Security+ Network Security Fundamentals Chapter 8 & Chapter 7

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

telecommuter

A ______________ is a worker who work occasionally or regularly from a home office.

VPN Concentrator

A device that aggregates VPN connections

Switch​

A device that connects network segments and forwards onlyl frames intended for that specific device or frames sent to all devices​

Flood Guard

A feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS or DDoS attack.​

Stateful packet filtering

A firewall that keeps a record of the state of a connection between an internal computer and an external device is using what technology below?

​Layer 4

A load balancer that works with the File Transfer Protocol is operating at what layer of the OSI model?

​Audit log

A log that is used to record which user performed an action and what that action was.​

Virtualization

A means of managing and presenting computer resources by function without regard to their physical layout or location.​

Heuristic monitoring​

A monitoring technique used by an intrusion detection system (IDS) that uses an algorithm to determine if a threat exists​

switch

A network _________________ isolates connected devices by learning MAC addresses and only sending frames intended for specific MAC addresses to the ports they're connected to, unless the MAC address is unknown.

reverse proxy

A server that routes incoming requests to a specific destination server, and acts as the final destination IP for all client access, is known as a:

Network address translation (NAT)​

A techniq​ue that allows private IP addresses to be used on the public Internet.

​Virtual LAN (VLAN)

A technology that allows scattered users to be logically grouped together even though they may be attached to different switches

Create a DMZ, add necessary hosts.

A web server must be accessible to untrusted outside users. What can be done to isolate this host and any additional hosts with similar requirements from more secured hosts on a network?

log

A(n) ____________________ is a record of events that occur.

Load balancing

An administrator has two servers that host the same web content, but only one server is utilized at a given time. What can be configured to make use of both servers in a manner that is transparent to the end users?

21

An administrator needs to examine FTP commands being passed to a server. What port should the administrator be monitoring?

hub

An early networking device that functioned at layer 1 of the OSI model and added devices to a single segment is known as which of the following choices?

Application-aware IPS​

An intrusion prevention system that knows information such as the applications that are running as well as the underlying operating systems​

Network Layer

At what level of the OSI model does the IP protocol function

True

Behavior-based monitoring attempts to overcome the limitations of both anomaly-based monitoring and signature-based monitoring by being more adaptive and proactive instead of reactive.

802.1d

Broadcast storms can be prevented by using loop prevention technology. Which item below can be used to help prevent loops?

BIND

DNS poisoning can be prevented using the latest edition of what software below?

True

Defense in depth, or layered security, involves the use of multiple types of network hardware within a network.​

True

Despite its promise to dramatically impact IT, cloud computing raises significant security concerns.

VLAN

How can a network of physical devices be grouped into logical units, regardless of what network switches they may be connected to?

True

IEEE 802.1x is commonly used on wireless networks.

False

IP telephony and Voice over IP (VoIP) are identical.

Cloud Infrastructure as a Service

In what type of cloud computing does the customer have the highest level of control?

content

Internet ____________________ filters monitor Internet traffic and block access to pre-selected Web sites and files.

IEEE 802.1x

Port-based authentication, in which users are authenticated on a per-switch port basis, is a function of what standard below?

​Malware inspection

Searching for malware in incoming web content

​Content inspection

Searching incoming web content to match keywords​

True

Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate groups of hosts.

DNS

Select below the TCP/IP protocol that resolves a symbolic name to its corresponding IP address using a database consisting of an organized hierarchy tree.

Network

Select below the layer of the OSI model at which the route a packet is to take is determined, and the addressing of the packet is performed.

Web security gateway

Select below the technology that can be used to examine content through application-level filtering:

False

TCP is responsible for addressing packets and sending them on the correct route to the destination, while IP is responsible for reliable packet transmission.

False

TCP/IP uses its own five-layer architecture that includes Network Interface, Internet, Control, Transport, and Application.

​Loop protection

Technique to prevent broadcast storms by using the IEEE 802.1d standard spanning-tree algorithm (STA)​

False

The OSI model breaks networking steps down into a series of six layers.

Fibre Channel (FC)

The ____________ is a high-speed storage network protocol that can transmit up to 16 gigabits per second.​

Physical

The ____________________ Layer is omitted in the TCP/IP model.

ICMP

The capability for devices to exchange low-level control messages is provided by what protocol below?

flood guard

The deployment of this technology below can be used as a defense against DoS and DDoS SYN flood attacks:

Create a VLAN and add the users' computers / ports to the VLAN.

The management in your corporate office want to group users on the network together logically even though they are attached to separate network switches. How can this be done?

4

The standard TCP/IP protocol uses IP addresses which are how many bytes in length?

protocol analyzer

The traffic sent by devices connected to a hub can be captured and decoded by a _________________.

router

What device operates at the Network Layer (layer 3) of the OSI model and forwards packets across computer networks?

proxy server

What is the name for a computer or application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user?

system call

What is the name for an instruction that interrupts a program being executed and requests a service from the operating system?

​Supplicant

What is the term used for a device that requests permission from an authenticator to join a network?​

router

What kind of networking device forwards packets across different computer networks by reading destination addresses?

Session

What layer of the OSI model is responsible for permitting two parties on a network to hold ongoing communications across the network?

TCP/IP

What protocol suite below is the most commonly used protocol for local area network (LAN) communication?

VPN

What technology enables authorized users to use an unsecured public network, such as the Internet, as if were a secure private network?

​NetBIOS

What transport protocol is used by Windows operating systems to allow applications on separate computers to communicate over a LAN?

Signature

What type of monitoring compares network traffic, activities, transactions, or behavior against a database of known attack patterns?

802.1Q

What vendor neutral protocol implements support for VLAN tagging?

NAT

When a private network uses a single public IP address, and each outgoing TCP packet uses a different port to allow for proper translation, what networking technology is in use?

hypervisor

When setting up a server virtualization environment, what component below manages the virtual machine operating systems and supports one or more guest systems?

community string

When using SNMPv1 or SNMPv2, what piece of information is needed to view information from an agent?

Transport Layer

Which layer of the OSI model contains TCP protocol, which is used for establishing connections and reliable data transport between devices?

172.63.255.0

Which network address below is not a private IP address network?

​Decreased network utilization

Which of the following is not a benefit that can be provided by using IP telephony?​

Cloud Software as a Service

Which of the three Cloud computing service models allows a customer to access software provided by a vendor using a web browser, without any installation, configuration, upgrading, or management from the user?

host

With operating system virtualization, a(n) ____________________ system is the native operating system to the hardware.

False

Workgroup switches must work faster than core switches.

Network address translation (NAT)

_________________ is a technique that allows a private IP addresses to be used on the Internet with a single public IP address.

Cloud

____________________ computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

​FTP Secure (FTPS)

​A TCP/IP protocol that uses Secure Sockets Layer or Transport Layer Security to encrypt commands sent over the control port (port 21) in an FTP session.

​Router

​A device that can forward packets across computer networks

​Application-aware firewall

​A firewall that can identify the applications that send packets through the firewall and then make decisions about the applications

Snapshot

​An instance of a particular state of a virtual machine that can be saved for later use.

Telnet

​An older TCP/IP protocol and an application used for text-based commmunication

​File Transfer Protocol (FTP)

​An unsecure TCP/IP protocol that is commonly used for transferring files

Event log​

​Log that documents any unsuccessful events and the most significant successful events.

Host elasticity​

​The ability to easily expand or contract resources in a virtualized environment.

​Sticky

​What MAC limiting configuration setting allows for MAC addresses to be automatically learned and stored along with any addresses that were learned prior to using the configuration setting?

​Intent

​Which of the following is not a component of an IP packet that a firewall rule can use for filtering purposes?


Ensembles d'études connexes

chapter 24 Intro to trauma quiz and vocab

View Set

Human Anatomy- Chapter 24- The Urinary System

View Set

QUIZ: Chapter 2: Sociological Research Methods

View Set