101-150

Question 1

A recent vulnerability scan found that Telnet is enabled on all network devices.

Which of the following protocols should be used instead of Telnet?

Answer 1

B. SSH

SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text.

Question 2

Which of the following is BEST used as a secure replacement for TELNET?

Answer 2

D. SSH

SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text.

Question 3

A security analyst needs to logon to the console to perform maintenance on a remote server.
Which of the following protocols would provide secure access?

Answer 3

B. SSH

Secure Shell (SSH) is a tunneling protocol originally used on Unix systems. It’s now available for both Unix and Windows environments. SSH is primarily intended for interactive terminal sessions.
SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance.

Question 4

A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files.
Which of the following protocols could be utilized? (Choose two.)

Answer 4

C. SCP
E. SSH

SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance.

Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP). SCP is commonly used on Linux and Unix platforms.

Question 5

A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off.

Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services?

Answer 5

A. BIND server

BIND (Berkeley Internet Name Domain) is the most widely used Domain Name System (DNS) software on the Internet. It includes the DNS server component contracted for name daemon. This is the only option that directly involves DNS.

Question 6

When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com.

Which of the following BEST describes this type of record?

Answer 6

D. IPv6 DNS record

The AAAA Address record links a FQDN to an IPv6 address.

Question 7

Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?

Answer 7

C. Secure zone transfers

A primary DNS server has the “master copy” of a zone, and secondary DNS servers keep copies of the zone for redundancy. When changes are made to zone data on the primary DNS server, these changes must be distributed to the secondary DNS servers for the zone. This is done through zone transfers. If you allow zone transfers to any server, all the resource records in the zone are viewable by any host that can contact your DNS server. Thus, you will need to secure the zone transfers to stop an attacker from mapping out your addresses and devices on your network.

Question 8

A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner.

Which of the following protocol would be MOST appropriate?

Answer 8

D. TLS

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key. The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.

Question 9

Which of the following protocols is used to authenticate the client and server’s digital certificate?

Answer 9

C. TLS

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key.

Question 10

An administrator configures all wireless access points to make use of a new network certificate authority.

Which of the following is being used?

Answer 10

C. EAP-TLS

The majority of the EAP-TLS implementations require client-side X.509 certificates without giving the option to disable the requirement.

Question 11

An achievement in providing worldwide Internet security was the signing of certificates associated with which of the following protocols?

Answer 11

B. SSL

SSL (Secure Sockets Layer) is used for establishing an encrypted link between two computers, typically a web server and a browser. SSL is used to enable sensitive information such as login credentials and credit card numbers to be transmitted securely.

Question 12

Which of the following is the MOST secure protocol to transfer files?

Answer 12

B. FTPS

FTPS refers to FTP Secure, or FTP SSL. It is a secure variation of File Transfer Protocol (FTP).

Question 13

Which of the following TCP ports uses FTP/S by default?

Answer 13

D. 989 and 990

FTPS uses ports 989 and 990.

Question 14

Which of the following protocols allows for secure transfer of files? (Choose two.)

Answer 14

C. SFTP
D. SCP

Standard FTP is a protocol often used to move files between one system and another either over the Internet or within private networks. SFTP is a secured alternative to standard FTP.
Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP).

Question 15

After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely.

Which of the following is the MOST likely reason the PC technician is unable to ping those devices?

Answer 15

A. ICMP is being blocked

ICMP is a protocol that is commonly used by tools such as ping, traceroute, and pathping. ICMP offers no information If ICMP request queries go unanswered, or ICMP replies are lost or blocked.

Question 16

A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension.

Which of the following protocols should be used in this scenario?

Answer 16

C. IPv6

IPSec security is built into IPv6

Question 17

A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68.

Which of the following replies has the administrator received?

Answer 17

D. IPv6 address

IPv6 addresses are 128-bits in length. An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). The hexadecimal digits are case-insensitive, but IETF recommendations suggest the use of lower case letters. The full representation of eight 4-digit groups may be simplified by several techniques, eliminating parts of the representation.

Question 18

Which of the following protocols is used by IPv6 for MAC address resolution?

Answer 18

A. NDP

The Neighbor Discovery Protocol (NDP) is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6).

Question 19

Which of the following protocols allows for the LARGEST address space?

Answer 19

C. IPv6

The main advantage of IPv6 over IPv4 is its larger address space. The length of an IPv6 address is 128 bits, compared with 32 bits in IPv4.

Question 20

Pete, a network administrator, is implementing IPv6 in the DMZ.

Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?

Answer 20

B. TCP port 80 and TCP port 443

HTTP and HTTPS, which use TCP port 80 and TCP port 443 respectively, are necessary for Communicating with Web servers. They should therefore be allowed through the firewall.

Question 21

Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?

Answer 21

D. 22/TCP

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Question 22

A network administrator is asked to send a large file containing PII to a business associate.

Which of the following protocols is the BEST choice to use?

Answer 22

B. SFTP

SFTP encrypts authentication and data traffic between the client and server by making use of SSH to provide secure FTP communications. As a result, SFTP offers protection for both the authentication traffic and the data transfer taking place between a client and server.

Question 23

Which of the following is a difference between TFTP and FTP?

Answer 23

D. TFTP utilizes UDP and FTP uses TCP

FTP employs TCP ports 20 and 21 to establish and maintain client-to-server communications, whereas TFTP makes use of UDP port 69.

Question 24

Which of the following is the default port for TFTP?

Answer 24

B. 69

TFTP makes use of UDP port 69.

Question 25

A network consists of various remote sites that connect back to two main locations. Pete, the security administrator, needs to block TELNET access into the network.

Which of the following, by default, would be the BEST choice to accomplish this goal?

Answer 25

B. Block port 23 on the network firewall

Telnet is a terminal-emulation network application that supports remote connectivity for executing commands and running applications but doesn’t support transfer of files. Telnet uses TCP port 23. Because it’s a clear text protocol and service, it should be avoided and replaced with SSH.

Question 26

A security analyst noticed a colleague typing the following command:

`Telnet some-host 443’

Which of the following was the colleague performing?

Answer 26

B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

B: The Telnet program parameters are: telnet

is the name or IP address of the remote server to connect to.

is the port number of the service to use for the connection.

TCP port 443 provides the HTTPS (used for secure web connections) service; it is the default SSL port. By running the Telnet some-host 443 command, the security analyst is checking that routing is done properly and not blocked by a firewall.

Question 27

A malicious program modified entries in the LMHOSTS file of an infected system.

Which of the following protocols would have been affected by this?

Answer 27

C. NetBIOS

The LMHOSTS file provides a NetBIOS name resolution method that can be used for small networks that do not use a WINS server. NetBIOS has been adapted to run on top of TCP/IP, and is still extensively used for name resolution and registration in Windows-based environments.

Question 28

SEE QUESTION 128 FOR DIAGRAM

Answer 28

FTP port 21
Telnet port 23
SMTP port 25
SNMP port 161
SCP port 22
TFTP port 69

Question 29

An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389.

Which of the following authentication services should be used on this port by default?

Answer 29

D. LDAP

LDAP makes use of port 389.

Question 30

A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443.

Which of the following correctly lists the protocols blocked and allowed?

Answer 30

B. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS

The question states that traffic on port 21, 69, 80, and 137-139 is blocked, while ports 22 and 443 are allowed.

Port 21 is used for FTP by default. 
Port 69 is used for TFTP.
Port 80 is used for HTTP.
Ports 137-139 are used for NetBIOS. 
VMM uses SFTP over default port 22. 
Port 22 is used for SSH by default. 
SCP runs over TCP port 22 by default. 
Port 443 is used for HTTPS.

Question 31

A company has implemented PPTP as a VPN solution.

Which of the following ports would need to be opened on the firewall in order for this VPN to function properly? (Choose two.)

Answer 31

C. TCP 1723
D. UDP 47

A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a second GRE tunnel to the same peer. The PPTP GRE packet format is non-standard, including an additional acknowledgement field replacing the typical routing field in the GRE header. However, as in a normal GRE connection, those modified GRE packets are directly encapsulated into IP packets, and seen as IP protocol number 47.

Question 32

After a new firewall has been installed, devices cannot obtain a new IP address.

Which of the following ports should Matt, the security administrator, open on the firewall?

Answer 32

B. 68

The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for distributing IP addresses for interfaces and services. DHCP makes use of port 68.

Question 33

A security administrator has configured FTP in passive mode.

Which of the following ports should the security administrator allow on the firewall by default?

Answer 33

B. 21

When establishing an FTP session, clients start a connection to an FTP server that listens on TCP port 21 by default.

Question 34

Which of the following ports is used for SSH, by default?

Answer 34

D. 22

Secure Shell (SSH) is a cryptographic network protocol for securing data communication. It establishes a secure channel over an insecure network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login, remote command execution, but any network service can be secured with SSH. SSH uses port 22.

Question 35

Which of the following uses TCP port 22 by default? (Choose three.)

Answer 35

D. SCP
G. SSH
H. SFTP

G: Secure Shell (SSH) is a cryptographic network protocol for securing data communication. It establishes a secure channel over an insecure network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login, remote command execution, but any network service can be secured with SSH. SSH uses port 22.

D: SCP stands for Secure Copy. SCP is used to securely copy files over a network. SCP uses SSH to secure the connection and therefore uses port 22.

H: SFTP stands for Secure File Transfer Protocol and is used for transferring files using FTP over a secure network connection. SFTP uses SSH to secure the connection and therefore uses port 22.

Question 36

Pete needs to open ports on the firewall to allow for secure transmission of files.

Which of the following ports should be opened on the firewall?

Answer 36

C. TCP 22

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP). Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP).

Question 37

Which of the following uses port 22 by default? (Choose three.)

Answer 37

A. SSH
D. SFTP
E. SCP

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Question 38

Which of the following ports should be used by a system administrator to securely manage a remote server?

Answer 38

A. 22

Secure Shell (SSH) is a more secure replacement for Telnet, rlogon, rsh, and rcp. SSH can be called a remote access or remote terminal solution. SSH offers a means by which a command- line, text-only interface connection with a server, router, switch, or similar device can be established over any distance. SSH makes use of TCP port 22.

Question 39

Which of the following ports is used to securely transfer files between remote UNIX systems?

Answer 39

B. 22

SCP copies files securely between hosts on a network. It uses SSH for data transfer, and uses the same authentication and provides the same security as SSH. Unlike RCP, SCP will ask for passwords or passphrases if they are needed for authentication.
SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Question 40

Which of the following secure file transfer methods uses port 22 by default?

Answer 40

B. SFTP

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Question 41

During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53.

Which of the following protocol types is observed in this traffic?

Answer 41

B. DNS

DNS (Domain Name System) uses port 53.

Question 42

A security technician needs to open ports on a firewall to allow for domain name resolution.

Which of the following ports should be opened? (Choose two.)

Answer 42

C. TCP 53
E. UDP 53

DNS uses TCP and UDP port 53. TCP port 53 is used for zone transfers, whereas UDP port 53 is used for queries.

Question 43

A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses.

Which of the following ports may have been closed to cause this issue?

Answer 43

C. DNS

DNS links IP addresses and human-friendly fully qualified domain names (FQDNs), which are made up of the Top-level domain (TLD), the registered domain name, and the Subdomain or hostname.

Therefore, if the DNS ports are blocked websites will not be reachable.

Question 44

Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?

Answer 44

C. 80

Port 80 is used by HTTP, which is the foundation of data communication for the World Wide Web.

Question 45

A technician is unable to manage a remote server.

Which of the following ports should be opened on the firewall for remote server management? (Choose two.)

Answer 45

A. 22
F. 3389

A secure remote administration solution and Remote Desktop protocol is required.

Secure Shell (SSH) is a secure remote administration solution and makes use of TCP port 22.

Remote Desktop Protocol (RDP) uses TCP port 3389.

Question 46

Ann, a technician, is attempting to establish a remote terminal session to an end user’s computer using Kerberos authentication, but she cannot connect to the destination machine.

Which of the following default ports should Ann ensure is open?

Answer 46

D. 3389

Remote Desktop Protocol (RDP) uses TCP port 3389.

Question 47

Which of the following protocols operates at the HIGHEST level of the OSI model?

Answer 47

C. SCP

SCP (Secure Copy) uses SSH (Secure Shell). SSH runs in the application layer (layer 7) of the OSI model.

Question 48

Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation?

Answer 48

A. Implement WPA

Of the options supplied, WiFi Protected Access (WPA) is the most secure and is the replacement for WEP.

Question 49

A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key.

Which of the following attacks is taking place?

Answer 49

C. WPA cracking

There are three steps to penetrating a WPA-protected network:
Sniffing
Parsing
Attacking

Question 50

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

Answer 50

D. Install a digital certificate on the authentication server

See question 150 for explanation