Networking + 10
In which type of attack are the cache records manipulated for malicious purposes? [Choose all that apply] DNS Poisoning Ransomware attack Denial of Service attack ARP Spoofing Shoulder Surfing
DNS Poisoning ARP Spoofing
Which type of DoS attack orchestrates an attack bounced off uninfected computers? a. Ransomware b. FTP bounce c. DRDoS attack d. PDoS attack
c. DRDoS attack
How many digits are used in a security PIN? Choose all that apply] 2 4 6 8
4 6
In which of the following forms of attack can security flaws allow unauthorized users to gain access to the system? Deauth attack Back doors On-path attack DNS poisoning
Back doors
Where in a network segment will the DMZ be located? Between the internal and external network On a different segment of the internal network On an external network On the internal network
Between the internal and external network
You are working as a guest lecturer in one of the most prestigious universities of your state. In one of your classes, you want to focus solely on a category of malware that runs automatically without requiring a person to start or stop it. Which of the following categories of malware would be best suited to demonstrate such an example? Bot Virus Worm Trojan horse
Bot
The annual audit is being conducted in the organization where you are working as a network administrator. The internal auditor has requested you to provide him with the details of the assets that have been disposed of in this quarter. Which of the following documents will you provide him? AUP CEED NDA PUA
CEED
Motion detection sensors can perform all tasks except: Send an SMS to someone Call a user Record video Light up the area Raise an alarm Send notification to security control room systems
Call a user
What does the acronym CIA stand for in relation to network security? [Choose all that apply] Clarification Confidentiality Integrity Integration Authorization Availability
Confidentiality Integrity Availability
Which of the following terms identifies the unauthorized access or use of sensitive data? Data breach Vulnerability Exploit Hacking
Data breach
Which type of attack can be conducted to render a network device inaccessible? [Choose all that apply] VLAN Hopping Ransomware attack Shoulder Surfing Denial of Service attack Man-in-the-middle attack
Denial of Service attack Ransomware attack
Which threat actor will have prior knowledge of the network layout to perform a malicious attack? Penetration tester A family member of an employee Sales executive Disgruntled network administrator Receptionist
Disgruntled network administrator
Which type of attack misleads a user to connect to a malicious wireless access point? MAC Spoofing IP Spoofing ARP Spoofing Phishing Evil Twin
Evil Twin
Which type of camera records the entry and exit of each individual through the door? Fixed CCTV IP-based Pan-Tilt-Zoom (PTZ)
Fixed
You have been working as a network security expert for Grem Associates. Grem allows its clients to view their securities investments online. You have recently received an anonymous email that points out a possible data breach and the necessary steps that are required to fix this issue. Who among the following do you think is behind this? CVE White hat hacker Gray hat hacker Black hat hacker
Gray hat hacker
You, as a network analyst, are running scans on a few of your organization's computers. You suspect that few of these computers might be affected by a certain virus because there has been an unexplainable increase in some of the file sizes. You have decided to implement anti-malware software on these devices. Where will you install the software to ensure that there is no compromise on the network's performance? Cloud-based Host-based Network-based Server-based
Host-based
In order to ensure better security measures for the computers used in your organization, you, as a network administrator, have decided to configure the software to remove corporate data from all devices while leaving personal data untouched. Which of the following software will you use in this scenario? Wireshark Meraki Systems Manager LastPass CEED
Meraki Systems Manager
Which of the following is NOT considered a prevention method? Locking racks Employee training Motion detection Mantrap
Motion detection (detection)
Jasmine has been working as the chief accountant for Basil Ltd., which sells basil leaves in Datona. Henry, who is the network administrator, has recently discovered that Jasmine is actually the same person who creates as well as authorizes the vendor account payments. Analyze if any of the following agreements has been violated in this scenario. AUP Anti-malware policy NDA PUA
PUA
In a _________ attack, the user is misled by a caller that he is a network technician gathering personal information from the user. ARP Spoofing Malware Social Engineering Denial of Service attack DNS Poisoning
Social Engineering
In __________________ a malicious user gains physical access to restricted area of the network. Tailgaiting Phishing On-path attack Shoulder surfing
Tailgaiting
Which of the following identifies physical penetration, temperature extremes, input voltage variations, input frequency variations, or certain kinds of radiation? Tamper detection CCTV Asset tags Motion detectors
Tamper detection
Which employee training method uses a Learning Management System (LMS)? Awareness Events Training Videos Demonstrations Classroom Training
Training Videos
Which of the following can be used for multi-factor authentication? [Choose all that apply] Manager's contact details Server room key Username and Password Employee contract Smart Card
Username and Password Smart Card
What is the purpose of Role-based Access Control (RABC)? Users can only access specific devices Users can only access their local device Users can access resources only at a specific time Users only have access to specific resources according to their job role
Users only have access to specific resources according to their job role
An attacker guesses an executive's password ("M@nd@lori@n") to a sensitive database after chatting for a while at a club. What kind of password attack did the hacker use? a. Brute-force attack b. Dictionary attack c. Zero-day attack d. Rainbow table attack
a. Brute-force attack
What type of attack relies on spoofing? a. Deauth attack b. Pen testing c. Tailgating d. Friendly DoS attack
a. Deauth attack
What is the first step in improving network security? a. Identify risks. b. Determine which resources might be harmed. c. Develop plans for responding to threats. d. Document next steps.
a. Identify risks.
What kind of software can be used to secure employee-owned devices? a. MDM b. NDA c. BYOD d. PUA
a. MDM
Which of the following attack simulations detect vulnerabilities and attempt to exploit them? Choose two. a. Pen testing b. Red team-blue team exercise c. Security audit d. Vulnerability assessment
a. Pen testing b. Red team-blue team exercise
A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers to collect information from people who make the same typo. What kind of attack is this? a. Phishing b. Quid pro quo c. Baiting d. Tailgating
a. Phishing
Which of the following social engineering attack types most likely requires that the attacker have existing knowledge about the victim? a. Phishing b. Piggybacking c. Tailgating d. Shoulder surfing
a. Phishing
Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct to develop your recommendations for the upgrade priorities? a. Posture assessment b. Data breach c. Exploit d. Security audit
a. Posture assessment
Which team might ask a user for a password? a. Red team b. Blue team
a. Red team
Which physical security device works through wireless transmission? a. Cipher lock b. Badge reader c. Biometrics d. Access control vestibule
b. Badge reader
You're playing a game on your Xbox when you suddenly get bumped off your Wi-Fi network. You reconnect and start playing, then get bumped off again. What type of attack is most likely the cause? a. On-path attack b. FTP bounce c. Deauth attack d. DDoS
c. Deauth attack
You sent a coworker a .exe file to install an app on their computer. What information should you send your coworker so they can ensure the file has not been tampered with in transit? a. Hash of the encryption key b. Private encryption key c. Hash of the file d. Public encryption key
c. Hash of the file
A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company. What kind of attack is this? a. Vulnerability b. Principle of least privilege c. Insider threat d. Denial of service
c. Insider threat
Which of the following is considered a secure protocol? a. Telnet b. FTP c. SSH d. HTTP
c. SSH
Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this? a. Virus b. Worm c. Ransomware d. Logic bomb
d. Logic bomb
The ability to insert code into a database field labeled "Name" is an example of a(n) _________. a. breach b. exploit c. attack d. vulnerability
d. vulnerability
Which of the following is the most secure password? a. 09181973 b. p@$$w0rd c. $t@rw@r$ d. yellowMonthMagneficant
d. yellowMonthMagneficant
Which assessment type would most likely discover a security risk related to employee onboarding? a. Vendor risk assessment b. Posture assessment c. Process assessment d. Threat assessment
c. Process assessment
John is working as a network administrator for PW Group. One of his primary duties requires him to change the password for the managing director's PC so that there is minimal option of a data breach. Analyze and suggest which of the following passwords would you recommend John to use this time. monoLithGamous592 password1111 qwertyyyyyy party
monoLithGamous592
A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use? a. AUP b. MDM c. BYOD d. NDA
d. NDA
You need to securely store handheld radios for your network technicians to take with them when they're troubleshooting problems around your campus network. What's the best way to store these radios so all your techs can get to them and so you can track who has the radios? a. Locking cabinet b. Smart locker c. Access control vestibule d. Locking rack
b. Smart locker
The following ports were listed as open during a recent port scan. Which one is no longer used except by legacy software and should be closed? a. 53 b. 22 c. 443 d. 139
d. 139 netbios