Domain 4 Sybex Flashcards
Gary wants to distribute a large file and prefers a peer-to-peer CDN. Which of the following is the most common example of this type of technology?
A. CloudFlare
B. BitTorrent
C. Amazon CloudFront
D. Akamai Edge
B. BitTorrent is an example of a peer-to-peer (P2P) content delivery network. It is commonly used for legitimate purposes to distribute large files like Linux ISOs and other freely distributed software packages and files in addition to its less legitimate uses. CloudFlare, CloudFront, and Akamai’s Edge are all hosted CDNs.
During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make?
A. Continue to use LEAP. It provides better security than TKIP for WPA networks.
B. Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported.
C. Continue to use LEAP to avoid authentication issues, but move to WPA2.
D. Use an alternate protocol like PEAP or EAP-TLS, and implement Wired Equivalent Privacy to avoid wireless security issues.
B. LEAP, the Lightweight Extensible Authentication Protocol, is a Cisco proprietary protocol designed to handle problems with TKIP. Unfortunately, LEAP has significant security issues as well and should not be used. Any modern hardware should support WPA2 and technologies like PEAP or EAP-TLS. Using WEP, the predecessor to WPA and WPA2, would be a major step back in security for any network.
Ben has connected his laptop to his tablet PC using an 802.11ac connection. What wireless network mode has he used to connect these devices?
A. Infrastructure mode
B. Wired extension mode
C. Ad hoc mode
D. Standalone mode
C. Ben is using ad hoc mode, which directly connects two clients. It can be easy to confuse this with standalone mode, which connects clients using a wireless access point but not to wired resources like a central network. Infrastructure mode connects endpoints to a central network, not directly to each other. Finally, wired extension mode uses a wireless access point to link wireless clients to a wired network.
Selah’s and Nick’s PCs simultaneously send traffic by transmitting at the same time. What network term describes the range of systems on a network that could be affected by this same issue?
A. The subnet
B. The supernet
C. A collision domain
D. A broadcast domain
C. A collision domain is the set of systems that could cause a collision if they transmitted at the same time. Systems outside a collision domain cannot cause a collision if they send at the same time. This is important, as the number of systems in a collision domain increases the likelihood of network congestion due to an increase in collisions. A broadcast domain is the set of systems that can receive a broadcast from each other. A subnet is a logical division of a network, while a supernet is made up of two or more networks.
Sarah is manually reviewing a packet capture of TCP traffic and finds that a system is setting the RST flag in the TCP packets it sends repeatedly during a short period of time. What does this flag mean in the TCP packet header?
A. RST flags mean “Rest.” The server needs traffic to briefly pause.
B. RST flags mean “Relay-set.” The packets will be forwarded to the address set in the packet.
C. RST flags mean “Resume Standard.” Communications will resume in their normal format.
D. RST means “Reset.” The TCP session will be disconnected.
D. The RST flag is used to reset or disconnect a session. It can be resumed by restarting the connection via a new three-way handshake.
Gary is deploying a wireless network and wants to deploy the fastest possible wireless technology. Which one of the following wireless networking standards should he use?
A. 802.11a
B. 802.11g
C. 802.11n
D. 802.11ac
D. He should choose 802.11ac, which supports theoretical speeds up to 3.4 Gbps. 802.11n supports up to 600 Mbps, 802.11g and 802.11a are only capable of 54 Mbps.
Michele wants to replace FTP traffic with a secure replacement. What secure protocol should she select instead?
A. TFTP
B. HFTPS
C. SecFTP
D. SFTP
D. Both FTP/S and SFTP are commonly used as replacement insecure FTP services. SFTP offers the advantage of using SSH for transfers, making it easy to use existing firewall rules. TFTP is trivial FTP, an insecure quick transfer method often used to transfer files for network devices, among other uses. HFTPS and SecFTP were made up for this question.
Jake has been told that there is a layer 3 problem with his network. Which of the following is associated with layer 3 in the OSI model?
A. IP addresses
B. TCP and UDP protocols
C. MAC addresses
D. Sending and receiving bits via hardware
A. The Network layer, or layer 3, uses IP addresses for logical addressing. TCP and UDP protocols are used at the Transport layer, which is layer 4. Hardware addresses are used at layer 2, the Data Link layer, and sending and receiving bits via hardware is done at the Physical layer (layer 1).
Frank is responsible for ensuring that his organization has reliable, supported network hardware. Which of the following is not a common concern for network administrators as they work to ensure their network continues to be operational?
A. If the devices have vendor support
B. If the devices are under warranty
C. If major devices support redundant power supplies
D. If all devices support redundant power supplies
D. Most networks include many edge devices like wireless access points and edge switches. These devices often have a single power supply to balance cost against reliability and will simply be replaced if they fail. More critical devices like routers and core switches are typically equipped with redundant power supplies to ensure that larger segments of the network do not fail if a component fails. Of course, making sure devices are supported so they get updates and that they are under warranty are both common practices for supportable networks.
Brian is selecting an authentication protocol for a PPP connection. He would like to select an option that encrypts both usernames and passwords and protects against replay using a challenge/response dialog. He would also like to reauthenticate remote systems periodically. Which protocol should he use?
A. PAP
B. CHAP
C. EAP
D. LEAP
B. The Challenge-Handshake Authentication Protocol, or CHAP, is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks. LEAP provides reauthentication but was designed for WEP, while PAP sends passwords unencrypted. EAP is extensible and was used for PPP connections, but it doesn’t directly address the listed items.
Which one of the following protocols is commonly used to provide back-end authentication services for a VPN?
A. HTTPS
B. RADIUS
C. ESP
D. AH
B. The Remote Access Dial In User Service (RADIUS) protocol was originally designed to support dial-up modem connections but is still commonly used for VPN-based authentication. HTTPS is not an authentication protocol. ESP and AH are IPsec protocols but do not provide authentication services for other systems.
Isaac wants to ensure that his VoIP session initialization is secure. What protocol should he ensure is enabled and required?
A. SVOIP
B. PBSX
C. SIPS
D. SRTP
C. SIPS, the secure version of the Session Initialization Protocol for VoIP, adds TLS encryption to keep the session initialization process secure. SVOIP and PBSX are not real protocols, but SRTP is the secure version of RTP, the Real time Transport Protocol.
What type of firewall design is shown in the diagram?
A. A single-tier firewall
B. A two-tier firewall
C. A three-tier firewall
D. A four-tier firewall
B. The firewall in the diagram has two protected zones behind it, making it a two-tier firewall design.
If the VPN grants remote users the same access to network and system resources as local workstations have, what security issue should Chris raise?
A. VPN users will not be able to access the web server.
B. There is no additional security issue; the VPN concentrator’s logical network location matches the logical network location of the workstations.
C. Web server traffic is not subjected to stateful inspection.
D. VPN users should only connect from managed PCs.
D. Remote PCs that connect to a protected network need to comply with security settings and standards that match those required for the internal network. The VPN concentrator logically places remote users in the protected zone behind the firewall, but that means user workstations (and users) must be trusted in the same way that local workstations are.
If Chris wants to stop cross-site scripting attacks against the web server, what is the best device for this purpose, and where should he put it?
A. A firewall, location A
B. An IDS, location A
C. An IPS, location B
D. A WAF, location C
C. An intrusion protection system can scan traffic and stop both known and unknown attacks. A web application firewall, or WAF, is also a suitable technology, but placing it at location C would only protect from attacks via the organization’s VPN, which should only be used by trusted users. A firewall typically won’t have the ability to identify and stop cross-site scripting attacks, and IDS systems only monitor and don’t stop attacks.
Susan is deploying a routing protocol that maintains a list of destination networks with metrics that include the distance in hops to them and the direction traffic should be sent to them. What type of protocol is she using?
A. A link-state protocol
B. A link-distance protocol
C. A destination metric protocol
D. A distance-vector protocol
D. Distance-vector protocols use metrics including the direction and distance in hops to remote networks to make decisions. A link-state routing protocol considers the shortest distance to a remote network. Destination metric and link-distance protocols don’t exist.
Ben has configured his network to not broadcast an SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered?
A. Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets.
B. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer.
C. Disabling SSID broadcast prevents issues with beacon frames. The SSID can be recovered by reconstructing the BSSID.
D. Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network.
B. Disabling SSID broadcast can help prevent unauthorized personnel from attempting to connect to the network. Since the SSID is still active, it can be discovered by using a wireless sniffer. Encryption keys are not related to SSID broadcast, beacon frames are used to broadcast the SSID, and it is possible to have multiple networks with the same SSID.
What network tool can be used to protect the identity of clients while providing Internet access by accepting client requests, altering the source addresses of the requests, mapping requests to clients, and sending the modified requests out to their destination?
A. A switch
B. A proxy
C. A router
D. A firewall
B. A proxy is a form of gateway that provides clients with a filtering, caching, or other service that protects their information from remote systems. A router connects networks, while a firewall uses rules to limit traffic permitted through it. A switch is used to connect systems and does not provide these capabilities.
Susan wants to secure her communications traffic via multiple internet service providers as it is sent to her company’s second location. What technology should she use to protect the traffic for an always on, always connected link between the sites?
A. FCoE
B. SDWAN
C. A point-to-point IPsec VPN
D. Zigbee
C. A point-to-point IPsec VPN can provide a secure, encrypted channel that is established on an ongoing basis between the two sites, ensuring that Susan’s traffic is not exposed along the path that it travels. FCoE is Fibre Channel over Ethernet, a storage protocol. SD-WAN is a software-defined wide area network, and Zigbee is a low-power wireless protocol. None of these addresses Susan’s needs.
Melissa wants to combine multiple physical networks in her organization in a way that is transparent to users but allows the resources to be allocated as needed for networked services. What type of network should she deploy?
A. iSCSI
B. A virtual network
C. SDWAN
D. A CDN
B. A virtual network can be used to combine existing networks or to divide a network into multiple segments. Melissa can use a virtual network to combine existing networks and then use software-defined networking capabilities to allocate and manage network resources. iSCSI is a converged storage protocol. An SD-WAN is a software-defined wide area network, and this question does not specify LAN or WAN technologies. A CDN is a content distribution network and helps with load and denial-of-service attacks.
Which email security solution provides two major usage modes: (1) signed messages that provide integrity, sender authentication, and nonrepudiation; and (2) an enveloped message mode that provides integrity, sender authentication, and confidentiality?
A. S/MIME
B. MOSS
C. PEM
D. DKIM
A. S/MIME supports both signed messages and a secure envelope method. While the functionality of S/MIME can be replicated with other tools, the secure envelope is an S/MIME-specific concept. MOSS, or MIME Object Security Services, and PEM can also both provide authentication, confidentiality, integrity, and nonrepudiation, while DKIM, or Domain Keys Identified Mail, is a domain validation tool.
During a security assessment, Jim discovers that the organization he is working with uses a multilayer protocol to handle SCADA systems and recently connected the SCADA network to the rest of the organization’s production network. What concern should he raise about serial data transfers carried via TCP/IP?
A. SCADA devices that are now connected to the network can now be attacked over the network.
B. Serial data over TCP/IP cannot be encrypted.
C. Serial data cannot be carried in TCP packets.
D. TCP/IP’s throughput can allow for easy denial-of-service attacks against serial devices.
A. Multilayer protocols like DNP3 allow SCADA and other systems to use TCP/IP-based networks to communicate. Many SCADA devices were never designed to be exposed to a network, and adding them to a potentially insecure network can create significant risks. TLS or other encryption can be used on TCP packets, meaning that even serial data can be protected. Serial data can be carried via TCP packets because TCP packets don’t care about their content; it is simply another payload. Finally, TCP/IP does not have a specific throughput as designed, so issues with throughput are device-level issues.
Ben provides networking and security services for a small chain of coffee shops. The coffee shop chain wants to provide secure, free wireless for customers. Which of the following is the best option available to Ben to allow customers to connect securely to his wireless network without needing a user account if Ben does not need to worry about protocol support issues?
A. Use WPA2 in PSK mode.
B. Use WPA3 in SAE mode.
C. Use WPA2 in Enterprise mode.
D. Use a captive portal.
B. WPA3’s new SAE (simultaneous authentication of equals) mode improves on WPA2’s PSK mode by allowing for secure authentication between clients and the wireless network without enterprise user accounts. If Ben needed to worry about support for WPA3, which may not be available to all systems that may want to connect, he might have to choose WPA2. A captive portal is often used with open guest networks, and Enterprise mode requires user accounts.
Alicia’s company has implemented multifactor authentication using SMS messages to provide a numeric code. What is the primary security concern that Alicia may want to express about this design?
A. SMS messages are not encrypted.
B. SMS messages can be spoofed by senders.
C. SMS messages may be received by more than one phone.
D. SMS messages may be stored on the receiving phone.
A. SMS messages are not encrypted, meaning that they could be sniffed and captured. While using two factors is more secure than a single factor, SMS is one of the less secure ways to implement two-factor authentication because of this. SMS messages can be spoofed, can be received by more than one phone, and are typically stored on the recipient’s phone. The primary threat here, however, is the unencrypted message itself.
What speed and frequency range are used by 802.11n?
A. 5 GHz only
B. 900 MHz and 2.4 GHz
C. 2.4 GHz and 5 GHz
D. 2.4 GHz only
C. 802.11n can operate on both the 2.4 and 5 GHz frequency range. The 900 MHz range has frequently been used for phones and non-WiFi wireless networks as well as other amateur radio uses. Knowing that multiple ranges are available and that they may behave differently based on how many access points are in use and whether other devices that may cause interference on that band are in the area can be important for wireless network deployments.
The Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
B. ARP and RARP operate at the Data Link layer, the second layer of the OSI model. Both protocols deal with physical hardware addresses, which are used above the Physical layer (layer 1) and below the Network layer (layer 3), thus falling at the Data Link layer.
Which of the following is a converged protocol that allows storage mounts over TCP, and which is frequently used as a lower-cost alternative to Fibre Channel?
A. MPLS
B. SDN
C. VoIP
D. iSCSI
D. iSCSI is a converged protocol that allows location-independent file services over traditional network technologies. It costs less than traditional Fibre Channel. VoIP is Voice over IP, SDN is software-defined networking, and MPLS is Multiprotocol Label Switching, a technology that uses path labels instead of network addresses.
Chris is building an Ethernet network and knows that he needs to span a distance of more than 150 meters with his 1000BaseT network. What network technology should he use to help with this?
A. Install a repeater, a switch, or a concentrator before 100 meters.
B. Use Category 7 cable, which has better shielding for higher speeds.
C. Install a gateway to handle the distance.
D. Use STP cable to handle the longer distance at high speeds.
A. A repeater, switch, or concentrator will amplify the signal, ensuring that the 100-meter distance limitation of 1000BaseT is not an issue. A gateway would be useful if network protocols were changing, while Cat7 cable is appropriate for a 10 Gbps network at much shorter distances. STP cable is limited to 155 Mbps and 100 meters, which would leave Chris with network problems.
What protocol is the messaging traffic most likely to use based on the diagram?
A. SLACK
B. HTTP
C. SMTP
D. HTTPS
B. The use of TCP port 80 indicates that the messaging service is using the HTTP protocol. Slack is a messaging service that runs over HTTPS, which uses port 443. SMTP is an email protocol that uses port 25.
What security concern does sending internal communications from A to B raise?
A. The firewall does not protect system B.
B. System C can see the broadcast traffic from system A to B.
C. It is traveling via an unencrypted protocol.
D. Messaging does not provide nonrepudation.
C. HTTP traffic is typically sent via TCP80. Unencrypted HTTP traffic can be easily captured at any point between A and B, meaning that the messaging solution chosen does not provide confidentiality for the organization’s corporate communications
How could Selah’s company best address a desire for secure messaging for users of internal systems A and C?
A. Use a third-party messaging service.
B. Implement and use a locally hosted service.
C. Use HTTPS.
D. Discontinue use of messaging and instead use email, which is more secure.
B. If a business need requires messaging, using a local messaging server is the best option. This prevents traffic from traveling to a third-party server and can offer additional benefits such as logging, archiving, and control of security options like the use of encryption.
Which of the following drawbacks is a concern when multilayer protocols are allowed?
A. A range of protocols may be used at higher layers.
B. Covert channels are allowed.
C. Filters cannot be bypassed.
D. Encryption can’t be incorporated at multiple layers.
B. Multilayer protocols create three primary concerns for security practitioners: they can conceal covert channels (and thus covert channels are allowed), filters can be bypassed by traffic concealed in layered protocols, and the logical boundaries put in place by network segments can be bypassed under some circumstances. Multilayer protocols allow encryption at various layers and support a range of protocols at higher layers.
Which of the following is not an example of a converged protocol?
A. MIME
B. FCoE
C. iSCSI
D. VoIP
A. Fibre Channel over Ethernet (FCoE), Internet Small Computer Systems Interface (iSCSI), and Voice over Internet Protocol (VoIP) are all examples of converged protocols that combine specialized protocols with standard protocols like TCP/IP. MIME, Multipurpose Internet Mail Extensions, is not a converged protocol.
Chris uses a cellular hot spot to provide internet access when he is traveling. If he leaves the hot spot connected to his PC while his PC is on his organization’s corporate network, what security issue might he cause?
A. Traffic may not be routed properly, exposing sensitive data.
B. His system may act as a bridge from the internet to the local network.
C. His system may be a portal for a reflected DDoS attack.
D. Security administrators may not be able to determine his IP address if a security issue occurs.
B. When a workstation or other device is connected simultaneously to both a secure network and a nonsecure network like the internet, it may act as a bridge, bypassing the security protections located at the edge of a corporate network. It is unlikely that traffic will be routed improperly leading to the exposure of sensitive data, as traffic headed to internal systems and networks is unlikely to be routed to the external network. Reflected DDoS attacks are used to hide identities rather than to connect through to an internal network, and security administrators of managed systems should be able to determine both the local and wireless IP addresses his system uses.
In her role as an information security professional, Susan has been asked to identify areas where her organization’s wireless network may be accessible even though it isn’t intended to be. What should Susan do to determine where her organization’s wireless network is accessible?
A. A site survey
B. Warwalking
C. Wardriving
D. A design map
A. Wardriving and warwalking are both processes used to locate wireless networks, but are not typically as detailed and thorough as a site survey, and design map is a made-up term.
What features can IPsec provide for secure communication?
A. Encryption, access control, nonrepudiation and message authentication
B. Protocol convergence, content distribution, micro-segmentation, and network virtualization
C. Encryption, authorization, nonrepudiation, and message integrity checking
D. Micro-segmentation, network virtualization, encryption, and message authentication
A. IPsec, or Internet Protocol Security, can provide encryption, access control, nonrepudiation, and message authentication using public key cryptography. It does not provide authorization, protocol convergence, content distribution, or the other items listed.
Casey has been asked to determine if Zigbee network traffic can be secured in transit. What security mechanism does Zigbee use to protect data traffic?
A. 3DES encryption
B. AES encryption
C. ROT13 encryption
D. Blowfish encryption
B. Zigbee uses AES to protect network traffic, providing integrity and confidentiality controls. It does not use 3DES, and ROT13 is a simple rotational cipher you might find in a cereal box or secret decoder ring.
Sue modifies her MAC address to one that is allowed on a network that uses MAC filtering to provide security. What is the technique Sue used, and what nonsecurity issue could her actions cause?
A. Broadcast domain exploit, address conflict
B. Spoofing, token loss
C. Spoofing, address conflict
D. Sham EUI creation, token loss
C. The process of using a fake MAC (Media Access Control) address is called spoofing, and spoofing a MAC address already in use on the network can lead to an address collision, preventing traffic from reaching one or both systems. Tokens are used in token ring networks, which are outdated, and EUI refers to an Extended Unique Identifier, another term for MAC address, but token loss is still not the issue. Broadcast domains refer to the set of machines a host can send traffic to via a broadcast message.
Joanna wants to deploy 4G LTE as an out-of-band management solution for devices at remote sites. Which of the following security capabilities is not commonly available from 4G service providers?
A. Encryption capabilities
B. Device-based authentication
C. Dedicated towers and antennas for secure service subscribers
D. SIM-based authentication
C. While security features vary from provider to provider, encryption, device-based authentication (for example, using certificates), and SIM-based authentication are all common options for 4G connectivity solutions. Joanna should work with her provider to determine what capabilities are available and assess whether they meet her needs.
SMTP, HTTP, and SNMP all occur at what layer of the OSI model?
A. Layer 4
B. Layer 5
C. Layer 6
D. Layer 7
D. Application-specific protocols are handled at layer 7, the Application layer of the OSI model.