SY0-401:1 TS Quiz Network Security
"You are implementing a new VPN for your organization. You need to use an encrypted tunneling protocol that protects transmitted traffic and supports the transmission of multiple protocols. Which protocol should you use? A HTTP B HTTPS C FTP D L2TP over IPSec
"Answer: L2TP over IPSec Explanation: You should use Layer 2 Tunneling Protocol (L2TP) over IPSec. When you implement L2TP over IPSec, it encrypts transmitted traffic on virtual private network (VPN) connections. L2TP supports multiple protocols, such as Transmission Control Protocol (TCP), Internet Protocol (IP), Internetwork Packet Exchange (IPX), and Systems Network Architecture (SNA). L2TP is based on two older tunneling protocols: Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F). Hypertext Transfer Protocol (HTTP) transmits information in clear text. Hypertext Transfer Protocol Secure (HTTPS) uses Secure Sockets Layer (SSL) to encrypt HTTP traffic. HTTPS only supports the encryption of HTTP traffic. File Transfer Protocol (FTP) transmits data in clear text. HTTP uses port 80, and HTTPS uses port 443."
"A user complains that he is unable to communicate with a remote virtual private network (VPN) using L2TP. You discover that the port this protocol uses is blocked on the routers in your network. You need to open this port to ensure proper communication. Which port number should you open? A 22 B 88 C 1701 D 1723
"Answer: 1701 Explanation: You should open port number 1701 because this is the UDP port used by Layer 2 Tunneling Protocol (L2TP). Port number 22 is reserved for Secure Shell (SSH) remote login. Port number 88 is assigned to the Kerberos protocol. Point-to-Point Tunneling Protocol (PPTP) uses UDP and TCP ports number 1723. There are a total of 65,535 ports in the TCP/IP protocol that are vulnerable to attacks. You should know the following commonly used ports and protocols. FTP - ports 20 and 21 SSH, SCP, and SFTP - port 22 Telnet - port 23 SMTP - port 25 TACACS - port 49 DNS server - port 53 DHCP - ports 67 and 68 TFTP - port 69 HTTP - port 80 Kerberos - port 88 POP3 - port 110 NetBIOS - ports 137-139 IMAP4 - port 143 SNMP - port 161 LDAP - port 389 SSL, FTPS, and HTTPS - port 443 SMB - port 445 LDAP with SSL - port 636 Microsoft SQL Server - port 1433 Point-to-Point Tunneling Protocol (PPTP) - port 1723 RDP protocol and Terminal Services - port 3389"
"A server is located on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall? A 20 B 80 C 110 D 443
"Answer: 20 Explanation: FTP uses ports 20 and 21 by default, so port 20 should be opened on the Internet side of the demilitarized zone (DMZ) firewall to enable the server to provide FTP services. The firewall will then allow FTP traffic through, but no other port traffic will be allowed to enter the DMZ. Only necessary ports should be opened on the Internet side of a DMZ firewall in order to limit hackers' abilities to access the internal network. Port 80 is used by Hypertext Transfer Protocol (HTTP) to transfer Web pages. Port 110 is used by the Post Office Protocol (POP), and port 443 is used by Secure Sockets Layer (SSL)."
"A Web server is located on a DMZ segment. The Web server only serves HTTP pages, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall? A 20 B 80 C 110 D 443
"Answer: 80 Explanation: Only port 80 should be opened on the Internet side of the demilitarized zone (DMZ) firewall. The firewall will allow only HTTP traffic to enter the DMZ; all other port traffic will be prevented from entering the DMZ.
"Your company management has recently purchased a RADIUS server. This RADIUS server will be used by remote employees to connect to internal resources. You need to ensure that multiple client computers, including Windows Vista and Windows 7, are able to connect to the RADIUS server in a secure manner. What should you deploy? A flood guard B 802.1x C unified threat management D VLAN
"Answer: 802.1x Explanation: You should deploy 802.1x to allow remote employees to connect to internal resources via a RADIUS server. Implementing 802.1x would allow a company to reduce the exposure of sensitive systems to unmanaged devices on internal networks. 802.1x can also be used on wired networks to segment traffic intended for the wireless access point. For example, if a company has several conference rooms with wired network jacks that are used by both employees needing access to internal resources and guests needing access to the Internet only, you should implement 802.1x and VLANs. 802.1x is an good solution if you need to make sure that only devices authorized to access the network would be permitted to log in and utilize resources.
"Your organization purchases a set of offices adjacent to your current office. You need to broaden the area to which a wireless access point (AP) can transmit. What should you do? A Maximize the power level setting. B Relocate the AP. C Adjust the power level setting slightly higher. D Change the channel used by the AP.
"Answer: Adjust the power level setting slightly higher. Explanation: You should adjust the power level setting for the AP to a slightly higher setting. After changing the power level setting, you should reboot the AP. The only way to gain more coverage for an AP is to increase the power level.
"Which statement is NOT a characteristic of a network-based intrusion detection system (NIDS)? A An NIDS monitors real-time traffic. B An NIDS analyzes encrypted information. C An NIDS analyzes network packets for intrusion. D An NIDS does not monitor individual workstations in a network.
"Answer: An NIDS analyzes encrypted information. Explanation: The primary disadvantage of an NIDS is its inability to analyze encrypted information. For example, the packets that traverse through a Virtual Private Network (VPN) tunnel cannot be analyzed by the NIDS. An NIDS would most likely be used to detect, but not react to, behavior on the network.
"Your company has decided to deploy a data storage network solution. You have been asked to research the available options and report the results, including deployment cost, performance, and security issues. Which of the following solutions should NOT be included as part of your research? A iSCSI B Fibre Channel C RAID D FCoE
"Answer: RAID Explanation: RAID is a data storage solution that combines multiple physical drives into a single unit. The drives in the RAID configuration all reside in the same physical computer.
"Your company has decided to deploy a new wireless network at a branch office. This branch office is located in a busy commercial district. Management has asked you to fully assess the external vulnerabilities of the wireless network before it is deployed. Which three conditions should you assess? (Choose three.) A Number of users B Antenna selection C Antenna placement D Access point power E Speed of connection F Captive portals
"Answer: Antenna selection Antenna placement Access point power Explanation: Antenna selection (such as the use of directional versus omnidirectional antennas) plays an important role in protecting a wireless network. Using a directional antenna can limit the area that is covered by the antenna.
"You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack. What should you do? (Choose all that apply.) Change the default Service Set Identifier (SSID). Disable SSID broadcast. Configure the network to use authenticated access only. Configure the WEP protocol to use a 128-bit key.
"Answer: Change the default Service Set Identifier (SSID). Disable SSID broadcast. Configure the network to use authenticated access only. Configure the WEP protocol to use a 128-bit key. Explanation: You should complete all of the following steps to protect against war-driving attacks: Change the default SSID - This prevents hackers from being able to use the wireless network based on the access point's default settings. Disable SSID broadcast - This prevents the SSID from being broadcast. Although there are other ways to discover the SSID, disabling the broadcast will cut down on attacks. Configure the network to use authenticated access only - This ensures that no unauthenticated connections can occur. Configure the WEP protocol to use a 128-bit key - WEP using 128-bit key is better than the default WEP. However, it is even BETTER to implement some forms of WPA.
"You need to configure your company's remote access server to authenticate remote users using smart cards. Which protocol should you deploy? A EAP B WEP C WPA D WPA2
"Answer: EAP Explanation: You should use the Extensible Authentication Protocol (EAP). By using an EAP authentication protocol, such as EAP-Transport Level Security (EAP-TLS), for authentication, the remote access server can authenticate remote users with smart cards.
"Management has recently expressed concern over port security. You have been asked to ensure that all network ports are as secure as possible. Which of the following methods of port security should you implement? (Choose all that apply.) A Ensure that wiring closets are locked. B Ensure that TCP and UDP ports are managed properly. C Ensure that port knocking is not implemented. D Ensure that the MAC address of connected devices are monitored.
"Answer: Ensure that wiring closets are locked. Ensure that TCP and UDP ports are managed properly. Ensure that the MAC address of connected devices are monitored. Explanation: Port security is implemented on switches to ensure unauthorized devices cannot connect to the network through that port. Valid methods of port security include the following: Ensure wiring closets are locked - This ensures that rogue devices cannot be plugged into your network. Ensure that TCP and UDP ports are managed properly - This ensures that hackers cannot access your network via open TCP or UDP ports. Ensure that the MAC address of connected devices are monitored - This ensures that devices that connect to the network are identified. Media access control (MAC) addresses are used to uniquely identify network devices, including computers.
"You have been hired as a security consultant by a new small business. The business owner wants to implement a secure Web site. You suggest that the Web pages be secured using SSL. Which protocol should be used? A HTTPS B L2TP C PPTP D SPX
"Answer: HTTPS Explanation: Hypertext Transfer Protocol Secure (HTTPS) should be used because it securely transmits Web pages over Secure Sockets Layer (SSL). HTTPS operates over port 443 by default.
"You have been hired to access the security needs for an organization that uses several Web technologies. During the assessment, you discover that the organization uses HTTPS, S-HTTP, ActiveX, and JavaScript. You need to rank these technologies based on the level of security they provide. Which of the technologies listed provides the highest level of security? A HTTPS B S-HTTP C ActiveX D JavaScript
"Answer: HTTPS Explanation: Of the options given, HTTPS provides the highest level of security. The HTTP Secure (HTTPS) protocol provides a secure connection between two computers. The connection is protected, and all traffic between the two computers is encrypted. HTTPS uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS). It uses private key encryption to encrypt the entire channel. HTTPS uses port 443 by default.
"Which system detects network intrusion attempts and controls access to the network for the intruders? A firewall B IDS C IPS D VPN
"Answer: IPS Explanation: An intrusion prevention system (IPS) detects network intrusion attempts and controls access to the network for the intruders. An IPS is an improvement over an intrusion detection system (IDS) because an IPS actually prevents intrusion.
"You work for a company that installs networks for small businesses. During a recent deployment, you configure a network to use the Internet Protocol Security (IPSec) protocol. The business owner asks you to explain why this protocol is being used. Which three are valid reasons for using this protocol? (Choose three.) A IPSec can work in either tunnel mode or transport mode. B IPSec uses Encapsulation Security Payload (ESP) and Authentication Header (AH) as security protocols for encapsulation. C The IPSec framework uses L2TP as the encryption protocol. D The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions. E IPSec ensures availability of information as a part of the CIA triad.
"Answer: IPSec can work in either tunnel mode or transport mode. IPSec uses Encapsulation Security Payload (ESP) and Authentication Header (AH) as security protocols for encapsulation. The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions. Explanation: Internet Protocol Security (IPSec) can operate in either tunnel mode or transport mode. In transport mode, only the message part of a packet (the payload) is encrypted by Encapsulating Security Payload (ESP). In IPSec tunnel mode, the entire packet including the packet header and the routing information is encrypted. IPSec tunnel mode provides a higher level of security than transport mode. Either of the two modes can be used to secure either gateway-to-gateway or host-to-gateway communication. If used in gateway-to-host communication, the gateway must act as the host.
"Your organization is trying to increase network security. After a recent security planning meeting, management decides to implement a protocol that digitally signs packet headers and encrypts and encapsulates packets. Which protocol should you implement? AES CA DES IPsec
"Answer: IPsec Explanation: You should implement Internet Protocol security (IPsec). This protocol digitally signs Internet Protocol (IP) packet headers and encrypts and encapsulates packets. IPsec provides both authentication and encryption, and is regarded as one of the strongest security standards. When the Authentication Header (AH) protocol is used, IPSec digitally signs packet headers, and when the Encapsulating Security Protocol (ESP) is used, IPsec encrypts packets. AH is protocol ID 51, and ESP is protocol ID 50. When tunnel mode is used, packets are encapsulated within other packets; when transport mode is used, packets are not encapsulated. Two routers that require secure communications should use IPSec in tunnel mode to encrypt packets.
"You are aware that any system in the demilitarized zone (DMZ) can be compromised because the DMZ is accessible from the Internet. What should you do to mitigate this risk? A Implement both DMZ firewalls as bastion hosts. B Implement every computer on the DMZ as a bastion host. C Implement the DMZ firewall that connects to the Internet as a bastion host. D Implement the DMZ firewall that connects to the private network as a bastion host
"Answer: Implement every computer on the DMZ as a bastion host. Explanation: You should implement every computer on the demilitarized zone (DMZ) as a bastion host because any system on the DMZ can be compromised. A bastion host is, in essence, a system that is hardened to resist attacks. A bastion host is not attached to any firewall software. However, every firewall should be hardened like a bastion host."
"Your company currently uses IPv4 addresses on its network. You need to convince your organization to start using IPv6 addresses. Which two reasons for changing should you give management? (Choose two.) A It has 4 billion available addresses B It has 340 undecillion available addresses C It uses 32-bit addresses D It uses 128-bit addresses
"Answer: It has 340 undecillion available addresses It uses 128-bit addresses Explanation: IPv6 uses 128-bit IP addresses and allows for the use of 340 undecillion addresses. An IPv6 address uses a mixture of numbers and alphanumeric characters.
"What is a disadvantage of a hardware firewall compared to a software firewall? A It has a fixed number of available interfaces. B It has lower performance capability than a software firewall. C It is easier to make configuration errors than in a software firewall. D It provides decreased security as compared to a software firewall.
"Answer: It has a fixed number of available interfaces. Explanation: A hardware firewall is purchased with a fixed number of interfaces available. With a software firewall, adding interfaces is as easy as adding and configuring another network interface card (NIC). A hardware firewall outperforms a software firewall. It is easier to make configuration errors in a software firewall, not a hardware firewall. Most hardware firewalls are advertised as ""turn-key"" solutions, meaning software installation and configuration issues are minimal. Hardware firewalls generally provide increased security over software firewalls."
"During maintenance, you often discover invalid devices connected to your wireless network. You need to ensure that only valid corporate devices can connect to the network. What should you configure to increase the security of this wireless network? A SSID broadcast B war driving C rogue access points D MAC filtering
"Answer: MAC filtering Explanation: To increase the security of this wireless network, you should configure Media Access Control (MAC) filtering. With this filtering, the MAC address of each network interface card (NIC) that attempts to connect to the network is checked. Only MAC addresses that are specifically allowed connection are granted connection.
"Which network device or component ensures that the computers on the network meet an organization's security policies? A NAT B IPsec C DMZ D NAC
"Answer: NAC Explanation: Network Access Control (NAC) ensures that the computer on the network meet an organization's security policies. NAC user policies can be enforced based on the location of the network user, group membership, or some other criteria. Media access control (MAC) filtering is a form of NAC.
"Which network entity acts as the interface between a local area network and the Internet using one IP address? VPN NAT router router firewall"
"Answer: NAT router Explanation: Network Address Translation (NAT) router acts as the interface between a local area network and the Internet using one IP address.
At which layer of the OSI model do routers operate? A Session B Network C Physical D Data-link E Transport
"Answer: Network Explanation: Routers operate at the Network layer (Layer 3) of the OSI networking model. They use source and destination addresses, which are located at the Network layer, to route packets. Switches use MAC addresses, which are located at the Data Link layer, to forward frames. The Data Link layer is Layer 2.
"You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA). You want to ensure that no unauthorized wireless access points are established. What should you do? A Change the two wireless networks to WPA2. B Change the two wireless networks to WEP. C Periodically complete a site survey. D Disable SSID broadcasts for the two wireless networks.
"Answer: Periodically complete a site survey. Explanation: You should periodically complete a site survey to ensure that no unauthorized wireless access points are established. Site surveys generally produce information on the types of systems in use, the protocols in use, and other critical information. You need to ensure that hackers cannot use site surveys to obtain this information. To protect against unauthorized site surveys, you should change the default Service Set Identifier (SSID) and disable SSID broadcasts. Immediately upon discovering a wireless access point using a site survey, you should physically locate the device and disconnect it. Site surveys are also used to analyze antenna placement.
"Management has requested that you ensure all firewalls are securely configured against attacks. You examine one of your company's packet-filtering firewalls. You have configured the following rules on the firewall: Permit all traffic to and from local hosts. Permit all inbound TCP connections. Permit all SSH traffic to linux1.kaplanit.com. Permit all SMTP traffic to smtp.kaplanit.com. Which rule will most likely result in a security breach? Permit all traffic to and from local hosts. Permit all inbound TCP connections. Permit all SSH traffic to linux1.kaplanit.com. Permit all SMTP traffic to smtp.kaplanit.com.
"Answer: Permit all inbound TCP connections. Explanation: The Permit all inbound TCP connections filter will most likely result in a security breach. This rule is one you will not see in most firewall configurations. By simply allowing all inbound TCP connections, you are not limiting remote hosts to certain protocols. Security breaches will occur because of this misconfiguration. You should only allow those protocols that are needed by remote hosts, and drop all others.
"You manage the security for a small corporate network that includes a hub and firewall. You want to provide protection against traffic sniffing. What should you do? Replace the hub with a switch. Replace the hub with a repeater. Implement filters on the hub. Implement access control lists (ACLs) on the hub."
"Answer: Replace the hub with a switch. Explanation: You should replace the hub with a switch. This will provide some protection against traffic sniffing. In a network that uses hubs, packets are visible to every node on the network. When switches are used, the packets are forwarded only to the host for which the packet is intended because a switch does not forward packets out all of its ports. This prevents the ability of users on the same network from viewing each other's traffic, thereby providing some level of protection against traffic sniffing. Traffic sniffing captures data packets not intended for the sniffer. A network-based intrusion detection system (IDS) can be used to capture packets on a switch.
"Your network contains four segments. Which network devices can you use to connect two or more of the LAN segments together? (Choose three.) A Hub B Router C Switch D Bridge E Repeater F Multiplexer
"Answer: Router Switch Bridge Explanation: Bridges, switches, and routers can be used to connect multiple LAN segments. Bridges and switches operate at the Data Link layer of the OSI model (Layer 2), using the Media Access Control (MAC) address to send packets to their destination. Routers operate at the Network layer (Layer 3) by using IP addresses to route packets to their destination along the most efficient path.
"One department in your company needs to be able to easily transfer files over a secure connection. All of the files are stored on a UNIX server. You have been asked to suggest a solution. Which protocol should you suggest? FTP SCP SSH Telnet
"Answer: SCP Explanation: You should suggest that the department use Secure Copy (SCP). This protocol is used on UNIX networks to transfer files over a secure connection and operates at OSI layer 7. SCP uses SSH and operates over port 22 by default.
"Recently, your company's network has been attacked from outside the organization. The attackers then changed the configuration of several network devices. Management has asked you to monitor network devices on a regular basis. Which protocol should you deploy? A SMTP B SNMP C DHCP D DNS
"Answer: SNMP Explanation: You should deploy Simple Network Management Protocol (SNMP) to monitor network devices and the devices' parameters. It uses port 161 to communicate. SNMP allows an administrator to set device traps.
"Your company has a UNIX computer. Several users have requested remote access to this server. You need to implement a solution that transmits encrypted authentication information over a secure communications channel and transmits data securely during terminal connections with UNIX computers. Which technology should you use? A FTP B HTTP C SSH D Telnet
"Answer: SSH Explanation: You should use Secure Shell (SSH). It transmits both authentication information and data securely during terminal connections with UNIX computers. SSH operates over port 22 by default.
"A small business owner wants to be able to sell products over the Internet. A security professional suggests the owner should use SSL. Which statement is NOT true of this protocol? A SSL is used to protect Internet transactions. B SSL version 2 provides client-side authentication. C SSL operates at the Network layer of the OSI model. D SSL with TLS supports both server and client authentication. E SSL has two possible session key lengths: 40 bit and 128 bit.
"Answer: SSL operates at the Network layer of the OSI model. Explanation: The secure sockets layer (SSL) protocol does not operate at the Network layer (Layer 3) of the Open Systems Interconnection (OSI) model. It operates at the Transport layer (Layer 4). It works in conjunction with the Hypertext Transfer Protocol (HTTP) that operates at the Session layer to provide secure HTTP connections.
"Your company implements an Ethernet network. During a recent analysis, you discover that network throughput capacity has been wasted as a result of the lack of loop protection. What should you deploy to prevent this problem? A STP B TTL C flood guards D network separation
"Answer: STP Explanation: You should deploy spanning tree protocol (STP). The primary loop protection on an Ethernet network is STP. The problem with looping is the waste of network throughput capacity. STP can help mitigate the risk of Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches.
"Which tool is an intrusion detection system (IDS)? A Snort B Nessus C Tripwire D Ethereal
"Answer: Snort Explanation: Snort is an intrusion detection system (IDS). Nessus is a vulnerability assessment tool. Tripwire is a file integrity checker. Ethereal is a network protocol analyzer"
"You company needs to be able to provide employees as to a suite of applications. However, you do not want the employees to install a local copy of the applications. Which method should you use to deploy the suite of applications? virtualization Platform as a Service Software as a Service Infrastructure as a Service
"Answer: Software as a Service Explanation: You should use Software as a Service (SaaS) to deploy the suite of applications. This will ensure on-demand, online access to the suite without the need for local installation. Another example of this type of cloud computing deployment is when a company needs to give employees access to a database but cannot invest in any more servers. WebMail is an example of this cloud computing type.
"Management of your company wants to allow the departments to share files using some form of File Transfer Protocol (FTP). You need to explain the different FTP deployments. By default, which FTP solution provides the LEAST amount of security? A FTP B FTPS C SFTP D TFTP
"Answer: TFTP Explanation: The Trivial File Transfer Protocol (TFTP) provides the least amount of security. TFTP provides no authentication or encryption mechanism. TFTP uses port 69, by default.
"You need to implement security countermeasures to protect from attacks being implemented against your PBX system via remote maintenance. Which policies provide protection against remote maintenance PBX attacks? (Choose all that apply.) A Turn off the remote maintenance features when not needed. B Use strong authentication on the remote maintenance ports. C Keep PBX terminals in a locked, restricted area. D Replace or disable embedded logins and passwords.
"Answer: Turn off the remote maintenance features when not needed. Use strong authentication on the remote maintenance ports. Keep PBX terminals in a locked, restricted area. Replace or disable embedded logins and passwords. Explanation: You should implement all of the given policies to provide protection against remote maintenance PBX attacks. You should turn off the remote maintenance features when not needed and implement a policy whereby local interaction is required for remote administration. You should use strong authentication on the remote maintenance ports. This will ensure that authentication traffic cannot be compromised. You should keep PBX terminals in a locked, restricted area. While this is more of a physical security issue, it can also affect remote maintenance attacks. If the physical security of a PBX system is compromised, the attacker can then reconfigure the PBX system to allow remote maintenance. You should replace or disable embedded logins and passwords. These are usually configured by the manufacturer to allow back door access to the system."
"You need to ensure that a single document transmitted from your Web server is encrypted. You need to implement this solution as simply as possible. What should you do? A Use ActiveX. B Use JavaScript. C Use HTTPS. D Use S-HTTP.
"Answer: Use S-HTTP. Explanation: You should use Secure HTTP (S-HTTP) to encrypt a single document from your Web server. This will allow the two computers to negotiate an encryption connection if this document needs to be transmitted.
"While performing routine network monitoring for your company, you notice a lot of IPSec traffic. When you report your findings to management, management wants you to explain the high amount of IPSec traffic. What is a common implementation of this protocol that you should mention? A EDI B VPN C SET D SSL
"Answer: VPN Explanation: Internet Protocol Security (IPSec) is a security standard commonly implemented to create virtual private networks (VPNs). IPSec allows packets to be securely exchanged over the Internet Protocol (IP) at the Network layer (Layer 3) rather than at the Application layer (Layer 7) of the Open Systems Interconnection (OSI) model. The Internet Engineering Task Force (IETF) developed the standard, but Cisco has contributed to its emergence. Cisco routers have support for IPSec built into the product.
"Which device is the BEST solution to protect all traffic on an HTTP/HTTPS server? A. network-based IDS B. host-based IDS C. network firewall D. Web application firewall"
"Answer: Web application firewall Explanation: The BEST solution to protect all traffic on an HTTP/HTTPS server is a Web application firewall. A Web application firewall can be implemented in hardware or software to protect a Web server from a cross-site scripting attack. A Web application firewall (WAF) provides security at the Application layer (Layer 7) of the OSI model.
"You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. The solution must be hardware based. Which type of network should you deploy? A a VPN B a VLAN C a DMZ D an extranet
"Answer: a VLAN Explanation: You should deploy a virtual local area network (VLAN). This type of network can be used to ensure that internal access to other parts of the network is controlled and restricted. A VLAN is usually created using a switch. VLAN segregation protects each individual segment by isolating the segments. VLAN segregation is best used to prevent ARP poisoning attacks across a network. VLANs provide a layer of protection against sniffers, and can decrease broadcast traffic. Creating a VLAN is much simpler than using firewalls or implementing a virtual private network (VPN). A VLAN is a good solution if you need to separate two departments into separate networks. VLAN management is implemented at the switch to configure the VLANs and the nodes that are allowed to participate in a particular VLAN. You can configure a switch to allow only traffic from computers based upon their physical (MAC) address.
"What is a Web security gateway? A a device the filters all types of unwanted traffic B a device that blocks unwanted messages C a device that tunnels private communication over the Internet D a device that filters Web content
"Answer: a device that filters Web content Explanation: A Web security gateway is a device that filters Web content.
"What is an embedded firewall? a firewall that is integrated into a router a firewall that is installed on a server operating system a black box device a component that is added to a hardware firewall
"Answer: a firewall that is integrated into a router Explanation: An embedded firewall is integrated into a router.
"Which device is designed to provide the most efficient transmission of traffic that is NOT specifically denied between networks? a hub a router a firewall a repeater
"Answer: a router Explanation: A router is a device that is designed to transmit all data that is not specifically denied between networks, and to do so in the most efficient manner possible. A router enables connectivity between two or more networks and can connect multiple network segments into one network.
"Often the sales people for your company need to connect some wireless devices together without having an access point available. You need to set up their laptops to ensure that this communication is possible. Which communications mode should you use? ad hoc infrastructure transport tunnel
"Answer: ad hoc Explanation: You should use ad hoc, which is an 802.11b communications mode that enables wireless devices to communicate directly. The 802.11b wireless networking technology is sometimes referred to as WiFi.
"Recently, an IT administrator contacted you regarding a file server. Currently, all users are granted access to all of the files on this server. You have been asked to change the configuration and designate which users can access the files. What should you use to do this? A. a firewall B. a NAT server C an ACL D a proxy server
"Answer: an ACL Explanation: An access control list (ACL) is a security mechanism used to designate those users who can gain various types of access, such as read, write, and execute access, to resources on a network. An ACL provides security as granular as the file level. The DAC model uses ACL to identify the users who have permissions to a resource. If a user is unable to access remote resources and you have ensured that the firewall is not blocking the user's communication, it could be that the ACL for the resource needs to be checked to ensure that user has the appropriate permission. An ACL is also configured at the remote access server to grant or deny remote access.
"Which type of monitoring is most likely to produce a false alert? misuse-detection-based anomaly-based behavior-based signature-based
"Answer: anomaly-based Explanation: Anomaly-based monitoring is most likely to produce a false alert. With anomaly-based monitoring, alerts occur where there are any deviations from normal behavior. Deviations from normal behavior will normally occur but are not always indications of a possible attack. With this type of monitoring, there is an initial learning period before anomalies can be detected. Once the baselines are established, anomaly-based monitoring can detect anomalies. Sometimes the baseline is established through a manual process.
"You are creating an IDS solution for your company's network. You define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted. Which type of IDS are you using? A misuse-detection-based B anomaly-based C behavior-based D signature-based
"Answer: behavior-based Explanation: A behavior-based IDS looks for behavior that is not allowed and acts accordingly. When you define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted, you are using behavior-based monitoring.
"You are responsible for managing your company's virtualization environment. Which feature should NOT be allowed on a virtualization host? A implementing IPsec B browsing the Internet C implementing a firewall D monitoring the event logs
"Answer: browsing the Internet Explanation: You should not allow browsing the Internet on a virtualization host. This can present a possible security breach through the introduction of spyware or malware. Anything that affects a virtualization host also affects all virtual computers on the host. Virtual servers have the same information security requirements as physical servers.
"Which job is NOT provided by a network protocol analyzer? A. provide network activity statistics B identify the sources and destinations of communications C detect active viruses or malware on the network D identify the types of traffic on the network
"Answer: detect active viruses or malware on the network Explanation: A network protocol analyzer, also known as a packet sniffer, does not detect active viruses or malware on the network.
"Which firewall architecture has two network interfaces? A bastion host B screened host C screened subnet D dual-homed firewall
"Answer: dual-homed firewall Explanation: A dual-homed firewall has two network interfaces. One interface connects to the public network, usually the Internet. The other interface connects to the private network. The forwarding and routing function should be disabled on the firewall to ensure that network segregation occurs.
"You have been hired as a company's network administrator. The company's network currently uses statically configured IPv4 addresses. You have been given a list of addresses that are used on the network that include the addresses listed in the options. However, you are sure that some of these addresses are NOT IPv4 addresses. Which addresses are not valid? 192.1.0.1 169.254.0.10 fe80::200:f8ff:fe21:67cf 00-0C-F1-56-98-AD
"Answer: fe80::200:f8ff:fe21:67cf 00-0C-F1-56-98-AD Explanation: The fe80::200:f8ff:fe21:67cf address is an IPv6 address. The 00-0C-F1-56-98-AD address is a MAC address, which is hard-coded into the network interface card (NIC) by the manufacturer. The 169.254.0.10 and 192.1.0.1 addresses are both valid IPv4 addresses."
"Which network device acts as an Internet gateway, firewall, and Internet caching server for a private network? A. proxy server B. VPN C. IDS D. IPS
"Answer: proxy server Explanation: A proxy server acts as an Internet gateway, firewall, and Internet caching server for a private network. Hosts on the private network contact the proxy server with an Internet Web site request. The proxy server checks its cache to see if a locally stored copy of the site is available. If not, the proxy server communicates with its Internet connection to retrieve the Web site. The proxy server is virtually invisible to the client and the Internet connection. A proxy server can be configured to allow only outgoing Hypertext Transfer Protocol (HTTP) traffic by configuring which users have permissions to access the Internet via the proxy server.
"Which term is most commonly used to describe equipment that creates a demilitarized zone (DMZ)? router firewall active hub passive hub
"Answer: firewall Explanation: A firewall is used to create a demilitarized zone (DMZ). A DMZ is a zone located between a company's internal network and the Internet that usually contains publically accessible servers. The DMZ implementation provides an extra security precaution to protect the resources on the company's internal network. Usually two firewalls are used to create a DMZ; one firewall resides between the public network and the DMZ, and another firewall resides between the DMZ and the private network.
"Several users report that they are having trouble connecting to the organization's Web site that uses HTTPS. When you research this issue, you discover that the Web client and Web server are not establishing a TCP/IP connection. During which phase of SSL communication is the problem occurring? A handshake B key exchange C authentication D encrypted connection establishment"
"Answer: handshake Explanation: The problem is occurring during the handshake phase of Secure Sockets Layer (SSL) communication. First, a TCP/IP connection is established between a Web server and a Web client. Next, the key exchange occurs.
"Which type of firewall is also referred to as an appliance firewall? A. application B. embedded C. hardware D. software
"Answer: hardware Explanation: A hardware firewall is also referred to as an appliance firewall. Appliance firewalls are often designed as stand-alone black box solutions that can be plugged in to a network and operated with minimal configuration and maintenance.
"You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: The VPN gateway should require the use of Internet Protocol Security (IPSec). All remote users must use IPSec to connect to the VPN gateway. No internal hosts should use IPSec. Which IPSec mode should you use? A host-to-host B host-to-gateway C gateway-to-gateway D This configuration is not possible."
"Answer: host-to-gateway Explanation: You should deploy host-to-gateway IPSec mode. In this configuration, the VPN gateway requires the use of IPSec for all remote clients. The remote clients use IPSec to connect to the VPN gateway. IPSec is not used for any communication between the VPN gateway and the internal hosts on behalf of the remote clients. Only the traffic over the Internet uses IPSec.
"You have been hired by a small company to ensure that their internal network is protected against attacks. You must implement a secure network. As part of this implementation, what should be the default permission position? A explicit allow B implicit allow C explicit deny D implicit deny
"Answer: implicit deny Explanation: The default permission position in a secure network should be implicit deny. This will ensure that if a user or group does not have an explicit allow permission configured, the access will default to an implicit deny. An implicit deny should be the last rule contained on any firewall because most firewalls do not default to this setting. This firewall rule is often defined with a Drop All statement. On Windows servers, the access control list (ACL) defaults to an implicit deny.
"You need to ensure that wireless clients can only communicate with the wireless access point and not with other wireless clients. What should you implement? PEAP LEAP SSID isolation mode
"Answer: isolation mode Explanation: You should implement isolation mode. This mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients. This is also referred to as client isolation mode.
"What is the primary advantage of using a network-based intrusion detection system (NIDS)? A no counterattack on the intruder B ability to analyze encrypted information C low maintenance D high throughput of the individual workstations on the network
"Answer: low maintenance Explanation: The primary advantage of an NIDS is the low maintenance involved in analyzing traffic in the network. An NIDS is easy and economical to manage because the signatures are not configured on all the hosts in a network segment. Configuration usually occurs at a single system, rather than on multiple systems.
You must design the network for your company's new location. Which two considerations are important? (Choose two.) A number of hosts to support B number of domains to support C number of subnetworks needed D number of servers to support E number of Internet interfaces available
"Answer: number of hosts to support number of subnetworks needed Explanation: When designing a network, you need to know the number of hosts to support and the number of subnetworks needed. These two considerations determine the subnetting scheme that your network requires. The number of domains to support, the number of servers to support, and the number of Internet interfaces available do not affect the network design."
"Which type of firewall only examines the packet header information? A stateful firewall B kernel proxy firewall C packet-filtering firewall D application-level proxy firewall
"Answer: packet-filtering firewall Explanation: A packet-filtering firewall only looks at a data packet to obtain the source and destination addresses and the protocol and port used. This information is then compared to the configured packet-filtering rules to decide if the packet will be dropped or forwarded to its destination. A packet-filtering firewall only examines the packet header information.
"Your manager has asked you to improve network security by confining sensitive internal data traffic to computers on a specific subnet using access control lists (ACLs). Where should the ACLs be deployed? A firewalls B hubs C modems D routers
"Answer: routers Explanation: The ACLs should be deployed on the routers. The ACLs will improve network security by confining sensitive data traffic to computers on a specific subnet. By implementing ACLs and rules, you can ensure that a secure router configuration is implemented, which will protect the routers and the subnets they manage.
"Which type of monitoring requires that updates be regularly obtained to ensure effectiveness? network-based anomaly-based behavior-based signature-based
"Answer: signature-based Explanation: Signature-based monitoring requires that updates be regularly obtained to ensure effectiveness. Signature-based monitoring watches for intrusions that match a known identity or signature when checked against a database that contains the identities of possible attacks. This database is known as the signature database.
"Match the descriptions on the left with the network technologies on the right that it BEST matches. Missing image
"Explanation: The network technologies should be matched with the descriptions in the following way: DMZ - A network that is isolated from other networks using a firewall VLAN - A network that is isolated from other networks using a switch NAT - A transparent firewall solution between networks that allows multiple internal computers to share a single Internet interface and IP address NAC - A network server that ensures that all network devices comply with an organization's security policy"
"Which type of intrusion detection system (IDS) watches for intrusions that match a known identity? A network-based IDS B anomaly-based IDS C behavior-based IDS D signature-based IDS
"Answer: signature-based IDS Explanation: A signature-based IDS watches for intrusions that match a known identity or signature. All attack signatures are contained in a signature database. The signature database must be updated for a signature-based IDS to remain effective.
"What is the purpose of content inspection? A to distribute the workload across multiple devices B to search for malicious code or behavior C to filter and forward Web content anonymously D to identify and block unwanted messages
"Answer: to search for malicious code or behavior Explanation: The purpose of content inspection is to search for malicious code or suspicious behavior.
"Which term is synonymous with protocol analyzing? A packet sniffing B vulnerability testing C port scanning D password cracking
"Answer: packet sniffing Explanation: Packet sniffing is synonymous with protocol analyzing. Both terms refer to the process of monitoring data transmitted on the network. They can also be called network analyzers. Packet sniffing can occur by installing the software on a network device. However, it can also occur by installing a rogue wireless access point, router, or switch on the network. If any hidden network devices are found, it is most likely the source of a packet sniffing attack.
"Your organization deploys two wireless networks in close proximity. The configuration of the two wireless networks is as follows: SSID: Students - 802.11b using channel 1 SSID: Guest - 802.11g using channel 9 You have been asked to deploy a new wireless network for the Research department. This wireless network should only support 802.11g wireless devices and must use a different channel than the other wireless networks. The network should be named Research and should not be advertised. When you open the wireless router's interface, the Basic Wireless Settings screen is configured as follows:
"Explanation: For this scenario, you should configure the Wireless Network Mode option as follows: Change the Wireless Network Mode setting to G-Only. Change the Wireless Network Name (SSID) setting to Research. Change the Wireless Channel setting to 5. Change the Wireless SSID Broadcast setting to Disable. For the Wireless Network Mode, the scenario specifically stated that you ONLY want to support 802.11g wireless devices on the network. Because the scenario also stated that you must use a non-overlapping channel, you must choose from channels 1, 5, 9, or 13 for an 802.11g network. Because channels 1 and 9 are already in use and channel 13 is not an option on the router, you must use channel 5. Note that 80211b wireless networks have four non-overlapping channels: 1, 6, 11, and 14. Finally, the scenario stated that the network name should not be advertised, which means that the Wireless SSID Broadcast option should be set to Disable.
"You are trying to decide which type of intrusion detection system (IDS) you should deploy to improve network security. Match the IDS description from the left with their appropriate IDS type on the right. Missing Image"
"Explanation: The IDS types should be matched with the descriptions in the following manner: Behavior-based - An IDS that uses a learned activity baseline to identify intrusion attempts Signature-based - An IDS that maintains an attack profile database to identify intrusion attempts Host-based - An IDS that only monitors a single particular device for intrusion attempts Network-based - An IDS that monitors an entire network segment for intrusion attempts Many IDS solutions actually employ multiple types to provide the greatest protection.
"Match the wireless antenna types on the left with the descriptions given on the right.
"Explanation: The antennas and their descriptions should be matched in the following manner: Omni - a multi-directional antenna that radiates radio wave power uniformly in all directions in one plane with a radiation pattern shaped like a doughnut Yagi - a directional antenna with high gain and narrow radiation pattern Sector - a directional antenna with a circle measured in degrees of arc radiation pattern Dipole - the earliest, simplest, and most widely used antenna with a radiation pattern shaped like a doughnut"
"Match the descriptions on the left with the cloud deployments on the right. Missing Image
"Explanation: The cloud deployments should be matched with the descriptions in the following manner: Platform as a Service (PaaS) - Allows organizations to deploy Web servers, databases, and development tools in a cloud Software as a Service (SaaS) - Allows organizations to run applications in a cloud Infrastructure as a Service (IaaS) - Allows organizations to deploy virtual machines, servers, and storage in a cloud"
"You must configure the routers on your network to ensure that appropriate communication is allowed between the subnetworks. Your configuration must allow multiple protocols to communicate across the routers. Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column on the right to match the protocol with the correct default port. Missing Image"
"Explanation: The protocols given use these default ports: Port 20 - FTP Port 23 - Telnet Port 25 - SMTP Port 53 - DNS Port 80 - HTTP FTP also uses port 21, but it was not listed in this scenario."
"You must configure the routers on your network to ensure that appropriate communication is allowed between the subnetworks. Your configuration must allow multiple protocols to communicate across the routers. Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column on the right to match the protocol with the correct default port. Missing Image"
"Explanation: The protocols given use these default ports: Port 21 - FTP Port 110 - POP3 Port 143 - IMAP Port 443 - HTTPS Port 3389 - RDP FTP also uses port 20, but it was not listed in this scenario."
"You are responsible for managing security for a network that supports multiple protocols. You need to understand the purpose of each of the protocols that are implemented on the network. Match each description with the protocol that it BEST fits. Missing Image"
"Explanation: The protocols should be matched with the descriptions in the following manner: IPSec - A tunneling protocol that provides secure authentication and data encryption SNMP - A network management protocol that allows communication between network devices and the management console SFTP - A file transferring protocol that uses SSH for security FTPS - A file transferring protocol that uses SSL for security"
"You are responsible for managing the security for a network that supports multiple protocols. You need to understand the purpose of each of the protocols that are implemented on the network. Match each description with the protocol that it BEST fits. Missing Image
"Explanation: The protocols should be matched with the descriptions in the following manner: SSH - A protocol that uses a secure channel to connect a server and a client SSL - A protocol that secures messages between the Application and Transport layer SCP - A protocol that allows files to be copied over a secure connection ICMP - A protocol used to test and report on path information between network devices"
"You are configuring a wireless access point in the network shown in the following exhibit: The access point must use the most secure encryption method with RADIUS. You need to configure the Security section of the access point. Match the options on the left with the settings given on the right. Not all options will be used. Missing Image"
"Explanation: The wireless access point settings should be matched in the following manner: Security Mode - WPA2 Enterprise Encryption - AES RADIUS Server - 192.168.0.4 RADIUS Port - 1812 WPA2-Enterprise is the strongest security mode. The AES encryption standard is stronger than the TKIP encryption protocol. AES is a symmetric-key standard, formerly called Rijndael, based on CCMP encryption. TKIP is the default standard used with the WPA security mode. The AAA server is the Remote Authentication Dial In User Service (RADIUS) server, so you should use its IP address and port for the RADIUS server configuration. You should not use any MAC addresses in the security configuration. MAC addresses are used to configure MAC filtering.
"You must deploy the appropriate hardware to satisfy the needs of an organization. The organization has a DMZ that must be fully protected from the Internet. The internal network must have an additional layer of security from the DMZ. The internal network contains two subnets (Subnet A and Subnet B) and two VLANs (named Research and Development). You need to deploy a total of four hardware devices. Drag the appropriate device to one of the four locations on the network exhibit. All four locations require a device.
"Explanation: You should deploy two firewalls, one router, and one switch in the network, as shown below: To protect the DMZ, you need to place a firewall between the DMZ and Internet. To protect the internal network, you need to place a firewall between the DMZ and internal network. The router needs to be placed so that it manages the two subnets and is connected to the switch. The switch must be deployed so that it connects to the two VLANs and the router.
"Your network is configured as shown in the following exhibit: You need to configure the firewall to meet the following requirements: The Research computer should only be allowed to connect to the file server using SCP. The Sales computer should only be allowed to connect to the Web server using HTTPS. No other connections from the server network to the DMZ should be allowed. Move the firewall rules in the list from the left column to the right column, and place them in the correct order, starting with the first item at the top. All firewall rules may or may not be used.
"Explanation: You should implement the following firewall rules: Source: 192.168.0.2 - Destination: 172.16.0.2 - Port: 22 - TCP - Allow Source: 192.168.0.3 - Destination: 172.16.0.3 - Port: 443 - TCP - Allow Source: 192.168.0.0/16 - Destination: 172.16.0.0/12 - Port: Any - TCP/UDP - Deny The Research computer at 192.168.0.2 can only connect to the file server if they are using the secure copy protocol (SCP). Because SCP operates over a secure shell (SSH) connection, it utilizes the same port as SSH, which is TCP port 22. Therefore, you should configure an Allow rule for the Research source with a destination of 172.16.0.2 over TCP port 22. TCP port 22 also handles secure file transfer protocol (SFTP) traffic and secure logins. UDP port 69 handles trivial file transfer protocol (TFTP). The Sales computer at 192.168.0.3 should only be allowed to connect to the Web server using HTTPS, which operates over TCP port 443. Therefore, you should configure an Allow rule for the source 192.168.0.3 and destination 172.16.0.3 on TCP port 443. No other connections from the server network to the DMZ should be allowed. Therefore, you should configure a Deny rule from the server network, which is 192.168.0.0/16, to the DMZ network at 172.16.0.0/12. TCP and UDP traffic should be denied on all (""any"") ports. TCP port 21 handles file transfer protocol (FTP) traffic. TCP port 80 handles hypertext transfer protocol (HTTP) traffic. Allowing traffic on these ports will not meet the scenario requirements. The first two rules can be configured in any order as long as both of them appear before the third rule. The Deny rule should be configured last to ensure that any of the allowed connections are not denied by the Deny rule."
"Which type of firewall is most detrimental to network performance? A. stateful firewall B. circuit-level proxy firewall C. packet-filtering firewall D. application-level proxy firewall
Answer: application-level proxy firewall Explanation: An application-level proxy firewall is most detrimental to network performance because it requires more processing per packet.
"You have been hired by a law firm to create a demilitarized zone (DMZ) on their network. Which network device should you use to create this type of network? A. a bridge B. a firewall C. a hub d. a route
Answer: a firewall Explanation: An administrator can install a firewall on a network to create a demilitarized zone (DMZ). A DMZ separates a public network from a private network. A DMZ can be implemented with one firewall that is connected to the DMZ segment, the private network, and the Internet. A DMZ can also be implemented with two firewalls. In this configuration, one firewall is connected to a private network and a DMZ segment, and the other firewall is connected to the Internet and the DMZ segment.