Exam Compass - SOHO Security Settings Quiz

Question 1

Because wireless routers are shipped with default credentials, the process of securing a SOHO network should include changing the default username and password on a Wireless Access Point (WAP).
True
False

Answer 1

True

Question 2

What type of network traffic filtering criteria can be set on a router?
Filtering by IP address
Filtering by network protocol
Filtering by subnet
Filtering by logical port number
All of the above

Answer 2

All of the above

Question 3

Which of the answers listed below refers to an application software that selectively blocks access to websites?
Captive portal
Firewall
Content filter
Proxy server

Answer 3

Content filter

Question 4

Which of the following answers refers to an example of content filtering configuration setting on a SOHO router?
Modem mode
Parental controls
MAC filtering
IP and port filtering

Answer 4

Parental controls

Question 5

The term “Unified Threat Management” (UTM) refers to a network security solution, commonly in the form of a dedicated device (called UTM appliance or web security gateway), which combines the functionality of a firewall with additional features such as URL filtering, content inspection, spam filtering, gateway antivirus protection, IDS/IPS function, or malware inspection.
True
False

Answer 5

True

Question 6

An optimal Wireless Access Point (WAP) antenna placement provides a countermeasure against:
War chalking
Spoofing
War driving
Insider threat

Answer 6

War driving

Question 7

Which of the WAP settings listed below allows for adjusting the boundary range of a wireless signal?
WPS setup
Radio channel
Power level controls
Beacon interval

Answer 7

Power level controls

Question 8

A DHCP server’s IP exclusion configuration option allows network administrators to remove a single IP address or a range of IP addresses from the pool of addresses being assigned automatically to the requesting DHCP client computers. IP exclusion prevents other DHCP clients from requesting an IP address statically assigned to other essential network hosts (e.g., servers, or wireless printers).
True
False

Answer 8

True

Question 9

A type of architecture that simplifies networking by allowing devices to dynamically join a network, autoconfigure, and learn about the presence and capabilities of other devices is known as:
PoE
DHCP
SDN
UPnP

Answer 9

UPnP

Question 10

Which of the following answers refers to the concept of zero-configuration networking?
DHCP
PnP
UPnP
AutoRun

Answer 10

UPnP

Question 11

Examples of technologies that should not be used due to their known vulnerabilities or other security risks include: (Select 2 answers)
RDP
UPnP
WEP
TLS
SNMP

Answer 11

UPnP
WEP

Question 12

A lightly protected subnet (a.k.a. DMZ) consisting of publicly available servers placed on the outside of the company’s firewall is called:
Captive portal
Honeynet
Quarantine network
Extranet
Screened subnet

Answer 12

Screened subnet

Question 13

Service Set Identifier (SSID) is a unique identifier (a.k.a. wireless network name) for a WLAN. Wireless networks advertise their presence by regularly broadcasting SSID in a special packet called beacon frame. In wireless networks with disabled security features, knowing the network SSID is enough to get access to the network. SSID also pinpoints the wireless router that acts as a Wireless Access Point (WAP). Wireless routers from the same manufacturer are frequently configured with default (well-known) SSID names. Since multiple devices with the same SSID displayed on the list of available networks create confusion and encourage accidental access by unauthorized users (applies to networks that lack security), changing the default SSID is a recommended practice.
True
False

Answer 13

True

Question 14

Disabling SSID broadcast:
Is one of the measures used in the process of securing wireless networks
Makes a WLAN harder to discover
Blocks access to a WAP
Prevents wireless clients from accessing the network

Answer 14

Makes a WLAN harder to discover

Question 15

For a wireless client to be able to connect to a network, the security type (e.g., WEP, WPA, WPA2, or WPA3) and encryption type (e.g., TKIP or AES) settings on the connecting host must match the corresponding wireless security settings on a Wireless Access Point (WAP).
True
False

Answer 15

True

Question 16

A type of wireless network that provides access to the Internet, but not to the internal network is referred to as guest WiFi network. Setting up a separate network for visitors (handled by a dedicated access point) protects the internal network against risks related to unauthorized activities and malware infections.
True
False

Answer 16

True

Question 17

In the context of implementing secure network designs, the term “Port security” may apply to:
Disabling physical ports on a device (e.g., RJ-45 device ports on a router, switch, or patch panel)
Implementing MAC filtering
Disabling unused logical ports (TCP/UDP)
Implementing Port-based Network Access Control (defined in the IEEE 802.1X standard)
All of the above

Answer 17

All of the above

Question 18

Port mirroring allows an administrator to inspect traffic passing through a network switch. On a switch that supports port mirroring, a packet analyzer can be connected to an empty port and the switch can be configured to pass a copy of the data sent over one or multiple ports on that switch to the packet sniffer port allowing the administrator to monitor contents of the traffic passing through the switch.
True
False

Answer 18

True