1400 Flashcards
Which of the following cannot be used along with fencing as a security perimeter? A. vapor barrier B. rotating spikes C. roller barrier D. anti-climb pain
A. vapor barrier
A __________ can be used to secure a mobile device. A. cable lock B. mobile chain C. security tab D. mobile connector
A. cable lock
Which of the following is not used to secure a desktop computer? A. data encryption B. screen locking C. remote wipe/sanitation D. strong passwords
C. remote wipe/sanitation
Which is the first step in securing an operating system? A. implement patch management B. configure operation system security and settings C. perform host software baselining D. develop the security policy
D. develop the security policy
A typical configuration baseline would include each of the following except __________. A. changing any default settings that are insecure B. eliminating any unnecessary software C. enabling operating system security features D. performing a security risk assessment
D. performing a security risk assessment
Which of the following is NOT a Microsoft Windows setting that can be configured through a security template? A. account policies B. user rights C. keyboard mapping D. system services
C. keyboard mapping
__________ allows for a single configuration to be set and then deployed to many or all users. A. group policy B. active directory C. snap-in replication (SIR) D. command configuration
A. group policy
A __________ addresses a specific customer situation and often may not be distributed outside that customer’s organization. A. rollup B. service pack C. patch D. hotfix
D. hotfix
Which of the following is NOT an advantage to an automated patch update service? A. Administrators can approve or decline updates for client systems - force updates to install by a specific date - and obtain reports on what updates each computer needs B. Downloading patches from a local server instead of using the vendor’s online update service can save bandwidth and time because each computer does not have to connect to an external server C. users can disable or circumvent updates just as they can if their computer is configured to use the vendor’s online update service. D. Specific types of updates that the organization does not test - such as hotfixes - can be automatically installed whenever they become available.
C. users can disable or circumvent updates just as they can if their computer is configured to use the vendor’s online update service.
Each of the following is a type of matching used by anti-virus software except __________. A. string scanning B. wildcard scanning C. match scanning D. mismatch scanning
C. match scanning
How does heuristic detection detect a virus? A. a virtualized environment is created and the code is executed in it B. A string of bytes from the virus is compared against the suspected file C. The bytes from the virus are placed in different “piles” and then used to create a profile D. The virus signature file is placed in a suspended chamber before streaming to the CPU
A. a virtualized environment is created and the code is executed in it
A cross-site request forgery (XSRF) __________. A. is used to inherit the identity and privileges of the victim B. is identical to cross-site scripting (XSS) C. cannot be blocked D. can only be used with a Web-based e-mail client
A. is used to inherit the identity and privileges of the victim
Which of the following is a list of approved e-mail senders? A. whitelist B. blacklist C. greylist D. greenlist
A. whitelist
A(n) __________ can provide details regarding requests for specific files on a system. A. audit log B. access log C. report log D. file log
B. access log
Errors that occur while an application is running are called __________. A. exceptions B. faults C. liabilities D. conventions
A. exceptions
Which is the preferred means of trapping user input for errors? A. Input validation B. On-trap input C. escaping D. Fuzz testing
C. escaping
Each of the following is true about data loss prevents (DLP) except __________. A. it can only protect data in use B. it can scan data on a DVD C. it can read inside compressed files D. a policy violation can generate a report or block the data
A. it can only protect data in use
Network hardware that provides multiple security functions.
All-In-One Network Security Appliance
A monitoring technique used by an IDS that creates a baseline of normal activities and compares actions against the baseline. Whenever a significant deviation from this baseline occurs - an alarm is raised.
Anomaly-Based Monitoring
A monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it.
Behavior-Based Monitoring
A separate network that rests outside the secure network perimeter; untrusted outside users can access the DMZ but cannot enter the secure network.
Demilitarized Zone (DMZ)
A monitoring technique used by an IDS that uses an algorithm to determine if a threat exists.
Heuristic Monitoring
A software-based application that runs on a local host computer that can detect an attack as it occurs.
Host Intrusion Detection System (HIDS)
A device designed to be active security; it can detect an attack as it occurs.
Intrusion Detection System (IDS)
A device that can direct requests to different servers based on a variety of factors - such as the number of server connections - the server’s processor utilization - and overall performance of the server.
Load Balancer
A technique that examines the current state of a system or network device before it is allowed to connect to the network.
Network Access Control (NAC)
A technique that allows private IP addresses to be used on the public Internet.
Network Address Translation (NAT)
A technology that watches for attacks on the network and reports back to a central device.
Network Intrusion Detection System (NIDS)
A technology that monitors network traffic immediately react to block a malicious attack.
Network Intrusion Prevention System (NIPS)
A computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user.
Proxy Server
Any combination of hardware and software that enables remote users to access a local internal network.
Remote Access
A computer or an application program that routes incoming request to the correct server.
Reverse Proxy
A device that can forward packets across computer networks.
Router
A monitoring technique used by an IDS that examines network traffic to look for well-known patterns and compares the activities against a predefined signature.
Signature-Based Monitoring
A technique that uses IP addresses to divide a network into network - subnet - and host.
Subnetting (Subnet Addressing)
A device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices.
Switch
A technology that allows scattered users to be logically grouped together even though they may be attached to different switches.
Virtual LAN (VLAN)
A technology to use an unsecured public network - such as the Internet - like a secure private network.
Virtual Private Network (VPN)
A device that aggregates hundreds or thousands of VPN connections.
VPN Concentrator
A special type of firewall that looks more deeply into packets that carry HTTP traffic.
Web Application Firewall
A device that can block malicious content in “real time” as it appears (without first knowing the URL of a dangerous site).
Web Security Gateway
ISO stands for the __________.
International Organization for Standardization
OSI stands for the __________.
Open Systems Interconnection
Which of the following is true about subnetting? A. it requires the use of a Class B network B. it divides the network IP address on the boundaries between bytes C. it provides very limited security provisions D. it is also called subnet addressing
D. it is also called subnet addressing
A virtual LAN (VLAN) allows devices to be grouped __________. A. based on subnets B. logically C. directly to hubs D. only around core switches
B. logically
Which of the following devices is easier for an attacker to take advantage of to capture and analyze packets? A. hub B. switch C. router D. load balancer
A. hub
Which of the following is not an attack against a switch? A. MAC flooding B. ARP address impersonation C. ARP poisoning D. MAC address impersonation
B. ARP address impersonation
Which of the following is not true regarding a demilitarized zone (DMZ)? A. it provides an extra degree of security B. it typically includes an e-mail or Web server C. it can be configured to have one or two firewalls D. it contains servers that are used only by internal network user
D. it contains servers that are used only by internal network users
Which of the following is true about network address translation (NAT)? A. it substitutes MAC addresses for IP addresses B. it removes private addresses when the packet leaves the network C. it can be found only on core routers D. it can be stateful or stateless
B. it removes private addresses when the packet leaves the network
Which of the following is not an advantage of a load balancer? A. the risk of overloading a desktop client is reduced B. network hosts can benefit from having optimized bandwidth C. network downtime can be reduced D. DoS attacks can be detected and stopped
A. the risk of overloading a desktop client is reduced
Which of the following is another name for a packet filter? A. proxy server B. reverse proxy server C. DMZ D. firewall
D. firewall
A __________ firewall allows the administrator to create sets of related parameters that together define one aspect of the device’s operation. C. proxy server A. content filter B. host detection server C. proxy server
D. settings-based
A(n) __________ intercepts an internal user request and then processes that request on behalf of the user. A. content filter B. host detection server C. proxy server D. intrusion prevention device
C. proxy server
A reverse proxy __________. A. only handles outgoing requests B. is the same as a proxy server C. must be used together with a firewall D. routes incoming requests to the correct server
D. routes incoming requests to the correct server
Which is the preferred location for a spam filter? A. install the spam filter with the SMTP server B. install the spam filter on the POP3 server C. install the spam filter on the proxy server D. install the spam filter on the local host client
A. install the spam filter with the SMTP server
A __________ watches for attacks and sounds an alert only when one occurs. A. network intrusion prevention system (NIPS) B. proxy intrusion device C. network intrusion detection systems (NIDS) D. firewall
C. network intrusion detection system (NIDS)
A multipurpose security device is known as a(n) __________. A. unified attack management system (UAMS) B. intrusion detection/prevention device C. all-in-one network security appliance D. proxy security system (NSS)
C. all-in-one network security appliance
Each of the following can be used to hide information about the internal network except __________. A. a protocol analyzer B. a proxy server C. network address translation (NAT) D. subnetting
A. a protocol analyzer
What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)? A. A NIPS can take actions quicker to combat an attack B. A NIDS provides more valuable information about attacks C. A NIPS is much slower because it uses protocol analysis D. There is no difference because a NIDS and a NIPS are equal
A. A NIPS can take actions quicker to combat an attack
A variation of NAT that is commonly found on home routers is ___________. A. port address translation (PAT) B. network proxy translation (NPT) C. network address IP transformation (NAIPT) D. subnet transformation (ST)
A. port address translation (PAT)
If a device is determined to have an out-of-date virus signature file - then Network Access Control (NAC) can redirect that device to a network by __________. A. a Trojan horse B. TCP/IP hijacking C. Address Resolution Protocol (ARP) poisoning D. DHCP man-in-the-middle
C. Address Resolution Protocol (ARP) poisoning
Each of the following is an option in a firewall rule except __________. A. prompt B. block C. delay D. allow
C. delay
A firewall using __________ is the most secure type of firewall. A. stateful packet filtering B. network intrusion detection system replay C. stateless packet filtering D. reverse proxy analysis
C. stateless packet filtering
A pay-per-use computing model in which customers pay only for the computing resources that they need - and the resources can be easily scaled.
Cloud Computing
A security technique to turn off ports on a network device that are not required.
Disabling Unused Ports
An unsecure TCP/IP protocol that is commonly used for transferring files.
File Transfer Protocol (FTP)
A feature that controls a device’s tolerance for unanswered service requests and helps to prevent a DoS attack.
Flood Guard
A TCP/IP protocol that uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) to encrypt commands sent over the control port (Port 21) in an FTP session.
FTP using Secure Sockets Layer (FTPS)
A standard that blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authentication server.
IEEE 802.1x
A TCP/IP protocol that is used by devices to communicate updates or error information to other devices.
Internet Control Message Protocol (ICMP)
The next generation of the IP protocol that addresses weaknesses of IPv4 and provides several significant improvements.
Internet Protocol Version 6 (IPv6)
Using a data-based IP network to add digital voice clients and new voice application onto the IP network.
IP Telephony
Preventing broadcast storms by using the IEEE 802.1d standard spanning-tree algorithm (STA).
Loop Protection
A security technique to limit the number of media access control (MAC) addresses allowed on a single port.
MAC Limiting and Filtering
The process of administration that relies on following procedural and technical rules.
Rule-Based Management
A TCP/IP protocol used mainly on UNIX and Linux devices that securely transports files by encrypting files and commands.
Secure Copy Protocol (SCP)
A secure TCP/IP protocol that is used for transporting files by encrypting and compressing all data and commands.
Secure FTP (SFTP)
A TCP/IP protocol that exchanges management information between networked devises. It allows network administrators to remotely monitor - manage - and configure devices on the network.
Simple Network Management Protocol (SNMP)
The most common protocol suite used today for local area networks (LANs) and the Internet.
Transmission Control Protocol/Internet Protocol (TCP/IP)
A means of managing and presenting computer resources by function without regard to their physical layout or location.
Virtualization
The TCP/IP architecture uses how many layers?
D. four
Which of the following would not be a valid Internet Control Message Protocol (ICMP) error message? A. Network unreachable B. Host unreachable C. router delay D. Destination Network unknown
C. router delay
Each of the following attacks uses Internet Control Message Protocol (ICMP) except __________. A. Smurf DoS attack B. ICMP Redirect attack C. Ping of Death D. ICMP poisoning
D. ICMP poisoning
Which version of Simple Network management Protocol (SNMP) is considered the most secure? A. SNMPv2 B. SNMPv3 C. SNMPv4 D. SNMPv5
B. SNMPv3
Which of the following Domain Name System (DNS) attacks substitutes a fraudulent IP address for a symbolic name? A. DNS replay B. DNS poisoning C. DNS masking D. DNS forwarding
B. DNS poisoning
Which of the following is the most secure protocol for transferring files? A. SCP B. FTPS C. SFTP D. FTP
C. SFTP
The address space in an IPv6 header is __________ bits in length. A. 32 B. 64 C. 128 D. 256
C. 128
Each of the following is a technique for securing a router except __________. A. make all configuration changes remotely B. secure all ports C. use a meaningful router name D. set a strong administrator password
A. make all configuration changes remotely
Which of the following is true regarding a flood guard? A. it is a separate hardware appliances that is located inside the DMZ B. it can be used on either local host systems or network devices C. it protects a router from password intrusion D. it prevents DoS or DDoS attacks
D. it prevents DoS or DDoS attacks
Each of the following is a type of a network security hardware log except __________. A. local host anti-virus log B. NIDS and NIPS logs C. proxy server log D. firewall log
A. local host anti-virus log
Each of the following is an entry in a firewall log that should be investigated except __________. A. IP addresses that are being rejected and dropped B. suspicious outbound connections C. IP addresses that are being rejected and dropped D. successful logins
D. successful logins
If a group of users must be separated from other users - which is the most secure network design? A. use a VLAN B. connect them to different switches and routers C. use a subnet mask D. it is impossible to separate users on a network
B. connect them to different switches and routers
Why is loop protection necessary? A. it denies attackers from launching DDoS attacks B. it prevents a broadcast storm that can cripple a network C. it must be installed before IEEE 802.1d can be implemented D. it makes a DMZ more secure
B. it prevents a broadcast storm that can cripple a network
What does MAC limiting and filtering do? A. it limits devices that can connect to a switch B. it prevents Address Resolution Protocol spoofing C. it provides security for a router D. it allow only approved wireless devices to connect to a network
A. it limits devices that can connect to a switch
In a network using IEEE 802.1x - a supplicant __________. A. makes a request to the authenticator B. contacts the authentication server directly C. can only be a wireless device D. must use IEEE 802.11d to connect to the network
A. makes a request to the authenticator
Which of the following is true regarding security for a computer that boots to Apple Mac OS X and then runs a Windows 7 virtual machine? A. the security of the Apple Mac OS X completely protects the Windows 7 virtual machine B. the security of the Windows 7 virtual machine completely protects the Apple Mac OS X C. the Windows 7 virtual machine needs its own security D. the hypervisor protects both the Apple Mac OS X and Windows 7 operating systems
C. the Windows 7 virtual machine needs its own security
Which of the following is not an advantage of host virtualization? A. penetration testing can be performed using a simulated network environment on a computer using multiple virtual machines B. only on copy of anti-virus software is needed C. security patches can be tested D. host operating system virtualization can be used for training purposes
B. only one copy of anti-virus software is needed
Which of the following is not a security concern of virtualized environments? A. virtual machines must be protected from both the outside world and also from other virtual machines on the same physical computer. B. virtual servers are less expensive than their physical counterparts C. live migration can immediately move one virtualized server to another hypervisor D. physical security appliances are not always designed to protect virtual systems
B. virtual servers are less expensive than their physical counterparts
__________ is adding digital voice clients and new voice applications onto the IP network. A. VoIP B. IP telephony C. TCP/IP convergence D. Voice Packet consolidation (VPC)
B. IP telephony
Which of the following is not a characteristic of cloud computing? A. limited client support B. on-demand self-service C. immediate elasticity D. metered services
A. limited client support
