Master Quizlet 4.3.7 to 5.9.7
How many network interfaces does a dual-homed gateway typically have?
3 A dual-homed gateway is a firewall device that typically has three network interfaces: one connected to the internet, one connected to the public subnet, and one connected to the private network.
How many concurrent connections does NAT support?
5,000 NAT supports a limit of 5,000 concurrent connections.
Which of the following BEST describes a honeyfile?
A single file setup to entice and trap attackers. A honeyfile is a single file setup to entice and trap attackers and to figure out what they're trying to do. A token is a device or a file used to authenticate. A honeyfile could be placed in the /etc/security directory. The file would not be a default file in the directory. A digitally signed file is like putting a lock on the document.
You connect your computer to a wireless network available at the local library. You find that you can access all of the websites you want on the internet except for two. What might be causing the problem?
A proxy server is blocking access to the websites. A proxy server can be configured to block internet access based on website or URL. Many schools and public networks use proxy servers to prevent access to websites with objectionable content. Ports 80 and 443 are used by HTTP to retrieve all web content. If a firewall were blocking these ports, access would be denied to all websites. Port forwarding directs incoming connections to a host on the private network. Port triggering dynamically opens firewall ports based on applications that initiate contact from the private network.
You are the security analyst for your organization and have discovered evidence that someone is attempting to brute-force the root password on the web server. Which classification of attack type is this?
Active Active attacks are when perpetrators attempt to compromise or affect the operations of a system in some way. For example, trying to brute-force the root password on a web server is considered an active attack. A distributed denial-of-service (DDoS) attack is also an active attack. Passive attacks occur when perpetrators attempt to gather information without affecting the flow of that information on the network. Packet sniffing and port scanning are passive attacks. External attacks are when unauthorized individuals try to breach a network from off-site. Remember that perpetrators of external attacks are unauthorized for any level of access to the network. Inside attacks are initiated by authorized individuals inside the network's security perimeter who attempt to access systems or resources to which they're not authorized. For example, an inside attack could be a disgruntled employee accessing unauthorized company documents and leaking them to the public.
Which of the following NAC agent types would be used for IoT devices?
Agentless An agentless agent is on the domain controller. When the user logs into the domain, it authenticates with the network. Agentless NAC is often used when there is limited disk space, such as for Internet of Things (IoT) devices. A dissolvable agent is downloaded, or a temporary connection is established. The agent is removed once the user is done with it. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages. A permanent agent resides on a device permanently.
What does the netstat -a command show?
All listening and non-listening sockets The netstat -a command shows the status of all listening and non-listening sockets.
You are the office manager of a small financial credit business. Your company handles personal financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records, but the budget is an issue for your company. Which item would provide the BEST security for this situation?
All-in-one security appliance An all-in-one security appliance would provide the best overall protection. All-in-one security appliances take up the least amount of space and require the least amount of technical assistance for setup and maintenance. Security functions in an all-in-one security appliance can include the following: > Spam filter > URL filter > Web content filter > Malware inspection Intrusion detection system (IDS) In addition to security functions, all-in-one security appliances can include the following: > Network switch > Router > Firewall > Tx uplink (integrated CSU/DSU) > Bandwidth shaping
You have configured the following rules. What is the effect? sudo iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT
Allow SMTP traffic These rules would allow inbound and outbound Simple Mail Transfer Protocol (SMTP) connections on TCP port 25, which is the default port for SMTP. These rules use the Accept action, so they would not block SMTP or Secure Shell (SSH). SSH is on TCP port 22, so these rules would not affect SSH.
Which of the following describes how access control lists can be used to improve network security?
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. Access control lists are configured on routers, and they operate on Layer 3 information. Port security is configured on switches, which filter traffic based on the MAC address in the frame. An intrusion detection system (IDS) or intrusion prevention system (IPS) examines patterns detected across multiple packets. An IPS can take action when a suspicious pattern of traffic is detected.
As the security analyst for your organization, you have noticed an increase in emails that attempt to trick users into revealing confidential information. Which web threat solution should you implement to protect against these threats?
Anti-phishing software Anti-phishing software scans content to identify and dispose of phishing attempts, preventing outside attempts to access confidential information. Proxies are used to filter web content and protect users on the internet. This would not help against phishing attempts. Data loss prevention are types of software that protect sensitive data from being exposed. This would not help against phishing attempts. Encryption causes data, such as the content of an email, to be unintelligible except to those who have the proper key to decrypt it. This would not help against phishing attempts.
Which of the following devices can apply quality of service and traffic-shaping rules based on what created the network traffic?
Application-aware devices An application-aware device can analyze and manage network traffic based on the Application layer protocol that created it. Some of these devices can also apply quality of service (QoS) and traffic-shaping rules based on the application that created network traffic. All-in-one security appliances combine many security functions into a single device. All-in-one security appliances are also known as unified threat security devices or web security gateways. Network access control (NAC) controls access to the network by not allowing computers to access network resources unless they meet certain predefined security requirements. A proxy server is a type of firewall that stands as an intermediary between clients requesting resources from other servers.
Which of the steps in the Network Access Control (NAC) implementation process occurs once the policies have been defined?
Apply The third step in implementing NAC is to apply the policies. This occurs after the policies have been defined. Planning is the first step in the NAC implementation process and needs to be done before defining the policies. Review is the final step in the NAC implementation process. As business needs change, the process must be reviewed to determine whether changes are required. Testing is not a step in the NAC implementation process.
Which of the following defines all the prerequisites a device must meet in order to access a network?
Authentication Authentication defines all the prerequisites a device must meet in order to access a network. These criteria are detailed for such things as anti-malware, OS, and patch level. Authorization looks at the authentication information and applies the appropriate policies to provide the device with the access it's defined to receive. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages. Identity Services Engine (ISE) is Cisco's NAC solution.
Which of the following applies the appropriate policies in order to provide a device with the access it's defined to receive?
Authorization Authorization looks at the authentication information and applies the appropriate policies in order to provide a device with the access it's defined to receive. Authentication defines all the prerequisites a device must meet in order to access a network. These criteria are detailed for such things as anti-malware, OS, patch level, and so on. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages. Identity Services Engine (ISE) is Cisco's NAC solution.
In an effort to increase the security of your organization, programmers have been informed they can no longer bypass security during development. Which vulnerability are you attempting to prevent?
Backdoor
While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. Which type of security weakness does this describe?
Backdoor A backdoor is an unprotected access method or pathway. Backdoors may include hard-coded passwords or hidden service accounts. They are often added during development as a shortcut to circumvent security. If they are not removed, they present a security problem. Privilege escalation allows a user to take advantage of a software bug or design flaw in an application to gain access to system resources or additional privileges that would typically not be available to the user. Weak passwords are passwords that are blank, too short, dictionary words, or not complex enough. This allows them to be quickly identified using password-cracking tools. A buffer overflow occurs when the operating system or an application does not properly enforce boundaries for how much and which type of data can be inputted.
An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later. Which type of attack is this an example of?
Backdoor A backdoor is an unprotected access method or pathway. Backdoors: > Include hard-coded passwords and hidden service accounts. > Are often added during development as a shortcut to circumvent security. If they are not removed, they present a security problem. > Can be added by attackers who have gained unauthorized access to a device. When added, the backdoor can be used at a future time to easily bypass security controls. > Can be used to remotely control the device at a later date. > Rely on secrecy to maintain security. Social engineering attacks involve stealing information or convincing someone to perform an inappropriate activity via email, via phone, or in person. A replay attack is a network attack that occurs when an attacker intercepts data and fraudulently delays or re-transmits it. Privilege escalation allows a user to take advantage of a software bug or design flaw in an application to gain access to system resources or additional privileges that aren't typically available to that user.
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Bastion or sacrificial host A bastion or sacrificial host is one that is unprotected by a firewall. The term bastion host is used to describe any device fortified against attack (such as a firewall). A sacrificial host might be a device intentionally exposed to attack, such as a honeypot. Circuit proxy and kernel proxy are types of firewall devices. Multi-homed describes a device with multiple network interface cards.
Which of the following BEST describes zero-trust security?
Only devices that pass both authentication and authorization are trusted. Network Access Control (NAC) is usually accomplished using a two-stage process of authentication and authorization. If the requirements for either of these stages is not met, the access request is denied. This if often referred to as zero-trust security, meaning nothing is trusted unless it can pass both the authentication and authorization stages.
Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails?
Only the servers in the DMZ are compromised, but the LAN will stay protected. If the firewall managing traffic into the DMZ fails, only the servers in the DMZ are subject to compromise. The LAN is protected by default. None of the other options are correct in this scenario.
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
Circuit-level gateway > A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level gateway: > Operates at OSI Layer 5 (Session layer). > Keeps a table of known connections and sessions. Packets directed to known sessions are accepted. > Verifies that packets are properly sequenced. > Ensures that the TCP three-way handshake process occurs only when appropriate. > Does not filter packets. Rather, it allows or denies sessions. A packet-filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. An Application-level gateway is a firewall that is capable of filtering based on information contained within the data portion of a packet (such as URLs within an HTTP request). A VPN concentrator is a device that is used to establish remote access VPN connections.
A network device is given an IP address of 172.16.0.55. Which type of network is this device on?
Class B private network A device with the IP address of 172.16.0.55 is on a Class B private network. A private network can use IPv4 addresses in the following ranges that have been reserved for private use (meaning they are not used by hosts on the internet). 10.0.0.0 to 10.255.255.255 (known as Class A private network addresses) 172.16.0.0 to 172.31.255.255 (known as Class B private network addresses) 192.168.0.0 to 192.168.255.255 (known as Class C private network addresses) IPv6 reserves all addresses beginning with a binary 1111 1110 11 (hexadecimal FEC0::/48) for private IP networks. This address range is called the site-local address range.
When designing a firewall, what is the recommended approach for opening and closing ports?
Close all ports; open only ports required by applications inside the DMZ. When designing a firewall, the recommended practice is to close all ports and then only open those ports that allow the traffic that you want to allow inside the DMZ or the private network. Ports 20, 21, 53, 80, and 443 are common ports that are opened, but the exact ports you open depends on the services provided inside the DMZ.
A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration? (Select two.)
Configure the VPN connection to use IPsec Configure the browser to send HTTPS requests through the VPN connection It is generally considered acceptable to use a VPN connection to securely transfer data over an open Wi-Fi network. As long as strong tunneling ciphers and protocols are used, the VPN provides sufficient encryption to secure the connection, even though the wireless network itself is not encrypted. It is recommended that you use IPsec or SSL to secure the VPN, as these protocols are relatively secure. You should also configure the browser's HTTPS requests to go through the VPN connection. To conserve VPN bandwidth and improve latency, many VPN solutions automatically reroute web browsing traffic through the client's default network connection instead of through the VPN tunnel. This behavior would result in HTTP/HTTPS traffic being transmitted over the unsecure open wireless network instead of though the secure VPN tunnel. Avoid using PPTP with MS-CHAPv2 in a VPN over open wireless configuration, as these protocols are no longer considered secure.
Which of the following are characteristics of a complex password? (Select two.)
Consists of letters, numbers, and symbols Has a minimum of eight characters Complex passwords require a certain length (typically over eight characters) and a mix of character types (numbers and symbols) along with requirements that the password not consist of words, variations of words, or derivatives of the username. There is no maximum character limit for a complex password.
Which area of focus helps to identify weak network architecture or design?
Documentation Documentation is one of the most important components of knowing a network. Proper network documentation and diagrams not only help identify a weak network architecture or design, but they also protect against system sprawl and unknown systems. Entry points are any possible way into the network. Identifying entry points do not identify weak network architecture or design. Inherent vulnerabilities are any system that lacks proper security controls. Identifying inherent vulnerabilities does not identify weak network architecture or design. A network baseline tells you the normal activity level on a network. This does not help in identifying weak network architecture or design.
Which action would you use in a rule to disallow a connection silently?
Drop The Drop action is used to silently disallow a connection; the sending system receives no notice. The Reject action also disallows a connection but sends a TCP RST packet or an ICMP port unreachable packet back to the system that sent the original packet. Accept would allow the packet. Forward is a chain, not an action in iptables.
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
DDoS A denial-of-service (DoS) attack generates excessive traffic to overload communication channels or exploit software flaws. A distributed denial-of-service (DDoS) attack employs multiple attackers. Spamming is just a traffic generation form of attack where unrequested messages are sent to a victim. Replay and backdoor attacks are both flaw-exploitation attack forms. Replay attacks exploit software flaws by capturing traffic, possibly editing it, and then replaying the traffic in an attempt to gain access to a system. Backdoor attacks exploit software flaws by obtaining access codes or account credentials to bypass security. Backdoors can also be planted by hackers to allow easy re-access to a compromised system.
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?
DMZ A DMZ, or demilitarized zone, is a network placed between a private secured network and the untrusted internet to grant external users access to internally controlled services. The DMZ serves as a buffer network. An intranet is a private network that happens to employ internet information services. An extranet is a division of a private network that is accessible to a limited number of users, such as business partners, suppliers, and certain customers. A padded cell is an intrusion detection countermeasure used to delay intruders sufficiently to record meaningful information about them for discovery and prosecution.
Where should an organization's web server be placed?
DMZ A web server should be placed in the demilitarized zone (DMZ). The DMZ is a network that contains publicly accessible resources. The DMZ is located between the private network and an untrusted network (such as the internet) and is protected by a firewall. An intranet is a private network (LAN) that employs internet information services for internal use only. Since a website should be publicly available, its server should not be placed on the intranet. An extranet is a privately controlled network that is distinct from the intranet. An extranet is located between the internet and a private LAN. An extranet is often used to grant resource access to business partners, suppliers, and even customers outside of an organization. The web server shouldn't be placed here. A honeynet is a special network created to trap potential attackers. A web server would not be placed in a honeynet.
When setting up a new wireless access point, what is the first configuration change that should be made?
Default login Whenever any new network device is turned on for the first time, the default login information should be changed immediately. Neither the SSID, encryption protocol, nor MAC filtering is the first configuration change that should be made when setting up a new wireless access point.
Which of the following best describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. Stateful firewalls, also referred to as stateful multilayer firewalls, determine the legitimacy of traffic based on the state of the connection from which the traffic originated. The stateful firewall maintains a state table that tracks the ongoing record of active connections. A virtual private network (VPN) is a network that provides secure access to a private network through a public network or the internet. Virtual private networks offer secure connectivity between many entities, both internally and remotely. Their use of encryption provides an effective defense against sniffing. Network Address Translation (NAT) separates IP addresses into two sets. This technology allows all internal traffic to share a single public IP address when connecting to an outside entity. A firewall can be implemented on circuit-level gateways or Application-level gateways. Both of these firewall designs sit between a host and a web server and communicate with the server on behalf of the host. They can also be used to cache frequently accessed websites for faster web page loading.
Which of the following NAC agent types creates a temporary connection?
Dissolvable A dissolvable agent is downloaded, or a temporary connection is established. The agent is removed once the user is done with it. The user has to download or connect to the agent again if it is needed. An agentless agent is housed on the domain controller. This is not the most convenient type of agent. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages. A permanent agent resides on a device permanently.
You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. Which type of Network Address Translation (NAT) should you implement?
Dynamic Use dynamic NAT to share public addresses with multiple private hosts. Dynamic NAT allows private hosts to access the internet but does not allow internet hosts to initiate contact with private hosts.
Which NAT implementation assigns two IP addresses to the public NAT interface, allowing traffic to flow in both directions?
Dynamic and static Dynamic and static NAT can be implemented together. Using this implementation, two IP addresses are given to the public NAT interface (one for dynamic NAT and one for static NAT). This allows traffic to flow in both directions. Use dynamic NAT to share public addresses with multiple private hosts. Dynamic NAT allows private hosts to access the internet but does not allow internet hosts to initiate contact with private hosts. Static NAT maps an internal IP address to a static port assignment. Static NAT is typically used to take a server on the private network (such as a web server) and make it available on the internet. The NAT router uses Port Address Translation (PAT) to associate a port number with a request from a private host.
Which IPSec subprotocol provides data encryption?
ESP Encapsulating Security Payload (ESP) Protocol provides data encryption for IPSec traffic. Authentication Header (AH) provides message integrity through authentication, verifying that data is received unaltered from the trusted destination. AH provides no privacy and is often combined with ESP to achieve integrity and confidentiality.
In addition to Authentication Header (AH), IPsec is comprised of what other service?
Encapsulating Security Payload (ESP) IPsec is comprised of two services. One service is named Authentication Header (AH), and the other named Encapsulating Security Payload (ESP). AH is used primarily for authenticating the two communication partners of an IPsec link. ESP is used primarily to encrypt and secure the data transferred between IPsec partners. IPSec employs ISAKMP for encryption key management.
Travis is sending a highly confidential email to Craig that contains sensitive data. Which of the following should Travis implement to ensure that only Craig is able to read the email?
Encryption Encryption causes data, such as the content of an email, to be unintelligible except to those who have the proper key to decrypt it. Travis should make sure to encrypt the email before sending it so that only Craig is able to open the email and read the contents. Virus scanners identify infected content and dispose of it. Gateway email spam filters prevent spam emails from reaching your network, servers, and computers. Anti-phishing software scans content to identify and dispose of phishing attempts, preventing outside attempts to access confidential information.
You are investigating the use of website and URL content filtering to prevent users from visiting certain websites. Which benefits are the result of implementing this technology in your organization? (Choose two.)
Enforcement of the organization's internet usage policy An increase in bandwidth availability Website filtering can be used to enforce the organization's internet usage policy and usually results in an increase in bandwidth availability. Spam blockers are used to block emails containing threats. Virus blockers identify infected content and dispose of it. Anti-phishing software scans content to identify and dispose of phishing attempts, preventing outside attempts to access confidential information.
Which area of focus do public-facing servers, workstations, Wi-Fi networks, and personal devices fall under?
Entry points Public-facing servers, workstations, Wi-Fi networks, and personal devices are all examples of entry points for possible attacks. You must account for anything that connects to the network as a possible entry point. Inherent vulnerabilities are any system that lacks proper security controls. Network segmentation is the process of splitting the network into different sections. A network baseline tells you the normal activity level on a network.
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
Extranet An extranet is a privately controlled portion of a network that is accessible to some specific external entities. Often, those external entities are business partners, suppliers, distributors, vendors, or customers. An intranet is a LAN that employs the technology of the internet (namely, TCP/IP, web servers, and email). The internet is the global TCP/IP-based network that supports most web and email communications. A metropolitan area network (MAN) is a LAN that is spread across several city blocks, across a business park, or across a campus.
Which of the following are functions of gateway email spam filters? (Select two.)
Filters messages containing specific content Blocks email from specific senders Gateway email spam filters can be used to block the following: - Messages from specific senders - Email containing threats (such as false links) - Messages containing specific content Web threat filtering prevents users from visiting websites with known malicious content. Website and content filtering can be used to enforce the organization's internet usage policy. Anti-phishing software scans content to identify and dispose of phishing attempts, preventing outsiders from accessing confidential information.
Which of the following types of proxies would you use to remain anonymous when surfing the internet?
Forward Forward proxies can be used to filter web content but can also be used to mask a user's identity for anonymity. Reverse proxies can be used for caching and authentication. Content filtering is not a type of proxy server. A VPN is not a type of proxy and is not used for web filtering.
Which device is NAT typically implemented on?
Gateway router NAT is typically implemented on a default gateway router. AD server, RADIUS server, and ISP Router cannot be used to configure NAT.
Jessica needs to set up a firewall to protect her internal network from the internet. Which of the following would be the BEST type of firewall for her to use?
Hardware Hardware firewalls are physical devices that are usually placed at the junction or gateway between two networks, generally a private network and a public network like the internet. Hardware firewalls can be a standalone product or can also be built into devices like broadband routers. Software firewalls are generally used to protect individual hosts. Tunneling is when an attacker wraps a malicious command in an HTTP, ICMP, or ACK tunneling packet that bypasses the firewall and reaches an internal system. Stateful firewalls, also referred to as stateful multilayer firewalls, determine the legitimacy of traffic based on the state of the connection from which the traffic originated.
You want to create a collection of computers on your network that appear to have valuable data but actually store fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the attacker's methods. Which feature should you implement?
Honeynet A honeypot is a device or virtual machine that entices intruders by displaying a vulnerable trait or flaw or by appearing to contain valuable data. A honeynet is a network of honeypots. A network-based IDS (NIDS) is a dedicated device installed on a network that's used to analyze all traffic on the network. An NIPS is a network-based intrusion prevention system that can take actions in response to intrusion. An extranet is a privately controlled network located between the internet and a private LAN, but distinct from both. An extranet is often used to grant resource access to business partners, suppliers, and even customers outside of the organization.
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?
Host-based firewall A host-based firewall inspects traffic received by a host. Use a host-based firewall to protect against attacks when there is no network-based firewall, such as when you connect to the internet from a public location. A network-based firewall inspects traffic as it flows between networks. For example, you can install a network-based firewall on the edge of your private network that connects to the internet to protect against attacks from internet hosts. A VPN concentrator is a device connected to the edge of a private network that is used for remote access VPN connections. Remote clients establish a VPN connection to the VPN concentrator and are granted access to the private network. A proxy server is an Application-level firewall that acts as an intermediary between a secure private network and the public. Access to the public network from the private network goes through the proxy server.
What is Cisco's Network Access Control (NAC) solution called?
Identity Services Engine (ISE) Network Access Control (NAC) is not a product; it is a process. Many companies implement products that utilize the NAC process. Cisco's solution is called Identity Services Engine (ISE). Talos is the name of Cisco's security threat intelligence team. Network Access Protection is Microsoft's NAC solution. Network Address Translation (NAT) translates multiple private addresses into a single registered IP address.
In which of the iptables default chains would you configure a rule to allow an external device to access the HTTPS port on the Linux server?
Input The Input chain would be where you would place the rule as it is used for inbound connections. The Output chain is for outbound connections. The Forward chain is for sending connections through the Linux server to another device. The Accept action can be used in a rule to allow a connection. However, it is not a chain.
Which VPN protocol typically employs IPsec as its data encryption mechanism?
L2TP L2TP (Layer 2 Tunneling Protocol) is the VPN protocol that typically employs IPsec as its data encryption mechanism. L2TP is the recommended VPN protocol to use on dial-up VPN connections. PPTP and PPP only support CHAP and PAP for data encryption. L2F offers no data encryption.
At which layer of the OSI model do NAT routers operate?
Layer 3 (Network layer) NAT routers operate at the Network layer (Layer 3) of the OSI Model.
In which of the following zones would a web server most likely be placed?
Low-trust zone A low-trust zone is where publicly available information resides. You do have control over the security of this zone, but it is still exposed to the internet. For example, a web server might reside in this zone. It is also referred to as a DMZ, or demilitarized zone. A web server would not be housed in any trust zone higher than a low-trust zone. Since the web server is open to the internet, not much trust can be placed in it. A no-trust zone is a zone that you have no control over, such as the internet.
You are configuring the security settings for your network. You have decided to configure a policy that requires any computer connecting to the network to run at least Windows 10 version 2004. Which of the following have you configured?
NAC Network Access Control (NAC) is a policy-driven control process that allows or denies network access to devices connecting to a network. For example, you may want to have policies that require connecting devices to meet certain criteria, such as having a particular version of Windows, the latest antivirus definitions, or Windows Firewall enabled. Network Address Translation (NAT) translates multiple private addresses into a single registered IP address. Network Access Protection (NAP) is Microsoft's NAC solution. Identity Services Engine (ISE) is Cisco's NAC solution.
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers could pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches are installed. Which solution should you use?
NAC Network access control (NAC) controls access to a network by not allowing computers to access network resources unless they meet certain predefined security requirements. Conditions that can be part of the connection requirements include requiring that computers have: > Antivirus software with up-to-date definition files > An active personal firewall > Specific operating system critical updates and patches A client that is determined healthy by the NAC is given access to the network. An unhealthy client, who has not met all the checklist requirements, is either denied access or can be given restricted access to a remediation network, where remediation servers can be contacted to help the client to become compliant. A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between a private network and an untrusted network (such as the internet). A virtual LAN (VLAN) is a logical grouping of computers based on switch port. VLAN membership is configured by assigning a switch port to a VLAN. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A network-based IDS (NIDS) scans network traffic looking for intrusion attempts.
Your network devices are categorized into the following zone types: > No-trust zone > Low-trust zone > Medium-trust zone > High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network?
Network segmentation The secure network architecture concept that is being used in this example is network segmentation. The most common way to segment networks is to create multiple VLANs for each network zone. These zones can also be separated by firewalls to ensure only specific traffic is allowed. One way to segment a network is to categorize systems into different zones (for example, a no-trust zone, low-trust zone, medium-trust zone, high-trust zone, and highest-trust zone).
Which of the following does a NAT router use to identify where a host is connected on the switch?
PAT A NAT router uses Port Address Translation (PAT) to associate a port number with a request from a private host. When a return packet comes in, it is sent to the port number specified in the request. The NAT router uses its translation table to determine the private host associated with that port number and forwards the data to the appropriate host. Use dynamic NAT to share public addresses with multiple private hosts. Dynamic NAT allows private hosts to access the internet but does not allow internet hosts to initiate contact with private hosts. Static NAT maps an internal IP address to a static port assignment. Static NAT is typically used to take a server on the private network (such as a web server) and make it available on the internet. IPv4 is the most widely used version of Internet Protocol (IP). It defines IP addresses in a 32-bit format.
Which of the following VPN protocols is no longer considered secure?
PPTP Point-to-Point Tunneling Protocol (PPTP) was one of the first VPN protocols and was developed by Microsoft. It is no longer considered secure and is essentially obsolete. Internet Protocol Security (IPsec) provides authentication and encryption, and it can be used in conjunction with L2TP or by itself as a VPN solution. IPSec is still considered very secure. The Secure Sockets Layer (SSL) Protocol has long been used to secure traffic generated by other IP protocols, such as HTTP, FTP, and email. SSL can also be used as a VPN solution, typically in a remote access scenario. Transport Layer Security (TLS) Protocol works in a similar way to SSL, even though they are not interoperable.
What needs to be configured on a firewall to allow traffic directed to the public resource in the DMZ?
Packet filters Packet filters on the firewall allow traffic directed to the public resources inside the DMZ. Packet filters also prevent unauthorized traffic from reaching the private network. A subnet is used to segment a network. A VPN provides a secure outside connection to an internal network's resources. A VPN does not need to be configured on the firewall to allow traffic to the public resource in the DMZ. FTP is a protocol used to transfer files. This does not need to be configured on the firewall to allow traffic to the public resource in the DMZ.
Which classification of attack type does packet sniffing fall under?
Passive Passive attacks occur when perpetrators attempt to gather information without affecting the flow of that information on the network. Packet sniffing and port scanning are passive attacks. Active attacks are when perpetrators attempt to compromise or affect the operations of a system in some way. For example, trying to brute-force the root password on a web server is considered an active attack. A distributed denial-of-service (DDoS) attack is also an active attack. External attacks are when unauthorized individuals try to breach a network from off-site. Remember that perpetrators of external attacks are unauthorized for any level of access to the network. Inside attacks are initiated by authorized individuals inside the network's security perimeter who attempt to access systems or resources to which they're not authorized. For example, an inside attack could be a disgruntled employee accessing unauthorized company documents and leaking them to the public.
An attacker has gained access to the administrator's login credentials. Which type of attack has most likely occurred?
Password cracking Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. If an attacker has gained access to the administrator's login credentials, this is most likely the cause of a password-cracking attack. Privilege escalation allows a user to take advantage of a software bug or design flaw in an application to gain access to system resources or additional privileges that would typically not be available to the user. A backdoor is an unprotected access method or pathway. Backdoors may include hard-coded passwords or hidden service accounts. A buffer overflow attack occurs when the operating system or an application does not properly enforce boundaries for how much and which type of data can be inputted.
Which of the following NAC agent types is the most convenient agent type?
Permanent A permanent agent resides on a device permanently. This is the most convenient agent since it does not have to be renewed and can always run on the device. It is also known as a persistent agent. A dissolvable agent is downloaded, or a temporary connection is established. This is not the most convenient type of agent. An agentless agent is housed on the domain controller. This is not the most convenient type of agent. Zero-trust security means nothing is trusted unless it can pass both the authentication and authorization stages.
Drag the network attack technique on the left to the appropriate description or example on the right. (Each technique may be used once, more than once, or not at all.)
Perpetrators attempt to compromise or affect the operations of a system. Active attack Unauthorized individuals try to breach a network from off-site. External attack Attempting to find the root password on a web server by brute force. Active attack Attempting to gather information without affecting the flow of information on the network. Passive attack Sniffing network packets or performing a port scan. Passive attack Network attacks are classified as follows: Active attacks are when perpetrators attempt to compromise or affect the operations of a system in some way. For example, trying to brute-force the root password on a web server is considered an active attack. A distributed denial-of-service (DDoS) attack is also an active attack. Passive attacks occur when perpetrators attempt to gather information without affecting the flow of that information on the network. Packet sniffing and port scanning are passive attacks. External attacks are when unauthorized individuals try to breach a network from off-site. Remember that perpetrators of external attacks are unauthorized for any level of access to the network. Inside attacks are initiated by authorized individuals inside the network's security perimeter who attempt to access systems or resources to which they're not authorized. For example, an inside attack could be a disgruntled employee accessing unauthorized company documents and leaking them to the public.
You are part of a committee that is meeting to define how Network Access Control (NAC) should be implemented in the organization. Which step in the NAC process is this?
Plan Planning is the first step in the NAC implementation process. In this step, a committee should convene and make decisions that define how NAC should work. The third step in implementing NAC is to apply the policies. This occurs after the policies have been defined. Review is the final step in the NAC implementation process. As business needs change, the process must be reviewed to determine whether changes are required. Define is the second step in the NAC implementation process. After the committee has decided how NAC should work, the roles, identities, and permissions (policies) must be defined.
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?
Privilege escalation Privilege escalation allows a user to take advantage of a software bug or design flaw in an application to gain access to system resources or additional privileges that are typically not available to normal users. Examples of privilege escalation include: > A user accessing a system with a regular user account and successfully accessing functions reserved for higher-level user accounts (such as administrative features). > A user who is able to access content that should be accessible only to a different user. > A user who should have only administrative access being able to access content that should only be accessible to a regular user. Privilege escalation does not occur when a user is able to steal or hack administrator credentials and is, therefore, able to access administrative functions. Privilege escalation refers to accessing features with an account that normally should not have access to those features.
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?
Privilege escalation This situation describes the result of a successful privilege escalation attack. If a low-end user account is detected performing high-level activities, it is obvious that the user account has somehow gained additional privileges. Physical security is the protection of corporate assets from threats such as theft or damage. Social engineering attacks involve stealing information or convincing someone to perform an inappropriate activity via email, phone, or in person. External attacks are when unauthorized individuals try to breach a network from off-site.
Travis and Craig are both standard users on the network. Each user has a folder on the network server that only they can access. Recently, Travis has been able to access Craig's folder. This situation indicates which of the following has occurred?
Privilege escalation This situation describes the result of a successful privilege escalation attack. If a user is able to access content that should only be accessible to a different user, it is obvious that a privilege escalation attack has occurred. Social engineering attacks involve stealing information or convincing someone to perform an inappropriate activity via email, phone, or in person. A replay attack is a network attack that occurs when an attacker intercepts data and fraudulently delays or re-transmits it. External attacks are when unauthorized individuals try to breach a network from off-site.
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Put the web server inside the DMZ. Put the database server on the private network. Publicly accessible resources (servers) are placed inside the DMZ. Examples of publicly accessible resources include web, FTP, or email servers. Devices that should not be accessible to public users are placed on the private network. If you have a public server that communicates with another server, such as a database server, and that server should not have direct contact with public hosts, place the server on the private network and allow only traffic from the public server to cross the inner firewall.
Which type of packet would the sender receive if they sent a connection request to TCP port 25 on a server with the following command applied? sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT
RST Because the packet is TCP and is blocked by the Reject action, the server would send a TCP RST packet back to the sender. ICMP Unreachable Port is sent by iptables if a UDP packet is blocked by the Reject action. A SYN packet would indicate that the server is proceeding with the connection, which would not happen with the Reject action. If it were allowed, the ACK would generally be sent with the SYN to acknowledge the initial connection while the SYN starts the next part of the TCP three-way handshake.
Which of the following are features of an application-level gateway? (Select two.)
Reassembles entire messages Stops each packet at the firewall for inspection > Application-level gateways: > Operate up to OSL Layer 7 (Application layer) > Stop each packet at the firewall for inspection (no IP forwarding) > Inspect encrypted packets, such as an SSL inspection > Examine the entire content that is sent (not just individual packets) > Understand or interface with the application-layer protocol > Can filter based on user, group, and data (such as URLs within an HTTP request) > Is the slowest form of firewall protection because entire messages are reassembled at the Application layer > Allowing only valid packets within approved sessions and verifying that packets are properly sequenced are features of a stateful firewall. > Using access control lists is a feature of a packet-filtering firewall.
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the internet from the library's computers. The students use the computers to search the internet for research paper content. The school budget is limited. Which content filtering option would you choose?
Restrict content based on content categories. Restricting content based on categories would provide the most protection with the least amount of research and involvement. All other options require research to identify specific content or websites, which could allow access to undesirable websites or prevent access to necessary websites.
A proxy server can be configured to do which of the following?
Restrict users on the inside of a network from getting out to the internet. Proxies can be configured to: > Restrict users on the inside of a network from getting out to the internet. > Restrict access by user or by specific website. > Restrict users from using certain protocols. > Use access controls to control inbound or outbound traffic. > Shield or hide a private network to provide online anonymity and make it more difficult to track web surfing behavior. > Cache heavily accessed web content to improve performance. An internet content filter is software used to monitor and restrict content delivered across the web to an end user. Two types of configurations are commonly used, which are: > Allow all content except for the content you have identified as restricted. > Block all content except for the content you have identified as permissible. All-in-one security appliances combine many security functions into a single device. All-in-one security appliances are also known as unified threat security devices or web security gateways.
Which of the following is another name for a firewall that performs router functions?
Screening router A firewall performing router functions is considered a screening router. A screening router is the router that is most external to your network and closest to the internet. It uses access control lists (ACLs) to filter packets as a form of security. A dual-homed gateway is a firewall device that typically has three network interfaces: one connected to the internet, one connected to the public subnet, and one connected to the private network. A screened-host gateway resides within the DMZ, requiring users to authenticate in order to access resources within the DMZ or the intranet. A screened subnet uses two firewalls. The external firewall is connected to the internet and allows access to public resources. The internal firewall connects the screened subnet to the private network.
Which VPN implementation uses routers on the edge of each site?
Site-to-site VPN A site-to-site VPN uses routers on the edge of each site. The routers are configured for a VPN connection and encrypt and decrypt the packets being passed between the sites. With this configuration, individual hosts are unaware of the VPN. A host-to-host VPN allows an individual host connected to the internet to establish a VPN connection to another host on the internet. Both devices must be configured for a VPN connection and have the software to encrypt and encapsulate the packets. A remote access VPN uses a server (called a VPN concentrator) configured to accept VPN connections from individual hosts. An always-on VPN employs the concept that a user is always on the VPN, whether physically within the LAN or remotely. There is no turning it on or off. All traffic is basically fully tunneled.
You have just installed a packet-filtering firewall on your network. Which options are you able to set on your firewall? (Select all that apply.)
Source address of a packet Destination address of a packet Port number A packet-filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols.
You are configuring web threat protection on the network and want to block emails coming from a specific sender. Which of the following should be configured?
Spam filter Gateway email spam filters prevent spam emails from reaching your network, servers, and computers. Spam filters can be configured to block specific senders, emails containing threats (such as false links), and emails containing specific content. Content filtering can block users from visiting specific categories of websites. Virus scanners identify infected content and dispose of it. Encryption causes data, such as the content of an email, to be unintelligible except to those who have the proper key to decrypt it. Anti-phishing software scans content to identify and dispose of phishing attempts, preventing outside attempts to access confidential information.
Which VPN tunnel style routes only certain types of traffic?
Split A VPN split tunnel routes only certain types of traffic, usually determined by destination IP address, through the VPN tunnel. All other traffic is passed through the normal internet connection. A full VPN tunnel routes all of a user's network traffic through the VPN tunnel. This can sometimes send traffic that is not necessary. A site-to-site VPN is a VPN implementation that uses routers on the edge of each site. A host-to-host VPN implementation allows an individual host connected to the internet to establish a VPN connection to another host on the internet.
Which of the following are characteristics of a packet-filtering firewall? (Select two.)
Stateless Filters IP address and port A packet-filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. A packet-filtering firewall is considered a stateless firewall because it examines each packet and uses rules to accept or reject each packet without considering whether the packet is part of a valid and active session. A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level proxy is considered a stateful firewall because it keeps track of the state of a session. Application-level gateways filter on Application layer data, which might include data such as URLs within an HTTP request.
You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?
Static Static translation consistently maps an unregistered IP address to the same registered IP address on a one-to-one basis. Static NAT is particularly useful when a device needs to be assigned the same address so it can be accessed from outside the network, such as web servers and other similar devices. Dynamic translation would not work for these servers because it maps an unregistered host IP address to any available IP address configured in a pool of one or more registered IP addresses. Accessing a server assigned one of these addresses would be nearly impossible because the addresses are still shared by multiple hosts.
A honeypot is used for which purpose?
To delay intruders in order to gather auditing data A honeypot is used to delay intruders in order to gather auditing data. A honeypot is a fake network or system that hosts false information but responds as a real system should. Honeypots usually entice intruders to spend considerable time on the system and allow extensive logging of the intruder's activities. A honeypot often allows companies to discover and even prosecute intruders. Honeypots should not be used to entrap intruders. Entrapment is an illegal activity. Honeypots are not direct countermeasures to preventing unwanted access. Rather, they are an enticement to prevent intruders from getting into the private network in the first place. Honeypots rarely take offensive action against intruders. They may prevent malicious activities from being launched by an intruder, but they do not direct attacks at him or her.
You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. What should you use to allow access?
Static NAT Static NAT maps an internal IP address to a static port assignment. Static NAT is typically used to take a server on the private network (such as a web server) and make it available on the internet. External hosts contact the internal server using the public IP address and the static port. Using a static mapping allows external hosts to contact internal hosts. Dynamic NAT automatically maps internal IP addresses with a dynamic port assignment. On the NAT device, the internal device is identified by the public IP address and the dynamic port number. Dynamic NAT allows internal (private) hosts to contact external (public) hosts, but not vice versa. External hosts cannot initiate communications with internal hosts. DNS records associate a host name with an IP address. With multicast, a single data stream can be forwarded to all computers that are members of the same multicast group.
A VPN is primarily used for which of the following purposes?
Support secured communications over an untrusted network A VPN (virtual private network) is used primarily to support secured communications over an untrusted network. A VPN can be used over a local area network, across a WAN connection, over the internet, and even between a client and a server over a dial-up internet connection. All of the other items listed in this question are benefits or capabilities that are secondary to this primary purpose.
Which statement BEST describes IPsec when used in tunnel mode?
The entire data packet, including headers, is encapsulated When using IPsec in tunnel mode, the entire data packet, including original headers, is encapsulated. New encrypted packets are created with headers indicating only the endpoint addresses. Tunneling protects the identities of the communicating parties and original packet contents. Tunneling is frequently used to secure traffic traveling across insecure public channels, such as the internet. IPsec in tunnel mode is the most common configuration for gateway-to-gateway communications. In transport mode, routing is performed using the original headers; only the packet's payload is encrypted. Transport mode is primarily used in direct host-to-host communication outside of a dedicated IPsec gateway/firewall configuration.
Which problem does NAT help address?
The shortage of IPv4 addresses Network Address Translation helps address the shortage of registered IPv4 addresses. A NAT router translates multiple private addresses into a single registered IP address. The internet is classified as a public network. All devices on a public network must have a registered IP address assigned by an Internet Service Provider (ISP). NAT does not address any issues in this process. There is no shortage of IPv6 addresses. NAT can cause IPSec to malfunction because NAT changes packet headers. IPSec detects changes to packet headers as part of the security process.
Which of the following types of proxies can be used for web filtering?
Transparent Transparent proxies are located between a user and the internet, and they can redirect requests without changing them. These can also be used for web filtering. Reverse proxies can be used for caching and authentication. A VPN is not a type of proxy and is not used for web filtering. Content filtering is not a type of proxy server.
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You've configured the management interface with a username of admin and a password of password. What should you do to increase the security of this device?
Use a stronger administrative password. In this scenario, the password assigned to the device is weak and can be easily guessed. The password should be replaced with a strong one that is at least eight characters long, uses uppercase and lowercase letters, and uses numbers or symbols. Including hard-coded passwords and hidden service accounts is an option for avoiding backdoor vulnerabilities. Using the console port to access the device creates a dedicated connection, making the use of SSH unnecessary. Because the device has been installed in a secured room, it's not necessary to move it to a data center.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?
Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ. A demilitarized zone (DMZ), also called a screened subnet, is a buffer network (or subnet) that sits between the private network and an untrusted network such as the internet. A common configuration uses two firewalls, one connected to the public network and one connected to the private network. Publicly-accessible resources (servers) are placed inside the screened subnet. Examples of publicly-accessible resources include web, FTP, or email servers. Private resources that are not accessible from the internet are placed behind the DMZ (behind the inner firewall). Placing the web server inside the private network would mean opening ports in the firewall leading to the private network, which could expose other devices to attack. Placing the web server outside of the firewall would leave it unprotected.
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the MOST important aspect of maintaining network security against this type of attack?
User education and training User education and training is the most important aspect of maintaining network security against an email phishing attack.
Which of the following is commonly created to segment a network into different zones?
VLANs The most common way to segment networks is to create multiple virtual local area networks (VLANs) for each network zone. VPNs are used to create a remote secure connection to a network resource. A DMZ is a type of zone that is exposed to the internet. The Domain Name System (DNS) is used to match IP addresses to their corresponding URLs.
Which of the following is the BEST solution to allow access to private resources from the internet?
VPN A VPN provides a secure outside connection to an internal network's resources. A VPN server can be placed inside the DMZ. Internet users can be required to authenticate to the VPN server and then allowed communications from the VPN server to the private network. Only communications coming through the VPN server are allowed through the inner firewall. Packet filters on the firewall allow traffic directed to a public resource inside the DMZ. Packet filters also prevent unauthorized traffic from reaching the private network. Packet filters won't allow access to private resources from the internet. A subnet is used to segment a network. File Transfer Protocol (FTP) is a protocol used to transfer files. This does not allow access to private resources from the internet.
A group of salesmen would like to remotely access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?
VPN concentrator With a remote access VPN, a server on the edge of a network (called a VPN concentrator) is configured to accept VPN connections from individual hosts. Hosts that are allowed to connect using the VPN connection are granted access to resources on the VPN server or the private network. A demilitarized zone (DMZ), also called a screened subnet, is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the internet). A RADIUS server is used to centralize authentication, authorization, and accounting for multiple remote access servers. However, clients still connect to individual remote access servers. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A passive IDS monitors, logs, and detects security breaches, but it does not take action to stop or prevent an attack. An active IDS (also called an intrusion protection system or IPS) performs the functions of an IDS but can also react when security breaches occur.
As the security analyst for your organization, you have noticed an increase in user computers being infected with malware. Which two solutions should you implement and configure to remedy this problem? (Select two.)
Virus scanner Spam filters Virus scanners identify infected content and dispose of it. They are often coupled with email scanners. Gateway email spam filters prevent spam emails from reaching your network, servers, and computers. Since the most likely cause of malware infections is through spam emails, implementing spam filters and virus scanners helps remedy the problem. Proxies are used to filter web content and protect users on the internet. This would not help remedy malware issues. Data loss prevention are types of software that protect sensitive data from being exposed. This would not help remedy malware issues. Encryption causes data, such as the content of an email, to be unintelligible except to those who have the proper key to decrypt it. This would not help remedy malware issues.
You are configuring web threat protection on the network and have identified a website that contains malicious content. Which of the following should you configure?
Web threat filtering Web threat filtering prevents a user from visiting websites with known malicious content. An administrator can monitor sites that have become infected with spyware or other malware and add them to the list of blocked sites. Content filtering can block users from visiting specific categories of websites. Virus scanners identify infected content and dispose of it. Anti-phishing software scans content to identify and dispose of phishing attempts, preventing outside attempts to access confidential information.
You are configuring web threat protection on the network and want to prevent users from visiting www.videosite.org. Which of the following needs to be configured?
Website filtering To block users from visiting a specific site, you should configure website filtering. Content filtering can block users from visiting specific categories of websites. Virus scanners identify infected content and dispose of it. Anti-phishing software scans content to identify and dispose of phishing attempts, preventing outside attempts to access confidential information.
In which of the following situations would you most likely implement a demilitarized zone (DMZ)?
You want to protect a public web server from attack. Use a demilitarized zone (DMZ) to protect public hosts on the internet, such as a web server, from attack. The DMZ uses an outer firewall that prevents internet attacks. All publicly-accessible hosts are inside the DMZ. A second firewall protects the private network from the internet. Use a Virtual Private Network (VPN) to encrypt data between two hosts on the Internet. Use Network Address Translation (NAT) to hide internal IP addresses from the internet. Use an Intrusion Prevention System (IPS) to detect and respond to threats in real time.
Which command should you use to display both listening and non-listening sockets on your Linux system? (Tip: enter the command as if in Command Prompt.)
netstat -a Use netstat -a to identify listening and non-listening sockets on a Linux system. A socket is an endpoint of a bidirectional communication flow across a computer network. Be aware of the other common netstat options: -l lists listening sockets. -s displays statistics for each protocol. -i displays a table of all network interfaces.
You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports?
nmap Use nmap to locate open ports. Open ports can provide information about which operating system a computer uses and might provide entry points or information about ways to formulate an attack. Use one of the following commands to scan for open ports: nmap -sT scans for TCP ports. nmap -sU scan for UDP ports. The netstat command shows the status of listening and non-listening sockets. A socket is an endpoint of a bidirectional communication flow across a computer network. The nslookup command is used for name resolution requests. The traceroute command tests and displays connectivity between devices.
Which command should you use to scan for open TCP ports on your Linux system? (Tip: enter the command as if in Command Prompt.)
nmap -sT Use nmap -sT to scan for open TCP ports. Open ports can provide information about which operating system a computer uses and might provide entry points or information about ways to formulate an attack. Use nmap -sU to scan for open UDP ports.
Which command would you use to list all of the currently defined iptables rules?
sudo iptables -L sudo iptables -L lists all of the currently defined rules. sudo iptables -A INPUT -j DROP would drop all incoming traffic. sudo /sbin/iptables-save saves changes to iptables on Ubuntu. sudo iptables -F would flush all current rules from iptables.
You want to make sure no unneeded software packages are running on your Linux server. Select the command from the drop-down list that you can use to see all installed RPM packages.
yum list installed Unneeded software takes disk space and could introduce security flaws. To see all the RPM packages installed on your Linux server, run the following command: yum list installed After running this command, complete the following: Research the function of any unrecognized RPM package to determine whether it is necessary. Use yum or rpm to uninstall unneeded packages.