Networking - Chapter 12: Network Security
A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses Nmap to probe various network hosts to see which operating system they are running. Which process did the administrator use for the penetration test in this scenario? A. Active fingerprinting B. Firewalking C. Passive fingerprinting D. Network enumeration
A. Active fingerprinting
Which of the following are examples of social engineering attacks? (Select two.) A. Dumpster diving B. Shoulder surfing C. War dialing D. Impersonation E. Port scanning
A. Dumpster diving B. Shoulder surfing
Which of the following CCTV types would you use in areas with little or no light? A. Infrared B. C-mount C. PTZ D. A camera with a high LUX rating
A. Infrared
Which of the following is a secure doorway that can be used with a mantrap to allow an easy exit but actively prevents re-entrance through the exit portal? A. Egress mantraps B. Turnstiles C. Electronic access control doors D. Locked doors with interior unlock push bars
B. Turnstiles
While browsing the internet, you notice that the browser displays ads linked to recent keyword searches you performed. Which attack type is this an example of? A. Zombie B. Worm C. Adware D. Logic bomb
C. Adware
Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps hostnames to IP addresses? A. ARP poisoning B. SYN flood C. DNS poisoning D. Spam
C. DNS poisoning
Telnet is inherently unsecure because its communication is in plaintext and is easily intercepted. Which of the following is an acceptable alternative to Telnet? A. PPP B. SLIP C. SSH D. Remote Desktop
C. SSH
A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of attack BEST describes the scenario? A. MAC spoofing B. Masquerading C. Whaling D. Passive
C. Whaling
Which of the following is an example of an internal threat? A. A water pipe in the server room breaks. B. A delivery man is able to walk into a controlled area and steal a laptop. C. A server backdoor allows an attacker on the internet to gain access to the intranet site. D. A user accidentally deletes the new product designs.
D. A user accidentally deletes the new product designs.
Which of the following is the MOST effective protection against IP packet spoofing on a private network? A. Antivirus scanners B. Digital signatures C. Host-based IDS D. Ingress and egress filters
D. Ingress and egress filters
Which of the following is the MOST important way to prevent console access to a network switch? A. Set the console and enable secret passwords. B. Disconnect the console cable when not in use. C. Implement an access list to prevent console connections. D. Keep the switch in a room that is locked by a keypad.
D. Keep the switch in a room that is locked by a keypad.
You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations, including airports, hotels, and public access points (like coffee shops and libraries). As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations. Which of the following protocols is MOST likely to be allowed through the widest number of firewalls? A. L2TP B. IPsec C. PPTP D. SSL
D. SSL
What is the definition of any attack involving human interaction of some kind? A. An authorized hacker B. Attacker manipulation C. An opportunistic attack D. Social engineering
D. Social engineering
Which of the following controls is an example of a physical access control method? A. Locks on doors B. Access control lists with permissions C. Passwords D. Smart cards E. New hire background checks
A. Locks on doors
Which type of activity changes or falsifies information in order to mislead or re-direct traffic? A. Spoofing B. Sniffing C. Snooping D. Spamming
A. Spoofing
Which of the following protocols are often added to other protocols to provide secure data transmission? (Select two.) A. TLS B. HTTPS C. SNMP D. SMTP E. SSL
A. TLS E. SSL
Which of the following BEST describes the key difference between DoS and DDoS? A. Sends a large number of legitimate-looking requests. B. Results in the server being inaccessible to users. C. Attackers use numerous computers and connections. D. The target server cannot manage the capacity.
C. Attackers use numerous computers and connections.
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled? A. Password guessing B. Social engineering C. Dumpster diving D. Shoulder surfing
C. Dumpster diving
You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services. Which tool should you use A. Packet sniffer B. IDS C. System logs D. IPS E. Port scanner
E. Port scanner
Which of the following BEST describes an inside attacker? A. An attacker with lots of resources and money at their disposal. B. An unintentional threat actor (the most common threat). C. A good individual who tries to help a company see their vulnerabilities. D. An agent who uses their technical knowledge to bypass security.
B. An unintentional threat actor (the most common threat).
Which of the following is a text file that a website stores on a client's hard drive to track and record information about the user? A. Certificate B. Cookie C. Mobile code D. Digital signature
B. Cookie
Which of the following can you use to stop piggybacking from occurring at a front entrance where employees swipe smart cards to gain entry? A. Use key locks rather than electronic locks. B. Deploy a mantrap. C. Install security cameras. D. Use weight scales.
B. Deploy a mantrap.
Which of the following Security Orchestration, Automation, and Response (SOAR) system components helps to document the processes and procedures that are to be used by a human during a manual intervention? A. Response B. Playbook C. Orchestration D. Runbook
B. Playbook
Which of the following attacks can also be used to perform denial of service (DoS) attacks? A. Null session B. Hijacking C. ARP spoofing D. MAC flooding
C. ARP spoofing
Which of the following protocols can you use to securely manage a network device from a remote connection? A. Telnet B. SFTP C. SSH D. TLS
C. SSH
When analyzing assets, which analysis method assigns financial values to assets? A. Qualitative B. Acceptance C. Transfer D. Quantitative
D. Quantitative
Which protocol does HTTPS use to offer greater security for web transactions? A. IPsec B. PAP C. CHAP D. SSL
D. SSL
Match each physical security control on the left with an appropriate example of that control on the right. Each security control may be used once, more than once, or not at all. Drag: A. Protected cable distribution B. Door locks C. Perimeter barrier D. Safety E. Physical access control Drop: 1. Hardened carrier 2. Biometric authentication 3. Barricades 4. Emergency escape plans 5. Alarmed carrier 6. Anti-passback system 7. Emergency lighting 8. Exterior floodlights
A-1 B-2 C-3 D-4 A-5 E-6 D-7 E-8
Match each social engineering description on the left with the appropriate attack type on the right. Drag: A. An attacker sends an email pretending to be from a trusted organization, asking users to access a website to verify personal information. B. An attacker gathers personal information about the target individual, who is a CEO. C. An attacker gathers personal information about the target individual in an organization. D. An attacker searches through an organization's trash for sensitive information. E. An attacker enters a secure building by following an authorized employee through a secure door without providing identification. F. An attacker uses a telephone to convince target individuals to reveal their credit card information. Drop: 1. Phishing 2. Whaling 3. Spear phishing 4. Dumpster diving 5. Piggybacking 6. Vishing
A-1 B-2 C-3 D-4 E-5 F-6
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network? A. ARP poisoning B. Port mirroring C. MAC spoofing D. MAC flooding
A. ARP poisoning
An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. Which type of social engineering is this individual engaging in? A. Authority B. Social validation C. Persuasive D. Commitment
A. Authority
What is the primary countermeasure to social engineering? A. Awareness B. A written security policy C. Traffic filters D. Heavy management oversight
A. Awareness
Which of the following is a common social engineering attack? A. Hoax virus information emails. B. Logging on with stolen credentials. C. Using a sniffer to capture network traffic. D. Distributing false information about your organization's financial status.
A. Hoax virus information emails.
Which of the following intrusion detection and prevention systems uses fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data? A. Honeypot B. Zombie C. Trojan horse D. Botnet
A. Honeypot
As you are helping a user with a computer problem, you notice that she has written her password on a note stuck to her computer monitor. You check your company's Password Policy and find that the following settings are currently required: Minimum password length = 10 Minimum password age = 4 Maximum password age = 30 Password history = 6 Account lockout clipping level = 3 Require complex passwords that include numbers and symbols Which of the following is the best action to take to make remembering passwords easier so that the user no longer has to write their password down? A. Implement end user training. B. Remove the complex password requirement. C. Increase the maximum password age. D. Increase the account lockout clipping level. E. Decrease the minimum password length.
A. Implement end user training.
Creating fake resources such as honeypots, honeynets, and tarpits fulfills which of the following main intrusion detection and prevention goals? (Select two.) A. Offers attackers a target that occupies their time and attention while distracting them from valid resources. B. Reveals information about an attacker's methods and gathers evidence for identification or prosecution purposes. C. Detects anomalous behavior that varies from standard activity patterns, also referred to as heuristic recognition. D. Entices attackers to reveal their IDS signatures, which can then be matched to known attack patterns. E. Detects attacks that are unique to the services on valid system resources and monitors application activity. F. Lures attackers into a non-critical network segment where their actions are passively monitored and logged, after which their connection is simply dropped.
A. Offers attackers a target that occupies their time and attention while distracting them from valid resources. B. Reveals information about an attacker's methods and gathers evidence for identification or prosecution purposes.
Which of the following attack types consists of capturing packets as they travel from one host to another with the intent of altering the contents? A. On-path B. Passive logging C. Spamming D. Spoofing
A. On-path
Which of the following describes an on-path attack? A. A person convinces an employee to reveal their login credentials over the phone. B. A person plants malicious code on a system, where the code waits for a triggering event before activating. C. A false server intercepts communications from a client by impersonating the intended server. D. A system constructs an IP packet that is larger than the valid size.
C. A false server intercepts communications from a client by impersonating the intended server.
You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock. The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. You notice that a router/firewall-content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client? (Select two.) A. Relocate the switch to the locked server closet. B. Control access to the work area with locking doors and card readers. C. Replace the key lock on the server closet with a card reader. D. Use separate dedicated network perimeter security devices instead of an all-in-one device. E. Replace the USB hard disks used for server backups with a tape drive.
A. Relocate the switch to the locked server closet. B. Control access to the work area with locking doors and card readers.
Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against? A. Sniffing B. Hijacking C. Filtering D. Spoofing
A. Sniffing
A router on the border of your network detects a packet with a source address from an internal client, but the packet was received on the internet-facing interface. Which attack form is this an example of? A. Spoofing B. Sniffing C. Spamming D. Snooping
A. Spoofing
Five salespeople work out of your office. They frequently leave their laptops on the desks in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the BEST way to address your concerns? A. Use cable locks to chain the laptops to the desks. B. Require strong passwords in the Local Security Policy. C. Implement screensaver passwords. D. Encrypt all company data on the hard drives.
A. Use cable locks to chain the laptops to the desks.
Which of the following best describes spyware? A. It is a malicious program that is disguised as legitimate software. B. It monitors the actions you take on your machine and sends the information back to its originating source. C. It is a program that attempts to damage a computer system and replicate itself to other computer systems. D. It monitors user actions that denote personal preferences and then sends pop-ups and ads to the user that match their tastes.
B. It monitors the actions you take on your machine and sends the information back to its originating source.
You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need? A. Port scanner B. Vulnerability scanner C. Network mapper D. Protocol analyzer
B. Vulnerability scanner
What is the main difference between a worm and a virus? A. A worm tries to gather information, while a virus tries to destroy data. B. A worm is restricted to one system, while a virus can spread from system to system. C. A worm can replicate itself, while a virus requires a host for distribution. D. A worm requires an execution mechanism to start, while a virus can start itself.
C. A worm can replicate itself, while a virus requires a host for distribution.
Which of the following is an attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring? A. Brute force attack B. On-path attack C. Denial-of-service attack D. Privilege escalation
C. Denial-of-service attack
Dumpster diving is a low-tech way of gathering information that may be useful for gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? A. Secure all terminals with screensaver passwords. B. Mandate the use of Integrated Windows Authentication. C. Establish and enforce a document destruction policy. D. Create a strong password policy.
C. Establish and enforce a document destruction policy.
A network utilizes a network access control (NAC) solution to defend against malware. When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied. What is this process called? A. Quarantine B. Port security C. Posture assessment D. Remediation
C. Posture assessment
What should you try first if your antivirus software does not detect and remove a virus? A. Search for and delete the file you believe to be infected. B. Scan the computer using another virus detection program. C. Update your virus detection software. D. Set the read-only attribute of the file you believe to be infected.
C. Update your virus detection software.
Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the BEST countermeasure for securing the captured network traffic? A. Eliminate unnecessary system applications. B. Use intrusion detection countermeasures. C. Use encryption for all sensitive traffic. D. Implement acceptable use policies.
C. Use encryption for all sensitive traffic.
You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you need enter your username and password in a new website so you can manage your email and spam using the new service. What should you do? A. Click on the link in the email and follow the directions to enter your login information. B. Click on the link in the email and look for company graphics or information before you enter the login information. C. Verify that the email was sent by the administrator and that this new service is legitimate. D. Open a web browser, type in the URL included in the email, and follow the directions to enter your login credentials. E. Delete the email.
C. Verify that the email was sent by the administrator and that this new service is legitimate.
What is the main difference between vulnerability scanning and penetration testing? A. Vulnerability scanning uses approved methods and tools; penetration testing uses hacking tools. B. The goal of vulnerability scanning is to identify potential weaknesses; the goal of penetration testing is to attack a system. C. Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. D. Vulnerability scanning is performed with a detailed knowledge of the system; penetration testing starts with no knowledge of the system.
C. Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter.
You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using? A. Pass-the-hash attack B. Password sniffing C. Keylogger D. Brute force attack
D. Brute force attack
What is spoofing? A. Sending a victim unwanted and unrequested email messages. B. Spying on private information or communications. C. Capturing network packets in order to examine the contents. D. Changing or falsifying information in order to mislead or re-direct traffic.
D. Changing or falsifying information in order to mislead or re-direct traffic.
Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system? A. Data handling B. SIEM alerts C. Security automation D. Collectors
D. Collectors
A security administrator logs on to a Windows server on her organization's network. Then she runs a vulnerability scan on that server. Which type of scan did she conduct in this scenario? A. Non-credentialed scan B. Non-intrusive scan C. Intrusive scan D. Credentialed scan
D. Credentialed scan
On your way into the back entrance of your work building one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do? A. Tell him no and quickly close the door. B. Let him in and help him find the restroom. Then let him work. C. Let him in. D. Direct him to the front entrance and instruct him to check in with the receptionist.
D. Direct him to the front entrance and instruct him to check in with the receptionist.
What is the primary benefit of CCTV? A. Increases security protection throughout an environment. B. Reduces the need for locks and sensors on doors. C. Provides a corrective control. D. Expands the area visible to security guards.
D. Expands the area visible to security guards.
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches have been installed. Which solution should you use? A. NAT B. VLAN C. Screened subnet D. NAC E. NIDS
D. NAC
You want to use CCTV as a preventative security measure. Which of the following is a requirement for your plan? A. Low LUX or infrared camera B. PTZ camera C. Sufficient lighting D. Security guards
D. Security guards