SEC+ 601 Chapter 12: Network Security
What type of NAC will provide Isaac with the greatest amount of information about the systems that are connecting while also giving him the most amount of control of systems and their potential impact on other systems that are connected to the network? A. Agent-based, pre-admission NAC B. Agentless, post-admission NAC C. Agent-based NAC, post-admission NAC D. Agent-based, post-admission NAC
A. Agent-based, pre-admission NAC Agent-based, pre-admission NAC will provide Isaac with the greatest amount of information about a machine and the most control about what connects to the network and what can impact other systems. Since systems will not be connected to the network, even to a quarantine or pre-admission zone, until they have been verified, Isaac will have greater control.
What does a SSL stripping attack look for to perform an on-path attack? A. An unencrypted HTTP connection B. A DNS query that is not protected by DNSSEC C. An unprotected ARP request D. All of the above
A. An unencrypted HTTP connection The original implementation of SSL stripping attacks relied heavily on unencrypted HTTP connections, and the updated version of SSLStrip+ continues to leverage HTTP connections, and then adds the ability to rewrite HTTPS links to HTTP links, allowing it even greater access to unencrypted links. DNSSEC and ARP are not involved in this technique.
James is concerned about preventing broadcast storms on his network. Which of the following solutions is not a useful method of preventing broadcast storms on his network? A. Disable ARP on all accessible ports B. Enable Spanning Tree Protocol C. Enable loop protect features on switches D. Limit the size of VLANs
A. Disable ARP on all accessible ports Broadcast storms occur when broadcast packets are received and retransmitted by switches in a network, amplifying the traffic and causing heavy traffic loads. Spanning Tree Protocol, loop prevention features, and limited VLAN sizes can all reduce the potential for a broadcast storm. Disabling ARP on a network is not a recommended solution for a TCP/IP network.
Elle is implementing a VoIP telephony system and wants to use secure protocols. If she has already implemented SIPS, which other protocol is she most likely to use? A. SRTP B. UDP/S C. S/MIME D. SFTP
A. SRTP The Secure Real-Time Transfer Protocol is used for media streaming in many VoIP implementations. UDP/S is not an actual protocol, S/MIME is used for email, and SFTP is a replacement for FTP and is not typically associated with VoIP systems.
What technique is used to ensure that DNSSEC-protected DNS information is trustworthy? A. It is digitally signed. B. It is sent via TLS. C. It is encrypted using AES256. D. It is sent via an IPSec VPN.
A. It is digitally signed. DNSSEC does not encrypt data but does rely on digital signatures to ensure that DNS information has not been modified and that it is coming from a server that the domain owner trusts. DNSSEC does not protect confidentiality, which is a key thing to remember when discussing it as a security option. TLS, an IPSec VPN, or encryption via AES are all potential solutions to protect the confidentiality of network data.
Bonita has discovered that her organization is running a service on TCP port 636. What secure protocol is most likely in use? A. LDAPS B. IMAPS C. SRTP D. SNMPv3
A. LDAPS The secure version of LDAP runs on TCP port 636. IMAPS runs on 993, SRTP runs on UDP 5004, and SNMPv3 runs on the standard UDP 161 and 162 ports used for all versions of the protocol.
Nick wants to display the ARP cache for a Windows system. What command should he run to display the cache? A. arp /a B. arp -d C. showarp D. arpcache -show
A. arp /a The arp command will show the system's ARP cache using the /a flag on Windows systems. Other flags are /d to delete the cache or a single address if one is supplied, and /s, which will allow you to add an entry. In most cases, security professionals will use the /a flagmost frequently to see what exists in an ARP cache on a system.
Wayne is concerned that an on-path attack has been used against computers he is responsible for. What artifact is he most likely to find associated with this attack? A. A compromised router B. A browser plug-in C. A compromised server D. A modified hosts file
B. A browser plug-in Man-in-the-browser attacks take advantage of malicious browser plug-ins or proxies to modify traffic at the browser level. They do not involve compromised routers or servers, and a modified hosts file is more likely to be involved in a man-in-the-middle attack.
Madhuri is designing a load-balancing configuration for her company and wants to keep a single node from being overloaded. What type of design will meet this need? A. A daisy chain B. Active/active C. Duck-duck-goose D. Active/passive
B. Active/active Active/active designs spread traffic among active nodes, helping to ensure that a single node will not be overwhelmed. Active/passive designs are useful for disaster recovery and business continuity, but they do not directly address heavy load on a single node. There are many load-balancing schemes, but daisy chains and duck, duck, goose are not among them.
Valerie wants to replace the telnet access that she found still in use in her organization. Which protocol should she use to replace it, and what port will it run on? A. SFTP, port 21 B. SSH, port 22 C. HTTPS, port 443 D. RDP, port 3389
B. SSH, port 22 Telnet provides remote command-line access but is not secure. SSH is the most common alternative to telnet, and it operates on port 22.
Ben wants to observe malicious behavior targeted at multiple systems on a network. He sets up a variety of systems and instruments to allow him to capture copies of attack tools and to document all the attacks that are conducted. What has he set up? A. A honeypot B. A beartrap C. A honeynet D. A tarpit
C. A honeynet A honeynet is a group of systems that intentionally exposes vulnerabilities so that defenders can observe attacker behaviors, techniques, and tools to help them design better defenses.
Which of the following statements about the security implications of IPv6 is not true? A. Rules based on static IP addresses may not work. B. IPv6 reputation services may not be mature and useful. C. IPv6's NAT implementation is insecure. D. IPv6 traffic may bypass existing security controls.
C. IPv6's NAT implementation is insecure. IPv6 does not include network address translation (NAT) because there are so many IP addresses available. That means that there is not a NAT implementation, and thus, IPv6 can't have an insecure version. Rules based on static IPv6 addresses may not work since dynamic addresses are heavily used in IPv6 networks, reputation services remain relatively rare and less useful for IPv6 traffic, and IPv6 traffic may bypass many existing IPv4 security tools.
Fred wants to ensure that the administrative interfaces for the switches and routers are protected so that they cannot be accessed by attackers. Which of the following solutions should he recommend as part of his organization's network design? A. NAC B. Trunking C. Out-of-band management D. Port security
C. Out-of-band management Out-of-band management places the administrative interface of a switch, router, or other device on a separate network or requires direct connectivity to the device to access and manage it. This ensures that an attacker who has access to the network cannot make changes to the network devices. NAC and port security help protect the network itself, whereas trunking is used to combine multiple interfaces, VLANs, or ports together.
Gary wants to use secure protocols for email access for his end users. Which of the following groups of protocols should he implement to accomplish this task? A. DKIM, DMARC, HTTPS B. SPF, POPS, IMAPS C. POPS, IMAPS, HTTPS D. DMARC, DKIM, SPF
C. POPS, IMAPS, HTTPS End users may use secure POP (POPS), secure IMAP (IMAPS), and secure HTTP (HTTPS) to retrieve email. SPF, DKIM, and DMARC are used to identify and validate email servers, not to access email by end users.
Danielle wants to capture traffic from a network so that she can analyze a VoIP conversation. Which of the following tools will allow her to review the conversation most effectively? A. A network SIPper B. tcpdump C. Wireshark D. netcat
C. Wireshark Although tcpdump can be used to view packets sent as part of a VoIP connection, Wireshark has built-in VoIP analysis and protocol-specific tools. Danielle will have greater success using those built-in tools. A network SIPper is a made-up tool, and netcat is not a packet sniffer.
Bart needs to assess whether a three-way TCP handshake is occurring between a Linux server and a Windows workstation. He believes that the workstation is sending a SYN but is not sure what is occurring next. If he wants to monitor the traffic, and he knows that the Linux system does not provide a GUI, what tool should he use to view that traffic? A. dd B. tcpreplay C. tcpdump D. Wireshark
C. tcpdump tcpdump is a command-line tool that will allow Bart to capture and analyze the traffic coming from the Windows workstation. If he does not see a three-way handshake, he will need to determine what is occurring with the traffic. Wireshark is a GUI (graphical) program, tcpreplay is used to replay traffic, and dd is used to clone drives.
Randy wants to prevent DHCP attacks on his network. What secure protocol should he implement to have the greatest impact? A. ARPS B. LDAPS C. SDHCP D. None of the above
D. None of the above None of the protocols listed will accomplish Randy's task. In fact, there is no secure DHCP or ARP version, and secure LDAP does not impact DHCP services.
Chuck wants to provide route security for his organization, and he wants to secure the BGP traffic that his routers rely on for route information. What should Chuck do? A. Choose a TLS-enabled version of BGP. B. Turn on BGP route protection. C. Use signed BGP by adopting certificates for each BGP peer. D. None of the above.
D. None of the above. Unfortunately, BGP does not have native security methods, and BGP hijacks continue to appear in the news. Two solutions, SIDR and RPLS, have not been broadly adopted.
What protocol is used to securely wrap many otherwise insecure protocols? A. ISAKMP B. SSL C. IKE D. TLS
D. TLS Transport Layer Security (TLS) is commonly used to wrap (protect) otherwise insecure protocols. In fact, many of the secure protocols simply add TLS to protect them. ISAKMP and IKE are both used for IPSec and can be used to wrap insecure protocols, but they aren't used alone. SSL is no longer used; TLS has almost entirely replaced it, although SSL is still often casually referred to as TLS.
Connor believes that there is an issue between his organization's network and a remote web server, and he wants to verify this by checking each hop along the route. Which tool should he use if he is testing from a Windows 10 system? A. tracert B. route C. traceroute D. pathping
D. pathping' The Windows pathping tool is specifically designed to show the network latency and loss at each step along a route. The tracert tool identifies the path to a remote system, and the route command can be used to view, add, and delete routes. traceroute is used in Linux, not Windows.