Network+ (Network Security)
Users at a remote site are unable to establish a VPN to the main office. At which of the following layers of the OSI model does this problem MOST likely reside? A. Application B. Presentation C. Physical D. Session
D. Session
A network administrator is responding to a statement of direction made by senior management to implement network protection that will inspect packets as they enter the network. Which of the following technologies would be used? A. Packet sniffer B. Stateless firewall C. Packet filter D. Stateful firewall
D. Stateful firewall * Stateful firewall keeps track of the state of network connections ( such as TCP streams, UDP communication) travelling across it. Only packets matching a known active connection will be allowed by the firewall;others will be rejected.*
Which of the following is a specialized piece of hardware designed to encrypt and decrypt user traffic? A. Proxy server B. TDR C. Smart jack D. VPN concentrator
D. VPN concentrator
A company wants to secure its WAPs from unauthorized access. Which of the following is the MOST secure wireless encryption method? A. SSID disable B. SNMPv3 C. WEP D. WPA2
D. WPA2
What can a network technician change to help limit war driving?
Signal strength
Which of the following ports would have to be allowed through a firewall for POP3 traffic to pass on its default port? A. 110 B. 123 C. 143 D. 443
A. 110
An administrator needs to open ports in the firewall to support both major FTP transfer modes. Which of the following default ports was MOST likely opened? A. 20 B. 21 C. 22 D. 23 E. 25 F. 53
A. 20 B. 21
Users are reporting that external web pages load slowly. The network administrator determines that the Internet connection is saturated. Which of the following is the BEST used to decrease the impact of web surfing? A. Caching B. Load balancing C. Port filtering D. Traffic analyzer
A. Caching
An administrator determines there are an excessive number of packets being sent to a web server repeatedly by a small number of external IP addresses. This is an example of which of the following attacks? A. DDoS B. Viruses C. Worms D. Man-in-the-middle
A. DDoS
The network administrator has been tasked to create a network segment where resources can be placed for public web access. Which should be implemented? A. DMZ B. Honeynet C. PAT D. Port Security
A. DMZ
Which of the following can be described as a DoS attack? A. Disabling a specific system and making it unavailable to users B. Implementing a keylogger C. Intercepting a packet and decrypting the contents D. Communication with employees to get information
A. Disabling a specific system and making it unavailable to users
Honeypots and honeynets are different in which of the following ways? A. Honeynets are managed collections of honeypots. B. Honeypots only test software security, not hardware C. Honeynets require specialized hardware to implement. D. Honeypots are usually servers and honeynets are routers and switches.
A. Honeynets are managed collections of honeypots. * A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems.*
Which of the following network appliances will only detect and not prevent malicious network activity? A. IDS B. Network sniffer C. IPS D. Firewall
A. IDS
Which of the following will BEST block a host from accessing the LAN on a network using static IP addresses? A. IP filtering B. Port filtering C. MAC address filtering D. DHCP lease
A. IP filtering
A network technician has configured a new firewall with a rule to deny UDP traffic. Users have reported that they are unable to access Internet websites. The technician verifies this using the IP address of a popular website. Which of the following is the MOST likely cause of the error? A. Implicit deny B. HTTP transports over UDP C. Website is down D. DNS server failure
A. Implicit deny *In a network firewall ruleset if a certain type of traffic isn't identified it will be denied or stopped by Implicit Deny*
A technician is troubleshooting authentication issues on a server. It turns out the clock on the serve was 72 minutes behind. Setting the clock to the correct time fixed the issue. Given the scenario, which of the following authentication methods was being sued? A. Kerberos B. Chap C. TACAS+ D. RADIUS
A. Kerberos
A user is connecting to the Internet at an airport through an ad-hoc connection. Which of the following is the MOST likely security threat? A. Man-in-the-middle B. Social engineering C. Phishing D. DoS
A. Man-in-the-middle
An administrator would like to inspect all traffic flowing over the SMTP protocol on a given network. Which of the following tools would accomplish this? (Select TWO) A. Packet sniffer B. Honeypot C. Port mirroring D. IPS E. Port scanner F. IDS
A. Packet sniffer C. Port mirroring
Which of the following remote access types requires a certificate for connectivity? A. SSH B. PPP C. HTTPS D. WEP
A. SSH
Which of the following does Kerberos use to authenticate? A. Tickets B. Servers C. Users D. Clients
A. Tickets *Kerberos keeps a database of its clients and their private keys. the private key is a large number known only to Kerberos and the client it belongs to. In the case that the client is a user, it is an encrypted password. Network services requiring authentication register with Kerberos, as do clients wishing to use those services. the private keys are negotiated at registration. *
Which of the following wireless standards uses a block encryption cipher rather than a steam cipher? A. WPA2-CCMP B. WPA C. WEP D. WPA2-TKIP
A. WPA2-CCMP
The security used to reduce vulnerabilities for MOST network devices that require regular application and monitoring is: A. patch management B. security limitations C. documentation D. social engineering
A. patch management
Which of the following allows a malicious attacker to view network traffic if the attacker is on the same network segment as Joe, an administrator? A. DoS attack B. Man-in-the-middle attack C. Smurf attack D. Xmas attack
B. Man-in-the-middle attack
Which of the following describes a single computer that is setup specifically to lure hackers into revealing their methods, and preventing real attacks on the production network? A. Evil twin B. Honeypot C. DMZ D. Honeynet
B. Honeypot *A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.*
Which of the following monitoring devices are used only to recognize suspicious traffic from specific software? A. Signature based IPS B. Application based IDS C. Anomaly based IDS D. Application based IPS
B. Application based IDS
A vendor releases an emergency patch that fixes an exploit on their network devices. The network administrator needs to quickly identify the scope of the impact to the network. Which of the following should have been implemented? A. Change management B. Asset management C. Network sniffer D. System logs
B. Asset management
Stateful packet inspection is a security used by which of the following devices? A. Unmanaged switch B. Hardware firewall C. Bridge D. IDS
B. Hardware firewall
An unusual amount of activity is coming into one of the switches in an IDF. A malware attack is suspected. Which of the following tools would appropriately diagnose the problem? A. Cable tester B. Protocol analyzer C. Load balancer D. OTDR
B. Protocol analyzer
Management has decided that they want a high level of security. They do not want Internet requests coming directly from users. Which of the following is the BEST recommendation? A. Content filter B. Proxy server C. Layer 3 switch D. Firewall
B. Proxy server
Which of the following performs authentication and provides a secure connection by using 3DES to encrypt all information between two systems? A. HTTPS B. SSH C. RSA D. SSL
B. SSH
Which of the following features will a firewall MOST likely use to detect and prevent malicious traffic on the network? A. Zone filtering B. Signature identification C. Port identification D. Port scanner
B. Signature identification
Which of the following would be the BEST solution for an IDS to monitor known attacks? A. Host-based B. Signature-based C. Network-based D. Behavior-based
B. Signature-based *Signature detection involves network traffic for a series of bytes or packet sequences known to be malicious. A key advantage to this detection method is that signatures are easy to develop and understand if you know what network behavior you're trying to identify.*
A network administrator is looking to implement a solution allowing users to utilize a common password to access most network resources for an organization. Which of the following would BEST provide this functionality? A. RADIUS B. Single sign on C. Multifactor authentication D. Two-factor authentication
B. Single sign on
PKI is a method of user authentication which uses which of the following? A. Various router commands B. Access control lists C. Certificate services D. RADIUS server
C. Certificate services *A PKI (Public Key Infrastructure) enables users of a basically unsecure network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.*
The company is setting up a new website that will be requiring a lot of interaction with external users. The website needs to be accessible both externally and internally but without allowing access to internal sources. Which of the following would MOST likely be configured on the firewall? A. PAT B. DHCP C. DMZ D. NAT
C. DMZ
A network administrator is performing a penetration test on the WPA2 wireless network. Which of the following can be used to find the key? A. DoS B. Buffer overflow C. Dictionary file D. SQL injection
C. Dictionary file
Several users are reporting connectivity issues with their laptops. Upon further investigation, the network technician identifies that their laptops have been attacked from a specific IP address outside of the network. Which of the following would need to be configured to prevent any further attacks from that IP address? A. Port Security B. IDS C. Firewall Rules D. Switch VLAN assignments
C. Firewall Rules
Which of the following uses SSL encryption? A. SMTP B. FTP C. HTTPS D. SNMP
C. HTTPS
A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied? A. TCP B. SMTP C. ICMP D. ARP
C. ICMP
Which of the following wireless security measures, although widely implemented, does not provide strong security? A. IPSec B. WPA2 C. MAC address filtering D. 802.1x
C. MAC address filtering
A strong network firewall would likely support which of the following security features for controlling access? (Select TWO) A. War driving B. War chalking C. MAC filtering D. FTP bouncing E. Port filtering
C. MAC filtering E. Port filtering
A technician suspects a virus has infected the network and is using up bandwidth. He needs to quickly determine which workstation is infected with the virus. Which of the following would BEST help Joe? A. Web server B. Syslog C. Network sniffer D. SNMP
C. Network sniffer
Which of the following would be used to check whether a DoS attack is taking place from a specific remote subnet? A. Syslog files B. Honeypot C. Network sniffer D. tracert
C. Network sniffer
An application server is placed on the network and the intended application is not working correctly. Which of the following could be used to make sure sessions are being opened properly? A. Antivirus scanner B. IDS C. Packet Sniffer D. Toner probe
C. Packet Sniffer
A network administrator has been tasked to deploy a new WAP in the lobby where there is no power outlet. Which of the following options would allow the network administrator to ensure the WAP is deployed correctly? A. QoS B. Install 802.11n WAP C. PoE D. Parabolic antenna
C. PoE
Which of the following network access security methods ensures communication occurs over a secured, encrypted channel, even if the data uses the internet? A. MAC filtering B. RAS C. SSL VPN D. L2TP
C. SSL VPN
A customer wants to increase firewall security. Which of the following are common reasons for implementing port security on the firewall? (Select TWO) A. Preventing dictionary attacks on user passwords B. Reducing spam from outside email sources C. Shielding servers from attacks on internal services D. Blocking external probes for vulnerabilities E. Directing DNS queries to the primary server
C. Shielding servers from attacks on internal services D. Blocking external probes for vulnerabilities
A system administrator is implementing an IDS on the database server to see who is trying to access the server. The administrator relies on the software provider for what to detect. Which of the following would MOST likely be installed? A. Behavior based IDS B. Network based IDS C. Signature based IDS D. Honeypot
C. Signature based IDS
A corporate office recently had a security audit and the IT manager has decided to implement very strict standards. The following requirements are now in place for each employee logging into the network: Biometric fingerprint scan Complex 12 character password 5 digit pin code authorization Randomized security question prompt upon login Which of the following security setups does this company employ? A. Single factor authentication B. Three factor authentication C. Two factor authentication D. single sign-on
C. Two factor authentication
A small office has created an annex in an adjacent office space just 20 feet (6 meters) away. A network administrator is assigned to provide connectivity between the existing office and the new office. Which of the following solutions provides the MOST security from third party tampering? A. CAT5e connection between offices via the patch panel located in building's communication closet B. CAT5e cable run through ceiling in the public space between offices. C. VPN between routers located in each office space D. A WEP encrypted wireless bridge with directional antennae between offices.
C. VPN between routers located in each office space
Which of the following appliances creates and manages a large number of secure remote-access sessions, and also provides a high availability solution? A. Media converter B. Proxy server C. VPN concentrator D. Load balancer
C. VPN concentrator
A network administrator is implementing a wireless honeypot to detect wireless breach attempts. The honeypot must implement weak encryption to lure malicious users into easily breaking into the network. Which of the following should the network administrator implement on the WAP? A. WPA B. WPA2 C. WEP D. VPN
C. WEP
Which of the following does Kerberos provide? A. Non-repudiation B. Accounting C. Exchange D. Authentication
D. Authentication
Which of the following is the most secure way to prevent malicious changes to a firewall? A. SNMPv2 access only B. TELNET access only C. SSH access only D. Console access only
D. Console access only
Which of the following attacks would allow an intruder to do port mapping on a company's internal server from a separate company server on the Internet? A. SYN flood B. Teardrop C. Smurf D. FTP Bounce
D. FTP Bounce *FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request.*
Which of the following security methods is used to attract users attempting to gain unauthorized access to various systems within a single network? A. Network based IDS B. Firewall C. Network based IPS D. Honeynet
D. Honeynet
Which of the following security appliances are used to only identify traffic on individual systems? A. Host based IPS B. Application based IPS C. Network based IDS D. Host based IDS
D. Host based IDS *INDIVIDUAL SYSTEMS!*
The security administrator needs to restrict specific devices from connecting to certain WAPs. What security measure would best fulfill this need?
MAC address filtering