that such an attack would be too easily detected. What central function is he addressing?

Juan is addressing the central function of deterrence in physical security strategy

The chief information officer (CIO) of a large company has been informed by the board of directors that their corporation is anticipating rapid growth over the next two years. She calculates the contingency of building additional capacity into the current network infrastructure. Based on the board's growth estimates, what percentage of additional capacity should she plan for? a) 10 percent b) 20 percent c) 30 percent d) More than 50 percent

More than 50 percent

Oscar is deploying a virtual private network (VPN) solution for his company. The VPN needs to connect to remote servers by their Internet Protocol (IP) addresses rather than using network address translation (NAT). What type of VPN is Oscar deploying? Customer premise equipment (CPE) Hardware VPN Operating system (OS) Internet Protocol Security (IPSec)

Operating system (OS)

Chad is a network engineer. He is tasked with selecting a virtual private network (VPN) platform for his company. He chooses a solution that is inexpensive and runs on UNIX, although it is less scalable and less stable than other solutions. What has he chosen? Hardware VPN Layer 2 VPN Operating system-based VPN Module-based VPN

Operating system-based VPN

A major online retailer was recently hacked, and the secure banking data and other personal information of tens of thousands of users were stolen. Who or what is the most likely culprit? Competitor Ethical hacker Organized crime group Script kiddie

Organized crime group

A firewall is a filtering device that watches for traffic that fails to comply with rules defined by the firewall administrator. What does the firewall inspect? Packet latency Packet header Packet trailer Packet encryption

Packet header

Otto is one of many employees working from home. Because his home is located in a rural area, the only form of connectivity available is dial-up. To connect to his office located in an urban community, what must the IT department set up? Cable DSL Remote access server (RAS)

Remote access server (RAS)

Armand is the IT director of his organization. He is working with accounting to determine a budget for upgrading the company's virtual private network (VPN) equipment. Several options are available, and he still needs more technical assistance to make a decision. Rather than going with award-winning VPN products, he has found in industry magazines and websites, which of the following is the best choice to consult for assistance in collecting information and helping to narrow his choices? A. Help desk staff B. Reseller C. VPN policy writer D. Purchasing manager

Reseller

All firewalls, including those using static packet filtering, stateful inspection, and application proxy, have one thing in common. What is it? Transport Layer Security (TLS) Default reject Rules Default permit

Rules

Isabella is a network administrator. She is researching virtual private network (VPN) options for company employees who work from home. The solution must provide encryption over public networks, including the Internet; not rely upon pathways the company owns; be reliable; and not be subject to eavesdropping. It must also be cost-effective. Which solution does she choose? Channeled VPN Hybrid VPN Secured VPN Trusted VPN

Secured VPN

Analisa is a sales representative who travels extensively. At a trade show, Analisa uses her virtual private network (VPN) connection to simultaneously connect to the office LAN and her personal computer at home. What security risk does this pose?

Split tunneling

Which network device differentiates network traffic using Layer 2 of the OSI model? a) Active hub b) Dumb hub c) Router d) Switch

Switch

Which layer of the OSI model is the Data Link Layer?

The Data Link Layer is the second layer of the OSI (Open Systems Interconnection) mode

Jacob is a sixth-grade student who has logged in to his school account. Online learning is a new implementation for the school district, which does not have its own data center to host services. The district uses a cloud service instead. Halfway through class, Jacob's connection goes down and he cannot reestablish it. The network connection seems fine and nothing appears wrong with his school-issued laptop. What is the likely cause?

The cloud service

Jacob is a network technician who works for a publishing company. He is setting up a new hire's access permissions. The new hire, Latisha, is an editor. She needs access to books that have been accepted for publication but are in the review stage. Jacob gives her access to the network drive containing only books in review, but not access to administrative or human resources network drives. What principle is Jacob applying?

The principle of least privlege

Which of the following statements is TRUE of connections between a corporate local area network (LAN) and a remote client, such as a remote worker? The corporate LAN connection is usually a temporary or nondedicated connection to the Internet. The remote client connection is usually a dedicated link to the Internet. The corporate LAN connection is always a circuit employing Multi-Protocol Label Switching (MPLS). The remote client can have either a dedicated or a nondedicated connection to the Internet

The remote client can have either a dedicated or a nondedicated connections to the Internet

Your sales department likes to stream professional sports games across the computer network on Wednesday afternoons, causing VPN performance issues during that time. What is the most likely cause of the performance issues? endpoint configuration Traffic spike Encryption VPN software version

Traffic spike

Which of the following is described as "confidence in your expectation that others will act in your best interest"?

Trust

Dhruv is the lead network engineer for his three-year-old company. He is writing a proposal that recommends the network protocol to use in several branch offices. Based on the age of the networking equipment, what is his recommendation to the chief information officer (CIO)? Upgrade to IPv6 Transition from Post Office Protocol (POP) to Simple Mail Transfer Protocol (SMTP) Transition to IPX/SPX Continue to use IPv4

Upgrade to IPv6

Kristin's position in IT focuses on using antivirus, anti-spyware, and vulnerability software patch management to maintain security and integrity. Which IT infrastructure domain is she protecting?

Workstation Domain

Besides a firewall, numerous other elements are often implemented to protect a network, EXCEPT: a public IP address proxy. B. anti-malware scanning. C. full hard drive encryption. D. an intrusion detection system/intrusion prevention system (IDS/IPS).

a public IP address proxy