4.0 Network Security Flashcards

1
Q

what would you configure on a switch to segment traffic?

A

VLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is the purpose of a network scan?

A

to gather information about hosts within a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is the purpose of banner grabbing?

A

to gain information about remote systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is the purpose of the spanning tree protocol?

A

prevents broadcast storms caused by two ports on a switch being connected to each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what device uses an ACL to filter traffic

A

Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

where is IP filtering configured?

A

ACL in a firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what type of filter allows SMTP traffic through a firewall?

A

port filter (blocking TCP port 25)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what would you manipulate to block access to a network for a specific computer?

A

Firewall’s ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what is the name of bogus server with false data designed to lure attackers?

A

Honeypot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what technique is commonly done to identify open ports on a server?

A

port scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what is the general purpose of disabling unnecessary services on a server?

A

to harden the server

hardening a device makes it more secure than the default configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

where should updates for production servers be applied first?

A

to a test server that mimics the production server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

an attacker creates an evil twin and then collects data from anyone that connects to it. what type of attack is this?

A

MITM attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

an attacker connects to a switch and is then able to connect to existing VLANs on the same switch. what type of attack is this?

A

VLAN hopping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what kind of threat is possible from a disgruntled employee?

A

an insider threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what type of attack is launched from a single host against a single host?

A

DoS attack

17
Q

what is the name of an unauthorized wireless network with a different name than a legitimate wireless network?

A

Rogue access point

18
Q

what type of attack floods a switch with traffic, with the goal of redirecting traffic to an attacker’s computer?

A

ARP poisoning

19
Q

an attacker impersonates a service technician to gain access to a building. What is this called?

A

Social engineering

20
Q

what type of attack is launched from several hosts against a single host?

A

DDoS attack

21
Q

what is the name of a malicious wireless network with the same name as a legitimate wireless network?

A

Evil twin

22
Q

what type of filtering on a router can restrict access based on a hardware address?

A

MAC filtering

23
Q

what information is required by a user to access a WPA2 protected network?

A

Passphrase or pre-shared key

24
Q

what is the strongest encryption wireless protocol (listed in the CompTIA objectives)?

A

WPA2

25
Q

what does EAP provide?

A

A framework for authentication and authorization

EAP (extensible authentication protocol)

26
Q

what type of encryption does WPA2-PSK use?

A

CCMP-AES

27
Q

what can be used on a network to restrict access based on hardware address?

A

MAC filtering

28
Q

wireless guests are redirected to a page requiring them to enter credentials before they can access the internet. What is this called?

A

A captive portal

29
Q

what is syslog?

A

a message-logging standard

a syslog server is a centralized server that can collect logs from multiple devices

30
Q

users must log in with a smart card, a PIN, and a password. what kind of authentication is this?

A

Dual-factor authentication

It is sometimes called multi-factor authentication, but it only used two types of authentication - something you have (smart card) and something you know (PIN and password)

31
Q

a smartcard is used for what factor of authentication?

A

something you have

32
Q

a password is used for what factor of authentication?

A

something you know

33
Q

a fingerprint reader is used for what factor of authentication?

A

something you are

34
Q

name the three primary factors of authentication

A

something you know, something you have, something you are

35
Q

what are asset tracking tags used for in an organization?

A

Inventory

they also help to recover lost devices

36
Q

what physical security feature should default to a fail open state if power is lost?

A

Door locks