Network Security+ Exam 2

What secure protocol is recommended for voice and video? SRTP S/MIME IMAP IPsec

SRTP

What hardware component can be inserted into a web server that contains one or more co-processors to handle SSL/TLS processing? SSL/TLS tap SSL/TLS accelerator SSL/TLS access point SSL/TLS mirror

SSL/TLS accelerator

A TOTP changes after a set period. True False

True

RF signals can be picked up from an open or mis-configured AP. True False

True

When VPN network traffic is routing only some traffic over the secure VPN while other traffic directly accesses the Internet, what technology is being used? priority tunnel split tunneling full tunnel shared tunneling

split tunneling

What are the three advantages of a rainbow table over other password attacks?

A rainbow table can be used repeatedly for attacks on other passwords. Rainbow tables are much faster than dictionary attacks. The amount of memory needed on the attacking machine is greatly reduced.

What technique can an attacker use to search for unprotected home wireless signals from an automobile or on foot using a portable computing device?

An attacker can use the war driving technique to identify unprotected home wireless networks.

What type of technology can add geographical identification data to media such as digital photos taken on a mobile device? GPS locating GeoData tagging GPS marking GPS tagging

GPS tagging

Discuss the Infrastructure as a Service (IaaS) model used in cloud computing.

In the Infrastructure as a Service (IaaS) model, the customer has the highest level of control. The cloud computing vendor allows customers to deploy and run their own software, including operating systems and applications. Consumers have some control over the operating systems, storage, and their installed applications, but do not manage or control the underlying cloud infrastructure.

Discuss the Software as a Service (SaaS) model used in cloud computing.

In the Software as a Service (SaaS) model the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. These applications, which can be accessed through a web browser, do not require any installation, configuration, upgrading, or management from the user.

In what type of cloud computing does the customer have some control over the operating systems, storage, and their installed applications? Application as a Service Infrastructure as a Service Software as a Service System as a Service

Infrastructure as a Service

Describe how Network Access Control (NAC) works.

NAC examines the current state of a system or network device before it is allowed to connect to the network. Any device that does not meet a specified set of criteria, such as having the most current anti-virus signature or the software firewall properly enabled, is only allowed to connect to a "quarantine" network where the security deficiencies are corrected. After the problems are solved, the device is connected to the normal network. The goal of NAC is to prevent computers with suboptimal security from potentially infecting other computers through the network.

Discuss the two advantages that NAT provides.

NAT has two advantages. First, it masks the IP addresses of internal devices. An attacker who captures the packet on the Internet cannot determine the actual IP address of the sender. Without that address, it is more difficult to identify and attack a computer. Second, NAT allows multiple devices to share a smaller number of public IP addresses.

What secure protocol is recommended for time synchronization? SRTP S/MIME NTP POP

NTP

What type of update service can Apple users take advantage of to update their operating systems via wireless carriers? OTG COPE OTA VDI

OTA

What is the Message Integrity Check (MIC) within WPA used for?

The Message Integrity Check (MIC) is used to prevent an attacker from conducting active or passive man-in-the-middle attacks by capturing, altering, and resending data packets.

What specific issues are associated with log management? (Choose all that apply.) The multiple devices generating logs. The different log formats. The fast network transfer speeds. The large volume of data that needs to be logged

The multiple devices generating logs. The different log formats. The fast network transfer speeds.

Which of the following selections is not one of the features provided by a typical MDM? Rapidly deploy new mobile devices Discover devices accessing enterprise systems Track stolen devices Enforce encryption settings

Track stolen devices

File integrity check (FIC) is a service that can monitor any changes made to computer files, such as operating system files.

True

Mobile devices using location services are at increased risk of targeted physical attacks. True False

True

NAT is not a specific device, technology, or protocol. It is a technique for substituting IP addresses.

True

Near field communication (NFC) is a set of standards used to establish communication between devices in very close proximity. True False

True

One use of data loss prevention (DLP) is blocking the copying of files to a USB flash drive.

True

SNMP-managed devices must have an agent or a service that listens for commands and then executes them.

True

Wired Equivalent Privacy (WEP) is an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. True False

True

What device acts like a wireless base station in a network, acting as a bridge between wireless and wired networks? access Point endpoint WMM ad-hoc peer

access Point

Which of the following account lockout policy settings determines the number of failed login attempts before a lockout occurs? system lockout threshold account lockout threshold administrator lockout threshold user lockout threshold

account lockout threshold

Slave devices that are connected to a piconet and are sending transmissions are known as what? active slave passive slaves parked slaves neutral slaves

active slave

What type of network access control uses Active Directory to scan a device to verify that it is in compliance? agentless NAC dissolvable NAC dependent NAC permanent NAC

agentless NAC

Which direction do access point antennas radiate their signals and where should they be located? two direction and centrally located four directions and asymmetrically located all directions and asymmetrically located all directions and centrally located

all directions and centrally located

What process gives a user access to a file system on a mobile device with full permissions, essentially allowing the user to do anything on the device? mirroring jailbreaking sideloading carrier unlocking

jailbreaking

What option below represents an example of behavioral biometrics? user dynamics keystroke dynamics facial recognition fingerprint recognition

keystroke dynamics

Mobile devices with global positioning system (GPS) abilities typically make use of: weak passwords location services open networks anti-virus software

location services

What technology will examine the current state of a network device before allowing it can to connect to the network and force any device that does not meet a specified set of criteria to connect only to a quarantine network? network access control virtual LANs network address translation host health checks

network access control

What hardware device can be inserted into a network to allow an administrator to monitor traffic? network tap network mirror shark box shark tap

network tap

A secret combination of letters, numbers, and/or characters that only the user should have knowledge of, is known as a: token password biometric detail challenge

password

If a network is completely isolated by an air gap from all other outside networks it is using what type of configuration? physical network segregation complete network segregation network isolation logical network segregation

physical network segregation

If a network administrator needs to configure a switch to copy traffic that occurs on some or all ports to a designated monitoring port on the switch, what switch technology will need to be supported? interface capture port identity port snooping port mirroring

port mirroring

The use of what item below involves the creation of a large pre-generated data set of candidate digests? rainbow tables randomized character list word list cascade tables

rainbow tables

Which of the following is a server that routes incoming requests coming from an external network to the correct internal server? forward proxy application proxy system proxy reverse proxy

reverse proxy

An access point that is unauthorized and allows an attacker to bypass network security configurations is considered to be what type of access point? random sanctioned rogue legitimate

rogue

What kind of networking device forwards packets across different computer networks by reading destination addresses? switch router bridge firewall

router

What type of attack conducts a statistical analysis of the stolen passwords that is then used to create a mask to break the largest number of passwords? character set attack binary attack mask attack rule attack

rule attack

What can be used to increase the strength of hashed passwords? salt key stretching double hashing single crypting

salt

What type of authentication is based on what the user has? software token hardware token security token identity token

security token

Which of the following accounts is a user account that is created explicitly to provide a security context for services running on a server? service account shared account system account privileged account

service account

What type of monitoring compares network traffic, activities, transactions, or behavior against a database of known attack patterns? application-based protocol-based behavioral-based signature-based

signature-based

The use of one authentication credential to access multiple accounts or applications is referred to as which of the following? individual Sign On single Sign On unilateral Sign On federated Sign On

single Sign On

What kind of biometrics utilizes a person's unique physical characteristics for authentication, such as fingerprints or unique characteristics of a person's face? cognitive biometrics reactive biometrics standard biometrics physical biometrics

standard biometrics

Which of the following is a is a two-way relationship that is automatically created between parent and child domains in a Microsoft Active Directory forest? double trust federated trust transitive trust domain trust

transitive trust

Describe the ways you can use FTP on a local host computer.

• From a command prompt. Commands can by typed at an operating system prompt, such as ls (list files), get (retrieve a file from the server), and put (transfer a file to the server). • Using a web browser. Instead of prefacing a URL with the protocol http://, the FTP protocol is entered with a preface of ftp://. • Using an FTP client. A separate FTP client application can be installed that displays files on the local host as well as the remote server. These files can be dragged and dropped between devices

List and describe the major parts of an access point.

An access point (AP) consists of three major parts: An antenna and a radio transmitter/receiver to send and receive wireless signals Special bridging software to interface wireless devices to other devices A wired network interface that allows it to connect by cable to a standard wired network.

Type I hypervisors run on the host operating system.

False

A web server must be accessible to untrusted outside users. What can be done to isolate this host and any additional hosts with similar requirements from more secured hosts on a network? Install a VPN, configure host Set up a proxy in front of the web server Create a DMZ, add necessary hosts. Configure a reduction point on a firewall

Create a DMZ, add necessary hosts.

The management in your corporate office needs to group users on the network together logically even though they are attached to separate network switches. How can this be done? Create a subnet for each network switch in use Create additional subnets for the separate groups Add all users to a single network segment Create a VLAN and add the users' computers / ports to the correct VLAN

Create a VLAN and add the users' computers / ports to the correct VLAN

Which encryption protocol below is used in the WPA2 standard? AES-CCMP AES-CTR AES-TKIP AES-SCMP

AES-CCMP

Which of the following self-contained APs are autonomous, or independent, because they are separate from other network devices and even other autonomous APs? fat APs single APs thin APs super APs

fat APs

A Bluetooth attack in which the attacker accesses unauthorized information from a wireless device using a Bluetooth connection, is known as which of the following terms? Bluejacking Bluecracking Bluesnarfing Bluetalking

Bluesnarfing

What term below is used to describe an attack that sends unsolicited messages to Bluetooth enabled devices? Bluesnarfing Bluejacking Bluecracking Bluetalking

Bluejacking

Which enterprise deployment model requires employees to choose from a selection of company owned and approved devices? BYOD COPE VDI CYOD

COPE

A firewall that keeps a record of the state of a connection between an internal computer and an external device is using what technology below? Stateful frame filtering Stateless frame filtering Stateful packet filtering Stateless packet filtering

Stateful packet filtering

What is the name of a computer or application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user? forward proxy server DNS server VPN server telnet server

forward proxy server

What data unit is associated with the Open Systems Interconnection layer two? segment packet frame bit

frame

Describe how VLAN communication takes place.

+ If multiple devices in the same VLAN are connected to the same switch, the switch itself can handle the transfer of packets to the members of the VLAN group. + If VLAN members on one switch need to communicate with members connected to another switch, a special 'tagging' protocol must be used.

Discuss at least two security advantages of a host running virtualization.

- A snapshot of a state of a virtual machine can be saved for later use. A user can make a snapshot before performing extensive modifications or alterations to the virtual machine, and then the snapshot can be reloaded so that the virtual machine is at the beginning state before the changes were made - A virtual machine can be used to test for potential malware. A suspicious program can be loaded into an isolated virtual machine and executed (sandboxing). If the program is malware, it will impact only the virtual machine, and it can easily be erased and a snapshot reinstalled

List and describe two advantages of a proxy server.

- Increased speed: Because forward proxy servers can cache material, a request can be served from the cache instead of retrieving the webpage through the Internet. - Reduced costs: A proxy server can reduce the amount of bandwidth usage because of the cache

List at least three things that can be done in order to reduce the risk of theft or loss of a mobile device.

- Keep the mobile device out of sight when traveling in a high-risk area. - Avoid becoming distracted by what is on the device. Always maintain an awareness of your surroundings. - When holding a device, use both hands to make it more difficult for a thief to snatch. - Do not use the device on escalators or near transit train doors. - White or red headphone cords may indicate they are connected to an expensive device. Consider changing the cord to a less conspicuous color. - If a theft does occur, do not resist or chase the thief. Instead, take note of the suspect's description, including any identifying characteristics and clothing, and then call the authorities. Also contact the organization or wireless carrier and change all passwords for accounts accessed on the device.

Describe some of the risks associated with using mobile devices in an enterprise environment.

1.Users may erase the installed built-in limitations on their smartphone (called jailbreaking on Apple iOS devices or rooting on Android devices) to provide additional functionality. However, this also disables the built-in operating system security features on the phone. 2.Personal mobile devices are often shared among family members and friends, subjecting sensitive corporate data installed on a user's device to outsiders. 3.Different mobile devices have different hardware and different versions of operating systems, all of which contain different levels and types of security features. Technical support staff may be called upon to support hundreds of different mobile devices, creating a nightmare for establishing a security baseline. 4.Mobile devices may be connected to a user's personal desktop computer that is infected, thus infecting the mobile device and increasing the risk of the organization's network becoming infected when the mobile device connects to it. 5.There may be difficulties in securing the personal smartphone from an employee who was fired so that any corporate data on it can be erased.

Which network address below is not a private IP address network? 10.4.5.0 172.63.255.0 192.168.255.0 172.17.16.0

172.63.255.0

An administrator needs to examine FTP commands that are being passed to a server. What port should the administrator be monitoring? 19 20 21 22

21

What is the maximum number of characters that can exist within a SSID name? 10 12 26 32

32

The Temporal Key Integrity Protocol (TKIP) encryption technology uses a MIC value that is what length? 24 bits 32 bits 48 bits 64 bits

64 bits

What vendor neutral protocol implements support for VLAN tagging? ISL VTP 802.1Q VSTP

802.1Q

Why should account passwords be disabled instead of the account being immediately deleted?

Account passwords should be disabled (made inactive) instead of the account being immediately deleted. This serves to create an audit trail to conform with compliance issues, and also makes the reestablishment of an account easier if it becomes necessary.

What is the difference between anomaly based monitoring and signature based monitoring?

Anomaly based monitoring involves monitoring for deviations from a baseline, whereas signature based monitoring uses predefined signatures to compare activity to.

Explain why it is important to be able to control the power level at which the WLAN transmits.

Another security feature on some APs is the ability to adjust the level of power at which the WLAN transmits. On devices with that feature, the power can be adjusted so that less of the signal leaves the premises and reaches outsiders.

Which enterprise deployment model allows users to use their personal mobile devices for business purposes? BYOD COPE VDI CYOD

BYOD

Discuss the different types of interference one might encounter using wireless devices.

Because wireless devices operate using RF signals, there is the potential for two types of signal interference. The wireless device may itself be the source of interference for other devices, and signals from other devices can disrupt wireless transmissions. Several types of devices transmit a radio signal that can cause incidental interference with a WLAN. These devices include microwave ovens, elevator motors, photocopying machines, certain types of outdoor lighting systems, theft protection devices, cordless telephones, microwave ovens, and Bluetooth devices. These may cause errors or completely prevent transmission between a wireless device and an AP.

What type of attack involves using every possible combination of letters, numbers, and characters to create candidate digests that are then matched against those in a stolen digest file? Space division Brute force Known ciphertext Known plaintext

Brute force

What term is used to describe the software agents that are used by NAC and installed on devices to gather information? NAC check agents server health agents host agent health checks network health agents

host agent health checks

What Microsoft Windows feature prevents attackers from using buffer overflows to execute malware?

DEP

Select the TCP/IP protocol that resolves a symbolic name to its corresponding IP address using a database consisting of an organized hierarchy tree. WINS NIS TACACS+ DNS

DNS

How does BYOD increase employee performance?

Employees are more likely to be productive while traveling or working away from the office if they are comfortable with their device.

What can be enabled to prevent a mobile device from being used until a user enters the correct passcode, such as a pin or password? Enable a smart card Enable a lock screen Enable a sleep time setting Enable a challenge-response screen

Enable a lock screen

An intranet is a separate open network that anyone can access without prior authorization.

False

RFID is commonly used to transmit information between networked computers. True False

False

The greatest asset of a mobile device-its security. True False

False

To prevent bluesnarfing, a mobile device like a smartphone should have Bluetooth turned off when not being used or set to undiscovered, which keeps Bluetooth turn on, yet it cannot be detected by another device

Hide Feedback To prevent bluesnarfing, Bluetooth devices should be turned off when not being used or when in a room with unknown people. Another option is to set Bluetooth on the device as undiscoverable, which keeps Bluetooth turned on, yet it cannot be detected by another device.

An administrator has two servers that host the same web content, but only one server is utilized at a given time. What can be configured that can help to evenly distribute work across the network, and make use of both servers in a manner that is transparent to the end users? stateful packet filtering Load balancing failover servers proxy servers

Load balancing

What is the most common type of wireless access control?

Media Access Control (MAC) address filtering

What type of management system below can help distribute and manage public and corporate apps? Wireless Device Management Mobile Device Management Total Device Management Extended Device Management

Mobile Device Management

When a private network uses a single public IP address, and each outgoing TCP packet uses a different port to allow for proper translation, what networking technology is in use? PAT PNAT NAPT NAT

PAT

Which EAP protocol creates an encrypted channel between the client authentication server and the client, and uses Microsoft Windows logins and passwords? TKIP LEAP PEAP ICMP

PEAP

Select the email protocols that are not secure? (Choose all that apply.) TLS S/MIME POP IMAP

POP IMAP

Bluetooth is an example of what type of technology below? Small Area Network Private Area Network Personal Area Network Limited Area Network

Personal Area Network

On and SDN network, what specific unit gives traffic the permission to flow through the network? SDN router SDN firewall SDN gateway SDN controller

SDN controller

Which of the following protocols is used to manage network equipment and is supported by most network equipment manufacturers? TCP/IP FTP SNMP SRTP

SNMP

What basic steps are included in securing mobile devices?

Securing mobile devices requires configuring the device, using mobile management tools, and configuring device app security.

What federation system technology uses federation standards to provide SSO and exchanging attributes? OAuth Open ID Connect Windows Live ID Shibboleth

Shibboleth

What are the two TCP/IP protocols that are used by mail servers for clients accessing incoming mail?

Simple Mail Transfer Protocol (SMTP) and Post Office Protocol (POP)

What particular option can be used mobile devices that contain both personal and corporate data?

Storage segmentation, which separates business data from personal data.

What protocol suite below is the most commonly used protocol for local area network (LAN) communication? UDP IPX/SPX TCP/IP Appletalk

TCP/IP

How can a network of physical devices be grouped into logical units, regardless of what network switches they may be connected to? VLAN subnets IP address MAC address

VLAN

What technology enables authorized users to use an unsecured public network, such as the Internet as if it were a secure private network? IKE tunnel VPN endpoint router

VPN

What dedicated hardware device aggregates hundreds or thousands of VPN connections? VPN server VPN gateway VPN switch VPN concentrator

VPN concentrator

Which of the following is a software-based application that runs on a local host computer that can detect an attack asit occurs? local-based intrusion detection system host-based intrusion detection system host-based application protection local-based application protection

host-based intrusion detection system

An early networking device that functioned at layer 1 of the OSI model and added devices to a single segment is known as which of the following choices? switch router firewall hub

hub

What variation of a dictionary attack involves a dictionary attack combined with a brute force attack, and will slightly alter dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters? brute force hash replay network replay hybrid

hybrid

When setting up a server virtualization environment, what component below manages the virtual machine operating systems and supports one or more guest systems? kernel supervisor hypercard hypervisor

hypervisor

The use of a single authentication credential that is shared across multiple networks is called: access management authorization management identity management risk management

identity management

What type of network is a private network that belongs to an organization that can only be accessed by approved internal users? extranet intranet enterprise network guest network

intranet

Which of the following are key stretching password hash algorithms? (Choose all that apply.) bcrypt PBKDF2 seq02 SHA-256

bcrypt PBKDF2

What technology uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials, providing a higher degree of security? captive portal AP gateway access point wireless device probe AUP access point

captive portal AP

What type of system is designed to collect and consolidate logs from multiple sources for easy analysis? centralized device log analyzer core device log analyzer network log device system log manager

centralized device log analyzer

What specific feature on an AP controls how much of the spectrum is available to transfer data? channel width channel variance channel selection channel frequency limit

channel width

Which type of biometrics is based on the perception, thought process, and understanding of the user? cognitive biometrics reactive biometrics standard biometrics physical biometrics

cognitive biometrics

Which management system is used to support the creation and subsequent editing and modification of digital content by multiple employees? extended management content management remote management application management

content management

What term best describes managing the login credentials such as passwords in user accounts? account management user management credential management password management

credential management

What type of access point is configured by an attacker in such a manner that it mimics an authorized access point? active twin authorized twin internal replica evil twin

evil twin

What type of network is a private network that can also be accessed by authorized external customers, vendors, and partners? extranet intranet enterprise network guest network

extranet

Which of the following is a system of security tools that are used to recognize and identify data that is critical to the organization and ensure that it is protected? USB blocking content inspection storage sensors data loss prevention

data loss prevention