Implementation (1) Flashcards
Which of the following statements are true regarding TCP/IP? (Choose two.)
TCP/IP protocols are part of the OSI model.
TCP/IP is a protocol stack containing multiple protocols.
TCP/IP closely maps to the OSI model.
TCP/IP protocols are part of the transport and network layers of the OSI model.
TCP/IP is a protocol stack containing multiple protocols.
TCP/IP closely maps to the OSI model.
TCP/IP is a protocol suite that has multiple protocols in it and closely maps to the OSI model layers
Which of the following is a true statement regarding IPv6?
IPv6 has been implemented on the Internet worldwide.
IPv6 has 4,294,967,296 available IP addresses.
IPSec is natively included with IPv6.
IPSec is natively included with IPv6.
IPSec is natively included with IPv6
Which of the following IPSec protocols is used to provide authentication and integrity for an entire IP packet?
Encapsulating Security Payload (ESP)
Authentication Header (AH)
Internet Key Exchange (IKE)
Authentication Header (AH)
The Authentication Header (AH) protocol is used to provide authentication and integrity for an entire IP packet, regardless of whether it is in transport mode or tunnel mode
Which of the following IPSec modes should be used within a local area network?
Authentication mode
Tunnel mode
Transport mode
Transport mode
Transport mode should be used within a local area network, since the IP header can’t be encrypted
An executive is traveling with his laptop computer to a conference. The contents of his laptop contain very confidential product information, including development specifications and product road maps. Which of the following techniques can be implemented to protect the confidentiality of the data on the laptop?
Make sure all software is up to date.
Password-protect the laptop BIOS.
Encrypt the hard drive using a TPM.
Encrypt the hard drive using a TPM.
A trusted platform module (TPM) allows the contents of the hard drive to be encrypted with encryption keys that are stored on the TPM chip, which can be accessed only by the end user. This prevents an unauthorized user from accessing the hard drive contents of equipment
A security patch for your OS was released about a week after you applied the latest OS service pack. What should you do?
Wait until the release of the next full service pack.
Download the patch only if you experience problems with the OS.
Download and install the security patch.
Download and install the security patch.
Even though you just installed the latest service pack, a security vulnerability might have recently been discovered, requiring that you install a new security patch. You will not be protected from the vulnerability if you do not install the security patch, and waiting for it to be included in the next service pack might be too dangerous
As part of your security baselining and OS hardening, you want to make sure that you protect your organization from vulnerabilities in its operating system software. Which one of the following tasks should you perform?
Update antivirus signature files.
Install any patches or OS updates.
Use an encrypted file system.
Install any patches or OS updates.
The most recent software updates and patches for your operating system will contain the latest bug and exploit fixes. This prevents known bugs and weakness in the OS from being exploited
The __________ process in Windows 10 uses the UEFI and a trusted platform module to provide a more secure boot process, also allowing for boot attestation.
Boot management
Secure boot
Measured boot
Measured boot
The Measured Boot process in Windows 10 uses the UEFI and a TPM to provide a more secure boot process, also allowing for boot attestation
After a security review, Tom has recommended that his organization install a network-based intrusion prevention system (NIPS). Based on the current budget, his manager recommended that he install a less costly network-based intrusion detection system (NIDS). What are the primary security differences between a NIDS and a NIPS that Tom could use to justify the additional costs? (Choose two.)
A NIDS only detects TCP/IP attacks.
A NIPS actively tries to mitigate an incoming intrusion rather than just detect it.
A NIDS can raise alarms when it detects an intrusion.
A NIPS is only host based, not network based.
A NIDS only detects TCP/IP attacks.
A NIPS actively tries to mitigate an incoming intrusion rather than just detect it.
A NIPS actively tries to mitigate an incoming intrusion rather than just detect it. A NIDS actively monitors for intrusions and alerts the administrator when it detects one. A NIPS goes a step further and tries to actively prevent the intrusion as it is occurring
Lauren must install and secure her organization’s Internet services, including web, FTP, and e-mail servers, within the current network topology, which uses a network firewall to protect the organization’s internal networks. In which security zone of the network should Lauren install these servers to isolate them from the Internet and the organization’s internal networks?
Screened subnet
VLAN
Internal network
Screened subnet
The screened subnet is a network that typically contains Internet servers and services that are accessible from the outside world but need to be isolated from your internal network. The screened subnet ensures incoming connections for these services are routed to the screened subnet and never reach the internal LAN
Max’s organization is growing fast, and the number of clients and devices on the organization’s network has doubled in size over the last year. Max has been tasked with partitioning the network. Which of the following would best help partition and secure the network?
MAC
VPN
VLAN
VLAN
A virtual LAN (VLAN) is used to segment a network into smaller logical units to aid in security and performance. VLANs are logically isolated from each other to prevent network traffic and unauthorized access
Bobby is the network administrator for a company whose users are streaming too much video and using up the company’s valuable bandwidth resources. Which technology would be best for Bobby to implement to help save resources?
Content/URL filter
Anti-spam filter
Protocol analyzer
Content/URL filter
Bobby could use content/URL filtering to analyze network traffic and block specific sites, such as the main streaming video sites, from being accessed. The end users will receive an error when they try to access those sites
After creating a heat map of a specific floor of his building, Rich realizes that two of the farthest offices on his floor have very poor signal strength. Which of the following actions can Rich perform to provide the best solution to increase signal strength to that part of the building?
Disable encryption to speed up the network
Add another wireless access point
Change from channel 1 to channel 6
Add another wireless access point
It sounds like Rich has some offices in a dead zone, so it would be best for him to install another wireless access point to make sure the offices have appropriate coverage
Tim has set up a wireless network for his small office of 50 users. Which of the following encryption protocols should he implement to ensure the highest level of encryption security?
WAP
WPA
WPA3
WPA3
WPA3 is currently the strongest level of encryption security available for a wireless network. WPA3 replaces the weaker WPA and WPA2
Tara is installing a wireless network in a manufacturing facility. Which of the following aspects of the wireless network should she concentrate on to prevent security issues with EMI?
Use of WPA3 encryption
Use of 802.11g or 802.11n
WAP and antenna placement
WAP and antenna placement
Tara needs to make sure that the antenna and wireless access point are not placed close to any other electrical wires or devices (especially those that broadcast on a similar frequency) that can cause electrical interference and a loss of wireless signal