Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security + 401 > 1-50 > Flashcards

1-50 Flashcards

1
Q

Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall.
Which of the following should Sara configure?

A

PAT (Port Address Translation)

Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following devices is MOST likely being used when processing the following?

1 PERMIT IP ANY ANY EQ 80
2 DENY IP ANY ANY

A

Firewall

Firewalls, routers, and even switches can use ACLs as a method of security management. An access control list has a deny ip any any implicitly at the end of any access control list. ACLs deny by default and allow by exception.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The security administrator at ABC company received the following log information from an external party:

10: 45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10: 45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10: 45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan

The external party is reporting attacks coming from abc-company.com.

Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack?

A

ABC company uses PAT.

PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port number assignment. The log information shows the IP address, not the port number, making it impossible to pin point the exact source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic?

A

C. Firewall

IP tables are a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model?

A

B. Stateful Firewall

Stateful inspections occur at all levels of the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data should be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged.

Which of the following would BEST meet the CISO’s requirements?

A

C. Firewalls

The basic purpose of a firewall is to isolate one network from another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following network design elements allows for many internal devices to share one public IP address?

A

B. PAT

Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is the best practice when securing a switch from physical access?

A

D. Disable unused ports

Disabling unused switch ports is a simple method many network administrators use to help secure their network from unauthorized access.
All ports not in use should be disabled. Otherwise, they present an open door for an attacker to enter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website?

A

B. Load balancer

Load balancing refers to shifting a load from one device to another. A load balancer can be implemented as a software or hardware solution, and it is usually associated with a device—a router, a firewall, NAT appliance, and so on. In its most common implementation, a load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Pete, the system administrator, wishes to monitor and limit users’ access to external websites.

Which of the following would BEST address this?

A

D. Install a proxy server

A proxy is a device that acts on behalf of other(s). In the interest of security, all internal user interaction with the Internet should be controlled through a proxy server. The proxy server should automatically block known malicious sites. The proxy server should cache often-accessed sites to improve performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Mike, a network administrator, has been asked to passively monitor network traffic to the company’s sales websites.

Which of the following would be BEST suited for this task?

A

C. NIPS

Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?

A

A. HIPS on each virtual machine

Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Pete, a security administrator, has observed repeated attempts to break into the network.

Which of the following is designed to stop an intrusion on the network?

A

A. NIPS

Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An administrator is looking to implement a security device which will be able not only to detect network intrusions at the organization level, but also help to defend against them.

Which of the following is being described here?

A

B. NIPS

Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization?

A

B. Administrator

The administrator is the person responsible for setting the security policy for an organization and is responsible for making decisions about the deployment and configuration of the IDS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When performing the daily review of the system vulnerability scans of the network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability.

Which of the following is the type of vulnerability described?

A

C. Signature based

A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and accurately detect any event from its database of signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies.

Which of the following types of IDS has been deployed?

A

A. Signature Based IDS

A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network.

Which of the following types of technologies will BEST address this scenario?

A

B. Anomaly Based IDS

Anomaly-based detection watches the ongoing activity in the environment and looks for abnormal occurrences. An anomaly-based monitoring or detection method relies on definitions of all valid forms of activity. This database of known valid activity allows the tool to detect any and all anomalies. Anomaly-based detection is commonly used for protocols. Because all the valid and legal forms of a protocol are known and can be defined, any variations from those known valid constructions are seen as anomalies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Matt, an administrator, notices a flood fragmented packet and retransmits from an email server.
After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again.

Which of the following utilities was he MOST likely using to view this issue?

A

B. Protocol Analyzer

A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as a sniffer, a protocol analyzer can be a dedicated hardware device or software installed onto a typical host system. In either case, a protocol analyzer is first a packet capturing tool that can collect network traffic and store it in memory or onto a storage device. Once a packet is captured, it can be analyzed either with complex automated tools and scripts or manually.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which the following flags are used to establish a TCP connection? (Choose two.)

A

B. ACK
C. SYN

To establish a TCP connection, the three-way (or 3-step) handshake occurs:

21
Q

Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?

A

B. URL filter

The question asks how to prevent access to peer-to-peer file sharing websites. You access a website by browsing to a URL using a Web browser or peer-to-peer file sharing client software. A URL filter is used to block URLs (websites) to prevent users accessing the website.

22
Q

Pete, the system administrator, wants to restrict access to advertisements, games, and gambling websites.
Which of the following devices would BEST achieve this goal?

A

C. URL content filter

URL filtering, also known as web filtering, is the act of blocking access to a site based on all or part of the URL used to request access. URL filtering can focus on all or part of a fully qualified domain name (FQDN), specific path names, specific filenames, specific file extensions, or entire specific URLs. Many URL-filtering tools can obtain updated master URL block lists from vendors as well as allow administrators to add or remove URLs from a custom list.

23
Q

The administrator receives a call from an employee named Joe. Joe says the Internet is down and he is receiving a blank page when typing to connect to a popular sports website. The administrator asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then says that he can get to the sports site on this phone.

Which of the following might the administrator need to configure?

A

D. The default block page on the URL filter

A URL filter is used to block access to a site based on all or part of a URL. There are a number of URL-filtering tools that can acquire updated master URL block lists from vendors, as well as allow administrators to add or remove URLs from a custom list.

24
Q

Layer 7 devices used to prevent specific types of html tags are called:

A

B. Content filters

A content filter is a type of software designed to restrict or control the content a reader is authorized to access, particularly when used to limit material delivered over the Internet via the Web, e-mail, or other means. Because the user and the OSI layer interact directly with the content filter, it operates at Layer 7 of the OSI model.

25
Q

Pete, an employee, attempts to visit a popular social networking site but it is blocked. Instead, a page is displayed notifying him that this site cannot be visited.
Which of the following is MOST likely blocking Pete’s access to this site?

A

A. Internet content filter

Web filtering software is designed to restrict or control the content a reader is authorized to access, especially when utilized to restrict material delivered over the Internet via the Web, e-mail, or other means.

26
Q

A review of the company’s network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network.

Which of the following is suited for this purpose?

A

C. UTM

An all-in-one appliance, also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW), is one that provides a good foundation for security. A variety is available; those that you should be familiar with for the exam fall under the categories of providing URL filtering, content inspection, or malware inspection.
Malware inspection is the use of a malware scanner to detect unwanted software content in network traffic. If malware is detected, it can be blocked or logged and/or trigger an alert.

27
Q

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?

A

A. WAF

A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rulesto an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

As the protocols used to access a web server (typically HTTP and HTTPS) run in layer 7 of the OSI model, then web application firewall (WAF) is the correct answer.

28
Q

Which of the following should the security administrator implement to limit web traffic based on country of origin? (Choose three.)

A

D. Proxies
E. Firewall
G. URL filtering

A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.
Firewalls manage traffic using a rule or a set of rules.

A URL is a reference to a resource that specifies the location of the resource. A URL filter is used to block access to a site based on all or part of a URL.

29
Q 
A security engineer is reviewing log data and sees the output below:
POST: /payload.php HTTP/1.1 
HOST: localhost
Accept: */*
Referrer: http://localhost/ 
*******
HTTP/1.1 403 Forbidden 
Connection: close
Log: Access denied with 403. Pattern matches form bypass.

Which of the following technologies was MOST likely being used to generate this log?

A

B. Web application firewall

A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. It’s intended to be an application-specific firewall to prevent cross-site scripting, SQL injection, and other web application attacks.

30
Q

An administrator would like to review the effectiveness of existing security in the enterprise.

Which of the following would be the BEST place to start?

A

C. Implement an intrusion prevention system

The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

31
Q

A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration.

Which of the following should be implemented to secure the devices without risking availability?

A

B. IDS

IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack’s content.

32
Q

Which of the following firewall rules only denies DNS zone transfers?

A

C. deny tcp any any port 53

DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers.

33
Q

A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic.

Which of the following would accomplish this task?

A

D. Deny UDP port 69

34
Q

A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic.

Which of the following would accomplish this task?

A

D. Deny UDP port 69

Trivial File Transfer Protocol (TFTP) is a simple file-exchange protocol that doesn’t require authentication. It operates on UDP port 69.

35
Q

Sara, a security technician, has received notice that a vendor coming in for a presentation will require access to a server outside of the network. Currently, users are only able to access remote sites through a VPN connection.

How could Sara BEST accommodate the vendor?

A

D. Write a firewall rule to allow the vendor to have access to the remote site

Firewall rules are used to define what traffic is able pass between the firewall and the internal network. Firewall rules block the connection, allow the connection, or allow the connection only if it is secured. Firewall rules can be applied to inbound traffic or outbound traffic and any type of network.

36
Q

A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center.

Which of the following should be recommended to isolate the VMs from one another?

A

C. Virtual switches with VLANs

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments.

37
Q

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks.

Which of the following is MOST likely the reason for the sub-interfaces?

A

B. The switch has several VLANs configured on it

A subinterface is a division of one physical interface into multiple logical interfaces. Routers commonly employ subinterfaces for a variety of purposes, most common of these are for routing traffic between VLANs. Also, IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.

38
Q

Joe, a technician at the local power plant, notices that several turbines had ramped up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors.

Which of the following actions should Joe recommend?

A

A. Create a VLAN for the SCADA

VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. This can be accomplished by not defining a route between different VLANs or by specifying a deny filter between certain VLANs (or certain members of a VLAN). Any network segment that doesn’t need to communicate with another in order to accomplish a work task/function shouldn’t be able to do so.

39
Q

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site.

Which of the following would need to be implemented?

A

D. Access control lists

Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.

40
Q

Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor.

Which of the following would he implement to BEST address this requirement? (Choose two.)

A

A. Virtual switch
F. VLAN

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. A virtual switch is a software application that allows communication between virtual machines. A combination of the two would best satisfy the question.

41
Q

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application’s task.

Which of the following is the security administrator practicing in this example?

A

C. Access control lists

Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.

42
Q

An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line.

Which of the following should be configured to prevent unauthorized devices from connecting to the network?

A

D. Implement port security on the switches

The physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port.

43
Q

At an organization, unauthorized users have been accessing network resources via unused network wall jacks.
Which of the following would be used to stop unauthorized access?

A

C. Configure port security

Port security in IT can mean several things. It can mean the physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port.

44
Q

On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages.

Which of the following is the MOST likely cause for this issue?

A

D. The Remote Authentication Dial-In User Service server certificate has expired.

The question states that the network uses 802.1x with PEAP. The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS). A RADIUS server will be configured with a digital certificate. When a digital certificate is created, an expiration period is configured by the Certificate Authority (CA). The expiration period is commonly one or two years.
The question states that no configuration changes have been made so it’s likely that the certificate has expired.

45
Q

A company determines a need for additional protection from rogue devices plugging into physical ports around the building.

Which of the following provides the highest degree of protection from unauthorized wired network access?

A

D. 802.1x

IEEE 802.1x is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols and provides an authentication mechanism to wireless devices connecting to a LAN or WLAN.

46
Q

While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources.

Which of the following should the administrator implement to ensure this happens?

A

D. 802.1x

802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection-management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS+), and Network Access Control (NAC).

47
Q

A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface.

PERMIT TCP ANY ANY 80
PERMIT TCP ANY ANY 443

Which of the following rules would accomplish this task? (Choose two.)

A

A. Change the firewall default settings os that it implements an implicit deny

F. Add the following ACL at the bottom of the current ALCDENY IP ANY ANY 53

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.

DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers. These are zone file exchanges between DNS servers, special manual queries, or used when a response exceeds 512 bytes. UDP port 53 is used for most typical DNS queries.

48
Q

Users are unable to connect to the web server at IP 192.168.0.20.

Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?

PERMIT TCP ANY HOST 192.168.0.10 EQ 80
PERMIT TCP ANY HOST 192.168.0.10 EQ 443

A

D. It implements an implicit deny

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.

49
Q

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission.

Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?

A

B. Implicit deny on the payroll folder for the staff group

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.

Security + 401 (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions