Chapter 5 Perimeter

Ace your homework & exams now with Quizwiz!

Application-aware proxy = Improves application performance Application-aware firewall = Enforces security rules based on the application that is generating network traffic instead of the traditional port and protocol Application aware IDS = analyzes network packets to detect malicious payloads targets at application-layer services

Describe *Application-aware proxy *Application-aware firewall *Application aware IDS

Compare the SoH submitted by the client to the health requirements

In a NAP system, what is the function of the System Health Validator? Prevent users from disabling NAP on the client computer Provide the resources necessary to help non-compliant clients become compliant Generate a SoH that reports the client configuration for health requirements Compare the SoH submitted by the client to the health requirements

You want to protect public web server from attack

In which of the following situations would you most likely implement a DMZ? You want to detect and respond to attacks in real time You want to protect public web server from attack You want internet users to see a single IP address when accessing your company network You want to encrypt data sent between two hosts using the internet.

matched

Match wireless networking security standards WEP = Short initialization vector makes key vulnerable WPA2 = Uses AES encryption WEP = uses RC4 for encryption WPA = uses TKIP for encryption WPA2 = Uses CBC-MAC for data intergrity WPA2 = uses CCMP for key rotation

Land attack

When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what? Land attack Analytic attack Impersonation Fraggle attack

An unauthorized user gaining access to sensitive resources

When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about? Spam An unauthorized user gaining access to sensitive resources DoS Bandwidth consumption

Close all ports; open only ports required by applications in the DMZ

When designing a firewall, what is the recommended approach for opening and closing ports?

Hijacking

When the TCP/IP session state is manipulated so that a third-party is able to insert alternate packets into the communication stream, what type of attack has occurred? Hijacking Replay Spamming Masquerading

ESP

Which IPSec subprotocol provides data encryption? SSL AH ESP AES

L2TP

Which VPN protocol typically emplys IPsec as its data encryption mechanism? L2F PPP L2TP PPTP

Denial of service attack

Which attack form either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring? Brute force attack Man-in-the-middle attack Privilege attack Denial of service attack

VPN

Which is the best countermeasure for someone attempting to view your network? IPS Firewall Antivirus software Access lists VPN

An access lists filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers,

Which of following describes how access lists can be used to improve network security?

Ping flood

Which of the following DoS attacks uses ICMP packets and is only successful if the victim has less bandwidth than the attacker? Fragementation Ping of death LAND Ping Flood

Filters based on sessions. Stateful.

Which of the following are characteristics of a circuit-level gateway?(2) Stateless Filters based on sessions Filters IP address and port Filters based on URL Stateful

Filters IP address and port. Stateless.

Which of the following are characteristics of a packet filtering firewall? Stateless Filters based on sessions Filters IP address and port Filters based on URL Stateful

SMURF/Fraggle

Which of the following are denial of service attacks? (2) Salami Smurf Hijacking Fraggle

Stops each packet at the firewall and inspects it. The entire messages are reassembled.

Which of the following are features of an application-level gateway? (2) Verifies that packets are properly sequenced Stops each packet at the firewall and inspects it Allow only valid packets within approved sessions Uses access control lists The entire messages are reassembled.

Filters messages containing specific content Blocks email from specific senders

Which of the following are functions of gateway email spam blockers? Filters messages containing specific content Helps enforce an organizations internet usage policy Blocks users from visiting websites with malicious content Blocks phishing attempts, which try to access confidential info Blocks email from specific senders

169.254.0.0 - 169.254.255.255

Which of the following is not one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server? 10.0.0.0 - 10.255.255.255 169.254.0.0 - 169.254.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255

IPsec

Which of the following is the best countermeasure against man-in-the middle attacks? IPsec PPP MIME email UDP

Firewall

Which of the following is the best device to deploy to protect your private network from a public untrusted network? Gateway Router Firewall Hub

The DDoS attack uses zombie computers

Which of the following is the main difference between a DoS attack and a DDoS attack? The DDoS attack uses an amplification network The DDoS attack uses zombie computers The DDoS attack does not respond to SYN ACK packets in the three-way handshake The DDoS attack spoofs the source IP address

Ingress and egress filters

Which of the following is the most effective protection against IP packet spoofing on a private network? Antivirus scanners Digital signatures Host-based IDS Ingress and egress filters

SSID

Which of the following is used on a wireless network to id the network name? SSID MAC Address IP address subnet mask

NAT

Which of the following networking devices or services prevents the use of IPSec in most cases? Firewall Switch Router NAT

WEP

Which of the following offers the weakest form of encryption for an 802.11 wireless network? WAP WPA WEP WPA2

Content filtering

Which of the following prevents access based on website rating and classifications? DMZ NIDS Content filtering Packet-filtering firewall

Bluejacking

Which of the following sends unsolicited business cards and messages to a Bluetooth device? Slamming Bluebugging Bluejacking Bluesnarfing

802.11i 802.1x

Which of the following specifications id security that can be added to wireless networks? (2) 802.11i 802.1x 802.5 802.3 802.2 802.11a

Bastion or sacrificial proxy

Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks? Circuit proxy Kernel proxy Bastion or sacrificial proxy Multi-homed

WEP, WPA Personal, & WPA2 Personal

Which of the following wireless security methods uses a common shared key configured on the WAP and all wireless clients? WPA Personal & WPA2 Enterprise WPA Enterprise & WPA2 Enterprise WEP, WPA Personal, WPA Enterprise, WPA2 Personal, WPA2 Enterprise WEP, WPA Personal, & WPA2 Personal

The entire data packet, including headers, is encapsulated

Which statements best describes IPSec when used in tunnel mode? Packets are routed using the orginal headers, and only the payload is encrypted The id of the communicating parties are not protected IPSec in tunnel mode may not be used for WAN traffic The entire data packet, including headers, is encapsulated

Edit the properties for the server and select Request clients to send a statement of health

Which step is required to configure a NAP on a Remote Desktop (RD) gateway server? Configure the server to issue a valid statement of health cert Configure the enforcement point as a RADIUS client to the NAP server Edit the properties for the server and select Request clients to send a statement of health On the 802.1x switch, defind the RD gateway server as a compliant network VLAN

Null

Which type of active scan turns off all flags in a TCP header? Xmas tree Stealth FIN Null

Spoofing

Which type of activity changes or falsifies information in order to mislead or re-direct traffic? Spamming Snooping Sniffing Spoofing

DNS poisoning

While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. Which type of attack has likely occurred? Hijacking Spoofing Man-in-the-middle DNS poisoning

802.16

WiMAX is an implementation of which IEEE committee? 802.1x 802.11a 802.11b 802.11g 802.11i 802.15 802.16

NAC

Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches are installed. Which solution should you use? NAT NIDS DMZ NAC VLAN

DMZ

Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet? Padded cell Intranet DMZ Extranet

L2TP

PPTP (point-to-point tunneling protocol) is quickly becoming obsolete because of which VPN protocol? SLIP L2F L2TP TACACS

TKIP

What encryption method is used by WPA for wireless netowrks? TKIP AES 802.1x IPSec WEP

Source address

What is modified in the most common form of spoofing on a typical IP packet? Source address Destination address Hash total Protocol type field value

Executing commands or accessing resource on a system the attacker does not otherwise have authorization to access

What is the goal of a TCP/IP hijacking attack? Preventing legitimate authorized access to a resource Establishing an encryption tunnel between two remote systems over an otherwise secured network Executing commands or accessing resource on a system the attacker does not otherwise have authorization to access Destroying data

Supporting private traffic through a public communication medium

What is the primary use of tunneling? Supporting private traffic through a public communication medium Protecting passwords Deploying thin clients on a network Improving communication throughput

All-in-one security appliance

You are a office manager of a small financial credit business. your company handles personal financial information for clients seeking small loans over the internet. You are aware of your obligation to secure client records. Budget is an issue for your company. Which item would provide the best security for this situation? Proxy server with access controls Firewall on your gateway server to the Internet All-in-one security appliance Network Access Control system

Pre-shared key TKIP encryption

You have a small wireless network that uses multiple access points. The network uses WPA and broadcasts the SSID. WPA2 is not supports by the wireless access points. You want to connect a laptop computer to the wireless network. Which of the following parameters will you need to configure on the laptop? (2) AES encryption Pre-shared key Channel TKIP encryption BSSID

Host based firewall

You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? Host based firewall Proxy server Network based firewall VPN concentrator

Put the web server inside the DMZ Put the database server on the private network

You have used firewalls to create a DMZ. ou have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (2) Put the web server inside the DMZ. Put the web server on the private network Put the database server on the private network Put the database server inside the DMZ

Network Based firewall

You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to implement scanning of emails for all users. You want to scan the emails and prevent any emails with malicious attachments from being received by users. Your solution minimize administration, allowing you to centrally manage the scan settings. Which solution should you use? SMTP DMZ Host based firewall Network Based firewall

802.1x AES encyption

You need to configure a wireless network. You want to use WPA2 Enterprise. Which of the following components will be apart of your design? (2) 802.1x Open authentication AES encyption TKIP encryption WEP encryption Preshared keys

Configure the connection to use WPA2-Enterprise

You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption. What should you do? Configure the connection to use WPA-Personal Configure the connection to use WPA2-Personal Configure the connection to use WPA-Enterprise Configure the connection to use WPA2-Enterprise

nmap

You need to enumerate the devices on your network and display the network's configuration details. Which of the following utilities should you use? neotrace nmap samspade nslookup

Parabolic High-gain

You need to implement a wireless network link between two building on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. Which type of wireless antennae should you use on each side of the link? (2) Directional Parabolic Omnidirectional Normal-gain High-gain

Application level

You provide internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install? Circuit-level Application level Packet filtering IPS

The threat agent will obtain information about open ports on the system The system will be unavailable to respond to legitimate requests

You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack? (2) The system will send packets directed with spoofed source addresses The system will become a zombie The threat agent will obtain information about open ports on the system The system will be unavailable to respond to legitimate requests

FTP server

Which of the following is likely to be located in a DMZ? FTP server Backup server User workstations Domain Controller

Extranet

Which of the following is a privately controlled portion of a network that is accessible to some specific external entities? Intranet MAN Extranet Internet

DHCP reservations

Which of the following is not a protection against session hijacking? DHCP reservations Packet sequencing Anti-IP spoofing Time stamps

ACK

A SYN attack or SYN flood exploits or alters which element of the TCP three-way handshake? ACK FIN or RES AYN/ACK SYN

Man-in-the-middle

Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which attack type? DDoS Passive logging Spamming Man-in-the-middle

Land attack

A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack? Ping of death Teardrop attack Land attack SYN flood

Support secured communications over an untrusted network

A VPN is primarily used for what purpose? Allow remote systems to save on long-distance change Support the distribution of public web documents Allow the use of network-attached printers Support secured communications over an untrusted network

VPN concentrator

A group of salesmen would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement? RADIUS IPS IDS VPN concentrator DMZ

Spoofing

A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of what form of attack? Spoofing Snooping Sniffing Spamming

Configure the browser to send HTTPS requests through the VPN connection Configure the VPN connection to use IPSec

A salesperson in your organization spends most of her time....Which key steps should you take when implementing this configuration? (2) Configure the browser to send HTTPS requests through the VPN connection Configure the VPN connection to use IPSec Configure the VPN connection to use PPTP Configure the browser to send HTTPS requests directly to the Wi-Fi network without going through the VPN connection Configure the VPN connection to use MS-CHAPv2

Browsing the organization's website

An attacker is conducting passive recon on a targeted company. Which of the following could he be doing? Browsing the organization's website Social engineering War dialing War driving Scanning ports

Pharming/DNS poisoning

An attacker uses an exploit to push a modified host file to client systems. This host file redirects traffic from a legitimate tax preparation sites to malicious sites to gather personal and financial information. What kind of exploit has been used in this scenario? (2) Pharming Recon DNS poisoning Man-in-the-middle Domain name kiting

Communicate with your upstream provider

As the victim of a Smurf attack, what protection measure is the most effective during the attack? Block all attack vectors with firewall filters Update your anti-virus software Turn off the connection to the ISP Communicate with your upstream provider

Clients must be issues a valid certificate before a connection to the private network is allowed

How does IPSec NAP enforcement differ from other NAP enforcement methods? DHCP options are used to deliver IP configuration values to non-compliant computers A connection request policy is created on the NAP server that uses PEAP and enables quarantine checks IP filters are defined in network access policies to limit resource access for no-compliant computers Clients must be issues a valid certificate before a connection to the private network is allowed

ESP

In addition to Authentication Header (AH), IPSec is comprised of what other service? EAP AES ESP EFS

Teardrop

In which of the following DoS attaks does the victim's system rebuild invaild UDP packets, causing the system to crash or reboot? NACK Banana Teardrop Deauth

matched terms

Prevents users from visiting malicious websites = Web threat filtering Prevents outside attempts to access confidential information = Anti-phishing software Id's and disposes of infected content = virus blockers Prevents unwanted email from reaching your network = Gateway email spam blockers Prevents users from visiting restricted websites = URL content filtering

Use blockers on email gateways

Which of the following is a valid security measure to protect email from viruses? Use PGP to sign outbound email Use reverse DNS lookup Limit attachment size to a maximum of 1 MB Use blockers on email gateways

Authentication

What are the most common network traffic packets captured and used in a replay attack? DNS query Authentication Session termination File transfer

WPA Uses AES for encryption and CBC-MAC for data integrity Upgrading from a network using WEP typically requires installing new hardware

Which of the following are true about Wi-Fi Protected Access 2 (WPA2)? (2) WPA Uses AES for encryption and CBC-MAC for data integrity WPA2 uses EC4 for encryption and MIC for data intergrity WPA2 uses RC4 and CRC-32 for data integrity Upgrading from a network using WEP can usually be done through a firmware upgrade. Upgrading from a network using WEP typically requires installing new hardware

Operates at the session layer Verifies sequencing of session packets

Which of the following are true of a circuit filter firewall? (2) Operates at the application layer Operates at ring 0 of the operating system Operates at the session layer Verifies sequencing of session packets Examines the entire message contents Operates at the Network and Transport layer

TKIP AES

Which of the following are typically used for encrypting data on a wireless network (2) Diffie-Hellman TKIP AES ElGamal Md-5

ARP poisoning

Which of the following attacks tries to associate an incorrect MAC address with a known IP address? MAC flooding ARP poisoning Hijacking Null session

Viewing calendar, emails, and messages on a mobile device without authorization

Which of the following best describes Bluesnarfing? Sending anonymous electronic business cards Executing commands on a mobile device cloning a mobile device Viewing calendar, emails, and messages on a mobile device without authorization

An ICMP packet that is larger than 65,536 bytes

Which of the following best describes the ping of death? Partial IP packets with overlapping sequencing numbers Sending multiple spoofed ICMP packets to the victim An ICMP packet that is larger than 65,536 bytes Redirecting echo requests from an ICMP communication

A false server intercepts communications from a client by impersonating the intended server

Which of the following describes a man-in-the-middle attack? An IP packet is constructed that is larger than the valid size A person convinces an employee to reveal their login credentials over the phone A false server intercepts communications from a client by impersonating the intended server Malicious code is planted on a system, where it waits for a triggering event before activating

ACL

Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped? RDP ACL VNC PPP IPsec

Encryption

Which of the following features are supplied by WPA2 on a wireless network? Network ID Client connection refusal based on MAC address Traffic filtering based on packet characteristics Encryption Centralized access point for clients

Packet filtering

Which of the following is a firewall function? Encrypting FTP hosting Protocol conversion Packet filtering Frame filtering

Smurf

Which of the following is a form of DoS attack that uses spoofed ICMP packets to flood the victim with echo requests using a bounce/amplification network? Session hijacking Smurf Fraggle Fingerprinting

Restrict content based on content categories

You are implementing security at a local high school that is concerned with students accessing inappropriate material on the internet from the library's computers. The students will use the computers to search the internet for research paper content. The school budget is limited. Which content filtering option would you choose? Block specific DNS domain names Allow all content except for the content you have identified as restricted Restrict content based on content categories Block all content except for content you have identified as permitted

An increase in bandwidth availability Enforcement of the organizations internet usage policy

You are investigating the use of website and URL content filtering to prevent users from visiting certain websites. Which benefits are the result of implementing this tech in your organization? (2) Prevention of emails containing threats ID & disposal of infected content An increase in bandwidth availability Prevention of phishing attempts Enforcement of the organizations internet usage policy

Static

You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers? Restricted Overloading Static Dynamic

Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.

You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use? Use firewalls to create a DMZ. Place the web server and the private network inside the DMZ. Use a single firewall. Put the web server and the private network behind the firewall. Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ. Use a single firewall. Put the web server in front of the firewall and the private network behind the firewall.

802.1x authentication and Remediation servers

You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices are able to connect to your network.... Which of the following components will be part of your solution? (2) DMZ 802.1x authentication Extranet Remediation servers Honeypot

Static NAT

You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow Internet hosts to contact the server to browse a personal website. What should you use to allow access? Static NAT DNS CNAME record Dynamic NAT DNS A record Multicast

Configure the connection with a pre-shared key and AES encryption

You want connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do? Configure the connection to use 802.1x authentication and AES encryption Configure the connection with a pre-shared key and TKIP encryption Configure the connection with a pre-shared key and AES encryption Configure the connection to use 802.1z authentication and TKIP encryptiong

Dynamic

You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of NAT should you implement? Static Shared Dynamic Restricted

Circuit-level

You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use? Packet filtering Application level VPN concentrator Circuit-level

Install a proxy server. Allow internet access only through the proxy server

You would like to control internet access based on users, time of day, and websites visited. How can you do this? Configure a packet-filtering firewall. Add rules to allow or deny internet access Install a proxy server. Allow internet access only through the proxy server Enable Windows firewall on each system, add or remove exceptions to control access Configure the local security policy of each system to add internet restrictions Configure internet zones using the internet options

Network-based firewall

Your company has a connection to the internet that allows the user to access the internet. You also have a web server and an email server that you want to make available to internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ? Network-based firewall VPN concentrator IPS Host-based firewall IDS

Rogue access point

Your company security policy states that wireless networks are not to be used because of the potential security risks they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this? Man-in-the middle Physical security Social engineering Rogue access point Phishing

network access protection

Your organizations security policy requires you to restrict network access to allow only clients that have their firewall enabled. Which of the following is a collection of components that would allow you to meet this requirement? 802.1x authentication System health validator network access protection IPSec enforcement


Related study sets

Life Insurance - Chapter 9: Group Life Insurance, Retirement Plans, and Social Security Disability Program

View Set

Information Systems Final Exam Study Guide (Textbook Material)

View Set

PN 2006 pre lec/quizzes/midterm review

View Set

Ancient China Neolithic-to-Xia-Shang-Zhou-Qin

View Set

Public Speaking 1315 Final Review Chapters 8-13

View Set

lesson 1.2 elements, compounds, and Mixtures

View Set

0D Chinese Internal Medicine 2 Theory Epigastric Pain

View Set

Social Midterm--Stereotypes, Prejudice, and Discrimination

View Set

Chapter 4: Managing Market Information

View Set

ASTRO WK 5 mastering astronomy chp 18

View Set