Security+ Chapter 3 Understanding Devices and infastructure
Which of the following is not a routing protocol?
ICMP
To combat looping, which of the ff technologies enable bridge/switch int to be assigned a value that is then used to control the learning process and prevent problems?
STP
You provide IT security services for a local middle school. You have been asked by school administration for a firewall solution that can control Internet access based on user and prevent access to specific URLs. Which type of firewall should you install?
Application level
Which AP-based technology can increase security dramatically by allowing or denying access based on a clients physical address?
MAC Filtering
In which two tunneling modes can IPSec Work?
Tunneling & Transport
Which network devices are used to divide larger networks into smaller sections by sitting between two physical network segments and managing the flow of data between the two?
Bridges
Servers or computers that have two NIC cards, each connected to separate networks, are known as what type of computers?
Dual-homed Which of the following types of firewalls will pass or block packets based on their IP address and TCP port number? Packet filter
You want to connect your small company network to the Internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate a connect to internal hosts. What type of network address translation (NAT) should you implement?
Dynamic
Which of the ff can be implemented as a software/hardware solution & is usually associated with a device - a router, a firewall, NAT, and so on- used to shift a load from one device to another?
Load Balancer
Which problem can occur when more than one bridge or switch is implemented on the network, and the devices confuse each other by leading one another to believe that a host is located on a certain segment when its not?
Looopy loop
Upper mngmnt has decreed that a firewall must be put in p0lace immediatley, before your site siffers an attack similar to one that struck a sister company. Responding to this order, your poss instructs you to implement a packet filter by the end of the week. A packet filder preforms which function?
Prevents unauth packets from entering network.
Which of the following is used on a wireless network to identify the network name?
SSID
Which of the ff can be used to offload the public-key encryption to a separate hardware plug-in card?
SSL Accelerator
Which of the ff work by decryption encrypted traffic (SSL or TLS), Inspecting it, and then re-encrypting it before sending it on to its destination?
SSL Decryptors
What is the switch technology that can help prevent a loop (broadcast storm) when a switch is connected to another switch?
STP
Which of the ff is a chip that can store cryptographic keys, passwords, or certificates?
TPM
AS more clients added to network, the efficiency of network as decreased. You're preparing a budget for next year, and specifically want to address this issue. Which of the ff devices acts primarily as a tool to improve network efficiency?
Switch
Which of the ff are multi-port devices that improve network efficiency?
Switches
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
ACL
Which type of load balancing config means that more than one load balancing server is working at all times to handle the load/requests as they come in?
Active-active
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall would you use?
Circuit-level
As it relates to security zones, which of the following can serve as a buffer network between a private secured network and the untrusted Internet?
DMZ
Which of the following is an IPsec header used to provide a mix of security services in IPv4 and IPv6?
ESP
Which of the following protocols provides data encryption for IPSec?
ESP
What is the main function of a TPM hardware chip?
Generate and store cryptographic keys
What is the process called when you reduce security exposure and tighten security controls?
Hardening
Which IDS system uses algorithms to analyze the traffic passing thru the network?
Heuristic
What is the most common VPN encryption protocol?
IPSec
Which of the ff protocols isn't a tunneling protocol but is prob used @ your site by tunneling protocols for net security?
IPSec
Which of the following solutions would you implement to track which websites that network users are accessing?
Proxy server
Which thype of load balancing scheduling is the first client request sent to the first group of servers, the second is sent to the second, and so on?
Round-Robin (think wow loot role)
Which device stores info about destinations in a network?
Router
Which of the ff devices is the most capable of providing infastructire security?
Router
With which tunnel config are only some (usually all incoming) requests routed and encrypted over the VPN?
Split
What type of inspections occurs at all levels of the network and provide additional security using a state table that tracks every communications channel?
Stateful
If you wanted to connect two networks securely over the Internet, what type of technology could you use?
VPN
Which of the ff protection implies that info, once written, cannot be modified?
WORM! Written once, read many. (Once bitten, twice shy!)
To protect the confidentiality of wireless data that is being transmitted between a wireless client and the access-point (AP), which of the following is the most secure encryption option to utilize?
WPAII
An organization has had confidential data removed by unscrupulous employees within the organization. They want to implement a technology to help prevent data exfiltration.
What technology should they implement? DLP
