Domain 1.0 Network Security Flashcards
An S/FTP server is deployed within your intranet but is accessible to external users. You are not allowed to change the configuration of the network by relocating existing services. Which is the most important solution to install?
A. Install strong password management policies
B. Install a host firewall
C. Install a VPN server
D. Install a Network IDS
D. Install a Network IDS
IDS - Intrusion Detection System
VPN - Virtual Private Network
How does a switch determine which port to use to transmit a packet once it is received?
A. IP routes
B. Security associations
C. ACLs
D. Mac tables
D. Mac tables
ACL - Access Control List
What hardware device can filter content and cache data?
A. Switch
B. Proxy
C. Router
D. VPN concentrator
B. Proxy
What tool can be used to distribute network data for the optimization of performance across multiple computers and networks?
A. Multiplexer
B. Switch trunking
C. Load balancer
D. NATing
C. Load balancer
A malware scanner is least effective against what type of attack?
A. Pharming
B. Logic bomb
C. Trojan horse
D. Backdoor
A. Pharming
A firewall is an example of what type of access control model?
A. Role Based Access Control
B. Mandatory Access Control
C. Rule Based Access Control
D. Discretionary Access Control
C. Rule Based Access Control
Most corporate security policies set the firewall to use what security stance?
A. Anti-spoofing
B. Reverse DNS lookup
C. Malware filtering
D. Implicit deny
D. Implicit deny
Which of the following performs loop protection?
A. 802.1x
B. Spanning tree
C. VPN
D. Caching
B. Spanning tree
STP - Spanning Tree Protocols (they build hierarchical maps from Bridge Protocol Data Units and provide loop protection)
To leverage existing authentication services, what must a networking device support?
A. x.509 v3
B. 802.3
C. x.500
D. 802.1x
C. x.500
What do ACLs most often contain in order for Access control within and between VLANs to be managed? [select two]
A. IP addresses
B. FQDNs
C. MAC addresses
D. Protocol ports
A. IP addresses
C. MAC addresses
MAC - Machine Address Code (also Mandatory Access Control, Media Access Control, and Message Authentication Code)
Which of the following can be implemented in cloud services as Software as a Service (SaaS)?
A. Web based mail
B. On demand computing
C. Custom development based on programming language or database structures
D. Protocol ports
A. Web based mail
VLANs represent what?
A. Virtualized honey pots
B. IP subnetting
C. Hardware imposed network segmentations
D. Wireless accessible service network
C. Hardware imposed network segmentations
VLAN - Virtual Local Area Network
In order to provide the most complete protection against malware, which of the following is the best implementation choice?
A. Install anti-virus on the host computer and each virtual system
B. Install anti-virus only on the host computer
C. Install anti-virus only on the virtual systems
D. Install anti-virus on only one virtual system
A. Install anti-virus on the host computer and each virtual system
When network access control is used to maintain patch levels and configs, where is a system returning from weeks in the field often placed?
A. In a quarantine with a remediation server
B. In a VPN
C. In an extranet
D. In the internet
A. In a quarantine with a remediation server
What is the most effective method to reduce the risk of war dialing?
A. Blocking Caller ID
B. Installing video cameras in the parking area
C. Removing all modems
D. Disabling SSID broadcasting
C. Removing all modems
SSID - Service Set Identifier