CND 1 - 100 Flashcards
An attacker uses different types of password cracking techniques to crack the password and gain unauthorized access to a system. An attacker uses a file containing a list of commonly used passwords. They then upload this file into the cracking application that runs against the user accounts. Which of the following password cracking techniques is the attacker trying?
A. Hybrid
B. Rainbow table
C. Dictionary
D. Bruteforce
C
Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?
A. Pipe model
B. Hose model
C. AAA model
D. Hub-and-Spoke VPN model
A
John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of implementing?
A. Packet Filtering
B. Circuit level gateway
C. Application level gateway
D. Stateful Multilayer Inspection
B
Which of the following attack signature analysis techniques are implemented to examine the header information and conclude that a packet has been altered?
A. Composite signature-based analysis
B. Atomic signature-based analysis
C. Content-based signature analysis
D. Context-based signature analysis
D
Lyle is the IT director for a medium-sized food service supply company in Nebraska. Lyle’s company employs over 300 workers, half of which use computers. He recently came back from a security training seminar on logical security. He now wants to ensure his company is as secure as possible. Lyle has many network nodes and workstation nodes across the network. He does not have much time for implementing a network-wide solution. He is primarily concerned about preventing any external attacks on the network by using a solution that can drop packets if they are found to be malicious. Lyle also wants this solution to be easy to implement and be network-wide. What type of solution would be best for Lyle?
A. He should choose a HIPS solution, as this is best suited to his needs.
B. Lyle would be best suited if he chose a NIPS implementation.
C. A NEPT implementation would be the best choice.
D. To better serve
B
Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?
A. Based on a first come first served basis
B. Based on the type of response needed for the incident
C. Based on a potential technical effect of the incident
D. Based on approval from management
C
Which of the following VPN topologies establishes a persistent connection between an organization’s main office and its branch offices using a third-party network or the Internet?
A. Hub-and-Spoke
B. Full Mesh
C. Point-to-Point
D. Star
A
Which of the following is a best practice for wireless network security?
A. Do not placing packet filter between the AP and the corporate intranet
B. Using SSID cloaking
C. Do not changing the default SSID
D. Enabling the remote router login
B
Smith is an IT technician that has been appointed to his company’s network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network vulnerability assessment plan?
A. Their first step is the acquisition of required documents, reviewing of security policies and compliance.
B. Their first step is to create an initial Executive report to show the management team.
C. Their first step is to make a hypothesis of what their final findings will be.
D. Their first step is to analyze the data they have currently gathered from the company or interviews.
A
Daniel is giving training on designing and implementing a security policy in the organization. He is explaining the hierarchy of the security policy which demonstrates how policies are drafted, designed and implemented. What is the correct hierarchy for a security policy implementation?
A. Procedures, Policies, Laws, Standards and Regulations
B. Laws, Regulations, Policies, Standards and Procedures
C. Regulations, Policies, Laws, Standards and Procedures
D. Laws, Policies, Regulations, Procedures and Standards
B
Ross manages 30 employees and only 25 computers in the organization. The network the company uses is a peer-to-peer. Ross configures access control measures allowing the employees to set their own control measures for their files and folders. Which access control did Ross implement?
A. Mandatory access control
B. Non-discretionary access control
C. Discretionary access control
D. Role-based access control
C
Fred is a network technician working for Johnson Services, a temporary employment agency in Boston. Johnson Services has three remote offices in New England and the headquarters in Boston where Fred works. The company relies on a number of customized applications to perform daily tasks and unfortunately these applications require users to be local administrators. Because of this, Fred’s supervisor wants to implement tighter security measures in other areas to compensate for the inherent risks in making those users local admins. Fred’s boss wants a solution that will be placed on all computers throughout the company and monitored by Fred.
A. Fred’s boss wants Fred to monitor a NIPS system.
B. Fred’s boss wants to implement a HIDS solution.
C. Fred’s boss wants a NIDS implementation.
D. Fred’s boss wants to implement a HIPS solution.
B
Which of the following can be used to suppress fire from Class K sources?
A. Water
B. Carbon dioxide
C. Foam
D. Dry Chemical
C
Which of the following can be used to suppress fire from Class K sources?
A. Water
B. Carbon dioxide
C. Foam
D. Dry Chemical
C
Larry is a network administrator working for a manufacturing company in Detroit. Larry is responsible for the entire company’s network which consists of 300 workstations and 25 servers. After using a hosted email service for a year, the company wants to cut back on costs and bring the email control internal. Larry likes this idea because it will give him more control over email. Larry wants to purchase a server for email but he does not want the server to be on the internal network because this might cause security risks. He decides to place the email server on the outside of the company’s internal firewall.
A. He is going to place the server in a Demilitarized Zone (DMZ).
B. He will put the email server in an IPSec zone.
C. For security reasons, Larry is going to place the email server in the company’s Logical Buffer Zone (LBZ).
D. Larry is going to put the email server in a hot-server zone.
A
Management decides to implement a risk management system to reduce and maintain the organization’s risk at an acceptable level. Which of the following is the correct order in the risk management phase?
A. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review
B. Risk Identification, Risk Assessment, Risk Monitoring & Review, Risk Treatment
C. Risk Treatment, Risk Monitoring & Review, Risk Identification, Risk Assessment
D. Risk Assessment, Risk Treatment, Risk Monitoring & Review, Risk Identification
A
Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user’s email is protected. Next, she needs to ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures.
What is Stephanie working on?
A. Usability
B. Confidentiality
C. Availability
D. Data Integrity
D
Blake is working on the company’s updated disaster and business continuity plan. The last section of the plan covers computer and data incidence response.
Blake is outlining the level of severity for each type of incident in the plan. Unsuccessful scans and probes are at what severity level?
A. Extreme severity level
B. Low severity level
C. High severity level
D. Mid severity level
B
Which Internet access policy starts with all services blocked and the administrator enables safe and necessary services individually, which provides maximum security and logs everything, such as system and network activities?
A. Internet access policy
B. Paranoid policy
C. Permissive policy
D. Prudent policy
D
Daniel who works as a network administrator has just deployed an IDS in his organization’s network. He wants to calculate the False Positive rate for his implementation. Which of the following formulas will he use, to calculate the False Positive rate?
A. False Negative/True Negative+True Positive
B. False Positive/False Positive+True Negative
C. True Negative/False Negative+True Positive
D. False Negative/False Negative+True Positive
B
As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2’s __________ integrity check mechanism provides security against a replay attack.
A. CBC-MAC
B. CRC-MAC
C. CBC-32
D. CRC-32
A
Paul is a network security technician working on a contract for a laptop manufacturing company in Chicago. He has focused primarily on securing network devices, firewalls, and traffic traversing in and out of the network. He just finished setting up a server a gateway between the internal private network and the outside public network. This server will act as a proxy, limited amount of services, and will filter packets. What is this type of server called?
A. Session layer firewall.
B. SOCKS host.
C. Bastion host.
D. Edge transport server.
C
The Circuit-level gateway firewall technology functions at which of the following OSI layer?
A. Transport layer
B. Data-link layer
C. Session layer
D. Network layer
C
Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees. Under which category of an information security policy does AUP fall into?
A. Incident Response Policy (IRP)
B. Issue Specific Security Policy (ISSP)
C. Enterprise Information Security Policy (EISP)
D. System Specific Security Policy (SSSP)
D
Identify the password cracking attempt involving precomputed hash values stored as plaintext and used to crack the password.
A. Bruteforce
B. Rainbow table
C. Hybrid
D. Dictionary
B
Ryan works as a network security engineer at an organization the recently suffered an attack. As a countermeasure, Ryan would like to obtain more information about the attacker and chooses to deploy a honeypot into the organizations production environment called Kojoney. Using this honeypot, he would like to emulate the network vulnerability that was attacked previously. Which type of honeypot is he trying to implement?
A. High interaction honeypots
B. Research honeypot
C. Low interaction honeypots
D. Pure honeypots
C
John, the network administrator and he wants to enable the NetFlow feature in Cisco routers to collect and monitor the IP network traffic passing through the router. Which command will John use to enable NetFlow on an interface?
A. Router IP route
B. Router(Config-if) # IP route cache flow
C. Router# Netmon enable
D. Router# netflow enable
B
The network administrator wants to strengthen physical security in the organization. Specifically, to implement a solution stopping people from entering certain restricted zones without proper credentials. Which of following physical security measures should the administrator use?
A. Mantrap
B. Bollards
C. Video surveillance
D. Fence
A
Which of the following incident handling stage removes the root cause of the incident?
A. Eradication
B. Recovery
C. Detection
D. Containment
A
James is working as a Network Administrator in a reputed company situated in California. He is monitoring his network traffic with the help of Wireshark. He wants to check and analyze the traffic against a PING sweep attack. Which of the following Wireshark filters will he use?
A. Icmp.type==8 or icmp.type==16
B. icmp.type==8 or icmp.type==0
C. icmp.type==8 and icmp.type==0
D. Icmp.type==0 and icmp.type==16
B
Which of the following systems includes an independent NAS Head and multiple storage arrays?
A. FreeNAS
B. None of these
C. Gateway NAS System
D. Integrated NAS System
C
You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your first reaction as a first responder?
A. Avoid Fear, Uncertainty and Doubt
B. Communicate the incident
C. Make an initial assessment
D. Disable Virus Protection
A
The security network team is trying to implement a firewall capable of operating only in the session layer, monitoring the TCP inter-packet link protocol to determine when a requested session is legitimate or not. Using this type of firewall, they could be able to intercept the communication, making the external network see that the firewall is the source, and facing the user, who responds from the outside is the firewall itself. They are just limiting a requirements previous listed, because they already have a packet filtering firewall and they must add a cheap solution that meets the objective. What kind of firewall would you recommend?
A. Packet Filtering with NAT
B. Circuit Level Gateway
C. Application Proxies
D. Application Level Gateways
B
If a network is at risk resulting from misconfiguration performed by unskilled and/or unqualified individuals, what type of threat is this?
A. External Threats
B. Unstructured Threats
C. Structured Threats
D. Internal Threats
B
John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization’s network. Which of following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt? (Choose all that apply.)
A. tcp.flags=0x00
B. tcp.options.wscale_val==20
C. tcp.flags==0x2b
D. tcp.options.mss_val<1460
ACD
Michael decides to view the ________ to track employee actions on the organization’s network.
A. Firewall policy
B. Firewall settings
C. Firewall log
D. Firewall rule set
C
Which of the following acts as a verifier for the certificate authority?
A. Registration authority
B. Certificate authority
C. Directory management system
D. Certificate Management system
A
Which phase of vulnerability management deals with the actions taken for correcting the discovered vulnerability?
A. Verification
B. Mitigation
C. Remediation
D. Assessment
C
Nancy is working as a network administrator for a small company. Management wants to implement a RAID storage for their organization. They want to use the appropriate RAID level for their backup plan that will satisfy the following requirements:
It has a parity check to store all the information about the data in multiple drives
Help reconstruct the data during downtime.
Process the data at a good speed.
Should not be expensive.
The management team asks Nancy to research and suggest the appropriate RAID level that best suits their requirements. What RAID level will she suggest?
A. RAID 3.
B. RAID 1
C. RAID 0
D. RAID 10
A
The bank where you work has 600 windows computers and 400 Red Hat computers which primarily serve as bank teller consoles. You have created a plan and deployed all the patches to the Windows computers and you are now working on updating the Red Hat computers. What command should you run on the network to update the Red Hat computers, download the security package, force the package installation, and update all currently installed packages?
A. You should run the up2data -u command.
B. You should run the up2date –d -f -u command.
C. You should run the WSUS –d -f -u command.
D. You should type the sysupdate –d command.
B