CH 13
Which of the following is the strongest form of multi-factor authentication? A password, a biometric scan, and a token device Two-factor authentication A password and a biometric scan Two passwords
A password, a biometric scan, and a token device
In a variation of a brute force attack, an attacker may use a predefined list (dictionary) of common usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue? VLANs AES encryption A strong password policy 3DES encryption
A strong password policy
Which exploit seeks to maliciously re-associate the IP address of a legitimate network host with the MAC address of the attacker's computer? IP spoofing ARP poisoning MAC spoofing Replay attack
ARP poisoning
Which of the following attacks tries to associate an incorrect MAC address with a known IP address? Null session MAC flooding ARP poisoning Hijacking
ARP poisoning
Which of the following best describes the ping of death exploit? Sending multiple spoofed ICMP packets to the victim Redirecting echo responses from an ICMP communication An ICMP packet larger than 65,536 bytes Partial IP packets with overlapping sequencing numbers
An ICMP packet larger than 65,536 bytes
Which of the following statements about the use of anti-virus software is correct? If servers on a network have anti-virus software installed, workstations do not need anti-virus software installed on them. If you install anti-virus software, you no longer need a firewall on your network. Anti-virus software should be configured to download updated virus definition files as soon as they become available. Once installed, anti-virus software needs to be updated on a monthly basis.
Anti-virus software should be configured to download updated virus definition files as soon as they become available.
Which of the following measures are you most likely to implement to protect a system from a worm or Trojan horse? Antivirus software Password policy IPsec Firewall
Antivirus software
You have just purchased a new network device and are getting ready to connect it to your network. Which of the following should you do to increase its security? (Select two.) Conduct privilege escalation Remove any backdoors Apply all patches and updates Implement separation of duties Change default account passwords
Apply all patches and updates Change default account passwords
What is the primary countermeasure to social engineering? Awareness Heavy management oversight Traffic filters A written security policy
Awareness
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack? Privilege escalation Backdoor Session hijacking Buffer overflow
Buffer overflow
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle? Data diddling Time of check/time of use (TOC/TOU) Smurf Buffer overflow
Buffer overflow
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this? Server-side scripts Client-side scripts ActiveX CGI
Client-side scripts
As the victim of a Smurf attack, what protection measure is the most effective during the attack? Communicating with your upstream provider Blocking all attack vectors with firewall filters Turning off the connection to the ISP Updating your anti-virus software
Communicating with your upstream provider
A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration? (Select two.) Configure the VPN connection to use MS-CHAPv2. Configure the browser to send HTTPS requests through the VPN connection. Configure the VPN connection to use IPsec. Configure the browser to send HTTPS requests directly to the Wi-Fi network without going through the VPN connection. Configure the VPN connection to use PPTP.
Configure the browser to send HTTPS requests through the VPN connection. Configure the VPN connection to use IPsec.
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would best prevent this scenario from occurring again? Configure the software to automatically download the virus definition files as soon as they become available. Carefully review open firewall ports and close any unneeded ports. Switch to a more reliable anti-virus software. Create a scheduled task to run sfc.exe daily.
Configure the software to automatically download the virus definition files as soon as they become available.
Cannot be snifed
Console port
You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: • When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock. • The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. • She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. • You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. • You notice that a router/firewall/content filter UTM device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client? (Select two.) Control access to the work area with locking doors and proximity readers. Use separate dedicated network perimeter security devices instead of a UTM device. Replace the USB hard disks used for server backups with a tape drive. Replace the key lock on the server closet with a card reader. Relocate the switch to the locked server closet.
Control access to the work area with locking doors and proximity readers. Relocate the switch to the locked server closet.
Which of the following actions typically involves the use of 802.1x authentication? (Select two.) Authenticating remote access clients Authenticating VPN users through the internet Controlling access through a router Controlling access through a wireless access point Controlling access through a switch
Controlling access through a wireless access point Controlling access through a switch
Which of the following applications typically use 802.1x authentication? (Select two.) Authenticating remote access clients Controlling access through a wireless access point Controlling access through a switch Controlling access through a router Authenticating VPN users through the internet
Controlling access through a wireless access point Controlling access through a switch
Which of the following is a text file that a website stores on a client's hard drive to track and record information about the user? Cookie Certificate Mobile code Digital signature
Cookie
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack? Backdoor Spamming DDoS Replay DoS
DDoS
While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. Which type of attack has likely occurred? Hijacking Man-in-the-middle DNS poisoning Spoofing
DNS poisoning
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. What kind of exploit has been used in this scenario? (Select two. Both responses are different names for the same exploit.) DNS poisoning Pharming Reconnaissance Domain name kiting Man-in-the-middle
DNS poisoning Pharming
Which of the following can be used to stop piggybacking from occurring at a front entrance where employees swipe smart cards to gain entry? Deploy a mantrap Install security cameras Use key locks rather than electronic locks Use weight scales
Deploy a mantrap
On your way into the back entrance of the building at work one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do? Direct him to the front entrance and instruct him to check in with the receptionist. Tell him no and quickly close the door. Let him in. Let him in and help him find the restroom. Then let him work.
Direct him to the front entrance and instruct him to check in with the receptionist.
Biometric authenticat ion
Door locks
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred? SQL injection Drive-by download DLL injection Trojan horse
Drive-by download
An attacker searches through an organization's trash for sensitive information.
Dumpster diving
Which of the following are examples of social engineering? (Select two.) War dialing Port scanning Dumpster diving Shoulder surfing
Dumpster diving Shoulder surfing
You are a contractor that has agreed to implement a new remote access solution based on a Windows Server 2016 system for a client. The customer wants to purchase and install a smart card system to provide a high level of security to the implementation. Which of the following authentication protocols are you most likely to recommend to the client? PPP EAP CHAP MS-CHAP
EAP
You want to implement an authentication method that uses public and private key pairs. Which authentication method should you use? EAP MS-CHAP v2 IPsec PKI
EAP
IPsec is implemented through two separate protocols. What are these protocols called? (Select two.) EPS ESP SSL AH L2TP
ESP AH
How can an organization help prevent social engineering attacks? (Select two.) Educate employees on the risks and countermeasures Utilize 3DES encryption for all user sessions Publish and enforce clearly written security policies Implement IPsec on all critical systems
Educate employees on the risks and countermeasures Publish and enforce clearly written security policies
Dumpster diving is a low-tech means of gathering information that may be useful for gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? Secure all terminals with screensaver passwords. Mandate the use of Integrated Windows Authentication. Establish and enforce a document destruction policy. Create a strong password policy.
Establish and enforce a document destruction policy.
Which of the following can route Layer 3 protocols across an IP network? PPTP SSL GRE IPsec
GRE
Transfer data in clear text
HTTP
Which of the following is a common social engineering attack? Hoax virus information emails Logging on with stolen credentials Using a sniffer to capture network traffic Distributing false information about your organization's financial status
Hoax virus information emails
Which of the following network layer protocols provides authentication and encryption services for IP-based network traffic? TCP IPsec L2TP SSL
IPsec
Which of the following is not a form of social engineering? Impersonating a user by logging on with stolen credentials Impersonating a utility repair technician A virus hoax email message Impersonating a manager over the phone
Impersonating a user by logging on with stolen credentials
As you are helping a user with a computer problem, you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: • Minimum password length = 10 • Minimum password age = 4 • Maximum password age = 30 • Password history = 6 • Account lockout clipping level = 3 • Require complex passwords that include numbers and symbols Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down? Decrease the minimum password length. Increase the account lockout clipping level. Remove the complex password requirement. Implement end-user training. Increase the maximum password age
Implement end-user training.
Which of the following CCTV types would you use in areas with little or no light? C-mount PTZ Infrared A camera with a high LUX rating
Infrared
While using a web-based order form, an attacker enters an unusually large value in the quantity field. The value entered is large enough to exceed the maximum value supported by the variable type used to store the quantity in the web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario? Watering hole Buffer overflow Integer overflow URL hijacking
Integer overflow
You have installed anti-malware software that checks for viruses in email attachments. You configure the software to quarantine any files with problems. You receive an email with an important attachment, but the attachment is not there. Instead, you see a message that the file has been quarantined by the anti-malware software. What has happened to the file? The infection has been removed, and the file has been saved to a different location. It has been moved to a secure folder on your computer. The file extension has been changed to prevent it from running. It has been deleted from your system.
It has been moved to a secure folder on your computer.
Which of the following is the most important way to prevent console access to a network switch? Disconnect the console cable when not in use. Keep the switch in a room that is locked by a keypad. Implement an access list to prevent console connections. Set console and enable secret passwords.
Keep the switch in a room that is locked by a keypad.
Which of the following authentication methods uses tickets to provide single sign-on? 802.1x PKI MS-CHAP Kerberos
Kerberos
Which of the following protocols can your portable computer use to connect to your company's network via a virtual tunnel through the internet? (Select two.) VNC PPPoE ICA L2TP PPTP
L2TP PPTP
Which of the following controls is an example of a physical access control method? Locks on doors Passwords Hiring background checks Access control lists with permissions Smart cards
Locks on doors
Which of the following attacks, if successful, causes a switch to function like a hub? ARP poisoning MAC flooding Replay MAC spoofing
MAC floodingYou want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this? Server-side scripts Client-side scripts ActiveX CGI
An attacker captures packets as they travel from one host to another with the intent of altering the contents of the packets. Which type of attack is being executed? Spamming Distributed denial of service Man-in-the-middle attack Passive logging
Man-in-the-middle attack
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with a username of admin01 and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? Move the router to a secure server room. Use encrypted type 7 passwords. Use TFTP to back up the router configuration to a remote location. Change the default administrative username and password. Use a Telnet client to access the router configuration.
Move the router to a secure server room.
Which of the following is a feature of MS-CHAP v2 that is not included in CHAP? Mutual authentication Three-way handshake Certificate-based authentication Hashed shared secret
Mutual authentication
Which of the following networking devices or services prevents the use of IPsec in most cases? Router Switch Firewall NAT
NAT
You have a web server that will be used for secure transactions for customers who access the website over the internet. The web server requires a certificate to support SSL. Which method would you use to get a certificate for the server? Run a third-party tool to generate the certificate. Have the server generate its own certificate. Obtain a certificate from a public PKI. Create your own internal PKI to issue certificates.
Obtain a certificate from a public PKI.
What is the primary difference between impersonation and masquerading? One is easily detected, and the other is subtle and stealthy. One is more active, and the other is more passive. One is used against administrator accounts, and the other is used against end user accounts. One is a real-time attack, and the other is an asynchronous attack.
One is more active, and the other is more passive
Which of the following is not an example of a physical barrier access control mechanism? Fences Biometric locks One-time passwords Mantraps
One-time passwords
You want to use a protocol that can encapsulate other LAN protocols and carry the data securely over an IP network. Which of the following protocols is suitable for this task? PPP PPTP SLIP NetBEUI
PPTP
You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which camera type should you choose? C-mount Dome PTZ Bulle
PTZ
Which of the following is the most common form of authentication? Fingerprint Password Photo ID Digital certificate on a smart card
Password
Barricades
Perimeter barrier
Exterior floodlights
Perimeter barrier
An attacker sends an email pretending to be from a trusted organization, asking users to access a website to verify personal information.
Phishing
Users on your network report that they have received an email stating that the company has just launched a new website. The email asks employees to click the website link in the email and log in using their username and password. No one in your company has sent this email. What type of attack is this? Smurf Piggybacking Man-in-the-middle Phishing
Phishing
Anti-passback system
Physical access control
An attacker enters a secure building by following an authorized employee through a secure door without providing identification.
Piggybacking
You manage a network that uses switches. In the lobby of your building, there are three RJ45 ports connected to a switch. You want to make sure that visitors cannot plug their computers into the free network jacks and connect to the network. But employees who plug into those same jacks should be able to connect to the network. What feature should you configure? Spanning tree Bonding VLANs Mirroring Port authentication
Port authentication
Alarmed carrier
Protected cable distribution
Hardened carrier
Protected cable distribution
Which of the following is a platform independent authentication system that maintains a database of user accounts and passwords that centralizes the maintenance of those accounts? RADIUS EAP NAS RRAS
RADIUS
You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: • When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock. • The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. • She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. • You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. • You notice that a router/firewall/content You notice that a router/firewall/content filter all filter all--inin--one device has been implemented in the one device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client? (Select two.) Use separate dedicated network perimeter security devices instead of an all-in-one device. Replace the USB hard disks used for server backups with a tape drive. Relocate the switch to the locked server closet. Control access to the work area with locking doors and card readers. Replace the key lock on the server closet with a card reader.
Relocate the switch to the locked server closet. Control access to the work area with locking doors and card readers.
Which of the following are solutions that address physical security? (Select two.) Implement complex passwords. Require identification and name badges for all employees. Escort visitors at all times. Disable guest accounts on computers. Scan all floppy disks before use
Require identification and name badges for all employees. Escort visitors at all times.
A user named Bob Smith has been assigned a new desktop workstation to complete his day-today work. The computer runs Windows 7. When provisioning Bob's user account in your organization's domain, you assigned an account name of BSmith with an initial password of bw2Fs3d. At his first logon, Bob is prompted to change his password, so he changes it to Fido, the name of his dog. What should you do to increase the security of Bob's account? (Select two.) Require users to set a stronger password upon initial logon. Train users not to use passwords that are easy to guess. Configure user account names that are not easy to guess. Do not allow users to change their own passwords. Upgrade the workstation to Windows 8.
Require users to set a stronger password upon initial logon. Train users not to use passwords that are easy to guess.
Uses public-key cryptography
SLL
Telnet is inherently insecure because its communication is in plaintext and is easily intercepted. Which of the following is an acceptable alternative to Telnet? Remote Desktop SSH SLIP SHTTP
SSH
Uses public-key cryptography
SSH
Which of the following protocols can be used to securely manage a network device from a remote connection? SFTP Telnet TLS SSH
SSH
Which protocol does HTTPS use to offer greater security in web transactions? Username and password authentication IPsec Kerberos SSL
SSL
You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols would be most likely to be allowed through the widest number of firewalls? L2TP SSL IPsec PPTP PPPoE
SSL
Which of the following protocols are often added to other protocols to provide secure transmission of data? (Select two.) SSL HTTPS TLS SNMP SMTP
SSL TLS
Emergency escape plans
Safety
Emergency lighting
Safety
You have installed anti-virus software on the computers on your network. You update the definition and engine files and configure the software to update those files every day. What else should you do to protect your systems from malware? (Select two.) Schedule regular full system scans. Enable account lockout. Disable UAC. Educate users about malware. Enable chassis intrusion detection.
Schedule regular full system scans. Educate users about malware.
Which security protocols use RSA encryption to secure communications over an untrusted network? (Select two.) Point-to-point tunneling protocol Secure sockets layer Transport layer security Internet security association and key management protocol
Secure sockets layer Transport layer security
You want to use CCTV as a preventative security measure. Which of the following is a requirement for your plan? Low LUX or infrared camera Sufficient lighting Security guards PTZ camera
Security guards
Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network? Fingerprinting Session hijacking Fraggle Smurf
Smurf
Fingerprint scan
Something you are
Retina scan
Something you are
Typing behaviors
Something you do
Hardware token
Something you have
Smart card
Something you have
Voice recognition
Something you have
PIN
Something you know
Password
Something you know
Username
Something you know
Wi-Fi triangulation
Somewhere you are
An attacker sends an unwanted and unsolicited email message to multiple recipients with an attachment that contains malware. What kind of attack has occurred in this scenario? Repudiation attack Spam Open SMTP relay Phishing
Spam
An attacker gathers personal information about the target individual in an organization.
Spear phishing
Which type of activity changes or falsifies information in order to mislead or re-direct traffic? Spamming Spoofing Snooping Sniffing
Spoofing
A VPN is used primarily for which purpose? Allow remote systems to save on long-distance charges. Support secured communications over an untrusted network. Allow the use of network-attached printers. Support the distribution of public web documents.
Support secured communications over an untrusted network.
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.) TACACS+ RADIUS AAA 802.1x EAP PKI
TACACS+ RADIUS
Transfers data in clear text
Telnet
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user's identity to the target system? Ticket Voucher Hashkey Coupon
Ticket
Which of the following is an example of three-factor authentication? Smart card, digital certificate, PIN Pass phrase, palm scan, voice recognition Token device, keystroke analysis, cognitive question Photo ID, smart card, fingerprint
Token device, keystroke analysis, cognitive question
Which option is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously? ActiveX controls Trojan horse Outlook Express Worm
Trojan horse
Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry? (Select two.) Anti-passback system Turnstile PTZ CCTV Mantrap Double-entry door
Turnstile Double-entry door
If your anti-virus software does not detect and remove a virus, what should you try first? Update your virus detection software. Search for and delete the file you believe to be infected. Scan the computer using another virus detection program. Set the read-only attribute of the file you believe to be infected.
Update your virus detection software.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card for entry. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with the username admin and the password password. What should you do to increase the security of this device? Move the device to a secure data center. Use an SSH client to access the router configuration. Use a stronger administrative password. Use a web browser to access the router configuration using an HTTP connection.
Use a stronger administrative password.
Five salesmen who work out of your office. They frequently leave their laptops laying on the desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best way to address your concerns? Encrypt all company data on the hard drives. Require strong passwords in the local security policy. Use cable locks to chain the laptops to the desks. Implement screen saver passwords.
Use cable locks to chain the laptops to the desks.
Which of the following statements about SSL VPN are true? (Select two.) Uses port 443. Encapsulates packets by adding a GRE header. Provides message integrity using HMAC. Uses pre-shared keys for authentication. Encrypts the entire communication session. Uses UDP port 500.
Uses port 443. Encrypts the entire communication session.
A group of salesmen in your organization would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement? VPN concentrator IPS DMZ RADIUS IDS
VPN concentrator
A group of salesmen in your organization would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement? VPN concentrator IPS RADIUS DMZ IDS
VPN concentrator
Which of the following CCTV camera types lets zoom the focus in and out? C-mount Fixed Varifocal Infrared
Varifocal
You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you need enter your username and password at a new website so you can manage your email and spam using the new service. What should you do? Verify that the email was sent by the administrator and that this new service is legitimate. Open a web browser, type in the URL included in the email, and follow the directions to enter your login credentials. Click on the link in the email and look for company graphics or information before you enter the login information. Delete the email. Click on the link in the email and follow the directions to enter your login information.
Verify that the email was sent by the administrator and that this new service is legitimate.
An attacker uses a telephone to convince target individuals to reveal their credit card information.
Vishing
A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of an attack best describes the scenario? Masquerading Passive MAC spoofing Whaling
Whaling
An attacker gathers personal information about the target individual, who is a CEO.
Whaling
You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file? Your copy is the same as the copy posted on the website. You can prove the source of the file. You will be the only one able to open the downloaded file. No one has read the file contents as it was downloaded.
Your copy is the same as the copy posted on the website.
