Implementation (1) Flashcards

1
Q

Which of the following statements are true regarding TCP/IP? (Choose two.)

TCP/IP protocols are part of the OSI model.

TCP/IP is a protocol stack containing multiple protocols.

TCP/IP closely maps to the OSI model.

TCP/IP protocols are part of the transport and network layers of the OSI model.

A

TCP/IP is a protocol stack containing multiple protocols.

TCP/IP closely maps to the OSI model.

TCP/IP is a protocol suite that has multiple protocols in it and closely maps to the OSI model layers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is a true statement regarding IPv6?

IPv6 has been implemented on the Internet worldwide.

IPv6 has 4,294,967,296 available IP addresses.

IPSec is natively included with IPv6.

A

IPSec is natively included with IPv6.

IPSec is natively included with IPv6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following IPSec protocols is used to provide authentication and integrity for an entire IP packet?

Encapsulating Security Payload (ESP)

Authentication Header (AH)

Internet Key Exchange (IKE)

A

Authentication Header (AH)

The Authentication Header (AH) protocol is used to provide authentication and integrity for an entire IP packet, regardless of whether it is in transport mode or tunnel mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following IPSec modes should be used within a local area network?

Authentication mode

Tunnel mode

Transport mode

A

Transport mode

Transport mode should be used within a local area network, since the IP header can’t be encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An executive is traveling with his laptop computer to a conference. The contents of his laptop contain very confidential product information, including development specifications and product road maps. Which of the following techniques can be implemented to protect the confidentiality of the data on the laptop?

Make sure all software is up to date.

Password-protect the laptop BIOS.

Encrypt the hard drive using a TPM.

A

Encrypt the hard drive using a TPM.

A trusted platform module (TPM) allows the contents of the hard drive to be encrypted with encryption keys that are stored on the TPM chip, which can be accessed only by the end user. This prevents an unauthorized user from accessing the hard drive contents of equipment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security patch for your OS was released about a week after you applied the latest OS service pack. What should you do?

Wait until the release of the next full service pack.

Download the patch only if you experience problems with the OS.

Download and install the security patch.

A

Download and install the security patch.

Even though you just installed the latest service pack, a security vulnerability might have recently been discovered, requiring that you install a new security patch. You will not be protected from the vulnerability if you do not install the security patch, and waiting for it to be included in the next service pack might be too dangerous

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

As part of your security baselining and OS hardening, you want to make sure that you protect your organization from vulnerabilities in its operating system software. Which one of the following tasks should you perform?

Update antivirus signature files.

Install any patches or OS updates.

Use an encrypted file system.

A

Install any patches or OS updates.

The most recent software updates and patches for your operating system will contain the latest bug and exploit fixes. This prevents known bugs and weakness in the OS from being exploited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The __________ process in Windows 10 uses the UEFI and a trusted platform module to provide a more secure boot process, also allowing for boot attestation.

Boot management

Secure boot

Measured boot

A

Measured boot

The Measured Boot process in Windows 10 uses the UEFI and a TPM to provide a more secure boot process, also allowing for boot attestation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

After a security review, Tom has recommended that his organization install a network-based intrusion prevention system (NIPS). Based on the current budget, his manager recommended that he install a less costly network-based intrusion detection system (NIDS). What are the primary security differences between a NIDS and a NIPS that Tom could use to justify the additional costs? (Choose two.)

A NIDS only detects TCP/IP attacks.

A NIPS actively tries to mitigate an incoming intrusion rather than just detect it.

A NIDS can raise alarms when it detects an intrusion.

A NIPS is only host based, not network based.

A

A NIDS only detects TCP/IP attacks.

A NIPS actively tries to mitigate an incoming intrusion rather than just detect it.

A NIPS actively tries to mitigate an incoming intrusion rather than just detect it. A NIDS actively monitors for intrusions and alerts the administrator when it detects one. A NIPS goes a step further and tries to actively prevent the intrusion as it is occurring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Lauren must install and secure her organization’s Internet services, including web, FTP, and e-mail servers, within the current network topology, which uses a network firewall to protect the organization’s internal networks. In which security zone of the network should Lauren install these servers to isolate them from the Internet and the organization’s internal networks?

Screened subnet

VLAN

Internal network

A

Screened subnet

The screened subnet is a network that typically contains Internet servers and services that are accessible from the outside world but need to be isolated from your internal network. The screened subnet ensures incoming connections for these services are routed to the screened subnet and never reach the internal LAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Max’s organization is growing fast, and the number of clients and devices on the organization’s network has doubled in size over the last year. Max has been tasked with partitioning the network. Which of the following would best help partition and secure the network?

MAC

VPN

VLAN

A

VLAN

A virtual LAN (VLAN) is used to segment a network into smaller logical units to aid in security and performance. VLANs are logically isolated from each other to prevent network traffic and unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Bobby is the network administrator for a company whose users are streaming too much video and using up the company’s valuable bandwidth resources. Which technology would be best for Bobby to implement to help save resources?

Content/URL filter

Anti-spam filter

Protocol analyzer

A

Content/URL filter

Bobby could use content/URL filtering to analyze network traffic and block specific sites, such as the main streaming video sites, from being accessed. The end users will receive an error when they try to access those sites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

After creating a heat map of a specific floor of his building, Rich realizes that two of the farthest offices on his floor have very poor signal strength. Which of the following actions can Rich perform to provide the best solution to increase signal strength to that part of the building?

Disable encryption to speed up the network

Add another wireless access point

Change from channel 1 to channel 6

A

Add another wireless access point

It sounds like Rich has some offices in a dead zone, so it would be best for him to install another wireless access point to make sure the offices have appropriate coverage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tim has set up a wireless network for his small office of 50 users. Which of the following encryption protocols should he implement to ensure the highest level of encryption security?

WAP

WPA

WPA3

A

WPA3

WPA3 is currently the strongest level of encryption security available for a wireless network. WPA3 replaces the weaker WPA and WPA2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Tara is installing a wireless network in a manufacturing facility. Which of the following aspects of the wireless network should she concentrate on to prevent security issues with EMI?

Use of WPA3 encryption

Use of 802.11g or 802.11n

WAP and antenna placement

A

WAP and antenna placement

Tara needs to make sure that the antenna and wireless access point are not placed close to any other electrical wires or devices (especially those that broadcast on a similar frequency) that can cause electrical interference and a loss of wireless signal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly