(3) Connect and Protect: Networks and Network Security Flashcards
To connect an entire city, the most effective network type would be a local area network (LAN).
True
False
False
To connect an entire city, the proper network type would be a WAN. A LAN is a network that spans a small area; a wide area network (WAN) spans a large geographical area.
A security professional wants to ensure information is being broadcast to every computer on their organization’s network. What device should they investigate?
Modem
Router
Hub
Internet
Hub
They would use a hub. A hub is a network device that broadcasts information like a radio tower.
What are some benefits of switches? Select all that apply.
They can improve network performance.
They control the flow of traffic.
They only pass data to the intended destination.
They automatically install device-protection software.
They can improve network performance.
They control the flow of traffic.
They only pass data to the intended destination.
Fill in the blank: The practice of using servers, applications, and network services that are hosted on the internet is called _____ computing.
cloud
uploadable
connected
website
cloud
The practice of using servers, applications, and network services that are hosted on the internet is called cloud computing.
What type of information is contained within the header of an IP packet?
An explanation of how the port number will be processed by the receiving device
The sender’s IP address, the size of the packet, and the protocol to use
The message that needs to be transmitted to the receiving device
A string of data indicating that the data transmission is complete
The sender’s IP address, the size of the packet, and the protocol to use
What characteristics do the TCP/IP and OSI models share? Select all that apply.
Both models define standards for networking and divide the network communication process into different layers.
Both models include an application and a transport layer.
Both models illustrate network processes and protocols for data transmission between two or more systems.
Both models have 7 layers.
Both models define standards for networking and divide the network communication process into different layers.
Both models include an application and a transport layer.
Both models illustrate network processes and protocols for data transmission between two or more systems.
What is the Transmission Control Protocol (TCP)?
An internet communication convention
A unique address that every device on a network is assigned
A software application that organizes data
Guidelines for proper network operations
An internet communication convention
The TCP is an internet communication convention, or protocol. It allows two devices to form a connection and stream data.
Fill in the blank: A _____ is a software-based location that organizes the sending and receiving of data between devices on a network.
port
packet
channel
segment
port
A port is a software-based location that organizes the sending and receiving of data between devices on a network.
Which layer of the TCP/IP model has protocols that organize file transfers and email services?
Transport layer
Application layer
Network access layer
Internet layer
Application layer
The application layer has protocols that organize file transfers and email services. It does this by determining how data packets will interact with receiving devices. The application layer is the fourth layer in the TCP/IP model.
Fill in the blank: An Internet Protocol (IP) address is a unique string of characters that identifies the _____ of a device on the internet.
location
operating system
speed
size
location
An IP address is a unique string of characters that identifies the location of a device on the internet.
Which of the following is an example of an IPv4 address?
25, 443, 20
00-B1-D0-63-C2-26
172.16.254.1
2001:0db8:85a3:0000:0000:8a2e:0370:7336
172.16.254.1
An example of an IPv4 address is 172.16.254.1. IPv4 addresses are written as four, 1-3-digit numbers separated by decimal points. Each one can contain the values 0-255.
What type of address is assigned by an internet service provider and connected to a geographic location?
WAN address
MAC address
Public IP address
Private IP address
Public IP address
A public IP address is assigned by an internet service provider and shared by all devices on a local area network. It is connected to geographic location. All communications from devices in the same local area have the same public-facing address due to network address translation or a forwarding proxy.
Fill in the blank: A switch uses a MAC _____ to direct data packets to the correct device.
address table
geographic location
home network
public address
address table
A switch uses a MAC address table to direct data packets to the correct device.
What is the term for a group of connected devices?
Hub
Cloud
Protocol
Network
Network
Which network device connects multiple networks together?
A modem
A hub
A router
A switch
A router
Which of the following statements accurately describe switches? Select all that apply.
When a switch receives a data packet, it reads the MAC address of the destination device and maps it to a port.
Some benefits to switches are effective control of traffic flow and improved network performance.
Switches are less secure than hubs.
A switch is a device that makes connections between specific devices on a network by sending and receiving data between them.
When a switch receives a data packet, it reads the MAC address of the destination device and maps it to a port.
Some benefits to switches are effective control of traffic flow and improved network performance.
A switch is a device that makes connections between specific devices on a network by sending and receiving data between them.
Which of the following are benefits for businesses that are considering using a cloud service provider (CSP)? Select all that apply.
CSP remote servers allow online services to be accessed from any location.
CSPs provide business analytics to monitor web traffic and sales.
CSPs offer on-demand storage.
CSP data and devices are more secure because they are stored locally.
CSP remote servers allow online services to be accessed from any location.
CSPs provide business analytics to monitor web traffic and sales.
CSPs offer on-demand storage.
What is the purpose of the protocol number of a data packet?
To contain the IP and MAC addresses
To identify the message to be transmitted to the receiving device
To signal to the receiving device that the packet is finished
To tell the receiving device what to do with the information in the packet
To tell the receiving device what to do with the information in the packet
What are the three main categories of services that CSPs provide? Select all that apply.
Infrastructure as a service (IaaS)
Desktop as a service (DaaS)
Platform as a service (PaaS)
Software as a service (SaaS)
Infrastructure as a service (IaaS)
Platform as a service (PaaS)
Software as a service (SaaS)
Which port is used for secure internet communication?
20
40
443
25
443
Which layer in the TCP/IP model is used to inspect the flow of traffic across a network?
Layer 1, network access
Layer 2, internet
Layer 3, transport
Layer 4, application
Layer 3, transport
Fill in the blank: 127.0.0.1 is an example of an ___ address.
IPv4
MAC
IPv6
Ethernet
IPv4
Which of the following addresses is an accurate IPv6 address?
fda2:7360:1e5b:e8f5:a69f:c8bd:1b3e:2578
a634:b123:cd34:3f56:0023:2345:7890:0000:ffff
fda2::7361:135b::38f5:c8bd:1b3e:2578
a360::abf7:h234:0011:g126:1130::ffj2
fda2:7360:1e5b:e8f5:a69f:c8bd:1b3e:2578
Fill in the blank: Network protocols are rules used by two or more devices on a network to describe the _____ and structure of data.
order of delivery
optimum speed
access level
maximum size
order of delivery
Network protocols are rules used by two or more devices on a network to describe the order of delivery and the structure of data.
Which network protocol provides a secure method of communication between clients and web servers?
DNS
ARP
HTTPS
TCP
HTTPS
Hypertext transfer protocol secure (HTTPS) provides a secure method of communication between clients and web servers. HTTPS uses digital certificates to perform authentication and can operate over TCP ports 443 and 80.
To keep information safe from malicious actors, what security protocol can be used?
Secure sockets layer and transport layer security (SSL/TLS)
Domain name system (DNS)
Address resolution protocol (ARP)
Transmission control protocol (TCP)
Correct
To keep information safe from malicious actors, SSL/TLS can be used. It secures hypertext transfer protocol (HTTP) transactions, which is known as hypertext transfer protocol secure (HTTPS).
Secure sockets layer and transport layer security (SSL/TLS)
To keep information safe from malicious actors, SSL/TLS can be used. It secures hypertext transfer protocol (HTTP) transactions, which is known as hypertext transfer protocol secure (HTTPS).
IEEE 802.11, also known as Wi-Fi, is a set of standards that define communication for wireless LANs.
True
False
True
IEEE 802.11, also known as Wi-Fi, is a set of standards that define communication for wireless LANs.
What monitors and filters traffic coming in and out of a network?
Firewall
Domain name system (DNS)
Forward proxy server
Uncontrolled zone
Firewall
A firewall monitors and filters traffic coming in and out of a network. It either allows or denies traffic based on a defined set of security rules.
Stateless is a class of firewall that keeps track of information passing through it and proactively filters out threats.
True
False
False
Stateful is a class of firewall that keeps track of information passing through it and proactively filters out threats. Stateless operates based on predefined rules and does not keep track of information from data packets.
Fill in the blank: Encapsulation can be performed by a _____ to help protect information by wrapping sensitive data in other data packets.
VPN service
firewall
proxy server
security zone
VPN service
Encapsulation can be performed by a VPN service to help protect information by wrapping sensitive data in other data packets. VPNs change a public IP address and hide a virtual location to keep data private when using a public network.
Which security zone is used to ensure highly confidential information and is only accessible to employees with certain privileges?
Management zone
Uncontrolled zone
Demilitarized zone (DMZ)
Restricted zone
Restricted zone
The restricted zone protects highly confidential information that only people with certain privileges can access. It typically has a separate firewall.
Fill in the blank: A security analyst uses a _____ to regulate and restrict access to an internal server from the internet. This tool works by accepting traffic from external parties, approving it, and forwarding it to internal servers.
port filter
forward proxy server
controlled zone
reverse proxy server
reverse proxy server
A security analyst uses a reverse proxy server to regulate and restrict access to an internal server from the internet. This tool works by accepting traffic from external parties, approving it, and forwarding it to internal servers.
What network protocol helps data get to the right place by determining the MAC address of the next router or device on its path?
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Transmission Control Protocol (TCP)
Hypertext Transfer Protocol Secure (HTTPS)
Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP)
Which of the following statements accurately describe wireless protocols? Select three answers.
WPA is a wireless security protocol pertaining to connecting to the internet.
Wi-Fi protocols provide significantly lower security levels than wired connections.
The set of standards IEEE 802.11 is also referred to as Wi-Fi.
The Institute of Electrical and Electronics Engineers maintains Wi-Fi standards.
WPA is a wireless security protocol pertaining to connecting to the internet.
The set of standards IEEE 802.11 is also referred to as Wi-Fi.
The Institute of Electrical and Electronics Engineers maintains Wi-Fi standards.
A firewall administrator installs a firewall function to either block or allow certain port numbers to limit unwanted communication. What function does this scenario describe?
Port filtering
Organizing data packets
Location masking
Using cloud-based firewalls
Port filtering
Which of the following types of firewalls can perform deep packet inspection and intrusion detection?
Stateless firewall
Stateful firewall
Documented firewall
Next generation firewall (NGFW)
Next generation firewall (NGFW)
How do VPNs preserve confidentiality?
Monitor traffic to and from a network
Translate internet domain names to IP addresses
Encrypt data in transit
Use temporary memory to store data requested by external servers
Encrypt data in transit
Which of the following does encapsulation protect?
proxy servers
data in transit
cryptographic keys
public IP addresses
data in transit
What network zone contains the internet and other services that are outside of an organization’s control?
Controlled
Demilitarized
Restricted
Uncontrolled
Uncontrolled
What network zone acts as a network perimeter to the internal network by isolating servers that are exposed to the internet?
Demilitarized zone
Restricted zone
Virtual private network
Uncontrolled zone
Demilitarized zone
Which of the following services client requests by forwarding them to other servers?
Router
Proxy server
Firewall
Virtual private network (VPN)
Proxy server
Which of the following statements accurately describe forward and reverse proxy servers? Select three answers.
Forward proxy servers receive outgoing traffic from an employee, approve it, then forward it to its destination on the internet.
Reverse proxy servers work by hiding a user’s IP address and approving all outgoing requests.
Reverse proxy servers accept traffic from external parties, approve it, then forward it to internal servers.
Forward proxy servers regulate and restrict a person’s access to the internet.
Forward proxy servers receive outgoing traffic from an employee, approve it, then forward it to its destination on the internet.
Reverse proxy servers accept traffic from external parties, approve it, then forward it to internal servers.
Forward proxy servers regulate and restrict a person’s access to the internet.
What type of attack uses multiple devices or servers in different locations to flood the target network with unwanted traffic?
Distributed Denial of Service (DDoS) attack
Phishing attack
Tailgating attack
Denial of Service (DoS) attack
Distributed Denial of Service (DDoS) attack
A DDoS attack uses multiple devices or servers in different locations to flood the target network with unwanted traffic.
What type of attack poses as a TCP connection and floods a server with packets simulating the first step of the TCP handshake?
SYN flood attack
SYN-ACK flood attack
ICMP flood
On-path attack
SYN flood attack
A SYN flood attack poses as a TCP connection and floods a server with packets simulating the first step of the TCP handshake. This overwhelms the server, making it unable to function.
Fill in the blank: The Denial of Service (DoS) attack _____ is caused when a hacker sends a system an ICMP packet that is bigger than 64KB.
Ping of Death
On-path
SYN flood
ICMP flood
Ping of Death
The DoS attack Ping of Death is caused when a hacker sends a system an ICMP packet that is bigger than 64KB.
Which types of attacks take advantage of communication protocols by sending an overwhelming number of requests to a server? Select all that apply.
SYN flood attack
Tailgating attack
ICMP flood attack
TCP connection attack
SYN flood attack
ICMP flood attack
ICMP flood and SYN flood attacks take advantage of communication protocols by sending an overwhelming number of requests to a server.
Passive packet sniffing involves data packets being manipulated while in transit, which may include injecting internet protocols to redirect the packets to unintended ports or changing the information the packet contains.
True
False
False
Active packet sniffing is a type of attack that involves data packets being manipulated while in transit. This can include injecting internet protocols to redirect the packets to unintended ports or changing the information the packet contains. Passive packet sniffing is a type of attack where data packets are read in transit.
Fill in the blank: A security analyst can protect against malicious packet sniffing by _____ to encrypt data as it travels across a network.
using free public Wi-Fi
using a VPN
using only websites with HTTP at the beginning of their domain addresses
using a network hub
using a VPN
A security analyst can protect against malicious packet sniffing by using a VPN to encrypt data as it travels across a network. A VPN is a network security service that changes a public IP address and hides a virtual location to keep data private when using a public network.
Which type of attack involves an attacker changing the source IP of a data packet to impersonate an authorized system and gain access to the network?
Ping of death
Replay attack
On-path attack
IP spoofing
IP spoofing
IP spoofing involves an attacker changing the source IP of a data packet to impersonate an authorized system and gain access to the network.
Which of the following statements accurately describes a smurf attack?
A DoS attack that is caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than the maximum size
A network attack performed when an attacker intercepts a data packet in transit and delays it or repeats it at another time
A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets
A DoS attack performed by an attacker repeatedly sending ICMP packets to a network server
A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets
A smurf attack is a network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets. It is a combination of a DDoS attack and an IP spoofing attack.
What do network-level Denial of Service (DoS) attacks target?
All hardware within an organization
Commonly used software applications
Network bandwidth
The personal information of employees
Network bandwidth
Fill in the blank: A _____ attack uses multiple devices in different locations to flood the target network with unwanted traffic.
Distributed Denial of Service (DDoS)
Tailgating
Ping of death
ICMP flood
Distributed Denial of Service (DDoS)
A security team discovers that an attacker has taken advantage of the handshake process that is used to establish a TCP connection between a device and their server. Which DoS attack does this scenario describe?
Ping of Death
On-path attack
SYN flood attack
ICMP flood
SYN flood attack
Which type of attack occurs when a malicious actor sends an oversized ICMP packet to a server?
on-path
SYN flood
smurf
Ping of Death
Ping of Death
Which type of packet sniffing allows malicious actors to view and read data packets in transit?
Passive packet sniffing
Active packet sniffing
IP packet interception
Hardware packet sniffing
Passive packet sniffing
A malicious actor changes to the source IP of a data packet in order to communicate over an organization’s internal network. Which type of attack is this?
Ping of Death
IP spoofing
Active packet sniffing
Passive packet sniffing
IP spoofing
Fill in the blank: To reduce the chances of an IP spoofing attack, a security analyst can configure a _____ to reject all incoming traffic with the same source IP addresses as those owned by the organization.
firewall
HTTPS domain address
demilitarized zone
VPN
firewall
A malicious actor impersonates a web browser or web server by placing themselves between two devices, then sniffing the packet information to discover the IP and MAC addresses. Which type of attack is this?
Packet flooding attack
Malware attack
Smurf attack
On-path attack
On-path attack
A malicious actor intercepts a network transmission that was sent by an authorized user and repeats it at a later time to impersonate a user. Which type of attack is this?
SYN flood
replay
smurf
on-path
replay
Fill in the blank: A ___ attack happens when a malicious actor sniffs an authorized user’s IP address and floods it with packets.
On-path attack
Smurf attack
Ping of Death
Replay attack
Smurf attack
Fill in the blank: The _____ acts as an intermediary between software applications and computer hardware.
access system
operating system
authorized user
baseline
operating system
The operating system acts as an intermediary between software applications and computer hardware.
Which of the following activities are security hardening tasks? Select all that apply.
Making patch updates
Enforcing password policies
Exploiting an attack surface
Disposing of hardware and software properly
Making patch updates
Enforcing password policies
Disposing of hardware and software properly
Making patch updates, disposing of hardware and software properly, and enforcing password policies are security hardening tasks. Security hardening is the process of strengthening a system to reduce its vulnerability and attack surface.
Multifactor authentication (MFA) is a security measure that requires a user to verify their identity in at least two ways before they can access a system or network.
True
False
True
MFA is a security measure that requires a user to verify their identity in at least two ways before they can access a system or network.
What are examples of physical security hardening? Select all that apply.
Installing security cameras
Hiring security guards
Removing or disabling unused applications
Reducing access permissions across devices
Installing security cameras
Hiring security guards
Physical security is also a part of security hardening and may include securing a physical space with security cameras and security guards.
Fill in the blank: Security teams can use _____ to examine network logs and identify events of interest.
security information and event management (SIEM) tools
network segmentation
baseline configuration
port filtering
security information and event management (SIEM) tools
Security teams can use security information and event management (SIEM) tools to examine network logs and identify events of interest. SIEM tools collect and analyze log data to monitor critical activities in an organization.
What is a basic principle of port filtering?
Allow users access to only areas of the network that are required for their role.
Block all ports in a network.
Disallow ports that are used by normal network operations.
Allow ports that are used by normal network operations.
Allow ports that are used by normal network operations.
A basic principle of port filtering is to allow ports that are used by normal network operations. Any port that is not being used by the normal network operations should be disallowed to protect against vulnerabilities.
A security professional creates different subnets for the various departments in their business, ensuring users have access that is appropriate for their particular roles. What does this scenario describe?
Network log analysis
Network segmentation
Patch updates
Firewall maintenance
Network segmentation
This scenario describes network segmentation, which involves creating isolated subnets for different departments in an organization.
Data in restricted zones should have the same encryption standards as data in other zones.
True
False
False
Restricted zones on a network, which contain highly classified or confidential data, should have much higher encryption standards than data in other zones to make them more difficult to access.
Fill in the blank: A key distinction between cloud and traditional network hardening is the use of a server baseline image, which enables security analysts to prevent _____ by comparing data in cloud servers to the baseline image.
improper resource storage
slow speeds
unverified changes
damaged data
unverified changes
A key distinction between cloud and traditional network hardening is the use of a server baseline image, which enables security analysts to prevent unverified changes by comparing data in cloud servers to the baseline image.
Data and applications on cloud networks do not need to be separated based on their service category, such as their age or internal functionality.
True
False
False
Similar to OS hardening, data and applications on a cloud network should be kept separate depending on their service category. For example, older applications should be kept separate from new applications. And software that deals with internal functions should be kept separate from front-end applications seen by users.
Who is responsible for ensuring the safety of cloud networks? Select all that apply.
Cloud service provider
Research department
Security team
Individual users
Cloud service provider
Security team
Both the organization’s security team and its cloud service provider are responsible for ensuring the safety of cloud networks.
Fill in the blank: _____ cloud services are a common source of cloud security issues.
Misconfigured
Unauthorized
Shared
Managed
Misconfigured
Misconfigured cloud services are a common source of cloud security issues.
Fill in the blank: ____ is the process of strengthening a system to reduce its vulnerability and attack surface.
Security hardening
Network hardening
Port filtering
SIEM
Security hardening
What is the term for all the potential system vulnerabilities that a threat actor could exploit?
Risk
Security challenge
Security architecture
Attack surface
Attack surface
Fill in the blank: Hiring a security guard is an example of a _____ security hardening practice.
network-focused
physical
virtual
software-based
physical
A company’s executive team approves a proposal by the security director. The proposal involves security professionals simulating an attack on the company’s systems in order to identify vulnerabilities. What does this scenario describe?
Packet sniffing
Penetration testing
A Distributed Denial of Service (DDoS) attack
The Ping of Death
Penetration testing
Which of the following statements accurately describe OS hardening tasks? Select three answers.
Multi-factor authentication is a security measure requiring users to change passwords every month.
Some OS hardening tasks are performed at regular intervals, while others are performed only once.
OS hardening is a set of procedures that maintain and improve OS security.
When disposing of software, it is a best practice to delete any unused applications.
Some OS hardening tasks are performed at regular intervals, while others are performed only once.
OS hardening is a set of procedures that maintain and improve OS security.
When disposing of software, it is a best practice to delete any unused applications.
Fill in the blank: A/An _____ is a documented set of specifications within a system that is used as a basis for future builds, releases, and updates
network segment
internet control message protocol update
baseline configuration
virtual private network installation
baseline configuration
Fill in the blank: The security measure _____ requires a user to verify their identity in two or more ways to access a system or network.
network log analysis
password policy
multifactor authentication (MFA)
baseline configuration
multifactor authentication (MFA)
In what way might port filtering be used to protect a network from an attack?
By helping analysts inspect, analyze, and react to security events based on their priority
By blocking or allowing certain port numbers in order to limit unwanted communication
By creating isolated subnets for each of the various departments within an organization
By increasing the attack surface within a business network
By blocking or allowing certain port numbers in order to limit unwanted communication
Fill in the blank: Security analysts use ____ to create isolated subnets for different departments in an organization.
cloud hardening
network segmentation
patch updating
penetration testing
network segmentation
How can a security professional confirm that no unverified changes have occurred within a cloud server?
Perform a penetration test
Compare the server baseline image to the data in cloud servers
Use port filtering to block or allow certain updates
Establish multifactor authentication (MFA)
Compare the server baseline image to the data in cloud servers
