Intrusion Detection Final
Which OSI model layer deals with frames? Application Layer Network Layer Data Link Layer Physical Layer
Data Link Layer
What prevents firewall filtering? Authentication Session length Encryption Remote access
Encryption
Basic packet filtering uses a complex, dynamic rule set. True False
False
Juan is a network engineer. His manager has tasked him with gathering concrete metrics on network security and operations. Juan selects the most popular performance metrics methodology. What is it? Data analytics A bandwidth utilization tool Advanced Encryption Standard (AES) Information Technology Infrastructure Library (ITIL)
Information Technology Infrastructure Library (ITIL)
Which of the following network zones has the lowest risk and the highest trust? Private network Demilitarized zone (DMZ) Extranet Internet
Private network
Logan is a network administrator. He is considering a firewall purchase for a branch office being built by his company. Above all other considerations, the design requires a device capable of a high degree of imposing user access restrictions. What is this called? Audit capacities Authentication Privilege control Security assurance
Privilege control
Which type of hacker is a criminal whose career objective is to compromise IT infrastructures? Opportunistic Professional Recreational Script kiddie
Professional
The IT department of a company has just rolled out a virtual private network (VPN) solution that offers greater flexibility, delegation of management, and added security over the previous implementation. What is this solution called? Desktop virtualization Operating system virtualization Small office/home office (SOHO) virtualization Secure Sockets Layer (SSL) virtualization
Secure Sockets Layer (SSL) virtualization
In deploying security for a network, which method is no longer seen as truly secure or sufficient for protecting logins? Filtered network connectivity Hard drive encryption Multifactor authentication Single-factor authentication
Single-factor authentication
Kasim is a network technician. He is tasked with deploying a virtual private network (VPN) in his company's IT infrastructure. He wants to place the VPN device where it is directly connected to both the Internet and the internal LAN. He believes that security will not be a concern because the VPN is already encrypted point-to-point. Which of the following statements is TRUE about this configuration? A VPN has a built-in firewall and is therefore protected from Internet threats. This configuration could leave the VPN device vulnerable to social engineering. The VPN device itself is still capable of being attacked. Without a firewall, an employee on the internal LAN could use the VPN to make an insecure connection to a remote host.
The VPN device itself is still capable of being attacked.
Which of the following statements is TRUE of connections between a corporate local area network (LAN) and a remote client, such as a remote worker? The corporate LAN connection is usually a temporary or nondedicated connection to the Internet. The remote client connection is usually a dedicated link to the Internet. The corporate LAN connection is always a circuit employing Multi-Protocol Label Switching (MPLS). The remote client can have either a dedicated or a nondedicated connection to the Internet.
The remote client can have either a dedicated or a nondedicated connection to the Internet.
What is a common security mistake made by both end users and experts? Allowing new systems to go online before they are hardened and tested Failing to keep patches current Failing to change the default password on a hardware firewall Using the same password on multiple systems
Using the same password on multiple systems
The chief information officer (CIO) is negotiating lease prices with several telecommunications providers. She wants a service that offers circuits that will link to various physical buildings and branches, including a connection to the physical demarcation point. For what network infrastructure will this service be used? Small office/home office (SOHO) Local area network (LAN) Wide area network (WAN) Workgroup
Wide area network (WAN)
Which of the following can affect the confidentiality of documents stored on a server? A distributed denial of service (DDoS) attack Information about the server being accessed A server breach A denial of service (DoS) attack
A server breach
Fumiko is a network technician. She is configuring rules on one of her company's externally facing firewalls. Her network has a host address range of 192.168.42.140-190. She wants to allow all hosts access to a certain port except for hosts 188, 189, and 190. What rule or rules must she write? A single rule allowing hosts 140-187 is all that is necessary; the default-deny rule takes care of blocking the remaining nonincluded hosts. Multiple rules are necessary for this configuration; one or more rules must define Deny exceptions for 188, 189, and 190, followed by the Allow rule for the 140-190 range. A Deny rule is needed for 188, 189, and 190, and then exception rules for the 140-187 range. The default Deny all rule needs to be placed first in the list, and then an exception rule for the 140-187 range.
A single rule allowing hosts 140-187 is all that is necessary; the default-deny rule takes care of blocking the remaining nonincluded hosts.
Maria is a network engineer assigned to select a new virtual private network (VPN) solution for her company. She is weighing the benefits of commercial versus open-source VPNs. Which of the following is a benefit of open-source platforms? Access to Internet-based support Available hardware maintenance Vendor support Ease of installation and management
Access to Internet-based support
What is an encryption standard that was designed to scale upward with longer keys? Advanced Encryption Standard (AES) Triple Data Encryption Standard (3DES) Data Encryption Standard (DES) IP Multimedia Subsystem (IMS)
Advanced Encryption Standard (AES)
The IT security officer for a large company has spent the past year upgrading security for the corporate network. Employees working from home have personal firewalls running on their computers. They use a virtual private network (VPN) to connect to the corporate network. The corporate network utilizes the latest devices and techniques, including an intrusion detection system/intrusion prevention system (IDS/IPS), anti-malware protection, and firewalls. What security threat most likely still needs to be addressed? Weak remote access security An internal threat, such as a disgruntled employee or contractor A distributed denial of service (DDoS) attack during a network maintenance cycle An unpatched web server
An internal threat, such as a disgruntled employee or contractor
Although it is not recommended, a company chief information officer (CIO) wants to configure and use the ff02::1 group on his new IPv6 network to send traffic to every node in the infrastructure. What group must he enable? Anycast Multicast Multicast to the all-nodes group Unicast
Anycast
Which of the following can perform authentication to provide integrity protection for the outermost IP header? Layer 2 Forwarding (L2F) Internet Key Exchange (IKE) Authentication Header (AH) Encapsulating Security Payload (ESP)
Authentication Header (AH)
Before an Internet user can access a demilitarized zone (DMZ), extranet, or private network resource, it first encounters an entity that is sturdy enough to withstand any sort of attack. What is this entity called? Bastion host operating system General operating system Hardware firewall Software firewall
Bastion host operating system
Chris is a network engineer deploying a virtual private network (VPN) solution. He needs an implementation of Secure Sockets Layer/Transport Layer Security (SSL/TLS) that adds a layer of authentication to the access. What feature does he require? Advanced Encryption Standard (AES) Correct Answer Bidirectional authentication Identity services One-way authentication
Bidirectional authentication
Isaac is designing a network infrastructure as a class project. He determines that one device he requires must have the capacity to act as a repeater, operate at the Data Link Layer of the OSI model, be able to filter packets based on their MAC address, and allow communication between two local area networks (LANs). Which device will fulfill these specifications? Active hub Bridge Router Switch
Bridge
Jiang is a network technician. He is programming a web server to provide clients with dynamically produced web content in real time based on several attributes that the connecting user enters. This includes any forms the user may fill out. Martha is the cybersecurity chief. She says that the technology Jiang is using could expose sensitive customer data to hackers if it were ever accessed. What web server technology is Jiang using? Common Gateway Interface (CGI) Hypertext Transfer Protocol Secure (HTTPS) Network News Transfer Protocol (NNTP) Kernel panics
Common Gateway Interface (CGI)
Tonya is redesigning her company's network infrastructure to accommodate rapid growth. Several departments are highly specialized. Tonya needs to allow Network News Transfer Protocol (NNTP) on some, but not all, subnets. Her budget is limited. Which of the following is the best solution? Install firewalls at the demilitarized zone (DMZ) to filter packets by protocol, port, and destination subnet, and then perform port forwarding. Install firewalls at each network segment with rules to filter specific traffic for each one as required. Configure existing routers to filter NNTP packets. Configure the native firewall on each workstation to filter traffic based on the requirements for the subnet they're on.
Configure existing routers to filter NNTP packets.
Hyon is a network consultant. She was hired by a client company to examine the effectiveness of its IT infrastructure. She discovers that the company's Internet-facing firewall is not capable of automatically handling and adjusting for random source ports when a session is being established to its web and gaming servers. How should she correct this? Allow all source ports above 1023 Create a custom rule to manage random source ports Deny all source ports above 1023 Enable port forwarding
Create a custom rule to manage random source ports
Which of the following is one of the most common and easily exploited vulnerabilities on any hardware network device? Default password Application conflicts Malware Undistributed authentication credentials
Default password
The network engineer of a mid-size company needs to have all servers, network printers, and other online resources possess the same IPv4 address over time. The engineer does not want to perform manual address assignments on all of these resources. Additionally, she wants to prevent any rogue device from having an IPv4 address dynamically assigned just by making the request. What is her solution? Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) reservation Static addressing of the most vital network resources Using static addressing and a hardware firewall
Dynamic Host Configuration Protocol (DHCP) reservation
______ is commonly exploited by many hackers because most enterprise web traffic is _________. Authentication; authenticated Encryption; encrypted Fragmentation; fragmented Encryption; tunneled
Encryption; encrypted
During which step of firewall incident response is the compromise resolved? Detection Containment Correct! Eradication Follow-up
Eradication
Which of the following statements is TRUE of encryption? A 64-bit encryption is currently the minimum length that is considered strong. A 128-bit key encryption creates a keyspace exactly twice as long as 64-bit key encryption. Every time an additional bit is added to a key length, it doubles the size of the possible keyspace. The algorithms involved are very complex and only privately known.
Every time an additional bit is added to a key length, it doubles the size of the possible keyspace.
Which of the following is a security state that reverts to a state of being unavailable or locked? Fail-secure Fail-open Fail-close Fail-restrict
Fail-close
A backdoor acts like a device driver, positioning itself between the kernel (the core program of an operating system) and the hardware. True False
False
A virtual private network (VPN) replaces a firewall. True False
False
A virtual private network (VPN) server for remote access must be located in the demilitarized zone (DMZ). True False
False
All firewalls provide network perimeter security. True False
False
All private key cryptography is asymmetric, but some asymmetric algorithms are not private key algorithms. True False
False
Allow by default/deny by exception is always the preferred security stance. True False
False
An intrusion detection system (IDS) false positive occurs when the IDS fails to detect an attack. True False
False
Bump-in-the-wire is a software firewall implementation. True False
False
Cross-site scripting (XSS) grants a hacker access to a back-end database. True False
False
Firewalking is a technique to learn the configuration of a firewall from the inside. True False
False
Hypertext Transfer Protocol Secure (HTTPS) does NOT encrypt private transactions made over the Internet. True False
False
In terms of networking, permission is the abilities granted on the network. True False
False
Integrity is the protection against unauthorized access, while providing authorized users access to resources without obstruction. True False
False
Open-source virtual private network (VPN) solutions are usually less flexible than commercial solutions. True False
False
Physical damage is not related to denial of service. True False
False
Private IP addresses can communicate directly with Internet resources. True False
False
Prospective cost is money paid or an investment made in the past. True False
False
Ransomware is defined as unwanted and unrequested email. True False
False
Static IP addressing hands out IP addresses to hosts from a pool. True False
False
The HITECH Act expanded the scope of privacy and security protections available under the Sarbanes-Oxley (SOX) Act. True False
False
The Sarbanes-Oxley (SOX) Act was created to protect shareholders by requiring publicly traded companies to validate controls securing financial data. True False
False
The bus topology has an independent cable to each device on a network. True False
False
The less complex a solution, the more room there is for mistakes, bugs, flaws, or oversights by security administrators. True False
False
The sole use of ingress and egress filtering is to eliminate spoofing. True False
False
The source address and the port address of inbound firewall rules are often set to Deny, unless the rule is to apply to specific systems or ports. True False
False
Isabelle is the cybersecurity engineer for a medium-sized company. She is setting up a firewall for examining inbound network traffic for a variety of characteristics. While remote users working from home should be allowed access to network resources, malicious traffic should be blocked. To differentiate between the two, Isabelle is looking at factors such as whether the inbound traffic is a response to a previous request inside the network; whether it includes blocked domain names, IP addresses, and protocols; and whether it conforms to known malicious patterns or is otherwise abnormal. What is she setting up the firewall to practice? Access management Encryption Filtering Modeling
Filtering
Ambrose is testing his IT department's new firewall deployment. He is using a collection of applications that employ a brute-force technique to craft packets and other forms of input directed toward a target. What is this collection of tools called? Packet analyzer suite Fuzzing tools Fingerprinting tools Password cracking tools
Fuzzing tools
Which of the following is a European Union (EU) regulation that protects citizens' privacy and information? General Data Protection Regulation (GDRP) Sarbanes-Oxley (SOX) Act Payment Card Industry Data Security Standard (PCI DSS) HITECH Act
General Data Protection Regulation (GDRP)
Which of the following is BEST described as processes and procedures intended to help ensure that employees will follow security policies? Access controls Compliance Governance Integrity
Governance
In balancing competing concerns while deploying a personal virtual private network (VPN) solution, Yee values his privacy more than his anonymity. Which is he most concerned about? Having information about his network exposed Passing his username and password Revealing his credit card number Unencrypted traffic
Having information about his network exposed
Tonya is an accountant working from home. She connects to her office each day over a virtual private network (VPN). The IT department for her company has deployed a VPN appliance to assist employees such as Tonya in performing their tasks remotely. What solution does Tonya use to access her files on the company's accounting server? Do it yourself (DIY) Demilitarized zone (DMZ) Gateway-to-gateway Host-to-gateway
Host-to-gateway
Hacker tunneling uses two techniques. The first is to install a server component on an internal system and then have an external client make a connection. What is the second? Install a server component on an external system and then use an internal client to make the connection. Install a server component on an internal system and then have an internal client make the connection. Install a client component on an internal system and then have an external system make the connection. Install a client component on an external system and then have another external system make the connection.
Install a server component on an external system and then use an internal client to make the connection.
Nicolau is a network engineer for a large online retailer. He is concerned about the security of his company's network connections to its customers, vendors, and partners. Although all of these sources are generally trusted, he knows they can be hacked by malicious parties and used to steal confidential company data. Which network-based solution should he choose to detect unauthorized user activity and attacks that is also capable of taking action to prevent a breach? Router anti-tampering Intrusion detection system/intrusion prevention system (IDS/IPS) Firewall Data encryption
Intrusion detection system/intrusion prevention system (IDS/IPS)
Tomika is a network architect. A coworker is helping to design a more secure placement of the company's virtual private network (VPN) device. The coworker suggests that the device be placed between the Internet-facing firewall and the internal network. What is Tomika's opinion of this deployment strategy? It is a highly secure deployment and the plan should be proposed to the chief technology officer (CTO). It is somewhat secure but does not address possible security issues involving untrustworthy VPN connections. Along with the firewall, an intrusion detection system/intrusion prevention system (IDS/IPS) solution should be placed between the firewall and the VPN device. Although the firewall adds more security, it will slow down traffic to the VPN device.
It is somewhat secure but does not address possible security issues involving untrustworthy VPN connections.
In theory, a hacker with a small but powerful directional antenna could access a wireless network from more than one mile away. In a real-world situation, what is the more likely range involved? More than 5,500 feet More than 3,000 feet Less than 2,000 feet Less than 1,000 feet
Less than 1,000 feet
Which type of boundary network creates a series of subnets separated by firewalls? Demilitarized zone (DMZ) Extranet Intranet N-tier
N-tier
Which of the following is a malicious remote control tool? NetBus Netcat Tor Cryptcat
NetBus
A malicious person is attempting to subvert a company's virtual private network (VPN). She is using a tool that creates TCP and UDP network connections that can link to or from any port. What is this tool? Back Orifice Cryptcat NetBus Netcat
Netcat
Which of the following is considered a node? Keyboard Network cable Patch panel Networked printer
Networked printer
What is a mathematical operation that is easily performed but that is highly unlikely to reverse in a reasonable amount of time? Dead-end function One-way function Digital key function Key exchange function
One-way function
Which of the following best describes a technology with the least inherent security risks and is less likely to reveal information a user did NOT intend to share? File sharing Onion routing Peer-to-peer (P2P) Print sharing
Onion routing
A malicious person is performing a technique called anti-forensics on a target network to hide evidence of an intrusion and conceal implanted rootkits and other malware. What is one action that might be taken when this method is used? Analyzing network traffic crossing a firewall Capturing packets and writing them to storage for analysis in batch mode Overwriting metadata Recording events to discover a problem incident
Overwriting metadata
A firewall is a filtering device that watches for traffic that fails to comply with rules defined by the firewall administrator. What does the firewall inspect? Packet header Packet trailer Packet encryption Packet latency
Packet header
Mei is a new network technician for a mid-sized company. She is trying to determine what is causing a performance lag on the infrastructure's virtual private network (VPN). The lags typically occur between 8 a.m. and 9 a.m., and again between 1 p.m. and 2 p.m. What is the most likely cause? Bandwidth Client configuration Encryption Peak usage loads
Peak usage loads
Shoshana is a network technician for a mid-sized organization. She is configuring firewall rules. She is in a firewall's graphical interface and sets a rule as TCP, 192.168.42.0/24, ANY, ANY, 443, Allow. In what order is this rule organizing protocols, source addresses, source and target ports, and actions? Protocol, source address, source port, target address, target port, action Action, target port, target address, source port, source address, protocol Source port, source address, protocol, target port, target address, action Target port, source address, source port, target address, protocol, action
Protocol, source address, source port, target address, target port, action
Which of the following records every connection outside the network on the Internet by IP address and URL requested? Access server Mail server Proxy server Web server
Proxy server
Opal is the chief technology officer for her company. She is working with the legal department to acquire virtual private network (VPN) service through a cloud provider. She wants the contract to address failover specifically. What is she most likely concerned about? Authentication Redundancy Security Privacy
Redundancy
Remote Desktop Connection (RDC) is a built-in application that uses what proprietary protocol? Internet Key Exchange v2 (IKEv2) Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) Remote Desktop Protocol (RDP)
Remote Desktop Protocol (RDP)
Otto is one of many employees working from home. Because his home is located in a rural area, the only form of connectivity available is dial-up. To connect to his office located in an urban community, what must the IT department set up? Cable DSL Remote access server (RAS) Virtual private network (VPN) server
Remote access server (RAS)
The chief information officer (CIO) is working with the chief financial officer (CFO) on next year's budget for new networking equipment. The CIO is explaining that lowest-cost equipment is not the sole deciding factor. The hardware must conform to high security standards to prevent a malicious person from hacking into the network and accessing valuable company data. Which of the following considerations does not specifically require a hacker to have physical access to the equipment? Portability Remote connection Removable case Reset button
Remote connection
Sebastian is the HR department's trainer. He is developing various materials to teach the fundamentals of using a virtual private network (VPN) to a variety of audiences, from the president and vice presidents of the corporation to newly hired mid-level managers and entry-level employees. After implementing his training program some weeks ago, he began getting calls from the IT help desk stating that users are contacting them with troubleshooting issues for their VPN sessions. The help desk technicians do not know how to respond. What is the most likely problem? Sebastian forgot to add basic troubleshooting to his end-user training. Sebastian neglected to direct the end users to consult their training manual first before contacting the help desk. Sebastian neglected to train IT personnel on troubleshooting remote connections. Sebastian did not make recordings of his training sessions available on the company intranet so end users could get a refresher if needed.
Sebastian neglected to train IT personnel on troubleshooting remote connections.
Which of the following is a protocol that replaces the use of telnet and rlogin to log in to a shell on a remote host? Authentication Header (AH) Encapsulating Security Payload (ESP) Layer 2 Tunneling Protocol (L2TP) Secure Shell (SSH)
Secure Shell (SSH)
Isabella is a network administrator. She is researching virtual private network (VPN) options for company employees who work from home. The solution must provide encryption over public networks, including the Internet; not rely upon pathways the company owns; be reliable; and not be subject to eavesdropping. It must also be cost-effective. Which solution does she choose? Channeled VPN Hybrid VPN Secured VPN Trusted VPN
Secured VPN
The combination of certain techniques allows for relevant information collected by this solution from multiple systems and processes to be aggregated and analyzed for use in decision making. What is the name of this solution? Knowledge-based detection Security information and event management (SIEM) Security information management (SIM) Write-once read-many (WORM)
Security information and event management (SIEM)
Demetrice is a network consultant. She has been hired to design security for a network that hosts 25 employees, many of whom need remote access. The client recently opened another small office in a neighboring community and wants to be able to routinely establish secure network connections between the two locations. The client often deals with customer bank information and requires a particularly secure solution. What is her response to these requirements? Intrusion detection system/intrusion prevention system (IDS/IPS) with Remote Desktop Connection support Snort intrusion detection system (IDS) Small office/home office (SOHO) virtual private network (VPN) Web proxy with content filtering and network address translation (NAT) mapping
Small office/home office (SOHO) virtual private network (VPN)
Susan is a network professional at a mid-sized company. Her supervisor has assigned her the task of designing a virtual private network (VPN) implementation. Susan has set up strong authentication and encryption in a test environment, and the VPN appliance is directly facing the Internet. When her work is evaluated, what does her supervisor immediately notice? The VPN device is not protected by a firewall. The VPN device is only protected by Internet Protocol Security (IPSec) when Susan should have used Secure Sockets Layer (SSL)/Transport Layer Security (TLS). The VPN device is configured with a password that can be cracked by a dictionary attack. The VPN device has no open ports to allow external connections by employees.
The VPN device is not protected by a firewall.
Susan is a mid-level executive at her corporation who works remotely. Today, she worked from a restaurant using her company-issued laptop and connected to the Internet using the restaurant's free Wi-Fi. Once she made a connection, she authenticated to her virtual private network (VPN) client that links to her office network over a private, secure tunnel. While working, she contacted Lelah, who works in IT. She casually mentioned where she is working. How did Lelah respond? As long as Susan connected to the work network via VPN, security is not a problem. Because Susan used a publicly accessible Wi-Fi link, her connection is no longer secure. If Susan plans on working while using a publicly accessible Wi-Fi link in the future, IT will have to add additional security features to her laptop. The data on the laptop may have been vulnerable in the time between when the laptop's wireless network interface connected to the Wi-Fi access point and when Susan enabled the VPN connection.
The data on the laptop may have been vulnerable in the time between when the laptop's wireless network interface connected to the Wi-Fi access point and when Susan enabled the VPN connection.
A Media Access Control (MAC) address is the 48-bit physical hardware address of a network interface card (NIC) assigned by the manufacturer. True False
True
A VPN creates or simulates a network connection over an intermediary network. True False
True
A best practice for cloud deployments is to audit the vendor(s) to ensure that your data is consistently kept secure. True False
True
A hacker tunneling set up using an inbound connection must "hijack" an existing open port or reconfigure the firewall to open another port for use by the tunnel. True False
True
A hardware firewall is a dedicated hardware device specifically built and hardened to support the functions of firewall software. True False
True
A host virtual private network (VPN) software product allows a single host access to VPN services, while a VPN appliance allows an entire network to access VPN services. True False
True
A host-to-host virtual private network (VPN) is a direct VPN connection between one host and another. True False
True
A hybrid firewall combines several different functions in a single appliance. True False
True
A remote access link enables access to network resources using a wide area network (WAN) link to connect to the geographically distant network. True False
True
A simulated firewall test uses an attack simulator to transmit attack packets to a firewall. True False
True
A small office/home office (SOHO) environment can be a workgroup or a client/server network. True False
True
A virtual private network (VPN) can operate securely over the Internet and still provide high levels of security through encryption. True False
True
A virtual private network (VPN) implementation best practice is to protect the VPN server behind a firewall. True False
True
A virtual private network (VPN) policy helps to ensure that users understand the requirements for computing on a VPN. True False
True
A virtual private network (VPN) policy should be a part of an overall IT security policy framework to avoid duplicate or conflicting information. True False
True
A virtual private network (VPN) set up in a demilitarized zone (DMZ) has a firewall in front and behind it. True False
True
A web server between two firewalls is considered to be in a demilitarized zone (DMZ). True False
True
A wireless network topology uses some wire. True False
True
After installing a firewall, you should always install every available patch and update from the vendor. True False
True
All the rules on a firewall are exceptions. True False
True
An SSL/TLS-based virtual private network (VPN) enables remote access connectivity from almost any Internet-enabled location using a web browser. True False
True
An active threat is one that takes some type of initiative to seek out a target to compromise. True False
True
An intranet virtual private network (VPN) connects two or more internal networks. True False
True
An intrusion prevention system (IPS) does not replace an intrusion detection system (IDS). True False
True
Attackers often use open-source security tools to attack networks. True False
True
Authentication Header (AH) provides integrity protection for packet headers and data, as well as user authentication. True False
True
Authentication is the verification or proof of someone's or something's identity. True False
True
Authorization is also known as access control. True False
True
Banner grabbing is the activity of probing services running behind an open port to obtain information. True False
True
Breaches are confirmed during the detection and analysis phase of incident response. True False
True
Caching is a data storage mechanism that keeps a local copy of content that is fairly static in nature. True False
True
Content filtering can focus on domain name, URL, filename, file extension, or keywords in the content of a packet. True False
True
Depending on the location of a virtual private network's (VPN's) endpoints, the topology may affect performance. True False
True
Detection involves watching for attempts to breach security and being able to respond promptly. True False
True
Determining who or what is trustworthy on a network is an ongoing activity. True False
True
Fragmentation attacks involve an abuse of the fragmentation offset feature of IP packets. True False
True
Governance is generally used to demonstrate to management, customers, and auditors that your information security program is operating as outlined in your policies, procedures, and practices. True False
True
Hacker tunneling is the creation of a communication channel similar to the creation of a virtual private network (VPN). True False
True
Hackers can deposit software keystroke loggers onto a victim's system through a worm or a Trojan horse. True False
True
Hardening is the process of securing or locking down a host against threats and attacks. True False
True
In symmetric cryptography, the same key must be used to encrypt and decrypt data. True False
True
Malware is a vulnerability of a software virtual private network (VPN). True False
True
One contingency for growth is to build additional capacity into the current infrastructure. True False
True
Prevention is the use of safeguards to thwart exploitation or compromise. True False
True
RD RemoteApp is a Microsoft solution that runs on a Microsoft Remote Desktop Services (RDS) server but appears to end users as if it were actually running on their systems. True False
True
RD Web Access is a Microsoft Remote Desktop Services (RDS) server role that allows desktops and RD RemoteApp applications to launch from a web browser. True False
True
RFC 1918 addresses are for use only in private networks. True False
True
Redundancy is the act of avoiding single points of failure. True False
True
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft. True False
True
Split tunneling is a configuration setting that allows simultaneous access to both an untrusted network and a secured virtual private network (VPN) network connection. True False
True
Split tunneling potentially opens a door into the network that you cannot control. True False
True
The Internet Assigned Numbers Authority (IANA) is responsible for global coordination of IP addressing. True False
True
The Safeguards Rule within the Gramm-Leach-Bliley Act (GLBA) requires financial institutions to develop and comply with a comprehensive information security policy that includes safeguards for the handling of sensitive customer information. True False
True
The User Domain of an IT infrastructure refers to actual users, whether they are employees, consultants, contractors, or other third-party users. True False
True
The WAN Domain of an IT infrastructure includes networks owned by a telco or a carrier network company that leases access to corporations. True False
True
The higher the encryption level of a virtual private network (VPN) connection, the greater the impact on the memory and processor of the endpoint devices. True False
True
The longer the time span between a malicious action and an authoritative response, the greater the likelihood the perpetrator will get away without consequence. True False
True
The performance characteristics associated with an Internet Protocol Security (IPSec) virtual private network (VPN) can be very different from a Secure Sockets Layer (SSL) VPN implementation. True False
True
The pfSense firewall requires the host to have at least two network interface controllers (NICs). True False
True
The purpose of compartmentalization is to create small collectives of systems that support work tasks while minimizing risk. True False
True
The source address and the port address of outbound firewall rules are often set as ANY, unless the rule is to apply to specific systems or ports. True False
True
Wired topologies have a physical wire between devices, allowing for communication among those devices. True False
True
With a cloud-based firewall, the firewall functions are performed in the cloud. True False
True
With diversity of defense, most layers use a different security mechanism. True False
True
With single sign-on (SSO), users need to log on to the network only once during a session. True False
True
Which of the following is described as "confidence in your expectation that others will act in your best interest"? Security Threat Trust Permission
Trust
Carl is a networking student who is reading about methods of encryption and how they work with firewalls. Right now, he is studying a form of encryption that encrypts the entire original payload and header of a packet. However, because the header contains only information about endpoints, it is not useful for a firewall filtering malicious traffic. Which of the following is the encryption method being described? Secure Shell (SSH) Transport mode Tunnel mode 801.x
Tunnel mode
You are a network professional. You want to overcome the security shortcomings of the Domain Name System (DNS). Of the following, what is one of those shortcomings? Use of Microsoft Active Directory Use of an intrusion detection system (IDS) A fully qualified domain name (FQDN) vulnerability Use of a plaintext communication
Use of a plaintext communication
The network infrastructure supervisor is designing a firewall placement strategy that will protect the organization's Internet-facing web and email servers and the internal network. Which design will provide the best protection? Placing the firewall between the Internet and a single network hosting both the servers and the internal network, using port forwarding to direct traffic to the servers Placing the web and email servers, configured with the latest patches and anti-malware applications, on the Internet in front of the firewall, while placing the internal network behind the firewall Using an intrusion detection system/intrusion prevention system (IDS/IPS) with edge and web servers facing the Internet, and placing the firewall behind them but ahead of the internal network Using two firewalls to create a demilitarized zone (DMZ); one firewall is placed between the Internet and the servers, the other firewall is located behind the first firewall and the servers protecting the internal network
Using two firewalls to create a demilitarized zone (DMZ); one firewall is placed between the Internet and the servers, the other firewall is located behind the first firewall and the servers protecting the internal network
Maria is the technician on call for her company's IT department. Over the weekend she discovers a breach in the primary firewall. She is restraining further escalation of the issue, an action that is referred to as: containment. detection. eradication. recovery.
containment.
An exploit called "overlapping" can cause the full or partial overwriting of datagram components, creating new datagrams out of parts of previous datagrams. An overrun attack can create excessively large datagrams and, with other types of fragmentation attacks, can result in: denial of service. file server crashing. packet overflow. payload override.
denial of service.
A filter pathway is designed to: make it hard to bypass a network filtering system and force all traffic through one route. use port forwarding to channel all network traffic into a single firewall. offer multiple subnets sitting behind a single software firewall. use a reverse proxy between a firewall and the internal local area network (LAN).
make it hard to bypass a network filtering system and force all traffic through one route.
The configuration, location, software version, and underlying operating system of a virtual private network (VPN) are all factors that are most likely to affect: bandwidth. tunneling. Encryption. stability.
stability.
Thirty years ago, a major corporation purchased and still owns IP addresses within the IPv4 Class A range. The corporation uses these addresses to connect to the Internet. To which IPv4 address range do they belong? 1.0.0.1 to 126.255.255.254 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255
1.0.0.1 to 126.255.255.254
A company uses an Internet Protocol Security (IPSec) virtual private network (VPN) solution. It allows remote users to connect to the main office and allows communication between the main office and branch offices securely over the Internet. The main office network uses network address translation (NAT) with an internal IP address range of 192.168.0.1 to 192.168.0.254. Which of the following ranges must remote offices and users NOT use on their internal networks? 10.1.0.x 172.16.1.x 192.168.0.x 192.168.1.x
192.168.0.x
While the design of a hardware firewall requires it to filter all inbound and outbound traffic, it can also act as a bottleneck for that traffic if the wire speed it filters at is too slow. For a 1 gigabits per second (Gbps) network, what filtering wire speed should the firewall possess? 1 Gbps or higher 1.5 Gbps or higher 2 Gbps or higher 2.5 Gbps or higher
2 Gbps or higher
Tonya is a student. She is working through a network addressing scheme example for a class. She has read that the 128-bit address 2001:0f58:0000:0000:0000:0000:1986:62af can be shortened but is trying to understand how. What is the correct solution? 2001:0f58:1986:62af 2001:0f58::1986:62af 2001:0f58:0:1986:62af 2001:0f58:0:0:0:0:1986:62af
2001:0f58::1986:62af
Cassie is an IT help desk representative. She just received a trouble ticket from a remote user stating they cannot connect to the company network over the virtual private network (VPN). Cassie begins troubleshooting the matter, checking on recent configuration changes to the VPN equipment, looking at the unit's logs for error messages, and so on. She has examined the VPN-related features and potential problems but still doesn't understand why the end user's connection failed. She has been assured that both the end user and the company have Internet connectivity. What is the most likely reason the user cannot connect? Patching for the VPN unit is out of date. The VPN's firmware needs to be flashed. A network engineer has inadvertently changed the IP address of the firewall's internal interface that connects to the VPN's outward-facing port. The end user's computer had a memory failure.
A network engineer has inadvertently changed the IP address of the firewall's internal interface that connects to the VPN's outward-facing port.
Elissa is a network technician. She is configuring firewall rules for one of her company's branch offices, which supports online retail sales of the company's products. She is configuring rules to block traffic based on a traditional model but needs to allow a particular type of traffic. What should she allow? All Internet Control Message Protocol (ICMP) traffic coming from the Internet Any traffic specifically directed to the firewall All traffic from port 80 originating from the office's web server, which is in a protected subnet Inbound Transmission Control Protocol (TCP) traffic on port 53 to external Domain Name System (DNS) zone transfer requests
All traffic from port 80 originating from the office's web server, which is in a protected subnet
Alphonse is a networking contractor who has been hired by a small to medium-sized company to configure its firewall. The firewall comes preconfigured with a common rule set that allows web, email, instant messaging, and file transfer traffic using default ports. The company wants to allow access to secure websites and common website protocols but block access to insecure Internet websites. Which of the following is the best solution? Allow access to HTTP, HTTPS, and SQL and Java, but deny access to TCP and UDP Allow access to HTTPS, SQL, and Java, but deny access to HTTP Deny access to HTTP, HTTPS, SQL, and Java, but allow access to TCP and UDP Allow access to SMTP, POP3, and HTTP, but deny access to HTTPS, SQL, and Java
Allow access to HTTPS, SQL, and Java, but deny access to HTTP
Bill is a network engineer. On Monday morning, he learns that the firewalls between network segments are not operating as expected. He checks the activity sheet for the on-call techs who worked the weekend and sees that one of them performed an unscheduled patch. Bill suspects the patch made modifications to the firewalls. Of the following choices, what is the BEST way to check this? Bill compares screenshots of the optimal firewall configuration against the current settings. Bill disables the antivirus server because he believes that software is conflicting with the new patch. Bill replaces the possibly compromised firewalls with known-good ones he keeps in storage. Bill asks the on-call tech to describe the firewall configuration before the patch was applied.
Bill compares screenshots of the optimal firewall configuration against the current settings.
You are setting up a small home network. You want all devices to communicate with each other. You assign IPv4 addresses between 192.168.0.1 and 192.168.0.6 to the devices. What processes must still be configured so that these nodes can communicate with the Internet? None. The IP address range is routable. Both network address translation (NAT) and port address translation (PAT) must be enabled to allow private network addresses to be translated to a random external port and public IP address. Each device must be assigned a public IP address for it to be routable on the Internet. The RFC 1918 addressing protocol must be enabled on the external router.
Both network address translation (NAT) and port address translation (PAT) must be enabled to allow private network addresses to be translated to a random external port and public IP address.
A bank's online infrastructure has been under attack by hackers. In addition to standard security methods, the bank's IT security manager has requested website code to be examined and modified, where necessary, to address possible arbitrary code execution. What will the code modifications prevent? Session hijacking Buffer overflows Spoofing attacks Man-in-the-middle attacks
Buffer overflows
In a tunneling attack, once the tunnel is open, what are the limitations? Data can move from outside the network to inside the network Data can move from inside the network to outside the network. Data can move in either direction. Data can move only if it is not encrypted.
Data can move in either direction.
Which term describes a technology that performs deep-content inspection within a scope defined by a central management console? IP Multimedia Subsystem (IMS) Information Technology Infrastructure Library (ITIL) Governance, risk, and compliance (GRC) Data leakage prevention (DLP)
Data leakage prevention (DLP)
________ is the concept that data is subject to the laws of a country in which it is stored, and is becoming a challenge for businesses as their operations move to the cloud. Governance, risk, and compliance The Internet of Things Data sovereignty Data leakage prevention
Data sovereignty
Which of the following is a firewall implementation best practice? A single firewall model should be used for all firewall placements. Different firewall products should be used depending on firewall placement, such as different products for border firewalls versus internal host firewalls. Firewalls should be placed within the demilitarized zone (DMZ) to protect server and internal networks separately. Host firewalls should be deployed as chokepoints.
Different firewall products should be used depending on firewall placement, such as different products for border firewalls versus internal host firewalls.
Khalilah is a network engineer. She is devising a plan to help her company's infrastructure transition from IPv4 to IPv6 addressing. She selects a solution where both IPv4 and IPv6 protocol stacks coexist in the same network equipment, allowing network communication using both protocols. Which solution did she choose? Dual-stack Internet Protocol Security (IPSec) Translation Tunneling
Dual-stack
Which of the following is a core Internet Protocol Security (IPSec) protocol that provides encryption only, both encryption and integrity protection, or integrity protection only in all but the oldest IPSec implementations? Authentication Header (AH) Encapsulating Security Payload (ESP) Internet Key Exchange (IKE) Transport Layer Security (TLS)
Encapsulating Security Payload (ESP)
Hajar is a new network administrator. She is inventorying firewalls in her company. She finds one that has a management interface lacking something and makes a note to replace it immediately. What critical security measure is the management interface missing? Command-line Encryption GUI Multifactor administration
Encryption
James is a network engineer. He has been assigned the responsibility of designing a virtual private network (VPN) solution that will allow customers, suppliers, and business partners access to network resources without exposing the secure private LAN. The parties accessing these resources must use digital certificates issues by a certification authority (CA). What form of VPN is he setting up? Demilitarized zone (DMZ) Extranet Intranet Wide area network (WAN)
Extranet
A small fire breaks out in the lunch room of a branch office and the fire alarms sound. The employees are directed to leave the building and assemble in the parking lot. What condition is required to enable them to cross restricted access areas that are normally locked? Fail-safe Fail-secure Fail-close Fail-open
Fail-open
A breach is any attempt to get past a network's defenses. True False
False
A good policy is to implement the first generation or first release of a firewall product. True False
False
A host software firewall should never be installed on a server if a dedicated firewall appliance is deployed on the same network. True False
False
A virtual private network (VPN) connection ensures quality of service. True False
False
In any organization, network administrators have the ultimate and final responsibility for security. True False
False
In intrusion detection, anomaly-based detection looks for differences from normal traffic based on a recording of real-world traffic that establishes a baseline. True False
False
In layered security strategy, the strengths and benefits of one countermeasure do not affect the other countermeasures. True False
False
Instability is not considered a potential threat associated with software virtual private networks (VPNs). True False
False
Microsoft RD Web Access connects remote clients to internal resources over a virtual private network (VPN) connection. True False
False
Netcat cannot be used to create covert channels to control a target system remotely. True False
False
One technique for hardening a system is to remove all protocols. True False
False
The weakest link security strategy gains protection by using abnormal configurations. True False
False
Virtual private networks (VPNs) over the Internet can experience latency but not fragmentation. True False
False
Whole hard drive encryption prevents anyone from accessing data on the drive. True False
False
pfSense can be installed on a local firewall only. True False
False
Jonathan is a network security specialist. He has developed several policies for his employer. One describes restrictions on transmitting clients' protected health information (PHI). Another policy addresses working with a third party to securely process a blood sample. Which law is he complying with? Family Educational Rights and Privacy Act (FERPA) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA) HITECH Act
Health Insurance Portability and Accountability Act (HIPAA)
Rachel is the cybersecurity engineer for a company that fulfills government contracts on Top Secret projects. She needs to find a way to send highly sensitive information by email in a way that won't arouse the suspicion of malicious parties. If she encrypts the emails, everyone will assume they contain confidential information. What is her solution? Hide messages in the company's logo within the email. Hide messages in the email's header information. Hide messages in the font of the email's text. Hide messages in the time index of the email.
Hide messages in the company's logo within the email.
Mohammad is presenting IPv6 cryptographic security features to his networking class. A student asks him to explain data origin authentication. How does he answer this question? It encrypts network traffic and cannot be deciphered without the appropriate encryption key. It uses a checksum that incorporates a shared encryption key so that the receiver can verify that the data was actually sent by the apparent sender. It involves a checksum that can be used by the receiver to verify that the packet wasn't modified in transit. It is a solution that creates a tunnel for traffic between two IPv6 hosts through an IPv4 network.
It uses a checksum that incorporates a shared encryption key so that the receiver can verify that the data was actually sent by the apparent sender.
Devaki is developing a backup and recovery strategy for the network and server system. She needs a way to address and quickly restore small events where a bit of data has accidentally been deleted, as well as to remedy situations where the entire facility is compromised. What is her plan? Use a single encrypted backup stored remotely for both events. Use a single local backup for both events. Keep a local backup for quick retrieval to deal with small events and an encrypted remotely stored copy for major incidents. Keep a local backup for large incidents and smaller encrypted copies stored remotely for less significant events.
Keep a local backup for quick retrieval to deal with small events and an encrypted remotely stored copy for major incidents.
Maria is a new network engineer for a company that was established more than 30 years ago. She is examining the IT infrastructure and discovers that the virtual private network (VPN) solution employs an older encryption protocol for backward compatibility. This protocol has largely been replaced, but it used to be popular in early VPN solutions. What is this protocol? Layer 2 Forwarding (L2F) Protocol Layer 2 Tunneling Protocol (L2TP) Transport Layer Security (TLS) Internet Protocol Security (IPSec)
Layer 2 Tunneling Protocol (L2TP)
The chief information officer (CIO) of a large company has been informed by the board of directors that their corporation is anticipating rapid growth over the next two years. She calculates the contingency of building additional capacity into the current network infrastructure. Based on the board's growth estimates, what percentage of additional capacity should she plan for? 10 percent 20 percent 30 percent More than 50 percent
More than 50 percent
An IT infrastructure manager is reviewing his company's computer assets, particularly the mean time to failure (MTTF) of the PC and server hard drives. The manufacturer of the hard drives typically used in the company states that the MTTF is approximately 11 years. Because servers and some high-priority workstations must operate continuously except for brief periods of maintenance, how many hours, on average, can these hard drives be expected to operate before failure? 25,000 to 50,000 hours 50,000 to 75,000 hours 75,000 to 90,000 hours More than 90,000 hours
More than 90,000 hours
Jahi is a security engineer for a U.S. Department of Defense contractor. He is implementing a more secure method for remote users to log into an internal system over a virtual private network (VPN). In addition to requiring a password, this method asks the user to enter a PIN texted to their mobile phone, and to use a fingerprint reader mounted to their company-issued laptop. Which method is Jahi deploying? Multifactor authentication Proximity authentication Two-factor authentication Single-factor authentication
Multifactor authentication
Which of the following can be described as putting each resource on a dedicated subnet behind a demilitarized zone (DMZ) and separating it from the internal local area network (LAN)? N-tier deployment Simplicity Single defense Virtual LAN (VLAN)
N-tier deployment
Marcus is studying networking with an emphasis on cybersecurity at a local university. As part of his research, he wants to visit certain hacker sites but is concerned that his laptop would be vulnerable to passive threats while visiting them. He doesn't have the funds for expensive security equipment. What is the least expensive option he has at hand? Active firewall Native firewall Passive firewall Secure firewall
Native firewall
Virtual private networks (VPNs) and which standard have historically suffered from conflicts when used together? Hypertext Transfer Protocol (HTTP) Point-to-Point Tunneling Protocol (PPTP) Layer 2 Forwarding (L2F) Protocol Network address translation (NAT)
Network address translation (NAT)
Protecting computers, hard disks, databases, and other computer equipment from unauthorized Internet access can be categorized as what kind of security area? Application security Hardware security Network security Transaction security
Network security
Jae is a network consultant hired by a small business client. He has been asked to recommend a firewall solution. Given the relatively small size of the infrastructure, he suggests a firewall that provides integrated intrusion detection system/intrusion prevention system (IDS/IPS) functionality because a single device offering multiple functions is cost- and space-effective. What is the solution? Commercial software firewall Appliance firewall Next-generation firewall (NGFW) Virtual firewall
Next-generation firewall (NGFW)
A first-year student in a computer networking class is studying different addressing types and attempting to identify them. Which of the following does she determine is a Media Access Control (MAC) address? 192.168.10.5 2001:0db8:85a3:0000:0000:8a2e:-370:7334 00-14-22-01-23-45 10.0.0.0/8
00-14-22-01-23-45
Agents, bots, and zombies are part of which type of attack? Denial of service (DoS) attack Distributed denial of service (DDoS) attack Domain Name System (DNS) poisoning Domain Name System (DNS) spoofing
Distributed denial of service (DDoS) attack
In which form of social engineering does the malicious person physically go through trash cans and other refuse looking for valuable information about a network such as IP addresses, usernames, and passwords? Dumpster diving Cold calling Tailgating Reconnaissance
Dumpster diving
A WAN is a network limited by geographic boundaries. True False
False
Malika is a network engineer who is configuring firewalls separating both the Accounting and HR departments from the rest of the business divisions on the local area network (LAN). She wants to allow only certain traffic into those subnets from both internal employees and those working from home. The traffic may include email, chat, and video conferencing. She wants to prevent access to the company intranets to protect confidential employee and financial data. How has she configured these firewalls? Blocker Examiner Filter Sieve
Filter
A malicious party has discovered the IP address of a host inside a network she wants to hack. She employs a form of port scanning, attempting to establish a connection with the host using multiple different ports. Which technique is she using? Buffer overflow Firewalking Fragmentation attack Zero-day exploit
Firewalking
To secure the System/Application Domain of an IT infrastructure, what is the primary focus? In a collection of servers and virtualized systems, defending both data and server computing power Protecting a system where the hacker does not have to be physically present to attack the network Defending against hackers targeting routers, circuits, switches, firewalls, and equivalent gear at remote locations Educating users about social engineering techniques, such as clever wording intimidation, to prevent loss of private information and reduction in network security
In a collection of servers and virtualized systems, defending both data and server computing power
Which Internet Protocol Security (IPSec) core component negotiates, creates, and manages security associations? Authentication Header (AH) Encapsulating Security Payload (ESP) Internet Key Exchange (IKE) Transport Layer Security (TLS)
Internet Key Exchange (IKE)
Which form of addressing uses 32 bits and subnetting, but suffers from a lack of integrated security? Internet Protocol version 4 (IPv4) Internet Protocol version 6 (IPv6) Media Access Control (MAC) Static
Internet Protocol version 4 (IPv4)
Which of the following best describes devices NOT traditionally thought of as networked, such as wearable activity trackers, thermostats, and building automation? Bring Your Own Device (BYOD) Internet of Things (IoT) Mobile devices Mobile Internet Protocol (IP) devices
Internet of Things (IoT)
Which of the following is a limitation of Internet Protocol Security (IPSec)? It is not reliable for network encryption. It does not encrypt data on client computers. It cannot be used to encrypt data packets. It is not used for virtual private networks (VPNs).
It does not encrypt data on client computers.
Which layer of the OSI model is the Data Link Layer? Layer 1 Layer 2 Layer 3 Layer 4
Layer 2
As part of the bring your own device (BYOD) program, the company CIO is encouraging employees to use their personal devices for business purposes. However, an attacker with the right kind of antenna can access the wireless network from a great distance, putting internal assets at risk. Of the following, what is the best solution? Turn off all wireless access Physically isolate wireless access from the wired network. Use a firewall on each device Use virtual private networking
Physically isolate wireless access from the wired network.
Leandro is writing a firewall policy. He needs to define which type of firewall he needs for each portion of the infrastructure based on differing areas of risk and trust. What are these areas called? Active Directory domains Bridges Security zones Virtual LANs (VLANs)
Security zones
A company has discovered that confidential business information has been repeatedly acquired by a competitor over the past six months. The IT security team has been unable to find the leaks. The team suspects a form of side-channel eavesdropping may be involved. What is the suspected hacking method? An employee has been paid to leak company secrets to the competitor. The competitor is using a phreaking attack. A zero-day exploit has breached a previously unknown vulnerability. The company's wireless network has been hacked.
The competitor is using a phreaking attack.
A guideline for firewall selection is to never skimp on throughput. True False
True
If a remote client needs to connect directly to a local area network (LAN), such as over a dial-up connection, a remote access server (RAS) is needed to host a modem to accept the connection. True False
True
In a full connection mesh topology, all devices on a network are connected to all other devices. True False
True
Internet Protocol Security (IPSec) has three major components: Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE). True False
True
It is often more difficult to preserve a user's privacy on the Internet than in the physical world. True False
True
One advantage of open-source applications and tools is the high level of innovation available in the open-source community. True False
True
Remote control is the ability to use a local computer system to remotely take control of another computer. True False
True
Remote control is the ability to use a local computer system to remotely take over control of another computer over a network connection. True False
True
Reverse proxy is a firewall service that allows external users access to internally hosted web resources. True False
True
Security systems configured by the same security administrator can potentially have the same misconfiguration or design weakness. True False
True
Some firewalls can be partitioned into multiple virtual firewalls, each with its own security policy, interfaces, and configuration. True False
True
Whereas honeypots can be single systems or multiple networked systems, a honeynet is a network of honeypots. True False
True
Whitelisting blocks the execution of any program not on the approved list. True False
True
Logical topologies are primarily about: arrangement. connections. gateways. peripherals.
connections.
Tonya is a network engineer. She is developing a new security policy for her company's IT infrastructure. She understands that the heart of performing a risk assessment, which is a necessary part of policy development, is understanding assets, likelihoods, threats, and _________. admission control. network access. restrictions. vulnerabilities.
vulnerabilities.
Alphonse is a network engineer who is developing his IT infrastructure's virtual private network (VPN) deployment plan. He has decided to place the VPN device between the externally facing and internally facing firewalls in the demilitarized zone (DMZ). He is determining the rule sets with which to configure both firewalls. His VPN device is a Secure Sockets Layer (SSL) VPN and he wants to use default settings. Which port should he allow the firewalls to pass traffic through? 115 194 443 500
443
Thuan is a new network engineer. He is increasing the security of end-user computers. Which of the following is a security feature every client computer needs? BYOD Clustering Password-protected screen saver RAID
Password-protected screen saver
Werner is a security manager for a health insurance company. He is examining the organization's compliance with patient privacy. While investigating how staff handle verbal and email communications, he discovers that some staff members are lax about how well they protect details that, when combined, might be used to reveal sensitive details about some customers. What is the focus of his concern? Authentication Domain Name System (DNS) Integrity Personally identifiable information (PII)
Personally identifiable information (PII)
Which of the following is a concern when considering the use of a demilitarized zone (DMZ) firewall solution to access high-value data on an internal network? Expense Poorly constructed firewall rules Encryption Virtual private network (VPN) server vulnerabilities
Poorly constructed firewall rules
A mid-sized company's IT security engineer is attempting to make it more difficult for the company's wireless network to be compromised. She is using techniques such as random challenge-response dialogue for authentication, timestamps on authentication exchanges, and one-time pad or session-based encryption. What form of wireless attack is she defending against? Eavesdropping Insertion Hijack Replay
Replay
Several times this week, the IT infrastructure chief of a small company has suspected that wireless communications sessions have been intercepted. After investigating, he believes some form of insertion attack is happening. He is considering encrypted communications and preconfigured network access as a defense. What type of insertion attack is suspected? Cross-site scripting (XSS) Intrusion detection system (IDS) insertion Rogue device insertion SQL insertion
Rogue device insertion
Tiffany is a network engineer for her company. To enhance the performance of the network, she uses a method that assigns incoming transactions as they arrive in sequence to each of the infrastructure's three firewalls. Transaction 1 goes to firewall 1, transaction 2 goes to firewall 3, transaction 3 to firewall 2, and so on. Which technique is Tiffany using? Caching Fair queuing Firewall rule ordering Round-robin
Round-robin
Which of the following provides the ability to present a unique virtual private network (VPN) configuration to each individual user group? Intrusion detection system (IDS) Intrusion prevention system (IPS) Internet Protocol Security (IPSec) Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)
Various virtual private network (VPN) encryption technologies offer access to almost any network application or resource. Which one offers additional features, such as easy connectivity from non-company-managed desktops, little or no desktop software maintenance, and user-customized web portals upon login? DirectAccess Internet Information Services (IIS) Internet Protocol Security (IPSec) Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
What is a virtual private network (VPN) protocol that requires public key infrastructure (PKI) support to obtain and use a certificate? Internet Key Exchange v2 (IKEv2) Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Landon is a network contractor. He has been hired to design security for the network of a small company. The company has a limited budget. Landon is asked to create a system that will protect the company's workstations and servers without undo expense. Landon decides to deploy one hardware firewall between the Internet and the local area network (LAN). What is this solution called? Defense in depth N-tier deployment Fail-safe Single defense
Single defense
Mazie is a network engineer designing a virtual private network (VPN) architecture. The architecture must have the ability to establish and maintain a secure link between the company's main office and a branch office over the Internet, effectively creating a single distributed LAN. What solution does she recommend be applied? Extranet Host-to-host Remote access Site-to-site
Site-to-site
While fragmentation of IP packets is supported when they encounter network segments that have a smaller maximum transmission unit (MTU), that feature can be manipulated by malicious parties in overlapping attacks. In calculating a defense for such an exploit, what is the only reliable defense? A dynamic filtering system that performs footer reassembly A dynamic filtering system that performs header reassembly A dynamic filtering system that performs packet reassembly A dynamic filtering system that performs virtual reassembly
A dynamic filtering system that performs virtual reassembly
Carl is a security engineer for his company. He is reviewing a checklist of measures to physically protect the network specifically and the office environment in general. What is he focused on? Checking firewall rule sets Updating antivirus software Testing alarms Verifying server load sharing
Testing alarms
A major social networking site has been hacked. The usernames, passwords, and security questions of more than 500 million users were compromised. The company disclosed the breach to all users, advising them to immediately change their passwords and security questions. The vulnerability that lead to the breach has been discovered and patched. However, the security engineer suspects there is still a problem left unaddressed. What is the most likely problem? The company's web servers could still be at risk of banner grabbing. The network may still be attacked using a zero-day exploit. The hackers may have left malicious tools within the network that will allow them continued access. Wardialing over telephone lines could discover active and answering modems in the system.
The hackers may have left malicious tools within the network that will allow them continued access.
In executing the processes of risk assessment and risk management, which statistic calculates the potential number of times the threat could be a realized attack in a year's time? Exposure factor Single loss expectancy Annualized rate of occurrence Annualized loss expectancy
Annualized rate of occurrence
Lin is designing a virtual private network (VPN) implementation as a class project. The assignment includes a budget she has to follow. To save money, she decided to use a VPN without a firewall. What is the problem with her decision? This approach will work only if the VPN appliance is the primary device facing the Internet at the front of the network's demilitarized zone (DMZ). This approach will work only with VPN hardware devices. This approach will work only with a software VPN. This approach will not work because VPNs cannot take the place of firewalls.
This approach will not work because VPNs cannot take the place of firewalls.
Your sales department likes to stream professional sports games across the computer network on Wednesday afternoons, causing VPN performance issues during that time. What is the most likely cause of the performance issues? Endpoint configuration Traffic spike Encryption VPN software version
Traffic spike
Which of the following is a protocol that supports Advanced Encryption Standard (AES) with 128, 192, and 256 keys? Authentication Header (AH) RSA Secure Sockets Layer (SSL) Transport Layer Security (TLS)
Transport Layer Security (TLS)
Rachel is a network technician. She is writing a proposal that recommends which firewall type to purchase to replace an aging and failing unit. She wants to be able to protect two separate internal network segments with one hardware firewall. What is her recommendation? Dual-homed Next-generation Triple-homed Virtual
Triple-homed
A company's IT security engineer has noticed several employees periodically checking their social media accounts. One such platform allows chat, which can include sharing links, photos, and videos. When the engineer casually observes one user about to click a link to view a video, she stops the worker. Afterward, she approaches the chief information officer (CIO) and advises that all social media accounts be blocked, and that only online training videos authorized by the company be allowed to be viewed. What threat is the IT security engineer concerned about? Spam Trojan horse Denial of service (DoS) attack Covert channel
Trojan horse
802.1x authentication requires connecting systems to authenticate using public key infrastructure (PKI) machine certificates. True False
True
A best practice for firewall rules is to keep the rule set as simple as possible. True False
True
A best practice when troubleshooting issues is to make one change at a time, and then test the change before making any other changes. True False
True
A brouter performs the functions of both a bridge and a router. True False
True
A buffer overflow is an attack against poor programming techniques and a lack of quality control. True False
True
A change control mechanism tracks and monitors the changes to a system. True False
True
A customer premise equipment (CPE)-based virtual private network (VPN) is a VPN appliance. True False
True
A default-allow firewall stance assumes that most traffic is benign. True False
True
A default-deny firewall stance assumes that all traffic is potentially unauthorized. True False
True
A drawback of multiple-vendor environments is the amount of network staff training that is typically needed. True False
True
A fallback attack is defined as an attack that a hacker might try after an unsuccessful breach attempt against a target. True False
True
A firewall allows you to restrict unauthorized access between the Internet and an internal network. True False
True
A firewall with two interfaces is known as a dual-homed firewall. True False
True
A firewall's job is to impose all restrictions and boundaries defined in the security policy on all network traffic. True False
True
A network switch avoids collisions by reviewing the Media Access Control (MAC) address to determine where each data packet is meant to go. True False
True
A software-based virtual private network (VPN) may be part of a server operating system, part of an appliance operating system, or a third-party add-on software solution. True False
True
A virtual firewall can protect physical networks as well as virtual clients and servers. True False
True
A virtual private network (VPN) appliance can be positioned outside the corporate firewall so that all VPN traffic passes through firewall filters. True False
True
A virtual private network (VPN) policy documents an organization's rules for using the VPN. True False
True
Effective virtual private network (VPN) policies clearly define security restrictions imposed on VPNs. True False
True
Every update, change, or alteration to any aspect of a firewall should trigger another round of firewall testing. True False
True
Firewall filtering is an effective protection against fragmentation attacks. True False
True
Firewall implementation documentation should include every action taken from the moment the firewall arrives on site through the point of enabling the filtering of production traffic. True False
True
Firewall rules are instructions that evaluate and take action on traffic traversing the network. True False
True
Firewalls should be considered a part of a security infrastructure, not the totality of security. True False
True
Including photos of configuration screens in firewall procedures can speed up restoration after a network incident. True False
True
Insecure default configuration is a vulnerability of a hardware virtual private network (VPN). True False
True
The stability of a virtual private network (VPN) connection can be affected by the number of firewalls and routers it must traverse. True False
True
Under the universal participation security stance, every employee, consultant, vendor, customer, business partner, and outsider must be forced to work within the security policy's limitations. True False
True
Users with the minimum level of access to resources needed to complete their assigned tasks follow the principle of least privilege. True False
True
When a firewall functions at wire speed, the firewall does not introduce any delay or latency in communications because it operates at the same speed as the network. True False
True
When the defense in depth security strategy is followed, a single component failure does not result in compromise or intrusion. True False
True
Dhruv is the lead network engineer for his three-year-old company. He is writing a proposal that recommends the network protocol to use in several branch offices. Based on the age of the networking equipment, what is his recommendation to the chief information officer (CIO)? Continue to use IPv4 Upgrade to IPv6 Transition from Post Office Protocol (POP) to Simple Mail Transfer Protocol (SMTP) Transition to IPX/SPX
Upgrade to IPv6
Norman is a network engineer. He is creating a series of logical networks based on different departments for a new branch office. Although the physical locations of the computers for a particular department may be in different areas or on different floors of the building, they have to operate as if they are on a single physical network. Norman's solution involves putting the accounting, engineering, and marketing computer nodes on different subnets. What sort of network topology does Norman create? Access point Local area network (LAN) Star Virtual local area network (VLAN)
Virtual local area network (VLAN)
Santiago is a new network engineer for a mid-sized company. It is his responsibility to ensure that all employees working from home are able to connect to the office network in an efficient and secure manner. He must provide a service that allows communications between out-of-office staff and network resources to be encrypted at the protocol level and to be performed by either client or server software. The solution must also ensure that even if protocol encryption fails, the data is safe by its own encryption. What solution does he select? Authentication, authorization, and accounting (AAA) Implementation of a demilitarized zone (DMZ) Identity and access management (IAM) Virtual private network (VPN)
Virtual private network (VPN)
A malicious person wants to use tunneling to get through a company's firewall using a vulnerability. Micah, a network security engineer, is aware of this threat and configures the firewall to combat it. What does he do? Allow all authentication Block all authentication Allow all encryption Block all encryption
Block all encryption
Joaquin is a senior network technician for a mid-sized company who has been assigned the task of improving security for the IT infrastructure. He has been given a limited budget and must increase security without redesigning the network or replacing all internetworking security devices. He focuses on an approach that will identify a single vulnerability. What does he recommend? Chokepoint Fail-open Single defense Weakest link
Weakest link
Arturo is a new network technician. He wants to use Remote Desktop Protocol (RDP) to connect to a server from his computer. The server is on the other side of the building. His computer is running Windows 10. Will he be able to make the connection? Yes, because the RDP protocol works only on Windows. No, because the RDP protocol works only on Linux. No, because the RDP protocol works only on Mac OSX. Yes, because the RDP protocol has clients that work on most common operating systems.
Yes, because the RDP protocol has clients that work on most common operating systems.
Alice is a network technician designing infrastructure security based on compartmentalization. Which of the following does she employ? Zones of access shared with departments that typically do not commonly interact Zones of access that are separated from other parts of the network by routers, switches, and firewalls You Answered Zones of access that are separated from other parts of the network by intrusion detection and prevention as well as padded cells Zones of access that do not include virtual LANs (VLANs)
Zones of access that are separated from other parts of the network by routers, switches, and firewalls
Rupesh is a network technician who has been tasked by his supervisor to configure the edge firewall of an office branch. His task is to focus on outbound traffic based on several factors, such as domain name, URL, file extension, and certain keywords. What is he configuring the firewall to perform? Blocking Content filtering Stateful inspection Stateless inspection
Content filtering