ISA ch 4
TLS
Mia is a network administrator for a bank. She is responsible for secure communications with her company's customer website. Which of the following would be the best for her to implement? A. SSL B. PPTP C. IPSec D. TLS
NIDS
Mia is responsible for security devices at her company. She is concerned about detecting intrusions. She wants a solution that would work across entire network segments. However, she wants to ensure that false positives do not interrupt work flow. What would be the best solution for Mia to consider? A. HIDS B. HIPS C. NIDS D. NIPS
L2TP
You have been instructed to find a VPN solution for your company. Your company uses TACACS+ for remote access. Which of the following would be the best VPN solution for your company?
Implement a policy against tethering
You have discovered that one of the employees at your company tethers her smartphone to her work PC to bypass the corporate web security and access prohibited websites while connected to the LAN. What would be the best way to prevent this?
site-to-site VPN
ACME Company has several remote offices. The CIO wants to set up permanent secure connections between the remote offices and the central office. What would be the best solution for this? A. L2TP VPN B. IPSEC VPN C. Site-to-site VPN D. Remote-access VPN
Using a network tap
Abigail is responsible for setting up an NIPS on her network. The NIPS is located in one particular network segment. She is looking for a passive method to get a copy of all traffic to the NIPS network segment so that it can analyze the traffic. Which of the following would be her best choice?
Continuos monitoring
Alisha is monitoring security for a mid-sized financial institution. Under her predecessor there were multiple high-profile breaches. Management is very concerned about detecting any security issues or breach of policy as soon as possible. Which of the following would be the best solution for this?
WEP
An IV attack is usually associated with which of the following wireless protocols? A. WEP B. WAP C. WPA D. WPA2
TACACS+
Bart is looking for a remote access protocol for his company. It is important that the solution he selects support multiple protocols and use a reliable network communication protocol. Which of the following would be his best choice?
It might fail to block malicious applications
Carlos is a security manager for a small company that does medical billing and records management. He is using application blacklisting to prevent malicious applications from being installed. What, if anything, is the weakness with this approach? A. None, this is the right approach. B. It might block legitimate applications. C. It might fail to block malicious applications. D. It will limit productivity.
ACL
Carolyn is the network administrator for a small financial services company and is responsible for controlling access to the resources on her network. Which technology is responsible for blocking access to a resource based on the requesting IP address? A.ACL B.NIPS C.HIPS D.Port blocking A.ACL
SIP and RTP
Carrol is responsible for network connectivity in her company. The sales department is transitioning to VoIP. What are two protocols she must allow through the firewall?
Put those machines on a separate wireless network with separate WAP.
Dennis is implementing wireless security throughout his network. He is using WPA2. However, there are some older machines that cannot connect to WPA2—they only support WEP. At least for now, he must keep these machines. What is the best solution for this problem? A. Put those machines on a different VLAN. B. Deny wireless capability for those machines. C. Put those machines on a separate wireless network with separate WAP. D. Encrypt their traffic with TLS.
Use cryptographic hashes.
Dennis is trying to set up a system to analyze the integrity of applications on his network. He wants to make sure that the applications have not been tampered with or Trojaned. What would be most useful in accomplishing this goal?
Use cryptographic hashes
Dennis is trying to set up a system to analyze the integrity of applications on his network. He wants to make sure that the applications have not been tampered with or Trojaned. What would be most useful in accomplishing this goal?
inline
Dominick is responsible for security at a medium-sized insurance company. He is very concerned about detecting intrusions. The IDS (intrusion detection system) he has purchased states that he must have an IDS on each network segment. What type of IDS is this?
Implement aggregation switches
Doug is a network administrator for a small company. The company has recently implemented an e-commerce server. This has placed a strain on network bandwidth. What would be the most cost-effective means for him to address this issue?
Implement port mirroring for that segment
Emily manages the IDS/IPS for her network. She has an NIPS installed and properly configured. It is not detecting obvious attacks on one specific network segment. She has verified that the NIPS is properly configured and working properly. What would be the most efficient way for her to address this? A. Implement port mirroring for that segment. B. Install an NIPS on that segment. C. Upgrade to a more effective NIPS. D. Isolate that segment on its own VLAN.
Implement port mirroring for that segment.
Emily manages the IDS/IPS for her network. She has an NIPS installed and properly configured. It is not detecting obvious attacks on one specific network segment. She has verified that the NIPS is properly configured and working properly. What would be the most efficient way for her to address this?
CYOD
Employees in your company are allowed to use tablets. They can select a tablet from four different models approved by the company but purchased by the employee. What best describes this? A. BYOD B. CYOD C. COPE D. BYOE
Air-gap the backup server.
Enrique is concerned about backup data being infected by malware. The company backs up key servers to digital storage on a backup server. Which of the following would be most effective in preventing the backup data being infected by malware? A. Place the backup server on a separate VLAN. B. Air-gap the backup server. C. Place the backup server on a different network segment. D. Use a honeynet.
IPS
Erik is responsible for the security of a SCADA system. Availability is a critical issue. Which of the following is most important to implement?
Sites not on the blacklist
Ethan has noticed some users on his network accessing inappropriate videos. His network uses a proxy server that has content filtering with blacklisting. What is the most likely cause of this issue?
WPS attack
Farès has discovered that attackers have breached his wireless network. They seem to have used a brute-force attack on the WiFi-protected setup PIN to exploit the WAP and recover the WPA2 password. What is this attack called? A. IV attack B. Rogue WAP C. WPS Attack D. Evil twin
Heuristic scanning
Frank is a network administrator for a small college. The college has implemented a simple NIDS. However, the NIDS seems to only catch well-known attacks. What technology is this NIDS likely missing?
Radius
Frank is looking for a remote authentication and access protocol. It must be one that uses UDP due to firewall rules. Which of the following would be the best choice?
Store the drives in a secure cabinet.
Fred is responsible for physical security in his company. He wants to find a good way to protect the USB thumb drives that have BitLocker keys stored on them. Which of the following would be the best solution for this situation?
DMZ
Gabriel is setting up a new e-commerce server. He is concerned about security issues. Which of the following would be the best location to place an e-commerce server? A. DMZ B. Intranet C. Guest network D. Extranet
Place the SCADA system on a separate VLAN
George is a network administrator at a power plant. He notices that several turbines had unusual ramp-ups in cycles last week. After investigating, he finds that an executable was uploaded to the system control console and caused this. Which of the following would be most effective in preventing this from affecting the SCADA system in the future?
ACL
Gerald is a network administrator for a small financial services company. He is responsible for controlling access to resources on his network. What mechanism is responsible for blocking access to a resource based on the requesting IP address? A. ACL B. NIPS C. HIPS D. Port blocking
Thin
Gerald is setting up new wireless access points throughout his company's building. The wireless access points have just the radio transceiver, with no additional functionality. What best describes these wireless access points?
MS-CHAPv2 provides mutual authentication, CHAP does not.
Greg is considering using CHAP or MS-CHAPv2 for authenticating remote users. Which of the following is a major difference between the two protocols?
Sensor
Hector is responsible for NIDS/NIPS in his company. He is configuring a new NIPS solution. What part of the NIPS collects data? A. Sensor B. Data source C. Manager D. Analyzer
Implement an SSL accelerator
Helga works for a bank and is responsible for secure communications with the online banking application. The application uses TLS to secure all customer communications. She has noticed that since migrating to larger encryption keys, the server's performance has declined. What would be the best way to address this issue?
It establishes the SAs
Janice is explaining how IPSec works to a new network administrator. She is trying to explain the role of IKE. Which of the following most closely matches the role of IKE in IPSec?
DDoS mitigator
Jeff is the security administrator for an e-commerce site. He is concerned about DoS attacks. Which of the following would be the most effective in addressing this? A.DDoS mitigator B. WAF with SPI C. NIPS D. Increased available bandwidth
IPS
Jody is worried about disgruntled employees stealing company documents and exfiltrating them from the network. She's seeking a solution that will detect exfiltration and block it. What type of system is Jody seeking? A.IPS B.SIEM C. Honeypot D.Firewall
UTM
John is responsible for network security at a very small company. Due to both budget constraints and space constraints, John can select only one security device. What should he select? A. Firewall B. Antivirus C. IDS D. UTM
They will no longer see the SSID as an available network
Juan is responsible for wireless security in his company. He has decided to disable the SSID broadcast on the single AP the company uses. What will the effect be on client machines?
NIDS
Lars is responsible for incident response at ACME Company. He is particularly concerned about the network segment that hosts the corporate web servers. He wants a solution that will detect potential attacks and notify the administrator so the administrator can take whatever action he or she deems appropriate. Which of the following would be the best solution for Lars?
Correlation Engine
Liam is responsible for monitoring security events in his company. He wants to see how diverse events may connect. He is interested in identifying different indicators of compromise that may point to the same breach. Which of the following would be most helpful for him to implement?
Implement account usage auditing on the SCADA system
Maria is a security engineer with a manufacturing company. During a recent investigation, she discovered that an engineer's compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. What should Maria do to mitigate this threat?
False positive
Maria is responsible for monitoring IDS activity on her company's network. Twice in the past month there has been activity reported on the IDS that investigation has shown was legitimate traffic. What best describes this?
Use an application container
Mark is an administrator for a health care company. He has to support an older, legacy application. He is concerned that this legacy application might have vulnerabilities that would affect the rest of the network. What is the most efficient way to mitigate this? A. Use an application container. B. Implement SDN. C. Run the application on a separate VLAN. D. Insist on an updated version of the application.
Out-of-band NIDS
Mary works for a large insurance company and is responsible for cybersecurity. She is concerned about insiders and wants to detect malicious activity on the part of insiders. But she wants her detection process to be invisible to the attacker. What technology best fits these needs? A. Hybrid NIDS B. Out-of-band NIDS C. NIPS D. NNIDS
Controller-based
Mohaned is an IT manager for a hotel. His hotel wants to put wireless access points on each floor. The specifications state that the wireless access points should have minimal functionality, with all the configuration, authentication, and other functionality centrally controlled. What type of wireless access points should Mohaned consider purchasing? A. Fat B. Controller-based C. Stand-alone D. 801.11i
fat
Omar is responsible for wireless security in his company. He wants completely different WiFi access (i.e., a different SSID, different security levels, and different authentication methods) in different parts of the company. What would be the best choice for Omar to select in WAPs? A. Fat B. Thin C. Repeater D. Full
Fat
Omar is responsible for wireless security in his company. He wants completely different WiFi access (i.e., a different SSID, different security levels, and different authentication methods) in different parts of the company. What would be the best choice for Omar to select in WAPs?
Split Tunnel
Remote employees at your company frequently need to connect to both the secure company network via VPN and open public websites, simultaneously. What technology would best support this?
WPA
Ricky is over WiFI security for his company. Which wireless security protocol below uses TKIP? A.WPA B.CCMP C.WEP D.WPA2
Credentials sent in cleartext
Robert is using PAP for authentication in his network. What is the most significant weakness in PAP?
TLS
Ryan is concerned about the security of his company's web application. Since the application processes confidential data, he is most concerned about data exposure. Which of the following would be the most important for him to implement? A. WAF B. TLS C. NIPS D. NIDS
RTP is not secure.
Sarah is the CIO for a small company. She recently had the entire company's voice calls moved to VoIP. Her new VoIP system is using SIP with RTP. What might be the concern with this? A. SIP is not secure. B. RTP is not secure. C. RTP is too slow. D. SIP is too slow.
ACL
Shelly is very concerned about unauthorized users connecting to the company routers. She would like to prevent spoofing. What is the most essential antispoofing technique for routers?
WAP placement
Teresa is responsible for WiFi security in her company. Her main concern is that there are many other offices in the building her company occupies and that someone could easily attempt to breach their WiFi from one of these locations. What technique would be best in alleviating her concern?
WPA
Teresa is responsible for WiFi security in her company. Which wireless security protocol uses TKIP?
WPA
Teresa is responsible for WiFi security in her company. Which wireless security protocol uses TKIP?
ANT
Teresa is responsible for network administration at a health club chain. She is trying for find a communication technology that uses low power and can spend long periods in low-power sleep modes. Which of the following technologies would be the best fit?
VPN concentrator
Terrance is responsible for secure communications on his company's network. The company has a number of traveling salespeople who need to connect to network resources. What technology would be most helpful in addressing this need? A. VPN concentrator B. SSL accelerator C. DMZ D. Guest network
Authenticate the entire packet
Tom is responsible for VPN connections in his company. His company uses IPSec for VPNs. What is the primary purpose of AH in IPSec?
Jamming
Users are complaining that they cannot connect to the wireless network. You discover that the WAPs are being subjected to a wireless attack designed to block their WiFi signals. Which of the following is the best label for this attack? A.IV Attack B.Jamming C.WPS Attack D.Botnet
SSH
Victor is a network administrator for a medium-sized company. He wants to be able to access servers remotely so that he can perform small administrative tasks from remote locations. Which of the following would be the best protocol for him to use? A. SSH B. Telnet C. RSH D. SNMP
ESP
What IPSec protocol provides authentication and encryption? A. AH B. ESP C. IKE D. ISAKMP
Clickjacking
What type of attack involves users clicking on something different on a website than what they intended to click on? A. Clickjacking B. Bluesnarfing C. Bluejacking D. Evil twin
Bluesnarfing
What type of attack uses Bluetooth to access the data from a cell phone when in range? A. Phonejacking B. Bluejacking C. Bluesnarfing D. Evil twin
Evil Twin
What type of attack uses a second wireless access point (WAP) that broadcasts the same SSID as a legitimate access point, in an attempt to get users to connect to the attacker's WAP?
IP addresses (sender and receiver), ports (sender and receiver), and protocol
When using any HIDS/HIPS or NIDS/NIPS, the output is specific to the vendor. However, what is the basic set of information that virtually all HIDSs/HIPSs or NIDSs/NIPSs provide? A. .IP addresses (sender and receiver), ports (sender and receiver), and protocol B. IP addresses (sender and receiver), ports (sender and receiver), and attack type C. IP addresses (sender and receiver), ports (sender and receiver), usernames, and machine names D. Usernames, machine names, and attack type
False positives and false negatives
When you are considering an NIDS or NIPS, what are your two most important concerns?
802.11i
Which of the following 802.11 standards is supported in WPA2, but not in WEP or WPA?
TACACS+
Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches? A. DIAMETER B. RADIUS C. TACACS+ D. Kerberos
Radius
Which of the following is an authentication service that uses UDP as a transport medium? A. TACACS+ B. LDAP C. Kerberos D. RADIUS
It provides scalability.
Which of the following is the most important benefit from implementing SDN? A. It will stop malware. B. It provides scalability. C. It will detect intrusions. D. It will prevent session hijacking.
Baselining
Which of the following terms refers to the process of establishing a standard for security?
Whitelisting
Which of the following would prevent a user from installing a program on a companyowned mobile device? A. Whitelisting B. Blacklisting C. ACL D. HIDS
WEP
While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing? A. EAP-TLS B. PEAP C. WEP D. WPA
Disable WiFi for any peripheral that does not absolutely need it
You are concerned about peripheral devices being exploited by an attacker. Which of the following is the first step you should take to mitigate this threat? A. Disable WiFi for any peripheral that does not absolutely need it. B. Enable BIOS protection for peripheral devices. C. Use strong encryption on all peripheral devices. D. Configure antivirus on all peripherals.
Agent NAC
You are configuring BYOD access for your company. You want the absolute most robust security for the BYOD on your network. What would be the best solution? A. Agentless NAC B. Agent NAC C. Digital certificate authentication D. Two-factor authentication
WPA
You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security to protect against wireless attack. However, you must provide support for older wireless clients. Which protocol should you choose?
TACACS
You are investigating a remote access protocol for your company to use. The protocol needs to fully encrypt the message, use reliable transport protocols, and support a range of network protocols. Which of the following would be the best choice? A. RADIUS B. Diameter C. TACACS + D. IPSec
Infrared
You are looking for a point-to-point connection method that would allow two devices to synchronize data. The solution you pick should not be affected by EMI (electromagnetic interference) and should be usable over distances exceeding 10 meters, provided there is a line-of-sight connection. What would be the best solution?
Tunneling
You are responsible for always-on VPN connectivity for your company. You have been told that you must use the most secure mode for IPSec that you can. Which of the following would be the best for you to select?
Remote-access VPN
You are responsible for communications security at your company. Your company has a large number of remote workers, including traveling salespeople. You wish to make sure that when they connect to the network, it is in a secure manner. What should you implement? A. L2TP VPN B. IPSec VPN C. Site-to-site VPN D. Remote-access VPN
Kerberos
You are responsible for network security at your company. You have discovered that NTP is not functioning properly. What security protocol will most likely be affected by this? A. Radius B. DNSSEC C. IPSec D. Kerberos
Tunneling
You are setting up VPNs in your company. You are concerned that anyone running a packet sniffer could obtain metadata about the traffic. You have chosen IPSec. What mode should you use to accomplish your goals of preventing metadata being seen? A. AH B. ESP C. Tunneling D. Transport
Bluesnarfing
You have noticed that when in a crowded area, data from your cell phone is stolen. Later investigation shows a Bluetooth connection to your phone, one that you cannot explain. What describes this attack? A. Bluejacking B. Bluesnarfing C. Evil twin D. RAT
IV attack
Your wireless network has been breached and it seems as though the attacker has modified a portion of your data that is used with a stream cipher. This was used to expose wirelessly-encrypted data. What type of attack is this? A.Evil twin B.Rogue WAP C.IV Attack D.WPS attack