CH. 6 Quiz Questions
Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool? (Select 3) - Check for missing patches - Gather performance statistics for setting a baseline - Analyze packets for evidence of an attack - Check for open ports - Check user accounts for weak passwords
- Check for missing patches - Check for open ports - Check user accounts for weak passwords
OSSTMM analyzes an organization's security in 5 categories:
- Personnel security - Fraud and social engineering - Computer and telecommunications networks - Wireless and mobile devices - Physical security
Electronic penetration
- System scanning - Port scanning - Network monitoring - Sniffing - Fingerprinting
The following steps are included in the penetration testing process:
- Verifying that a threat exists - Bypassing security controls - Actively testing security controls - Exploiting vulnerabilities
Operations penetration
- dumpster diving - over-the-shoulder recon - social engineering
Physical Penetration
- enter a building w/o authorization - Access servers or workstations w/o authorization - Access wiring closets - Shut down power or other services
Actions to take when preparing for pen test:
- obtain written and signed authorization from highest possible senior management - delegating personnel who are experts in the areas being tested - gaining approval from ISP - all tools or programs used in the testing are legal and ethical - establish scope and timeline - identify systems not included in test - include in authorization a statement that limits tester's liability - review test findings with admin personell
Vulnerability scanners
- ping scans - udp scans - TCP connect scans - TCP SYN scans - TCP FIN scans - TCP XMAS scans - TCP NULL scans
Passive Reconnaissance
- putting a sniffer on the wire - eavesdropping on employee conversations - dumpster diving - browsing the organization's website
Enumeration methods include:
- social engineering - wardriving - war dialing - banner grabbing - firewalking - probing network with scanning tools - monitoring network - soliciting host-specific banners to identify function of remote host
Which ports does LDAP use by default? (Select2) - 110 - 69 - 161 - 389 - 636
389 and 636
Which of the following ports are used with TACACS? - 22 - 49 - 50 and 51 - 1812 and 1813 - 3389
49
You want to deploy SSL to protect authentication traffic with you LDAP-based directory service. Which port would this use? - 60 - 80 - 389 - 443 - 636 - 2208
636
You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch. Which of the following should you implement? - IPsec - Spanning Tree - 802.1x - Port security
802.1x
Which of the following is an appropriate definition of a VLAN? - A device used to router traffic between separate networks - A physical collection of devices that belong together and are connected to the same wire or physical switch - A device used to filter WAN traffic - A logical grouping of devices based on service need, protocol, or other criteria
A logical grouping of devices based on service need, protocol, or other criteria.
What is mutual authentication? - Using a CA (certificate authority) to issue certificates - Deploying CHAP and EAP on remote access connections - A process by which each party in an online communication verifies the identity of each other party - The use of two or more authentication factors
A process by which each party in an online communication verifies the identity of each other party
Network enumeration (network mapping)
A thorough and systematic discovery of as much of the corporate network as possible.
Which of the following is the best example of remote access authentication? - A user accesses a shared folder on a server - A user logs on to an e-commerce site that use SSL - A user establishes a dial-up connection to a server to gain access to shared resources - A user connects to a computer on the LAN using remote desktop
A user establishes a dial-up connection to a server to gain access to shared resources.
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices? - ARP spoofing/poisoning - Cross-site scripting - DNS poisoning - MAC spoofing
ARP spoofing/poisoning
Attempting to find the root password on a web server by brute force.
Active attack
Perpetrators attempt to compromise or affect the operations of a system.
Active attack
A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses NMAP to prove various network hosts to see which OS they are running. Which process did the admin use in the pen test in this scenario? - Firewalking - Network enumeration - Passive fingerprinting - Active fingerprinting
Active fingerprinting
Community cloud
Allows cloud services to be shared by several organizations
Which actions can a typical passive intrusion detection system take when it detects an attack? - LAN-side clients are halted and removed from the domain - An alert is generated and delivered via email, the console, or an SNMP trap - The IDS config is changed dynamically, and the source IP address is banned - The IDS logs all pertinent data about the intrusion
An alert is generated and delivered via email, the console, or an SNMP trap and the IDS logs all pertinent data about the intrusion
Penetration testing
An organization's attempt to circumvent security controls to identify vulnerabilities in their information systems. It simulates an actual attack on the network and is conducted from outside the organization's security perimeter. This helps assure the effectiveness of an organization's security policy, security mechanism implementations, and deployed countermeasures.
Passive fingerprinting
Analyzes communications to and from a remote host
Active fingerprinting
Analyzes the response to a stimulus. The analysis can determine the OS and patch level
This layer communicates with the control layer through what's called the northbound interface.
Application layer
Which of the following activities are typically associated with a penetration test? (Select2) - Running a vulnerability scanner on network servers - Interviewing employees to verify that the security policy is being followed - Attempting social engineering - Created a performance baseline - Running a port scanner
Attempting social engineering and running a port scanner
RADIUS is primarily used for what purposes? - Managing RAID fault-tolerant drive configurations - Controlling entry gate access using proximity sensors - Authenticating remote clients before access to the network is granted - Managing access to a network over a VPN
Authenticating remote clients before access to the network is granted
You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive. What option would you hit?
Back up credentials
While developing a network application, a programmer adds functionally that allows her to access the running program, without authentication, to capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. What type of security weakness does this represent? - Backdoor - Buffer overflow - Privilege escalation - Weak passwords
Backdoor
Network-based intrusion detection is most suited to detect and prevent which types of attacks? - Buffer overflow exploitation of software - Application implementation flaw - Brute force pw attack - Bandwidth-based denial of service
Bandwidth-based denial of service
Network-based intrusion detection is most suited to detect and prevent which types of attacks? - Buffer overflow exploitation of software - Bandwidth-based denial of service - Brute force pw attack - Application implementation flaws
Bandwidth-based denial of service
Which is a typical goal of MAC spoofing? - Rerouting local switch traffic to a specified destination - Bypassing 802.1x port-based security - Causing a switch to enter fail open mode - Causing incoming packets to broadcast to all ports
Bypassing 802.1x port-based security
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default? - EAP - CHAP - PAP - Certificates
CHAP
You are configuring a dial-up connection to a remote access server. Which of the protocols would you choose to establish the connection and authenticate, providing the most secure connection possible? (select2) - CHAP - SLIP - PPPoE - PPP - PAP
CHAP and PPP
MAC spoofing
Can be used to hide the identity of the attacker's computer or impersonate another device on the network.
Console port
Cannot be sniffed
MAC flooding
Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called fail open mode.
You've just deployed a new Cisco router so you can connect a new segment to your organization's network. The router is physically located in a server room that can only be accessed with an ID card. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration from your notebook computer by connecting it to the console port on the router. The web-based management interface uses the default username of cusadmin and a pw of highspeed. What should you do to increase the security of this device? - Remove any backdoors that might have been created by a programmer - Create a more complex password - Change the username - Change the username and create a more complex password
Change the username and create a more complex password
Which of the following is not true regarding cloud computing? - Cloud computing software, data access, computation, and storage services provided to clients through the internet - Cloud computing requires end user to have knowledge of the physical location and configuration of the system that delivers the services - Typical cloud computing providers deliver common business apps online that are accessed from another web service or software like a browser - The term cloud is a metaphor for the internet
Cloud computing requires end user to have knowledge of the physical location and configuration of the system that delivers the services
You have a small network of devices connected using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C, you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B. What should you do? - Connect hosts A and B together on the same switch port through a hub - Configure port mirroring - Manually set the MAC address of Host C to the MAC address of Host A - Configure the default gateway address on hosts A and B with the IP address of Host C
Configure port mirroring
You are the network administrator for a city library. Throughout the library are several groups of PCs that provide public access to the internet. Supervision of these PCs has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting network cables from the library PCs to connect their laptop to the Internet. The library PCs are in groups of 4. Each group of 4 PCs is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do? - Create a static MAC addresses for each computer and associate it with a VLAN - Configure port security on the switch - Remove the hub and place each library PC on its own access port - Create a VLAN for each group of 4 PCs
Configure port security on the switch
This layer provides the physical layer with configuration and instructions
Control layer
This layer receives its requests from the application layer
Control layer
Which of the following applications typically use 802.1x authentication? - Controlling access through the router - Authenticating VPN users through the internet - Controlling access through a WAP - Authenticating remote access clients - Controlling access through a switch
Controlling access through a WAP and through a switch
You notice that over the last few months more and more static systems, such as the office environment control system, the security system, and lighting controls, are connecting to your network. You know that these devices can be a security threat. Which of the following measures can you take to minimize the damage these devices can cause if they are compromised? - Create a VLAN to use a high-trust network zone for these static systems to connect to - Create a VLAN to use a low-trust network zone for these static systems to connect to - Create a VLAN to use a medium-trust network zone for these static systems to connect to - Create a VLAN to use as a no-trust network zone for these static systems to connect to
Create a VLAN to use a low-trust network zone for these static systems to connect to
You are responsible for maintaining Windows workstation operating systems in your organization. Recently, an update from Microsoft was automatically installed on your workstations that caused an in-house application to stop working. To keep this from happening again, you decide to test all updates on a virtual machine before allowing them to be installed on production workstations. Currently, none of your testing virtual machines have a network connection. However, they need to be able to connect to the update servers at Microsoft to download and install updates. What should you do? (select2) - Create a new vSwitch configured for internal networking - Create a new vSwitch configured for bridged (external) networking - Connect the virtual network interfaces in the VMs to the vSwitch - Create a new vSwitch configured for host-only networking - Disable the switch port that the hypervisor's network interface is connected to
Create a new vSwitch configured for bridged (external) networking and connect the virtual network interfaces in the virtual machines to the virtual switch.
You are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating system versions and editions. Currently, all of your testing virtual machines are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent this, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do? (Select2) - Create a new virtual switch configured for host-only (internal) networking - Create a new virtual switch configured for bridged (external) networking - Create a MAC address filters on the network switch that block each virtual machine's virtual network interfaces. - Connect the virtual network interfaces in the VMs to the vSwitch - Disable the switch port the hypervisor's network interface is connected to - Disconnect the network cable from the hypervisor's network interface
Create a new virtual switch configured for host-only (internal) networking and connect the virtual network interfaces in the VMs to the vSwitch
A manager has told you she is concerned about her employees writing their passwords for Web sites, network files, and database resources on sticky notes. Your office runs exclusively in a Windows environment. Which tool could be used to prevent this? - Local users and Groups - Computer management - Credential manager - Key management service
Credential manager
A security admin logs on to a Windows server on her organization's network. She the runs a vulnerability scan on that server. What type of scan was conducted in this scenario? - Non-credential scan - Ping scan - TCP SYN scan - Credential scan
Credential scan
Which protocol should you disable on the user access ports of a switch? - TCP - DTP - IPsec - PPTP
DTP
Rules of Engagement (ROE)
Defines the parameters and limits of the test; However, it usually does not include a complete list of all vulnerabilities.
You are using a vulnerability scanner that conforms to the OVAL specifications. Which o the following items containing a specific vulnerability or security issue that could be present on a system? - Repository - Definition - Library - Asset Risk - Threat agent
Definition
Which of the following functions can a port scanner provide? - Determining which ports are open on a firewall - Testing virus definition design for false positives - Auditing IPsec encryption algorithm configuration - Discovering unadvertised servers
Determining which ports are open on a firewall and discovering unadvertised servers
Which of the following best describes the concept of a VLAN? - Devices connected through the Internet that can communicate w/o using a network address - Devices connected by a transmission medium other than cable - Devices on different networks that can receive multicast packets - Devices on the same network logically grouped as if they were on separate networks - Devices in separate networks logically grouped as if they were in the same network
Devices on the same network logically grouped as if they were on separate networks
System scanning
Discovery protocols such as ICMP and SNMP to get as much info as possible from a system
Used to identify a weak network architecture or design.
Documentation
Which of the following are included in an operations penetration test? (Select2) - Scanning various ports on remote hosts looking for well-known services - Eavesdropping or obtaining sensitive information from items that are not properly stored - Sneaking into a building w/o authorization - Looking through discarded papers or media for sensitive info - Duplicating captured packets w/o altering or interfering with the flow of traffic on that medium
Eavesdropping or obtaining sensitive information from items that are not properly stored and looking through discarded papers or media for sensitive info
Single blind test
Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed
Which of the following is characteristic of TACACS+? - Requires authentication and authorization are combined in a single server - Encrypts the entire packet, not just the authentication packets - Uses UDP ports 1812 and 1813 - Supports only TCP/IP
Encrypts the entire packet, not just the authentication packets
Public-facing servers, workstations, Wi-Fi networks, and personal devices.
Entry points
Unauthorized individuals try to breach a network from off-site.
External attack
You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device? - Positive - False positive - False negative - Negative
False positive
Which of the following identifies an OS or network service based on its response to ICMP msgs? - Port scanning - Firewalking - Fingerprinting - Social engineering
Fingerprinting
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist? - Drop - Block - Flag - Tarpit
Flag
KWalletManager is a Linux based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials?(Two) - Twofish - HMAC-SHA1 - Kerberos - GPG - Blowfish
GPG and blowfish
What do host-based intrusion detection systems often rely upon to perform detection activities? - Remote monitoring tools - Host system auditing capabilities - External sensors - Network traffic
Host system auditing capabilities
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? - VPN concentrator - Port scanner - Network-based IDS - Host-based IDS - Protocol analyzer
Host-based IDS
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines? - Virtual switch - Virtual router - Virtual firewall - Hypervisor
Hypervisor
Which of the following devices can monitor a network and detect potential security attacks? - DNS server - Proxy - Load balancer - CSU/DSU - IDS
IDS
Which of the following are security devices that perform stateful inspection of packet data and look for patterns that indicate malicious code? - Firewall - ACL - IDS - VPN - IPS
IDS and IPS
Which of the following devices is capable of detecting and responding to security threats? - IPS - IDS - DNS server - Multi-layer switch
IPS
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? - IDS - Packet sniffer - Port scanner - IPS
IPS
Your organization's security policy specifies that P2P file sharing is not allowed. Recently, you received an anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work. You research BitTorrent and find that is uses TCP ports 6881-6889 by default. When you check your perimeter firewall configuration, only ports 80 and 443 are open. When you check your firewall logs, you find that no network traffic using ports 6881-6889 has been blocked. What should you do? - Block all outbound ports in the perimeter firewall - Implement an application control solution - Call HR and have the employee fired for violation of security policy - Determine that the accused employee is innocent and being framed
Implement an application control solution
Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do? - Implement an application-aware IPS in front of the web server - Implement a packet-filtering firewall in front of the web server - Implement an application-aware IDS in front of the web server - Install an anti-malware scanner on the web server - Implement a stateful firewall in front of the web server
Implement an application-aware IPS in front of the web server
You have decided to perform a double-blind penetration test. Which of the following actions would you perform first? - Inform senior management - Perform operational reconnaissance - Run system fingerprinting software - Engage in social engineering
Inform senior management
An older version of Windows that is used for a particular application.
Inherent vulnerabilities
IoT and SCADA devices.
Inherent vulnerabilities
Hybrid cloud
Integrates one cloud service with other cloud services
You want to check a server for user account that have weak password. Which tool should you use? - John the Ripper - Retina - OVAL - Nessus
John the Ripper
Which of the following protocols uses port 88? - L2TP - PPTP - TACACS - Kerberos - LDAP
Kerberos
Which of the following authentication mechanisms is designed to protect a 9 character pw from attacks by hashing the first 7 characters into a single hash then hashing the remaining 2 characters into another separate hash? - LANMAN - NTLMv2 - LDAP - NTLM
LANMAN
Which of the following describes a false positive when using an IPS device? - The source address identifying a non-existent host - Malicious traffic not being identified - Legitimate traffic being flagged as malicious - Malicious traffic masquerading as legitimate traffic - The source address matching the destination address
Legitimate traffic being flagged as malicious
Which of the following activities are considered passive in regards to the function of an intrusion detection system? - Transmitting FIN or RES packets to an external host - Listening to network traffic - Monitoring the audit trails on a server - Disconnecting a port being used by a zombie
Listening to network traffic and monitoring the audit trails on a server
Which of the following attacks, if successful, causes a switch to function like a hub? - Replay - MAC spoofing - ARP Poisoning - MAC flooding
MAC flooding
Open Source Security Testing Methodology Manual (OSSTMM)
Manual of a peer-reviewed methodology for performing security tests and metrics.
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffer software on a device which is connected to a hub w/ 3 other PCs. The hub is connected to the same switch that is connected to the router.When you run the software, you only see frames addressed to the 4 workstations and not to the router. Which feature should you configure? - Mirroring - Promiscuous mode - Spanning tree - Bonding
Mirroring
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with a user name of admin01 and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? - Move the router to a secure server room - Use a Telnet client to access the router config - Use encrypted type 7 passwords - Change the default admin username and pw - Use TFTP to backup the router config to a remote location
Move the router to a secure server room
Which of the following statements about virtual networks is true? (Select2) - Accessing network resources requires that the OS on the VM be configured on an isolated network - A virtual network is independent of the configuration and physical hardware of the host OS - Each virtual network must be associated with a single physical network adapter - Multiple virtual networks can be associated with a single physical network adapter - A virtual network is dependent on the configuration and physical hardware of the host OS
Multiple virtual networks can be associated with a single physical network adapter and a virtual network is dependent on the configuration and physical hardware of the host OS.
Which of the following is a feature of MS-CHAP v2 that is not included in CHAP? - Mutual authentication - Certificate-based authentication - 3way handshake - Hashed shared secret
Mutual authentication
What activity looks like in normal day-to-day usage.
Network baseline
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? - Network mapper - OVAL - Ping scanner - Port scanner
Network mapper
Your network devices are categorized into the following zone types: 1. No-trust zone 2. Low-trust zone 3. Medium-trust zone 4. High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network? - Network firewalling - Network segmentation - Virtual local area networking - Trust zone networking
Network segmentation
A security admin needs to run a vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. What type of scan should he use? - Credentialed scan - Non-credentialed scan - Port scan - Network mapping scan
Non-credentialed scan
Which of the following can make passwords useless on a router? - Using SSH to connect to a router remotely - Using the MD5 hashing algorithm to encrypt the password - Storing the router configuration file to a secure location - Not controlling physical access to the router
Not controlling physical access to the router
Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities? - Retina - OSSTMM - MBSA - OVAL
OVAL
You have a network w/ 3 remote access servers, a RADIUS server used for authentication and authorization, and a second RADIUS server used for accounting. Where should you configure remote access policies? - On one of the remote access servers - On each of the remote access servers - On the RADIUS server used for authentication and authorization - On the RADIUS server for accounting
On the RADIUS server used for authentication and authorization
Single-blind test
One in which one side has advanced knowledge. Either the attacker has prior knowledge about the target system, or the defender has knowledge about the impeding attack.
Double-blind test
One in which the penetration tester does not have prior info about the system and the defender has no knowledge that the test is being performed.
Which of the following authentication protocols transmits passwords in cleartext, and is, therefore, considered too insecure for modern networks? - EAP - RADIUS - CHAP - PAP
PAP
Which of the following best describes the Platform as a Service (PaaS) cloud computing service model? - PaaS delivers software applications to the client either over the internet or on a local are network - PaaS delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments - PaaS stores and provides data from a centralized location w/o the need for local collection and storage - PaaS delivers everything a developer needs to build an application onto the cloud infrastructure
PaaS delivers everything a developer needs to build an application onto the cloud infrastructure.
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the network. Which tool should you use? - System log - Throughput tester - Event log - Load tester - Packet sniffer
Packet sniffer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use? - Port scanner - IDS - Throughput tester - Packet sniffer - IPS
Packet sniffer
Attempting to gather information without affecting the flow of information on the network.
Passive attack
Sniffing network packets or performing a port scan
Passive attack
A security admin is conducting a pen test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try to determine which OS are running on network hosts. Which process did the admin use in the pen test? - Firewalking - Network enumeration - Active fingerprinting - Passive fingerprinting
Passive fingerprinting
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet? - Peer-to-peer networking - Real-time communication - Freely available for use - Transfer of text and files
Peer-to-peer networking
Which of the following uses hacking techniques to proactively discover internal vulnerabilities? - Penetration testing - Inbound scanning - Reverse engineering - Passive reconnaissance
Penetration testing
CHAP performs which of the following security functions? - Periodically verifies the identity of a peer using a 3way handshake - Links remote systems together - Protects usernames - Allows the use of biometric devices
Periodically verifies the identity of a peer using a 3way handshake
On this layer, individual networking devices use southbound APIs to communicate with the control plane
Physical layer
This layer is also known as the infrastructure layer
Physical layer
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure? - VLANs - Mirroring - Bonding - Port authentication - Spanning tree
Port authentication
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use? - IDS - Port scanner - System logs - Packet sniffer - IPS
Port scanner
Instant messaging does not provide which of the following? - Privacy - Indication of when you are online - Ease of file transfers - Real-time communications
Privacy
A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all of the other data entry employees. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred? - Man-in-the-middle attack - Privilege escalation - Social engineering - Smurf attack
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions? - Social engineering - Privilege escalation - Impersonation - Replay
Privilege escalation
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffer software on a device which is connected to the same hub that is connected to the router. When you run the software, you only see frames addressed to the workstation and not other devices. Which feature should you configure? - Mirroring - Spanning tree - Bonding - Promiscuous mode
Promiscuous mode
You have recently reconfigured FTP to require encryption of both passwords and data transfers. You would like to check network traffic to verify that all FTP passwords and data are encrypted. Which tool should you use? - Protocol analyzer - Systems monitor - Performance monitor - Vulnerability scanner
Protocol Analyzer
You want to identify traffic that is generated and sent through the network by a specific application running on a device. Which tool should you use? - Protocol analyzer - Toner probe - Multimeter - TDR - Certifier
Protocol analyzer
Private cloud
Provides cloud services to a single organization
Public cloud
Provides cloud services to just about anyone
Which of the following are differences between RADIUS and TACACS+? - RADIUS encrypts the entire packet contents; TACACS+ only encrypts the password - RADIUS supports more protocols than TACACS+ - RADIUS uses TCP; TACACS+ uses UDP - RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers
RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers
You want to set up a service to allow multiple users to dial in to the office server from modems on their home computers. What service should you implement? - RAS - PPP - ISDN - RIP
RAS
Which phase or step of a security assessment is a passive activity? - Vulnerability mapping - Reconnaissance - Enumeration - Privilege escalation
Reconnaissance
You often travel away from the office. While traveling, you would like to use a modem on your laptop computer to connect directly to a server in your office and access files on that server that you need. You want the connection to be as secure as possible. Which type of connection will you need? - Remote access - Internet - Intranet - Virtual Private Network
Remote access
You want to use a tool to scan a system for vulnerabilities including open ports, running services, and missing patches. Which tool would you use? (select two) - Wireshark - LC4 - Retina - OVAL - Nessus
Retina and Nessus
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches? - Use a port scanner to check for open ports - Document your actions - Update the vulnerability scanner definition files - Run the vulnerability assessment again
Run the vulnerability assessment again
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose? - SASL - EAP - Mutual - Simple
SASL
Which of the following is a disadvantage of software-defined networking (SDN)? - SDN creates centralized management - SDN facilitates communication between hardware from different vendors - SDN gathers network information and statistics - SDN standards are still being developed
SDN standards are still being developed
Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network? - SaaS - PaaS - DaaS - IaaS
SaaS
Fingerprinting
Scanning the system to identify the OS, the patch level, and the applications and service available on it.
Port scanning
Scanning various ports on remote hosts looking for well known services
Dynamic Trunking Protocol
Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network.
What type of attack is most likely to succeed with communications between instant messaging clients? - DNS poisoning - Denial of service - Brute force password attack - Sniffing
Sniffing
Network engineers have the option of using software to configure and intelligently control the network rather than relying on the individual static config files that are located on each network device. Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network? - Control layer networking - Infrastructure software networking - Software-defined networking - Load balancing software
Software-defined networking
Which of the following solutions would you implement to eliminate switching loops? - Spanning tree - Inter-vlan routing - CSMA/CD - Auto-duplex
Spanning tree
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. Which feature should your switch support? - Trunking - Mirroring - OSPF - Spanning tree - PoE
Spanning tree
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches? - 802.1x - Bonding - Spanning tree - Trunking - PoE
Spanning tree
A virtual LAN can be created using which of the following? - Gateway - Router - Hub - Switch
Switch
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to? - MAC address - IP address - Switch port - Host name
Switch port
Which of the following protocols can be used to centralize remote access authentication? - SESAME - EAP - TACACS - CHAP - Kerberos
TACACS
Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (select 2) - AAA - TACACS+ - RADIUS - 802.1x - EAP - PKI
TACACS+ and RADIUS
Which of the following is the type of port scan that does not complete the full 3way TCP handshake, but rather listens only for either SYN/ACK or RST/ACK packets? - TCP FIN scan - TCP SYN scan - TCP ACK scan - TCP connect scan
TCP SYN scan
What is the primary purpose of penetration testing? - Infiltrate a competitor's network - Assess the skill level of new IT security staff - Evaluate newly deployed firewalls - Test the effectiveness of your security perimeter
Test the effectiveness of your security perimeter
Full knowledge test (White box test)
Tester has detailed information prior to starting test
Zero knowledge test (Black box test)
Tester has no prior knowledge of target system
Partial knowledge test (Grey box test)
Tester has the same amount of info that would be available to a typical insider in the organization
SDN uses a controller to manage the devices. The controller is able to inventory hardware components in the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make wide-spread configuration changes on just one device. Which of the following best describes an SDN controller? - The SDN controller is hardware - The SDN controller is software - The SDN controller is a networking protocol - The SDN controller is a virtual networking device
The SDN controller is software
Gaining access
The act of performing the exploit.
You have opted to use SDN to manage, control, and make changes to your network. You want to be able to use software to configure and intelligently control the network, rather than relying on the individual static config files that are located on each network device. Which of the following describes what the SDN control layer does to networking devices that comprise the physical layer? - The control layer removes the control plane from networking devices and creates a virtual control plane for each device. - The control layer interfaces with the control plane in each networking device and creates a virtual control plane - The control layer removes the control plane from networking devices and creates a single control plane - The control layer uses southbound APIs to communicate with the control plane in each networking device and creates a single control plane
The control layer removes the control plane from networking devices and creates a single control plane
Sniffing
The duplication of captured packets w/o altering or interfering with the flow of traffic on that medium
Control and reporting
The process of documenting the level of access or control that was gained during testing, methods used during pen test, and services and systems exploited.
System enumeration
The process of gaining as much information about a specific computer as possible
Target selection
The process of identifying servers that appear available.
ARP Spoofing/Poisoning
The source device sends frames to the attacker's MAC address instead of the correct device.
Which of the following describes the worst possible action by an IDS? - The system identified harmful traffic as harmless and allowed it to pass w/o generating any alerts - The system detected a valid attack and the appropriate alarms and notifications were generated. - The system correctly deemed harmless traffic as inoffensive and let it pass - The system identified harmless traffic as offensive and generated an alarm
The system identified harmful traffic as harmless and allowed it to pass w/o generating any alerts
Double blind test
The tester does not have information about the system and the administrator has no knowledge that the test is being performed.
White box test
The tester has detailed information about the target system prior to starting the test
Black box test
The tester has no prior knowledge of the target system
Grey box test
The tester has the same amount of information that would be available to a typical insider in the orgranization
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system? - Ticket - Voucher - Coupon - Hashkey
Ticket
Which of the following are required when implementing Kerberos for authentication and authorization? (select2) - Ticket granting server - Time synchronization - RADIUS or TACACS+ server - PPPoE - PPP
Ticket granting server and time synchronization
A user has just authenticated using Kerberos. What object is issued to the user immediately following logon? - Client-to-server ticket - Digital signature - Ticket granting ticket - Digital certificate
Ticket granting ticket
Which of the following are requirements to deploy Kerberos on a network? (Select2) - Time synchronization between devices - Use of token devices and one-time pw - Blocking of remote connectivity - A centralized database of users and pw - A directory service
Time synchronization between devices and a centralized database of users and pw
A honeypot is used for which purpose? - To delay intruders in order to gather auditing data - To entrap intruders - To prevent sensitive data from being accessed - To disable an intruder's system
To delay intruders in order to gather auditing data
HTTP
Transfers data in cleartext
Telnet
Transfers data in cleartext
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch? - Any port not assigned to a vlan - Each port can only be a member of a single VLAN - Trunk ports - Gigabit and higher Ethernet ports - Uplink ports
Trunk ports
You want to use a vulnerability scanner to check a system for known security risks. What should you do first? - Update the scanner definition files - Perform a port scan - Apply all known patches to the system - Inform senior management of your actions
Update the scanner definition files
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the username admin01 and password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? - Use SCP to backup the router config to a remote location - Move the router to a secure data center - Use encrypted type 7 passwords - Use an SSH client to access the router config
Use SCP to backup the router config to a remote location
Your LDAP directory services solution uses simple authentication. What should you always do when using simple authentication? - Use kerberos - Add SASL and use TLS - Use IPsec and certificates - Use SSL
Use SSL
In the VLAN configuration shown in the diagram above, workstations in VLAN1 are not able to communicate with workstations in VLAN2, even though they are connected to the same physical switch. Which of the following can you use to allow workstations in VLAN1 to communicate with the workstations in VLAN2? - Configure all the workstations to be members of both VLANs - Configure all the ports on the switch to be members of the both VLANs - Configure port fa0/2 to also be a member of VLAN2 and port fa0/4 to also be a member of VLAN1 - Use a router to route packets between VLAN1 and VLAN2 - Use a Layer 3 switch to route packets between VLAN1 and VLAN2
Use a router to route packets between VLAN1 and VLAN2 and use a layer 3 switch to route packets between VLAN1 and VLAN2
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configured the management interface with a user name of admin and a pw of password. What should you do to increase the security of this device? - Use a stronger administrative password - Use an SSH client to access the router configuration - Use a web browser to access the router configuration using an HTTP connection - Move the device to a secure data center
Use a stronger administrative password
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID for access. You've backed up the router config to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a user name of admin and a password of admin. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device? - Use an SSH client to access the router config - Change the default admin username and pw - Use TFTP to backup the router configuration to a remote location - Use encrypted type 7 passwords - Use a web browser to access the router config using an HTTP connection
Use an SSH client to access the router config and change the default admin username and pw
Which of the following are true concerning the Virtual Desktop Infrastructure (VDI)? (Select2) - User desktop environments are centrally hosted on servers instead of an individual desktop system - In the event of a widespread malware infection, the admin can reimage user desktops by pushing an image out to each user desktop system over the network - User desktop environments are provided by individual desktop systems instead of by remote servers - In the event of a widespread malware infection, the administrator can quickly reimage all user desktops on a few central servers - Roaming profiles must be configured to allow mobile users to keep their same desktop environment across systems
User desktop environments are centrally hosted on servers instead of individual desktop systems and In the event of a widespread malware infection, the admin can quickly reimage all user desktops on a few central servers
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the most important aspect of maintaining network security against this type of attack? - Documenting all network assets in your organization - Identifying a network baseline - Network segmentation - User education and training - Identifying inherent vulnerabilities
User education and training
Which of the following are characteristics of TACACS+? (select2) - Uses UDP - Uses TCP - Allows three different servers, one each for authentication, authorization, and accounting - Allows of two different servers, one for authentication and authorization, and another for accounting
Uses TCP and allows thee different servers, one each for authentication, authorization, and accounting
SSH
Uses public-key cryptography
SSL
Uses public-key cryptography
Network monitoring
Using specialized tools to watch and log network activities
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a PC that you would like to keep isolated from other PCs on the network. Other hosts on the network should not be able to communicate with this PC through the switch, but you still need to access the network through the PC. What should you use for this situation? - VPN - Spanning tree - Port security - VLAN
VLAN
Your company is a small start-up that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented? - VPN - Spanning tree - VLAN - Port security
VLAN
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement? - VLANs - NAT - DMZ - Port authentication
VLANs
Which of the following devices facilitates communication between different VMs by checking data packets before moving them to a destination? - Hypervisor - Virtual router - Virtual firewall - Virtual Switch
Virtual switch
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need? - Vulnerability scanner - Port scanner - Network mapper - Protocol analyzer
Vulnerability scanner
What is the main difference between vulnerability scanning and penetration testing? - Vulnerability scanning is performed with a detailed knowledge of the system; penetration testing begins with no knowledge of the system - Vulnerability scanning uses approved methods and tools; penetration testing uses hacking tools - The goal of vulnerability scanning is to identify potential weaknesses; the goal of penetration testing is to attack a system - Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use? - nmap - OVAL - Nessus - Wireshark
Wireshark
Based on the VLAN configuration shown in the diagram above, which of the following is not true? - Workstations in VLAN1 are able to communicate with workstations in VLAN2 because they are connected to the same physical switch - VLAN1 is one of the default VLANs on the switch. VLAN2 had to be manually configured - This configuration create two broadcast domains. VLAN1 and VLAN2 are separate broadcast domains - FastEthernet ports 0/1 and 0/2 are members of VLAN1. FastEthernet ports 0/3 and 0/4 are members of VLAN2.
Workstations in VLAN1 are able to communicate with workstations in VLAN2 because they are connected to the same physical switch.
The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN? - You can control broadcast traffic and create a collision domain for just the wireless guest devices - You can load-balance wireless guest network traffic to have a lower priority than the rest of the traffic on the network - You can create a wireless guest network more affordably with a VLAN than you can with a router. - You can control security by isolating wireless guest devices within this VLAN
You can control security by isolating wireless guest devices within this VLAN
Which of the following is not an administrative benefit of implementing VLANs? - You can control safety by isolating traffic within a VLAN - You can load-balance network traffic - You can control broadcast traffic and create collisions domains based on logical criteria - You can simply routing traffic between separate networks - You can simplify device moves
You can simplify routing traffic between separate networks
In which of the following situations would you use port security? - You want to control the packets sent and received by a router - You want to prevent sniffing attacks on the network - You want to prevent MAC address spoofing - You want to restrict the devices that could connect through a switch port
You want to restrict the devices that could connect through a switch port
Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack? - Partial-knowledge team - Zero-knowledge team - Split-knowledge team - Full-knowledge team
Zero-knowledge team
