Network 4
87: X Incorrect Which of the following applications typically use 802.1x authentication? (Select two.) Controlling access through a switch Authenticating remote access clients Controlling access through a router Authenticating VPN users through the internet Controlling access through a wireless access point
802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. 802.1x is used for port authentication on switches and authentication to wireless access points. 802.1x requires an authentication server for validating user credentials. This server is typically a RADIUS server. Remote access authentication is handled by remote access servers or a combination of remote access servers and a RADIUS server for centralized authentication. VPN connections can be controlled by remote access servers or by a special device called a VPN concentrator. REFERENCES LabSim for Network Pro, Section 13.5. •
113: Correct Which option is a program that appears to be a legitimate application, utility, game, or screensaver and performs malicious activities surreptitiously? Worm ActiveX controls Outlook Express Trojan horse
A Trojan horse is a program that appears to be a legitimate application, utility, game, or screensaver, but performs malicious activities surreptitiously. Trojan horses are very common on the internet. To keep your systems secure and free from such malicious code, you need to take extreme caution when downloading any type of file from just about any site on the internet. If you don't fully trust the site or service that is offering a file, don't download it. Outlook Express is an email client found on Windows . A worm is a type of malicious code whose primary purpose is to duplicate itself and spread, but does not necessarily intentionally damaging or destroying resources. ActiveX controls are web applications written in the framework of ActiveX. REFERENCES LabSim for Network Pro, Section 13.3. •
7: Correct Which of the following is not an example of a physical barrier access control mechanism? One-time passwords Biometric locks Fences Mantraps
A one-time password is a logical or technical access control mechanism, not a physical barrier access control mechanism. A biometric lock is an entry way security device that keeps a door or gate locked until an authorized individual provides a valid biometric, such as a hand scan. A mantrap is a small room with two doors. Authorized users must authenticate to enter the room and then further authenticate to exit the room and enter the secured environment. If the second authentication fails, the intruder is retained in the room until authorities respond. A fence is a perimeter protection device designed to deter intruders and define the boundary of protection employed by an organization. REFERENCES LabSim for Network Pro, Section 13.1. •
10: Correct What is the primary benefit of CCTV? Reduces the need for locks and sensors on doors. Provides a corrective control. Expands the area visible to security guards. Increases security protection throughout an environment.
A primary benefit of CCTV is that it expands the area visible to security guards. This helps few guards oversee and monitor a larger area. CCTV does not reduce the need for locks and sensors on doors. CCTV does not provide a corrective control (it is a preventative , deterrent, or detective control). CCTV does not increase security protection throughout an environment only in the area where it is aimed. REFERENCES LabSim for Network Pro, Section 13.1. •
55: X Incorrect Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this? Rogue access point Man-in-the-middle Social engineering Physical security Phishing
A rogue access point is an unauthorized access point added to a network or an access point that is configured to mimic a valid access point. Examples include: • An attacker or an employee with access to the wired network installs a wireless access point on a free port. The access port then provides a method for remotely accessing the network. • An attacker near a valid wireless access point installs an access point with the same (or similar) SSID. The access point is configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point. • An attacker configures a wireless access point in a public location, then monitors traffic of those who connect to the access point. A man-in-the-middle attack is used to intercept information passing between two communication partners. A rogue access point might be used to initiate a man-in-the-middle attack, but in this case the rogue access point was connected without malicious intent. Social engineering exploits human nature by convincing someone to reveal information or perform an activity . Phishing uses an email and a spoofed website to gain sensitive information. REFERENCES LabSim for Network Pro, Section 10.6. •
111: X Incorrect Which of the following are characteristics of a rootkit? (Select two.) Hides itself from detection . Requires administrator-level privileges for insta llation . Uses cookies saved on the hard drive to track user preferences. Monitors user actions and opens pop-ups based on user preferences.
A rootkit is a set of programs that allows attackers to maintain permanent administrator-level hidden access to a com puter. A rootkit: • Is almost invisible software. • Resides below regular antivirus software detection. • Requires administrator privileges to install, then maintains those privileges to allow subsequent access. • Might not be malicious. • Often replaces operating system files with alternate versions that allow hidden access. Spyware collects various types of personal info rmation , such as internet surfing habits and passwords, and sends the information back to its originating source. Adware monitors actions that denote personal preferences, then sends pop-ups and ads that match those preferences. Both Spyware and adware can use cookies to collect and report a user's activities. REFERENCES LabSim for Network Pro, Section 13.3. •
119: Correct While browsing the intern et, you notice that the browser displays ads linked to recent keyword searches you have performed. Which attack type is this an example of? Zombie Adware Logic bomb Worm
Adware monitors actions that denote personal preferences, then sends pop-ups and ads that match those preferences. Adware : • Is usually passive. • Is privacy-invasive soft ware. • Is installed on your machine when you visit a particular website or run an application. • Is usually more annoying than harmful. A logic bomb is designed to execute only under predefined conditions and lays dormant until the predefined condition is met. A worm is a self-replicating virus. A zombie is a computer that is infected with malware that allows remote software updates and control by a command and control center called a zombie master. REFERENCES LabSim for Network Pro, Section 13.3. •
105: Correct An attacker captures packets as they travel from one host to another with the intent of altering the contents of the packets. Which type of attack is being executed? Man-in-the-middle attack Passive logging Spamming Distributed denial of service
Capturing packets between two existing communication partners is a form of man-in-the middle attack. This attack's name comes from the way traffic is intercepted somewhere between or in the middle of the two communicating partners. The best way to protect a system from man-in-the middle attacks is to use session encryption or line encryption solutions. Passive logging is a means of recording information about network traffic or operations in a system without affecting either in any way. REFERENCES LabSim for Network Pro, Section 13.3. •
28: Correct Dumpster diving is a low-tech means of gathering information that may be useful for gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? Establish and enforce a document destruction poli cy. Create a strong password policy. Mandate the use of Integrated Windows Authentication . Secure all terminals with screensaver passwords.
Dumpster diving is best addressed by a document destruction policy. All sensitive documents should be shredded or burned, and employees should be trained on the proper use of disposal equipment and the policies governing the disposal of sensitive information. A strong password policy, authentication types, and screensaver passwords are not enough to prevent the risk associated with dumpster diving. Username and password complexity efforts are wasted if employees document and dispose of this information in an insecure fashion. REFERENCES LabSim for Network Pro, Section 13.2. •
79: Correct Which of the following is a platform independent authentication system that maintains a database of user accounts and passwords that centralizes the maintenance of those accounts? EAP RRAS NAS RADIUS
The Remote Authentication Dial-In User Service (RADIUS) is an authentication system that allows the centralization of remote user account management. The Routing and Remote Access Service (RRAS) is a software component on a Windows Server system that provides remote access capabilities for users. A network access server (NAS) is a server or other system that acts as a gateway for remote user connections. The NAS passes authentication requests to the RADIUS server, which then checks the credentials of the user attempting to connect. NAS is also an acronym for network attached storage. Extensible authentication protocol (EAP) is an authentication protocol that supports the use of devices such as smart cards. It does not maintain a database of user accounts and passwords. REFERENCES LabSim for Network Pro, Section 13.5. •
42: Correct What is the least secure place to locate an access point with an omni-directional antenna when creating a wireless cell? In common or community work areas In the center of the building Near a window Above the 3rd floor
The least secure location for a wireless cell access point is against a perimeter wall. Placement near a window would be the worst option from this list of selections. For the best security , access points that use directional antennae would be a more appropriate choice for placement near an exterior wall. This placement reduces the likelihood that the wireless ce ll's access radius will extend outside of the physical borders of your environment. It is important to place wireless cell access points where they are needed, such as in a common or community work area. REFERENCES LabSim for Network Pro, Section 10.6. •
90: Correct Which of the following identification and authentication factors are often well-known or easily discovered by others on the same network or system? PGP secret key Password Username Biometric reference profile
The username is typically the least protected identification and authentication factor. Because of this, it is often well-known or easy to discover, especially by others on the same network or system. The key to maintaining a secure environment is to keep authentication factors secret. Often, usernames are constructed using a standard naming convention, such as first and middle initials plus the full last name, or the first name and last name separated by a period. If these simple construction conventions are known, building usernames from an employee list is very simple. Passwords, your PGP secret key, and your biometric reference profile are less likely to be well known or easy to discover than your username. REFERENCES LabSim for Network Pro, Section 13.5. •
37: Correct In which of the following situations would you use port security? You want to prevent MAC address spoofing. You want to prevent sniffing attacks on the network. You want to restrict the devices that could connect through a switch port. You want to control the packets sent and received by a router .
Use port security on a switch to restrict the devices that can connect to a switch. Port security uses the MAC address to identify allowed and denied devices. When an incoming frame is received, the switch examines the source MAC address to decide whether to forward or drop the fram e. Port security cannot prevent sniffing or MAC address spoofing attacks. Use an access list on a router to control sent and received packets. REFERENCES LabSim for Network Pro , Section 14.3. •
8: Correct You want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions? 500 resolution, 50mm, .05 LUX 500 resolution, 50mm, 2 LUX 400 resolution, 10mm, 2 LUX 400 resolution, 10mm, .05 LUX
When you select cameras, be aware of the following characteristics: • The resolution is rated in the number of lines included in the image. In general, the higher the resolution, the sharper the image. • The focal length measures the magnification power of a lens. The focal length controls the distance that the camera can see, as well as how much detail can be seen at a specific range. A higher focal length lets you see more detail at a greater distance. • LUX is a measure of sensitivity to light. The lower the number, the less light is needed for a clear image. REFERENCES LabSim for Network Pro, Section 13.1. •
85: Correct Which of the following are used when implementing Kerberos for authentication and authorization? (Select two.) RADIUS or TACACS+ server Ticket granting server PPPoE PPP Time server
Kerberos grants tickets (also called a security token) to authenticated users and to authorized resources. A ticket granting server (TGS) grants tickets that are valid for specific resources on specific servers. Kerberos requires that all servers within the process have synchronized clocks to validate tickets, so a centralized time server or other method for time synchronization is required. Both RADIUS and TACACS+ are protocols used for centralized authentication, authorization , and accounting used with remote access. PPP and PPPoE are protocols used for remote access connections. REFERENCES LabSim for Network Pro, Section 13.5. •
84: X Incorrect Which of the following authentication methods uses tickets to provide single sign-on? Kerberos MS-CHAP P-Ki 802.1x
Kerberos grants tickets (also called security tokens) to authenticated users and to authorized resources. Kerberos uses the following components: • An authentication server (AS) accepts and processes authentication requests. • A service server (SS) is a server that provides or holds network resources. • A ticket granting server (TGS) grants tickets that are valid for specific resources on specific servers. 802.1xis an authentication mechanism for controlling port access. 802.1x uses RADIUS/TACACS+ servers. MS-CHAP is Microsoft's proprietary method for remote access connections. MS-CHAP uses a three-way handshake (challenge/response) to perform authentication using a hashed form of a shared secret (password) . A Public Key Infrastructure (PKI) is a system of certificate authorities that issue certificates, but is not a mechanism used for authentication. REFERENCES LabSim for Network Pro, Section 13.5. •
78: X Incorrect You are a contractor that has agreed to implement a new remote access solution based on a Windows Server 2016 system for a client. The customer wants to purchase and install a smart card system to provide a high level of security to the implementation. Which of the following authentication protocols are you most likely to recommend to the client? CHAP EAP MS-CHAP PPP
Of the protocols listed, only EAP provides support for smart card authentication. The Microsoft Challenge Handshake Protocol (MS-CHAP) and the Challenge Handshake Protocol (CHAP) use a three-way handshake for authentication purposes. They do not support the use of smart car ds. The point-to-point protocol (PPP) is a remote access protocol that uses usernames and passwords for authentication. It does not support the use of smart cards. REFERENCES LabSim for Network Pro, Section 13.5. •
72: Correct You have just signed up for internet access using a local provider that gives you a fiber optic line into your house. From there, Ethernet and wireless connections are used to create a small network within your home. Which of the following protocols would be used to provide authentication, authorization, and accounting for the internet connection? RDP PPP L2TP PPPoE ICA
PPP over Ethernet (PPPoE) is used for connections that have an always on state, such as DSL or fiber optic running Ethernet. PPPoE is a modification of PPP that allows for negotiation of additional parameters that are typically not present on a regular Ethernet network. ISPs typically implement PPPoE to control and monitor internet access over broadband links. The point-to-point protocol (PPP) is used for dial-up connections. RDP and ICA are Remote Desktop protocols. L2TP is a VPN protocol. REFERENCES LabSim for Network Pro, Section 11.4. •
89: Correct Which of the following is the most common form of authentication? Fingerprint Digital certificate on a smart card Photo ID Password
Passwords are the most common form of authentication . Most secure systems require only a username and password to provide users with access to the computing environment. Many forms of online intrusion attacks focus on stealing passwords. This makes using strong passwords very im portant. Without a strong password policy and properly trained users, the reliability of your security system is greatly diminished. Photo ID, fingerprint, and digital certificate on a smart card are not the most common forms of authentication. REFERENCES LabSim for Network Pro, Section 13.5. •
23: Correct Users on your network report that they have received an email stating that the company has just launched a new website. The email asks employees to click the website link in the email and log in using their username and password . No one in your company has sent this email. What type of attack is this? Phishing Smurf Man-in-the-middle Piggybacking
Phishing uses an email and a spoofed website to obtain sensitive information. In a phishing attack : • A fraudulent message that appears to be legitimate is sent to a target. • The message guides the target to a website that appears to be legitimate. • The fraudulent website asks the victim to provide sensitive info rmation , such as an account number and passwor d. Piggybacking refers to an attacker entering a secured building by following an authorized em ployee. A man-in-the-middle attack is used to intercept information passing between two communication partners. A Smurf attack is a DRDoS attack that spoofs the source address in ICMP packets. REFERENCES LabSim for Network Pro, Section 13.2. •
82: X Incorrect You want to implement an authentication method that uses public and private key pairs. Which authentication method should you use? m EAP MS-CHAP v2 IPsec
Public and private key pairs are used by certificates for authentication and encryption. Extensible authentication protocol (EAP) allows the client and server to negotiate the characteristics of authentication . EAP is used to allow authentication using smart car ds, biometrics (user physical characteristics), and certificate-based authentication. MS-CHAP is Microsoft's proprietary method for remote access connections. MS-CHAP uses a three way handshake (challenge/response) to perform authentication using a hashed form of a shared secret (password). A Public Key Infrastructure (PKI) is a system of certificate authorities that issue certificates, but is not a mechanism used for authentication . IPsec is a tunneling protocol used for VPN connections that provides encryption and a weak form of authentication using certificates, but is not used specifically for authentication. REFERENCES LabSim for Network Pro, Section 13.5. •
58: Correct Which of the following protocols or mechanisms is used to provide security on a wireless network? (Select three.) RDP IPsec WPA 802.1x
Remote Desktop Protocol (RDP) is used by Microsoft Windows Terminal Services applications, such as Remote Desktop . It is not used to provide security on wireless networks. IPsec is an encryption and authentication mechanism designed to provide security for the TCP/IP protocol suite. It is often used on wireless networks to ensure data integrity and authenticity. Wi-Fi Protected Access (WPA) is a robust security protocol designed to provide additional security to wireless networks. WPA authenticates devices to the wireless network and provides encryption services to protect data as it travels across the wireless network. 802.1x is an authentication mechanism for wireless networks. 802.1x generally uses a Remote Authentication Dial-In User Service (RADIUS) server to authenticate users to the wireless network. REFERENCES LabSim for Network Pro , Section 10.6. •
41: Correct Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients? WEP, WPA Personal, and WPA2 Personal WPA Enterprise and WPA2 Enterprise WPA Personal and WPA2 Enterprise WEP, WPA Personal, WPA Enterprise, WPA2 Personal, and WPA2 Enterprise
Shared key authentication can be used with WEP, WPA, and WPA2. Shared key authentication used with WPA and WPA2 is often called WPA Personal or WPA2 Personal. WPA Enterprise and WPA2 Enterprise use 802.1x for authentication. 802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. REFERENCES LabSim for Network Pro, Section 10.6. •
96: Correct Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. PIN Something you know Smart card Something you have Password Something you know Retina scan Something you are Fingerprint scan Something you are Hardware token Something you have Username Something you know Voice recognition Something you are Wi-Fi triangulation Somewhere you are Typing behaviors Something you do
Something you know authentication requires you to provide a password or some other data. This is the weakest type of authentication. Examples of something you know authentication controls are: • Passwords, codes, or IDs • PINs • Passphrases (long, sentence-length passwords) Something you have (also called token-based authentication) is authentication based on something users have in their possession. Examples of something you have authentication controls are: • Swipe cards • Photo IDs • Smart cards • Hardware tokens Something you are authentication uses a biometric system. A biometric system attempts to identify a person based on metrics or a mathematical representation of the subject's biological attribute . This is the most expensive and least accepted form of authentication, but is generally considered to be the most secure. Common attributes used for biometric systems are: • Fingerprints • Hand topology (side view) or geometry (top-down view) • Palm scans • Retina scans • Iris scans • Facial scans • Voice recognition Somewhere you are (also known as geolocation) is a supplementary authentication factor that uses physical location to verify a user's identity. Examples of implementations include: • An account is locked unless the user has passed through the building's entrance using an ID card. • If the user is within RFID range of the workstation, authentication requests are allowe d. • GPS or Wi-Fi triangulation location data is used to determine a device's location. If the user and the device are in a specified location, authentication requests are allowed. If not, the device is locked. Something you do is a supplementary authentication factor that requires an action to verify a user's identity. Example implementations include: • Analyzing a user's handwriting sample against a baseline sample before allowing authentication. • Analyzing a user's typing behaviors against a baseline sample before allowing authentication. REFERENCES LabSim for Network Pro, Section 13.5. •
71: X Incorrect Which of the following protocols or services is commonly used on cable internet connections for user authentication? RDP P-W PPPoE RRAS
The point-to-point protocol over Ethernet (PPPoE) is commonly used on cable internet connections for user authentication. Like its dial-up counterpart, the point-to-point protocol (PPP), PPPoE requires that users provide authentication information before a connection is granted. The Routing and Remote Access Service (RRAS) is a software program used on Windows systems to provide remote connectivity capabilities to users. Although it could be used for authentication services on a cable internet access system, it is not commonly used for this purpose. The point-to point protocol (PPP) is a user authentication system commonly deployed on dial-up remote access connections. Remote Desktop Protocol (RDP) is the protocol used by Windows Terminal Services applications, including Remote Desktop . REFERENCES LabSim for Network Pro, Section 11.4. •
118: X Incorrect What is the primary distinguishing characteristic between a worm and a logic bomb? Self-replicates Spreads via email Masquerades as a useful program Causes incidental damage to resources
The primary distinguishing characteristic between a worm and a logic bomb is self -repli cati on. Worms are designed to replicate and spread as quickly and as broadly as possible. Logic bombs do not self-re plicate . They are designed for a specific single system or type of system. Once planted on a system , it remains there until it is triggered. Both worms and logic bombs can be spread via email, both may cause incidental damage to resources, and while either may be brought into a system as a parasite on a legitimate program or file, the worm or logic bomb itself does not masquerade as a useful program. REFERENCES LabSim for Network Pro, Section 13.3. •
77: X Incorrect When using Kerberos authentication , which of the following terms is used to describe the token that verifies the user's identity to the target system? Ticket Hashkey Coupon Voucher
The tokens used in Kerberos authentication are known as tickets . Tickets perform a number of functions, including notifying the network service of the user who has been granted access and authenticating the identity of the person when they attempt to use that network service . The terms coupon and voucher are not associated with Kerberos or any other commonly implemented network authentication system. The term hashkey is sometimes used to describe a value that has been derived from some piece of data if the value is used to access a service, but the term hashkey is not associated with Kerberos. REFERENCES LabSim for Network Pro , Section 13.5. •
53: Correct This question includes an image to help you answer the question. View Image You are designing a wireless network implementation for a small business. The business deals with sensitive customer information, so data emanation must be reduced as much as possible. The floor plan of the office is shown below. Match each type of access point antenna on the left with the appropriate location on the floor plan on the right. Each antenna type can be used once, more than once, or not at all. A B C Directional Directional Omni- directional D E Directional Directional F G Directional Directional
There are three types of antennas you should be aware of: • A directional antenna creates a narrow, focused signal in a particular direction. The focused signal provides greater signal strength, increasing the transmission distance. It provides a stronger point-to-point connection, better equipping devices to handle obstacles. • An omni-directional antenna disperses the RF wave in an equal 360-degree pattern. It is used to provide access to many clients in a radius. • A parabolic antenna uses a parabolic reflector shaped like a dish. It is highly directional, concentrating the radio waves transmitted from the sender into a very narrow beam. Using a parabolic antenna on the receiver restricts it to receiving radio signals from only a single, very specific direction. It supports very high gain radio signals that can be transmitted over long distances, but requires a clear line-of-sight (LOS) between the sender and the receiver. In this scenario, data emanation can be reduced as follows: • Directional antennae should be implemented along the perimeter of the office in locations A, B, D, E, F, and G with the radio pattern aimed towards the center of the office. • An omnidirectional antenna can be implemented in the center of the office in location C. • A parabolic antenna is not appropriate in this scenario and should not be implemented. A site survey should be conducted to verify that the radio signal from all of the access points does not emanate excessively outside the office. REFERENCES LabSim for Network Pro, Section 10.6. •
116: Correct You have heard about a new malware program that presents itself to users as a virus scanner. When users run the software, it installs itself as a hidden program that has administrator access to various operating system components. The program then tracks system activity and allows an attacker to remotely gain administrator access to the computer. Which of the following terms best describes this software? Spyware Botnet Privilege escalation Rootkit Trojan horse
This program is an example of a rootkit. A rootkit is a set of programs that allows attackers to maintain permanent administrator-level hidden access to a computer. Rootkits require administrator access for installation and typically gain this access using a Trojan horse approach,masquerading as a legitimate program to entice users to install the software. While this program is an example of a Trojan horse that also performs spying activities (i.e. spyware), the ability to hide itself and maintain administrator access makes rootkit a better description for the software. A botnet is a group of zombie computers that are commanded from a central control infrastructure . REFERENCES LabSim for Network Pro, Section 13.3. •
19: X Incorrect Which of the following is the most important way to prevent console access to a network switch? Implement an access list to prevent console connections. Disconnect the console cable when not in use. Set console and enable secret passwor ds. Keep the switch in a room that is locked by a keypad.
To control access to the switch console, you must keep it in a locked room. A console connection can only be established with a direct physical connection to the device. If the switch is in a locked room, only those with access will be able to make a console connection. In addition, even if you had set console passwor ds, users with physical access to the device could perform password recovery and gain access. REFERENCES LabSim for Network Pro, Section 13.1. •
S: X Incorrect Which of the following is a secure doorway that can be used with a mantrap to allow easy exit, but actively prevent re-entrance through the exit portal? Egress mantraps Turnstiles Electronic access control doors Locked doors with interior unlock push-bars
Turnstiles allow easy egress from a secured environment but actively prevent re-entrance through the exit portal. Turnstiles are a common exit portal used with entrance portal mantraps. A turnstile cannot be used to enter into a secured facility, as it only functions in one directi on. Egress mantraps are not easy egress portals. Plus, they are a tremendous unnecessary expense and administrative burden. Any form of door, including self-locking doors with push-bars or credential readers, can be hijacked to allow an outsider to enter. REFERENCES LabSim for Network Pro, Section 13.1. •
22: Correct How can an organization help prevent social engineering attacks? (Select two.) Implement IPsec on all critical systems Educate employees on the risks and countermeasures Publish and enforce clearly written security policies Utilize 3DES encryption for all user sessions
User training and policy enforcement are the keys to preventing social engineering attacks. Many users are not aware of social engineering risks. Training raises awareness, provides clear instructions for dealing with and reporting suspicious activity, and directly supports all published security policies. Technical countermeasures protect against automated attacks. Social engineering seeks to gain access by exploiting human nature. REFERENCES LabSim for Network Pro, Section 13.2. •
98: Correct You have worked as the network administrator for a company for seven months. One day, all picture files on the server become corrupted. You discover that a user downloaded a virus from the internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss is adamant that no more events like this one take place. What should you do? Allow users to access the internet only from terminals that are not attached to the main network. Disconnect the user from the internet. Install a network virus detection software solution. Install a firewall.
Virus detection software can almost eliminate the threat of viruses on your network. Versions exist that automatically update virus databases every time you connect to the internet. A network solution is preferable because it is less expensive and easier to administer than individual workstation software. REFERENCES LabSim for Network Pro, Section 13.3. •
11: Correct You want to use CCTV as a preventative security measure. Which of the following is a requirement for your plan? Security guards Sufficient lighting PTZ camera Low LUX or infrared camera
When used in a preventative way, you must have a guard or other person available who monitors one or more cam eras. Only a security guard can interpret what the camera sees to make appropriate security decisions. Even with sufficient lighting on a low-lux or infrared camera, a camera is not a useful preventative measure without a security guard present to interpret images and make security decisions. A pan tilt zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas . REFERENCES LabSim for Network Pro, Section 13.1. •
52: Correct You are the wireless network administrator for your organization. As the size of the organization has grown, you've decided to upgrade your wireless network to use 802.1x authentication instead of using preshared keys. To do this, you need to configure a RADIUS server and RADIUS clients. You want the server and the clients to mutually authenticate with each other. What should you do? (Select two. Each response is a part of the complete solution.) Configure the RADIUS server with a preshared key. Configure all RADIUS clients with a preshared key. Configure all wireless access points with client certi fi cates . Configure the RADIUS server with a server certi fi cate . Configure all wireless workstations with client certificates.
When using 802.1x authentication for wireless networks, a RADIUS server is implemented to centralize authentication. A centralized authentication database is used to allow wireless clients to roam between cells and authenticate to each using the same account information. PKI is required for issuing certificates. At a minimum, the RADIUS server must have a server certificate; however, to support mutual authentication, each RADIUS client must also have a certificate. Remember that each wireless access point in a RADIUS solution is a RADIUS client, not the wireless devices. The wireless access points forward the credentials from wireless devices to the RADIUS server for authentication. Preshared keys are not used for authentication in an 802.1x solution. REFERENCES LabSim for Network Pro, Section 10.6. •
102: Correct Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring? Denial of service attack Brute force attack Privilege escalation Man-in-the-middle attack
A denial of service attack either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring. A brute force attack tries every valid key or code sequenced in an attempt to discover a password or encryption key. Brute force attacks will always be successful given enough time (however, enough time could be millennia). A man-in-the-middle attack involves a third party placing themselves between two legitimate communication partners in order to intercept and possibly alter their transmissions. Privilege escalation is when a user steals or otherwise obtains high-level privileges in a computer syste m. REFERENCES LabSim for Network Pro, Section 13.3. •
9: Correct You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position . Which camera type should you choose? C-mount Dome PTZ Bullet
A pan tilt zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas (cameras without PTZ capabilities are manually set looking a specific direction). Automatic PTZ mode automatically moves the camera between several preset locations; manual PTZ lets an operator remotely control the camera positon. A bullet camera has a built-in lens and is long and round in shape. Most bullet cameras can be used indoors or outdoors . Ac-mount camera has interchangeable lenses and is typically rectangular in shape. Most c-mount cameras require a special housing to be used outdoors. A dome camera is a camera protected with a plastic or glass dome. These cameras are more vandal resistant than other cameras. PTZ cameras can be bullet, c-mount, or dome ca meras . REFERENCES LabSim for Network Pro, Section 13.1. •
32: Correct An all-in -one security appliance is best suited for which type of implementation? An office with a dedicated network closet. A remote office with no on-site technician. A credit card company that stores customer data . A company that transmits large amounts of time-sensitive data.
All-in one security appliances are best suited for small offices with limited space or a remote office without a technician to manage the individual security com ponents. A company with a dedicated network closet would have the spaced necessary for multiple networking devices. A company that handles large amounts of data should use dedicated devices to maintain optimal perfo rmance . A credit card company should use dedicated security devices to secure sensitive data. REFERENCES LabSim for Network Pro, Section 8.2. •
18: Correct Which of the following inter-facility system would prevent an access cardholder from giving their card to someone after they have gained access? Mantrap Turnstile Double entry door Anti-passback system
An anti-passback system is used when a physical access token is required for entry, and prevents a card holder from passing their card back to someone else. A mantrap is a specialized entrance with two doors that creates a security buffer zone between two areas . Once a person enters into the space between the doors, both doors are locke d. To enter the facility, authentication must be provided. This may include visual identification and identification cre dentials . A turnstile is a barrier that permits entry in only one direction. Turnstiles are often used to permit easy exit from a secure area. Entry is controlled through a mantrap or other system that requires authentication for entry . A double entry door has two doors that are locked from the outside but with crash bars on the inside that allow easy exit. Double entry doors are typically used only for emergency exits, and alarms sound when the doors are opened. REFERENCES LabSim for Network Pro, Section 13.1. •
83: X Incorrect You have a web server that will be used for secure transactions for customers who access the website over the internet. The web server requires a certificate to support SSL. Which method would you use to get a certificate for the server? Have the server generate its own certificate. Obtain a certificate from a public PKI. Run a third-party tool to generate the certi fi cate . Create your own internal PKI to issue certificates.
Computers must trust the CA that issues a certi fi cate . For computers that are used on the internet and accessible to public users, obtain a certificate from a public CA such as VeriSign. By default , most computers trust well-known public CAs . Use a private PKI to issue certificates to computers and users within your own organization. You configure computers to trust your own PKI, so certificates issued by your internal CAs are automatically trusted. A certificate generated by a server is called a self-signed cert ificate . A self signed certificate provides no proof of identity because any other server can claim to be that server just by issuing itself a certificate. REFERENCES LabSim for Network Pro, Section 13.5. •
38: X Incorrect You are the network administrator for a city library. Throughout the library, there are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do to fix this problem? Create a VLAN for each group of four computers. Configure port security on the switch . Create static MAC addresses for each computer and associate them with a VLAN. Remove the hub and place each library computer on its own access port.
Configuring port security on the switch can restrict access so that only specific MAC addresses can connect to the configured switch port. This would prevent the laptop computers from being permitted connectivity. Placing each library computer on its own access port would have no affect. VLANs are used to group broadcast traffic and do not restrict device connectivity as this scenario requires. REFERENCES LabSim for Network Pro, Section 14.3. •
97: X Incorrect Which remote access authentication protocol allows for the use of smart cards for authentication? PPP EAP Q::{.A.g PAP SLIP
Extensible authentication protocol (EAP) is a set of interface standards that allows you to use various authentication methods, including smartcards, biometrics, and digital certificates. Password authentication protocol (PAP) transmits logon credentials in clear text. Challenge handshake authentication protocol (CHAP) protects logon credentials using a hash and allows for periodic re-authentication. Point-to-point protocol (PPP) and serial line interface protocol (SLIP) are not remote access authentication protocols. They are used to establish the connection, but do not provide authentication. REFERENCES LabSim for Network Pro, Section 13.5. •
25: X Incorrect Which of the following is not a form of social engineering? A virus hoax email message Impersonating a user by logging on with stolen credentials Impersonating a manager over the phone Impersonating a utility repair technician
Impersonating a user by logging on with stolen credentials is not a social engineering att ack. It is an intrusion attack made possible by network packet capturing or obtaining logon credentials through social engineering. Impersonating someone over the phone or in person are easily recognizable forms of social engineering. A virus hoax email message is also a form of social engineering because it attacks people by exploiting common the weaknesses of fear and ignorance. REFERENCES LabSim for Network Pro, Section 13.2. •
107: Correct Which of the following describes a man-in-the-middle attack? A person over the phone convinces an employee to reveal their logon credentials. Malicious code is planted on a system, where it waits for a triggering event before activating. A false server intercepts communications from a client by impersonating the intended server . An IP packet is constructed that is larger than the valid size.
A false server intercepts communications from a client by impersonating the intended server is a form of man-in-the-middle attack. Convincing an employee over the phone to reveal his logon credentials is an example of a social engineering attack. Constructing an IP packet which is larger than the valid size is a land attack (a form of DoS). Planting malicious code on a system where it waits for a triggering event before activating is a logic bomb. REFERENCES LabSim for Network Pro, Section 13.3. •
30: Correct On your way into the back entrance of the building at work one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do? Tell him no and quickly close the door. Let him in and help him find the restroom. Then let him work. Let him in. Direct him to the front entrance and instruct him to check in with the receptionist.
You should direct him to the front entrance, where he can check in with the proper people at your organization. Letting him in without knowing if he should be there could compromise security. Turning him away would be unprofessional. REFERENCES LabSim for Network Pro, Section 13.2. Phishing An attacker sends an email pretending to be from a trusted organization, asking users to access a website to verify personal information. Whaling An attacker gathers personal information about the target individual, who is a CEO. Spear phishing An attacker gathers personal information about the target individual in an organization. Dumpster diving An attacker searches through an organization's trash for sensitive info rmation . Piggybacking An attacker enters a secure building by following an authorized employee through a secure door without providing identifi cati on. Vishing An attacker uses a telephone to convince target individuals to reveal their credit card info rmation . EXPLANATION Specific social engineering attacks include the following: Dumpster Diving Dumpster diving is the process of looking in the trash for sensitive information that has not been properly disposed of. Tailgating and Piggybacking Piggybacking and tailgating refer to an attacker entering a secured building by following an authorized employee through a secure door and not providing identification. Piggybacking usually implies consent from the authorized employee, whereas tailgating implies no consent from the authorized employee. Phishing A phishing scam is an email pretending to be from a trusted organization, asking the user to verify personal information or send money. In a phishing attack: • A fraudulent message that appears to be legitimate is sent to a target. • The message requests that the target visit a fraudulent website (which also appears to be legitimate). Graphics, links, and websites look almost identical to the legitimate websites they are trying to represent. • The fraudulent website requests that the victim provide sensitive information, such as an account number and password. Common phishing scams include the following: • A rock phish kit is a fake website that imitates a real website (such as banks, PayPal, eBay, and Amazon). Phishing emails direct you to the fake website to enter account information. A single server can host multiple fake sites using multiple registered DNS names. These sites can be set up and taken down rapidly to avoid detection. • A Nigerian scam, also known as a 419 scam, involves email that requests a small amount of money to help transfer funds from a foreign country. For your assistance, you are to receive a reward for a much larger amount of money that will be sent to you at a later date. • In spear phishing, attackers gather information about the victim, such as which online banks they use. They then send phishing emails for the specific bank. • Whaling is another form of phishing that is targeted to senior executives and high-profile victims. • Vishing is similar to phishing. But instead of an email, the attacker uses Voice over IP (VoIP) to gain sensitive information. The term is a combination of voice and phishing. • Spear Phishing Spear phishing's goal is to gain access to information that will allow the attacker to gain commercial advantage or commit fraud. Spear phishing frequently involves sending seemingly genuine emails to all employees or members of specific teams. •
108: Correct What is another name for a logic bomb? Asynchronous attack DNS poisoning Trojan horse Pseudo flaw
A logic bomb is a specific example of an asynchronous attack. An asynchronous attack is a form of malicious attack where actions taken at one time do not cause their intended, albeit negative, action until a later time. A pseudo flaw is a form of IDS to detect when an intruder attempts to perform a common but potentially dangerous administrative task. DNS poisoning is the act of inserting incorrect domain name or IP address mapping information into a DNS server or a client's cache. A Trojan horse is any malicious code embedded inside of a seemingly benign carrier. None of these issues is a synonym for a logic bomb. REFERENCES LabSim for Network Pro, Section 13.3. •
74: Correct You want to increase the security of your network by allowing only authenticated users to access network devices through a switch. Which of the following should you implement? Port security Spanning tree IPsec 802.1x
802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. 802.1x is used for port authentication on switches and authentication to wireless access points. 802.1x requires an authentication server for validating user credentials. This server is typically a RADIUS server. Authenticated users are allowed full access to the network; unauthenticated users only have access to the RADIUS server . Port security uses the MAC address to allow or deny connections based on the MAC address of the device, not user authentication . Spanning tree is a protocol for identifying multiple paths through a switched network. IPsec is a tunneling protocol that adds encryption to packets. REFERENCES LabSim for Network Pro, Section 13.5. •
86: Correct You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch. Which of the following should you implement? 802.1x Port security IPsec Spanning tree
802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. 802.1x is used for port authentication on switches and authentication to wireless access points. 802.1x requires an authentication server for validating user credentials. This server is typically a RADIUS server. Authenticated users are allowed full access to the network; unauthenticated users only have access to the RADIUS server . Port security uses the MAC address to allow or deny connections based on the MAC address of the device, not user authentication . Spanning tree is a protocol for identifying multiple paths through a switched network. IPsec is a tunneling protocol that adds encryption to packets. REFERENCES LabSim for Network Pro, Section 13.5. •
75: Correct Which of the following actions typically involves the use of 802.1x authentication? (Select two .) Authenticating VPN users through the internet Allowing authenticated users full access to the network Enabling or disabling traffic on a port Authenticating remote access clients Controlling access through a router
802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. • The access point enables or disables traffic on the port based on the authentication status of the user. • Authenticated users are allowed full access to the network while unauthenticated users only have access to the RADIUS server . Remote access authentication is handled by remote access servers or a combination of remote access servers and a RADIUS server. VPN connections can be controlled by remote access servers or by a special device called a VPN concentrat or. REFERENCES LabSim for Network Pro, Section 13.5. •
SO: X Incorrect You want to implement 802.1x authentication on your wireless network . Which of the following will be required? TKIP WPA WM'J RADIUS
802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. 802.1x authentication requires the following components: • A RADIUS server to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells and authenticate using the same account information. • A PKI for issuing certi fi cat es. At a minimum, the RADIUS server must have a server certificate. To support mutual authentication, each client must also have a certificate. You can use 802.1x authentication with both WPA and WPA2, and even with WEP with some devices and operating systems. TKIP is an encryption method used with WPA. REFERENCES LabSim for Network Pro , Section 10.6. •
51: X Incorrect You want to implement 802.1x authentication on your wireless network . Where would you configure passwords that are used for authentication? On a certificate authority (CA) On a RADIUS server On the wireless access point and each wireless device On the wireless access point
802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. Authentication requests received by the wireless access point are passed to a RADIUS server that validates the logon credentials (such as the username and password). If you are using preshared keys for authentication, configure the same key on the wireless access point and each wireless device. A CA is required to issue a certificate to the RADIUS server. The certificate proves the identity of the RADIUS server or can be used to issue certificates to individual client s. REFERENCES LabSim for Network Pro, Section 10.6. •
101: Correct An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack? DDoS Spamming Replay Dos Backdoor
A DDoS attack is when multiple PCs attack a victim simultaneously and generate excessive traffic that overloads communication channels or exploiting software flaws. A DoS attack is when a single attacker directs an attack at a single target. Spamming is just a traffic generation form of attack where unrequested messages are sent to a victim. Replay and backdoor attacks are both just flaw exploitation attacks. Replay attacks exploit software flaws by capturing traffic, editing it, then replaying the traffic in an attempt to gain access to a system. Backdoor attacks exploit software flaws by obtaining access codes or account credentials to bypass security. Backdoors can also be planted by hackers to allow easy re-access to a compromised system. REFERENCES LabSim for Network Pro, Section 13.3. •
117: Correct Developers in your company have created a web application that interfaces with a database server. During development, programmers created a special user account that bypasses the normal security . What is this an example of? Default account Privilege escalation SMTP open relay Backdoor
A backdoor is an unprotected access method or pathway. Backdoors : • Include hard-coded passwords and hidden service accounts. • Are often added during development as a shortcut to circumvent security. If they are not removed, they present a security problem. • Can be added by attackers who have gained unauthorized access to a device. Once added, the backdoor can be used at a future time to easily bypass security controls. • Can be used to remote control the device at a later date . • Rely on secrecy to maintain security . Default accounts and passwords are factory defaults that already exist when a new network device is configured at installation. Default accounts are typically administrator accounts that have a default name and password. Default account names and passwords should be changed immediately when hardware or software is turned on for the first time. Privilege escalation allows a user to take advantage of a software bug or design flaw in an application to gain access to system resources or additional privileges that typically aren't available to normal users. Privilege escalation starts with access using a normal user account, which is then used to gain access to unauthorized areas. An SMTP relay is a mail server that allows mail forwarding on behalf of clients or other servers. REFERENCES LabSim for Network Pro, Section 13.3. •
14: Correct Which of the following allows for easy exit of an area in the event of an em ergency, but prevents entry? (Select two .) PTZ CCTV Turnstile Mantrap Double-entry door Anti-passback system
A double entry door has two doors that are locked from the outside but with crash bars on the inside that allow easy exit. Double entry doors are typically used only for emergency exits, and alarms sound when the doors are opened. A turnstile is a barrier that permits entry in only one directi on. Turnstiles are often used to permit easy exit from a secure area. Entry is controlled through a mantrap or other system that requires authentication for entry . A mantrap is a specialized entrance with two doors that creates a security buffer zone between two areas . Once a person enters into the space between the doors, both doors are locked. To enter the facility, authentication must be provided. This may include visual identification and identification credentials. An anti-passback system is used when a physical access token is required for entry, and prevents a card holder from passing their card back to someone else. A Pan Tilt Zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas to monitor . REFERENCES LabSim for Network Pro, Section 13.1. •
110: Correct Which of the following describes a logic bomb? A type of malicious code whose primary purpose is to duplicate itself and spread while not necessarily intentionally damaging or destroying resources. A program that performs a malicious activity at a specific time or after a triggering event. A program that appears to be a legitimate application, utility, game, or screensaver that performs malicious activities surreptitiously. A program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found.
A logic bomb is a program that performs a malicious activity at a specific time or after a triggering event. Logic bombs can be planted by a virus, a Trojan horse, or by an intruder. Logic bombs may perform their malicious activity at a specific time and date or when a specific event occurs on the system, such as logging in, accessing an online bank account, or encrypting a file. A worm is a type of malicious code whose primary purpose is to duplicate itself and spread, while not necessarily intentionally damaging or destroying resources. A Trojan horse is a program that appears to be a legitimate application, utility, game, or screensaver that performs malicious activities surreptitiously. A virus is a program that has no useful purpose but attempts to spread itself to other systems and often damages resources on the systems where it is found. REFERENCES LabSim for Network Pro, Section 13.3. •
91: X Incorrect Which of the following is the strongest form of multi-factor authentication? A password, a biometric scan, and a token device Two passwords A password and a biometric scan Two-factor authentication
A password, a biometric scan, and a token device together are the strongest form of multi-factor authentication listed here. Multifactor authentication is any combination of two or more of the same or different authentication factors. The three common authentication factor types are something you know (such as a password), something you have (such as a smart card or a token device), or something you are (such as a biometric quality like a finger print). The other three options are all weaker forms of multi-factor authentication. A password and a biometric scan is a multi-factor authentication system, but it is also an example of two-factor authentication. Two-factor authentication is any combination of two or more different authentication factors. Two passwords is an example of multi-factor authentication, but since it uses two of the same type of factors, it is not a true two-factor authentication method. REFERENCES LabSim for Network Pro, Section 13.5. •
61: Correct You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.) Implement an intrusion detection system (IDS). Check the MAC addresses of devices connected to your wired switch . Conduct a site survey . Implement a network access control (NAC) solution . Implement an intrusion prevention system (IPS).
A rogue host is an unauthorized system that has connected to a wireless network . It could be an unauthorized wireless device, or even an unauthorized wireless access point that someone connected to a wired network jack without permission. Rogue hosts can be benign or malicious in nature . Either way, rogue hosts on your wireless network represent a security risk and should be detected and subsequently removed. Four commonly used techniques for detecting rogue hosts include: • Using site survey tools to identify hosts and APs on the wireless network. • Checking connected MAC addresses to identify unauthorized hosts. • Conducting an RF noise analysis to detect a malicious rogue AP that is using jamming to force wireless clients to connect to it instead of legitimate APs. • Analyzing wireless traffic to identify rogue host s. Using an IDS or an IPS would not be effective, as these devices are designed to protect networks from perimeter attacks. Rogue APs are internal threats. A NAC solution can be used to remediate clients that connect to the network, but it can 't be used to detect a rogue AP. REFERENCES LabSim for Network Pro, Section 10.6. •
120: Correct Which of the following is undetectable software that allows administrator-level access? Worm Rootkit Trojan horse Spyware Logic bomb
A rootkit is a set of programs that allows attackers to maintain permanent administrator-level hidden access to a computer. A ro otkit: • Is almost invisible software. • Resides below regular antivirus software detection. • Requires administrator privileges to install, then maintains those privileges to allow subsequent access. • Might not be malicious. • Often replaces operating system files with alternate versions that allow hidden access. A worm is a self-replicating virus. A Trojan horse is a malicious program that is disguised as legitimate or desirable software. A logic bomb is designed to execute only under predefined conditions and lays dormant until the predefined condition is met. Spyware is software that is installed without the user's consent or knowledge and is designed to intercept or take partial control over the user's interaction with the computer. REFERENCES LabSim for Network Pro , Section 13.3. •
121: X Incorrect Which of the following is a characteristic of a virus? Capable of replicating itself Is remotely controlled by a central command Requires an activation mechanism to run Requires administrative privileges to install
A virus has the following characteristics: • A virus requires a replication mechanism, which is a file that it uses as a host. When the host file is distributed, the virus is also distributed . Viruses typically attach to files with execution capabilities such as .doc, .exe, and .bat extensions. Many viruses are distributed via email and are distributed to everyone in your address book. • The virus only replicates when an activation mechanism is triggered. For example, each time the infected file or program is executed, the virus is activated. • The virus is programmed with an objective, which is usually to destroy, compromise, or corrupt data. A worm is a self-replicating virus. A zombie or bot is a computer that is remotely controlled for malicious activities. A rootkit is malicious software that requires administrative privileges to install. REFERENCES LabSim for Network Pro, Section 13.3. •
104: Correct Which of the following is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found? Virus Windows Messenger Trojan horse Java Applet
A virus is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found. Viruses are a serious threat to computer systems, especially if they are connected to the internet. It is often a minimal requirement to have an anti-virus scanner installed on every machine of a secured network to protect a system from viruses. Trojan horses are programs that claim to serve a useful purpose, but hide a malicious purpose or activity. Windows Messenger is an instant message chat utility. Java applets are web applications that operate within a security sandbox. REFERENCES LabSim for Network Pro, Section 13.3. •
115: X Incorrect What is the main difference between a worm and a virus? A worm tries to gather information while a virus tries to destroy data. A worm is restricted to one system while a virus can spread from system to system. A worm requires an execution mechanism to start while a virus can start itself. A worm can replicate itself while a virus requires a host for distribution .
A worm is a self-replicating program that uses the network to replicate itself to other systems . A worm does not require a host system to replicate. Both viruses and worms can cause damage to data and systems, and both spread from system to system, although a worm can spread itself while a virus attaches itself to a host for distribution. REFERENCES LabSim for Network Pro, Section 13.3. •
33: Correct Which of the following features are common functions of an all -in-one security appliance? (Select two.) Quality of Service Spam filtering Content caching Bandwidth shaping Password complexity
All-in-one security appliances combine many security functions into a single device. Security functions in an all-in-one security appliance can include: • Spam filter • URL filter • Web content filter • Malware inspection • Intrusion detection system In addition to security functions, all-in -one security appliances can include: • Network switch • Router • Firewall • TX uplink (integrated CSU/DSU) • Bandwidth shaping REFERENCES LabSim for Network Pro , Section 8.2. •
100: Correct Which of the following statements about the use of anti-virus software is correct? Once installed, anti-virus software needs to be updated on a monthly basis. If servers on a network have anti-virus software installed, workstations do not need anti-virus software installed on them. If you install anti-virus software, you no longer need a firewall on your network. Anti -virus software should be configured to download updated virus definition files as soon as they become ava ilable .
Anti-virus software is only effective against new viruses if it has the latest virus definition files installed. You should configure your anti-virus software to automatically download updated virus definition files as soon as they become available. Anti-virus software needs to be updated with virus definitions files as soon as they become available, not on a monthly basis. All systems on a network, whether they are workstations or servers, should have anti-virus software installed on them. An anti-virus solution is not a substitute for a firewall. Firewalls prevent outside users from gaining access to the network. They do not protect the network from viruses. REFERENCES LabSim for Network Pro, Section 13.3. •
62: Correct Which of the following are methods for providing centralized authentication , authorization , and accounting for remote access? (Select two.) PKI 802.1x TACACS+ RADIUS AAA EAP
Both RADIUS and TACACS+ are protocols used for centralized authentication, authorization , and accounting used with remote access. Remote access clients send authentication credentials to remote access servers . Remote access servers are configured as clients to the RADIUS or TACACS+ servers and forward the authentication credentials to the servers. The servers maintain a database of users and policies that control access for multiple remote access servers . AAA stands for authentication, authorization, and accounting, and is a generic term that describes the functions performed by RADIUS/TACACS+ servers. A Public Key Infrastructure (PKI) is a system of certificate authorities that issue certi fi cates . 802.1x is an authentication mechanism for controlling port access. 802.1x uses RADIUS/TACACS+ servers. EAP is an authentication protocol that allows the use of customized authentication methods . REFERENCES LabSim for Network Pro, Section 11.4. •
81: Correct Which of the following are methods for providing centralized authentication , authorization , and accounting for remote access? (Select two.) 802.1x EAP PKI AAA RADIUS TACACS+
Both RADIUS and TACACS+ are protocols used for centralized authentication, authorization , and accounting used with remote access. Remote access clients send authentication credentials to remote access servers . Remote access servers are configured as clients to the RADIUS or TACACS+ servers and forward the authentication credentials to the servers. The servers maintain a database of users and policies that control access for multiple remote access servers . AAA stands for authentication, authorization, and accounting. AAA is a generic term that describes the functions performed by RADIUS/TACACS+ servers. A Public Key Infrastructure (PKI) is a system of certificate authorities that issue certi fi cates . 802.1x is an authentication mechanism for controlling port access. 802.1x uses RADIUS/TACACS+ servers. EAP is an authentication protocol that allows the use of customized authentication methods . REFERENCES LabSim for Network Pro, Section 13.5. •
27: Correct Which of the following is a common social engineering attack? Distributing false information about your organization's financial status Hoax virus information emails Logging on with stolen credentials Using a sniffer to capture network traffic
Hoax virus information emails are a form of social engineering attack . This type of attack preys on email recipients who are fearful and will believe most information if it is presented in a professional manner. All too often, the victims of these attacks fail to double-check the information or instructions with a reputable third-party antivirus software vendor before implementing the recom mendations . Usually, these hoax messages instruct the reader to delete key system files or download Trojan horses. Social engineering relies on the trusting nature of individuals to incentivize them to take an action or allow an unauthorized action. REFERENCES LabSim for Network Pro, Section 13.2. •
1: Correct You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with a username of admin01 and a password of P@ssWOrd. You have used the MOS hashing algorithm to protect the password. What should you do to increase the security of this device? Use a Telnet client to access the router configuration . Use encrypted type 7 passwords. Use TFTP to back up the router configuration to a remote location. Change the default administrative username and password. Move the router to a secure server ro om.
In this scenario, the router is not physically secure. Anyone with access to the area could gain access to the router and manipulate its configuration by plugging into the console port. The device should be moved to a secure location, such as a server room, that requires an ID badge for access. You should not use a Telnet client to access the router configuration. Telnet transfers data in clear text over the network connection, exposing sensitive data to sniff ing . The user name and password used to access the router configuration are reasonably strong. Encrypted type 7 passwords on a Cisco device are less secure than those protected with MOS. Using TFTP to manage the router configuration could expose sensitive information to sniffers, as it transmits data in clear text. REFERENCES LabSim for Network Pro, Section 13.1. •
3: Correct You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: • When you enter the facility, a receptionist greets you and escorts you through a locked door to the work area where the office manager sits. • The office manager informs you that the organization's servers are kept in a locked closet. An access card is required to enter the server closet. • The receptionist informs you that server backups are configured to run each night. A rotation of tapes are used as the backup media. • You notice that the organization's network switch is kept in the server closet. • You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks . • The office manager informs you that her desktop system will no longer boot and asks you to repair or replace it, recovering as much data as possible in the process. You carry the workstation out to your car and bring it back to your office to work on it. Which security-related recommendation should you make to this client? Upgrade the server closet lock to a biometric authentication system. Keep the network infrastructure devices (switch and all-in-one device) in a locked room separate from network servers. Implement a hardware checkout policy. Replace the tape drive used for backups with external USB hard disks.
In this scenario, you should recommend the client implement a hardware checkout policy. A checkout policy ensures that hardware containing sensitive data does not leave the organization's premises without approval and that the device's serial number, make, and model number are recorded. A biometric server room lock probably isn't necessary in this scenario. It is acceptable to keep servers and network devices such as routers and switches in the same room as long as that room is kept secure. There's no security advantage to using external hard drives instead of tape backup media. REFERENCES LabSim for Network Pro, Section 13.1. •
2: X Incorrect You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: • When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock. • The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. • She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. • You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. • You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks . Which security-related recommendations should you make to this client? (Select two.) Replace the key lock on the server closet with a card reader. Replace the USB hard disks used for server backups with a tape drive. Control access to the work area with locking doors and card readers. Use separate dedicated network perimeter security devices instead of an all-in-one device. Relocate the switch to the locked server closet.
In this scenario, you should recommend the client make the following changes: • Relocate the switch to the locked server closet. Keeping it in a cubicle could allow an attacker to configure port mirroring on the switch and capture network traffic. • Control access to the work area with locking doors and card readers. Controlling access to the building is critical for preventing unauthorized people from gaining access to computers. In this scenario, you were able to walk unescorted into the work area without any kind of physical access control other than the receptionist. Because the office manager will control who has access to the server closet key, it isn't necessary to implement a card reader on the server closet door. Using tape drives instead of hard disks wouldn't increase the security of the backups. Using separate perimeter security devices instead of an all-in-one device would be unlikely to increase the security of the network. •
35: Correct Match the port security MAC address type on the left with its description on the right. A MAC address manually identified as an allowed address. SecureConfigured A MAC address that has been learned and allowed by the switch. SecureDynamic A MAC address that is manually configured or dynamically learned that is saved in the config file. SecureSticky
MAC addresses are stored in RAM in the CAM table and are identified with the port and by a MAC address type. Port security uses the following three MAC address types: Type Description SecureConf. d 1gure A SecureConfigured address is a MAC address that has been manually 1'd ent1f. 1. ed as an a11owed address. SecureDynamic A SecureDynamic address is a MAC address that has been dynamically learned and allowed by the switch. SecureSticky A SecureSticky address is a MAC address that is manually configured or dynamically learned and saved. REFERENCES LabSim for Network Pro, Section 14.3. •
39: X Incorrect You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download. Which of the following components will be part of your solution? (Select two.) Honeypot Extranet 802.1x authentication Remediation servers
Network access control (NAC) controls access to the network by not allowing computers to access network resources unless they meet certain predefined security requirement s. NAC can be used with 802.1x port authentication on a switch to allow or deny access to the network through the switch port. A client that is determined by the NAC agent to be healthy is given access to the network. An unhealthy client who has not met all the checklist requirements is either denied access or given restricted access to a remediation network, where remediation servers can help the client to become compliant. For example, remediation servers might include anti-virus software and definition files that can be installed. If and when the unhealthy client's status changes to healthy, the client is given access to the network. A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the internet). DMZs are created with routers and firewall rules to allow or block traffic. DMZs use information in the packet to allow or deny packets . An extranet is a privately-controlled network that is distinct from but located between the internet and a private LAN. An extranet is often used to grant resource access to business partners, suppliers, and even customers outside of the organization. A honeypot is a device or virtual machine that entices intruders by displaying a vulnerable trait or flaw or by appearing to contain valuable data. REFERENCES LabSim for Network Pro, Section 14.3. •
95: X Incorrect Which of the following best describes one-factor authentication? Only a single authentication credential is submitted. Only Type 1 authentication credentials are accepted. A username without any additional credentials is accepted. Multiple authentication credentials may be required, but they are all of the same type.
One-factor authentication uses credentials of only one type, but may require multiple methods within the same type. For example, you might log on with just a password, or by entering a password and answering a cognitive question (such as your mother's maiden name). One-factor authentication that uses multiple credentials of the same type is also sometimes called strong authentication. One-factor authentication can use one or multiple credentials from any of the three authentication types. Supplying a username does not provide authentication credentials as the username is used for identification, not authentication. Anonymous access occurs when only a username is required (without authentication credentials). REFERENCES LabSim for Network Pro, Section 13.5. •
17: X Incorrect Match each physical security control on the left with an appropriate example of that control on the right. Each security control may be used once, more than once, or not at all. Hardened carrier Biometric authentication Door locks Barricades Emergency escape plans Alarmed carrier Protected cable distri bution Anti-passback system Emergency lighting Exterior floodlights Perimeter barrier
Physical security controls and their functions include the following: • Perimeter barriers secure the building perimeter and restrict access to only secure entry points. Examples include barricades and floodlights. • Door locks allow access only to those with the proper key. For example, a biometric authentication system requires an individual to submit to a finger print or retina scan before a door is unlocked. • Physical access controls are implemented inside the facility to control who can go where. For exam ple, an anti-passback system prevents a card holder from passing their card back to someone else. • Safety controls help employees and visitors remain safe while on site. For example , consider devising escape plans that utilize the best escape routes for each area in your organizati on. In addition, emergency lighting should be implemented that runs on protected power and automatically switches on when the main power goes off. • A protected distribution system (PDS) encases network cabling within a carrier. This enables data to be securely transferred through an area of lower security. In a hardened carrier PDS, network cabling is run within metal conduit. In an alarmed carrier PDS, an electronic alarm system is used to detect attempts to compromise the carrier and access the cable within it. REFERENCES LabSim for Network Pro, Section 13.1. •
6: Correct Which of the following can be used to stop piggybacking from occurring at a front entrance where employees swipe smart cards to gain entry? Use weight scales Install security cameras Deploy a mantrap Use key locks rather than electronic locks
Piggybacking is the activity where an authorized or unauthorized individual gains entry into a secured area by exploiting the credentials of a prior person. Often, the first person will authenticate, unlock the door, and then hold it open for the next person to enter without forcing them to authenticate separately. Piggybacking can be stopped by a mantrap. A mantrap is a single person room with two doors. It often includes a scale to prevent piggybacking. It requires proper authentication before unlocking the inner door to allow authorized personal into a secured area. Those who fail to properly authenticate are held captive until authorities respond. A security camera may deter piggybacking, but it does not directly stop piggybacking. Using weight scales inside a mantrap will stop piggybacking, but they are not useful or effective without the mantrap. The use of conventional keys as opposed to electronic locks does little to prevent piggybacking and may actually make piggybacking more prevalent. REFERENCES LabSim for Network Pro, Section 13.1. •
67: Correct RADIUS is primarily used for what purpose? Managing access to a network over a VPN. Authenticating remote clients before access to the network is granted. Managing RAID fault-tolerant drive configurations. Controlling entry gate access using proximity sensors.
RADIUS (Remote Authentication Dial-In User Service) is primarily used for authenticating remote clients before access to the network is granted. RADIUS is based on RFC 2865. RADIUS maintains client profiles in a centralized database. RADIUS offloads the authentication burden for dial-in users from the normal authentication of local network clients. For environments with a large number of dial-in clients, RADIUS benefits include improved security, easier administration, improved logging, and less performance impact on LAN security systems. REFERENCES LabSim for Network Pro, Section 11.4. •
103: Correct Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network? Fingerp ri nti ng Session hijacking Fraggle Smurf
Smurf is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network. Fingerprinting is the act of identifying an operating system or network service based on its ICMP message quoting characteristics . A fraggle attack uses spoofed UDP packets to flood a victim with echo requests using a bounce network, similar to a Smurf attack. Session hijacking is the act of taking over a logon session from a legitimate client, impersonating the user and taking advantage of their established communication link. REFERENCES LabSim for Network Pro, Section 13.3. •
21: Correct Which of the following are examples of social engineering? (Select two .) War dialing Port scanning Shoulder surfing Dumpster diving
Social engineering leverages human nature. Internal employees are often the target of trickery, and false trust can quickly lead to a serious breach of information security. Shoulder surfing and dumpster diving are examples of social engineering. Shoulder surfing is the act of looking over an authorized user's shoulder in hopes of obtaining an access code or cre dentials. Dumpster diving involves searching through trash or other discarded items to obtain credentials or information that may facilitate further attacks . These low -tech attack methods are often the first course of action that a hacker pursues . Port scanning and war dialing are technical attacks that seek to take advantage of vulnerabilities in systems or networks. REFERENCES LabSim for Network Pro, Section 13.2. •
112: X Incorrect Which of the following best describes spyware? It is a program that attempts to damage a computer system and replicate itself to other computer systems. It monitors the actions you take on your machine and sends the information back to its originating source. It is a malicious program that is disguised as legitimate software. It monitors user actions that denote personal preferences, then sends pop-ups and ads to the user that match their tastes .
Spyware monitors the actions you take on your machine and sends the information back to its originating source. Adware monitors user actions that denote personal preferences, then sends pop-ups and ads to the user that match his taste. A virus is a program that attempts to damage a computer system and replicate itself to other computer systems. A Trojan horse is a malicious program that is disguised as legitimate software. REFERENCES LabSim for Network Pro, Section 13.3. •
68: X Incorrect Which of the following is a characteristic of TACACS+? Requires that authentication and authorization are combined in a single server. Encrypts the entire packet, not just authentication packets. Uses UDP ports 1812 and 1813. Supports only UDP.
TACACS+ was originally developed by Cisco for centralized remote access administration. TACACS+: • Provides three protocols, one each for authentication, authorization, and accounting. This allows each service to be provided by a different server. • Uses TCP port 49. • Encrypts the entire packet contents, not just authentication packets. • Supports more protocol suites than RA DIUS. RADIUS is used by Microsoft servers for centralized remote access administration. RA DIUS: • Combines authentication and authorization using policies to grant access. • Allows for the separation of accounting to different servers. However, authentication and authorization remain combined on a single server. • Uses UDP ports 1812 and 1813. • Uses a challenge/response method for authentication. RADIUS encrypts only the password using MDS. REFERENCES LabSim for Network Pro, Section 11.4. •
64: X Incorrect Which of the following are characteristics ofTACACS+? (Select two.) Uses UDP. Allows the possibility of three different servers, one each for authentication, authorization, and accounting. Allows the possibility of two different servers, one for authentication and authorization, and another for accounting. Uses TCP.
TACACS+ was originally developed by Cisco for centralized remote access administration. TACACS+: • Provides three protocols, one each for authentication, authorization, and accounting. This allows each service to be provided by a different server. • Uses TCP. • Encrypts the entire packet contents . • Supports more protocol suites than RADIUS. RADIUS is used by Microsoft servers for centralized remote access administration. RADIUS: • Combines authentication and authorization using policies to grant access. • Uses UDP. • Encrypts only the password. • Often uses vendor-specific extensions. RADIUS solutions from different vendors might not be compatible. REFERENCES LabSim for Network Pro, Section 11.4. •
56: X Incorrect An attacker is trying to compromise a wireless network that has been secured using WPA2-PSK and AES. She first tried using AirSnort to capture packets, but found that she couldn't break the encryption. As an alternative, she used software to configure her laptop to function as an access point. She configured the fake access point with the same SSID as the wireless network she is trying to break into. When wireless clients connect to her access point, she presents them with a web page asking them to enter the WPA2 passphrase. When they do, she then uses it to connect a wireless client to the real access point. Which attack techniques did the attacker use in this scenario? (Select two.) Evil twin Smurf Man-in-the-middle Denial of service Pharming
The attacker in this scenario used the following attack techni ques: • Evil twin : In this exploit, an attacker near a valid wireless access point installs an access point with the same (or similar) SSID. • Pharming: In this exploit, the access point is configured to display a bogus web page that prompts for credentials, allowing the attacker to steal those cre dentials. Denial of service attacks overload a target system to the point that it can no longer perform its desired function on the network. A man-in-the-middle attack occurs when the attacker gets in between a sender and receiver, posing as the sender to the receiver and as the receiver to the sen der. A Smurf attack is a type of denial of service attack that uses spoofed ICMP echo response packets from an amplifier network to overload a target host. REFERENCES LabSim for Network Pro, Section 10.6. •
16: Correct Five salesmen who work out of your office. They frequently leave their laptops laying on the desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best way to address your concerns? Require strong passwords in the local security policy. Implement screen saver passwords. Encrypt all company data on the hard drives. Use cable locks to chain the laptops to the desks.
The main concern in this case is with laptops being stolen. The best protection against physical theft is to secure the laptops in place using a cable lock. Requiring strong passwords or using encryption might prevent unauthorized users from accessing data on the laptops, but does not prevent physical theft. REFERENCES LabSim for Network Pro, Section 13.1. •
20: Correct What is the primary countermeasure to social engineering? Awareness Heavy management oversight Traffic filters A written security policy
The primary countermeasure to social engineering is awareness. If users are unaware of the necessity for security in your organization and they are not properly trained to support and provide security, they are vulnerable to numerous social engineering exploits. Awareness training focused on preventing social engineering should include methods for authenticating personnel over the phone, assigning classification levels to information and activities, and educating your personnel on what information should not be distributed over the phone. A written security policy is a countermeasure against social engineering, but without awareness training , it is useless. Heavy management oversight may provide some safeguards that protect users from social engineering, but management is less effective than awareness. Traffic filters are not countermeasures for social engineering because they do not focus on solving the human problem inherent in social engineering att acks. REFERENCES LabSim for Network Pro, Section 13.2. •
26: Correct What is the primary difference between impersonation and masquerading? One is easily detected, and the other is subtle and stealthy. One is a real-time attack, and the other is an asynchronous attack. One is more active, and the other is more passive . One is used against administrator accounts, and the other is used against end user accounts.
The primary difference between these two access control attacks is that impersonation is more active, while masquerading is more passive . Both impersonation and masquerading attacks can target type of user account. Both impersonation and masquerading attacks take place in real time. Neither impersonation nor masquerading attacks have an intrinsic quality of being easy or difficult to detect. REFERENCES LabSim for Network Pro, Section 13.2. •
122: Correct A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all of the other data entry em ployees. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates that which of the following has occurred? Man-in-the-middle attack Smurf attack Privilege escalation Social engineering
This situation describes the result of a successful privilege escalation attack. If a low-end user account is detected performing high-level activities, it is obvious that user account has somehow gained additional privileges. A man-in-the-middle attack involves a third party placing themselves between two legitimate communication partners in order to intercept and possibly alter their transmissions. Social engineering attacks involve stealing information or convincing someone to perform a security inappropriate activity via email or phone or in person. A smurf attack is a form of distributed reflective denial of service where spoofed ICMP packets are bounced and multiplied off another network to flood the communication pipeline of the victim. REFERENCES LabSim for Network Pro, Section 13.3. •
93: Correct Which of the following is an example of three-factor authentication? Pass phrase, palm scan, voice recognition Token device, keystroke analysis, cognitive question Photo ID, smart card, fingerprint Smart card, digital certificate, PIN
Three-factor authentication uses three items for authentication, one each from each of the authentication types: • Type I (something you know, such as a password, PIN, pass phrase, or cognitive question) • Type II (something you have, such as a smart card, token device, or photo ID) • Type Ill (something you are, such as fingerprints, retina scans, voice recognition, or keyboard dynamics) Of the examples listed, a token device (Type 11), keystroke analysis (Type 111), and a cognitive question (Type I) is the only three-factor authentication combination listed. The other options are examples of multi-factor authentication, where multiple authentication credentials, but not of three different types, are used. REFERENCES LabSim for Network Pro, Section 13.5 . •
92: Correct Which of the following is an example of two-factor authentication? A fingerprint and a retina scan A pass phrase and a PIN A username and a password A token device and a PIN
Two-factor authentication uses two different types of authentication (such as a combination of Type I, Type 11, and Type Ill authentication). Of the examples listed here, a token device (Type II) combined with a PIN (Type I) is the only example of two-factor authentication. Strong authentication uses two or more authentication cre dentials, but of the same type. A fingerprint and a retina scan uses two pieces of Type Ill authentication, while a pass phrase and a PIN uses two pieces of Type I authentication. A username and a password supplies only a single value for authentication (the passwor d). The username is used for identification, not authentication. REFERENCES LabSim for Network Pro, Section 13.5. •
73: Correct You manage a network that uses switches. In the lobby of your building, there are three RJ45 ports connected to a switch. You want to make sure that visitors cannot plug their computers into the free network jacks and connect to the network. But employees who plug into those same jacks should be able to connect to the network. What feature should you configure? Port authentication Mirroring Bonding Spanning tree VLANs
Use port authentication to prevent unauthorized access through switch ports. Port authentication is provided by the 802.1x protocol and allows only authenticated devices to connect to the LAN through the switch. Authentication uses usernames and passwords, smart cards, or other authentication methods. • When a device first connects, the port is set to an unauthorized state. Ports in unauthorized states can only be used for 802.1x authentication traffic. • After the server authenticates the device or the user, the switch port is placed in an authorized state, and access to other LAN devices is allowed. If you use a VLAN, you can assign each port to a VLAN. If the ports in the lobby were assigned to one VLAN, you could control the type of access through the switch for those ports, but could not modify the access based on user. Using a VLAN, both visitors and employees would have the same access through those ports. Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on each switch and is used to select a single path between any two switches. Mirroring sends traffic from all switch ports to a switch port you designate as the mirrored port. Bonding allows multiple switch ports to be used at the same time to reach a specific destination. REFERENCES LabSim for Network Pro, Section 13.5. •
36: Correct You manage a network that uses switches. In the lobby of your building are three RJ45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers into the free network jacks and connect to the network, but you want employees who plug into those same jacks should be able to connect to the network. What feature should you configure? VLANs Bonding Port authentication Spanning tree Mirroring
Use port authentication to prevent unauthorized access through switch ports. Port authentication is provided by the 802.1x protocol and allows only authenticated devices to connect to the LAN through the switch. Authentication uses usernames and passwords, smart cards, or other authentication methods. • When a device first connects, the port is set to an unauthorized state. Ports in unauthorized states can only be used for 802.1x authentication traffic. • After the server authenticates the device or the user, the switch port is placed in an authorized state, and access to other LAN devices is allowed. With a VLAN, you assign each port to a VLAN. If the ports in the lobby were assigned to one VLAN, you could control the type of access through the switch for those ports, but could not modify the access based on user. If you use a VLAN, both visitors and employees would have the same access through those ports. Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on each switch and is used to select a single path between any two switches. Mirroring sends traffic from all switch ports to a switch port you designate as the mirrored port. Bonding allows multiple switch ports to be used at the same time to reach a specific destination. REFERENCES LabSim for Network Pro, Section 14.3. •
57: X Incorrect You want to connect your client computer to a wireless access point that is connected to your wired network at work. The network administrator tells you that the access point is configured to use WPA2 Personal with the strongest encryption method possible . SSID broadcast is turned off. Which of the following must you configure manually on the client? (Select three.) TKIP Username and password ss1 0 Preshared key AES Channel
WPA2 Personal uses a shared key for authentication. Once authenticate d, dynamic keys are generated to be used for encryption. WPA2 supports AES and TKIP encryption, with AES being the stronger encryption method. With the SSID broadcast turned off, you will need to manually configure the SSID on the client. Channels are detected automatically as well. If you were using WPA2 Enterprise, you would need to configure the authentication metho d, such as a username and password or a smart car d. REFERENCES LabSim for Network Pro, Section 10.6. •
29: Correct A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of an attack best describes the scenario? MAC spoofing Whaling Passive Masquerading
Whaling is a form of a social engineering attack that targets senior executives and high-profile victims. Social engineering is an attack that exploits human nature by convincing someone to reveal information or perform an activity . Masquerading is convincing personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access. Passive social engineering attacks take advantage of the unintentional actions of others to gather information or gain access to a secure facility. MAC spoofing is changing the source MAC address on frames sent by the attacker and can be used to hide the identity of the attacker's computer or to impersonate another device on the network. REFERENCES LabSim for Network Pro, Section 13.2. •
63: X Incorrect You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization . Which of the following is a required part of your configuration? Configure remote access clients as RADIUS clients. Configure the remote access servers as RADIUS clients. Obtain certificates from a public or private PKI. Configure the remote access servers as RADIUS servers.
When configuring a RADIUS solution , configure a single server as a RADIUS server. Then configure all remote access servers as RADIUS clients . Certificate-based authentication can be used with a RADIUS solution, but is not a re quirement. REFERENCES LabSim for Network Pro, Section 11.4. •
76: Correct You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization . Which of the following would be a required part of your configuration? Configure the remote access servers as RADIUS clients. Configure the remote access servers as RADIUS servers. Obtain certificates from a public or private PKI. Configure remote access clients as RADIUS clients.
When configuring a RADIUS solution , configure a single server as a RADIUS server. Then configure all remote access servers as RADIUS clients . Certificate-based authentication can be used with a RADIUS solution, but is not a re quirement. REFERENCES LabSim for Network Pro, Section 13.5. •
46: Correct Which of the following features are supplied by WPA2 on a wireless network? Network identification Client connection refusals based on MAC address Encryption A centralized access point for clients Traffic filtering based on packet characteristics
Wi-Fi protected access (WPA) provides encryption and user authentication for wireless networks. MAC address filtering allows or rejects client connections based on the hardware address. The SSID is the network name or identifier. A wireless access point (called an AP or WAP) is the central connection point for wireless clients. A firewall allows or rejects packets based on packet characteristics (such as address, port, or protocol type). REFERENCES LabSim for Network Pro, Section 10.6. •
44: Correct Which of the following measures will make your wireless network invisible to the casual attacker performing war driving? Disable SSID broadcast Implement WPA2 Personal Change the default SSID Use a form of authentication other than open authentication
Wireless access points are transceivers that transmit and receive information on a wireless network. Each access point has a service set ID (SSID) that identifies the wireless network. By default, access points broadcast the SSID to announce their presence and make it easy for clients to find and connect to the wireless network. Turn off the SSID broadcast to keep a wireless 802.11x network from being automatically discovered. When SSID broadcasting is turned off, users must know the SSID to connect to the wireless network. This helps to prevent casual attackers from connecting to the network, but any serious hacker with the right tools can still connect to the wireless network. Using authentication with WPA or WPA2 help prevent attackers from connecting to your wireless network, but does not hide the network. Changing the default SSID to a different value does not disable the SSID broadcast. REFERENCES LabSim for Network Pro, Section 10.6. •
43: X Incorrect Which of the following wireless network protection methods prevents the broadcasting of the wireless network name? SSID broadcast Shared secret key 802.1x MAC filtering
Wireless access points are transceivers that transmit and receive information on a wireless network. Each access point has a service set ID (SSID), which identifies the wireless network. By default, access points broadcast the SSID to announce their presence and make it easy for clients to find and connect to the wireless network. Turn off the SSID broadcast to keep a wireless network from being automatically discovered. When SSID broadcasting is turned off, users must know the SSID to connect to the wireless network. This helps to prevent casual attackers from connecting to the network, but any serious hacker with the right tools can still connect to the wireless network. MAC address filtering identifies specific MAC addresses that are allowed to access the wireless access point. Clients with unidentified MAC addresses are not allowed to connect. A shared secret key is used with shared key authentication; users must know the shared key to connect to the access point. A shared key is also used with WEP for the encryption key. 802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients. REFERENCES LabSim for Network Pro, Section 10.6. •
99: Correct Which of the following measures are you most likely to implement in order to protect your system from a worm or Trojan horse? Firewall Antivirus software IPsec Password policy
Worms and Trojan horses are types of viruses. The best way to protect your system from them is to ensure that every system on the network has antivirus software with up to date virus definitions installed on it. A firewall helps prevent hackers from penetrating a network from the internet. They do not specifically guard against viruses, though some applicati on-level firewall solutions do include antivirus capabilities. IPsec is an encryption mechanism. It does not help to prevent viruses. A password policy adds an additional layer of security to the network, but it does not directly protect the network from viruses. REFERENCES LabSim for Network Pro, Section 13.3. •
54: X Incorrect You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. What type of wireless antennae should you use on each side of the link? (Select two.) Omni-directional High-gain Normal-gain Bridge Directional
You should use high-gain directional antennae on each side of the link. A high-gain antenna usually has a gain rating of 12 dBi or higher. A highly directional antenna concentrates the radio waves transmitted from the sender in to a very narrow beam. When the receiver uses a directional antenna, it can only receive a signal from one specific directi on. It supports very high-gain radio signals that can be transmitted over long distances , but it requires a clear line-of-sight (LOS) between the sender and the receiver. A normal-gain antenna usually has a gain rating between 2 and 9 dBi. An omnidirectional antenna radiates and absorbs signals equally in every direction around the antenna. Because it spreads its gain in a 360-degree pattern, the overall range of an omnidirectional antenna is typically much less than the range of a directional antenna. A directional antenna focuses its radiation and absorption of signals in a specific direction, but typically has a much shorter range than a parabolic antenna. REFERENCES LabSim for Network Pro, Section 10.6. •
24: Correct You have just received a generic -looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you need enter your username and password at a new website so you can manage your email and spam using the new service. What should you do? Verify that the email was sent by the administrator and that this new service is legitimate . Open a web browser, type in the URL included in the email, and follow the directions to enter your login credentials . Click on the link in the email and look for company graphics or information before you enter the login info rmation . Delete the email. Click on the link in the email and follow the directions to enter your login information.
You should verify that the email is legitimate and has come from your administrator. It is possible that the network administrator has signed up for a new service . If you ignore the message or delete it, you might not get the benefits the company has signed up for. However , the email might be a phishing attack . An attacker might be trying to capture personal info rmation . By verifying the email with the administrator, you will be able to tell if it is legitimate. REFERENCES LabSim for Network Pro , Section 13.2. •