CertMaster CompTIA Practice Lesson 9
An Internet Service Provider's (ISP) customer network is under a Distributed Denial of Service (DDoS) attack. The ISP decides to use a blackhole as a remedy. How does the ISP justify their decision? A blackhole drops packets for the affected IP address(es) and is in a separate area of the network that does not reach any other part of the network. A blackhole makes the attack less damaging to the ISP's other customers and continues to send legitimate traffic to the correct destination. A blackhole routes traffic destined to the affected IP address to a different network. Here, the ISP can analyze and identify the source of the attack, to devise rules to filter it. A blackhole is preferred, as it evaluates each packet in a multi-gigabit stream against an Access Control List (ACL) without overwhelming the processing resources.
A
Given knowledge of load balancing and clustering techniques, which configuration provides both fault tolerance and consistent performance for applications like streaming audio and video services? Active/Passive clustering Active/Active clustering First in, First out (FIFO) clustering Fault tolerant clustering
A
Identify the attack that can launch by running software against the CAM table on the same switch as the target. MAC flooding MAC spoofing ARP poisoning attack LLMNR
A
Where should an administrator place an internet-facing host on the network? DMZ Bastion host Extranet Private network
A
Compare the characteristics of a rogue Access Point (AP) in wireless networks to determine which statements correctly summarize their attributes. (Select all that apply.) An evil twin is a rogue AP, and an attacker can use a Denial of Service (DoS) to disconnect users from the legitimate AP and connect to the evil twin. Sometimes referred to as an evil twin, a rogue AP masquerading as a legitimate AP, may have a similar name to a legitimate AP. An attacker can set up a rogue AP with something as simple as a smartphone with tethering capabilities. A Denial of Service (DoS) will bypass authentication security (enabled on the AP), so it is important to regularly scan for rogue APs on the network.
A, B, C
A team is building a wireless network, and the company has requested the team to use a Wired Equivalent Privacy (WEP) encryption scheme. The team has developed a recommendation to utilize a different encryption scheme based on the problems with WEP. Analyze the features of WEP to determine what problems to highlight in the recommendation. WEP only allows the use of a 128-bit encryption key and is not secure. The Initialization Vector (IV) is too large to provide adequate security. WEP allows for a 256-bit key but is still not secure. The Initialization Vector (IV) is not sufficiently large, thus is not always generated using a sufficiently random algorithm. WEP has the option to use either a 64-bit or a 128-bit key, which is not secure enough for the company. Packets use a checksum to verify integrity that is too difficult to compute. WEP only allows the use of a 64-bit key, which is not secure enough for the company. The Initialization Vector (IV) is often not generated using a sufficiently random algorithm.
B
Consider the types of zones within a network's topology and locate the zone considered semi-trusted and requires hosts to authenticate to join. Private network Extranet Internet Anonymous
B
During the planning/scoping phase of the kill chain, an attacker decides that a Distributed Denial of Service (DDoS) attack would be the best way to disrupt the target website and remain anonymous. Evaluate the following explanations to determine the reason the attacker chose a DDoS attack. A DDoS attack can launch via covert channels DDoS attacks utilize botnets A DDoS attack creates a backdoor to a website DDoS attacks use impersonation
B
There are several types of security zones on a network. Analyze network activities to determine which of the following does NOT represent a security zone. DMZ Screened host Wireless Guest network
B
Which statement regarding attacks on media access control (MAC) addresses accurately pairs the method of protection and what type of attack it guards against? (Select all that apply.) MAC filtering guards against MAC snooping. Dynamic Host Configuration Protocol (DHCP) snooping guards against MAC spoofing. MAC filtering guards against MAC spoofing. DAI guards against invalid MAC addresses
B, D
An attacker tricks a host within a subnet into routing through an attacker's machine, rather than the legitimate default gateway, allowing the attacker to eavesdrop on communications and perform a Man-in-the-Middle (MitM) attack. Compare the types of routing vulnerabilities and conclude what the attacker is exploiting in this scenario. Route injection Denial of service ARP poisoning Source routing
C
Compare the types of Distributed Denial of Service (DDoS) attacks and select the best example of a synchronize (SYN) flood attack. A group of attackers work together to form an attack on a network. An attack consumes all of the network bandwidth resulting in denial to legitimate hosts. Client IP addresses are spoofed to misdirect the server's SYN/ACK packet increasing session queues. A client's IP address is spoofed and pings the broadcast address of a third-party network with many hosts.
C
Which statement best describes the difference between session affinity and session persistence? With persistence, once a client device establishes a connection, it remains with the node that first accepted its request, while an application-layer load balancer uses session affinity to keep a client connected by setting up a cookie. Session affinity makes node scheduling decisions based on health checks and processes incoming requests based on each node's load. Session persistence makes scheduling decisions on a first in, first out (FIFO) basis. With session affinity, when a client establishes a session, it remains with the node that first accepted its request, while an application-layer load balancer uses persistence to keep a client connected by setting up a cookie. Session persistence makes scheduling decisions based on traffic priority and bandwidth considerations, while session affinity makes scheduling decisions based on which node is available next.
C
A company is reviewing the options for installing a new wireless network. They have requested recommendations for utilizing WEP, WPA, or WPA2. Differentiate between Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). Determine which of the following statements accurately distinguishes between the options. (Select all that apply.) WEP and WPA use RC4 with a Temporal Key Integrity Protocol (TKIP), while WPA2 uses a 24-bit Initialization Vector (IV). WPA2 combines the 24-bit IV with an Advanced Encryption Standard (AES) to add security. WEP is the strongest encryption scheme, followed by WPA2, then WPA. WEP is difficult to crack when protected by a strong password, or if deploying enterprise authentication. WPA2 is more vulnerable to decryption due to replay attack possibilities. WPA and WEP use RC4, while WEP uses a 24-bit Initialization Vector (IV). WPA uses a Temporal Key Integrity Protocol (TKIP), and WPA2 uses an Advanced Encryption Standard (AES) for encryption. WPA2 is the strongest encryption scheme, followed by WPA, then WEP. WPA2 is difficult to crack if protected by a strong password, or if deploying enterprise authentication. WEP is more vulnerable to decryption due to replay attack possibilities.
C, D
Analyze the available detection techniques and determine which are useful in identifying a rogue system through software management. (Select all that apply.) A. Visual inspection of ports and switches will prevent rogue devices from accessing the network. B. Network mapping is an easy way to reveal the use of unauthorized protocols on the network or unusual traffic volume. C. Intrusion detection and NAC are security suites and appliances that combine automated network scanning with defense and remediation suites to prevent rogue devices from accessing the network. D. Wireless monitoring can reveal whether there are unauthorized access points.
C, D
A hotel guest opens their computer and logs into the Wi-Fi without prompting the guest for a username and password. Upon opening an internet browser, a splash page appears that requests the guest's room number and last name for authentication. Which type of authentication is the hotel utilizing? Protected Extensive Group Open
D
A network manager suspects that a wireless network is undergoing a deauthentication attack. Applying knowledge of wireless network attacks, which scenario best supports the network manager's suspicion? A network experiences radio interference, which causes connectivity issues for users. The users disconnect from the network, and upon reauthenticating, they log on to an evil twin Access Point (AP). An attacker creates an Access Point (AP) using a similar name as a legitimate AP, in an attempt to have users authenticate through the rogue AP in order to gain authentication information. A rogue Access Point (AP) captures user logon attempts. The attacker uses this information to authenticate to the system and obtain critical data. A group of users suddenly disconnects from the network. When the users reconnect, they actually connect to an evil twin Access Point (AP), which gives an attacker information about authentication.
D
Evaluate the following choices based on their potential to lead to a network breach. Select the choice that is NOT a network architecture weakness. The network architecture is flat. Services rely on the availability of several different systems. The network relies on a single hardware server. Not all hosts on the network can talk to one another.
D
Evaluate the typical weaknesses found in network architecture and determine which statement best aligns with a perimeter security weakness. A company has a single network channel. A company has many different systems to operate one service. A company has a habit of implementing quick fixes. A company has a flat network architecture.
D
Given that layer 2 does not recognize Time to Live, evaluate the potential problems to determine which of the following options prevents this issue. ICMP L2TP NTP STP
D
