Network Security (Security+ Exam)
Omni Antenna
a multi-directional antenna that radiates radio wave power uniformly in all directions in one plane with a radiation pattern shaped like a doughnut
Which device is designed to provide the most efficient transmission of traffic that is NOT specifically denied between networks?
a router
Often the sales people for your company need to connect some wireless devices together without having an access point available. You need to set up their laptops to ensure that this communication is possible. Which communications mode should you use?
ad hoc
Which term is synonymous with protocol analyzing?
packet sniffing
What is the purpose of content inspection?
to search for malicious code or behavior
You are responsible for managing your company's virtualization environment. Which feature should NOT be allowed on a virtualization host?
browsing the Internet
Which firewall architecture has two network interfaces?
dual-homed firewall
A user complains that he is unable to communicate with a remote virtual private network (VPN) using L2TP. You discover that the port this protocol uses is blocked on the routers in your network. You need to open this port to ensure proper communication. Which port number should you open?
1701
A server is located on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall?
20
A Web server is located on a DMZ segment. The Web server only serves HTTP pages, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall?
80
Your company management has recently purchased a RADIUS server. This RADIUS server will be used by remote employees to connect to internal resources. You need to ensure that multiple client computers, including Windows Vista and Windows 7, are able to connect to the RADIUS server in a secure manner. What should you deploy?
802.1X
SCP
A protocol that allows files to be copied over a secure connection
SSL
A protocol that secures messages between the Application and Transport layer
SSH
A protocol that uses a secure channel to connect a server and a client
ICMP
A protocol used to test and report on path information between network devices
Your organization purchases a set of offices adjacent to your current office. You need to broaden the area to which a wireless access point (AP) can transmit. What should you do
Adjust the power level setting slightly higher.
Platform as a Service (PaaS)
Allows organizations to deploy Web servers, databases, and development tools in a cloud
Infrastructure as a Service (IaaS)
Allows organizations to deploy virtual machines, servers, and storage in a cloud
Software as a Service (SaaS)
Allows organizations to run applications in a cloud
Which statement is NOT a characteristic of a network-based intrusion detection system (NIDS)?
An NIDS analyzes encrypted information
Your company has decided to deploy a new wireless network at a branch office. This branch office is located in a busy commercial district. Management has asked you to fully assess the external vulnerabilities of the wireless network before it is deployed. Which three conditions should you assess?
Antenna selection Antenna placement Access point power
You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack.
Change the default Service Set Identifier (SSID). Disable SSID broadcast. Configure the network to use authenticated access only. Configure the WEP protocol to use a 128-bit key.
Management has recently expressed concern over port security. You have been asked to ensure that all network ports are as secure as possible. Which of the following methods of port security should you implement? (Choose all that apply.)
Ensure that wiring closets are locked. Ensure that TCP and UDP ports are managed properly. Ensure that the MAC address of connected devices are monitored.
You have been hired as a security consultant by a new small business. The business owner wants to implement a secure Web site. You suggest that the Web pages be secured using SSL. Which protocol should be used?
HTTPS
You have been hired to assess the security needs for an organization that uses several Web technologies. During the assessment, you discover that the organization uses HTTPS, S-HTTP, ActiveX, and JavaScript. You need to rank these technologies based on the level of security they provide. Which of the technologies listed provides the highest level of security?
HTTPS
Which system detects network intrusion attempts and controls intruder access to the network?
IPS
You work for a company that installs networks for small businesses. During a recent deployment, you configure a network to use the Internet Protocol Security (IPSec) protocol. The business owner asks you to explain why this protocol is being used. Which three are valid reasons for using this protocol?
IPSec can work in either tunnel mode or transport mode. IPSec uses Encapsulation Security Payload (ESP) and Authentication Header (AH) as security protocols for encapsulation. The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions.
Your organization is trying to increase network security. After a recent security planning meeting, management decides to implement a protocol that digitally signs packet headers and encrypts and encapsulates packets. Which protocol should you implement?
IPsec
You are aware that any system in the demilitarized zone (DMZ) can be compromised because the DMZ is accessible from the Internet. What should you do to mitigate this risk?
Implement every computer on the DMZ as a bastion host
Your company currently uses IPv4 addresses on its network. You need to convince your organization to start using IPv6 addresses. Which two reasons for changing should you give management?
It has 340 undecillion available addresses It uses 128-bit addresses
What is a disadvantage of a hardware firewall compared to a software firewall?
It has a fixed number of available interfaces
You are implementing a new VPN for your organization. You need to use an encrypted tunneling protocol that protects transmitted traffic and supports the transmission of multiple protocols. Which protocol should you use?
L2TP over IPSec
During maintenance, you often discover invalid devices connected to your wireless network. You need to ensure that only valid corporate devices can connect to the network. What should you configure to increase the security of this wireless network?
MAC filtering
You need to implement security countermeasures to protect from attacks being implemented against your PBX system via remote maintenance. Which policies provide protection against remote maintenance PBX attacks?
Turn off the remote maintenance features when not needed. Use strong authentication on the remote maintenance ports. Keep PBX terminals in a locked, restricted area. Replace or disable embedded logins and passwords.
Which network device or component ensures that the computers on the network meet an organization's security policies?
NAC
Which network entity acts as the interface between a local area network and the Internet using one IP address?
NAT router
At which layer of the OSI model do routers operate?
Network
You need to ensure that a single document transmitted from your Web server is encrypted. What should you do?
Use S-HTTP
You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA). You want to ensure that no unauthorized wireless access points are established. What should you do?
Periodically complete a site survey.
Management has requested that you ensure all firewalls are securely configured against attacks. You examine one of your company's packet-filtering firewalls. You have configured the following rules on the firewall: • Permit all traffic to and from local hosts. • Permit all inbound TCP connections. • Permit all SSH traffic to linux1.kaplanit.com. • Permit all SMTP traffic to smtp.kaplanit.com. Which rule will most likely result in a security breach?
Permit all inbound TCP connections
Your company has decided to deploy a data storage network solution. You have been asked to research the available options and report the results, including deployment cost, performance, and security issues. Which of the following solutions should NOT be included as part of your research?
RAID
You manage the security for a small corporate network that includes a hub and firewall. You want to provide protection against traffic sniffing. What should you do?
Replace the hub with a switch.
Which network devices can you use to connect two or more of the LAN segments together without collisions?
Router Switch Bridge
One department in your company needs to be able to easily transfer files over a secure connection. All of the files are stored on a UNIX server. You have been asked to suggest a solution. Which protocol should you suggest?
SCP
Recently, your company's network has been attacked from outside the organization. The attackers then changed the configuration of several network devices. Management has asked you to monitor network devices on a regular basis. Which protocol should you deploy?
SNMP
Your company has a UNIX computer. Several users have requested remote access to this server. You need to implement a solution that transmits encrypted authentication information over a secure communications channel and transmits data securely during terminal connections with UNIX computers. Which technology should you use?
SSH
A small business owner wants to be able to sell products over the Internet. A security professional suggests the owner should use SSL. Which statement is NOT true of this protocol?
SSL operates at the Network layer of the OSI model
Your company implements an Ethernet network. During a recent analysis, you discover that network throughput capacity has been wasted as a result of the lack of loop protection. What should you deploy to prevent this problem?
STP
Which tool is an intrusion detection system (IDS)?
Snort
You company needs to be able to provide employees access to a suite of applications. However, you do not want the employees to install a local copy of the applications. Which method should you use to deploy the suite of applications?
Software as a Service
Management of your company wants to allow the departments to share files using some form of File Transfer Protocol (FTP). You need to explain the different FTP deployments. By default, which FTP solution provides the LEAST amount of security?
TFTP
Recently, an IT administrator contacted you regarding a file server. Currently, all users are granted access to all of the files on this server. You have been asked to change the configuration and designate which users can access the files. What should you use to do this?
an ACL
Which type of monitoring is most likely to produce a false alert?
anomaly-based
While performing routine network monitoring for your company, you notice a lot of IPSec traffic. When you report your findings to management, management wants you to explain the high amount of IPSec traffic. What is a common implementation of this protocol that you should mention?
VPN
Which device is the BEST solution to protect all traffic on an HTTP/HTTPS server?
Web application firewall
Which type of firewall is most detrimental to network performance?
application-level proxy firewall
You are creating an IDS solution for your company's network. You define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted. Which type of IDS are you using?
behavior-based
You have been hired by a law firm to create a demilitarized zone (DMZ) on their network. Which network device should you use to create this type of network?
a firewall
What is an embedded firewall?
a firewall that is integrated into a router
You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. The solution must be hardware based. Which type of network should you deploy?
a VLAN
What is a Web security gateway?
a device that filters Web content
Sector Antenna
a directional antenna with a circle measured in degrees of arc radiation pattern
Yagi Antenna
a directional antenna with high gain and narrow radiation pattern
You have been hired as a company's network administrator. The company's network currently uses statically configured IPv4 addresses. You have been given a list of addresses that are used on the network that include the addresses listed in the options. However, you are sure that some of these addresses are NOT IPv4 addresses. Which addresses are not valid?
fe80::200:f8ff:fe21:67cf 00-0C-F1-56-98-AD
Which term is most commonly used to describe equipment that creates a demilitarized zone (DMZ)?
firewall
Several users report that they are having trouble connecting to the organization's Web site that uses HTTPS. When you research this issue, you discover that the Web client and Web server are not establishing a TCP/IP connection. During which phase of SSL communication is the problem occurring?
handshake
Which type of firewall is also referred to as an appliance firewall?
hardware
You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: • The VPN gateway should require the use of Internet Protocol Security (IPSec). • All remote users must use IPSec to connect to the VPN gateway. • No internal hosts should use IPSec. Which IPSec mode should you use?
host-to-gateway
You have been hired by a small company to ensure that their internal network is protected against attacks. You must implement a secure network. As part of this implementation, what should be the default permission position?
implicit deny
You need to ensure that wireless clients can only communicate with the wireless access point and not with other wireless clients. What should you implement?
isolation mode
What is the primary advantage of using a network-based intrusion detection system (NIDS)?
low maintenance
You must design the network for your company's new location. Which two considerations are important?
number of hosts to support number of subnetworks needed
Which type of firewall only examines the packet header information?
packet-filtering firewall
Which network device acts as an Internet gateway, firewall, and Internet caching server for a private network?
proxy server
Your manager has asked you to improve network security by confining sensitive internal data traffic to computers on a specific subnet using access control lists (ACLs). Where should the ACLs be deployed?
routers
Which type of monitoring requires that updates be regularly obtained to ensure effectiveness?
signature-based
Which type of intrusion detection system (IDS) watches for intrusions that match a known identity?
signature-based IDS
Dipole
the earliest, simplest, and most widely used antenna with a radiation pattern shaped like a doughnut