Midterm
Which network index technology allows users to locate resources on a private network, keeps track of which servers and clients are online, and identifies the resources that network hosts share? - Workgroup networks - Local dynamic lists - Directory services - Local static lists
Directory services
Several times this week, the IT infrastructure chief of a small company has suspected that wireless communications sessions have been intercepted. After investigating, he believes some form of insertion attack is happening. He is considering encrypted communications and preconfigured network access as a defense. What type of insertion attack is suspected? - Cross-site scripting (XSS) - SQL insertion - Rogue device insertion - Intrusion detection system (IDS) insertion
Rogue device insertion
Private IP addresses can communicate directly with Internet resources.
False
True or False? A host software firewall should never be installed on a server if a dedicated firewall appliance is deployed on the same network.
False
True or False? A software firewall can protect multiple hosts from malicious network activity.
False
True or False? Bump-in-the-wire is a software firewall implementation.
False
True or False? Hashing does not verify the integrity of messages.
False
True or False? Hypertext Transfer Protocol Secure (HTTPS) does NOT encrypt private transactions made over the Internet.
False
True or False? In intrusion detection, anomaly-based detection looks for differences from normal traffic based on a recording of real-world traffic that establishes a baseline.
False
True or False? In terms of networking, permission is the abilities granted on the network.
False
True or False? One of the advantages of an off-the-shelf firewall versus a do-it-yourself firewall is lower cost.
False
True or False? One technique for hardening a system is to remove all protocols.
False
True or False? The goal of the Electronic Privacy Information Center (EPIC) is to preserve consumer privacy in the state of California.
False
True or False? The less complex a solution, the more room there is for mistakes, bugs, flaws, or oversights by security administrators.
False
True or False? The sole use of ingress and egress filtering is to eliminate spoofing.
False
True or False? The weakest link security strategy gains protection by using abnormal configurations.
False
True or False? With multifactor authentication, facial geometry is an example of something you know.
False
True or False? pfSense can be installed on a local firewall only.
False
True or False? A backdoor acts like a device driver, positioning itself between the kernel (the core program of an operating system) and the hardware.
False
True or False? A breach is any attempt to get past a network's defenses.
False
True or False? A router has only two ports because the device connects only two local area networks (LANs).
False
True or False? Integrity is the protection against unauthorized access, while providing authorized users access to resources without obstruction.
False
True or False? Multiple firewalls in a series is considered diversity of defense but not defense in depth.
False
True or False? Network switches provide network segmentation through logical addressing.
False
True or False? Prospective cost is money paid or an investment made in the past.
False
True or False? Static IP addressing hands out IP addresses to hosts from a pool.
False
True or False? The IP address range of 192.168.0.0-192.168.255.255/16 is the Class A range.
False
True or False? The LAN Domain of an IT infrastructure includes routers, firewalls, and switches.
False
True or False? The physical topology is how the network appears from any device or user and is governed by policy and access rather than by physical connectivity.
False
True or False? With multifactor authentication, facial geometry is an example of something you know.
False
With multifactor authentication, facial geometry is an example of something you know.
False
Which form of firewall filtering is NOT as clear or distinct as other types? - Filtering on the source address - Filtering on the destination address - Filtering on whether an address is public or private - Filtering on whether an address is real or spoofed
Filtering on whether an address is real or spoofed
True or False? A Media Access Control (MAC) address is the 48-bit physical hardware address of a network interface card (NIC) assigned by the manufacturer.
True
True or False? A bastion host firewall stands guard along the pathway of potential attack, positioned to take the brunt of any attack.
True
True or False? A best practice is to use strong authentication and nonrepudiation methods for all transactions over the Internet.
True
True or False? A best practice when troubleshooting issues is to make one change at a time, and then test the change before making any other changes.
True
True or False? A brouter performs the functions of both a bridge and a router.
True
True or False? A firewall allows you to restrict unauthorized access between the Internet and an internal network.
True
True or False? A firewall best practice is to document every action taken during troubleshooting.
True
True or False? A firewall with two interfaces is known as a dual-homed firewall.
True
True or False? A firewall's job is to impose all restrictions and boundaries defined in the security policy on all network traffic.
True
True or False? A guideline for firewall selection is to never skimp on throughput.
True
True or False? A hardware firewall is a dedicated hardware device specifically built and hardened to support the functions of firewall software.
True
True or False? A next-generation firewall (NGFW) is a device that offers additional capabilities beyond traditional firewall functionality.
True
True or False? A small office/home office (SOHO) environment can be a workgroup or a client/server network.
True
True or False? A small office/home office (SOHO) firewall may include intrusion detection.
True
True or False? A small office/home office (SOHO) virtual private network (VPN) hardware firewall provides remote access.
True
True or False? All the rules on a firewall are exceptions.
True
True or False? An IPv6 address consists of 128 bits; an IPv4 address consists of 32 bits.
True
True or False? An active threat is one that takes some type of initiative to seek out a target to compromise.
True
True or False? An intrusion detection system (IDS) serves as a companion mechanism to a firewall.
True
True or False? An intrusion prevention system (IPS) does not replace an intrusion detection system (IDS).
True
True or False? Authentication is the proof or verification of a user's identity before granting access to a secured area.
True
True or False? Basic packet filtering provided by routers can be used to protect subnets within a network.
True
True or False? Caching is a data storage mechanism that keeps a local copy of content that is fairly static in nature.
True
True or False? Content filtering can focus on domain name, URL, filename, file extension, or keywords in the content of a packet.
True
Which of the following is an authentication method that supports smart cards, biometrics, and credit cards, and is a fully scalable architecture? - Kerberos - TACACS - RADIUS - 802.1x
802.1x
Which of the following is a feature of NTFS that allows complete additional files to successfully hide beneath any normal file object and be almost undetectable?
Alternate Data Streams (ADS)
Mario is the network security engineer for his company. He discovered that, periodically, a remote user working from home accesses certain resources on the network that are not part of her regular duties. Mario has questioned the user and her supervisor, and has accessed the user's workstation. Mario believes the user is not the source of these intrusions and strongly suspects a malicious source is responsible. What is the most likely explanation? - An external hacker has gained access to the user's authentication and is accessing confidential company resources. - Mario has erroneously interpreted the firewall logs, and the user has not accessed such data. - The user has fooled Mario into believing her innocence and she really is the malicious intruder. - The user requires periodic access to data that is only sometimes part of her job duties.
An external hacker has gained access to the user's authentication and is accessing confidential company resources.
A firewall is a filtering device that watches for traffic that fails to comply with rules defined by the firewall administrator. What does the firewall inspect? - Packet header - Packet trailer - Packet encryption - Packet latency
Packet header
A major U.S. online retailer has discovered that thousands of purchases have been paid for by stolen credit card numbers. An initial analysis of the location of the buyers reveals IP addresses from within the United States. Upon further investigation, it is found that the actual origin point of the fraudulent buyer is a series of IP addresses located in Asia. What technology is the fraudster using? - Port address translation (PAT) - IP address fraud - Proxy server - Network address translation (NAT)
Proxy server
Which of the following records every connection outside the network on the internet by IP address and URL requested?
Proxy server
Gino is an ethical hacker hired as a consultant to test the security of a mid-sized company's network. As part of his assignment, he has been given physical access to the system. He has built a dictionary of hashed passwords from the hard drive of the device. Which type of attack is he planning to launch? - Rainbow - Brute force - Hybrid - Dictionary
Rainbow
The chief information officer (CIO) is working with the chief financial officer (CFO) on next year's budget for new networking equipment. The CIO is explaining that lowest-cost equipment is not the sole deciding factor. The hardware must conform to high security standards to prevent a malicious person from hacking into the network and accessing valuable company data. Which of the following considerations does not specifically require a hacker to have physical access to the equipment? - Removable case - Reset button - Remote connection - Portability
Remote connection
Which deployment of a web server uses network address translation (NAT) mapping and is considered the poorest security choice? - Co-location - Demilitarized zone (DMZ) - Hosting - Reverse proxy
Reverse proxy
True or False? Cryptocurrency is electronic currency for which the existence of the currency is a mathematical formula stored on the systems of the participants and has a value that fluctuates.
True
True or False? Firewall logging helps to ensure that defined filters or rules are sufficient and functioning as expected.
True
True or False? Firewalls should be considered a part of a security infrastructure, not the totality of security.
True
True or False? Fragmentation attacks involve an abuse of the fragmentation offset feature of IP packets.
True
True or False? Hardening is the process of securing or locking down a host against threats and attacks.
True
True or False? If a server has a public IP address, it is a potential target for hacker attacks.
True
True or False? In a risk assessment, the asset value (AV) includes both tangible and intangible costs.
True
True or False? In the fail-safe security stance, when any aspect of security fails, the best result of that failure is to fail into a state that supports or maintains essential security protections.
True
True or False? It is often more difficult to preserve a user's privacy on the Internet than in the physical world.
True
True or False? Networked systems that are no longer used or monitored can become network entry points for hackers.
True
True or False? One common firewall event that usually warrants an alert is a firewall reboot.
True
True or False? One contingency for growth is to build additional capacity into the current infrastructure.
True
True or False? Security objectives are goals that an organization strives to achieve through its security efforts.
True
True or False? Security systems configured by the same security administrator can potentially have the same misconfiguration or design weakness.
True
True or False? Static packet filtering uses a static or fixed set of rules to filter network traffic.
True
True or False? The User Domain of an IT infrastructure refers to actual users, whether they are employees, consultants, contractors, or other third-party users.
True
True or False? The WAN Domain of an IT infrastructure includes networks owned by a telco or a carrier network company that leases access to corporations.
True
True or False? The collection of disparate log information from systems on a network is called aggregation.
True
True or False? The pfSense firewall requires the host to have at least two network interface controllers (NICs).
True
True or False? Under the universal participation security stance, every employee, consultant, vendor, customer, business partner, and outsider must be forced to work within the security policy's limitations.
True
True or False? Users with the minimum level of access to resources needed to complete their assigned tasks follow the principle of least privilege.
True
True or False? Whitelisting blocks the execution of any program not on the approved list.
True
True or False? Windows Defender Firewall is an example of a native firewall.
True
True or False? With diversity of defense, most layers use a different security mechanism.
True
True or False? You can check firewall connectivity using the ping and traceroute commands.
True
True or False? A buffer overflow is an attack against poor programming techniques and a lack of quality control.
True
True or False? A demilitarized zone (DMZ) is a boundary network that hosts resource servers for the public Internet.
True
True or False? A router is a wired or wireless device that routes traffic between network segments.
True
True or False? A wrapper is a specialized tool used by hackers to build Trojan horses.
True
True or False? An advanced persistent threat (APT) quietly resides on a target machine until activated.
True
True or False? Determining who or what is trustworthy on a network is an ongoing activity.
True
True or False? IT infrastructure growth can be expected, unexpected, gradual, or abrupt.
True
True or False? In a full connection mesh topology, all devices on a network are connected to all other devices.
True
True or False? In terms of an attack, scanning is the activity of using various tools to confirm information learned during reconnaissance and to discover new details.
True
True or False? In the context of networks, the term "topology" refers to the order and arrangement of the elements of a communications network.
True
True or False? Information leakage often stems from malicious employees.
True
True or False? Insertion attacks involve the introduction of unauthorized content or devices into an otherwise secured infrastructure.
True
True or False? Network router security is primarily about preventing unauthorized access.
True
True or False? Nonrepudiation is the security principle that prevents a user from being able to deny having performed an action.
True
True or False? Outbound network traffic should be subjected to the same investigations and analysis as inbound network traffic.
True
True or False? Redundancy is the act of avoiding single points of failure.
True
True or False? TCP/IP is a suite of two communication protocols.
True
True or False? The WAN Domain of an IT infrastructure includes networks owned by a telco or a carrier network company that leases access to corporations.
True
True or False? Wired topologies have a physical wire between devices, allowing for communication among those devices.
True
True or False? With single sign-on (SSO), users need to log on to the network only once during a session.
True
True or False? Zero-day exploits are new and previously unknown attacks for which no current specific defenses exist.
True
When considering network expenditures, sunk costs should not influence future choices.
True
Windows Defender FIrewall is an example of a native firewall
True
Wired topologies have a physical wire between devices, allowing for communication among those devices.
True
With diversity of defense, most layers use a different security mechanism.
True
With single sign-on (SSO), users need to log on to the network only once during a session.
True
You can check firewall connectivity using ping and traceroute commands.
True
Zero-day exploits are new and previously unknown attacks for which no current specific defenses exist.
True
Which of the following is described as confidence in your expectation that others will act in your best interest? - Threat - Permission - Trust - Security
Trust
Thirty years ago, a major corporation purchased and still owns IP addresses within the IPv4 Class A range. The corporation uses these addresses to connect to the Internet. To which IPv4 address range do they belong? - 172.16.0.0 to 172.31.255.255 - 192.168.0.0 to 192.168.255.255 - 1.0.0.1 to 126.255.255.254 - 10.0.0.0 to 10.255.255.255
1.0.0.1 to 126.255.255.254
While the design of a hardware firewall requires it to filter all inbound and outbound traffic, it can also act as a bottleneck for that traffic if the wire speed it filters at is too slow. For a 1 gigabits per second (Gbps) network, what filtering wire speed should the firewall possess?
2 Gbps or higher
Tonya is a student. She is working through a network addressing scheme example for a class. She has read that the 128-bit address 2001:0f58:0000:0000:0000:0000:1986:62af can be shortened but is trying to understand how. What is the correct solution? - 2001:0f58:1986:62af - 2001:0f58::1986:62af - 2001:0f58:0:1986:62af - 2001:0f58:0:0:0:0:1986:62af
2001:0f58::1986:62af
The network engineer of a mid-size company needs to have all servers, network printers, and other online resources possess the same IPv6 address over time. The engineer does not want to perform manual address assignments on all of these resources. Additionally, she wants to prevent any rogue device from having an IPv4 address dynamically assigned just by making the request. What is her solution? 1. Using static addressing and a hardware firewall 2. Static addressing of the most vital network resources 3. Dynamic Host Configuration Protocol (DHCP) reservation 4. Dynamic Host Configuration Protocol (DHCP)
3. Dynamic Host Configuration Protocol (DHCP) reservation
Which of the following can affect the confidentiality of documents stored on a server? - A denial of service (DoS) attack - A distributed denial of service (DDoS) attack - Information about the server being accessed - A server breach
A server breach
Which of the following best describes a network chokepoint? - A load balancing system that acts as a funnel point for traffic, that is an ideal place to enforce policy, and that is done through the firewall - A specialized kind of gateway that focuses on traffic to a single concentrated pathway to streamline the process of filtering - A device that analyzes traffic based on destination address - A proxy installed between a firewall and a web server
A specialized kind of gateway that focuses on traffic to a single concentrated pathway to streamline the process of filtering
In preserving the confidentiality of users on a corporate network, which party is responsible for setting up security policies to guarantee users' privacy? - Administrator - The Vice President of Information Services - Hardware engineer - Infrastructure designer
Administrator
The IT security officer for a large company has spent the past year upgrading security for the corporate network. Employees working from home have personal firewalls running on their computers. They use a virtual private network (VPN) to connect to the corporate network. The corporate network utilizes the latest devices and techniques, including an intrusion detection system/intrusion prevention system (IDS/IPS), anti-malware protection, and firewalls. What security threat most likely still needs to be addressed? - An internal threat, such as a disgruntled employee or contractor - Weak remote access security - A distributed denial of service (DDoS) attack during a network maintenance cycle - An unpatched web server
An internal threat, such as a disgruntled employee or contractor
In executing the processes of risk assessment and risk management, which statistic calculates the potential number of times the threat could be a realized attack in a year's time? - Single loss expectancy - Exposure factor - Annualized rate of occurrence - Annualized loss expectancy
Annualized rate of occurrence
Although it is not recommended, a company chief information officer (CIO) wants to configure and use the ff02::1 group on his new IPv6 network to send traffic to every node in the infrastructure. What group must he enable? - Multicast to the all-nodes group - Unicast - Multicast - Anycast
Anycast
Which of the following roles is most commonly responsible for observing system and user activity, looking for violations, trends toward bottlenecks, and attempts to perform violations? - Support supervisor - Senior management - Network administrator - Auditor
Auditor
Charles is an IT help desk technician. He gets a ticket from a branch office saying that they lost Internet connectivity. He investigates remotely over a backup maintenance link and determines that this was done by design; the office's firewall deliberately severed the connection. Which is the following does this functionality define? - Bump-in-the-stack - Bump-in-the-wire - Client firewall - Bastion host
Bastion host
You are setting up a small home network. You want all devices to communicate with each other. You assign IPv4 addresses between 192.168.0.1 and 192.168.0.6 to the devices. What processes must still be configured so that these nodes can communicate with the Internet?
Both network address translation (NAT) and port address translation (PAT) must be enabled to allow private network addresses to be translated to a random external port and public IP address.
When setting up port forwarding on an external firewall to pass HTTP traffic from the Internet to an internal web server, the external address and port are 208.40.235.38:8081. What is the internal IP address and port, assuming the most common port for that protocol? A. 192.168.5.74:21 B. 192.168.5.74:25 C. 192.168.5.74:80 D. 192.168.5.74:123
C. 192.168.5.74:80
Nina is a corporate attorney for a San Francisco firm. The chief information and security officer (CISO) told her that the firm's data center had been hacked 24 hours ago. The personal information of more than 3 million users was accessed, including their full names, addresses, and login credentials. Nina discusses the company's liability under the law, including the requirement to implement and maintain reasonable security procedures and practices. If it can be proven that the firm was negligent, it may need to pay damages. Which of the following regulates this issue? - National Information Infrastructure (NII) - Electronic Privacy Information Center (EPIC) - California Consumer Privacy Act (CCPA) - Common Gateway Intrusion Amendment
California Consumer Privacy Act (CCPA)
Miles is an IT consultant. He is given the specifications of a networking project for the new campus of a multinational corporation. Among the requirements, switches and wireless access points (WAPs) must interconnect all nodes, the network must use hardware firewalls, and it must support single sign-on (SSO). Which network infrastructure does he select that fulfills these requirements? - Workgroup - Client/server - Wide area network (WAN) - Small office/home office (SOHO)
Client/server
Augustine is a network engineer for a mid-sized company. He needs to deploy a new firewall, which was expensive to purchase and is complex to configure. In preparation for installation and configuration, he attends training conducted by the firewall vendor. Which of the following types of firewalls is he most likely planning to install? - Commercial - Appliance - Personal - Native
Commercial
Temika is the IT security officer for her company. She is developing a plan to measure the effectiveness of the organization's network security. Which of the following will accomplish that goal? - Establishing and deploying a roadmap for securing the entire IT infrastructure based on written goals - Developing a written network security policy that addresses multiple contingency plans for a variety of exploits - Continually improving the state of security so that, as time passes, the network is better protected than it was in the past - Installing a single, comprehensive defense component designed to prevent all possible attacks
Continually improving the state of security so that, as time passes, the network is better protected than it was in the past
Which form of attack is described as throttling the bandwidth consumption on an Internet link at a specific interval as a method of transmitting small communication streams such as user credentials? - Slack space - ICMP redirects - Covert channels - Unpartitioned bandwidth
Covert channels
A social networking website has been gathering a great deal of personal information on its users for years. This presents the potential danger of exposure if the site is hacked. In addition, the data could be sold by the social networking platform without the users' knowledge or consent. What technology does the social media company most likely use to gather data, such as users' buying preferences? - Data mining - Access control - Firewall logging - Targeted advertising
Data mining
What is an intrusion detection system/intrusion prevention system (IDS/IPS) that uses patterns of known malicious activity similar to how antivirus applications work? - Behavioral-based detection - Anomaly-based detection - Database-based detection - Baseline-based detection
Database-based detection
Devaki is an engineer who is designing network security for her company's infrastructure. She is incorporating protections for programming flaws, default settings, maximum values, processing capabilities, and memory capacities on devices, as well as malicious code and social engineering. What is this type of protection called? - Security through obscurity - Defense in depth - Divide and conquer - Single point of failure avoidance
Defense in depth
Which type of boundary network hosts resource servers for the public Internet? - Intranet - Extranet - N-tier - Demilitarized zone (DMZ)
Demilitarized zone (DMZ)
Which of the following is unlikely to support at-firewall authentication? - Virtual private network (VPN) firewall - Web server - Demilitarized zone (DMZ) firewall - Intrusion detection system (IDS)
Demilitarized zone (DMZ) firewall
Brianna is an IT technician. She is studying a threat that holds the communication channel open when a TCP handshake does not conclude. What kind of attack does this involve? - Denial of service (DoS) attack - The interception of transaction data - Unauthorized persons breaching a server's document tree - Hackers accessing information on a server
Denial of service (DoS) attack
Whcih of the following is a common firewall philosophy?
Deny by default
Which of the following is a common firewall philosophy? - Allow by default - Deny by exception - Deny by default - Fail by exception
Deny by default
Which of the following is a firewall implementation best practice? - Different firewall products should be used depending on firewall placement, such as different products for border firewalls versus internal host firewalls. - Firewalls should be placed within the demilitarized zone (DMZ) to protect server and internal networks separately. - Host firewalls should be deployed as chokepoints. - A single firewall model should be used for all firewall placements.
Different firewall products should be used depending on firewall placement, such as different products for border firewalls versus internal host firewalls.
Alejandro is a cybersecurity contractor. He was hired by a Fortune 500 company to redesign its network security system, which was originally implemented when the company was a much smaller organization. The company's current solution is to use multiple firewall platforms from different vendors to protect internal resources. Alejandro proposes an infrastructure security method that, in addition to firewalls, adds tools such as an intrusion detection system (IDS), antivirus, strong authentication, virtual private network (VPN) support, and granular access control. What is this solution called? - Simplicity - N-tier deployment - Diversity of defense - Least privilege
Diversity of defense
What prevents firewall filtering? - Authentication - Session length - Encryption - Remote access
Encryption
Delmar is a consultant configuring a small firewall for a client who uses a small office/home office (SOHO) network. He is permitting the common protocols on the outbound connection, but he can only forward rather than block incoming protocols. If he forwards common protocols such as FTP, Telnet, and NetBIOS, how can this protect the network from anyone who may maliciously use these ports? - Forward to port 3074, which is used by Xbox since it is not a workstation - Forward to the IP address and port on the last computer in the network, which is set up for just such a purpose - Forward to a nonexistent port where no device is listening - Forward to ports 81 and 82, which are overflows for port 80 and have no valid use
Forward to a nonexistent port where no device is listening
You are a network professional. You want to overcome the security shortcomings of the Domain Name System (DNS) and protect the IP address locations of sensitive resources on the internal network. What alternative can you use? - Intrusion detection system (IDS) - HOSTS file - Fully qualified domain name (FQDN) - Microsoft Active Directory
HOSTS file
Removing all unnecessary protocols, uninstalling all unnecessary applications and services, and installing the latest final releases of all device drivers are part of which security process? - Hardening - Portability - Anti-spoofing - Auditing
Hardening
A chief financial officer's (CFO's) business account has been leaked onto the Internet, including the CFO's username, password, and financial data. The firm's security manager scanned the CFO's computer for viruses, which was clean. However, the manager is still convinced that the CFO's computer is somehow compromised, allowing whatever is typed to be disclosed. The manager recalls that six weeks ago, the CFO's assistant was caught illicitly accessing secure financial files and was subsequently dismissed. What is the likely problem? - Trapdoor - Backdoor - Hardware keystroke logger - Logic bomb
Hardware keystroke logger
Which of the following is closely associated with maintaining data integrity?
Hash
A chief information officer (CIO) works for a mid-sized company located on the California coast. The CIO is developing a disaster plan for the IT infrastructure in the event of an earthquake powerful enough to damage or destroy network and computing equipment, including the database servers. What can she do to protect valuable company data even under the worst circumstances? - Purchase special insurance that will protect the company from permanent and excessive financial loss. - Have the data regularly backed up and stored in a secure, off-site facility not prone to such environmental dangers. - Structurally reinforce the data center so that it can withstand the most powerful earthquake or other disaster, even if the rest of the business campus is destroyed. - Use RAID to create redundant database servers on the company's grounds so that if one server is damaged or destroyed, its mirror server may survive, preserving the data.
Have the data regularly backed up and stored in a secure, off-site facility not prone to such environmental dangers.
Which of the following is a protocol that allows web servers to complete secure transactions over the Internet? - Hypertext Transfer Protocol Secure (HTTPS) - Hypertext Markup Language (HTML) - Transmission Control Protocol/Internet Protocol (TCP/IP) - Demilitarized zone (DMZ)
Hypertext Transfer Protocol Secure (HTTPS)
Which form of addressing uses 32 bits and subnetting, but suffers from a lack of integrated security? - Static - Media Access Control (MAC) - Internet Protocol version 4 (IPv4) - Internet Protocol version 6 (IPv6)
Internet Protocol version 4 (IPv4)
Nicolau is a network engineer for a large online retailer. He is concerned about the security of his company's network connections to its customers, vendors, and partners. Although all of these sources are generally trusted, he knows they can be hacked by malicious parties and used to steal confidential company data. Which network-based solution should he choose to detect unauthorized user activity and attacks that is also capable of taking action to prevent a breach? - Data encryption - Router anti-tampering - Intrusion detection system/intrusion prevention system (IDS/IPS) - Firewall
Intrusion detection system/intrusion prevention system (IDS/IPS)
Mohammad is presenting IPv6 cryptographic security features to his networking class. A student asks him to explain data origin authentication. How does he answer this question? - It is a solution that creates a tunnel for traffic between two IPv6 hosts through an IPv4 network. - It encrypts network traffic and cannot be deciphered without the appropriate encryption key. - It involves a checksum that can be used by the receiver to verify that the packet wasn't modified in transit. - It uses a checksum that incorporates a shared encryption key so that the receiver can verify that the data was actually sent by the apparent sender.
It uses a checksum that incorporates a shared encryption key so that the receiver can verify that the data was actually sent by the apparent sender.
In theory, a hacker with a small but powerful directional antenna could access a wireless network from more than one mile away. In a real-world situation, what is the more likely range involved? - More than 3,000 feet - More than 5,500 feet - Less than 2,000 feet - Less than 1,000 feet
Less than 1,000 feet
The chief information officer (CIO) of a large company has been informed by the board of directors that their corporation is anticipating rapid growth over the next two years. She calculates the contingency of building additional capacity into the current network infrastructure. Based on the board's growth estimates, what percentage of additional capacity should she plan for? - More than 50 percent - 30 percent - 20 percent - 10 percent
More than 50 percent
An IT infrastructure manager is reviewing his company's computer assets, particularly the mean time to failure (MTTF) of the PC and server hard drives. The manufacturer of the hard drives typically used in the company states that the MTTF is approximately 11 years. Because servers and some high-priority workstations must operate continuously except for brief periods of maintenance, how many hours, on average, can these hard drives be expected to operate before failure? - 50,000 to 75,000 hours - More than 90,000 hours - 25,000 to 50,000 hours - 75,000 to 90,000 hours
More than 90,000 hours
Which of the following can be described as putting each resource on a dedicated subnet behind a demilitarized zone (DMZ) and separating it from the internal local area network (LAN)? - Simplicity - Single defense - N-tier deployment - Virtual LAN (VLAN)
N-tier deployment
Marcus is studying networking with an emphasis on cybersecurity at a local university. As part of his research, he wants to visit certain hacker sites but is concerned that his laptop would be vulnerable to passive threats while visiting them. He doesn't have the funds for expensive security equipment. What is the least expensive option he has at hand? - Active firewall - Native firewall - Passive firewall - Secure firewall
Native firewall
Which network security technology can block or restrict access if a computer does NOT have the latest antivirus update, a certain security patch, or a host firewall? - Network access control (NAC) - Firewall - Intrusion prevention system (IPS) - Intrusion detection system (IDS)
Network access control (NAC)
Which of the following is considered a node? - Keyboard - Network cable - Patch panel - Networked printer
Networked printer
Jae is a network consultant hired by a small business client. He has been asked to recommend a firewall solution. Given the relatively small size of the infrastructure, he suggests a firewall that provides integrated intrusion detection system/intrusion prevention system (IDS/IPS) functionality because a single device offering multiple functions is cost- and space-effective. What is the solution? - Commercial software firewall - Appliance firewall - Next-generation firewall (NGFW) - Virtual firewall
Next-generation firewall (NGFW)
What does a digital signature provide? - Confidentiality - Nonrepudiation - Authentication - Integrity
Nonrepudiation
Amy is a network engineering consultant who is designing security for a small office/home office (SOHO) company. The network consists of 10 workstations plus a wireless printer, but it needs remote authentication. The client has a limited budget and the network design needs to be relatively simple. What type of authentication solution does she deploy? - One that operates using IEEE 802.1x - One that uses port-based network access (admission) control (PNAC) - One that uses RADIUS - One that authenticates at the firewall and doesn't integrate with single sign-on (SSO)
One that authenticates at the firewall and doesn't integrate with single sign-on (SSO)
Which fragmentation attack results in full or partial overwriting of datagram components?
Overlap
Which fragmentation attack results in full or partial overwriting of datagram components? - Overdrive - Overlap - Overrun - Overflow
Overlap
Geraldine is a freelance network technician. She has been hired to design and build a small office/home office (SOHO) network. She is considering what firewall solution to select, keeping in mind that her client has a tight budget and the network is made up of no more than six nodes. Which of the following is the best solution? - Next-generation firewall - Commercial software firewall - Personal hardware firewall integrated in the wireless access point or modem - Commercial hardware firewall
Personal hardware firewall integrated in the wireless access point or modem
Tonya is redesigning her company's network infrastructure to accommodate rapid growth. Several departments are highly specialized. Tonya needs to allow Network News Transfer Protocol (NNTP) on some, but not all, subnets. Her budget is limited. Which of the following is the best solution? - Place existing routers capable of packet filtering at each subnet. - Configure the native firewall on each workstation to filter traffic based on the requirements for the subnet they're on. - Install firewalls at the demilitarized zone (DMZ) to filter packets by protocol, port, and destination subnet, and then perform port forwarding. - Install firewalls at each network segment with rules to filter specific traffic for each one as required.
Place existing routers capable of packet filtering at each subnet.
Israel is a network technician who has just deployed a new firewall. Before putting it in production, he wants to test the firewall's ability to filter traffic according to its rule set, without risking the internal network. What is the best solution? - Place the firewall in a virtual network environment and simulate traffic. - Place the firewall within the DMZ and use the ping command. - Place the firewall outside the DMZ and use the tracert command. - Place the firewall outside the demilitarized zone (DMZ) with a production firewall behind it protecting the internal network.
Place the firewall in a virtual network environment and simulate traffic.
The design of firewall placement and configuration in a network infrastructure has many aspects. Which of the following concerns is most likely related to an upper management decision that does NOT conform with existing security policy? - Financial - Technical - Staffing - Political
Political
Which of the following is a concern when considering the use of a demilitarized zone (DMZ) firewall solution to access high-value data on an internal network? - Expense - Virtual private network (VPN) server vulnerabilities - Poorly designed placement of firewalls on subnets - Poorly constructed firewall rules
Poorly constructed firewall rules
Which of the following network zones has the lowest risk and highest trust?
Private network
Which of the following network zones has the lowest risk and the highest trust? - Internet - Extranet - Private network - Demilitarized zone (DMZ)
Private network
Logan is a network administrator. He is considering a firewall purchase for a branch office being built by his company. Above all other considerations, the design requires a device capable of a high degree of imposing user access restrictions. What is this called? - Audit capacities - Authentication - Privilege control - Security assurance
Privilege control
Which type of hacker is a criminal whose career objective is to compromise IT infastructure?
Professional
Which operating system (OS) for a bastion host runs on most appliance firewalls as well as many Internet service provider (IPS) connection devices?
Proprietary OS
Which type of hackers often lack the knowledge or motivation to write their own malicious code, depend on programs written by others to use in their attacks, and may not understand the full consequences of their actions? - Recreational - Opportunistic - Professional - Script kiddie
Script kiddie
The combination of certain techniques allows for relevant information collected by this solution from multiple systems and processes to be aggregated and analyzed for use in decision making. What is the name of this solution? - Write-once read-many (WORM) - Security information management (SIM) - Security information and event management (SIEM) - Security event management (SEM)
Security information and event management (SIEM)
Which of the following is described as an approach to network security in which each administrator is given sufficient privileges only within a limited scope of responsibility? - Fail-safe - Defense in depth - Separation of duties - Simplicity
Separation of duties
Manuela has researched a third-party software firewall she wants to install on her PC since she believes it is a better quality than the operating system's onboard firewall. She has read the installation instructions. The firewall is compatible with her operating system and has gotten good customer reviews. After performing the installation last week, she notices that numerous malicious exploits are successfully hacking her computer. What went wrong? - She forgot to see if the third-party and native software programs were compatible. - She forgot to disable the native firewall when she installed the third-party firewall. - She forgot to disable the third-party firewall after installation and left the native firewall running. - She forgot to make sure that the rule sets of both software firewalls were identical.
She forgot to disable the native firewall when she installed the third-party firewall.
Landon is a network contractor. He has been hired to design security for the network of a small company. The company has a limited budget. Landon is asked to create a system that will protect the company's workstations and servers without undo expense. Landon decides to deploy one hardware firewall between the Internet and the local area network (LAN). What is this solution called? - Single defense - Fail-safe - N-tier deployment - Defense in depth
Single defense
Every morning when James logs into his computer and attempts to access Microsoft 365, he is asked to enter his password. After that, he is sent a text on his mobile phone with a six-digit code he must enter. In terms of multifactor authentication, his password is something he knows. What is the text message? - Something he types - Something he knows - Something he is or does - Something he has
Something he has
Which network device differentiates network traffic using Layer 2 of the OSI model? - Router - Active hub - Switch - Dumb hub
Switch
Mei is working from home and speaking with her department manager on a Voice over IP (VoIP) phone connection. This technology allows telephone conversations to be routed over the Internet. During a VoIP conversation, Mei loses a few moments of what the manager has said to her. What is the problem? - The OSI model Physical Layer failed to convert data into transmittable bits. - The OSI model Session Layer momentarily dropped the communication channel. - The OSI model Transport Layer was unable to guarantee reliable packet delivery. - The OSI model Network Layer failed to reassemble some of the bits into audible data.
The OSI model Transport Layer was unable to guarantee reliable packet delivery.
A company has discovered that confidential business information has been repeatedly acquired by a competitor over the past six months. The IT security team has been unable to find the leaks. The team suspects a form of side-channel eavesdropping may be involved. What is the suspected hacking method? - An employee has been paid to leak company secrets to the competitor. - The company's wireless network has been hacked. - A zero-day exploit has breached a previously unknown vulnerability. - The competitor is using a phreaking attack.
The competitor is using a phreaking attack.
Shamika is a networking student who has just moved into a small house with two other roommates. She has purchased a new DSL modem and is planning on configuring the built-in firewall. She needs to change the default username and password for the device first. What is her concern? - The default username and password are likely available on the Internet and anyone could use those credentials to hack into the modem and access the home network. - The DSL company has those credentials and could use them to monitor her network communications. - She will be unable to configure the firewall until those temporary default credentials have been changed. - She is being overly cautious, as home networks are a low priority for hackers.
The default username and password are likely available on the Internet and anyone could use those credentials to hack into the modem and access the home network.
A major social networking site has been hacked. The usernames, passwords, and security questions of more than 500 million users were compromised. The company disclosed the breach to all users, advising them to immediately change their passwords and security questions. The vulnerability that lead to the breach has been discovered and patched. However, the security engineer suspects there is still a problem left unaddressed. What is the most likely problem? - The network may still be attacked using a zero-day exploit. - Wardialing over telephone lines could discover active and answering modems in the system. - The company's web servers could still be at risk of banner grabbing. - The hackers may have left malicious tools within the network that will allow them continued access.
The hackers may have left malicious tools within the network that will allow them continued access.
Jacob is a network technician who works for a publishing company. He is setting up a new hire's access permissions. The new hire, Latisha, is an editor. She needs access to books that have been accepted for publication but are in the review stage. Jacob gives her access to the network drive containing only books in review, but not access to administrative or human resources network drives. What principle is Jacob applying? - The principle of separation of duties - The principle of defense in depth - The principle of simplicity - The principle of least privilege
The principle of least privilege
Carl is a network engineer for a mid-sized company. He has been assigned the task of positioning hardware firewalls in the IT infrastructure based on common pathways of communication. After analyzing the problem, on which aspect of the network does he base his design? - Remote access - Wireless access points - Network structure - Traffic patterns
Traffic patterns
Nahla is a network engineer charged with maintaining the routine operations of equipment in her company's server room. She is aware that fluctuations in electrical power flow can damage delicate circuitry. While configuring redundancy into a number of systems, which component does she choose that offers both redundancy and power conditioning? - Redundant array of inexpensive disks (RAID) - Uninterruptable power supply (UPS) - Intrusion detection system (IDS) - Intrusion prevention system (IPS)
Uninterruptable power supply (UPS)
Dhruv is the lead network engineer for his three-year-old company. He is writing a proposal that recommends the network protocol to use in several branch offices. Based on the age of the networking equipment, what is his recommendation to the chief information officer (CIO)? - Continue to use IPv4 - Transition from Post Office Protocol (POP) to Simple Mail Transfer Protocol (SMTP) - Transition to IPX/SPX - Upgrade to IPv6
Upgrade to IPv6
You are a network professional. You want to overcome the security shortcomings of the Domain Name System (DNS). Of the following, what is one of those shortcomings?
Use of plaintext communication
As part of the bring your own device (BYOD) program, the company CIO is encouraging employees to use their personal devices for business purposes. However, an attacker with the right kind of antenna can access the wireless network from a great distance, putting personal devices at risk. What is the best solution? - Use subnets and filtering - Turn off all wireless access - Use virtual private networking - Use a firewall on each device
Use subnets and filtering
What is an example of security through obscurity? - Assuming your system will not be noticed when connecting to the Internet - Using the default service port of a network service - Using a nonstandard operating system for workstations such as FreeBSD - Keeping an encryption algorithm secret
Using a nonstandard operating system for workstations such as FreeBSD
Joaquin is a senior network technician for a mid-sized company who has been assigned the task of improving security for the IT infrastructure. He has been given a limited budget and must increase security without redesigning the network or replacing all internetworking security devices. He focuses on an approach that will identify a single vulnerability. What does he recommend? - Fail-open - Weakest link - Single defense - Chokepoint
Weakest link
A network infrastructure supervisor is designing a firewall placement strategy that will protect the organization's Internet-facing web and email servers and the internal network. Which design will best protect both? - Placing the firewall between the Internet and a single network hosting both the servers and the internal network, using port forwarding to direct traffic to the servers - Using two firewalls to create a demilitarized zone (DMZ); one firewall is placed between the Internet and the servers, the other firewall is located behind the first firewall and the servers protecting the internal network - Using a perimeter network design where all Internet traffic enters the firewall; one interface of the firewall connects to a perimeter network hosting the web and email servers, while the internal network receives traffic from a separate firewall interface - Placing the web and email servers, configured with the latest patches and anti-malware applications, on the Internet in front of the firewall, while placing the internal network behind the firewall
Using two firewalls to create a demilitarized zone (DMZ); one firewall is placed between the Internet and the servers, the other firewall is located behind the first firewall and the servers protecting the internal network
Norman is a network engineer. He is creating a series of logical networks based on different departments for a new branch office. Although the physical locations of the computers for a particular department may be in different areas or on different floors of the building, they have to operate as if they are on a single physical network. Norman's solution involves putting the accounting, engineering, and marketing computer nodes on different subnets. What sort of network topology does Norman create? - Star - Access point - Virtual local area network (VLAN) - Local area network (LAN)
Virtual local area network (VLAN)
Many company employees work from home on a full-time basis. What technology do they commonly use to communicate securely with the organization's network? - Proxy server - Virtual private network (VPN) - Firewall - Host
Virtual private network (VPN)
The chief information officer (CIO) is negotiating lease prices with several telecommunications providers. She wants a service that offers circuits that will link to various physical buildings and branches, including a connection to the physical demarcation point. For what network infrastructure will this service be used? - Workgroup - Small office/home office (SOHO) - Wide area network (WAN) - Local area network (LAN)
Wide area network (WAN)
While there is no single rule as to the size of this network type, which network is usually made up of fewer than 10 computers and rarely more than 20?
Workgroup
Kristin's position in IT focuses on using antivirus, anti-spyware, and vulnerability software patch management to maintain security and integrity. Which IT infrastructure domain is she protecting? - Workstation Domain - User Domain - LAN-to-WAN Domain - LAN Domain
Workstation Domain
Which of the following must be done first to accomplish an organization's security goals? - Create a security group. - Create a continuous improvement plan. - Write down security goals. - Develop a graphic security design.
Write down security goals.
Logical topologies are primarily about: - connections. - gateways. - peripherals. - arrangement.
connections
A filter pathway is designed to: - use port forwarding to channel all network traffic into a single firewall. - make it hard to bypass a network filtering system and force all traffic through one route. - offer multiple subnets sitting behind a single software firewall. - use a reverse proxy between a firewall and the internal local area network (LAN).
make it hard to bypass a network filtering system and force all traffic through one route.