Domain 5

Question 1

RAS installed on a Windows 2000 server can handle how many incoming connections,

Answer 1

256–Windows Server can established 256 connections and Windows 2000 Profession can only handle one

Question 2

What protocol was designed to provide secure connectivity to the Internet over broadband or cable,

Answer 2

PoPE–is derived from the PPP protocol and was designed to provide secure connectivity to the internet

Question 3

The Remote Desktop Protocol (RDP) operates at which OSI layer?

Answer 3

Application

Question 4

What Terminal Services Protocol was designated to be able to remotely display and provide interaction with applications running on a Windows computer ,

Answer 4

RDP

Question 5

What protocol provides secure client connections over the Internet using VPNs,

Answer 5

PPTP–Point to Point Tunneling Protocol

Question 6

What does Zeroconfig do,

Answer 6

Zeroconfig enables sharing of files and resources on the fly between between devices–which con be accomplished over a physical resource like a crossover cable.

Question 7

What is more secure authentication protocol PAP or CHAP,–(Password Authentication Protocol & Challenge Handshake Authentication Protocol)

Answer 7

CHAP–it uses a more complex procedure for authentication

Question 8

What supports various authentication methods including Smart Cards, Certificates, Kerberos,

Answer 8

EAP–Extensible Authentication Protocol

Question 9

T Or F–when using a basic rate ISDN service, you do not need firewalls or other forms of protection,

Answer 9

FALSE–the service does not determine the level of security you need

Question 10

What protocol provides secure, encrypted file transfer between dissimilar systems,

Answer 10

SFTP–Secure File Transfer Protocol

Question 11

What are firewalls primarily used for,

Answer 11

Protecting private networks from attacks on the public side and protecting the Internet from attacks on the private side

Question 12

What is a security function of a firewall,

Answer 12

Restricts unauthorized users from accessing your network

Question 13

What are firewalls designed to do,

Answer 13

Hide the network behind it–if the hacker cannot see it the network it is difficult to enter the network

Question 14

name 3 protections for your network from outside invaders,

Answer 14

Firewalls, Packet-filtering routers and proxy Servers

Question 15

You want to transfer data securely over a WAN. How can this be accomplished,

Answer 15

Encrypt data before sending

Question 16

Describe a secure password,

Answer 16

Passwords should be at least 6 characters, a mixture of upper and lower case, non-words and symbols

Question 17

3 good security measures for an administrator,

Answer 17

1. never attach a server to the Internet w/o a firewall; Have an attack plan; do not leave any old accounts on network

Question 18

How can you improve password security,

Answer 18

Force a password change periodically

Question 19

How do you protect your internal network against viruses from the Internet,

Answer 19

Network Virus Protection Suite

Question 20

Virus programs are constantly being modified in order to escape detection. The best defense against is update your________

Answer 20

Virus definitions

Question 21

T Or F? Viruses can be transmitted by floppy disk and capable of moving across any pathway that can carry data,

Answer 21

TRUE

Question 22

When a router is acting as a firewall it can user a technique that monitors all current TEC sessions, what is this called,

Answer 22

Stateful Packet Inspection

Question 23

Software that examines your Internet traffic and blocks unapproved content is ______,

Answer 23

Content filter

Question 24

T OR F? A network layer firewall uses stateful packet inspection.

Answer 24

FALSE

Question 25

PPoE is derived from the ____ protocol and was designed to provide secure connectivity to the Internet over broadband Ethernet connections such as DSL

Answer 25

PPP–point to point protocol

Question 26

Name 4 devices that could qualify as encryption devices when configured properly,

Answer 26

VPN concentrator; Router; Sever; and Multilayer switch

Question 27

Name a Web based VPN tunnel that is capable of handling active content,

Answer 27

SSH tunnel VPN–provides additional capabilities such as Java, Active X and Flash

Question 28

What is On-boarding,

Answer 28

Allows devices to quickly be enrolled on a network

Question 29

What as the first thin client allowing remote desktop

Answer 29

ICA–developed by Citrix in the mid 1990s; followed by Microsoft RDP

(Independent computing architecture $

Question 30

This cryptographic key allows users to communicate securely using digital certificates–can create or revoke,

Answer 30

PKI–public key infrastructure

PKI–defines a way of verifying the identities users using their unique digital certificates

Question 31

Name the components of AAA security,

Answer 31

Authentication; accounting; authorization

Question 32

802.1x security is based on this authentication method

Answer 32

EAP–Extensible Authentication Protocol

Question 33

T or F? A DDoS attack is generally used to attack a host on the network by attempting to max out its resources from a single location,

Answer 33

False–A DoS is typically a single individual or machine whereas a DDoS uses as many attackers as possible

Question 34

The purpose of marking a building that contains an accessible wireless connection is known as what?

Answer 34

War chalking

Question 35

2 Terms that can be used to define setting up an unauthorized wireless access point set up to eavesdrop

Answer 35

Evil Twin; Rogue AP

Question 36

What could be set up by an authorized wireless network user,

Answer 36

Rogue AP

Question 37

What is the primary function provided by NESSUS,

Answer 37

Vulnerability scanner that scans for vulnerabilities such as misconfiguration, certain Dos

Question 38

NESSUS and NMAP are 2 types of,

Answer 38

Vulnerability Port scanners

Question 39

This term defines a network device set outside the firewall designed to trap and monitor unauthorized access to a network

Answer 39

Honeypot–invisible to the outside

Question 40

what is the main difference between a honeypot and a honeynet

Answer 40

A honey pot is a single device and a honeynet can contain several devices

Question 41

What application has the capability of identifying unencrypted sensitive information on networks, credit card numbers for example,

Answer 41

NESSUS–vulnerability port scanners

Question 42

What has the capability of scanning a large network quickly and providing info about the host,

Answer 42

NMAP–network mapper. Security scanner

Question 43

THE IDS configuration monitors traffic for variations compared to normal traffic based on learned usage patterns,

Answer 43

Behavior-based

Question 44

What would be typically set up by an unauthorized wireless network user,

Answer 44

Evil Twin

Question 45

T or F? In an active man-in-the-middle attack, the attacker usually modifies the traffic before sending,

Answer 45

TRUE

Question 46

T or F? A passive man in the middle attack is known as a replay attack

Answer 46

TRUE

Question 47

This technique is used on devices configured for IDS,

Answer 47

Port mirroring–traffic received forwards on one port on a switch to another

Question 48

Roving around looking for open wireless access points is known as ____________

Answer 48

War driving