Domain 4: Network Security Flashcards

1
Q

A laptop that is equipped with a fingerprint scanner that authenticates the user is using which of the following types of technology?

A. Pattern recognition

B. Hand geometry

C. Biometrics

D. Tamper detection

A

C. Biometrics

The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An IT department receives a shipment of 20 new computers, and Alice has been assigned the task of preparing them for deployment to end users. The first thing she does is affix a metal tag with a bar code on it to each computer. Which of the following terms best describes the function of this procedure?

A. Asset tracking

B. Tamper detection

C. Device hardening

D. Port security

A

A. Asset tracking

Bar coding the new computers enables the IT department to record their locations, status, and conditions throughout their life cycle, a process known as asset tracking. Bar codes are not used for tamper detection and device hardening. Port security refers to switches, not computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following types of physical security is most likely to detect an insider threat?

A. Smartcards

B. Motion detection

C. Video surveillance

D. Biometrics

A

C. Video surveillance

An insider threat by definition originates with an authorized user. Smartcards, motion detection, and biometrics will only detect the presence of someone who is authorized to enter sensitive areas. Video surveillance, however, can track the activities of anyone, authorized or not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following physical security mechanisms can either fail close or fail open?

A. Motion detectors

B. Video cameras

C. Honeypots

D. Door locks

A

D. Door locks

The terms fail close and fail open refer to the default position of an electric or electronic door lock when there is a power failure. Security is often a trade-off with safety, and in the event that an emergency occurs, cutting off power, whether secured doors are permanently locked or left permanently open is a critical factor. The terms fail close and fail open do not apply to motion detectors or video cameras. A honeypot is a computer configured to lure potential attackers; it is not a physical security mechanism.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail open?

A. The door remains in its current state in the event of an emergency.

B. The door locks in the event of an emergency.

C. The door unlocks in the event of an emergency.

D. The door continues to function using battery power in the event of an emergency.

A

C. The door unlocks in the event of an emergency.

A door that is configured to fail open reverts to its unsecured state—open—when an emergency occurs. This must be a carefully considered decision, as it can be a potential security hazard. However, configuring the door to fail closed is a potential safety hazard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A high security installation that requires entrants to submit to a retinal scan before the door unlocks is using which of the following types of technology?

A. Pattern recognition

B. Hand geometry

C. Biometrics

D. Tamper detection

A

C. Biometrics

The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following security measures can monitor the specific activities of authorized individuals within sensitive areas?

A. Video surveillance

B. Identification badges

C. Key fobs

D. Motion detection

A

A. Video surveillance

Video surveillance can monitor all activities of users in a sensitive area. With properly placed equipment, event specific actions, such as commands entered in a computer, can be monitored. Identification badges, key fobs, and motion detection can indicate the presence of individuals in a sensitive area, but they cannot monitor specific activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following statements is true when a biometric authentication procedure results in a false positive?

A. A user who should be authorized is denied access.

B. A user who should not be authorized is denied access.

C. A user who should be authorized is granted access.

D. A user who should not be authorized is granted access.

A

D. A user who should not be authorized is granted access.

When a false positive occurs during a biometric authentication, a user who should not be granted access to the secured device or location is granted access. A false negative is when a user who should be granted access is denied access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In the datacenter of a company involved with sensitive government data, all servers have crimped metal tags holding the cases closed. All of the hardware racks are locked in clear-fronted cabinets. All cable runs are installed in transparent conduits. These are all examples of which of the following physical security measures?

A. Tamper detection

B. Asset tracking

C. Geofencing

D. Port security

A

A. Tamper detection

All of the mechanisms listed are designed to make any attempts to tamper with or physically compromise the hardware devices immediately evident. This is therefore a form of tamper detection. Asset tracking is for locating and identifying hardware. Geofencing is a wireless networking technique for limiting access to a network. Port security refers to network switch ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A secured government building that scans the faces of incoming people and compares them to a database of authorized entrants is using which of the following types of technology?

A. Pattern recognition

B. Hand geometry

C. Biometrics

D. Tamper detection

A

C. Biometrics

The technology that uses human physical characteristics to authenticate users is called biometrics. Biometric devices can identify users based on fingerprints, retinal pattern, voice prints, and other characteristics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is not a means of preventing physical security breaches to a network datacenter?

A. Badges

B. Locks

C. Key fobs

D. Tailgaters

A

D. Tailgaters

A tailgater is a type of intruder who enters a secure area by closely following an authorized user. Most people are polite enough to hold the door open for the next person without knowing if they are authorized to enter. A tailgater is therefore not an intrusion prevention mechanism. Identification badges, locks, and key fobs are methods of preventing intrusions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Identification badges, key fobs, and mantraps all fall into which of the following categories of security devices?

A. Physical security

B. Data security

C. Asset tracking

D. Port security

A

A. Physical security

Identification badges, key fobs, and mantraps are all physical security mechanisms, in that they prevent unauthorized personnel from entering sensitive areas, such as datacenters. These mechanisms are not used for data file security, asset tracking, or switch port security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail closed?

A. The door remains in its current state in the event of an emergency.

B. The door locks in the event of an emergency.

C. The door unlocks in the event of an emergency.

D. The door continues to function using battery power in the event of an emergenc

A

B. The door locks in the event of an emergency.

A door that is configured to fail closed reverts to its secured state—locked—when an emergency occurs. This must be a carefully considered decision, since it can be a potential safety hazard. However, configuring the door to fail open is a potential security hazard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following IEEE standards describes an implementation of port-based access control for wireless networks?

A. 802.11ac

B. 802.11n

C. 802.1X

D. 802.3x

A

C. 802.1X

IEEE 802.1X is a standard that defines a port-based Network Access Control mechanism used for authentication on wireless and other networks. IEEE 802.11ac and 802.11n are standards defining the physical and data link layer protocols for wireless networks. IEEE 802.3x is one of the standards for wired Ethernet networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In a public key infrastructure (PKI), which half of a cryptographic key pair is never transmitted over the network?

A. The public key

B. The private key

C. The session key

D. The ticket granting key

A

B. The private key

In a PKI, the two halves of a cryptographic key pair are the public key and the private key. The public key is freely available to anyone, but the private key is never transmitted over the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following authentication protocols do Windows networks use for Active Directory Domain Services authentication of internal clients?

A. RADIUS

B. WPA2

C. Kerberos

D. EAP-TLS

A

C. Kerberos

Windows networks that use AD DS authenticate clients using the Kerberos protocol, in part because it never transmits passwords over the network, even in encrypted form. RADIUS is an authentication, authorization, and accounting service for remote users connecting to a network. Windows does not use it for internal clients. WPA2 is a security protocol used by wireless LAN networks. It is not used for AD DS authentication. EAP-TLS is a remote authentication protocol that AD DS networks do not use for internal clients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following statements best describes asymmetric key encryption?

A. A cryptographic security mechanism that uses the same key for both encryption and decryption

B. A cryptographic security mechanism that uses public and private keys to encrypt and decrypt data

C. A cryptographic security mechanism that uses two separate sets of public and private keys to encrypt and decrypt data

D. A cryptographic security mechanism that uses separate private keys to encrypt and decrypt data

A

B. A cryptographic security mechanism that uses public and private keys to encrypt and decrypt data

Asymmetric key encryption uses public and private keys. Data encrypted with the public key can only be decrypted using the private key. The reverse is also true. Symmetric key encryption uses only one key both to encrypt and decrypt data. Security mechanisms that use multiple key sets are not defined as symmetric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following protocols can you use to authenticate Windows remote access users with smartcards?

A. EAP

B. MS-CHAPv2

C. CHAP

D. PAP

A

A. EAP

The Extensible Authentication Protocol (EAP) is the only Windows remote authentication protocol that supports the use of authentication methods other than passwords, such as smartcards. MS-CHAPv2 is a strong remote access authentication protocol, but it supports password authentication only. Users cannot use smartcards. The Challenge Handshake Authentication Protocol (CHAP) is a relatively weak authentication protocol that does not support the use of smartcards. The Password Authentication Protocol (PAP) supports only clear text passwords, not smartcards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following statements best defines multifactor user authentication?

A. Verification of a user’s identity on all of a network’s resources using a single sign-on

B. Verification of a user’s identity using two or more types of credentials

C. Verification of a user’s identity on two devices at once

D. Verification of a user’s membership in two or more security groups

A

B. Verification of a user’s identity using two or more types of credentials

Multifactor authentication combines two or more authentication methods, requiring a user to supply multiple credentials. This reduces the likelihood that an intruder would be able to successfully impersonate a user during the authentication process. The term multifactor does not refer to the number of resources, devices, or groups with which the user is associated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How many keys does a system that employs asymmetric encryption use?

A. None. Asymmetric encryption doesn’t require keys.

B. One. Asymmetric encryption uses one key for both encryption and decryption.

C. Two. Asymmetric encryption uses one key for encryption and another key for decryption.

D. Three. Asymmetric encryption requires a separate authentication server, and each system has its own key.

A

C. Two. Asymmetric encryption uses one key for encryption and another key for decryption.

Asymmetric encryption uses two separate keys, one for encryption and one for decryption. In a public key infrastructure (PKI), each user, computer, or service has both a public key and a private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How many keys does a system that employs symmetric encryption use?

A. None. Symmetric encryption doesn’t require keys.

B. One. Symmetric encryption uses one key for both encryption and decryption.

C. Two. Symmetric encryption uses one key for encryption and another key for decryption.

D. Three. Symmetric encryption requires a separate authentication server, and each system has its own key.

A

B. One. Symmetric encryption uses one key for both encryption and decryption.

Symmetric encryption uses one key, which the systems use for both encryption and decryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

When a user supplies a password to log on to a server, which of the following actions is the user performing?

A. Authentication

B. Authorization

C. Accounting

D. Auditing

A

A. Authentication

Authentication is the process of confirming a user’s identity. Passwords are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

When a user swipes a finger across a fingerprint scanner log on to a laptop computer, which of the following actions is the user performing?

A. Authentication

B. Authorization

C. Accounting

D. Auditing

A

A. Authentication

Authentication is the process of confirming a user’s identity. Fingerprints and other biometric readers are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following security protocols can authenticate users without transmitting their passwords over the network?

A. Kerberos

B. 802.1X

C. TKIP

D. LDAP

A

A. Kerberos

Kerberos is a security protocol used by Active Directory that employs a system of tickets to authenticate users and other network entities without the need to transmit credentials over the network. IEEE 802.1X does authenticate by transmitting credentials. Temporal Key Integrity Protocol (TKIP) and Lightweight Directory Access Protocol (LDAP) are not authentication protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following security procedures is often tied to group membership?

A. Authentication

B. Authorization

C. Accounting

D. Auditing

A

B. Authorization

Authentication is the process of confirming a user’s identity. Authorization defines the type of access granted to authenticated users. In many instances, the authorization process is based on the groups to which a user belongs. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following standards is most commonly used to define the format of digital certificates?

A. 802.1X

B. X.509

C. 802.1q

D. X.500

A

B. X.509

X.509, published by the International Telecommunication Union’s Standardization sector (ITU-T), defines the format of digital certificates. X.500, another standard published by the ITU-T, defines functions of directory services. IEEE 802.1X is an authentication standard, and IEEE 802.1q defines the VLAN tagging format used on many network switches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following statements about authentication auditing are not true?

A. Auditing can disclose attempts to compromise passwords.

B. Auditing can detect authentications that occur after hours.

C. Auditing can identify the guess patterns used by password cracking software.

D. Auditing can record unsuccessful as well as successful authentications.

A

C. Auditing can identify the guess patterns used by password cracking software.

Auditing of authentication activities can record both successful and unsuccessful logon attempts. Large numbers of logon failures can indicate attempts to crack passwords. Auditing tracks the time of authentication attempts, sometimes enabling you to detect off-hours logons that indicate an intrusion. Auditing does not record the passwords specified during authentications, so it cannot identify patterns of unsuccessful guesses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following types of key is included in a digital certificate?

A. Public

B. Private

C. Preshared

D. Privileged

A

A. Public

As part of a public key infrastructure (PKI), digital certificates are associated with a key pair, consisting of a public key and a private key. The public key is supplied with the certificate to any party authenticating the entity to which the certificate was issued. The private key is supplied to the entity with the certificate, but it is not distributed as part of the certificate. Preshared keys are not associated with certificates, and privileged keys do not exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

When a user swipes a smartcard through a reader to log on to a laptop computer, which of the following actions is the user performing?

A. Authentication

B. Authorization

C. Accounting

D. Auditing

A

A. Authentication

Authentication is the process of confirming a user’s identity. Smartcards are one of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Combining elements like something you know, something you have, and something you are to provide access to a secured network resource is a definition of which of the following types of authentication?

A. Multifactor

B. Multisegment

C. Multimetric

D. Multifiltered

A

A. Multifactor

Multifactor authentication combines two or more authentication methods and reduces the likelihood that an intruder would be able to successfully impersonate a user during the authentication process. A password (something you know) and a retinal scan (something you are) is an example of a multifactor authentication system. A smartcard and a PIN, which is the equivalent of a password, is another example of multifactor authentication because it requires users to supply something they know and something they have. Multisegment, multimetric, and multifiltered are not applicable terms in this context.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

How does MAC address filtering increase the security of a wireless LAN?

A. By preventing access points from broadcasting their presence

B. By allowing traffic sent to or from specific MAC addresses through the Internet firewall

C. By substituting registered MAC addresses for unregistered ones in network packets

D. By permitting only devices with specified MAC addresses to connect to an access point

A

D. By permitting only devices with specified MAC addresses to connect to an access point

MAC address filtering enables administrators to configure an access point to allow only devices with specific addresses to connect; all other traffic is rejected. Access points broadcast their presence using an SSID, not a MAC address. MAC address filtering protects wireless LANs when implemented in an access point, not a firewall. MAC address filtering does not call for the modification of addresses in network packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following terms describes a system that prevents computers from logging on to a network unless they have the latest updates and antimalware software installed?

A. NAC

B. LDAP

C. RADIUS

D. TKIP-RC4

A

A. NAC

Network Access Control is a mechanism that defines standards of equipment and configuration that systems must meet before they can connect to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following statements best describes symmetric key encryption?

A. A cryptographic security mechanism that uses the same key for both encryption and decryption

B. A cryptographic security mechanism that uses public and private keys to encrypt and decrypt data

C. A cryptographic security mechanism that uses two separate sets of public and private keys to encrypt and decrypt data

D. A cryptographic security mechanism that uses separate private keys to encrypt and decrypt data

A

A. A cryptographic security mechanism that uses the same key for both encryption and decryption

Symmetric key encryption uses only one key both to encrypt and decrypt data. Asymmetric key encryption uses public and private keys. Security mechanisms that use multiple key sets are not defined as symmetric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following is the best description of geofencing?

A. Something you have

B. Something you know

C. Something you do

D. Somewhere you are

A

D. Somewhere you are

Geofencing is the generic term for a technology that limits access to a network or other resource based on the client’s location. It is therefore best described as somewhere you are. A finger gesture would be considered something you do, a password something you know, and a smartcard something you have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following describes the primary difference between single sign-on and same sign-on?

A. Single sign-on requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatedly.

B. Single sign-on enables users to access different resources with one set of credentials, whereas same sign-on requires users to have multiple credential sets.

C. Single sign-on credentials consist of one username and one password, whereas same sign-on credentials consist of one username and multiple passwords.

D. Single sign-on requires multifactor authentication, such as a password and a smartcard, whereas same sign-on requires only a password for authentication.

A

A. Single sign-on requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatedly.

Single sign-on uses one set of credentials and requires the user to supply them only once to gain access to multiple resources. Same sign-on also uses a single set of credentials, with one password, but the user must perform individual logons for each resource. Neither single sign-on nor same sign-on requires multifactor authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following is the best description of biometrics?

A. Something you know

B. Something you have

C. Something you are

D. Something you do

A

C. Something you are

Biometrics is a type of authentication factor that uses a physical characteristic that uniquely identifies an individual, such as a fingerprint or a retinal pattern. Biometrics is therefore best described as something you are, as opposed to something you know, have, or do.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following authentication factors is an example of something you have?

A. A fingerprint

B. A smartcard

C. A password

D. A finger gesture

A

B. A smartcard

Something you have refers to a physical possession that serves to identify a user, such as a smartcard. This type of authentication is typically used as part of a multifactor authentication procedure, because a smartcard or other physical possession can be lost or stolen. A fingerprint would be considered something you are, a password something you know, and a finger gesture something you do.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following statements best describes the primary scenario for the use of TACACS+ ?

A. TACACS+ was designed to provide authentication, authorization, and accounting services for wireless networks.

B. TACACS+ was designed to provide authentication, authorization, and accounting services for the Active Directory directory service.

C. TACACS+ was designed to provide authentication, authorization, and accounting services for remote dial-up users.

D. TACACS+ was designed to provide authentication, authorization, and accounting services for network routers and switches.

A

D. TACACS+ was designed to provide authentication, authorization, and accounting services for network routers and switches.

Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide AAA services for networks with many routers and switches, enabling administrators to access them with a single set of credentials. It was not designed to provide AAA services for wireless networks, Active Directory, or remote dial-in users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which of the following is not one of the functions provided by TACACS+ ?

A. Authentication

B. Authorization

C. Administration

D. Accounting

A

C. Administration

Terminal Access Controller Access Control System Plus (TACACS+) is a protocol that was designed to provide AAA services for networks with many routers and switches. AAA stands for authentication, authorization, and accounting, but not administration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Your new smartphone enables you to configure the lock screen with a picture of your husband, on which you draw eyes, nose, and a mouth with your finger to unlock the phone. This is an example of which of the following authentication factors?

A. Something you have

B. Something you know

C. Something you are

D. Something you do

A

D. Something you do

The act of drawing on the screen with your finger is a gesture, which is an example of something you do. A PIN or a password is something you know; a thumbprint, or any other biometric factor, is something you are; and a smartcard is an example of something you have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which of the following authentication factors is an example of something you do?

A. A fingerprint

B. A smartcard

C. A password

D. A finger gesture

A

D. A finger gesture

Something you do refers to a physical action performed by a user, such as a finger gesture, which helps to confirm his or her identity. This type of authentication is often used as part of a multifactor authentication procedure because a gesture or other action can be imitated. A fingerprint would be considered something you are, a password something you know, and a smartcard something you have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Which of the following authentication factors is an example of something you know?

A. A fingerprint

B. A smartcard

C. A password

D. A finger gesture

A

C. A password

Something you know refers to information you supply during the authentication process, such as a password or PIN. This is the most common type of authentication factor because it cannot be lost or stolen unless the user violates security policies. A fingerprint would be considered something you are, a finger gesture something you do, and a smartcard something you have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which of the following authentication factors is an example of something you are?

A. A fingerprint

B. A smartcard

C. A password

D. A finger gesture

A

A. A fingerprint

Something you are refers to a physical characteristic that uniquely identifies an individual, such as a fingerprint or other form of biometric. This type of authentication is often used as part of a multifactor authentication procedure because a biometric element can conceivably be compromised. A finger gesture would be considered something you do, a password something you know, and a smartcard something you have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which of the following is an implementation of Network Access Control (NAC)?

A. RADIUS

B. 802.1X

C. LDAP

D. TACACS+

A

B. 802.1X

NAC is a set of policies that define security requirements that clients must meet before they are permitted to connect to a network. 802.1X is a basic implementation of NAC. RADIUS and TACACS+ are Authentication, Authorization, and Accounting (AAA) services. They are not NAC implementations themselves, although they can play a part in their deployment. Lightweight Directory Access Protocol (LDAP) provides directory service communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which of the following is the service responsible for issuing certificates to client users and computers?

A. DNS

B. AAA

C. CA

D. ACL

A

C. CA

A certification authority (CA) is the service that receives requests for certificate enrollment from clients and issues the certificates when the requests are approved. Domain Name System (DNS); Authentication, Authorization, and Accounting (AAA) services; and access control lists (ACLs) do not issue certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which of the following is not one of the roles involved in an 802.1X transaction?

A. Supplicant

B. Authentication server

C. Authorizing agent

D. Authenticator

A

C. Authorizing agent

An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. There is no party to the transaction called an authorizing agent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which of the following terms describes the process by which a client user or computer requests that it be issued a certificate, either manually or automatically?

A. Authorization

B. Enrollment

C. Authentication

D. Certification

A

B. Enrollment

Enrollment is the process by which a client submits a request for a certificate from a certification authority (CA). The enrollment process can be automated and invisible to the user, or it can be a manual request generated using an application. Authorization and authentication, and certification are not terms used for certificate requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

In an 802.1X transaction, what is the function of the supplicant?

A. The supplicant is the service that issues certificates to clients attempting to connect to the network.

B. The supplicant is the service that verifies the credentials of the client attempting to access the network.

C. The supplicant is the network device to which the client is attempting to connect.

D. The supplicant is the client user or computer attempting to connect to the network.

A

D. The supplicant is the client user or computer attempting to connect to the network.

An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. The supplicant is not involved in issuing certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

In an 802.1X transaction, what is the function of the authenticator?

A. The authenticator is the service that issues certificates to clients attempting to connect to the network.

B. The authenticator is the service that verifies the credentials of the client attempting to access the network.

C. The authenticator is the network device to which the client is attempting to connect.

D. The authenticator is the client user or computer attempting to connect to the network.

A

C. The authenticator is the network device to which the client is attempting to connect.

An 802.1X transaction involves three parties: the supplicant, which is the client attempting to connect to the network; the authenticator, which is a switch or access point to which the supplicant is requesting access; and the authentication server, which is typically a RADIUS implementation that verifies the supplicant’s identity. The authenticator is not involved in issuing certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

An 802.1X transaction involves three roles: the supplicant, the authenticator, and the authentication server. Of the three, which role typically takes the form of a RADIUS implementation?

A. The supplicant

B. The authenticator

C. The authentication server

D. None of the above

A

C. The authentication server

The authentication server role is typically performed by a Remote Authentication Dial-In User Service (RADIUS) server. In an 802.1X transaction, the supplicant is the client attempting to connect to the network, the authenticator is a switch or access point to which the supplicant is requesting access, and the authentication server verifies the client’s identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which of the following best describes an example of a captive portal?

A. A switch port used to connect to other switches

B. A web page with which a user must interact before being granted access to a wireless network

C. A series of two doors through which people must pass before they can enter a secured space

D. A web page stating that the user’s computer has been locked and will only be unlocked after payment of a fee

A

B. A web page with which a user must interact before being granted access to a wireless network

A captive portal is a web page displayed to a user attempting to access a public wireless network. The user typically must supply credentials, provide payment, or accept a user agreement before access is granted. A captive portal does not refer to a switch port, a secured entryway to a room, or a type of extortionate computer attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

A user attempting to connect to a Wi-Fi hotspot in a coffee shop is taken to a web page that requires her to accept an End User License Agreement before access to the network is granted. Which of the following is the term for such an arrangement?

A. Captive portal

B. Ransomware

C. Port security

D. Root guard

A

A. Captive portal

A web page that prompts users for payment, authentication, or acceptance of a EULA is a captive portal. Ransomware is a type of attack that extorts payment. Port security and root guards are methods for protecting access to switch ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Which of the following standards was originally designed to provide authentication, authorization, and accounting services dial-up network connections?

A. RADIUS

B. TACACS+

C. Kerberos

D. LDAP

A

A. RADIUS

Remote Authentication Dial-In User Service (RADIUS) was originally conceived to provide AAA services for Internet Service Providers (ISPs), which at one time ran networks with hundreds of modems providing dial-up access to subscribers. Terminal Access Controller Access Control System Plus (TACACS+) is a protocol that was designed to provide AAA services for networks with many routers and switches but not for dial-up connections. Kerberos and Lightweight Directory Access Protocol (LDAP) are not AAA services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

MAC filtering is an access control method used by which of the following types of hardware devices?

A. Wireless access point

B. RADIUS server

C. Domain controller

D. Smartcards

A

A. Wireless access point

Wireless access points (WAPs) typically include the ability to maintain an access control list, which specifies the MAC addresses of devices that are permitted to connect to the wireless network. The technique is known as MAC address filtering. RADIUS servers, domain controllers, and smartcards typically do include MAC filtering capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which of the following statements about RADIUS and TACACS+ are correct?

A. By default, RADIUS uses UDP, and TACACS+ uses TCP.

B. By default, RADIUS uses TCP, and TACACS+ uses UDP.

C. By default, both RADIUS and TACACS+ use TCP.

D. By default, both RADIUS and TACACS+ use UDP.

A

A. By default, RADIUS uses UDP, and TACACS+ uses TCP.

RADIUS uses User Datagram Protocol (UDP) ports 1812 and 1813 or 1645 and 1646 for authentication, whereas TACACS+ uses TCP port 49.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Which of the following standards provides authentication, authorization, and accounting services for network routers and switches?

A. RADIUS

B. TACACS+

C. Kerberos

D. LDAP

A

B. TACACS+

Terminal Access Controller Access Control System Plus (TACACS+) is a protocol designed to provide AAA services for networks with many routers and switches, enabling administrators to access them with a single set of credentials. Remote Authentication Dial-In User Service (RADIUS) provides AAA services, but not for routers and switches. Kerberos and Lightweight Directory Access Protocol (LDAP) are not AAA services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Which of the following terms refers to the process of determining whether a user is a member of a group that provides access to a particular network resource?

A. Authentication

B. Accounting

C. Authorization

D. Access control

A

C. Authorization

Authorization is the process of determining what resources a user can access on a network. Typically, this is done by assessing the user’s group memberships. Authentication is the process of confirming a user’s identity. Accounting is the process of tracking a user’s network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which of the following terms refers to the process of confirming a user’s identity by checking specific credentials?

A. Authentication

B. Accounting

C. Authorization

D. Access control

A

A. Authentication

Authentication is the process of confirming a user’s identity by checking credentials, such as passwords, ID cards, or fingerprints. Authorization is the process of determining what resources a user can access on a network. Accounting is the process of tracking a user’s network activity. Access control is the creation of permissions that provide users and groups with specific types of access to a resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Which of the following terms refers to the process by which a system tracks a user’s network activity?

A. Authentication

B. Accounting

C. Authorization

D. Access control

A

B. Accounting

Accounting is the process of tracking a user’s network activity, such as when the user logged on and logged off and what resources the user accessed. Authentication is the process of confirming a user’s identity by checking credentials. Authorization is the process of determining what resources a user can access on a network. Access control is the creation of permissions that provide users and groups with specific types of access to a resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which of the following is not a factor that weakens the security of the Wired Equivalent Privacy (WEP) protocol used on early IEEE 802.11 wireless LANs?

A. 40-bit encryption keys

B. 24-bit initialization vectors

C. Static shared secrets

D. Open System Authentication

A

D. Open System Authentication

Open System Authentication enables any user to connect to the wireless network without a password, which actually increases the security of the protocol. This is because most WEP implementations use the same secret key for both authentication and encryption. An intruder that captures the key during the authentication process might therefore penetrate the data encryption system as well. By not using the key for authentication, you reduce the chances of the encryption being compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Which of the following encryption ciphers was replaced by CCMP-AES when the WPA2 wireless security protocol was introduced?

A. EAP

B. WEP

C. TKIP

D. CCMP

A

C. TKIP

Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with an Advanced Encryption Standard (CCMP-AES) protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which of the following wireless security protocols was substantially weakened by its initialization vector?

A. WPA

B. WEP

C. WPA2

D. PEAP

A

B. WEP

Wired Equivalent Privacy (WEP) was one of the first commercially available security protocols for wireless LANs. WEP requires 24 bits of the encryption key for the initialization vector, substantially weakening the encryption. WEP was soon found to be easily penetrated and was replaced by Wi-Fi Protected Access (WPA) and then WPA2. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which of the following wireless security protocols uses TKIP for encryption?

A. WEP

B. WPA

C. WPA2

D. AES

A

B. WPA

Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with an Advanced Encryption Standard protocol (CCMP-AES).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Which of the following standards defines a framework for the authentication process but does not specify the actual authentication mechanism?

A. WPA

B. EAP

C. TKIP

D. TLS

A

B. EAP

Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages. EAP is used on wireless networks and point-to-point connections and supports dozens of different authentication methods. Wi-Fi Protected Access (WPA) is a wireless encryption standard. Temporal Key Integrity Protocol (TKIP) is an encryption algorithm. Transport Layer Security (TLS) is an encryption protocol used for Internet communications.

65
Q

EAP and 802.1X are components that help to provide which of the following areas of wireless network security?

A. Authentication

B. Authorization

C. Encryption

D. Accounting

A

A. Authentication

Extensible Authentication Protocol (EAP) and 802.1X are both components of an authentication mechanism used on many wireless networks. EAP and 802.1X do not themselves provide authorization, encryption, or accounting services.

66
Q

Which of the following wireless network security protocols provides open and shared key authentication options?

A. WPA

B. WEP

C. WPA2

D. EAP

A

B. WEP

Wired Equivalent Privacy (WEP), which was one of the first commercially successful security protocols for wireless LANs, enabled administrators to choose between open and shared key authentication. The open option enabled clients to connect to the network with an incorrect key. The shared option required the correct key, but it also exposed the key to potential intruders.

67
Q

Which of the following wireless LAN security protocols was rendered obsolete after it was found to be extremely easy to penetrate?

A. WEP

B. WPA

C. WPA2

D. EAP

A

A. WEP

Wired Equivalent Privacy (WEP) was one of the first commercially available security protocols for wireless LANs, but it was soon found to be easily penetrated and was replaced by Wi-Fi Protected Access (WPA) and then WPA2. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages.

68
Q

Which of the following protocols does the Wi-Fi Protected Access (WPA) security protocol use for encryption?

A. AES

B. TKIP

C. MD5

D. SHA

A

B. TKIP

WPA uses the Temporal Key Integrity Protocol (TKIP) for encryption. It does not use Advanced Encryption Standard (AES), which eventually replaced TKIP in WPA2. Secure Hash Algorithm (SHA) and Message Digest 5 (MD5) are both file hashing algorithms, not used for wireless network encryption.

69
Q

Which of the following stream ciphers does the Temporal Key Integrity Protocol (TKIP) use for encryption on a wireless network?

A. RC4

B. AES

C. CCMP

D. SHA

A

A. RC4

TKIP uses the RC4 stream cipher for its encryption. Advanced Encryption Standard (AES) is used with CCMP on version 2 of the Wi-Fi Protected Access (WPA2) security protocol, not version 1 (WPA), which uses TKIP. Secure Hash Algorithm (SHA) is a file hashing algorithm, not used for wireless network encryption.

70
Q

Which of the following wireless security protocols uses CCMP for encryption?

A. WEP

B. WPA

C. WPA2

D. 802.1X

A

C. WPA2

CCMP, the full name of which is Counter Mode Cipher Block Chaining Message Authentication Code Protocol, is based on the Advanced Encryption Standard (AES) and is the encryption protocol used with the Wi-Fi Protected Access II (WPA2) security protocol on wireless networks. CCMP is not used with version 1 of the WPA protocol or with Wired Equivalent Privacy. 802.1X is an authentication protocol, not used for encryption.

71
Q

CCMP is based on which of the following encryption standards?

A. TKIP

B. RC4

C. AES

D. 802.1X

A

C. AES

CCMP, the full name of which is Counter Mode Cipher Block Chaining Message Authentication Code Protocol, is based on the Advanced Encryption Standard (AES) and is the encryption protocol used with the Wi-Fi Protected Access II (WPA2) security protocol on wireless networks. CCMP is not based on the Temporal Key Integrity Protocol (TKIP), which uses RC4 as its stream cipher. 802.1X is an authentication protocol, not used for encryption.

72
Q

You have installed a new wireless access point on your network and configured it to use an SSID that is not broadcasted and WPA2 for security. Which of the following describes what you must do to configure your wireless clients?

A. Select the SSID from a list and allow the client to automatically detect the security protocol.

B. Select the SSID from a list and then select WPA2 from the security protocol options provided.

C. Type the SSID manually and allow the client to automatically detect the security protocol.

D. Type the SSID manually and then select WPA2 from the security protocol options provided.

A

D. Type the SSID manually and then select WPA2 from the security protocol options provided.

An SSID that is not broadcast is not detectable by clients, so you must type it in manually. Security protocols are also not detectable, so you must configure the clients to use the same protocol you selected on the client.

73
Q

A wireless network is configured to allow clients to authenticate only when the signal strength of their connections exceeds a specified level. Which of the following terms best describes this configuration?

A. Local authentication

B. Port security

C. Geofencing

D. Motion detection

A

C. Geofencing

Geofencing is the generic term for a technology that limits access to a network or other resource based on the client’s location. In wireless networking, geofencing is intended to prevent unauthorized clients outside the facility from connecting to the network. Local authentication is an application or service that triggers an authentication request to which the user must respond before access is granted. Port security is a method for protecting access to switch ports. Motion detection is a system designed to trigger a notification or alarm when an individual trespasses in a protected area.

74
Q

Which of the following best describes a wireless network that uses geofencing as a security mechanism?

A. A wireless network that allows clients to authenticate only when the signal strength of their connections exceeds a specified level.

B. A wireless network that requires users to log on to a wired system before they can authenticate on a wireless device.

C. A wireless network that requires users to have an Active Directory account located within the local site.

D. A wireless network that requires users to type in the local SSID before they can authenticate.

A

A. A wireless network that allows clients to authenticate only when the signal strength of their connections exceeds a specified level.

Geofencing is a mechanism that is intended to prevent unauthorized clients outside the facility from connecting to the network. The mechanism can take the form of a signal strength requirement, a GPS location requirement, or strategic placement of wireless access points. The other options listed are not descriptions of typical geofencing technologies.

75
Q

Which of the following forms of the Wi-Fi Protected Access (WPA) and WPA2 protocols call for the use of a preshared key?

A. WPA-Personal

B. WPA-Enterprise

C. WPA-EAP

D. WPA-802.1X

A

A. WPA-Personal

WPA-Personal, also known as WPA-PSK, is intended for small networks and requires a preshared key. WPA-Enterprise, also known as WPA-802.1X, uses the Extensible Authentication Protocol (EAP) to support various types of authentication factors and requires a Remote Authentication Dial-In User Service (RADIUS) server.

76
Q

Which of the following elements associates a public and private key pair to the identity of a specific person or computer?

A. Exploit

B. Signature

C. Certificate

D. Resource record

A

C. Certificate

As part of a public key infrastructure (PKI), digital certificates are associated with a key pair, consisting of a public key and a private key. The certificate is issued to a person or computer as proof of its identity. A signature does not associate a person or computer with a key pair. An exploit is a hardware or software element that is designed to take advantage of a vulnerability. Resource records are associated with the Domain Name System (DNS).

77
Q

Which of the following wireless security protocols can enable network users to authenticate using smartcards?

A. WEP

B. WPA2

C. EAP

D. AES

A

C. EAP

Wired Equivalent Protocol (WEP) and Wi-Fi Protected Access II (WPA2) are both wireless security protocols that control access to the network and provide encryption, using protocols like Advanced Encryption Standard (AES). These protocols do not provide authentication services, however. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages. Its many variants provide support for the use of smartcards and other authentication factors, such as biometrics, in addition to traditional passwords.

78
Q

Alice is a consultant working in your office, who has been given the SSID and the passphrase for the company’s wireless network, but she is unable to connect with her laptop. Which of the following security measures might be preventing her from connecting?

A. MAC filtering

B. Disabling SSID broadcast

C. Geofencing

D. Using WPA2

A

A. MAC filtering

MAC filtering takes the form of an access control list (ACL) on the wireless network’s access points, listing the MAC addresses of all the devices that are to be permitted to access the network. If the MAC address of Alice’s laptop is not included in the ACL, she will be unable to connect to the network. Alice has been given the SSID of the network, so she should be able to connect, even if the access points are not broadcasting the SSID. Geofencing is intended to prevent users outside the office from accessing the network, so this should not be the problem. Alice has been given the passphrase for the network, so she should be able to configure WPA2 on her laptop.

79
Q

Which of the following protocols provides wireless networks with the strongest encryption?

A. AES

B. TKIP

C. EAP

D. 802.1X

A

A. AES

Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replaces the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with the stronger CCMP-Advanced Encryption Standard (CCMP-AES). Extensible Authentication Protocol and 802.1X do not provide encryption.

80
Q

When the Wi-Fi Protected Access (WPA) wireless security protocol was released to replace Wired Equivalent Privacy (WEP), it included the Temporal Key Integrity Protocol (TKIP) for encryption. Which of the following is not one of the improvements that WPA and TKIP provide over WEP?

A. TKIP enlarges the WEP encryption key.

B. TKIP modifies the encryption key for every packet.

C. WPA does not require a hardware upgrade for WEP devices.

D. TKIP eliminates the use of preshared keys.

A

D. TKIP eliminates the use of preshared keys.

TKIP augments the existing WEP encryption key, making it longer, enabling it to be changed for every packet, and enabling WPA to be deployed without replacing network adapter or access point hardware. TKIP does continue to support the use of preshared keys.

81
Q

To connect a wireless client to a wireless access point using the Wi-Fi Protected Access II (WPA2) security protocol with a preshared key, which of the following must you supply on both devices?

A. Base key

B. Passphrase

C. Serial number

D. MAC address

A

B. Passphrase

To use the WPA2 protocol with a preshared key, the client and the access point must both be configured with the same passphrase. The base key, the serial number, and the MAC address are all components that WPA2 uses to generate the encryption key for each packet.

82
Q

Upgrading a wireless network from the Wired Equivalent Privacy (WEP) security protocol to Wi-Fi Protected Access (WPA) enables it to use the Temporal Key Integrity Protocol (TKIP) for encryption, which generates a unique key for each packet. Which of the following types of attacks does this capability prevent?

A. Denial-of-service attacks

B. Brute-force attacks

C. Replay attacks

D. Deauthentication attacks

A

C. Replay attacks

A replay attack is one in which an attacker utilizes the encryption key found in a previously captured packet to gain access to the network. Because TKIP generates a unique encryption key for every packet, it prevents this type of attack from being successful.

83
Q

Which of the following wireless security protocols uses CCMP-AES for encryption?

A. WEP

B. WPA

C. WPA2

D. TKIP

A

C. WPA2

Wi-Fi Protected Access (WPA) is a wireless security protocol that was designed to replace the increasingly vulnerable Wired Equivalent Privacy (WEP). WPA added an encryption protocol called Temporal Key Integrity Protocol (TKIP). This too became vulnerable, and WPA2 was introduced, which replaced TKIP with CCMP-Advanced Encryption Standard (CCMP-AES).

84
Q

Which of the following was the first wireless LAN security protocol to come into common usage?

A. WEP

B. WPA

C. WPA2

D. TKIP

A

A. WEP

Wired Equivalent Privacy (WEP) was the first wireless LAN security protocol to achieve widespread use in commercial products. This protocol was soon found to be vulnerable to attack, and it was replaced by Wi-Fi Protected Access (WPA), which added a stronger encryption protocol called Temporal Key Integrity Protocol (TKIP).

85
Q

Which of the following did the second version of the Wi-Fi Protected Access (WPA) protocol add to the standard?

A. CCMP-AES

B. MIMO

C. WEP

D. TKIP

A

A. CCMP-AES

WPA2 adds Counter Mode Cipher Block Chaining Message Authentication Code Protocol – Advanced Encryption Standard (CCMP-AES), a new symmetric key encryption algorithm that strengthens the protocol’s security.

86
Q

You are setting up a wireless LAN in a friend’s home, using devices that conform to the IEEE 802.11g standard. You have installed and successfully tested the devices on an open network, and now you are ready to add security. Which of the following protocols should you choose to provide maximum security for the wireless network?

A. WEP

B. WPA2

C. IPsec

D. TLS

E. L2TP

A

B. WPA2

Wi-Fi Protected Access 2 (WPA2) will provide the maximum security for the wireless network, in part because it uses long encryption keys that change frequently.

87
Q

CCMP-AES is an encryption protocol used with which of the following wireless network security standards?

A. WEP

B. WPA

C. WPA2

D. EAP

A

C. WPA2

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) with Advanced Encryption Standard (AES) is an encryption protocol that is used with the Wi-Fi Protected Access II security protocol. WPA was created to replace the insecure Wired Equivalent Privacy (WEP) protocol, and WPA2 was created to replace the Temporal Key Integrity Protocol (TKIP) used in the first version of WPA. Extensible Authentication Protocol (EAP) is a framework for the encapsulation of authentication messages.

88
Q

Which of the following encryption protocols was introduced in the Wi-Fi Protected Access II (WPA2) wireless security standard?

A. CCMP-AES

B. TKIP-RC4

C. EAP-TLS

D. TACACS+

A

A. CCMP-AES

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) with Advanced Encryption Standard (AES) is an encryption protocol that is used with the Wi-Fi Protected Access II (WPA2) security protocol. WPA was created to replace the insecure Wired Equivalent Privacy (WEP) protocol, and WPA2 was created to replace the Temporal Key Integrity Protocol (TKIP) used in the first version of WPA.

89
Q

Which of the following best describes the process of whitelisting on a wireless network?

A. Using an access control list to specify the IP addresses that are permitted to access a wireless network

B. Using port protection to specify the well-known port numbers of applications that users are permitted to run over a wireless network

C. Using MAC filtering to create a list of devices that are permitted to access a wireless network

D. Using an AAA server to create a list of users that are permitted to access a wireless network

A

C. Using MAC filtering to create a list of devices that are permitted to access a wireless network

Whitelisting is the process of using MAC filtering to specify the hardware addresses of devices that are permitted to access a wireless network. Blacklisting, by contrast, is making a list of addresses that are denied access to the network.

90
Q

Which of the following encryption protocols was introduced in the Wi-Fi Protected Access (WPA) wireless security standard?

A. CCMP-AES

B. TKIP-RC4

C. EAP-TLS

D. TACACS+

A

B. TKIP-RC4

Wi-Fi Protected Access (WPA) was created to replace the insecure Wired Equivalent Privacy (WEP) protocol and used Temporal Key Integrity Protocol (TKIP) with the RC4 cipher for encryption.

91
Q

TKIP-RC4 is an encryption protocol used with which of the following wireless network security standards?

A. WEP

B. WPA

C. WPA2

D. EAP

A

B. WPA

Wi-Fi Protected Access (WPA) was created to replace the insecure Wired Equivalent Privacy (WEP) protocol and used the Temporal Key Integrity Protocol (TKIP) with the RC4 cipher.

92
Q

A user calls the help desk, complaining that he can’t access any of the data on his computer. A message has also appeared on his screen stating that his data has been encrypted and that it will only be decrypted after he pays $768 in Bitcoin to an unknown address. Which of the following types of attacks has the user experienced?

A. War driving

B. Ransomware

C. Denial of service

D. ARP poisoning

A

B. Ransomware

Ransomware is a type of attack in which a user’s access to his or her data is blocked unless a certain amount of money is paid to the attacker. The blockages can vary from simple screen locks to data encryption. War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks. Denial of service is a type of attack that overwhelms a computer with traffic, preventing it from functioning properly. ARP poisoning is the deliberate insertion of fraudulent information into the ARP cache stored on computers and switches.

93
Q

Which of the following types of attack involves the modification of a legitimate software product?

A. Social engineering

B. War driving

C. Logic bomb

D. Evil twin

A

C. Logic bomb

A logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. Social engineering is the practice of obtaining sensitive data by contacting users and pretending to be someone with a legitimate need for that data. War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks. An evil twin is a fraudulent access point on a wireless network that mimics the SSID of a legitimate access point, in the hope of luring in users.

94
Q

On the fence outside your home, you happen to notice a small sticker that has the SSID of your wireless network written on it, along with the name of the security protocol your network is using. To which of the following attacks have you been made a victim?

A. War driving

B. War chalking

C. War tagging

D. War signing

A

B. War chalking

When a war driver locates a wireless network and marks it for other attackers, it is called war chalking. There are no such attacks as war tagging and war signing.

95
Q

Which of the following is the name for an attack in which an intruder uses a Bluetooth connection to steal information from a wireless device, such as a smart phone?

A. Bluedogging

B. Bluesnarfing

C. Bluesmurfing

D. Bluejacking

A

B. Bluesnarfing

Bluesnarfing is an attack in which an intruder connects to a wireless device using Bluetooth, for the purpose of stealing information. Bluejacking is the process of sending unsolicited messages to a device using Bluetooth. The other options do not exist.

96
Q

Which of the following is the name for the process by which an individual uses a Bluetooth connection to send unsolicited text messages or other communications to a wireless device, such as a smartphone?

A. Bluedogging

B. Bluesnarfing

C. Bluesmurfing

D. Bluejacking

A

D. Bluejacking

Bluejacking is the process of sending unsolicited text messages, images, or sounds to a smartphone or other device using Bluetooth. Bluesnarfing is an attack in which an intruder connects to a wireless device using Bluetooth, for the purpose of stealing information. The other options do not exist.

97
Q

Which of the following types of denial-of-service (DoS) attack does not involve flooding a server with traffic?

A. Amplified

B. Reflective

C. Distributed

D. Permanent

A

D. Permanent

A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning. This can be a physical attack that actually damages the hardware, or the attacker can disable the server by altering its software or configuration settings.

98
Q

Which of the following statements best describes the difference between distributed and reflective denial-of-service (DoS) attacks?

A. A distributed DoS attack uses other computers to flood a target server with traffic, whereas a reflective DoS attack causes a server to flood itself with loopback messages.

B. A distributed DoS attack uses malware-infected computers to flood a target, whereas a reflective DoS attack takes advantage of other servers’ native functions to make them flood a target.

C. A reflective DoS attack uses malware-infected computers to flood a target, whereas a distributed DoS attack takes advantage of other servers’ native functions to make them flood a target.

D. A distributed DoS attack floods multiple target computers with traffic, whereas a reflective DoS attack only floods a single target.

A

B. A distributed DoS attack uses malware-infected computers to flood a target, whereas a reflective DoS attack takes advantage of other servers’ native functions to make them flood a target.

Distributed DoS attacks use hundreds or thousands of computers that have been infected with malware, called zombies, to flood a target server with traffic, in an attempt to overwhelm it and prevent it from functioning. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target. Neither attack type causes a computer to flood itself.

99
Q

Which of the following terms refers to a denial-of-service (DoS) attack that places more of a burden on the target server than that of the flood of incoming traffic?

A. Amplified

B. Reflective

C. Distributed

D. Permanent

A

A. Amplified

An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. Reflective and distributed DoS attacks use other computers to flood a target with traffic. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target.

100
Q

Which of the following is an effective method for preventing sensitive data from being compromised through social engineering?

A. Implement a program of user education and corporate policies.

B. Install an antivirus software product on all user workstations.

C. Install a firewall between the internal network and the Internet.

D. Use IPsec to encrypt all network traffic.

A

A. Implement a program of user education and corporate policies.

Social engineering is the practice of obtaining sensitive data by contacting users and pretending to be someone with a legitimate need for that data. No software or hardware solution can prevent it; the only way is to educate users of the potential dangers and establish policies that inform users what to do when they experience a social engineering attempt.

101
Q

In which of the following ways is VLAN hopping a potential threat?

A. VLAN hopping enables an attacker to scramble a switch’s patch panel connections.

B. VLAN hopping enables an attacker to rename the default VLAN on a switch.

C. VLAN hopping enables an attacker to access different VLANs using 802.1q spoofing.

D. VLAN hopping enables an attacker to change the native VLAN on a switch.

A

C. VLAN hopping enables an attacker to access different VLANs using 802.1q spoofing.

VLAN hopping is a method for sending commands to switches to transfer a port from one VLAN to another. This can enable the attacker to connect his or her device to a potentially sensitive VLAN. VLAN hopping does not modify the switch’s patch panel connections, only its VAN assignments. It is not possible to rename a switch’s default VLAN. VLAN hopping does not enable an attacker to change a switch’s native VLAN.

102
Q

Which of the following is not a characteristic of a smurf attack?

A. Uses the Internet Control Message Protocol

B. Uses broadcast transmissions

C. Uses spoofed IP addresses

D. Uses a botnet to bombard the target with traffic

E. Uses the same type of messages as ping

A

D. Uses a botnet to bombard the target with traffic

A smurf attack does not use a botnet, which is a group of computers running a remote control malware program without their owners knowing it. The computers participating in a smurf attack are simply processing traffic as they normally would. A smurf attack involves flooding a network with the same ICMP Echo Request messages used by ping but sent to the network’s broadcast address.

103
Q

Which of the following types of attacks can be used to enable an intruder to access a wireless network despite the protection provided by MAC filtering?

A. Spoofing

B. Brute force

C. DNS poisoning

D. War driving

A

A. Spoofing

Spoofing is the process of modifying network packets to make them appear as though they are transmitted by or addressed to someone else. One way of doing this is to modify the MAC address in the packets to one that is approved by the MAC filter.

104
Q

Which of the following terms refers to a type of denial-of-service (DoS) attack that uses multiple computers to bombard a target server with traffic?

A. Amplified

B. Reflective

C. Distributed

D. Permanent

A

C. Distributed

A distributed denial-of-service (DDoS) attack is one in which the attacker uses hundreds or thousands of computers, controlled by malware and called zombies, to send traffic to a single server or website, in an attempt to overwhelm it and prevent it from functioning.

105
Q

Which of the following terms refers to a type of denial-of-service (DoS) attack that bombards a target server with traffic that requires a large amount of processing?

A. Amplified

B. Reflective

C. Distributed

D. Permanent

A

A. Amplified

An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would.

106
Q

Which of the following terms refers to a type of denial-of-service (DoS) attack that coerces other servers on the Internet into bombarding a target server with traffic?

A. Amplified

B. Reflective

C. Distributed

D. Permanent

A

B. Reflective

A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target.

107
Q

Which of the following terms refers to a denial-of-service (DoS) attack in which an attacker breaks into a company’s datacenter and smashes its servers with a sledgehammer?

A. Amplified

B. Reflective

C. Distributed

D. Permanent

A

D. Permanent

A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning. This can be a physical attack that damages the hardware, or the attacker can disable the server by altering its software or configuration settings.

108
Q

A technician in the IT department at your company was terminated today and had to be escorted from the building. Your supervisor has instructed you to disable all of the technician’s accounts, change all network device passwords to which the technician had access, and have the datacenter doors rekeyed. Which of the following terms best describes your supervisor’s concern in asking you to do these things?

A. Social engineering

B. Insider threats

C. Logic bombs

D. War driving

A

B. Insider threats

Your supervisor’s concern is that the disgruntled technician might take advantage of his access to devices and facilities to sabotage the network. When an individual takes advantage of information gathered during his or her employment, it is called an insider threat.

109
Q

Which of the following terms refers to a denial-of-service (DoS) attack that involves zombies?

A. Amplified

B. Reflective

C. Distributed

D. Permanent

A

C. Distributed

Distributed DoS attacks use hundreds or thousands of computers that have been infected with malware, called zombies, to flood a target server with traffic, in an attempt to overwhelm it and prevent it from functioning.

110
Q

Which of the following types of attacks can cause a user’s attempts to connect to an Internet website to be diverted to an attacker’s website instead?

A. Evil twin

B. ARP poisoning

C. Spoofing

D. DNS poisoning

A

D. DNS poisoning

DNS poisoning is a type of attack in which an attacker adds fraudulent information into the cache of a DNS server. Then, when a client attempts to resolve the name of a website or other server, the DNS server supplies the incorrect IP address, causing the client to access the attacker’s server instead.

111
Q

Which of the following functions can be interfered with by a DNS poisoning attack?

A. IP address resolution

B. Name resolution

C. Password protection

D. Network switching

A

B. Name resolution

DNS poisoning is a type of attack in which an attacker adds fraudulent information into the cache of a DNS server. This can interfere with the name resolution process by causing a DNS server to supply the incorrect IP address for a specified name.

112
Q

Which of the following statements best describes the difference between an exploit and a vulnerability?

A. An exploit is a potential weakness in software and a vulnerability is a potential weakness in hardware.

B. A vulnerability is a potential weakness in a system and an exploit is a hardware or software element that is designed to take advantage of a vulnerability.

C. An exploit is a potential weakness in a system and a vulnerability is a hardware or software element that is designed to take advantage of a vulnerability.

D. A vulnerability is a potential weakness in software and an exploit is a potential weakness in hardware.

A

B. A vulnerability is a potential weakness in a system and an exploit is a hardware or software element that is designed to take advantage of a vulnerability.

A vulnerability is a weakness, whether in software or hardware, of which an exploit is designed to take advantage. Neither term is specific to hardware or software.

113
Q

In testing the new application he has designed, Ralph has discovered that it contains a weakness that could enable an attacker to gain full administrative access. Which of the following is another term for this weakness?

A. Exploit

B. Mitigation

C. Vulnerability

D. Honeypot

A

C. Vulnerability

A vulnerability is a potential weakness in a system that an attacker can use to his or her advantage. An exploit is a hardware or software element that is designed to take advantage of a vulnerability.

114
Q

An early form of denial-of-service (DoS) attack called for the attacker to bombard the network with altered ping requests sent to the broadcast address. Which of the following is the name of this type of attack?

A. Smurf

B. Phishing

C. Evil twin

D. Fraggle

A

A. Smurf

In a smurf attack, the attacker sends ping requests, which use the Internet Control Message Protocol (ICMP), to the broadcast address. The request messages are altered to appear as though sent by the designated target so that all of the replies are sent to that system.

115
Q

Which of the following attack types is similar to a smurf attack, except that it uses a different protocol to generate its traffic?

A. Phishing

B. Evil twin

C. Logic bomb

D. Fraggle

A

D. Fraggle

A fraggle attack is similar to a smurf attack in that the attacker generates a large amount of spoofed broadcast traffic that appears to have been sent by the target system. All of the replies to the broadcasts are then transmitted to the target. The difference between a fraggle and a smurf attack is that a fraggle attack uses User Datagram Protocol (UDP) traffic instead of ICMP.

116
Q

A senior IT administrator at your company was terminated two weeks ago. Today, Friday, you arrived at the office and found that all of the hosts in the web server farm had had their data deleted. There are no unauthorized entries to the datacenter recorded, but you suspect the terminated administrator to be responsible. Which of the following attack types might the administrator have directed at the web server farm?

A. Social engineering

B. ARP poisoning

C. Evil twin

D. Logic bomb

A

D. Logic bomb

A logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. The terminated administrator might have created code designed to trigger the deletions after the administrator’s departure from the company.

117
Q

Which of the following attack types describes the practice of seeking out unprotected wireless networks?

A. War driving

B. Phishing

C. Brute force

D. Social engineering

A

A. War driving

War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks.

118
Q

Which of the following statements best describes a type of replay attack?

A. A type of attack in which an intruder reenters a resource previously compromised by another intruder

B. A type of attack in which an intruder retransmits captured authentication packets to gain access to a secured resource

C. A type of attack in which an intruder uses the same technique that provided access to other resources to penetrate a new resource

D. A type of attack in which an intruder accesses a resource that was accidentally left unsecured by an authorized user

A

B. A type of attack in which an intruder retransmits captured authentication packets to gain access to a secured resource

A replay attack is one in which an attacker utilizes the information found in previously captured packets to gain access to a secured resource. In many cases, the captured packets contain authentication data. In this way, the attacker can make use of captured passwords, even when they are encrypted and cannot be read. The other options all describe valid attack methodologies, but they are not called replay attacks.

119
Q

Ed receives an email through his personal account, warning him that his checking account has been locked due to excessive activity. To confirm that the activity is fraudulent, the email instructs Ed to click the enclosed hyperlink, log on to his account, and review the list of charges. Ed clicks the link and is taken to a web page that appears to be that of his bank. He then supplies his username and password to log on. Which of the following types of attacks is Ed likely to be experiencing?

A. Social engineering

B. Phishing

C. Logic bomb

D. Spoofing

A

B. Phishing

This is a classic example of a phishing scam. In all likelihood, the link in the email Ed received has taken him not to the real website of his bank, but rather a duplicate created by an attacker. By supplying his logon credentials, he is in effect giving them to the attacker, who can now gain access to his real bank account.

120
Q

In the hacker subculture, which of the following statements best describes a zombie?

A. A computer that is remotely controllable because it has been infected by malware

B. A computer that is no longer functioning because it is the target of a denial-of-service (DoS) attack

C. A user that has fallen victim to a phishing attack

D. A program that attackers use to penetrate passwords using brute-force attacks

A

A. A computer that is remotely controllable because it has been infected by malware

A zombie is a computer that has been infected by malware—usually some form of Trojan—which an attacker can control remotely, causing the computer to flood a target system with traffic. An attack using multiple zombies is known as a distributed denial-of-service (DDoS) attack. The other options are not examples of zombies.

121
Q

Which of the following statements best describes a ransomware attack?

A. A website is rendered inaccessible by a denial-of-service (DoS) attack until its owner agrees to pay a fee.

B. A user’s access to a specific resource, such as a bank’s website, is blocked until the user pays a fee.

C. A message appears on a user’s screen, stating that system is locked and will only be released on payment of a fee.

D. An application is supplied with limited usability until the user pays a license fee.

A

C. A message appears on a user’s screen, stating that system is locked and will only be released on payment of a fee.

Ransomware is a type of attack in which a user’s access to his or her computer or data is blocked unless a certain amount of money is paid to the attacker. The blockages can vary from simple screen locks to data encryption.

122
Q

Which of the following types of attacks requires no computer equipment?

A. Denial of service

B. Social engineering

C. Brute force

D. Phishing

A

B. Social engineering

Social engineering is the practice of obtaining sensitive data by contacting users and pretending to be someone with a legitimate need for that data. No computer equipment is required and no software or hardware solution can prevent it; the only way is to educate users of the potential dangers and establish policies that inform users what to do when they experience a social engineering attempt.

123
Q

Which of the following best describes a brute-force attack?

A. An attacker breaking down the door of a datacenter

B. An attacker cracking a password by trying thousands of guesses

C. An attacker using zombie computers to flood a server with traffic

D. An attacker deploying an unauthorized access point on a wireless network

A

B. An attacker cracking a password by trying thousands of guesses

A brute-force attack is one in which an attacker uses repeated guesses to find a password, an open port, or some other type of sensitive data. Brute force does not refer to a physical attack.

124
Q

An intruder has deployed a rogue access point on your company’s wireless network and is using it to access traffic generated by users who have accidentally connected to it. Which of the following is the name for this type of attack?

A. Evil twin

B. War driving

C. Social networking

D. Spoofing

A

A. Evil twin

An evil twin is a fraudulent access point on a wireless network, which an intruder can use to obtain passwords and other sensitive information transmitted by users.

125
Q

A person identifying himself as Trixie from IT telephones a user called Alice and tells her that there is a problem with her network user account that could cause all her data to be lost. To resolve the problem, Trixie says that she must log on using Alice’s account and configure an important setting. All she needs to do this is Alice’s account password. This call is, of course, an elicit attempt to learn Alice’s password. Which of the following terms describes the type of attack that is currently occurring?

A. Man in the middle

B. Spoofing

C. Social engineering

D. Evil twin

A

C. Social engineering

Social engineering is the term for a type of attack in which a smooth-talking intruder contacts a user and convinces him or her to disclose sensitive information, such as account passwords.

126
Q

Despite having imposed password policies on his network, compelling users to change their passwords frequently, create passwords of a specific length, and use complex passwords, Ralph has had several reports of account penetrations. The victims of the incidents had all apparently shared a “tip” suggesting that users cycle through the names of their children, nephews, nieces, and other relatives when forced to create new passwords, changing letters to numbers as needed. Which of the following actions can Ralph take to remedy the situation without creating a larger problem?

A. Distribute a list of common passwords that are insecure, such as those based on names, birth dates, etc.

B. Modify the password policies to force users to change passwords more frequently

C. Assign the users long passwords consisting of random-generated characters and change them often

D. Change the password history policy to a value greater than the number of children in any user’s family

A

A. Distribute a list of common passwords that are insecure, such as those based on names, birth dates, etc.

There are no policies that can prevent users from creating easily guessed passwords. The only action that can help is to educate users of the fact that attackers are frequently able to guess passwords by using information such as familiar names and dates.

127
Q

Which of the following wireless security protocols provides the greatest degree of network device hardening?

A. WEP

B. WPA

C. WPA2

D. EAP

A

C. WPA2

WPA2 is the most secure of the wireless protocols, providing the greatest degree of network device hardening.

128
Q

SHA and MD5 are cryptographic algorithms that are used for which of the following applications?

A. Data encryption

B. Digital signing

C. File hashing

D. Wireless authentication

A

C. File hashing

Secure Hash Algorithm (SHA) and Message Digest 5 (MD5) are file hashing algorithms, used to test data integrity by calculating a hash value before transmission a file over a network. After the transmission, the receiving system performs the same calculation. If the values match, then the data is intact. These two algorithms are not used for data encryption, digital signing, or wireless authentication.

129
Q

For which of the following reasons is disabling the SSID broadcast of a wireless network to prevent unauthorized access a relatively weak method of device hardening?

A. Attackers have ways of connecting to the network without the SSID.

B. Attackers can capture packets transmitted over the network and read the SSID from them.

C. Every access point’s SSID is printed on a label on the back of the device.

D. Attackers have software that can easily guess a network’s SSID.

A

B. Attackers can capture packets transmitted over the network and read the SSID from them.

Disabling SSID broadcasts is a way of hiding the presence of a wireless network, but if an intruder knows that a network is there, it is a simple matter to capture packets transmitted by the wireless devices and read the SSID from them.

130
Q

Regularly applying operating system updates and patches to network computers is an important mitigation procedure for which of the following security problems?

A. Denial-of-service attacks

B. Malware

C. Social engineering

D. Port security

A

B. Malware

Operating system updates and patches are frequently released to address newly discovered exploits that make computers vulnerable to malware infestation. Applying updates on a regular basis can help to mitigate the impact of malware.

131
Q

Which of the following cannot be considered to be a server hardening policy?

A. Disabling unnecessary services

B. Disabling unused TCP and UDP ports

C. Upgrading firmware

D. Creating privileged user accounts

A

C. Upgrading firmware

Upgrading the UEFI or BIOS firmware on a server typically does not enhance its security, so it cannot be considered a form of server hardening.

132
Q

To ensure that the data received over a network is identical to the data that was transmitted, it is common for systems to run a cryptographic function on a file that generates a value called a checksum or a message digest. Which of the following terms describes this type of mechanism?

A. Deauthentication

B. File hashing

C. Root guard

D. Geofencing

A

B. File hashing

File hashing uses a cryptographic algorithm, such as Secure Hash Algorithm (SHA) or Message Digest 5 (MD5), to generate a checksum value for a file that is transmitted along with it. When the recipient applies the same algorithm to the received file, the checksum value should be the same, indicating the file has not been modified in transit.

133
Q

Which of the following Windows password policies includes a provision to prevent users from specifying common passwords?

A. Maximum password age.

B. Enforce password history.

C. Minimum password length.

D. Passwords must meet complexity requirements.

A

D. Passwords must meet complexity requirements.

The “Passwords must meet complexity requirements” policy includes a provision that new passwords cannot include the user’s account name or full name. If the full name is delimited by spaces or punctuation, the individual words cannot appear in the password either. The other options do not prevent the use of common passwords.

134
Q

Which of the following is not a method for hardening a wireless access point?

A. Upgrading firmware

B. Changing default credentials

C. Generating new keys

D. Deauthentication

A

D. Deauthentication

Deauthentication is a type of denial-of-service attack in which the attacker targets a wireless client by sending a deauthentication frame that causes the client to be disconnected from the network. It is therefore not a method for hardening an access point.

135
Q

Creating a policy instructing users to avoid passwords that use commonly shared information, such as birth dates and the names of children and pets, is an example of which of the following?

A. Mitigation techniques

B. Multifactor authentication

C. Network hardening

D. Access control

A

C. Network hardening

Network hardening is a term used to describe any method of making it more difficult for intruders to penetrate. In many cases, network hardening techniques are based on education rather than technology. Compelling users to create passwords that are difficult to guess is one example of this.

136
Q

Which of the following is another term for a perimeter network?

A. VLAN

B. PEAP

C. TKIP

D. DMZ

A

D. DMZ

A perimeter network is a segment that is separated from the internal network by a firewall and exposed to the Internet. Administrators typically use a perimeter network for servers that must be accessible by outside users, such as web and email servers. Another term for a perimeter network is a DMZ, or demilitarized zone.

137
Q

In some cases, network administrator create computers that function as enticing targets for attackers but that do not provide access to any legitimately sensitive services or information. Which of the following is the term used to describe this technique?

A. DMZ

B. Honeypot

C. Root guard

D. Spoofing

A

B. Honeypot

A honeypot is a computer configured to function as bait for attackers, causing them to waste their time penetrating a resource that provides no significant access.

138
Q

After an incident in which your company’s datacenter was penetrated by an intruder, the management has installed a double doorway at the entrance to the datacenter. The two doors have a small vestibule in between them, and one door must be closed before the other one can open. Which of the following terms describes this arrangement?

A. Server closet

B. Man trap

C. Controlled entrance

D. Honeypot

A

B. Man trap

An entrance arrangement in which people must close one door before they can open the next one is called a man trap. Security personnel can evaluate potential entrants while they are in the vestibule and detain attempted intruders there.

139
Q

Honeypots and honeynets belong to which of the following categories of devices?

A. Mitigation techniques

B. Network attacks

C. Switch port protection types

D. Firewall filters

A

A. Mitigation techniques

A honeypot or honeynet is a type of mitigation technique that takes the form of a computer or network configured to function as bait for attackers, causing them to waste their time penetrating a resource that provides no significant access.

140
Q

Metaphorically speaking, which of the following terms best describes the function of honeypots and honeynets?

A. Attack

B. Key

C. Roadblock

D. Detour

A

D. Detour

Honeypots and honeynets are computers and networks designed to function as lures for attackers, in the hope that they will waste their time and resources attempting to gain access to them. Therefore, detour is the best metaphor for the function of these devices.

141
Q

Which of the following is the term for a network segment that is separated from the internal network by a firewall and exposed to the Internet?

A. AES

B. Honeynet

C. DMZ

D. VLAN

A

C. DMZ

A network segment that is separated from the internal network by a firewall and exposed to the Internet is called a demilitarized zone (DMZ), or a perimeter network. Administrators typically use a DMZ for servers that must be accessible by outside users, such as web and email servers.

142
Q

Which of the following best describes the process of penetration testing?

A. Administrators create computers or networks that are alluring targets for intruders.

B. Administrators attempt to access the network from outside using hacker tools.

C. An organization hires an outside consultant to evaluate the security conditions on the network.

D. An organization hires an outside consultant who attempts to compromise the network’s security measures.

A

D. An organization hires an outside consultant who attempts to compromise the network’s security measures.

Penetration testing is when an outside consultant is engaged to attempt an unauthorized access to protected network resources. Testing by an internal administrator familiar with the security barriers would not be a valid test.

143
Q

Which of the following types of mitigation techniques is not applicable to servers?

A. Role separation

B. Applying ACLs

C. File integrity monitoring

D. DHCP snooping

A

D. DHCP snooping

DHCP snooping is a feature found in some network switches that prevents rogue DHCP servers from assigning IP addresses to clients. It can also detect when DHCP release or decline messages arrive over a port other than the one on which the DHCP transaction originated. The other options are all techniques that are applicable to servers.

144
Q

On a wireless access point that uses an access control list (ACL) to specify which devices are permitted to connect to the network, which of the following is used to identify the authorized devices?

A. Usernames

B. IP addresses

C. Device names

D. MAC addresses

A

D. MAC addresses

Wireless access points use the layer 2 MAC addresses coded into devices in their access control lists. Usernames, IP addresses, and device names can easily be impersonated.

145
Q

Which of the following network devices does not employ an access control lists to restrict access?

A. Routers

B. Hubs

C. Switches

D. Wireless access points

A

B. Hubs

ACLs restrict access to network devices by filtering usernames, MAC addresses, IP addresses, or other criteria. Routers, switches, and wireless access points all use ACLs to control access to them. Hubs are purely physical layer devices that relay electrical or optical signals. They have no way of controlling access to them.

146
Q

Which of the following services are provided by access control lists (ACLs)?

A. Authentication

B. Authorization

C. Accounting

D. Auditing

A

B. Authorization

ACLs define the type of access granted to authenticated users. This process is known as authorization. Authentication is the confirmation of a user’s identity. Accounting and auditing are both methods of tracking and recording a user’s activities on a network.

147
Q

Which of the following terms describes the threat mitigation technique of deploying individual applications and services on virtual servers so that no more than one is endangered at any one time, rather than deploying multiple applications on a single server?

A. Geofencing

B. Network segmentation

C. Role separation

D. VLAN hopping

A

C. Role separation

Role separation is the practice of creating a different virtual server for each server role or application. In addition to providing other benefits as well, this forces intruders to mount attacks on multiple servers to disable an entire network.

148
Q

Role separation is a threat mitigation technique that is applied to which of the following types of network components?

A. Switches

B. Servers

C. Routers

D. Wireless access points

A

B. Servers

Role separation is the practice of creating a different virtual server for each server role or application. In addition to providing other benefits as well, this forces intruders to mount attacks on multiple servers to disable an entire network. Switches, routers, and access points do not use this technique.

149
Q

Which of the following statements about DHCP snooping is not true?

A. DHCP snooping detects rogue DHCP servers.

B. DHCP snooping is implemented in network switches.

C. DHCP snooping drops DHCP messages arriving over the incorrect port.

D. DHCP snooping prevents DNS cache poisoning.

A

D. DHCP snooping prevents DNS cache poisoning.

DHCP snooping is a feature found in some network switches that prevents rogue DHCP servers from assigning IP addresses to clients. It can also detect when DHCP release or decline messages arrive over a port other than the one on which the DHCP transaction originated. Although DHCP snooping can prevent DHCP clients from being assigned an incorrect IP address, it does not directly prevent the poisoning of DNS server caches with erroneous information.

150
Q

At which layer of the OSI reference model does DHCP snooping operate?

A. Data link

B. Network

C. Transport

D. Application

A

A. Data link

Although DHCP is an application layer service, which uses the UDP transport layer protocol to assign network layer IP addresses, DHCP snooping is a data link layer process in which a network switch examines incoming DHCP traffic to determine whether it originates from an authorized server and is arriving over the correct port.

151
Q

Which of the following types of server attacks is a flood guard designed to prevent?

A. Evil twin

B. Denial of service

C. DNS poisoning

D. War driving

A

B. Denial of service

One of the most common ways to stop a server from functioning properly is to flood it with traffic of a particular type. Denial-of-service attacks frequently use floods of ping messages or TCP SYN packets to attack a server. A flood guard is a filter implemented in a firewall or a standalone device to prevent the flood of traffic from reaching the intended target.

152
Q

Which of the following types of attacks on a network switch can a flood guard help to prevent?

A. DNS poisoning

B. War driving

C. MAC flooding

D. Evil twin

A

C. MAC flooding

By flooding a switch with frames containing many different false MAC addresses, an attacker can cause the legitimate entries in the switch’s MAC table to be aged out of the device and replaced with bogus entries. When the destinations of incoming frames are not found in the table, the switch broadcasts them throughout the network, where they can be more readily captured and compromised. A flood guard is a mechanism that prevents confirmed MAC address in the table from being replaced.

153
Q

Which of the following protocols is a root guard designed to affect?

A. EAP

B. STP

C. LDAP

D. ARP

A

B. STP

A root guard affects the behavior of the Spanning Tree Protocol (STP) by enforcing the selection of root bridge ports on a switched network. Without root guards, there is no way for administrators to enforce the topology of a network with a redundant switching fabric.

154
Q

Which of the following modifications occur when you configure the native VLAN on your network switches to use 802.1q tagging? (Choose all correct answers.)

A. Double-tagged packets are prevented.

B. BPDU guards are applied.

C. Root guards are applied.

D. Trunk traffic is routed, not switched.

A

A. Double-tagged packets are prevented.

To join ports on different switches into one VLAN, you designate a trunk port on each switch for the traffic between switches. Initially, the native VLAN uses the default VLAN1 for trunk traffic, and that traffic is left untagged. Untagged traffic is susceptible to attacks using double-tagged packets. When you configure the native VLAN to use tagging, this makes it impervious to double-tagging.

155
Q

Which of the following protocols is responsible for inserting the tags into frames that enable switches to forward them to the appropriate VLAN?

A. IEEE 802.3x

B. IEEE 802.1X

C. IEEE 802.1q

D. IEEE 802.11ac

A

C. IEEE 802.1q

The IEEE 802.1q protocol is responsible for VLAN tagging, a procedure that enables network switches to support virtual LANs (VLANs). Through the insertion of VLAN identifier tags into frames, switches can determine which VLAN each packet is destined for and forward it to the correct ports.

156
Q

Which of the following best explains how tagging the native VLAN traffic can improve in-band switch management security?

A. By renaming the default VLAN

B. By preventing double-tagged packets

C. By encrypting in-band management traffic

D. By moving in-band management traffic off the native VLAN

A

B. By preventing double-tagged packets

When in-band switch management traffic, such as that generated by a Secure Shell (SSH) connection to a switch, uses the native VLAN, it is untagged by default. This is because the native VLAN is at first the default VLAN1, which is not tagged by the 802.1q protocol, leaving it open to certain types of double-tagging attacks. When you tag the native VLAN traffic, it is rendered immune to double-tagging.

157
Q

Which of the following mitigation techniques helps organizations maintain compliance to standards such as HIPAA and FISMA?

A. File integrity monitoring

B. Role separation

C. Deauthentication

D. Tamper detection

A

A. File integrity monitoring

File integrity monitoring (FIM) is a process that typically consists of a comparison of files in their current state to a known baseline copy stored elsewhere. The comparison can be direct, or it could involve the calculation of checksums or other types of file hashes. The object of the comparison is to detect changes in documents, both in content and in sensitive areas, such as credentials, privileges, and security settings, which might indicate the presence of a potential or actual security breach.

158
Q

Which of the following functions cannot be implemented using digital signatures?

A. Integrity

B. Nonrepudiation

C. Segmentation

D. Authentication

A

C. Segmentation

Digital signatures can be used for the following functions: authentication, to confirm that data originated from a specific individual; nonrepudiation, to prevent the sender from denying the data’s origin; and integrity, to confirm that the data has not been modified in transit. Segmentation is not a function of digital signatures.