Networking Ch 9, 10, 6

A(n) ________ can detect a hacker's attempt to flood a network with traffic and prevent that traffic from reaching the network.

IPS

Which protocol is a single sign-on authentication method?

Kerberos

A(n) __________ is a malicious program designed to start when certain conditions are met.

Logic bomb

The Data Link layer contains which two sublayers?

Logical Link Control sublayer and Media Access Control sublayer

A _________ attack involves an individual who redirects secure transmissions as they occur.

Man-in-the-middle

Government employees are assigned security clearances. These employees require access to resources classified as top secret, secret and confidential. Which authorization method should be implemented to create a secure computing environment?

Mandatory Access Control

Which access control method uses data classifications and security clearances?

Mandatory Access Control

_________ is a penetration testing tool which combines known scanning and exploit techniques to explore potentially new attack routes.

Metasploit

Your company's WAN recently experienced a disabling DDoS attack. Which device can detect suspicious traffic patterns including a denial-of-service attack and protect your corporate network in the future?

NIPS

Which virus combines polymorphism and stealth techniques to create a very destructive virus?

Natas

You are part of a team participating in a posture assessment of your company's WAN. Which tools will provide you with crucial information regarding your network's vulnerabilities? (Choose two.)

Nmap and Nessus

Which firewall controls network access by examining the header of each packet to determine whether the packet is authorized to continue to its destination?

Packet-filtering firewall

Which DoS attack damages a device's firmware beyond repair?

PdoS

_________ is an electronic communication that appears to come from a legitimate person or organization and requests access or authentication information.

Phishing

_________ malware changes its characteristics - such as the arrangement of its bytes, size, and internal instructions - making it harder to identify.

Polymorphic

_________ requires the authentication server to verify a client's legitimacy before the switch or access port is opened to the client's Layer 3 traffic.

Port Authentication

_________ software searches nodes for open ports.

Port scanning

Which server acts as an intermediary between an external network (such as Internet) and an organization's internal (private) network?

Proxy server

Your company recently hired multiple new employees. As network administrator, you must create user groups for these new employees based on the jobs they perform. Which authorization method should you use?

Role-based access control

_________ systems are used to evaluate data generated and stored in logs by intrusion detection systems, intrusion prevention systems, firewalls and proxy servers.

SIEM

Company employees are often required to remember multiple passwords during the performance of their daily jobs. This situation can quickly inundate the help desk with calls regarding forgotten passwords. Which authentication form should you implement to solve this problem?

SSO

A unique characteristic of the 802.11 data frame is its _________ field.

Sequence Control

Malware leaves evidence of itself by announcing its ________ characteristics in the malware code.

Signature

__________ is used to prevent traffic loops on switches.

Spanning Tree Protocol

_________ is an example of proxy server software used on UNIX/Linux systems.

Squid

Select two AAA authentication services. (Choose two.)

TACACS+ and RADIUS

A SOHO wireless router typically includes packet filtering options.

TRUE

A firewall typically involves a combination of hardware and software.

TRUE

A security policy must address an organization's specific risks.

TRUE

An anti-malware policy is meant to protect the network from damage and downtime.

TRUE

Human errors, ignorance, and omissions cause more than half of all security breaches sustained by networks.

TRUE

Network security is more often compromised from the inside rather than external sources.

TRUE

Protection against harmful code involves more than just installing anti-malware software.

TRUE

Spanning Tree Protocol (STP) stipulates that only one root port - on any bridge - can forward frames to the root bridge.

TRUE

Select two innovative standards designed to replace STP. (Choose two.)

Trill and RSTP

A ________ disguises itself as something useful but actually harms your system.

Trojan horse

Which wireless security technique supports RADIUS and AES?

WPA2-Enterprise

An employee's mobile device has been lost. Which action should you take to protect company data?

Wipe the device

_________ are programs that run independently and travel between computers and across networks.

Worms

A _________ is a network of compromised computers requisitioned to participate in coordinated DDoS attacks without the owners' knowledge or consent. (Choose two.)

Zombie army, botnet

Which device inspects each incoming packet to determine whether it belongs to a currently active connection?

a stateful firewall

Which access control component logs users' network access and activities?

accounting

Which NGFW (Layer 7 firewall) feature allows a network administrator to restrict gaming traffic?

application awareness

Your company recently purchased new laptop computers. Before the laptop computers can be deployed, a barcode must be installed on them for the purpose of monitoring their movement and condition. This action is referred to as ________.

asset tracking

When a server compares a user's credentials with those in its database, the process is known as __________.

authentication

Which category of protocols are used by both RADIUS and TACACS?

authentication, authorization, and accounting

Which access control component determines what a user can and cannot do with network resources?

authorization

A ________ is a software security flaw that allows unauthorized users to gain access to the system.

backdoor

A _________ is a program that runs automatically.

bot

Which attack is a trial and error method used to decode encrypted passwords?

brute force

Your organization is expanding its campus footprint by adding a new building. Access to this building must be restricted to employees who know the access code. Which type of security should be used?

cipher lock

A _________ form is a document which ensures each employee is made aware that his/her use of company equipment and accounts can be monitored and reviewed for security purposes.

consent to monitoring

________ is the process of securing a server by applying security updates and disabling unnecessary services and protocols.

device hardening

Breaking into a password protected computer or server by systematically using every word possible is an example of a ________ attack.

dictionary

Mobile device management (MDM) is used to ________. (Choose all that apply.)

enforce password policies, encrypt data on a device, automate enrollment

The _________ utility is a Windows console used to administer or modify local group policies.

gpedit.msc

Multiple honeypots can be connected to form a __________.

honeynet

As network administrator, you decide to track malicious activity by placing a decoy in the DMZ. Which solution would best serve your purpose?

honeypot

Which software enables a computer to act as a packet-filtering firewall for Linux systems?

iptables

You have been asked to check user access privileges to highly secure company documents. You notice that several contractors possess full control privileges to these files. Which security policy should have been implemented?

least privilege

Which authentication process requires two or more pieces of information?

multifactor

In _________ both computers verify the credentials of the other.

mutual authentication

Simple packet-filtering firewalls operate at the _________ layer of the OSI model.

network

As an IT employee, you recently updated your company's network software and hardened the company computers. Your next step is to examine the network for vulnerabilities. Which process should you use?

penetration testing

Which software agent types are used to monitor network devices for verification of compliance with security benchmarks? (Choose two.)

persistent, dissolvable

When an attacker uses faked ARP replies to alter ARP tables, the attack is called ARP ________.

poisoning

Which technique is used by an NIDS to monitor traffic carried by a switch?

port mirroring

A _________ is a thorough examination of each aspect of the network to determine how it might be compromised.

posture assessment

When Kelly turned on her computer, she noticed a message indicating that her files had been encrypted. The document also included payment instructions that would result in the decryption of her files. Which type of malware is involved in this attack?

ransomware

Which device uses logical addressing information to direct data between two or more networks?

router

A _________ identifies an organization's security goals and risks.

security policy

Which access control device electronically time stamps and logs entry into a building?

smart card

Which virus disguises itself as a legitimate program to prevent detection?

stealth

In Kerberos terminology, a temporary set of credentials used by a client to prove that its identity has been validated by the authentication service is known as a _____________.

ticket

You arrive at the office several hours early (5:00 am) to work on a critical project. You are unable to logon to the network to access your files. Which logon restriction might cause this problem?

time of day

Which logon restriction would be most effective against a hacker using brute force to access a network?

unsuccessful logon attempts

As a network administrator, you are required to monitor physical activity in the company's secure data areas. Which detection method should you implement?

video surveillance

As an IT employee, you discover an unknown weakness in the security system that could lead to unauthorized access. Which weakness have you found?

vulnerability

Your company hired an IT security expert to perform a network penetration test on the company's private network. Which role is the IT security expert performing?

white hat hacker

You are a network administrator in charge of the company's T-3 WAN connection. The T-3 connects two regional offices including a main office and a satellite office. You decide to install a firewall to protect the main office's private network. Shortly after installation, users at the satellite office complain they cannot access a file server in the main office. Which two items should you check on the firewall? (Choose two.)

1) Has the firewall been placed in the appropriate location on the network? 2) Has the firewall been configured to allow access to IP addresses originating in the satellite office?

Which two items are combined to create a Bridge ID? (Choose two.)

1) MAC address 2) 2 byte priority field

Firewalls can accept or deny traffic based on _________. (Choose all that apply.)

1) flags set in the TCP header 2) transmissions that use ICMP protocols 3)source and destination ports 4) source and destination IP addresses

Which devices can protect your network from outside attacks? (Choose all that apply.)

1)firewall; 2)intrusion prevention system; 3)proxy server

The "any" keyword in an ACL statement is equivalent to which wildcard mask?

255.255.255.255

A SecurID key chain fob from RSA Security generates a password that changes every _________.

60 seconds

A(n) _________ is a list of statements used to filter traffic through a router, switch, or firewall interface.

ACL

A(n) ________ describes what users can and cannot do when accessing a network's resources.

Acceptable Use Policy

Which definition best describes a zero-day exploit?

An attack that takes advantage of a vulnerability before the sofware developer can provide a solution

STP selects the root bridge based on which parameter?​

Bridge ID

Which technique could be used to thwart an FTP bounce attack?

Configure your firewall to deny requests to ports 20 and 21

Which device can block designated types of traffic based on application data contained within the packets?

Content-filtering firewall

Your company has redoubled its efforts to identify sensitive data on its servers. You are asked to prevent this data from being copied, downloaded, transmitted off the network or posted to cloud storage. You propose ________ as a solution.

Data Loss Prevention

A system which has been inundated with bogus requests for services and can no longer respond is experiencing a _________ attack.

Denial-of-service

Which protocol provides the framework for authenticating clients and servers, yet does not perform encryption or authentication on its own?

EAP

A Kerberos user is referred to as a client.

FALSE

A network layer firewall uses stateful packet inspection.

FALSE

A security policy should state exactly which hardware, software, architecture, or protocols will be used to ensure security.

FALSE

Host-based firewalls are placed between a private network and the Internet.

FALSE

The simplest type of firewall is a content filtering firewall.

FALSE

Which statement reflects the rules established in the ACL? ip access-group 102 in ! access-list 102 permit tcp any any eq 20 access-list 102 permit tcp any any eq 21 access-list 102 permit tcp any any eq 110 access-list 102 permit tcp any any eq 443

FTP, POP3, and HTTPS are explicitly allowed; all else are implicitly denied