Networking Ch 9, 10, 6
A(n) ________ can detect a hacker's attempt to flood a network with traffic and prevent that traffic from reaching the network.
IPS
Which protocol is a single sign-on authentication method?
Kerberos
A(n) __________ is a malicious program designed to start when certain conditions are met.
Logic bomb
The Data Link layer contains which two sublayers?
Logical Link Control sublayer and Media Access Control sublayer
A _________ attack involves an individual who redirects secure transmissions as they occur.
Man-in-the-middle
Government employees are assigned security clearances. These employees require access to resources classified as top secret, secret and confidential. Which authorization method should be implemented to create a secure computing environment?
Mandatory Access Control
Which access control method uses data classifications and security clearances?
Mandatory Access Control
_________ is a penetration testing tool which combines known scanning and exploit techniques to explore potentially new attack routes.
Metasploit
Your company's WAN recently experienced a disabling DDoS attack. Which device can detect suspicious traffic patterns including a denial-of-service attack and protect your corporate network in the future?
NIPS
Which virus combines polymorphism and stealth techniques to create a very destructive virus?
Natas
You are part of a team participating in a posture assessment of your company's WAN. Which tools will provide you with crucial information regarding your network's vulnerabilities? (Choose two.)
Nmap and Nessus
Which firewall controls network access by examining the header of each packet to determine whether the packet is authorized to continue to its destination?
Packet-filtering firewall
Which DoS attack damages a device's firmware beyond repair?
PdoS
_________ is an electronic communication that appears to come from a legitimate person or organization and requests access or authentication information.
Phishing
_________ malware changes its characteristics - such as the arrangement of its bytes, size, and internal instructions - making it harder to identify.
Polymorphic
_________ requires the authentication server to verify a client's legitimacy before the switch or access port is opened to the client's Layer 3 traffic.
Port Authentication
_________ software searches nodes for open ports.
Port scanning
Which server acts as an intermediary between an external network (such as Internet) and an organization's internal (private) network?
Proxy server
Your company recently hired multiple new employees. As network administrator, you must create user groups for these new employees based on the jobs they perform. Which authorization method should you use?
Role-based access control
_________ systems are used to evaluate data generated and stored in logs by intrusion detection systems, intrusion prevention systems, firewalls and proxy servers.
SIEM
Company employees are often required to remember multiple passwords during the performance of their daily jobs. This situation can quickly inundate the help desk with calls regarding forgotten passwords. Which authentication form should you implement to solve this problem?
SSO
A unique characteristic of the 802.11 data frame is its _________ field.
Sequence Control
Malware leaves evidence of itself by announcing its ________ characteristics in the malware code.
Signature
__________ is used to prevent traffic loops on switches.
Spanning Tree Protocol
_________ is an example of proxy server software used on UNIX/Linux systems.
Squid
Select two AAA authentication services. (Choose two.)
TACACS+ and RADIUS
A SOHO wireless router typically includes packet filtering options.
TRUE
A firewall typically involves a combination of hardware and software.
TRUE
A security policy must address an organization's specific risks.
TRUE
An anti-malware policy is meant to protect the network from damage and downtime.
TRUE
Human errors, ignorance, and omissions cause more than half of all security breaches sustained by networks.
TRUE
Network security is more often compromised from the inside rather than external sources.
TRUE
Protection against harmful code involves more than just installing anti-malware software.
TRUE
Spanning Tree Protocol (STP) stipulates that only one root port - on any bridge - can forward frames to the root bridge.
TRUE
Select two innovative standards designed to replace STP. (Choose two.)
Trill and RSTP
A ________ disguises itself as something useful but actually harms your system.
Trojan horse
Which wireless security technique supports RADIUS and AES?
WPA2-Enterprise
An employee's mobile device has been lost. Which action should you take to protect company data?
Wipe the device
_________ are programs that run independently and travel between computers and across networks.
Worms
A _________ is a network of compromised computers requisitioned to participate in coordinated DDoS attacks without the owners' knowledge or consent. (Choose two.)
Zombie army, botnet
Which device inspects each incoming packet to determine whether it belongs to a currently active connection?
a stateful firewall
Which access control component logs users' network access and activities?
accounting
Which NGFW (Layer 7 firewall) feature allows a network administrator to restrict gaming traffic?
application awareness
Your company recently purchased new laptop computers. Before the laptop computers can be deployed, a barcode must be installed on them for the purpose of monitoring their movement and condition. This action is referred to as ________.
asset tracking
When a server compares a user's credentials with those in its database, the process is known as __________.
authentication
Which category of protocols are used by both RADIUS and TACACS?
authentication, authorization, and accounting
Which access control component determines what a user can and cannot do with network resources?
authorization
A ________ is a software security flaw that allows unauthorized users to gain access to the system.
backdoor
A _________ is a program that runs automatically.
bot
Which attack is a trial and error method used to decode encrypted passwords?
brute force
Your organization is expanding its campus footprint by adding a new building. Access to this building must be restricted to employees who know the access code. Which type of security should be used?
cipher lock
A _________ form is a document which ensures each employee is made aware that his/her use of company equipment and accounts can be monitored and reviewed for security purposes.
consent to monitoring
________ is the process of securing a server by applying security updates and disabling unnecessary services and protocols.
device hardening
Breaking into a password protected computer or server by systematically using every word possible is an example of a ________ attack.
dictionary
Mobile device management (MDM) is used to ________. (Choose all that apply.)
enforce password policies, encrypt data on a device, automate enrollment
The _________ utility is a Windows console used to administer or modify local group policies.
gpedit.msc
Multiple honeypots can be connected to form a __________.
honeynet
As network administrator, you decide to track malicious activity by placing a decoy in the DMZ. Which solution would best serve your purpose?
honeypot
Which software enables a computer to act as a packet-filtering firewall for Linux systems?
iptables
You have been asked to check user access privileges to highly secure company documents. You notice that several contractors possess full control privileges to these files. Which security policy should have been implemented?
least privilege
Which authentication process requires two or more pieces of information?
multifactor
In _________ both computers verify the credentials of the other.
mutual authentication
Simple packet-filtering firewalls operate at the _________ layer of the OSI model.
network
As an IT employee, you recently updated your company's network software and hardened the company computers. Your next step is to examine the network for vulnerabilities. Which process should you use?
penetration testing
Which software agent types are used to monitor network devices for verification of compliance with security benchmarks? (Choose two.)
persistent, dissolvable
When an attacker uses faked ARP replies to alter ARP tables, the attack is called ARP ________.
poisoning
Which technique is used by an NIDS to monitor traffic carried by a switch?
port mirroring
A _________ is a thorough examination of each aspect of the network to determine how it might be compromised.
posture assessment
When Kelly turned on her computer, she noticed a message indicating that her files had been encrypted. The document also included payment instructions that would result in the decryption of her files. Which type of malware is involved in this attack?
ransomware
Which device uses logical addressing information to direct data between two or more networks?
router
A _________ identifies an organization's security goals and risks.
security policy
Which access control device electronically time stamps and logs entry into a building?
smart card
Which virus disguises itself as a legitimate program to prevent detection?
stealth
In Kerberos terminology, a temporary set of credentials used by a client to prove that its identity has been validated by the authentication service is known as a _____________.
ticket
You arrive at the office several hours early (5:00 am) to work on a critical project. You are unable to logon to the network to access your files. Which logon restriction might cause this problem?
time of day
Which logon restriction would be most effective against a hacker using brute force to access a network?
unsuccessful logon attempts
As a network administrator, you are required to monitor physical activity in the company's secure data areas. Which detection method should you implement?
video surveillance
As an IT employee, you discover an unknown weakness in the security system that could lead to unauthorized access. Which weakness have you found?
vulnerability
Your company hired an IT security expert to perform a network penetration test on the company's private network. Which role is the IT security expert performing?
white hat hacker
You are a network administrator in charge of the company's T-3 WAN connection. The T-3 connects two regional offices including a main office and a satellite office. You decide to install a firewall to protect the main office's private network. Shortly after installation, users at the satellite office complain they cannot access a file server in the main office. Which two items should you check on the firewall? (Choose two.)
1) Has the firewall been placed in the appropriate location on the network? 2) Has the firewall been configured to allow access to IP addresses originating in the satellite office?
Which two items are combined to create a Bridge ID? (Choose two.)
1) MAC address 2) 2 byte priority field
Firewalls can accept or deny traffic based on _________. (Choose all that apply.)
1) flags set in the TCP header 2) transmissions that use ICMP protocols 3)source and destination ports 4) source and destination IP addresses
Which devices can protect your network from outside attacks? (Choose all that apply.)
1)firewall; 2)intrusion prevention system; 3)proxy server
The "any" keyword in an ACL statement is equivalent to which wildcard mask?
255.255.255.255
A SecurID key chain fob from RSA Security generates a password that changes every _________.
60 seconds
A(n) _________ is a list of statements used to filter traffic through a router, switch, or firewall interface.
ACL
A(n) ________ describes what users can and cannot do when accessing a network's resources.
Acceptable Use Policy
Which definition best describes a zero-day exploit?
An attack that takes advantage of a vulnerability before the sofware developer can provide a solution
STP selects the root bridge based on which parameter?
Bridge ID
Which technique could be used to thwart an FTP bounce attack?
Configure your firewall to deny requests to ports 20 and 21
Which device can block designated types of traffic based on application data contained within the packets?
Content-filtering firewall
Your company has redoubled its efforts to identify sensitive data on its servers. You are asked to prevent this data from being copied, downloaded, transmitted off the network or posted to cloud storage. You propose ________ as a solution.
Data Loss Prevention
A system which has been inundated with bogus requests for services and can no longer respond is experiencing a _________ attack.
Denial-of-service
Which protocol provides the framework for authenticating clients and servers, yet does not perform encryption or authentication on its own?
EAP
A Kerberos user is referred to as a client.
FALSE
A network layer firewall uses stateful packet inspection.
FALSE
A security policy should state exactly which hardware, software, architecture, or protocols will be used to ensure security.
FALSE
Host-based firewalls are placed between a private network and the Internet.
FALSE
The simplest type of firewall is a content filtering firewall.
FALSE
Which statement reflects the rules established in the ACL? ip access-group 102 in ! access-list 102 permit tcp any any eq 20 access-list 102 permit tcp any any eq 21 access-list 102 permit tcp any any eq 110 access-list 102 permit tcp any any eq 443
FTP, POP3, and HTTPS are explicitly allowed; all else are implicitly denied
