Domain 4: Network Security Flashcards

Question 1

Q

A laptop that is equipped with a fingerprint scanner that authenticates the user is using which of the following types of technology?

A. Pattern recognition

B. Hand geometry

C. Biometrics

D. Tamper detection

Answer

A

C. Biometrics

The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics.

Question 2

Q

An IT department receives a shipment of 20 new computers, and Alice has been assigned the task of preparing them for deployment to end users. The first thing she does is affix a metal tag with a bar code on it to each computer. Which of the following terms best describes the function of this procedure?

A. Asset tracking

B. Tamper detection

C. Device hardening

D. Port security

Answer

A

A. Asset tracking

Bar coding the new computers enables the IT department to record their locations, status, and conditions throughout their life cycle, a process known as asset tracking. Bar codes are not used for tamper detection and device hardening. Port security refers to switches, not computers.

Question 3

Q

Which of the following types of physical security is most likely to detect an insider threat?

A. Smartcards

B. Motion detection

C. Video surveillance

D. Biometrics

Answer

A

C. Video surveillance

An insider threat by definition originates with an authorized user. Smartcards, motion detection, and biometrics will only detect the presence of someone who is authorized to enter sensitive areas. Video surveillance, however, can track the activities of anyone, authorized or not.

Question 4

Q

Which of the following physical security mechanisms can either fail close or fail open?

A. Motion detectors

B. Video cameras

C. Honeypots

D. Door locks

Answer

A

D. Door locks

The terms fail close and fail open refer to the default position of an electric or electronic door lock when there is a power failure. Security is often a trade-off with safety, and in the event that an emergency occurs, cutting off power, whether secured doors are permanently locked or left permanently open is a critical factor. The terms fail close and fail open do not apply to motion detectors or video cameras. A honeypot is a computer configured to lure potential attackers; it is not a physical security mechanism.

Question 5

Q

Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail open?

A. The door remains in its current state in the event of an emergency.

B. The door locks in the event of an emergency.

C. The door unlocks in the event of an emergency.

D. The door continues to function using battery power in the event of an emergency.

Answer

A

C. The door unlocks in the event of an emergency.

A door that is configured to fail open reverts to its unsecured state—open—when an emergency occurs. This must be a carefully considered decision, as it can be a potential security hazard. However, configuring the door to fail closed is a potential safety hazard.

Question 6

Q

A high security installation that requires entrants to submit to a retinal scan before the door unlocks is using which of the following types of technology?

A. Pattern recognition

B. Hand geometry

C. Biometrics

D. Tamper detection

Answer

A

C. Biometrics

The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics.

Question 7

Q

Which of the following security measures can monitor the specific activities of authorized individuals within sensitive areas?

A. Video surveillance

B. Identification badges

C. Key fobs

D. Motion detection

Answer

A

A. Video surveillance

Video surveillance can monitor all activities of users in a sensitive area. With properly placed equipment, event specific actions, such as commands entered in a computer, can be monitored. Identification badges, key fobs, and motion detection can indicate the presence of individuals in a sensitive area, but they cannot monitor specific activities.

Question 8

Q

Which of the following statements is true when a biometric authentication procedure results in a false positive?

A. A user who should be authorized is denied access.

B. A user who should not be authorized is denied access.

C. A user who should be authorized is granted access.

D. A user who should not be authorized is granted access.

Answer

A

D. A user who should not be authorized is granted access.

When a false positive occurs during a biometric authentication, a user who should not be granted access to the secured device or location is granted access. A false negative is when a user who should be granted access is denied access.

Question 9

Q

In the datacenter of a company involved with sensitive government data, all servers have crimped metal tags holding the cases closed. All of the hardware racks are locked in clear-fronted cabinets. All cable runs are installed in transparent conduits. These are all examples of which of the following physical security measures?

A. Tamper detection

B. Asset tracking

C. Geofencing

D. Port security

Answer

A

A. Tamper detection

All of the mechanisms listed are designed to make any attempts to tamper with or physically compromise the hardware devices immediately evident. This is therefore a form of tamper detection. Asset tracking is for locating and identifying hardware. Geofencing is a wireless networking technique for limiting access to a network. Port security refers to network switch ports.

Question 10

Q

A secured government building that scans the faces of incoming people and compares them to a database of authorized entrants is using which of the following types of technology?

A. Pattern recognition

B. Hand geometry

C. Biometrics

D. Tamper detection

Answer

A

C. Biometrics

The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics.

Question 11

Q

Which of the following is not a means of preventing physical security breaches to a network datacenter?

A. Badges

B. Locks

C. Key fobs

D. Tailgaters

Answer

A

D. Tailgaters

A tailgater is a type of intruder who enters a secure area by closely following an authorized user. Most people are polite enough to hold the door open for the next person without knowing if they are authorized to enter. A tailgater is therefore not an intrusion prevention mechanism. Identification badges, locks, and key fobs are methods of preventing intrusions.

Question 12

Q

Identification badges, key fobs, and mantraps all fall into which of the following categories of security devices?

A. Physical security

B. Data security

C. Asset tracking

D. Port security

Answer

A

A. Physical security

Identification badges, key fobs, and mantraps are all physical security mechanisms, in that they prevent unauthorized personnel from entering sensitive areas, such as datacenters. These mechanisms are not used for data file security, asset tracking, or switch port security.

Question 13

Q

Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail closed?

A. The door remains in its current state in the event of an emergency.

B. The door locks in the event of an emergency.

C. The door unlocks in the event of an emergency.

D. The door continues to function using battery power in the event of an emergenc

Answer

A

B. The door locks in the event of an emergency.

A door that is configured to fail closed reverts to its secured state—locked—when an emergency occurs. This must be a carefully considered decision, since it can be a potential safety hazard. However, configuring the door to fail open is a potential security hazard.

Question 14

Q

Which of the following IEEE standards describes an implementation of port-based access control for wireless networks?

A. 802.11ac

B. 802.11n

C. 802.1X

D. 802.3x

Answer

A

C. 802.1X

IEEE 802.1X is a standard that defines a port-based Network Access Control mechanism used for authentication on wireless and other networks. IEEE 802.11ac and 802.11n are standards defining the physical and data link layer protocols for wireless networks. IEEE 802.3x is one of the standards for wired Ethernet networks.

Question 15

Q

In a public key infrastructure (PKI), which half of a cryptographic key pair is never transmitted over the network?

A. The public key

B. The private key

C. The session key

D. The ticket granting key

Answer

A

B. The private key

In a PKI, the two halves of a cryptographic key pair are the public key and the private key. The public key is freely available to anyone, but the private key is never transmitted over the network.

Question 16

Q

Which of the following authentication protocols do Windows networks use for Active Directory Domain Services authentication of internal clients?

A. RADIUS

B. WPA2

C. Kerberos

D. EAP-TLS

Answer

A

C. Kerberos

Windows networks that use AD DS authenticate clients using the Kerberos protocol, in part because it never transmits passwords over the network, even in encrypted form. RADIUS is an authentication, authorization, and accounting service for remote users connecting to a network. Windows does not use it for internal clients. WPA2 is a security protocol used by wireless LAN networks. It is not used for AD DS authentication. EAP-TLS is a remote authentication protocol that AD DS networks do not use for internal clients.

Question 17

Q

Which of the following statements best describes asymmetric key encryption?

A. A cryptographic security mechanism that uses the same key for both encryption and decryption

B. A cryptographic security mechanism that uses public and private keys to encrypt and decrypt data

C. A cryptographic security mechanism that uses two separate sets of public and private keys to encrypt and decrypt data

D. A cryptographic security mechanism that uses separate private keys to encrypt and decrypt data

Answer

A

B. A cryptographic security mechanism that uses public and private keys to encrypt and decrypt data

Asymmetric key encryption uses public and private keys. Data encrypted with the public key can only be decrypted using the private key. The reverse is also true. Symmetric key encryption uses only one key both to encrypt and decrypt data. Security mechanisms that use multiple key sets are not defined as symmetric.

Question 18

Q

Which of the following protocols can you use to authenticate Windows remote access users with smartcards?

A. EAP

B. MS-CHAPv2

C. CHAP

D. PAP

Answer

A

A. EAP

The Extensible Authentication Protocol (EAP) is the only Windows remote authentication protocol that supports the use of authentication methods other than passwords, such as smartcards. MS-CHAPv2 is a strong remote access authentication protocol, but it supports password authentication only. Users cannot use smartcards. The Challenge Handshake Authentication Protocol (CHAP) is a relatively weak authentication protocol that does not support the use of smartcards. The Password Authentication Protocol (PAP) supports only clear text passwords, not smartcards.

Question 19

Q

Which of the following statements best defines multifactor user authentication?

A. Verification of a user’s identity on all of a network’s resources using a single sign-on

B. Verification of a user’s identity using two or more types of credentials

C. Verification of a user’s identity on two devices at once

D. Verification of a user’s membership in two or more security groups

Answer

A

B. Verification of a user’s identity using two or more types of credentials

Multifactor authentication combines two or more authentication methods, requiring a user to supply multiple credentials. This reduces the likelihood that an intruder would be able to successfully impersonate a user during the authentication process. The term multifactor does not refer to the number of resources, devices, or groups with which the user is associated.

Question 20

Q

How many keys does a system that employs asymmetric encryption use?

A. None. Asymmetric encryption doesn’t require keys.

B. One. Asymmetric encryption uses one key for both encryption and decryption.

C. Two. Asymmetric encryption uses one key for encryption and another key for decryption.

D. Three. Asymmetric encryption requires a separate authentication server, and each system has its own key.

Answer

A

C. Two. Asymmetric encryption uses one key for encryption and another key for decryption.

Asymmetric encryption uses two separate keys, one for encryption and one for decryption. In a public key infrastructure (PKI), each user, computer, or service has both a public key and a private key.

Question 21

Q

How many keys does a system that employs symmetric encryption use?

A. None. Symmetric encryption doesn’t require keys.

B. One. Symmetric encryption uses one key for both encryption and decryption.

C. Two. Symmetric encryption uses one key for encryption and another key for decryption.

D. Three. Symmetric encryption requires a separate authentication server, and each system has its own key.

Answer

A

B. One. Symmetric encryption uses one key for both encryption and decryption.

Symmetric encryption uses one key, which the systems use for both encryption and decryption.

Question 22

Q

When a user supplies a password to log on to a server, which of the following actions is the user performing?

A. Authentication

B. Authorization

C. Accounting

D. Auditing

Answer

A

A. Authentication

Authentication is the process of confirming a user’s identity. Passwords are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.

Question 23

Q

When a user swipes a finger across a fingerprint scanner log on to a laptop computer, which of the following actions is the user performing?

A. Authentication

B. Authorization

C. Accounting

D. Auditing

Answer

A

A. Authentication

Authentication is the process of confirming a user’s identity. Fingerprints and other biometric readers are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.

Question 24

Q

Which of the following security protocols can authenticate users without transmitting their passwords over the network?

A. Kerberos

B. 802.1X

C. TKIP

D. LDAP

Answer

A

A. Kerberos

Kerberos is a security protocol used by Active Directory that employs a system of tickets to authenticate users and other network entities without the need to transmit credentials over the network. IEEE 802.1X does authenticate by transmitting credentials. Temporal Key Integrity Protocol (TKIP) and Lightweight Directory Access Protocol (LDAP) are not authentication protocols.

Question 25

Q

Which of the following security procedures is often tied to group membership?

A. Authentication

B. Authorization

C. Accounting

D. Auditing

Answer

A

B. Authorization

Authentication is the process of confirming a user’s identity. Authorization defines the type of access granted to authenticated users. In many instances, the authorization process is based on the groups to which a user belongs. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.

Question 26

Q

Which of the following standards is most commonly used to define the format of digital certificates?

A. 802.1X

B. X.509

C. 802.1q

D. X.500

Answer

A

B. X.509

X.509, published by the International Telecommunication Union’s Standardization sector (ITU-T), defines the format of digital certificates. X.500, another standard published by the ITU-T, defines functions of directory services. IEEE 802.1X is an authentication standard, and IEEE 802.1q defines the VLAN tagging format used on many network switches.

Question 27

Q

Which of the following statements about authentication auditing are not true?

A. Auditing can disclose attempts to compromise passwords.

B. Auditing can detect authentications that occur after hours.

C. Auditing can identify the guess patterns used by password cracking software.

D. Auditing can record unsuccessful as well as successful authentications.

Answer

A

C. Auditing can identify the guess patterns used by password cracking software.

Auditing of authentication activities can record both successful and unsuccessful logon attempts. Large numbers of logon failures can indicate attempts to crack passwords. Auditing tracks the time of authentication attempts, sometimes enabling you to detect off-hours logons that indicate an intrusion. Auditing does not record the passwords specified during authentications, so it cannot identify patterns of unsuccessful guesses.

Question 28

Q

Which of the following types of key is included in a digital certificate?

A. Public

B. Private

C. Preshared

D. Privileged

Answer

A

A. Public

As part of a public key infrastructure (PKI), digital certificates are associated with a key pair, consisting of a public key and a private key. The public key is supplied with the certificate to any party authenticating the entity to which the certificate was issued. The private key is supplied to the entity with the certificate, but it is not distributed as part of the certificate. Preshared keys are not associated with certificates, and privileged keys do not exist.

Question 29

Q

When a user swipes a smartcard through a reader to log on to a laptop computer, which of the following actions is the user performing?

A. Authentication

B. Authorization

C. Accounting

D. Auditing

Answer

A

A. Authentication

Authentication is the process of confirming a user’s identity. Smartcards are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.

Question 30

Q

Combining elements like something you know, something you have, and something you are to provide access to a secured network resource is a definition of which of the following types of authentication?

A. Multifactor

B. Multisegment

C. Multimetric

D. Multifiltered

Answer

A

A. Multifactor

Multifactor authentication combines two or more authentication methods and reduces the likelihood that an intruder would be able to successfully impersonate a user during the authentication process. A password (something you know) and a retinal scan (something you are) is an example of a multifactor authentication system. A smartcard and a PIN, which is the equivalent of a password, is another example of multifactor authentication because it requires users to supply something they know and something they have. Multisegment, multimetric, and multifiltered are not applicable terms in this context.

Question 31

Q

How does MAC address filtering increase the security of a wireless LAN?

A. By preventing access points from broadcasting their presence

B. By allowing traffic sent to or from specific MAC addresses through the Internet firewall

C. By substituting registered MAC addresses for unregistered ones in network packets

D. By permitting only devices with specified MAC addresses to connect to an access point

Answer

A

D. By permitting only devices with specified MAC addresses to connect to an access point

MAC address filtering enables administrators to configure an access point to allow only devices with specific addresses to connect; all other traffic is rejected. Access points broadcast their presence using an SSID, not a MAC address. MAC address filtering protects wireless LANs when implemented in an access point, not a firewall. MAC address filtering does not call for the modification of addresses in network packets.

Question 32

Q

Which of the following terms describes a system that prevents computers from logging on to a network unless they have the latest updates and antimalware software installed?

A. NAC

B. LDAP

C. RADIUS

D. TKIP-RC4

Answer

A

A. NAC

Network Access Control is a mechanism that defines standards of equipment and configuration that systems must meet before they can connect to the network.

Question 33

Q

Which of the following statements best describes symmetric key encryption?

A. A cryptographic security mechanism that uses the same key for both encryption and decryption

B. A cryptographic security mechanism that uses public and private keys to encrypt and decrypt data

C. A cryptographic security mechanism that uses two separate sets of public and private keys to encrypt and decrypt data

D. A cryptographic security mechanism that uses separate private keys to encrypt and decrypt data

Answer

A

A. A cryptographic security mechanism that uses the same key for both encryption and decryption

Symmetric key encryption uses only one key both to encrypt and decrypt data. Asymmetric key encryption uses public and private keys. Security mechanisms that use multiple key sets are not defined as symmetric.

Question 34

Q

Which of the following is the best description of geofencing?

A. Something you have

B. Something you know

C. Something you do

D. Somewhere you are

Answer

A

D. Somewhere you are

Geofencing is the generic term for a technology that limits access to a network or other resource based on the client’s location. It is therefore best described as somewhere you are. A finger gesture would be considered something you do, a password something you know, and a smartcard something you have.

Question 35

Q

Which of the following describes the primary difference between single sign-on and same sign-on?

A. Single sign-on requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatedly.

B. Single sign-on enables users to access different resources with one set of credentials, whereas same sign-on requires users to have multiple credential sets.

C. Single sign-on credentials consist of one username and one password, whereas same sign-on credentials consist of one username and multiple passwords.

D. Single sign-on requires multifactor authentication, such as a password and a smartcard, whereas same sign-on requires only a password for authentication.

Answer

A

A. Single sign-on requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatedly.

Single sign-on uses one set of credentials and requires the user to supply them only once to gain access to multiple resources. Same sign-on also uses a single set of credentials, with one password, but the user must perform individual logons for each resource. Neither single sign-on nor same sign-on requires multifactor authentication.

Question 36

Q

Which of the following is the best description of biometrics?

A. Something you know

B. Something you have

C. Something you are

D. Something you do

Answer

A

C. Something you are

Biometrics is a type of authentication factor that uses a physical characteristic that uniquely identifies an individual, such as a fingerprint or a retinal pattern. Biometrics is therefore best described as something you are, as opposed to something you know, have, or do.

Question 37

Q

Which of the following authentication factors is an example of something you have?

A. A fingerprint

B. A smartcard

C. A password

D. A finger gesture

Answer

A

B. A smartcard

Something you have refers to a physical possession that serves to identify a user, such as a smartcard. This type of authentication is typically used as part of a multifactor authentication procedure, because a smartcard or other physical possession can be lost or stolen. A fingerprint would be considered something you are, a password something you know, and a finger gesture something you do.

Question 38

Q

Which of the following statements best describes the primary scenario for the use of TACACS+ ?

A. TACACS+ was designed to provide authentication, authorization, and accounting services for wireless networks.

B. TACACS+ was designed to provide authentication, authorization, and accounting services for the Active Directory directory service.

C. TACACS+ was designed to provide authentication, authorization, and accounting services for remote dial-up users.

D. TACACS+ was designed to provide authentication, authorization, and accounting services for network routers and switches.

Answer

A

D. TACACS+ was designed to provide authentication, authorization, and accounting services for network routers and switches.

Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide AAA services for networks with many routers and switches, enabling administrators to access them with a single set of credentials. It was not designed to provide AAA services for wireless networks, Active Directory, or remote dial-in users.

Question 39

Q

Which of the following is not one of the functions provided by TACACS+ ?

A. Authentication

B. Authorization

C. Administration

D. Accounting

Answer

A

C. Administration

Terminal Access Controller Access Control System Plus (TACACS+) is a protocol that was designed to provide AAA services for networks with many routers and switches. AAA stands for authentication, authorization, and accounting, but not administration.

Question 40

Q

Your new smartphone enables you to configure the lock screen with a picture of your husband, on which you draw eyes, nose, and a mouth with your finger to unlock the phone. This is an example of which of the following authentication factors?

A. Something you have

B. Something you know

C. Something you are

D. Something you do

Answer

A

D. Something you do

The act of drawing on the screen with your finger is a gesture, which is an example of something you do. A PIN or a password is something you know; a thumbprint, or any other biometric factor, is something you are; and a smartcard is an example of something you have.

Question 41

Q

Which of the following authentication factors is an example of something you do?

A. A fingerprint

B. A smartcard

C. A password

D. A finger gesture

Answer

A

D. A finger gesture

Something you do refers to a physical action performed by a user, such as a finger gesture, which helps to confirm his or her identity. This type of authentication is often used as part of a multifactor authentication procedure because a gesture or other action can be imitated. A fingerprint would be considered something you are, a password something you know, and a smartcard something you have.

Question 42

Q

Which of the following authentication factors is an example of something you know?

A. A fingerprint

B. A smartcard

C. A password

D. A finger gesture

Answer

A

C. A password

Something you know refers to information you supply during the authentication process, such as a password or PIN. This is the most common type of authentication factor because it cannot be lost or stolen unless the user violates security policies. A fingerprint would be considered something you are, a finger gesture something you do, and a smartcard something you have.

Question 43

Q

Which of the following authentication factors is an example of something you are?

A. A fingerprint

B. A smartcard

C. A password

D. A finger gesture

Answer

A

A. A fingerprint

Something you are refers to a physical characteristic that uniquely identifies an individual, such as a fingerprint or other form of biometric. This type of authentication is often used as part of a multifactor authentication procedure because a biometric element can conceivably be compromised. A finger gesture would be considered something you do, a password something you know, and a smartcard something you have.

Question 44

Q

Which of the following is an implementation of Network Access Control (NAC)?

A. RADIUS

B. 802.1X

C. LDAP

D. TACACS+

Answer

A

B. 802.1X

NAC is a set of policies that define security requirements that clients must meet before they are permitted to connect to a network. 802.1X is a basic implementation of NAC. RADIUS and TACACS+ are Authentication, Authorization, and Accounting (AAA) services. They are not NAC implementations themselves, although they can play a part in their deployment. Lightweight Directory Access Protocol (LDAP) provides directory service communications.

Question 45

Q

Which of the following is the service responsible for issuing certificates to client users and computers?

A. DNS

B. AAA

C. CA

D. ACL

Answer

A

C. CA

A certification authority (CA) is the service that receives requests for certificate enrollment from clients and issues the certificates when the requests are approved. Domain Name System (DNS); Authentication, Authorization, and Accounting (AAA) services; and access control lists (ACLs) do not issue certificates.

Question 46

Q

Which of the following is not one of the roles involved in an 802.1X transaction?

A. Supplicant

B. Authentication server

C. Authorizing agent

D. Authenticator

Answer

A

C. Authorizing agent

An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. There is no party to the transaction called an authorizing agent.

Question 47

Q

Which of the following terms describes the process by which a client user or computer requests that it be issued a certificate, either manually or automatically?

A. Authorization

B. Enrollment

C. Authentication

D. Certification

Answer

A

B. Enrollment

Enrollment is the process by which a client submits a request for a certificate from a certification authority (CA). The enrollment process can be automated and invisible to the user, or it can be a manual request generated using an application. Authorization and authentication, and certification are not terms used for certificate requests.

Question 48

Q

In an 802.1X transaction, what is the function of the supplicant?

A. The supplicant is the service that issues certificates to clients attempting to connect to the network.

B. The supplicant is the service that verifies the credentials of the client attempting to access the network.

C. The supplicant is the network device to which the client is attempting to connect.

D. The supplicant is the client user or computer attempting to connect to the network.

Answer

A

D. The supplicant is the client user or computer attempting to connect to the network.

An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. The supplicant is not involved in issuing certificates.

Question 49

Q

In an 802.1X transaction, what is the function of the authenticator?

A. The authenticator is the service that issues certificates to clients attempting to connect to the network.

B. The authenticator is the service that verifies the credentials of the client attempting to access the network.

C. The authenticator is the network device to which the client is attempting to connect.

D. The authenticator is the client user or computer attempting to connect to the network.

Answer

A

C. The authenticator is the network device to which the client is attempting to connect.

An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. The authenticator is not involved in issuing certificates.

Question 50

Q

An 802.1X transaction involves three roles: the supplicant, the authenticator, and the authentication server. Of the three, which role typically takes the form of a RADIUS implementation?

A. The supplicant

B. The authenticator

C. The authentication server

D. None of the above

Answer

A

C. The authentication server

The authentication server role is typically performed by a Remote Authentication Dial-In User Service (RADIUS) server. In an 802.1X transaction, the supplicant is the client attempting to connect to the network, the authenticator is a switch or access point to which the supplicant is requesting access, and the authentication server verifies the client’s identity.

Question 51

Q

Which of the following best describes an example of a captive portal?

A. A switch port used to connect to other switches

B. A web page with which a user must interact before being granted access to a wireless network

C. A series of two doors through which people must pass before they can enter a secured space

D. A web page stating that the user’s computer has been locked and will only be unlocked after payment of a fee

Answer

A

B. A web page with which a user must interact before being granted access to a wireless network

A captive portal is a web page displayed to a user attempting to access a public wireless network. The user typically must supply credentials, provide payment, or accept a user agreement before access is granted. A captive portal does not refer to a switch port, a secured entryway to a room, or a type of extortionate computer attack.

Question 52

Q

A user attempting to connect to a Wi-Fi hotspot in a coffee shop is taken to a web page that requires her to accept an End User License Agreement before access to the network is granted. Which of the following is the term for such an arrangement?

A. Captive portal

B. Ransomware

C. Port security

D. Root guard

Answer

A

A. Captive portal

A web page that prompts users for payment, authentication, or acceptance of a EULA is a captive portal. Ransomware is a type of attack that extorts payment. Port security and root guards are methods for protecting access to switch ports.

Question 53

Q

Which of the following standards was originally designed to provide authentication, authorization, and accounting services dial-up network connections?

A. RADIUS

B. TACACS+

C. Kerberos

D. LDAP

Answer

A

A. RADIUS

Remote Authentication Dial-In User Service (RADIUS) was originally conceived to provide AAA services for Internet Service Providers (ISPs), which at one time ran networks with hundreds of modems providing dial-up access to subscribers. Terminal Access Controller Access Control System Plus (TACACS+) is a protocol that was designed to provide AAA services for networks with many routers and switches but not for dial-up connections. Kerberos and Lightweight Directory Access Protocol (LDAP) are not AAA services.

Question 54

Q

MAC filtering is an access control method used by which of the following types of hardware devices?

A. Wireless access point

B. RADIUS server

C. Domain controller

D. Smartcards

Answer

A

A. Wireless access point

Wireless access points (WAPs) typically include the ability to maintain an access control list, which specifies the MAC addresses of devices that are permitted to connect to the wireless network. The technique is known as MAC address filtering. RADIUS servers, domain controllers, and smartcards typically do include MAC filtering capabilities.

Question 55

Q

Which of the following statements about RADIUS and TACACS+ are correct?

A. By default, RADIUS uses UDP, and TACACS+ uses TCP.

B. By default, RADIUS uses TCP, and TACACS+ uses UDP.

C. By default, both RADIUS and TACACS+ use TCP.

D. By default, both RADIUS and TACACS+ use UDP.

Answer

A

A. By default, RADIUS uses UDP, and TACACS+ uses TCP.

RADIUS uses User Datagram Protocol (UDP) ports 1812 and 1813 or 1645 and 1646 for authentication, whereas TACACS+ uses TCP port 49.

Question 56

Q

Which of the following standards provides authentication, authorization, and accounting services for network routers and switches?

A. RADIUS

B. TACACS+

C. Kerberos

D. LDAP

Answer

A

B. TACACS+

Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide AAA services for networks with many routers and switches, enabling administrators to access them with a single set of credentials. Remote Authentication Dial-In User Service (RADIUS) provides AAA services, but not for routers and switches. Kerberos and Lightweight Directory Access Protocol (LDAP) are not AAA services.

Question 57

Q

Which of the following terms refers to the process of determining whether a user is a member of a group that provides access to a particular network resource?

A. Authentication

B. Accounting

C. Authorization

D. Access control

Answer

A

C. Authorization

Authorization is the process of determining what resources a user can access on a network. Typically, this is done by assessing the user’s group memberships. Authentication is the process of confirming a user’s identity. Accounting is the process of tracking a user’s network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource.

Question 58

Q

Which of the following terms refers to the process of confirming a user’s identity by checking specific credentials?

A. Authentication

B. Accounting

C. Authorization

D. Access control

Answer

A

A. Authentication

Authentication is the process of confirming a user’s identity by checking credentials, such as passwords, ID cards, or fingerprints. Authorization is the process of determining what resources a user can access on a network. Accounting is the process of tracking a user’s network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource.

Question 59

Q

Which of the following terms refers to the process by which a system tracks a user’s network activity?

A. Authentication

B. Accounting

C. Authorization

D. Access control

Answer

A

B. Accounting

Accounting is the process of tracking a user’s network activity, such as when the user logged on and logged off and what resources the user accessed. Authentication is the process of confirming a user’s identity by checking credentials. Authorization is the process of determining what resources a user can access on a network. Access control is the creation of permissions that provide users and groups with specific types of access to a resource.

Question 60

Q

Which of the following is not a factor that weakens the security of the Wired Equivalent Privacy (WEP) protocol used on early IEEE 802.11 wireless LANs?

A. 40-bit encryption keys

B. 24-bit initialization vectors

C. Static shared secrets

D. Open System Authentication

Answer

A

D. Open System Authentication

Open System Authentication enables any user to connect to the wireless network without a password, which actually increases the security of the protocol. This is because most WEP implementations use the same secret key for both authentication and encryption. An intruder that captures the key during the authentication process might therefore penetrate the data encryption system as well. By not using the key for authentication, you reduce the chances of the encryption being compromised.

Question 61

Q

Which of the following encryption ciphers was replaced by CCMP-AES when the WPA2 wireless security protocol was introduced?

A. EAP

B. WEP

C. TKIP

D. CCMP

Answer

A

C. TKIP

Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with an Advanced Encryption Standard (CCMP-AES) protocol.

Question 62

Q

Which of the following wireless security protocols was substantially weakened by its initialization vector?

A. WPA

B. WEP

C. WPA2

D. PEAP

Answer

A

B. WEP

Wired Equivalent Privacy (WEP) was one of the first commercially available security protocols for wireless LANs. WEP requires 24 bits of the encryption key for the initialization vector, substantially weakening the encryption. WEP was soon found to be easily penetrated and was replaced by Wi-Fi Protected Access (WPA) and then WPA2. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages.

Question 63

Q

Which of the following wireless security protocols uses TKIP for encryption?

A. WEP

B. WPA

C. WPA2

D. AES

Answer

A

B. WPA

Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with an Advanced Encryption Standard protocol (CCMP-AES).

Question 64

Q

Which of the following standards defines a framework for the authentication process but does not specify the actual authentication mechanism?

A. WPA

B. EAP

C. TKIP

D. TLS

Answer

A

B. EAP

Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages. EAP is used on wireless networks and point-to-point connections and supports dozens of different authentication methods. Wi-Fi Protected Access (WPA) is a wireless encryption standard. Temporal Key Integrity Protocol (TKIP) is an encryption algorithm. Transport Layer Security (TLS) is an encryption protocol used for Internet communications.

Answer 65

A

A. Authentication

Extensible Authentication Protocol (EAP) and 802.1X are both components of an authentication mechanism used on many wireless networks. EAP and 802.1X do not themselves provide authorization, encryption, or accounting services.

Answer 66

A

B. WEP

Wired Equivalent Privacy (WEP), which was one of the first commercially successful security protocols for wireless LANs, enabled administrators to choose between open and shared key authentication. The open option enabled clients to connect to the network with an incorrect key. The shared option required the correct key, but it also exposed the key to potential intruders.

Answer 67

A

A. WEP

Wired Equivalent Privacy (WEP) was one of the first commercially available security protocols for wireless LANs, but it was soon found to be easily penetrated and was replaced by Wi-Fi Protected Access (WPA) and then WPA2. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages.

Answer 68

A

B. TKIP

WPA uses the Temporal Key Integrity Protocol (TKIP) for encryption. It does not use Advanced Encryption Standard (AES), which eventually replaced TKIP in WPA2. Secure Hash Algorithm (SHA) and Message Digest 5 (MD5) are both file hashing algorithms, not used for wireless network encryption.

Answer 69

A

A. RC4

TKIP uses the RC4 stream cipher for its encryption. Advanced Encryption Standard (AES) is used with CCMP on version 2 of the Wi-Fi Protected Access (WPA2) security protocol, not version 1 (WPA), which uses TKIP. Secure Hash Algorithm (SHA) is a file hashing algorithm, not used for wireless network encryption.

Answer 70

A

C. WPA2

CCMP, the full name of which is Counter Mode Cipher Block Chaining Message Authentication Code Protocol, is based on the Advanced Encryption Standard (AES) and is the encryption protocol used with the Wi-Fi Protected Access II (WPA2) security protocol on wireless networks. CCMP is not used with version 1 of the WPA protocol or with Wired Equivalent Privacy. 802.1X is an authentication protocol, not used for encryption.

Answer 71

A

C. AES

CCMP, the full name of which is Counter Mode Cipher Block Chaining Message Authentication Code Protocol, is based on the Advanced Encryption Standard (AES) and is the encryption protocol used with the Wi-Fi Protected Access II (WPA2) security protocol on wireless networks. CCMP is not based on the Temporal Key Integrity Protocol (TKIP), which uses RC4 as its stream cipher. 802.1X is an authentication protocol, not used for encryption.

Answer 72

A

D. Type the SSID manually and then select WPA2 from the security protocol options provided.

An SSID that is not broadcast is not detectable by clients, so you must type it in manually. Security protocols are also not detectable, so you must configure the clients to use the same protocol you selected on the client.

Answer 73

A

C. Geofencing

Geofencing is the generic term for a technology that limits access to a network or other resource based on the client’s location. In wireless networking, geofencing is intended to prevent unauthorized clients outside the facility from connecting to the network. Local authentication is an application or service that triggers an authentication request to which the user must respond before access is granted. Port security is a method for protecting access to switch ports. Motion detection is a system designed to trigger a notification or alarm when an individual trespasses in a protected area.

Answer 74

A

A. A wireless network that allows clients to authenticate only when the signal strength of their connections exceeds a specified level.

Geofencing is a mechanism that is intended to prevent unauthorized clients outside the facility from connecting to the network. The mechanism can take the form of a signal strength requirement, a GPS location requirement, or strategic placement of wireless access points. The other options listed are not descriptions of typical geofencing technologies.

Answer 75

A

A. WPA-Personal

WPA-Personal, also known as WPA-PSK, is intended for small networks and requires a preshared key. WPA-Enterprise, also known as WPA-802.1X, uses the Extensible Authentication Protocol (EAP) to support various types of authentication factors and requires a Remote Authentication Dial-In User Service (RADIUS) server.

Answer 76

A

C. Certificate

As part of a public key infrastructure (PKI), digital certificates are associated with a key pair, consisting of a public key and a private key. The certificate is issued to a person or computer as proof of its identity. A signature does not associate a person or computer with a key pair. An exploit is a hardware or software element that is designed to take advantage of a vulnerability. Resource records are associated with the Domain Name System (DNS).

Answer 77

A

C. EAP

Wired Equivalent Protocol (WEP) and Wi-Fi Protected Access II (WPA2) are both wireless security protocols that control access to the network and provide encryption, using protocols like Advanced Encryption Standard (AES). These protocols do not provide authentication services, however. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages. Its many variants provide support for the use of smartcards and other authentication factors, such as biometrics, in addition to traditional passwords.

Answer 78

A

A. MAC filtering

MAC filtering takes the form of an access control list (ACL) on the wireless network’s access points, listing the MAC addresses of all the devices that are to be permitted to access the network. If the MAC address of Alice’s laptop is not included in the ACL, she will be unable to connect to the network. Alice has been given the SSID of the network, so she should be able to connect, even if the access points are not broadcasting the SSID. Geofencing is intended to prevent users outside the office from accessing the network, so this should not be the problem. Alice has been given the passphrase for the network, so she should be able to configure WPA2 on her laptop.

Answer 79

A

A. AES

Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replaces the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with the stronger CCMP-Advanced Encryption Standard (CCMP-AES). Extensible Authentication Protocol and 802.1X do not provide encryption.

Answer 80

A

D. TKIP eliminates the use of preshared keys.

TKIP augments the existing WEP encryption key, making it longer, enabling it to be changed for every packet, and enabling WPA to be deployed without replacing network adapter or access point hardware. TKIP does continue to support the use of preshared keys.

Answer 81

A

B. Passphrase

To use the WPA2 protocol with a preshared key, the client and the access point must both be configured with the same passphrase. The base key, the serial number, and the MAC address are all components that WPA2 uses to generate the encryption key for each packet.

Answer 82

A

C. Replay attacks

A replay attack is one in which an attacker utilizes the encryption key found in a previously captured packet to gain access to the network. Because TKIP generates a unique encryption key for every packet, it prevents this type of attack from being successful.

Answer 83

A

C. WPA2

Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with CCMP-Advanced Encryption Standard (CCMP-AES).

Answer 84

A

A. WEP

Wired Equivalent Privacy (WEP) was the first wireless LAN security protocol to achieve widespread use in commercial products. This protocol was soon found to be vulnerable to attack, and it was replaced by Wi-Fi Protected Access (WPA), which added a stronger encryption protocol called Temporal Key Integrity Protocol (TKIP).

Answer 85

A

A. CCMP-AES

WPA2 adds Counter Mode Cipher Block Chaining Message Authentication Code Protocol – Advanced Encryption Standard (CCMP-AES), a new symmetric key encryption algorithm that strengthens the protocol’s security.

Answer 86

A

B. WPA2

Wi-Fi Protected Access 2 (WPA2) will provide the maximum security for the wireless network, in part because it uses long encryption keys that change frequently.

Answer 87

A

C. WPA2

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) with Advanced Encryption Standard (AES) is an encryption protocol that is used with the Wi-Fi Protected Access II security protocol. WPA was created to replace the insecure Wired Equivalent Privacy (WEP) protocol, and WPA2 was created to replace the Temporal Key Integrity Protocol (TKIP) used in the first version of WPA. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages.

Answer 88

A

A. CCMP-AES

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) with Advanced Encryption Standard (AES) is an encryption protocol that is used with the Wi-Fi Protected Access II (WPA2) security protocol. WPA was created to replace the insecure Wired Equivalent Privacy (WEP) protocol, and WPA2 was created to replace the Temporal Key Integrity Protocol (TKIP) used in the first version of WPA.

Answer 89

A

C. Using MAC filtering to create a list of devices that are permitted to access a wireless network

Whitelisting is the process of using MAC filtering to specify the hardware addresses of devices that are permitted to access a wireless network. Blacklisting, by contrast, is making a list of addresses that are denied access to the network.

Answer 90

A

B. TKIP-RC4

Wi-Fi Protected Access (WPA) was created to replace the insecure Wired Equivalent Privacy (WEP) protocol and used Temporal Key Integrity Protocol (TKIP) with the RC4 cipher for encryption.

Answer 91

A

B. WPA

Wi-Fi Protected Access (WPA) was created to replace the insecure Wired Equivalent Privacy (WEP) protocol and used the Temporal Key Integrity Protocol (TKIP) with the RC4 cipher.

Answer 92

A

B. Ransomware

Ransomware is a type of attack in which a user’s access to his or her data is blocked unless a certain amount of money is paid to the attacker. The blockages can vary from simple screen locks to data encryption. War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks. Denial of service is a type of attack that overwhelms a computer with traffic, preventing it from functioning properly. ARP poisoning is the deliberate insertion of fraudulent information into the ARP cache stored on computers and switches.

Answer 93

A

C. Logic bomb

A logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. Social engineering is the practice of obtaining sensitive data by contacting users and pretending to be someone with a legitimate need for that data. War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks. An evil twin is a fraudulent access point on a wireless network that mimics the SSID of a legitimate access point, in the hope of luring in users.

Answer 94

A

B. War chalking

When a war driver locates a wireless network and marks it for other attackers, it is called war chalking. There are no such attacks as war tagging and war signing.

Answer 95

A

B. Bluesnarfing

Bluesnarfing is an attack in which an intruder connects to a wireless device using Bluetooth, for the purpose of stealing information. Bluejacking is the process of sending unsolicited messages to a device using Bluetooth. The other options do not exist.

Answer 96

A

D. Bluejacking

Bluejacking is the process of sending unsolicited text messages, images, or sounds to a smartphone or other device using Bluetooth. Bluesnarfing is an attack in which an intruder connects to a wireless device using Bluetooth, for the purpose of stealing information. The other options do not exist.

Answer 97

A

D. Permanent

A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning. This can be a physical attack that actually damages the hardware, or the attacker can disable the server by altering its software or configuration settings.

Answer 98

A

B. A distributed DoS attack uses malware-infected computers to flood a target, whereas a reflective DoS attack takes advantage of other servers’ native functions to make them flood a target.

Distributed DoS attacks use hundreds or thousands of computers that have been infected with malware, called zombies, to flood a target server with traffic, in an attempt to overwhelm it and prevent it from functioning. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target. Neither attack type causes a computer to flood itself.

Answer 99

A

A. Amplified

An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. Reflective and distributed DoS attacks use other computers to flood a target with traffic. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target.

Answer 100

A

A. Implement a program of user education and corporate policies.

Social engineering is the practice of obtaining sensitive data by contacting users and pretending to be someone with a legitimate need for that data. No software or hardware solution can prevent it; the only way is to educate users of the potential dangers and establish policies that inform users what to do when they experience a social engineering attempt.

Answer 101

A

C. VLAN hopping enables an attacker to access different VLANs using 802.1q spoofing.

VLAN hopping is a method for sending commands to switches to transfer a port from one VLAN to another. This can enable the attacker to connect his or her device to a potentially sensitive VLAN. VLAN hopping does not modify the switch’s patch panel connections, only its VAN assignments. It is not possible to rename a switch’s default VLAN. VLAN hopping does not enable an attacker to change a switch’s native VLAN.

Answer 102

A

D. Uses a botnet to bombard the target with traffic

A smurf attack does not use a botnet, which is a group of computers running a remote control malware program without their owners knowing it. The computers participating in a smurf attack are simply processing traffic as they normally would. A smurf attack involves flooding a network with the same ICMP Echo Request messages used by ping but sent to the network’s broadcast address.

Answer 103

A

A. Spoofing

Spoofing is the process of modifying network packets to make them appear as though they are transmitted by or addressed to someone else. One way of doing this is to modify the MAC address in the packets to one that is approved by the MAC filter.

Answer 104

A

C. Distributed

A distributed denial-of-service (DDoS) attack is one in which the attacker uses hundreds or thousands of computers, controlled by malware and called zombies, to send traffic to a single server or website, in an attempt to overwhelm it and prevent it from functioning.

Answer 105

A

A. Amplified

An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would.

Answer 106

A

B. Reflective

A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target.

Answer 107

A

D. Permanent

A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning. This can be a physical attack that damages the hardware, or the attacker can disable the server by altering its software or configuration settings.

Answer 108

A

B. Insider threats

Your supervisor’s concern is that the disgruntled technician might take advantage of his access to devices and facilities to sabotage the network. When an individual takes advantage of information gathered during his or her employment, it is called an insider threat.

Answer 109

A

C. Distributed

Distributed DoS attacks use hundreds or thousands of computers that have been infected with malware, called zombies, to flood a target server with traffic, in an attempt to overwhelm it and prevent it from functioning.

Answer 110

A

D. DNS poisoning

DNS poisoning is a type of attack in which an attacker adds fraudulent information into the cache of a DNS server. Then, when a client attempts to resolve the name of a website or other server, the DNS server supplies the incorrect IP address, causing the client to access the attacker’s server instead.

Answer 111

A

B. Name resolution

DNS poisoning is a type of attack in which an attacker adds fraudulent information into the cache of a DNS server. This can interfere with the name resolution process by causing a DNS server to supply the incorrect IP address for a specified name.

Answer 112

A

B. A vulnerability is a potential weakness in a system and an exploit is a hardware or software element that is designed to take advantage of a vulnerability.

A vulnerability is a weakness, whether in software or hardware, of which an exploit is designed to take advantage. Neither term is specific to hardware or software.

Answer 113

A

C. Vulnerability

A vulnerability is a potential weakness in a system that an attacker can use to his or her advantage. An exploit is a hardware or software element that is designed to take advantage of a vulnerability.

Answer 114

A

A. Smurf

In a smurf attack, the attacker sends ping requests, which use the Internet Control Message Protocol (ICMP), to the broadcast address. The request messages are altered to appear as though sent by the designated target so that all of the replies are sent to that system.

Answer 115

A

D. Fraggle

A fraggle attack is similar to a smurf attack in that the attacker generates a large amount of spoofed broadcast traffic that appears to have been sent by the target system. All of the replies to the broadcasts are then transmitted to the target. The difference between a fraggle and a smurf attack is that a fraggle attack uses User Datagram Protocol (UDP) traffic instead of ICMP.

Answer 116

A

D. Logic bomb

A logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. The terminated administrator might have created code designed to trigger the deletions after the administrator’s departure from the company.

Answer 117

A

A. War driving

War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks.

Answer 118

A

B. A type of attack in which an intruder retransmits captured authentication packets to gain access to a secured resource

A replay attack is one in which an attacker utilizes the information found in previously captured packets to gain access to a secured resource. In many cases, the captured packets contain authentication data. In this way, the attacker can make use of captured passwords, even when they are encrypted and cannot be read. The other options all describe valid attack methodologies, but they are not called replay attacks.

Answer 119

A

B. Phishing

This is a classic example of a phishing scam. In all likelihood, the link in the email Ed received has taken him not to the real website of his bank, but rather a duplicate created by an attacker. By supplying his logon credentials, he is in effect giving them to the attacker, who can now gain access to his real bank account.

Answer 120

A

A. A computer that is remotely controllable because it has been infected by malware

A zombie is a computer that has been infected by malware—usually some form of Trojan—which an attacker can control remotely, causing the computer to flood a target system with traffic. An attack using multiple zombies is known as a distributed denial-of-service (DDoS) attack. The other options are not examples of zombies.

Answer 121

A

C. A message appears on a user’s screen, stating that system is locked and will only be released on payment of a fee.

Ransomware is a type of attack in which a user’s access to his or her computer or data is blocked unless a certain amount of money is paid to the attacker. The blockages can vary from simple screen locks to data encryption.

Answer 122

A

B. Social engineering

Social engineering is the practice of obtaining sensitive data by contacting users and pretending to be someone with a legitimate need for that data. No computer equipment is required and no software or hardware solution can prevent it; the only way is to educate users of the potential dangers and establish policies that inform users what to do when they experience a social engineering attempt.

Answer 123

A

B. An attacker cracking a password by trying thousands of guesses

A brute-force attack is one in which an attacker uses repeated guesses to find a password, an open port, or some other type of sensitive data. Brute force does not refer to a physical attack.

Answer 124

A

A. Evil twin

An evil twin is a fraudulent access point on a wireless network, which an intruder can use to obtain passwords and other sensitive information transmitted by users.

Answer 125

A

C. Social engineering

Social engineering is the term for a type of attack in which a smooth-talking intruder contacts a user and convinces him or her to disclose sensitive information, such as account passwords.

Answer 126

A

A. Distribute a list of common passwords that are insecure, such as those based on names, birth dates, etc.

There are no policies that can prevent users from creating easily guessed passwords. The only action that can help is to educate users of the fact that attackers are frequently able to guess passwords by using information such as familiar names and dates.

Answer 127

A

C. WPA2

WPA2 is the most secure of the wireless protocols, providing the greatest degree of network device hardening.

Answer 128

A

C. File hashing

Secure Hash Algorithm (SHA) and Message Digest 5 (MD5) are file hashing algorithms, used to test data integrity by calculating a hash value before transmission a file over a network. After the transmission, the receiving system performs the same calculation. If the values match, then the data is intact. These two algorithms are not used for data encryption, digital signing, or wireless authentication.

Answer 129

A

B. Attackers can capture packets transmitted over the network and read the SSID from them.

Disabling SSID broadcasts is a way of hiding the presence of a wireless network, but if an intruder knows that a network is there, it is a simple matter to capture packets transmitted by the wireless devices and read the SSID from them.

Answer 130

A

B. Malware

Operating system updates and patches are frequently released to address newly discovered exploits that make computers vulnerable to malware infestation. Applying updates on a regular basis can help to mitigate the impact of malware.

Answer 131

A

C. Upgrading firmware

Upgrading the UEFI or BIOS firmware on a server typically does not enhance its security, so it cannot be considered a form of server hardening.

Answer 132

A

B. File hashing

File hashing uses a cryptographic algorithm, such as Secure Hash Algorithm (SHA) or Message Digest 5 (MD5), to generate a checksum value for a file that is transmitted along with it. When the recipient applies the same algorithm to the received file, the checksum value should be the same, indicating the file has not been modified in transit.

Answer 133

A

D. Passwords must meet complexity requirements.

The “Passwords must meet complexity requirements” policy includes a provision that new passwords cannot include the user’s account name or full name. If the full name is delimited by spaces or punctuation, the individual words cannot appear in the password either. The other options do not prevent the use of common passwords.

Answer 134

A

D. Deauthentication

Deauthentication is a type of denial-of-service attack in which the attacker targets a wireless client by sending a deauthentication frame that causes the client to be disconnected from the network. It is therefore not a method for hardening an access point.

Answer 135

A

C. Network hardening

Network hardening is a term used to describe any method of making it more difficult for intruders to penetrate. In many cases, network hardening techniques are based on education rather than technology. Compelling users to create passwords that are difficult to guess is one example of this.

Answer 136

A

D. DMZ

A perimeter network is a segment that is separated from the internal network by a firewall and exposed to the Internet. Administrators typically use a perimeter network for servers that must be accessible by outside users, such as web and email servers. Another term for a perimeter network is a DMZ, or demilitarized zone.

Answer 137

A

B. Honeypot

A honeypot is a computer configured to function as bait for attackers, causing them to waste their time penetrating a resource that provides no significant access.

Answer 138

A

B. Man trap

An entrance arrangement in which people must close one door before they can open the next one is called a man trap. Security personnel can evaluate potential entrants while they are in the vestibule and detain attempted intruders there.

Answer 139

A

A. Mitigation techniques

A honeypot or honeynet is a type of mitigation technique that takes the form of a computer or network configured to function as bait for attackers, causing them to waste their time penetrating a resource that provides no significant access.

Answer 140

A

D. Detour

Honeypots and honeynets are computers and networks designed to function as lures for attackers, in the hope that they will waste their time and resources attempting to gain access to them. Therefore, detour is the best metaphor for the function of these devices.

Answer 141

A

C. DMZ

A network segment that is separated from the internal network by a firewall and exposed to the Internet is called a demilitarized zone (DMZ), or a perimeter network. Administrators typically use a DMZ for servers that must be accessible by outside users, such as web and email servers.

Answer 142

A

D. An organization hires an outside consultant who attempts to compromise the network’s security measures.

Penetration testing is when an outside consultant is engaged to attempt an unauthorized access to protected network resources. Testing by an internal administrator familiar with the security barriers would not be a valid test.

Answer 143

A

D. DHCP snooping

DHCP snooping is a feature found in some network switches that prevents rogue DHCP servers from assigning IP addresses to clients. It can also detect when DHCP release or decline messages arrive over a port other than the one on which the DHCP transaction originated. The other options are all techniques that are applicable to servers.

Answer 144

A

D. MAC addresses

Wireless access points use the layer 2 MAC addresses coded into devices in their access control lists. Usernames, IP addresses, and device names can easily be impersonated.

Answer 145

A

B. Hubs

ACLs restrict access to network devices by filtering usernames, MAC addresses, IP addresses, or other criteria. Routers, switches, and wireless access points all use ACLs to control access to them. Hubs are purely physical layer devices that relay electrical or optical signals. They have no way of controlling access to them.

Answer 146

A

B. Authorization

ACLs define the type of access granted to authenticated users. This process is known as authorization. Authentication is the confirmation of a user’s identity. Accounting and auditing are both methods of tracking and recording a user’s activities on a network.

Answer 147

A

C. Role separation

Role separation is the practice of creating a different virtual server for each server role or application. In addition to providing other benefits as well, this forces intruders to mount attacks on multiple servers to disable an entire network.

Answer 148

A

B. Servers

Role separation is the practice of creating a different virtual server for each server role or application. In addition to providing other benefits as well, this forces intruders to mount attacks on multiple servers to disable an entire network. Switches, routers, and access points do not use this technique.

Answer 149

A

D. DHCP snooping prevents DNS cache poisoning.

DHCP snooping is a feature found in some network switches that prevents rogue DHCP servers from assigning IP addresses to clients. It can also detect when DHCP release or decline messages arrive over a port other than the one on which the DHCP transaction originated. Although DHCP snooping can prevent DHCP clients from being assigned an incorrect IP address, it does not directly prevent the poisoning of DNS server caches with erroneous information.

Answer 150

A

A. Data link

Although DHCP is an application layer service, which uses the UDP transport layer protocol to assign network layer IP addresses, DHCP snooping is a data link layer process in which a network switch examines incoming DHCP traffic to determine whether it originates from an authorized server and is arriving over the correct port.

Answer 151

A

B. Denial of service

One of the most common ways to stop a server from functioning properly is to flood it with traffic of a particular type. Denial-of-service attacks frequently use floods of ping messages or TCP SYN packets to attack a server. A flood guard is a filter implemented in a firewall or a standalone device to prevent the flood of traffic from reaching the intended target.

Answer 152

A

C. MAC flooding

By flooding a switch with frames containing many different false MAC addresses, an attacker can cause the legitimate entries in the switch’s MAC table to be aged out of the device and replaced with bogus entries. When the destinations of incoming frames are not found in the table, the switch broadcasts them throughout the network, where they can be more readily captured and compromised. A flood guard is a mechanism that prevents confirmed MAC address in the table from being replaced.

Answer 153

A

B. STP

A root guard affects the behavior of the Spanning Tree Protocol (STP) by enforcing the selection of root bridge ports on a switched network. Without root guards, there is no way for administrators to enforce the topology of a network with a redundant switching fabric.

Answer 154

A

A. Double-tagged packets are prevented.

To join ports on different switches into one VLAN, you designate a trunk port on each switch for the traffic between switches. Initially, the native VLAN uses the default VLAN1 for trunk traffic, and that traffic is left untagged. Untagged traffic is susceptible to attacks using double-tagged packets. When you configure the native VLAN to use tagging, this makes it impervious to double-tagging.

Answer 155

A

C. IEEE 802.1q

The IEEE 802.1q protocol is responsible for VLAN tagging, a procedure that enables network switches to support virtual LANs (VLANs). Through the insertion of VLAN identifier tags into frames, switches can determine which VLAN each packet is destined for and forward it to the correct ports.

Answer 156

A

B. By preventing double-tagged packets

When in-band switch management traffic, such as that generated by a Secure Shell (SSH) connection to a switch, uses the native VLAN, it is untagged by default. This is because the native VLAN is at first the default VLAN1, which is not tagged by the 802.1q protocol, leaving it open to certain types of double-tagging attacks. When you tag the native VLAN traffic, it is rendered immune to double-tagging.

Answer 157

A

A. File integrity monitoring

File integrity monitoring (FIM) is a process that typically consists of a comparison of files in their current state to a known baseline copy stored elsewhere. The comparison can be direct, or it could involve the calculation of checksums or other types of file hashes. The object of the comparison is to detect changes in documents, both in content and in sensitive areas, such as credentials, privileges, and security settings, which might indicate the presence of a potential or actual security breach.

Answer 158

A

C. Segmentation

Digital signatures can be used for the following functions: authentication, to confirm that data originated from a specific individual; nonrepudiation, to prevent the sender from denying the data’s origin; and integrity, to confirm that the data has not been modified in transit. Segmentation is not a function of digital signatures.

Brainscape's Knowledge GenomeTM

Domain 4: Network Security Flashcards

Brainscape's Knowledge Genome^TM