Network Security
Comparisons to a database of known attacks
What does an IDS that uses signature recognition use for identifying attacks?
Remote wipe
A smart phone was lost at the airport. There is no way to recover the device. Which of the following will ensure data confidentiality on the device?
2600 Club - Long distance w/o paying (2600KHz)
What is a vulnerability associated with a PBX?
Anti-virus software
What is the most common form of host-based IDS that employs signature or pattern matching detection methods?
You want to protect a public Web server from attack
In which of the following situations would you most likely implement a demilitarized zone(DMZ)?
You wanted to restrict the devices that could connect through a switch port.
In which of the following situations would you use port security?
NAC (Network Access Control)
Members of the sales team use laptops to connect to the company network. While traveling, the connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed. What solution should you use?
bandwidth-based denial of service attacks
Network based intrusion detection is the most suited to detect and prevent what type of attacks?
Intranet
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet?
War Dialing
The presence of unapproved modems on desktop systems gives rise to the LAN being vulnerable to which of the following?
The IDS logs all pertinent data about the intrusion An alert is generate and delivered via email, the console, or SNMP trap.
What actions can a typical passive IDS take when it detects an attack?
Host system auditing capabilities
What do host based intrusion detection systems often rely upon to perform their detection activities?
QoS (Quality of Service)
What do you call a set of solutions that helps ensure availability for a VOIP solution?
Switch port
When configuring VLANs on a switch, what is used to identify VLAN membership of a device?
Trunk ports
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?
Close all ports open, only ports required by applications inside the DMZ
When designing a firewall, what is the recommended approach for opening and closing ports?
Signature-based
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database?
Controlling access through a switch Controlling access though a wireless access point
Which of the following applications typically use 802.1x authentication?
When the device is inactive for a period of time
Which of the following are NOT reasons to remote wipe a mobile device?
Filters based on sessions. Stateful.
Which of the following are characteristics of a circuit-level gateway?
Stateless Filters IP address and port
Which of the following are characteristics of a packet filtering firewall?
Block employees from accessing certain Web sites. Cache web pages.
Which of the following are performed by proxies?
IDS IPS
Which of the following are security devices that perform stateful inspection of packet data, looking for patterns that indicate malicious code?
Operates at the Session Layer Verifies sequencing of session packets
Which of the following are true of a circuit proxy filter firewall?
Devices on the same network logically grouped as if they were grouped on separate networks.
Which of the following best describes the concept of a virtual LAN?
An access list filters traffic based on the IP header information such as source or destination IP address, protocol, socket numbers.
Which of the following describes how access lists can be used to improve network security.
IDS
Which of the following devices can monitor a network and detect potential security attacks?
IPS
Which of the following devices is capable of detecting and responding to security threats?
Packet filtering
Which of the following is a firewall function?
Extranet
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
IDS
Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?
FTP Server
Which of the following is likely to be located in a DMZ?
Firewall
Which of the following is the best device to deploy to protect your private network from a public untrusted network?
Keep the router in a locked room
Which of the following is the most important thing to do to prevent console access to the router?
Screen lock
Which of the following mobile device security consideration will disable the ability to use the device after a short period of inactivity?
Cramming
Which of the following phone attacks adds unauthorized charges to a telephone bill?
Content filter
Which of the following prevents access based on website ratings and classifications?
Proxy
Which of the following solutions would you implement to track which websites that network users are accessing?
IPS - Intrusion Prevention System
You are concerned about attacks directed at your firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack. Which tool should you use?
Configure port security on the switch
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cable from the library computers to connect to their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do?
A proxy server is blocking access to the web sites
You connect your computer to a wireless network available at the local library. You find that you can access all web sites you want on the Internet except two. What might be causing the problem?
Use firewalls to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ
You have a company network that is connected to the internet. You want all users to have internet access, but need to protect your private network and users. You also need to make private network and users. You also need to make a Web server publicly available to Internet users. Which solution should use?
802.1x authentication Remediation servers
You have a company network with a single switch. All devices connect to the network through a switch. You want to control which devices will be able to connect to you network. for devices that do not have the latest OS patches, you want to prevent access to all network devices except for a special server that holds the patches that all the computer need to download. Which tow of the following components will be part of your solution?
Host based firewall.
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use?
False Negative
You have configured a NIDS to monitor network traffic. Which of the following describes an attack that is NOT detected by the NIDS device?
Source address of a packet, Destination address of a packet, AND Port Number
You have just installed a packet-filtering firewall on your network. What options will you be able to set on your firewall? Select all that apply.
Put the database server on the private network. Put the Web server on the DMZ.
You have used firewalls to create a demilitarized zone. You have a Web server that needs to be accessible to Internet users. The Web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers?
VLANs
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement?
Spanning tree
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. What feature should your switch support?
Port authentication
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure?
Spanning tree
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. What feature prevents switching loops and ensures there is only a single active path between any two switches?
Network based firewall
You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to implement scanning of emails for all users. You want to scan the emails and prevent any emails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?
Application level
You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?
VLAN
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?
Honeynet
You want to create a collection of computers on your network that appear to have valuable data, but are really computers configured with fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the methods of the attacks that are being deployed. What should you implement?
Anomaly based IDS
You want to implement an IDS that uses rules or statistical analysis to detect attacks. What type of IDS should you deploy?
802.1x
You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch? Which one of the following should you implement?
Circuit-level
You want to install a firewall that can reject packets that are not part of an active session. What type of firewall should you use?
Circuit-level.
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
PGP (Pretty Good Privacy)
You want to use an encryption protocol for encrypting internet phone calls. What protocol would you use?
Install a proxy server. Allow internet access only through the proxy server.
You would like to control internet access based on users, time of day, and web sites visited. How can you do this?
Network based firewall.
Your company has a connection to the Internet that allows users to access the Internet. You also have a Web server and an e-mail server that you want to make available to Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?
VLAN
Your company is a small start-up company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?