Chapter 5 - Overview
Which of the following is another name for a firewall that performs router functions?
Screening router
You are configuring web threat protection on the network and want to block emails coming from a specific sender. Which of the following should be configured?
Spam filter
You manage a single subnet with three switches. They are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning Tree Protocol
Which VPN tunnel style routes only certain types of traffic?
Split
You are configuring web threat protection on the network and have identified a website that contains malicious content. Which of the following should you configure?
Web threat filtering
You are configuring web threat protection on the network and want to prevent users from visiting www.videosite.org. Which of the following needs to be configured?
Website filtering
In which of the following situations would you most likely implement a demilitarized zone (DMZ)?
You want to protect a public web server from attack.
Which of the following is a typical goal of MAC spoofing?
Bypass 802.1x port-based security
An attacker has gained access to the administrator's login credentials. Which type of attack has most likely occurred?
Password cracking
Which common design feature among instant messaging clients make them less secure than other means of communicating over the internet?
Peer-to-peer networking
Which of the following methods did Microsoft introduce in Windows 10 to help distribute OS updates?
Peer-to-peer software
Which type of application allows users to share and access content without using a centralized server?
Peer-to-peer software
Which of the following NAC agent types is the most convenient agent type?
Permanent
Which of the following is a benefit of P2P applications?
Shared resources
Which VPN implementation uses routers on the edge of each site?
Site-to-site VPN
Which of the following NAC agent types creates a temporary connection?
Dissolvable
Which of the following is susceptible to social engineering exploits?
Instant messaging
What needs to be configured on a firewall to allow traffic directed to the public resource in the DMZ?
Packet filters
Which classification of attack type does packet sniffing fall under?
Passive
Which of the steps in the Network Access Control (NAC) implementation process occurs once the policies have been defined?
Apply
How many network interfaces does a dual-homed gateway typically have?
3
How many concurrent connections does NAT support?
5,000
You are adding switches to your network to support additional VLANs. Unfortunately, the new switches are from a different vendor than the current switches. Which standard do you need to ensure that the switches are supported?
802.1Q
Drag each description on the left to the appropriate switch attack type on the right.
> ARP spoofing/poisoning. The source device sends frames to the attacker's MAC address instead of to the correct device. > Dynamic Trunking Protocol. Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network. > MAC flooding. Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called Fail Open Mode. > MAC spoofing. Can be used to hide the identity of the attacker's computer or impersonate another device on the network.
You are investigating the use of website and URL content filtering to prevent users from visiting certain websites. Which benefits are the result of implementing this technology in your organization? (Choose two.)
> An increase in bandwidth availability > Enforcement of the organization's internet usage policy
Which of the following are functions of gateway email spam filters? (Select two.)
> Blocks email from specific senders > Filters messages containing specific content
Travis is sending a highly confidential email to Craig that contains sensitive data. Which of the following should Travis implement to ensure that only Craig is able to read the email?
> Encryption
Which of the following are characteristics of a packet-filtering firewall? (Select two.)
> Filters IP address and port > Stateless
Which of the following are characteristics of a complex password? (Select two.)
> Has a minimum of eight characters > Consists of letters, numbers, and symbols
Drag the network attack technique on the left to the appropriate description or example on the right. (Each technique may be used once, more than once, or not at all.)
> Perpetrators attempt to compromise or affect the operations of a system. Active attack > Unauthorized individuals try to breach a network from off-site. External attack > Attempting to find the root password on a web server by brute force. Active attack > Attempting to gather information without affecting the flow of information on the network. Passive attack > Sniffing network packets or performing a port scan. Passive attack
You have just installed a packet-filtering firewall on your network. Which options are you able to set on your firewall? (Select all that apply.)
> Port number > Source address of a packet > Destination address of a packet
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers?
> Put the database server on the private network. > Put the web server inside the DMZ.
As the security analyst for your organization, you have noticed an increase in user computers being infected with malware. Which two solutions should you implement and configure to remedy this problem? (Select two.)
> Spam filters > Virus scanner
Which of the following are features of an application-level gateway? (Select two.)
> Stops each packet at the firewall for inspection > Reassembles entire messages
You connect your computer to a wireless network available at the local library. You find that you can access all of the websites you want on the internet except for two. What might be causing the problem?
A proxy server is blocking access to the websites.
What do application control solutions use to identify specific applications?
Application signatures
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?
ARP spoofing/poisoning
You are the security analyst for your organization and have discovered evidence that someone is attempting to brute-force the root password on the web server. Which classification of attack type is this?
Active
Which of the following NAC agent types would be used for IoT devices?
Agentless
Which of the following describes how access control lists can be used to improve network security?
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
As the security analyst for your organization, you have noticed an increase in emails that attempt to trick users into revealing confidential information. Which web threat solution should you implement to protect against these threats?
Anti-phishing software
Which of the following defines all the prerequisites a device must meet in order to access a network?
Authentication
Which of the following applies the appropriate policies in order to provide a device with the access it's defined to receive?
Authorization
An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later. Which type of attack is this an example of?
Backdoor
In an effort to increase the security of your organization, programmers have been informed they can no longer bypass security during development. Which vulnerability are you attempting to prevent?
Backdoor
While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. Which type of security weakness does this describe?
Backdoor
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Bastion or sacrificial host
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
Circuit-level gateway
A network device is given an IP address of 172.16.0.55. Which type of network is this device on?
Class B private network
When designing a firewall, what is the recommended approach for opening and closing ports?
Close all ports; open only ports required by applications inside the DMZ.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch.
Which of the following scenarios would typically utilize 802.1x authentication?
Controlling access through a switch
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
DDoS
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?
DMZ
Which protocol should you disable on the user access ports of a switch?
DTP
When setting up a new wireless access point, what is the first configuration change that should be made?
Default login
Which of the following best describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Which of the following best describes the concept of a virtual LAN?
Devices on the same network logically grouped as if they were on separate networks.
Which area of focus helps to identify weak network architecture or design?
Documentation
You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. Which type of Network Address Translation (NAT) should you implement?
Dynamic
Which NAT implementation assigns two IP addresses to the public NAT interface, allowing traffic to flow in both directions?
Dynamic and static
Which IPSec subprotocol provides data encryption?
ESP
In addition to Authentication Header (AH), IPsec is comprised of what other service?
Encapsulating Security Payload (ESP)
Which area of focus do public-facing servers, workstations, Wi-Fi networks, and personal devices fall under?
Entry points
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist?
Flag
Which of the following types of proxies would you use to remain anonymous when surfing the internet?
Forward
Which device is NAT typically implemented on?
Gateway router
Jessica needs to set up a firewall to protect her internal network from the internet. Which of the following would be the BEST type of firewall for her to use?
Hardware
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?
Host-based firewall
What is Cisco's Network Access Control (NAC) solution called?
Identity Services Engine (ISE)
Which VPN protocol typically employs IPsec as its data encryption mechanism?
L2TP
At which layer of the OSI model do NAT routers operate?
Layer 3 (Network layer)
Which of the following is considered a major problem with instant messaging applications?
Loss of productivity
In which of the following zones would a web server most likely be placed?
Low-trust zone
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC flooding
You are configuring the security settings for your network. You have decided to configure a policy that requires any computer connecting to the network to run at least Windows 10 version 2004. Which of the following have you configured?
NAC
Your network devices are categorized into the following zone types: > No-trust zone > Low-trust zone > Medium-trust zone > High-trust zone Your network architecture employs multiple VLANs for each of these network zones. Each zone is separated by a firewall that ensures only specific traffic is allowed. Which of the following is the secure architecture concept that is being used on this network?
Network segmentation
Which of the following BEST describes zero-trust security?
Only devices that pass both authentication and authorization are trusted.
Which of the following is the MOST likely to happen if the firewall managing traffic into the DMZ fails?
Only the servers in the DMZ are compromised, but the LAN will stay protected.
Which of the following does a NAT router use to identify where a host is connected on the switch?
PAT
Which of the following VPN protocols is no longer considered secure?
PPTP
You are part of a committee that is meeting to define how Network Access Control (NAC) should be implemented in the organization. Which step in the NAC process is this?
Plan
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?
Privilege escalation
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?
Privilege escalation
Travis and Craig are both standard users on the network. Each user has a folder on the network server that only they can access. Recently, Travis has been able to access Craig's folder. This situation indicates which of the following has occurred?
Privilege escalation
You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?
Static
You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. What should you use to allow access?
Static NAT
A VPN is primarily used for which of the following purposes?
Support secured communications over an untrusted network
You have implemented a new application control solution. After monitoring traffic and use for a while, you have noticed an application that continuously circumvents blocking. How should you configure the application control software to handle this application?
Tarpit
Which statement BEST describes IPsec when used in tunnel mode?
The entire data packet, including headers, is encapsulated
Which problem does NAT help address?
The shortage of IPv4 addresses
Which of the following types of proxies can be used for web filtering?
Transparent
When configuring VLANs on a switch, which type of switch ports are members of all VLANs defined on the switch?
Trunk ports
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You've configured the management interface with a username of admin and a password of password. What should you do to increase the security of this device?
Use a stronger administrative password.
You are the security analyst for your organization and have recently noticed a large amount of spim on the company mobile devices. Employees rely on the IM app to communicate with each other. Which of the following countermeasures should you implement?
Use an IM blocker.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?
Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the MOST important aspect of maintaining network security against this type of attack?
User education and training
Which of the following is commonly created to segment a network into different zones?
VLANs
Which of the following is the BEST solution to allow access to private resources from the internet?
VPN
A group of salesmen would like to remotely access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?
VPN concentrator