Comprehensive Security Solutions

Question 1

What separates the authentication and authorization process into three operations? 
A. XTACACS 
B. TACACS+ 
C. TACACS 
D. RADIUS

Answer 1

B. TACACS+ has added functionality and has extended attribute control and accounting processes. TACACS+ also separates the authentication and authorization process into three processes.

Question 2

Which of the following is proprietary to Cisco? 
A. XTACACS 
B. DIAMETER 
C. TACACS 
D. RADIUS

Answer 2

A. XTACACS is proprietary to Cisco.

Question 3

Which of the following designs uses one packet filtering router between a trusted and untrusted network? 
A. Screened host 
B. Screened subnet 
C. Dual-homed gateway 
D. Single-tier packet filter

Answer 3

D. A single-tier packet filter design has one packet-filtering router installed between the trusted and untrusted network.

Question 4

Which of the following correctly represents a broadcast physical address? 
A. 00 00 0C 34 44 01 01 
B. 00 00 FF FF FF 
C. FF FF FF FF FF FF 
D. 01 00 0C 34 44 01

Answer 4

C. Broadcast MAC addresses appear as FF FF FF FF FF FF.

Question 5

You have been asked to examine some network traffic with Wireshark and have noticed that some traffic is addressed to 224.3.9.5. What class of address is this? 
A. Class C 
B. Class D 
C. Class B 
D. Class A

Answer 5

B. An address of 224.3.9.5 is class D, or multicast, traffic.

Question 6

You have been scanning a network and have found TCP 53 open. What might you conclude from this? A. DNS is configured for lookups.
B. A DNS zone transfer might be possible.
C. DNSSEC has been configured.
D. SMTP is being used.

Answer 6

B. DNS uses UDP port 53 for DNS queries and TCP port 53 for zone transfers.

Question 7

You have just scanned your network and found UDP port 123. What service makes use of this port? 
A. Portmapper 
B. NTP 
C. Finger 
D. LDAP

Answer 7

B. Port 123 is used by NTP.

Question 8

Which of the following is not offered by Kerberos for Windows users? 
A. Interoperability 
B. Nondelegated authentication 
C. Mutual authentication 
D. Simplified trust management

Answer 8

B. Kerberos offers Windows users faster connections, mutual authentication, delegated authentication, simplified trust management, and interoperability.

Question 9

LDAPS provides for security by making use of which one of the following? 
A. DES 
B. SSL 
C. SET 
D. PGP

Answer 9

B. LDAPS provides for security by using SSL.

Question 10

DNSSEC does not protect against which of the following? 
A. Masquerading 
B. Domain spoofing 
C. Domain kiting 
D. Signature verification

Answer 10

C. DNSSEC does not protect against domain kiting.

Question 11

Which DNS record holds zone replication TTL information? 
A. PTR 
B. NS 
C. MX 
D. SOA

Answer 11

D. The SOA record holds zone replication TTL information.

Question 12

Which version of SNMP provides built-in security? A. Version C
B. Version B
C. Version 2
D. Version 3

Answer 12

D. Version 3 is more secure than previous versions of SNMP and offers encryption.

Question 13

While using Wireshark, you have captured traffic on UDP port 69. What service or application might this be? 
A. FTP 
B. Finger 
C. SSH 
D. CTFTP

Answer 13

D. TFTP uses port 69 by default.

Question 14

Which of the following is not a valid UPD header field? 
A. Source port 
B. Length 
C. Checksum 
D. Flag

Answer 14

D. UDP is composed of four fields: source, destination, length, and checksum.

Question 15

In DNS, what is another name for an alias? 
A. MX 
B. CNAME 
C. SOA 
D. NS

Answer 15

B. The CNAME record is an alias.

Question 16

TSIG is used for what purpose? 
A. As a means of authentication updates to a Dynamic DNS database 
B. To prevent VLAN hopping 
C. As an LDAP security control 
D. To secure X.500

Answer 16

A. TSIG is used as a means of authenticating updates to a Dynamic DNS database.

Question 17

Cisco has several ways to incorporate VLAN traffic into trunking. These include which of the following? A. 802.1Q
B. 802.1x
C. 802.11
D. LDAP

Answer 17

A. Cisco has several ways to incorporate VLAN traffic into trunking, such as the IEEE’s implementation of 802.1Q and Cisco’s ISL.

Question 18

One of the big differences between IPv4 and IPv6 is the address length. IPv6 has address lengths of how many bits? 
A. 16 
B. 32 
C. 64 
D. 128

Answer 18

D. IPv6 has many improvements over IPv4; one of these is that the address space moves from 32 bits to 128 bits.

Question 19

Which of the following is an extension to Simple Object Access Protocol (SOAP) and is designed to add security to web services? 
A. WS-Security 
B. ESB 
C. LDAP 
D. SSO

Answer 19

A. WS_Security is an extension to SOAP and is designed to provide added security.

Question 20

Which of the following is not a component of VoIP? A. SIP
B. H.323
C. RTP
D. SPIT

Answer 20

D. SPIT is “Spam over Internet Telephony” and is not considered a component of VoIP.

Question 21

What are three types of security controls?
A. Preventative, Detective, and Corrective
B. Confidentiality, Integrity, Availability
C. Authorization, Integrity, Availability
D. Combustible, Metals, Liquids

Answer 21

A. The three types of security controls are preventative, detective, and corrective.

Question 22

In which of the following would a Security Analyst work? 
A. Human Resource department 
B. Logistics department 
C. Security Operations Center 
D. Accounting department

Answer 22

C. A security analyst would work in a SOC.