Network Security Essentials Exam
ActiveX controls can run on any browser platform. T/F
False
Alt+F8 is the key combination that closes up pop-up windows. T/F
False
An IP proxy serves clients requests by caching HTTP information. T/F
False
RFI is a disturbance that can affect electrical circuits, devices, and cables due to electromagnetic conduction or radiation. T/F
False
Syslog uses port 161. T/F
False
The convert command converts an NTFS drive to FAT32. T/F
False
To accept fewer cookies, you would add them to the Restricted Sites zone. T/F
False
To open the Local Group Policy console window, a user can only use the MMC in the Run prompt. T/F
False
WPA2 has a typical key size of 128 bits. T/F
False
Which of the following should an administrator implement to research current attack methodologies? - Design reviews -Honeypot -Vulnerability scanner -Code reviews
Honeypot
A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability? A. Host-based firewall B. IDS C. IPS D. Honeypot
IDS
Which of the following devices should you use to keep machines behind it anonymous? -Caching proxy -IP proxy -Circuit level gateway -Firewall - UTM
IP Proxy
An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement? - Implement IIS hardening by restricting service accounts - Implement database hardening y applying vendor guidelines - Implement perimeter firewall rules to restrict access - Implement OS hardening by applying GPOs
Implement OS hardening by applying GPOs
Which of the following types of authentication packages user credentials in a ticket? - Kerberos -LDAP -TACACS+ -RADIUS
Kerberos
Which of the following enables a hacker to float a domain registration for a maximum of five days? - Kiting - DNS poisoning - Domain hijacking - Spoofing
Kiting
Which of the following means of wireless authentication is easily vulnerable to spoofing? -MAC filtering -WPA-LEAP -WPA-PEAP -Enabled SSID
MAC Filtering
What should you configure to improve wireless security? - Enable the SSID -IP spoofing -Remove repeaters -Use MAC filtering
MAC filtering
Mike, a network administrator, has been asked to passively monitor network traffic to the company's sales websites. Which of the following would be BEST suited for this task? A. HIDS B. Firewall C. NIPS D. Spam filter
NIPS
Which of the following can detect malicious packets and discard them? -Proxy server -NIDS -NIPS -PAT
NIPS
Which of the following misuses the Transmission Control Panel handshake process? - Man-in-the-middle attack - SYN attack - WPA attack - Replay attack
SYN Attack
What does isolation mode on an AP provide? - Hides the SSID - Segments each wireless user from every other wireless user - stops users from communicating with the AP - Stops users from connecting to the Internet
Segments each wireless user from every other wireless user
A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following? A. Dual-factor authentication B. Multifactor authentication C. Single factor authentication D. Biometric authentication
Single factor authentication
By turning on the phishing filter a person can prevent spyware. T/F
True
Crosstalk is when a signal transmitted on one copper wire creates an unwanted effect on another wire the signal "bleeds" over, so to speak.
True
Data emanations occurs most commonly on coaxial cable. T/F
True
Fiber-optic cable is not susceptible to data emanations. T/F
True
Hardening is the act of configuring an OS securely, updating it, and removing unnecessary applications. T/F
True
Ransomware holds a user's files for ransom by encrypting them. T/F
True
Subnetting increases security by compartmentalizing a network. T/F
True
The network tab in Firefox is used to connect to a proxy server. T/F
True
The systeminfo commands show a list of hot fixes that have been installed to the operating system.
True
To make changes to Internet Explorer policies that correspond to an OU, you need a domain controller. T/F
True
Which of the following are ways to help defend against distributed denial-of-service attacks? Select best three. - Update firewalls -Carefully select applications -Use intrusion prevention systems -use a 'clean pipe'
Update firewalls, carefully select applications, use a clean pipe
Which of the following should you implement to keep a well-maintained computer? - Update the firewall - Update the BIOS - Use a surge protector - Remove the unnecessary firewall
Update the BIOS
Which of the following can help to secure the BIOS of a computer? Select two: - Use a case lock - Use a BIOS supervisor password. - Configure a user password - Disable USB ports
Use a case lock
A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees' devices are connected? A. VPN B. VLAN C. WPA2 D. MAC filtering
VLAN
Which of the following is required to allow multiple servers to exist on one physical server? - Software as a Service (SaaS) - Platform as a Service (PaaS) - Virtualization - Infrastructure as a Service(IaaS)
Virtualization
Which of the following firewall rules only denies DNS zone transfers? - deny udp any any port 53 -deny ip any any -deny tcp any any port 53 -deny all dns packets
deny tcp any any port 53
Which of the following commands can be used to turn off a service? -net stop -net start -sc config -# chkconfig <service> off
net stop
Which commands disable a service in the command line? - net stop - net start -net disable -sc config
sc config
Which of the following ranges compromise the well-known ports category? - 1024-49.151 -0-1023 -49.152-65.535 -10.0.0.0-10.255.255.255
0-1023
A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default? A. 20 B. 21 C. 22 D. 23
21
While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens? A. Log Analysis B. VLAN Management C. Network separation D. 802.1x-----
802.1x
A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. Which of the following processes could MOST effectively mitigate these risks? - Application hardening - Application change management - Application patch management - Application firewall review
Application patch management
A group of compromised computers that have software installed by a worm or Trojan is known as which of the following? A. Botnet B. Virus C. Honeypot D. Zombie
A. Botnet
Which of the following is an inline device that checks all packets? A. Host-biased intrusion detection system B. Statistical anomaly C. Network intrusion detection system D. Personal software firewall
A. Host-biased intrusion detection system
Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure? A. PAT B. NAP C. DNAT D. NAC
A. PAT
A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface. PERMIT TCP ANY 80 PERMIT TCP ANY 443 Which of the following rules would accomplish this task? Select two. - Change the firewall default settings so that it implements an implicit deny -Apply the current ACL to all interfaces of the firewall. -Remove the current ACL -Add the following ACL at the top of the current ACL
Change the firewall default settings so that it implements an implicit deny, Add the following ACL at the top of the current
Which one of the following navigiational paths shows the current service pack level to the user? - Click start, right-click network, and select properties - Click start, right click computer, and select properties - Click start, right click computer, and select manage - Click start, right click network, and select manage
Click Start, right-click Computer, and select Properties
Which of the following technologies can store multi-tenant data with different security requirements? - Data loss prevention -Trusted platform module -Hard drive encryption -Cloud computing
Cloud computing
Which of the following encompasses application patch management? - Configuration management - Policy management - Cross-site request forgery - Fuzzing
Configuration management
Which tab on the internet options dialog box of Internet Explorer enables a person to make secure connections through a VPN? - Advanced tab -Content tab -Programs tab -Connections tab
D. Connections Tab
Your boss wants you to make changes to 20 computers Internet Explorer programs. To do this quickly, what is the best solution? - Use a proxy server. - Create an organizational unit. - Create a script. - Create and use a template.
D. Create and use a template
A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs: 10.10.3.16 10.10.3.23 212.178.24.26 217.24.94.83 These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring? A. XSS B. DDoS C. DoS D. Xmas
DDoS
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network? - VLAN - Subnet - VPN - DMZ
DMZ
Which of the following is used to house FTP servers, mail servers, and web servers so that people on the Internet can access them but cannot access any other of the orgnizations servers? - DMZ -Intranet -Subnet -VLAN
DMZ
Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed. Which of the following would be the BEST control to implement? A. File encryption B. Printer hardening C. Clean desk policies D. Data loss prevention
Data loss prevention
A MAC flood is when a person accesses a single port of a switch that was not physically secured. T/F
False
A NIDS can inspect traffic and possible remove, detain, or redirect malicious traffic. T/F
False
An intranet enables sister companies to access a secure area of a company's network. T/F
False
One way of protecting Microsoft Outlook is to use a password for modifying documents. T/F
False
One way to defend against a double-tagging attack is to put unplugged ports on the switch into an unused VLAN. T/F
False
One way to secure the administration interface of WAP is to turn it off when not in use. T/F
False
Which of the following cables suffers from chromatic dispersion if the cable is too long? -Twisted-pair cable -Fiber-optic cable -Coaxial cable -USB cables
Fiber-optic cable
Which of the following should be your primary defense? -Protocol analyzer -Proxy server -NIPS -Firewall
Firewall
Which of the following application security testing techniques is implemented when an automated system generates random input data? - Fuzzing - XSRF -Hardening -Input validation
Fuzzing
Of the following, what are three ways to increase the security of Microsoft Outlook? - password protect .PST files -Increase the junk email security level. -Set macro security levels -Install the latest security pack
Password to protect .PSt files Increase the junk email security level Install the latest security pack
After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue? A. Host based firewall B. Initial baseline configurations C. Discretionary access control D. Patch management system
Patch management system
Which of the following is not a good strategy for securing a WAP? - Use NAT filtering -Turn off the SSID -Place it in a Faraday cage -Use PNAC
Place it in a Faraday cage
Which of the following would a security administrator implement in order to identify a problem between two systems that are not communicating properly? -Protocol Analyzer - Baseline report -Risk assessment -Vulnerability scan
Protocol Analyzer
Which of the following should the security administrator implement to limit web traffic based on country of origin? Select three -Spam filter -Load balancer -Antivirus -Proxies -Firewall -NIDS -URL filtering
Proxies, firewall, URL filtering
Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address? A. Interference B. Man-in-the-middle C. ARP poisoning D. Rogue access point
Rogue Access point
By default, which of the following uses TCP port 22? Select 3. - FTPS -STELNET -TLS -SCP -SSL -HTTPS -SSH -SFTP
SCP, SSH, SFTP
Which of the following protocols allow for the secure transfer of files? (Select best two) - SNMP - SFTP - TFTP - SCP - ICMP
SFTP, SCP
On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the MOST likely cause for this issue? A. Too many incorrect authentication attempts have caused users to be temporarily disabled. B. The DNS server is overwhelmed with connections and is unable to respond to queries. C. The company IDS detected a wireless attack and disabled the wireless network. D. The Remote Authentication Dial-In User Service server certificate has expired.
The Remote Authentication Dial-In user Service server certificate has expired.
A service pack is a group of updates, bug fixes, updated drivers, and security fixes. T/F
True
A stateless packet filter is vulnerable to IP spoofing attacks. T/F
True
An older type of door access system might use a proximity sensor. T/F
True
Back Orifice is an example of a backdoor. T/F
True
The act of splitting the wires of a twisted-pair cable connection would be an example of which of the following? A. Wardriving B. Data emanation C. Wiretapping D. Spectral analyzing
Wiretapping
Where would a NIDS sit on a network? A. Inline B. On the extranet C. On the DMZ D. Back to back
an c