Security+ Set 2
Frequency bands for IEEE 802.11 networks include: (Select 2 answers) 5.0 GHz 2.4 GHz 5.4 GHz 2.0 GHz
5.0 GHz 2.4 GHz
Which of the acronyms listed below refers to a set of rules that specify which users or system processes are granted access to objects as well as what operations are allowed on a given object? CRL NAT BCP ACL
ACL
Which of the following answers applies to a Rule-Based Access Control (RBAC) mechanism implemented on routers, switches, and firewalls? ACL CSR DLP AUP
ACL
Which part of the IPsec protocol suite provides authentication and integrity? CRC AH SIEM AES
AH Authentication Header (AH) is a protocol and part of the Internet Protocol Security (IPsec) protocol suite, which authenticates the origin of IP packets (datagrams) and guarantees the integrity of the data. The AH confirms the originating source of a packet and ensures that its contents (both the header and payload) have not been changed since transmission. If security associations have been established, AH can be optionally configured to defend against replay attacks using the sliding window technique
An infrastructure device designed for connecting wireless/wired client devices to a network is commonly referred to as: Captive portal Access Point (AP) Intermediate Distribution Frame (IDF) Active hub
Access Point (AP)
Which of the following statements describe the function of a forward proxy? (Select 2 answers) Acts on behalf of a client Hides the identity of a client Acts on behalf of a server Hides the identity of a server
Acts on behalf of a client Hides the identity of a client
A company's security policy requires all employee devices to have a software installed that would run as a background service on each device and perform host security health checks before granting/denying it access to the corporate intranet. Based on the given description, which of the answers listed below can be used to describe the software's features? (Select 2 answers) Agentless Dissolvable Agent-based Permanent
Agent-based Permanent
A properly configured antispoofing mechanism on a router should block Internet traffic from IP addresses in the range of: 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 All of the above
All of the above
What type of network traffic filtering criteria can be set on a router? Filtering by IP address Filtering by network protocol Filtering by subnet Filtering by logical port number All of the above
All of the above
In active-active mode, load balancers distribute network traffic across: Least utilized servers None of the servers All servers Most utilized servers
All servers
A situation in which an application writes to or reads from an area of memory that it is not supposed to access is referred to as: DLL injection Buffer overflow Memory leak Integer overflow
Buffer overflow In information security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. ... Exploiting the behavior of a buffer overflow is a well-known security exploit.
Which functionality allows a DLP system to fulfill its role? Motion detection Environmental monitoring Content inspection Loop protection
Content inspection
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as: DLL ISO EXE INI
DLL Short for Dynamic Link Library, a library of executable functions or data that can be used by a Windows application. Typically, a DLL provides one or more particular functions and a program accesses the functions by creating either a static or dynamic link to the DLL.
Which of the terms listed below describes a type of attack that relies on executing a library of code? Memory leak DLL injection Pointer dereference Buffer overflow
DLL injection In computer programming, DLL injection is a technique used for running code within the address space of another process by forcing it to load a dynamic-link library. DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend
Which of the following acronyms refers to software or hardware-based security solutions designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network? DRP DHE DLP DEP
DLP
Which of the following answers refers to a common antenna type used as a standard equipment on most Access Points (APs) for indoor Wireless Local Area Network (WLAN) deployments? Dipole antenna Dish antenna Unidirectional antenna Yagi antenna
Dipole antenna
Which of the antenna types listed below provide a 360-degree horizontal signal coverage? (Select 2 answers) Unidirectional antenna Dipole antenna Dish antenna Omnidirectional antenna Yagi antenna
Dipole antenna Omnidirectional antenna
Which of the following answers refer to highly directional antenna types used for long-range point-to-point bridging links? (Select 2 answers) Dipole antenna Omnidirectional antenna Dish antenna Non-directional antenna Unidirectional antenna
Dish antenna Unidirectional antenna
What are the characteristic features of a transparent proxy? (Select all that apply) Doesn't require client-side configuration Modifies client's requests and responses Redirects client's requests and responses without modifying them Clients might be unaware of the proxy service Requires client-side configuration
Doesn't require client-side configuration Redirects client's requests and responses without modifying them Clients might be unaware of the proxy service
Which of the IPsec protocols provides authentication, integrity, and confidentiality? AES SHA AH ESP
ESP An Encapsulating Security Payload (ESP) is a protocol within the IPSec for providing authentication, integrity and confidentially of network packets data/payload in IPv4 and IPv6 networks. ESP provides message/payload encryption and the authentication of a payload and its origin within the IPSec protocol suite.
What type of security measures can be implemented on an MX gateway? (Select all that apply) Encryption Security guards DLP Motion detection Spam filter
Encryption DLP Spam filter
An SSL decryptor card is a type of dedicated hardware device that improves performance of a server by taking over computational tasks related to handling of encrypted network traffic. True False
False
SSL/TLS accelerators are used to decode secure communication links for the purpose of content inspection. True False
False
VPNs can be either remote-access (used for connecting networks) or site-to-site (used for connecting a computer to a network). True False
False In a site-to-site VPN configuration, hosts do not have VPN client software; they send and receive normal TCP/IP traffic through a VPN gateway Remote-access VPNs connect individual hosts to private networks -- for example, travelers and teleworkers who need to access their company's network securely over the internet.
Stateless inspection is a firewall technology that keeps track of network connections and based on the collected data determines which network packets should be allowed through the firewall. True False
False Packet filtering enables you to inspect the components of incoming or outgoing packets and then perform the actions you specify on packets that match the criteria you specify. The typical use of a stateless firewall filter is to protect the Routing Engine processes and resources from malicious or untrusted packets.
Which of the following terms refers to a situation where no alarm is raised when an attack has taken place? False negative True positive False positive True negative
False negative
An antivirus software identifying non-malicious file as a virus due to faulty virus signature file is an example of: Fault tolerance False positive error Quarantine function False negative error
False positive error
A software or hardware that checks information coming from the Internet and depending on the applied configuration settings either blocks it or allows it to pass through is called: Antivirus Firewall Antispyware Malware
Firewall In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.
What is the name of a security mechanism that protects a network switch against populating its MAC table with invalid source addresses? Honeypot Firewall Flood guard Antivirus
Flood guard
Which of the answers listed below refers to a piece of hardware and associated software/firmware designed to provide cryptographic functions? HSM EFS STP WAF
HSM
An IDS that detects intrusions by comparing network traffic against the previously established baseline can be classified as: (Select all that apply) Heuristic Anomaly-based Behavioral Signature-based
Heuristic Anomaly-based Behavioral
Which of the statements listed below describe the function of a reverse proxy? (Select 2 answers) Acts on behalf of a client Hides the identity of a server Acts on behalf of a server Hides the identity of a client
Hides the identity of a server Acts on behalf of a server
What is the purpose of steganography? Checking data integrity Calculating hash values Hiding data within another piece of data Data encryption
Hiding data within another piece of data
A monitored host containing no valuable data specifically designed to detect unauthorized access attempts is known as: UTM appliance Trojan horse Captive portal Honeypot
Honeypot
Which of the answers listed below illustrates the difference between passive and active security breach response? HIPS vs. NIPS UTM vs. Firewall NIPS vs UTM IDS vs. IPS
IDS vs. IPS The Intrusion Detection System (IDS) provides the network with a level of preventive security against any suspicious activity. The IDS achieves this objective through early warnings aimed at systems administrators. However, unlike IPS, it is not designed to block attacks. An Intrusion Prevention System (IPS) is a device that controls access to IT networks in order to protect systems from attack and abuse. It is designed to inspect attack data and take the corresponding action, blocking it as it is developing and before it succeeds, creating a series of rules in the corporate firewall, for example.
Which of the following answers applies to a situation where an Ethernet switch acts as an authenticator for devices that intend to connect to a network through one of its ports? IEEE 802.1X IEEE 802.11ac IEEE 802.1D IEEE 802.11x
IEEE 802.1X
Which of the following applies to a request that doesn't match the criteria defined in an ACL? Group policy Implicit deny rule Transitive trust Context-aware authentication
Implicit deny rule An implicit deny is when a user or group are not granted a specific permission in the security settings of an object, but they are not explicitly denied either. ... An implicit deny only denies a permission until the user or group is allowed to perform the permission.
Which of the following violates the principle of least privilege? On-boarding process Improperly configured accounts Shared accounts for privileged users Time-of-day restrictions
Improperly configured accounts The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Under POLP, users are granted permission to read, write or execute only the files or resources they need to do their jobs: In other words, the least amount of privilege necessary.
Which of the terms listed below describes a programming error where an application tries to store a numeric value in a variable that is too small to hold it? Buffer overflow Pointer dereference Memory leak Integer overflow
Integer overflow Integer overflow is the result of trying to place into computer memory an integer (whole number) that is too large for the integer data type in a given system. ... Because of this, the condition may lead to a security breach through a buffer overflow or other malicious code.
Examples of password cracking software include: (Select 2 answers) Security Onion John the Ripper Cain & Abel Back Orifice tcpdump
John the Ripper Cain & Abel
Routers operate at: (Select 2 answers) Physical layer of the OSI model Application layer of the OSI model Layer 3 of the OSI model Network layer of the OSI model Layer 5 of the OSI model
Layer 3 of the OSI model Network layer of the OSI model
A network device designed for managing the optimal distribution of workloads across multiple computing resources is known as: Layer 3 switch Access Point (AP) Load balancer Domain controller
Load balancer
Which of the actions listed below can be taken by an IDS? (Select 2 answers) Firewall reconfiguration Closing down connection Logging Terminating process Sending an alert
Logging Sending an alert It provides protection to the individual host and can detect potential attacks and protect critical operating system files. The primary goal of any IDS is to monitor traffic. The role of a host IDS is passive, only gathering, identifying, logging, and alerting.
Which of the following answers refer to the implementations of NAC? (Select 2 answers) IPsec MAC filter BYOD 802.1X HIDS/HIPS
MAC filter 802.1X
A network security access control method whereby the 48-bit physical address assigned to each network card is used to determine access to the network is known as: MAC filtering Network Address Translation (NAT) Static IP addressing Network Access Control (NAC)
MAC filtering
Disabling SSID broadcast: Is one of the measures used in securing wireless networks Makes a WLAN harder to discover Blocks access to a WAP Prevents wireless clients from accessing the network
Makes a WLAN harder to discover
A type of device that translates data between different communication formats is called: Multilayer switch Media gateway Protocol analyzer Media converter
Media gateway
A situation in which an application fails to properly release memory allocated to it or continually requests more memory than it needs is called: Memory leak Buffer overflow DLL injection Integer overflow
Memory leak A memory leak is the gradual loss of available computer memory when a program (an application or part of the operating system) repeatedly fails to return memory that it has obtained for temporary use. ... A memory leak is the result of a program bug.
Which of the answers listed below is an example of exploitation framework? tcpdump Metasploit Security Onion OpenVAS
Metasploit
What is the name of a Linux distribution commonly used as a target system for practicing penetration testing techniques? Kali Linux Debian Metasploitable Red Hat SELinux
Metasploitable
Modifies client's requests and responses Doesn't require client-side configuration Requires client-side configuration Redirects client's requests and responses without modifying them
Modifies client's requests and responses Requires client-side configuration
A type of computer security solution that allows to define and enforce network access policies is known as: NAC NIDS NFC NAT
NAC
Which of the following network security solutions inspects network traffic in real-time and has the capability to stop the ongoing attack? NIPS HIDS NIDS NIST
NIPS A network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.
Which of the following tools offers the functionality of a configuration compliance scanner? Zenmap Roo Nessus DBAN
Nessus
What is Nmap? Network scanner Exploitation framework Protocol analyzer Password cracker
Network scanner
In a round-robin method, each consecutive request is handled by: (Select best answer) First server in a cluster Next server in a cluster Least utilized server in a cluster Last server in a cluster
Next server in a cluster
Which of the tools listed below offers the functionality of a vulnerability scanner? Roo OpenVAS Wireshark pfSense
OpenVAS
A security administrator configured an IDS to receive traffic from a network switch via port mirroring. Which of the following terms can be used to describe the operation mode of the IDS? (Select 2 answers) In-band Passive Inline Out-of-band
Passive Out-of-band
Which of the following terms describes an attempt to read a variable that stores a null value? Integer overflow Pointer dereference Buffer overflow Memory leak
Pointer dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Extended Description. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
A software tool used for capturing and examining contents of the network traffic is known as: Port scanner Honeypot Protocol analyzer Vulnerability scanner
Protocol analyzer
In computer networking, a computer system or an application that acts as an intermediary between another computer and the Internet is commonly referred to as: Bridge Active hub Server Proxy
Proxy
A device designed to filter and transfer IP packets between dissimilar types of computer networks is called: Hub Switch Load balancer Router
Router
A technology that allows for real-time analysis of security alerts generated by network hardware and applications is known as: LACP DSCP SIEM LWAPP
SIEM
Which of the following acronyms is used as a unique identifier for a WLAN (a wireless network name)? BSS SSID ESS IBSS
SSID
Which of the following protocols provide protection against switching loops? (Select 2 answers) RTP SRTP RDP STP RSTP
STP RSTP
Which of the terms listed below refers to a method for permanent and irreversible removal of data stored on a memory device? Sanitization High-level formatting Recycle Bin (MS Windows) Partitioning
Sanitization
In active-passive mode, load balancers distribute network traffic across: All servers Servers marked as active Least utilized servers Servers marked as passive
Servers marked as active
Which of the terms listed below refers to a method that ignores the load balancing algorithm by consistently passing requests from a given client to the same server? Round-robin method Active-active configuration Session affinity Least connection method
Session affinity
Examples of secure VPN tunneling protocols include: (Select 2 answers) bcrypt SCP IPsec WEP TLS
Some of the most commonly used protocols include: Open VPN (SSL/TLS) Internet Protocol Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), Secure Socket Tunneling Protocol (SSTP),
Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by allowing users simultaneously make use of both the VPN and public network links? Tethering Split tunnel Load balancing Full tunnel
Split tunnel Split tunneling is a computer networking concept which allows a mobile user to access dissimilar security domains like a public network and a local LAN or WAN at the same time, using the same or different network connections.
Which of the answers listed below refers to a data link layer (layer 2) device designed to forward data packets between Local Area Network (LAN) segments? Router Hub Switch Repeater
Switch
An effective asset management process provides countermeasures against: (Select all that apply) System sprawl Race conditions Undocumented assets Architecture and design weaknesses User errors
System sprawl Undocumented assets Architecture and design weaknesses
A type of architecture in which most of the network configuration settings of an Access Point (AP) are set and managed with the use of a central switch or controller is called: Thin AP Infrastructure mode Fat AP Ad hoc mode
Thin AP
An IPsec mode providing encryption only for the payload (the data part of the packet) is known as: Protected mode Tunnel mode Transport mode Safe mode
Transport mode The transport mode encrypts only the payload and ESP trailer; so the IP header of the original packet is not encrypted. ... The transport mode is usually used when another tunneling protocol (such as GRE, L2TP) is used to first encapsulate the IP data packet, then IPsec is used to protect the GRE/L2TP tunnel packets.
A common example of channel overlapping in wireless networking could be the 2.4 GHz band used in 802.11 networks, where the 2.401 - 2.473 GHz frequency range is used for allocating 11 channels, each taking up a 22-MHz portion of the available spectrum. Setting up a wireless network to operate on a non-overlapping channel (1, 6, and 11 in this case) allows multiple networks to coexist in the same area without causing interference. True False
True
A network switch equipped with the routing capability is sometimes referred to as a layer 3 switch. True False
True
An IP address that doesn't correspond to any actual physical network interface is called a virtual IP address (VIP/VIPA). True False
True
In a weighted round-robin method, each consecutive request is handled in a rotational fashion, but servers with higher specs are designated to process more workload. True False
True
The process of securing networking devices should include the practice of disabling unused physical ports. True False
True
The purpose of a downgrade attack is to make a computer system fall back to a weaker security mode which makes the system more vulnerable to attacks. True False
True
The term "Always-on VPN" refers to a type of persistent VPN connection the starts automatically as soon as the computer detects a network link. True False
True
The term "Fat AP" refers to a stand-alone Access Point (AP) device type offering extended network configuration options that can be set and managed after logging in to the device. True False
True
A type of IDS that relies on predetermined attack patterns to detect intrusions is referred to as a signature-based IDS. True False
True Signature-based IDS refers to the detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware. This terminology originates from anti-virus software, which refers to these detected patterns as signatures.
In the IT industry, the term "System sprawl" is used to describe poor hardware resource utilization. True False
True The growth is resources that exceeds current capacity to effectively manage.
Which of the IPsec modes provides entire packet encryption? Tunnel Payload Transport Default
Tunnel In this context, tunnel refers only to the method by which IPSec packets are constructed, while IKE and IPSec tunnels are conceptually defined as secure logical connections between hosts. IPSec tunnels can use transport mode or tunnel mode encapsulation.
Which of the answers listed below refer(s) to security solution(s) that can be implemented as a function of a DLP system? (Select all that apply) USB blocking Virtualization Email monitoring Directory services Cloud-based security
USB blocking Email monitoring Cloud-based security
Which of the following statements describing the functionality of SIEM is not true? Data can be collected from many different sources Collected data can be processed into actionable information Automated alerting and triggers Time synchronization Event deduplication Use of rewritable storage media
Use of rewritable storage media
What is the best countermeasure against social engineering? AAA protocols User authentication Strong passwords User education
User education: Not educating your end-users in cybersecurity initiatives is like trying to keep a flood at bay using a screen door. Your end-users are the first line of defense against cybersecurity attacks (like phishing scams).
Which of the answers listed below refers to a dedicated device for managing encrypted connections established over an untrusted network, such as the Internet? VPN concentrator Load balancer Managed switch Multilayer switch
VPN concentrator A VPN concentrator is a type of networking device that provides secure creation of VPN connections and delivery of messages between VPN nodes. It is a type of router device, built specifically for creating and managing VPN communication infrastructures.
What type of IP address would be assigned to a software-based load balancer to handle an Internet site hosted on several web servers, each with its own private IP address? IPv4 address Virtual IP address Non-routable IP address IPv6 address
Virtual IP address
An e-commerce store app running on an unpatched web server is an example of: Architecture/design weakness Risk acceptance Vulnerable business process Security through obscurity
Vulnerable business process: Business Process Compromise (BPC) is a type of attack that has come into focus recently. It particularly targets the unique processes or machines facilitating these processes to quietly manipulate them for the attacker's benefit. Attackers infiltrate the enterprise and look for vulnerable practices, susceptible systems, or operational loopholes.
Which of the tools listed below would be of help in troubleshooting signal loss and low wireless network signal coverage? Logical network diagram Protocol analyzer WAP power level controls Physical network diagram
WAP power level controls
Which of the terms listed below refers to computer data storage systems, data storage devices, and data storage media that can be written to once, but read from multiple times? DVD-RW Tape library Floppy disk WORM
WORM
An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against: War chalking Tailgating War driving Shoulder surfing
War driving
What type of device would be the most convenient for interconnecting two or more physically separated network segments? Wireless bridge Layer 3 switch Wireless Access Point (WAP) Cable modem
Wireless bridge
Which of the following tools would be used to perform a site survey? pfSense Wireless scanner OpenVAS Nmap
Wireless scanner
Which of the tools listed below would be used to detect a rogue AP? HIDS Vulnerability scanner Packet sniffer Wireless scanner
Wireless scanner
Which of the following is a GUI packet sniffer? pfSense Nmap tcpdump Wireshark
Wireshark
Zero-day attack exploits: New accounts Patched software Vulnerability that is present in already released software but unknown to the software developer Well known vulnerability
Zero-day attack exploits: Vulnerabilities that are/can be exploited before the vendor is aware.
Which of the following is a CLI packet sniffer? Nmap tcpdump OpenVAS Wireshark
tcpdump