401 - Part 1
Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?
22/TCP (Explanation: SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.)
Which of the following is the default port for TFTP?
69 (Explanation: TFTP makes use of UDP port 69)
FTP/S uses which TCP ports by default?
989 and 990 (Explanation: FTPS uses ports 989 and 990.)
A security analyst noticed a colleague typing the following command: `Telnet some-host 443' What was the colleague performing?
A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. (Explanation: B: The Telnet program parameters are: telnet <hostname> <port> <hostname> is the name or IP address of the remote server to connect to. <port> is the port number of the service to use for the connection. TCP port 443 provides the HTTPS (used for secure web connections) service; it is the default SSL port. By running the Telnet some-host 443 command, the security analyst is checking that routing is done properly and not blocked by a firewall.)
A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which should be powered on FIRST to establish DNS services?
Bind server (Explanation: BIND (Berkeley Internet Name Domain) is the most widely used Domain Name System (DNS) software on the Internet. It includes the DNS server component contracted for name daemon. This is the only option that directly involves DNS)
A network consists of various remote sites that connect back to two main locations. Pete, the security administrator, needs to block TELNET access into the network. What would be the BEST choice to accomplish this goal?
Block port 23 on the network firewall (Explanation: Telnet is a terminal-emulation network application that supports remote connectivity for executing commands and running applications but doesn't support transfer of files. Telnet uses TCP port 23. Because it's a clear text protocol and service, it should be avoided and replaced with SSH.)
A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. List the protocols blocked and allowed.
Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS (Explanation: The question states that traffic on port 21, 69, 80, and 137-139 is blocked, while ports 22 and 443 are allowed. Port 21 is used for FTP by default. Port 69 is used for TFTP. Port 80 is used for HTTP. Ports 137-139 are used for NetBIOS. VMM uses SFTP over default port 22. Port 22 is used for SSH by default. SCP runs over TCP port 22 by default. Port 443 is used for HTTPS)
Which of the following is a difference between TFTP and FTP?
D. TFTP utilizes UDP and FTP uses TCP. (Explanation: FTP employs TCP ports 20 and 21 to establish and maintain client-to-server communications, whereas TFTP makes use of UDP port 69.)
An administrator configures all wireless access points to make use of a new network certificate authority. What is being used?
EAP-TLS (Explanation: The majority of the EAP-TLS implementations require client-side X.509 certificates without giving the option to disable the requirement.)
What is the MOST secure protocol to transfer files?
FTPS (Explanation: FTPS refers to FTP Secure, or FTP SSL. It is a secure variation of File Transfer Protocol (FTP) )
After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely. What is the MOST likely reason the PC technician is unable to ping those devices?
ICMP is being blocked (Explanation: ICMP is a protocol that is commonly used by tools such as ping, traceroute, and pathping. ICMP offers no information If ICMP request queries go unanswered, or ICMP replies are lost or blocked.)
A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which protocol should be used in this scenario?
IPv6 (Explanation: IPSec security is built into IPv6)
Which of the following protocols allows for the LARGEST address space?
IPv6 (Explanation: The main advantage of IPv6 over IPv4 is its larger address space. The length of an IPv6 address is 128 bits, compared with 32 bits in IPv4.)
When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which BEST describes this type of record?
IPv6 DNS record (Explanation: The AAAA Address record links a FQDN to an IPv6 address.)
A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68. Which of the following replies has the administrator received?
IPv6 address (Explanation: IPv6 addresses are 128-bits in length. An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). The hexadecimal digits are case-insensitive, but IETF recommendations suggest the use of lower case letters. The full representation of eight 4-digit groups may be simplified by several techniques, eliminating parts of the representation.)
An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?
LDAP (Explanation: LDAP makes use of port 389.)
Which of the following protocols is used by IPv6 for MAC address resolution?
NDP (Explanation: The Neighbor Discovery Protocol (NDP) is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6).)
A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?
NetBIOS (Explanation: The LMHOSTS file provides a NetBIOS name resolution method that can be used for small networks that do not use a WINS server. NetBIOS has been adapted to run on top of TCP/IP, and is still extensively used for name resolution and registration in Windows-based environments.)
A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which two protocols could be utilized?
SCP and SSH (Explanation: SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP). SCP is commonly used on Linux and Unix platforms)
A network administrator is asked to send a large file containing PII to a business associate. Which of the following protocols is the BEST choice to use?
SFTP (Explanation: SFTP encrypts authentication and data traffic between the client and server by making use of SSH to provide secure FTP communications. As a result, SFTP offers protection for both the authentication traffic and the data transfer taking place between a client and server.)
Which protocols allows for secure transfer of files? (Select TWO).
SFTP and SCP (Explanation: Standard FTP is a protocol often used to move files between one system and another either over the Internet or within private networks. SFTP is a secured alternative to standard FTP. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP).)
Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which protocol would he need to configure on each device?
SNMPv3 (Explanation: Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.)
What is BEST used as a secure replacement for TELNET?
SSH (Explanation: SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text)
A recent vulnerability scan found that Telnet is enabled on all network devices. Which protocol should be used instead of Telnet?
SSH (Explanation: SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text.)
A security analyst needs to logon to the console to perform maintenance on a remote server. Which protocol would provide secure access?
SSH (Explanation: Secure Shell (SSH) is a tunneling protocol originally used on Unix systems. It's now available for both Unix and Windows environments. SSH is primarily intended for interactive terminal sessions. SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance.)
An achievement in providing worldwide Internet security was the signing of certificates associated with which protocol?
SSL (Explanation: SSL (Secure Sockets Layer) is used for establishing an encrypted link between two computers, typically a web server and a browser. SSL is used to enable sensitive information such as login credentials and credit card numbers to be transmitted securely.)
What should be implemented to stop an attacker from mapping out addresses and/or devices on a network?
Secure zone transfers (Explanation: C: A primary DNS server has the "master copy" of a zone, and secondary DNS servers keep copies of the zone for redundancy. When changes are made to zone data on the primary DNS server, these changes must be distributed to the secondary DNS servers for the zone. This is done through zone transfers. If you allow zone transfers to any server, all the resource records in the zone are viewable by any host that can contact your DNS server. Thus you will need to secure the zone transfers to stop an attacker from mapping out your addresses and devices on your network.)
Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?
TCP port 80 and TCP port 443 (Explanation: HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall)
A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which would be MOST appropriate?
TLS (Explanation: Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key. The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.)
Which protocol is used to authenticate the client and server's digital certificate?
TLS (Explanation: Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key.)