FINAL
_ defines how employees should use the organization's computing resources?
Acceptable Use Policy
Which best defines residual risk?
The amount of risk remaining after countermeasures are implemented
Describe ROI (Return on investment).
how long before an investment will pay for itself
Which feature of a router provides traffic flow and enhances network security?
ACLs
What remote shell program should you use if security is a consideration? a. rlogin b. ssh c. rcp d. rsh
B. SSH
Which VPN protocol works at Layer 3 and can encrypt the entire TCP/IP packet? A. PPTP B. L2TP C. IPsec D. SSL.
C. IPsec
Which is best defined as the ability of a system to continue operations despite a failure?
Fault tolerance
What is HIDPS?
Host-based Intrusion Detection and Prevention System
What feature does RIPng support that is not supported by RIP?
IPv6
_ makes routing tables more efficient?
Route summarization
What are the characteristics of a VPN?
VPNs create a secure private connection using public lines. Combinations of encryption, authentication, and encapsulation help ensure the confidentiality, privacy, and integrity of information.
Which of the following is a valid IPv6 address? a. 1080::8:800:200C:417A b. 24::5B1A::346C c. 5BA4:2391:0:0:4C3E d. 5510:ABCD::34:1::2
a. 1080::8:800:200C:417A
In which frequency range are you likely to find WLANs? Select one: a. 2.9-30 GHz b. 3-30 MHz c. 30-300 GHz d. 174-328 MHz
a. 2.9-30 GHz
_ correctly represents the port used by FTP control traffic and FTP file transfer traffic respectively? Select one: a. 21, 20 b. 20, 25 c. 21, 23 d. 20, 23
a. 21, 20
Which of the following types of traffic does NOT travel through routers? Select one: a. ARP Requests b. DNS zone transfers c. Network route information d. SNMP status information
a. ARP Requests
At what layer of the OSI model do proxy servers generally operate? Select one: a. Application b. Transport c. Network d. Session
a. Application
Which protocol that runs on Cisco routers shares information between Cisco devices? a. CDP (Cisco Discovery Protocol) b. TCP c. bootp d. SSH
a. CDP (Cisco Discovery Protocol)
Which EAP protocol requires digital certificates to validate supplicants? Select one: a. EAP-TLS b. EAP-TTLS c. FAST d. LEAP
a. EAP-TLS
Which wireless transmission method uses a hopping code? Select one: a. FHSS b. infrared c. OFDM d. narrowband
a. FHSS
_ is an element of the TCP header that can indicate that a connection has been established? Select one: a. Flags b. SEQ/ACK analysis c. Stream index d. Sequence number
a. Flags
What is contained in ARP tables? a. IP address, MAC address b. DNS name, IP address c. NetBIOS name, IP addres d. MAC address, TCP port
a. IP address, MAC address
Which type of NAT is typically used on devices in the DMZ? a. One-to-one NAT (The process of mapping one internal IP address to one external IP address.) b. many-to-one NAT c. port address translation d. one-to-many NAT
a. One-to-one NAT (The process of mapping one internal IP address to one external IP address.)
_ is an open standard used for authentication on Cisco routers? a. RADIUS b. ATM c. CHAP d. ACE
a. RADIUS
Which IPv6 header field is known as the priority field? a. Traffic Class b. Version c. Flow Label d. Hop Limit
a. Traffic Class
What was created to address the problem of remote clients not meeting an organization's VPN security standards? Select one: a. VPN quarantine b. IPsec filters c. GRE isolation d. split tunneling
a. VPN quarantine
Which of the following is the first step in the digital signature process where Mike sends a message to Sophie? a. a message digest of Mike's message is calculated using a hashing algorithm b. Sophie compares the message digest she calculated to Mikes's message c. Sophie encrypts Mike's message with Mike's public key d. the message digest is encrypted by Mike's private key
a. a message digest of Mike's message is calculated using a hashing algorithm
Which of the following is defined as the maximum departure of a wave from the undisturbed state? Select one: a. amplitude b. spectrum c. wavelength d. frequency
a. amplitude
Which of the following is NOT among the items of information that a CVE reference reports? Select one: a. attack signature b. reference in other databases c. name of the vulnerability d. description of vulnerability
a. attack signature
_ is true about wardriving? Select one: a. attackers use RF monitor mode b. the hardware is very expensive c. the software is very expensive d. their goal is simply to hijack a connection
a. attackers use RF monitor mode
What type of attack does a remote-access Trojan attempt to perpetrate? Select one: a. back door b. composite attack c. remote denial of service d. worm
a. back door
_ is NOT a primary detection methodology? Select one: a. baseline detection b. signature detection c. stateful protocol analysis d. anomaly detection
a. baseline detection
_ tasks does an AP typically perform? Select one: a. bridges between the wired and wireless network b. routes packets from subnet to subnet c. acts as a hub for a wired network d. divides data into packets
a. bridges between the wired and wireless network
What can an IDPS check to try to determine whether a packet has been tampered with or damaged in transit? a. checksum b. parity bit c. CRC value d. fragment offset
a. checksum
_ is an IDPS security best practice? Select one: a. communication between IDPS components should be encrypted b. log files for HIDPSs should be kept local c. all sensors should be assigned IP addresses d. to prevent false positives, only test the IDPS at initial configuration
a. communication between IDPS components should be encrypted
_ is an advantage of a signature-based detection system? Select one: a. each signature is assigned a number and name b. it is based on profiles the administrator creates c. the definition of what constitutes normal traffic changes d. the IDPS must be trained for weeks
a. each signature is assigned a number and name
What is considered the 'cleanup rule' on a Cisco router? Select one: a. implicit deny all b. implicit allow c. explicit prompt d. explicit allow all
a. implicit deny all
What term is given to a device that is designed to generate radio signals, not including those from the antenna? Select one: a. intentional radiator b. oscillator c. EIRP d. conductive medium
a. intentional radiator
Which of the following is true about SSL? Select one: a. it uses sockets to communicate between client and server b. it operates at the Data Link layer c. it uses shared-key encryption only d. it uses IPsec to provide authentication
a. it uses sockets to communicate between client and server
_ is performed by the MAC sublayer? Select one: a. joining the wireless network b. resolving IP address to MAC address c. determining best path d. resolving names to IP addresses
a. joining the wireless network
In which type of attack do attackers intercept the transmissions of two communicating nodes without the user's knowledge? Select one: a. man-in-the-middle b. rogue device c. brute force d. wardriver
a. man-in-the-middle
_ is NOT a method used by passive sensors to monitor traffic? Select one: a. packet filter b. load balancer c. spanning port d. network tap
a. packet filter
What is a general practice for a rule base? Select one: a. permit access to public servers in the DMZ b. allow direct access from the Internet to computers behind the firewall c. begin by blocking all traffic and end by allowing selective services d. allow all access to the firewall
a. permit access to public servers in the DMZ
Under which suspicious traffic signature category would a port scan fall? Select one: a. reconnaissance b. denial of service c. informational d. unauthorized access
a. reconnaissance
_ is described as the combination of an IP address and a port number? Select one: a. socket b. subnet c. portal d. datagram
a. socket
What is the description of a land attack? Select one: a. source and destination IP address/port are the same b. the local host source address occurs in the packet c. the attacker uses an undefined protocol number d. an illegal TCP flag is found in the segment header
a. source and destination IP address/port are the same
Which of the following is true about encryption algorithms? a. their strength is tied to their key length b. not vulnerable to brute force attacks c. block ciphers encrypt one bit at a time d. asymmetric algorithms use a single key
a. their strength is tied to their key length
_ is true about ACLs on Cisco routers? Select one: a. there is an implicit deny any statement at the end of the ACL b. there is an explicit permit any statement at the beginning of the ACL c. ACLs are processed in reverse order so place high priority statements last d. ACLs bound to an interface apply to inbound and outbound traffic by default
a. there is an implicit deny any statement at the end of the ACL
Which of the following is true about PRNGs? a. they are not completely random b. their state is measured in bytes c. the shorter the state, the longer the period d. they can never produce the same value
a. they are not completely random
What is a suggested maximum size of a rule base? Select one: a. 10 rules b. 30 rules c. 300 rules d. 100 rules
b. 30 rules
Which of the following pairs represents a medium frequency band and its common use? Select one: a. 3-30 MHz, CB and shortwave radio b. 300 KHz-3MHz, AM radio c. 144-174 MHz, TV channels d. 30-300 KHz, cordless phones
b. 300 KHz-3MHz, AM radio
Which two ports should packet-filtering rules address when establishing rules for Web access? What service uses UDP port 53? Select one: a. 143, 80 b. 80, 443 c. 25, 110 d. 423, 88
b. 80, 443
Which wireless networking standard uses the 2.4 GHz band and has a maximum bandwidth of 54 MBps? Select one: a. 802.11ac b. 802.11g c. 802.11b d. 802.11a
b. 802.11g
What approach to security calls for security through a variety of defensive techniques that work together? Select one: a. DOA b. DiD (Defense-in-Depth) c. WoL d. PoE
b. DiD (Defense-in-Depth)
Which management frame type is sent by a station wanting to terminate the connection? Select one: a. Reassociation request b. Disassociation c. Probe response d. Deauthentication
b. Disassociation
Which approach to stateful protocol analysis involves detection of the protocol in use, followed by activation of analyzers that can identify applications not using standard ports? Select one: a. Protocol state tracking b. Dynamic Application layer protocol analysis c. IP packet reassembly d. Traffic rate monitoring
b. Dynamic Application layer protocol analysis
What is the typical packet sequence for closing a TCP session? Select one: a. FIN, FIN ACK, RST b. FIN, ACK, FIN ACK, ACK c. FIN ACK, FIN, ACK, RST d. FIN, FIN ACK
b. FIN, ACK, FIN ACK, ACK
What is the packet called where a Web browser sends a request to the Web server for Web page data? Select one: a. HTML RELAY b. HTTP GET c. HTTP XFER d. HTML SEND
b. HTTP GET
Which security tool works by recognizing signs of a possible attack and sending notification to an administrator? a. VPN b. IDPS c. DiD d. DMZ
b. IDPS
Which of the following is an accurate set of characteristics you would find in an attack signature? Select one: a. IP address, attacker's alias, UDP options b. IP address, TCP flags, port numbers c. protocol options, TCP ports, region of origin d. IP number, MAC address, TCP options
b. IP address, TCP flags, port numbers
_ is NOT a typical IDPS component? Select one: a. database server b. Internet gateway c. command console d. network sensors
b. Internet gateway
Which of the following makes a single pass on data and generates a 128-bit hash value displayed as a 32-character hexadecimal number and is used in VPNs? a. RSA b. Message Digest 5 c. RC4 d. Twofish
b. Message Digest 5
Which binary signaling technique uses a scheme in which zero voltage represents a 0 bit and the voltage for a 1 bit does not drop back to zero before the end of the bit period? Select one: a. RTZ b. NRZ - non-return-to-zero c. polar NRZ d. polar RTZ
b. NRZ - non-return-to-zero
What is a WNIC's equivalent of a NIC's promiscuous mode? Select one: a. passive attack mode b. RF monitor mode c. active scan mode d. auto-capture mode
b. RF monitor mode
What is the sequence of packets for a successful three-way handshake? Select one: a. SYN, ACK, ACK b. SYN, SYN ACK, ACK c. SYN, ACK, FIN d. SYN, SYN ACK, RST
b. SYN, SYN ACK, ACK
_ is NOT a field in a control frame? Select one: a. Frame control b. Sequence control c. Frame check sequence d. Duration
b. Sequence control
What should you set up if you want to store router system log files on a server? Select one: a. AAA server b. Syslog server c. TTY connection d. Buffered logging
b. Syslog server
What are the two standard ports used by FTP along with their function? Select one: a. UDP 23 control, TCP 20 data b. TCP 21 control, TCP 20 data c. UDP 20 data, TCP 21 control d. TCP 23 data, TCP 21 control
b. TCP 21 control, TCP 20 data
Which of the following is NOT a protocol,port pair that should be filtered when an attempt is made to make a connection from outside the company network? Select one: a. TCP,139 b. TCP,80 c. TCP,3389 d. UDP,138
b. TCP,80
Which of the following was developed as a way of enabling Web servers and browsers to exchange encrypted information and uses a hashed message authentication code to increase security? a. SSL b. TLS c. IPsec d. SSH
b. TLS
To what type of port on a Cisco router do you connect a rollover cable? a. auxiliary b. console c. Frame Relay d. Ethernet
b. console
Which of the following is a type of cryptanalysis that applies primarily to block ciphers but can also be used against stream ciphers and hashing functions and works by examining how differences in input affect the output? a. XSL b. differential c. integral d. related key
b. differential
_ is NOT among the common guidelines that should be reflected in the rule base to implement an organization's security policy? Select one: a. employees can have restricted Internet access b. employees can use instant-messaging only with external network users c. the public can access the company Web servers d. only authenticated traffic can access the internal network
b. employees can use instant-messaging only with external network users
_ is considered a problem with a passive, signature-based system? Select one: a. profile updating b. false positives c. custom rules d. signature training
b. false positives
Which type of analog modulation changes the number of waves representing one cycle? Select one: a. amplitude modulation b. frequency modulation c. relative modulation d. phase modulation
b. frequency modulation
Which method for detecting certain types of attacks uses an algorithm to detect suspicious traffic, is resource intensive, and requires extensive tuning and maintenance? Select one: a. brute force b. heuristic c. anomaly d. signature
b. heuristic
Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion? Select one: a. host-based b. hybrid c. network-based d. inline
b. hybrid
Of what category of attack is a DoS attack an example? Select one: a. single-packet attack b. multiple-packet attack c. suspicious data payload d. bad header information
b. multiple-packet attack
_ is an advantage of hardware firewalls? Select one: a. not scalable compared to software firewalls b. not dependent on a conventional OS c. easy to patch d. less expensive than software firewalls
b. not dependent on a conventional OS
Which type of function is used in cryptography? a. Not AND b. permutation c. NOR d. X-box
b. permutation
_ is NOT a critical goal of information security? a. confidentiality b. scalability c. authentication d. nonrepudiation
b. scalability
The Cisco PIX line of products is best described as _? Select one: a. PC with firewall installed b. software firewall c. firewall appliance d. VPN gateway
b. software firewall
In which type of scan does an attacker scan only ports that are commonly used by specific programs? Select one: a. vanilla scan b. strobe scan c. random scan d. ping sweep
b. strobe scan
Which of the following is NOT a category of suspicious TCP/IP packet? a. suspicious data payload b. suspicious CRC value c. single-packet attacks d. bad header information
b. suspicious CRC value
What is an advantage of the anomaly detection method? Select one: a. makes use of signatures of well-known attacks b. system can detect attacks from inside the network by people with stolen accounts c. easy to understand and less difficult to configure than a signature-based system d. after installation, the IDPS is trained for several days or weeks
b. system can detect attacks from inside the network by people with stolen accounts
Which of the following is true about Message Authentication Code. a. it uses asymmetric encryption b. the key is sent to the receiver securely c. is uses PKI and certificates d. it uses a private and public key
b. the key is sent to the receiver securely
If you see a /16 in the header of a snort rule, what does it mean? Select one: a. the size of the log file is 16 MB b. the subnet mask is 255.255.0.0 c. a maximum of 16 log entries should be kept d. the detected signature is 16 bits in length
b. the subnet mask is 255.255.0.0
Which IDPS customization option is a list of entities known to be harmless? Select one: a. thresholds b. whitelists c. blacklists d. alert settings
b. whitelists
Which of the following addresses is a Class B IP address? a. 211.55.119.7 b. 224.14.9.11 c. 189.77.101.6 d. 126.14.1.7
c. 189.77.101.6
If you are subnetting a class B network, what subnet mask will yield 64 subnets? a. 255.255.224.0 b. 255.255.192.0 c. 255.255.252.0 d. 255.255.64.0
c. 255.255.252.0
Which of the following is the IPv6 loopback address? a. ::FFFF b. 1000:127:0:0:1 c. ::1 d. 000:000::
c. ::1
Which of the following is described as a 64-bit block cipher composed of a 16-round Feistel network and key-dependent S-box functions? a. Twofish b. RC4 c. Blowfish d. Rijndael
c. Blowfish
In what type of attack are zombies usually put to use? a. buffer overrun b. spoofing c. DDoS d. virus
c. DDoS
Which protocol is responsible for automatic assignment of IP addresses? a. FTP b. SNMP c. DHCP d. DNS
c. DHCP
Which RF transmission method uses an expanded redundant chipping code to transmit each bit? Select one: a. CDMA (Code division multiple access) b. FHSS (frequency hopping spread spectrum) c. DSSS (direct sequence spread spectrum) d. OFDM (orthogonal frequency division multiplexing)
c. DSSS (direct sequence spread spectrum)
What type of attack are stateless packet filters particularly vulnerable to? Select one: a. attempts to connect to the firewall b. attempts to connect to ports below 1023 c. IP spoofing attacks d. attempts to connect to ports above 1023
c. IP spoofing attacks
Which IPsec component is software that handles the tasks of encrypting, authenticating, decrypting, and checking packets? Select one: a. IKE b. ISAKMP c. IPsec driver d. Oakley protocol
c. IPsec driver
Which popular wireless sniffer is an IDS that is passive and undetectable in operation? Select one: a. AirSnort b. NetStumbler c. Kismet d. Aircrack-ng
c. Kismet
Which element of a rule base conceals internal names and IP addresses from users outside the network? Select one: a. tracking b. QoS c. NAT d. filtering
c. NAT
Which type of control frame does a station send to let the AP know is can transmit buffered frames? Select one: a. ACK b. CTS c. PS-Poll (power-save poll) d. RTS
c. PS-Poll (power-save poll)
Which TCP flag can be the default response to a probe on a closed port? Select one: a. SYN b. PSH c. RST d. URG
c. RST
What type of ICMP packet can an attacker use to send traffic to a computer they control outside the protected network? Select one: a. Destination Unreachable b. Echo Request c. Redirect d. Source Quench
c. Redirect
At which layer of the OSI model does IPsec work? a. Four b. Two c. Three d. Six
c. Three
What is a program that appears to do something useful but is actually malware? a. virus b. back door c. Trojan d. logic bomb
c. Trojan
Which of the following is true about standard IP ACLs? a. they can filter on source and destination IP address b. they automatically apply to all active interfaces c. a 0.0.0.0 inverse mask means all bits are significant d. they automatically apply to all active interfaces
c. a 0.0.0.0 inverse mask means all bits are significant
What is a Basic Service Set? Select one: a. wireless devices set up as a basic ad-hoc network b. a wireless network that does not use an AP c. a group of wireless devices served by a single AP d. multiple APs are set up to provide some overlap
c. a group of wireless devices served by a single AP
_ is a typical drawback of a free firewall program? Select one: a. oversimplified configuration b. have centralized management c. cannot monitor traffic in real time d. more expensive than hardware firewalls
c. cannot monitor traffic in real time
In which form of authentication does the authenticating device generate a random code and send it to the user who wants to be authenticated? a. biometrics b. signature c. challenge/response d. basic
c. challenge/response
Which type of change does NOT typically require the use of change management procedures? Select one: a. changes to ACLs b. new VPN gateways c. changing a manager's permissions to a file d. new password systems or procedures
c. changing a manager's permissions to a file
Which of the following is NOT a criteria typically used by stateless packet filters to determine whether or not to block packets. Select one: a. ports b. TCP flags c. data patterns d. IP address
c. data patterns
Which term is the measurement of the difference between two signals? Select one: a. watt b. volt c. decibel d. amp
c. decibel
_ is a command you would find in an antispoofing ACL for network 172.31.0.0/16? a. permit ip any 172.31.0.0 0.0.255.255 log b. deny TCP 172.31.0.0 0.0.0.0 any log c. deny ip 172.31.0.0 0.0.255.255 any log d. permit icmp any any redirect
c. deny ip 172.31.0.0 0.0.255.255 any log
_ types of password prevents a user from accessing privileged exec mode on a Cisco router? a. console b. AUX c. enable d. TTY
c. enable
What is the term used when an IDPS doesn't recognize that an attack is underway? a. negative activity b. positive signature c. false negative (missed attacks) d. true positive
c. false negative (missed attacks)
_ is true about the steps in setting up and using an IDPS? Select one: a. alerts are sent when a packet doesn't match a stored signature b. anomaly-based systems come with a database of attack signatures c. false positives do not compromise network security d. sensors placed on network segments will always capture every packet
c. false positives do not compromise network security
Which of the following is true about RF transmissions? Select one: a. cooler objects produce higher-frequency radiation than hotter objects Incorrect b. frequency is the distance between waves c. frequency has an inverse relationship with wavelength d. EM radiation is measured in volts
c. frequency has an inverse relationship with wavelength
What is the term used for a computer placed on the network perimeter that is meant to attract attackers? a. virtual server b. bastion host c. honeypot d. proxy decoy
c. honeypot
Which of the following is a metric routers can use to determine best path? a. datagram size b. packet TTL c. link state d. network protocol
c. link state
What is used to convert an analog RF signal into digital format? Select one: a. EIRP b. carrier c. modulator d. spectrum
c. modulator
_ is true about cryptographic primitives? a. each performs several tasks b. a single primitive makes up an entire cryptographic protocol c. primitives are usually not the source of security failures d. a primitive that provides confidentiality usually also provides authentication
c. primitives are usually not the source of security failures
_ causes of signal loss is defined as differences in density between air masses over distance? Select one: a. absorption b. reflection c. refraction d. scattering
c. refraction
Which of the following is true about infrared transmissions? Select one: a. diffused IR transmission requires emitter and detector to be aligned b. IR transmissions have speeds up to 25 Mbps. c. the intensity of the light pulse indicates the on or off status of each bit d. directed IR transmission relies on reflected light
c. the intensity of the light pulse indicates the on or off status of each bit
What is the most likely weak link when using asymmetric encryption for verifying message integrity and nonrepudiation? a. the use of the sender's private key b. the hashing algorithm used to generate a message digest c. the source of the public keys d. the integrity of the private keys
c. the source of the public keys
Which of the following is true about static routes? a. the metric is higher than a dynamic route b. they are create by routing protocols c. they are used for stub networks d. they change automatically as the network changes What uses mathematical calculations to compare
c. they are used for stub networks
How does the CVE standard make network security devices and tools more effective? a. it requires you to use compatible devices from one vendor b. it warns an attacker that your site is being monitored c. they can share information about attack signatures d. the layered approach makes attacks nearly impossible
c. they can share information about attack signatures
The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as _? Select one: a. traffic normalizing b. profile monitoring c. training period d. baseline scanning
c. training period
_ is true about MAC addresses in a wireless network? Select one: a. MAC addresses are Network layer identities b. MAC address filtering will stop a determined attacker c. you can change a WNICs MAC address with software d. you need to configure the MAC address before you use the WNIC
c. you can change a WNICs MAC address with software
Which of the following is the broadcast address for subnet 192.168.10.32 with subnet mask 255.255.255.240 a. 192.168.10.95 b. 192.168.10.23 c. 192.168.10.63 d. 192.168.10.47
d. 192.168.10.47
What is considered to be one of the biggest weaknesses of WEP? Select one: a. 128-bit key b. RC4 encryption c. Kerberos authentication d. 24-bit initialization vector
d. 24-bit initialization vector
Which type of frame advertises services or information on a wireless network? Select one: a. Probe request b. Probe response c. Association response d. Beacon
d. Beacon
Which digital signal modulation method is a binary modulation technique in which the carrier signal's frequency is changed to represent a 1 or 0 bit? Select one: a. ASK (Amplitude shift keying) b. PSK (Phase shift keying) c. FDM (Frequency division multiplexing) d. FSK (Frequency shift keying)
d. FSK (Frequency shift keying)
Which component of IPsec enables computers to exchange keys to make a SA? a. ISAKMP b. IPsec driver c. Oakley d. IKE
d. IKE
Which of the following would be considered a vulnerability? Select one: a. installation of a firewall b. spyware c. antivirus software d. Internet-connected computer
d. Internet-connected computer
What feature in ICMPv6 replaces ARP in IPv4? a. Echo Request b. Authentication Header c. Multicast Listener Discovery d. Neighbor Discovery
d. Neighbor Discovery
Which type of attack causes the operating system to crash because it is unable to handle arbitrary data sent to a port? a. SYN flood b. malicious port scanning c. ICMP message abuse d. RPC attacks (Remote Procedure Calls)
d. RPC attacks (Remote Procedure Calls)
_ is NOT part of a wireless MAC frame? Select one: a. 802.11 protocol version (in Frame Control) b. FCS (Frame check sequence) c. source MAC address d. TTL
d. TTL
Which element of an ICMP header would indicate that the packet is an ICMP echo request message. Select one: a. Identifier b. Code c. Data d. Type
d. Type
_ is NOT a suggested practice before using a newly configured wireless network? Select one: a. Alter the default channel b. Change the administrator password c. Change the manufacturer's default key d. Use the default encryption method
d. Use the default encryption method
Which of the following is a current standard for PKI that specifies a strict hierarchical system for CAs issuing certificates? a. SHA-1 b. PKCS #2 c. DES d. X.509
d. X.509
Which type of scan has the FIN, PSH, and URG flags set? Select one: a. Null scan b. FIN scan c. SYN Scan d. Xmas scan
d. Xmas scan
Defense in depth can best be described as _? a. a firewall that protects the network and the servers b. antivirus software and firewalls c. authentication and encryption d. a layered approach to security
d. a layered approach to security
Which of the following best describes a CRL (Certificate revocation list)? a. keeps track of issued credentials and manages revocation of certificates b. serve as a front end to users for revoking certificates c. a file that contains information about the user and public key d. a published listing of invalid certificates
d. a published listing of invalid certificates
_ is true about the association process? Select one: a. a station first send an association request b. the AP transmits an invitation to associate c. it is a three-step process d. a station first listens for beacons
d. a station first listens for beacons
What function does a RADIUS server provide to a wireless network? Select one: a. association b. encryption c. decryption d. authentication
d. authentication
Which security layer verifies the identity of a user, service, or computer? a. physical security b. authorization c. repudiation d. authentication
d. authentication
Which of the following NOT a type of entry found a routing table? a. default routes b. static routes c. dynamic routes d. backup routes
d. backup routes
Where is a host-based IDPS agent typically placed? Select one: a. on a workstation or server b. between two subnets c. at Internet gateways d. between remote users and internal network
d. between remote users and internal network
What is a potential problem with having too many APs in a given area? Select one: a. refraction b. fading c. multipath d. co-channel interference
d. co-channel interference
What uses mathematical calculations to compare routes based on some measurement of distance? a. route summarization b. link-state routing protocols c. routing metrics d. distance-vector routing protocols
d. distance-vector routing protocols
What does a measurement of +3 dB equal in power measured in mW? Select one: a. one half the power b. 3 times the power c. one third the power d. double the power
d. double the power
Which of the following best describes a one-way function? a. a bit string that prevents generation of the same ciphertext b. random bits used as input for key derivation functions c. generates secret keys from a secret value d. easy to compute but difficult and time consuming to reverse
d. easy to compute but difficult and time consuming to reverse
_ is defined as the positive difference in amplitude between two signals? Select one: a. fading b. attenuation c. reflection d. gain
d. gain
Which of the following is commonly used for verifying message integrity? a. registration authority b. CRL c. pseudorandom number generator d. hashing function
d. hashing function
_ is NOT a network defense function found in intrusion detection and prevention systems? Select one: a. detection b. response c. prevention d. identification
d. identification
_ is a sensor type that uses bandwidth throttling and alters malicious content? Select one: a. active only b. online only c. passive only d. inline only
d. inline only
_ is true about IEEE 802.11i? Select one: a. temporal key integrity protocol is used for encryption b. it uses WEP2 for authentication and encryption c. it uses PMK to generate data encryption keys d. it uses a symmetric block cipher for encryption
d. it uses a symmetric block cipher for encryption
What is a disadvantage of using a proxy server? a. shields internal host IP addresses b. can't filter based on packet content c. slows Web page access d. may require client configuration
d. may require client configuration
What should a company concerned about protecting its data warehouses and employee privacy might consider installing on the network perimeter to prevent direct connections between the internal network and the Internet? Select one: a. VPN server b. router c. ICMP monitor d. proxy server
d. proxy server
What is a downside to using Triple DES? a. using three keys decreases security b. uses only a 56-bit key c. goes through three rounds of encryption d. requires more processing time
d. requires more processing time
What Cisco router command encrypts all passwords on the router? a. enable secret password b. secure passwords enable c. crypto key passwords d. service password-encryption
d. service password-encryption
In which type of wireless attack does the attacker cause valid users to lose their connections by sending a forged deauthentication frame to their stations? Select one: a. jamming b. association flood c. MAC address spoofing d. session hijacking
d. session hijacking
Under which attack category does a UNIX Sendmail exploitation fall? Select one: a. multiple-packet attack b. single-packet attack c. bad header information d. suspicious data payload
d. suspicious data payload
Which of the following is true about asymmetric cryptography? a. the private key can be used to encrypt and decrypt a message b. a shared key is used to encrypt all messages and the private key decrypts them c. a single key is used and is transferred using a key management system d. the public key is used to encrypt a message sent to the private key owner
d. the public key is used to encrypt a message sent to the private key owner
_ is true about the SSID? Select one: a. they are found in control frames b. they are not found in beacon frames c. they are registered d. they can be Null
d. they can be Null
Which of the following is true about extended IP ACLs? a. the 'established' keyword is not available except on standard ACLs b. you can apply multiple outbound ACLs on a single interface c. the default inverse mask for the source is 0.0.0.0 d. they should be applied to an interface close to the traffic source
d. they should be applied to an interface close to the traffic source
Why might you want to allow extra time for setting up the database in an anomaly-based system? Select one: a. to add your own custom rule base b. it requires special hardware that must be custom built c. the installation procedure is usually complex and time consuming d. to allow a baseline of data to be compiled
d. to allow a baseline of data to be compiled
What is NIDPS?
network-based Intrusion Detection and Prevention System
What is a screening router? router placed between an untrusted network and an internal network.
screening router determines whether to allow or deny packets based on their source and destination IP addresses or other information in their headers
_ requires you to assist police by appearing in court or producing evidence?
subpoena
_ shows how devices are connected and includes an IP allocation register?
topology map
What is a dual-homed host?
A computer configured with more than one network interface.
What are the characteristics of a DMZ?
A semi-trusted subnet that lies outside the trusted internal network but is connected to the firewall to make services publicly available while still protecting the internal LAN.
_ best describes a Monte Carlo simulation?
An analytical method that simulates a real-life system for risk analysis
The process of reviewing records of network computer activity is called _?
Auditing
What is a bastion host? Computers that are accessible to untrusted hosts.
Computers that are accessible to untrusted hosts.
What are the phases of the system development life cycle? Needs Assessment System Design System Implementation Performance Monitoring Security audit
Needs Assessment System Design System Implementation Performance Monitoring
In which OSI model layer will you find the OSPF protocol?
Network Layer (Open Shortest Path First routing operates on IP)
is NOT among the six factors needed to create a risk analysis? Assets Threats Probabilities Vulnerabilities Consequences Security controls Personnel Profiles
Personnel Profiles
What is considered the first step in formulating a security policy?
RISK ANALYSIS
Which of the following is a network's ability to detect attacks when they occur and to evaluate the extent of damage and compromise?
Recognition
_ is NOT a step in threat and risk assessment? Asset definition Threat assessment Risk assessment Recommendations Resolution
Resolution
Which of the following is considered a flooded broadcast IP address? a. 255.255.255.255 b. 10.255.255.255 c. 200.15.6.255 d. FFFF.FFFF.FFFF
a. 255.255.255.255
Which IPsec component authenticates TCP/IP packets to ensure data integrity? Select one: a. AH b. ESP c. ISAKMP d. IKE
a. AH - Authentication Header (AH) is an IPsec component that authenticates TCP/IP packets to ensure data integrity
How much space is typically needed to store IDPS data? Select one: a. a gigabyte or more b. at least a terabyte c. a megabyte or two d. a few hundred Kilobytes
a. a gigabyte or more
Which aspect of hardening a Windows Web server allows you to restrict access to the web server based on IP address? a. access control b. authentication c. data confidentiality d. NTFS permissions
a. access control
What type of attack exploits a lack of bounds checking on the size of data stored in an array? a. buffer overflow b. phishing c. ActiveX control d. SQL injection
a. buffer overflow
What are the three primary goals of information security? a. confidentiality b. availability c. integrity d. impartiality
a. confidentiality b. availability c. integrity
What are the recommended security settings for Apache Web servers? Select all that apply a. create Web groups b. harden the underlying OS c. disable HTTP traces d. use the default standard Web page error messages
a. create Web groups b. harden the underlying OS c. disable HTTP traces
What is a reason that UDP is faster than TCP? a. it doesn't guarantee delivery b. it doesn't use port numbers c. the header is smaller d. it has a higher priority on the network
a. it doesn't guarantee delivery
Why is a bastion host the system most likely to be attacked? a. it is available to external users b. it contains the default administrator account c. it has weak security d. it contains company documents
a. it is available to external users
Which aspect of strengthening the performance of IDPS may involve degaussing? Select one: a. managing storage b. managing memory c. managing processors d. managing bandwidth
a. managing storage
Where should network management systems generally be placed? a. out of band b. in the server farm c. in the DMZ d. on the perimeter
a. out of band
What is the name of a storage area where viruses are placed by antivirus software so they cannot replicate or do harm to other files? a. quarantine b. firewall c. demilitarized zone d. recycle bin
a. quarantine
Which type of firewall policy calls for a firewall to deny all traffic by default? a. restrictive policy b. demilitarized policy c. perimeter policy d. permissive policy
a. restrictive policy
Why might you want your security system to provide nonrepudiation? a. so a user can't deny sending or receiving a communication(pg.11) b. to prevent a user from capturing packets and viewing sensitive information c. to trace the origin of a worm spread through email d. to prevent an unauthorized user from logging into the system
a. so a user can't deny sending or receiving a communication(pg.11)
What type of DNS configuration prevents internal zone information from being stored on an Internet-accessible server? a. split-DNS architecture b. anti-phishing DNS c. read-only zone d. caching DNS zone
a. split-DNS architecture
Which VPN topology is also known as a hub-and-spoke configuration? Select one: a. star b. partial mesh c. bus d. full mesh
a. star
How large is the IPv6 address space? a. 168 bits b. 128 bits c. 64 bits d. 32 bits
b. 128 bits
What type of attack involves plaintext scripting that affects databases? a. ActiveX control b. SQL injection c. phishing d. Java applet
b. SQL injection
What feature of the 13 DNS root servers enables any group of servers to act as a root server? a. broadcast addressing b. anycast addressing c. multicast addressing d. unicast addressing
b. anycast addressing
What is a critical step you should take on the OS you choose for a bastion host? a. customize the OS for bastion operation b. choose an obscure OS with which attackers are unfamiliar c. ensure all security patches are installed d. make sure it is the latest OS version
c. ensure all security patches are installed
Which of the following is a benefit of using centralized data collection to manage sensor data? Select one: a. must use a VPN to transport data b. less network traffic c. less administrative time d. data stays on the local
c. less administrative time
With which access control method do system administrators establish what information users can share? a. administrative access control b. discretionary access control c. mandatory access control d. role-based access control
c. mandatory access control
What should an outside auditing firm be asked to sign before conducting a security audit? Select one: a. search and seizure contract b. social engineering covenant c. nondisclosure agreement d. subpoena
c. nondisclosure agreement
What can an attacker use a port scanner to test for on a target computer? a. invalid IP addresses b. SYN flags c. open sockets d. ping floods
c. open sockets
What is the first packet sent in the TCP three-way handshake? a. ACK b. PSH c. RST d. SYN
d. SYN
Which field in the IP header is an 8-bit value that identifies the maximum amount of time the packet can remain in the network before it is dropped? a. ECN b. Options c. Fragment Offset d. TTL (Time to Live)
d. TTL (Time to Live)
What should you do when configuring DNS servers that are connected to the Internet in order to improve security? a. setup DNS proxy b. disable DNS buffers c. delete the DNS cache d. disable zone transfers
d. disable zone transfers
Which variation on phishing modifies the user's host file to redirect traffic? a. DNS phishing b. hijacking c. spear phishing d. pharming
d. pharming
What does a sliding window do in a TCP packet? a. ensures all packets are delivered b. ensures transmission reliability c. provides packet security d. provides flow control
d. provides flow control
Which type of security device can speed up Web page retrieval and shield hosts on the internal network? a. caching-only DNS server b. caching firewall c. DMZ intermediary d. proxy server
d. proxy server
How are the two parts of an IP address determined? a. host identifier b. network identifier c. routing table d. subnet mask
d. subnet mask
Which of the following is NOT an advantage of IPv6 versus IPv4? a. built-in security b. NAT is unnecessary c. larger address space d. supports static configuration
d. supports static configuration
What do you call a firewall that is connected to the Internet, the internal network, and the DMZ? a. multi-zone host b. three-way packet filter c. multi-homed proxy d. three-pronged firewall - A firewall with separate interfaces connected to an untrusted network, a semitrusted network, and a trusted network.
d. three-pronged firewall - A firewall with separate interfaces connected to an untrusted network, a semitrusted network, and a trusted network.
What tool do you use to secure remote access by users who utilize the Internet? a. DiD b. VPN c. DMZ d. IDS
b. VPN
Which is NOT a type of event that you would normally monitor? Select one: a. user account creation b. access to shared folders c. e-mail attachment handling d. antivirus scanning
b. access to shared folders
Which of the following is an improvement of TLS over SSL? Select one: a. uses only asymmetric encryption b. adds a hashed message authentication code c. requires less processing power d. uses a single hashing algorithm for all the data
b. adds a hashed message authentication code
Malware that creates networks of infected computers that can be controlled from a central station is referred to as _? a. logic bomb b. botnet c. Trojan d. packet monke
b. botnet
Which activity performed by VPNs encloses a packet within another packet? Select one: a. address translation b. encapsulation c. authentication d. encryption
b. encapsulation
What is a type of script that automates repetitive tasks in an application such as a word processor but can also be programmed to be a virus? a. worm b. macro c. back door d. Trojan
b. macro
Which of the following is NOT a reason for subnetting a network? a. increasing network security b. making larger groups of computers c. planning for growth d. controlling network traffic
b. making larger groups of computers
Which type of attack works by an attacker operating between two computers in a network and impersonating one computer to intercept communications? a. malicious port scanning b. man-in-the-middle c. remote procedure call d. denial of service
b. man-in-the-middle
Which is NOT typically an aspect of a security event management program? a. monitoring events b. managing IDPS firmware c. managing changed. d. managing data from sensors
b. managing IDPS firmware
What type of attack displays false information masquerading as legitimate data? a. SQL injection b. phishing c. buffer overflow d. Java applet
b. phishing
Which type of translation should you use if you need 50 computers in the corporate network to be able to access the Internet using a single public IP address? a. one-to-many NAT b. port address translation (Many-to-one NAT) c. one-to-one NAT d. DMZ proxy translation
b. port address translation (Many-to-one NAT)
Which network device works at the Application layer by reconstructing packets and forwarding them to Web servers? a. Layer 7 switch b. proxy server c. translating gateway d. ICMP redirector
b. proxy server
What should you consider installing if you want to inspect packets as they leave the network? a. security workstation b. reverse firewall c. filtering proxy router d. RIP
b. reverse firewall
Which type of firewall configuration protects public servers by isolating them from the internal network? a. dual-homed host b. screened subnet DMZ c. reverse firewall d. screening router
b. screened subnet DMZ
The process of testing a network defense system is referred to as which of the following? (pentest?) a. IDPS evaluation b. security auditing c. distributed data collection d. change management
b. security auditing
What is the TCP portion of a packet called? a. data b. segment c. frame d. header
b. segment
What term is best described as an attack that relies on the gullibility of people? a. back door b. social engineering c. malicious code d. script kiddie
b. social engineering
Which of the following is a security-related reason for monitoring and evaluating network traffic? Select one: a. to optimize your router and switch protocols b. to determine if your IDPS signatures are working well c. to see how many files employees download form the Internet d. to create substantial data to analyze
b. to determine if your IDPS signatures are working well
Which of the following is a top-level digital certificate in the PKI chain? a. DNSSEC resolver b. trust anchor c. RRSIG record d. security-aware resolver
b. trust anchor
What are the two modes in which IPsec can be configured to run? Select one: a. header and payload b. tunnel and transport c. client and server d. transit and gateway
b. tunnel and transport
What type of DNS server is authoritative for a specific domain? a. initial b. read-only c. primary d. secondary
c. primary
What is a step you can take to harden a bastion host? a. open several ports to confuse attackers b. enable additional services to serve as honeypots c. remove unnecessary services d. configure several extra accounts with complex passwords
c. remove unnecessary services
What is a VPN typically used for? a. detection of security threats b. filter harmful scripts c. secure remote access d. block open ports
c. secure remote access
What is a zone transfer? a. copying host file data to another system b. the movement of e-mail from one domain to another c. updating a secondary DNS server d. backing up an SQL data file
c. updating a secondary DNS server