4.0 Network Security

Question 1

what would you configure on a switch to segment traffic?

Answer 1

VLAN

Question 2

what is the purpose of a network scan?

Answer 2

to gather information about hosts within a network

Question 3

what is the purpose of banner grabbing?

Answer 3

to gain information about remote systems

Question 4

what is the purpose of the spanning tree protocol?

Answer 4

prevents broadcast storms caused by two ports on a switch being connected to each other

Question 5

what device uses an ACL to filter traffic

Answer 5

Firewall

Question 6

where is IP filtering configured?

Answer 6

ACL in a firewall

Question 7

what type of filter allows SMTP traffic through a firewall?

Answer 7

port filter (blocking TCP port 25)

Question 8

what would you manipulate to block access to a network for a specific computer?

Answer 8

Firewall’s ACL

Question 9

what is the name of bogus server with false data designed to lure attackers?

Answer 9

Honeypot

Question 10

what technique is commonly done to identify open ports on a server?

Answer 10

port scanning

Question 11

what is the general purpose of disabling unnecessary services on a server?

Answer 11

to harden the server

hardening a device makes it more secure than the default configuration

Question 12

where should updates for production servers be applied first?

Answer 12

to a test server that mimics the production server

Question 13

an attacker creates an evil twin and then collects data from anyone that connects to it. what type of attack is this?

Answer 13

MITM attack

Question 14

an attacker connects to a switch and is then able to connect to existing VLANs on the same switch. what type of attack is this?

Answer 14

VLAN hopping

Question 15

what kind of threat is possible from a disgruntled employee?

Answer 15

an insider threat

Question 16

what type of attack is launched from a single host against a single host?

Answer 16

DoS attack

Question 17

what is the name of an unauthorized wireless network with a different name than a legitimate wireless network?

Answer 17

Rogue access point

Question 18

what type of attack floods a switch with traffic, with the goal of redirecting traffic to an attacker’s computer?

Answer 18

ARP poisoning

Question 19

an attacker impersonates a service technician to gain access to a building. What is this called?

Answer 19

Social engineering

Question 20

what type of attack is launched from several hosts against a single host?

Answer 20

DDoS attack

Question 21

what is the name of a malicious wireless network with the same name as a legitimate wireless network?

Answer 21

Evil twin

Question 22

what type of filtering on a router can restrict access based on a hardware address?

Answer 22

MAC filtering

Question 23

what information is required by a user to access a WPA2 protected network?

Answer 23

Passphrase or pre-shared key

Question 24

what is the strongest encryption wireless protocol (listed in the CompTIA objectives)?

Answer 24

WPA2

Question 25

what does EAP provide?

Answer 25

A framework for authentication and authorization

EAP (extensible authentication protocol)

Question 26

what type of encryption does WPA2-PSK use?

Answer 26

CCMP-AES

Question 27

what can be used on a network to restrict access based on hardware address?

Answer 27

MAC filtering

Question 28

wireless guests are redirected to a page requiring them to enter credentials before they can access the internet. What is this called?

Answer 28

A captive portal

Question 29

what is syslog?

Answer 29

a message-logging standard

a syslog server is a centralized server that can collect logs from multiple devices

Question 30

users must log in with a smart card, a PIN, and a password. what kind of authentication is this?

Answer 30

Dual-factor authentication

It is sometimes called multi-factor authentication, but it only used two types of authentication - something you have (smart card) and something you know (PIN and password)

Question 31

a smartcard is used for what factor of authentication?

Answer 31

something you have

Question 32

a password is used for what factor of authentication?

Answer 32

something you know

Question 33

a fingerprint reader is used for what factor of authentication?

Answer 33

something you are

Question 34

name the three primary factors of authentication

Answer 34

something you know, something you have, something you are

Question 35

what are asset tracking tags used for in an organization?

Answer 35

Inventory

they also help to recover lost devices

Question 36

what physical security feature should default to a fail open state if power is lost?

Answer 36

Door locks