Net+ Session 3 Post-lab follow-up Flashcards
1
Q
A business need exists for a business to make sure they can be up and running at a moment's notice in case of a disaster. What type of site needs to be set up? A - Hot B - Cold C - Warm D - Urgent
A
A - Hot
2
Q
What is the implementation of policies, controls, and procedures to recover from a disaster called? A - Hot site planning B - Warm site planning C - Business continuity planning D - Disaster recovery planning
A
C - Business continuity planning
3
Q
What is the most important reason for keeping legacy systems on a separate network segment?
A - Legacy systems are often not supported
B - Legacy systems can slow down the network
C - Legacy systems are often incompatible with the current network
D - Legacy systems are often incompatible with the current server operating system
A
A - Legacy systems are often not supported
4
Q
A business has five main applications. One is subject to HIPAA requirements. What is the best way to secure the overall network?
A - Host the HIPAA application virtually
B - Host the HIPAA application on a different subnet
C - Make sure all five applications conform to HIPAA requirements
D - Train all users in HIPAA requirements, even if they do not use the HIPAA application
A
B - Host the HIPAA application on a different subnet
5
Q
What type of update is most common to a router? A - OS B - Driver C - Feature D - Firmware
A
D - Firmware
6
Q
What type of update is most commonly associated with enhancing device functionality? A - OS B - Driver C - Feature D - Firmware
A
B - Driver
7
Q
Which of the following updates would be considered a major update? A - 3.1.7 B - 3.0.0 C - 3.1.1 D - 3.1.1.1
A
B - 3.0.0
8
Q
Why should vulnerability patches be installed as soon as possible? A - They fix viruses B - They offer new features C - They fix functionality issues D - They fix potential security threats
A
D - They fix potential security threats
9
Q
In which type of policy do users acknowledge that their network activity is being tracked? A - Network B - Security C - Acceptable use D - Consent to monitoring
A
D - Consent to monitoring
10
Q
Which policy addresses the use of personal USB drives on corporate machines? A - Network B - Security C - Acceptable use D - Consent to monitoring
A
C - Acceptable use
11
Q
Which is the best first step in avoiding user risk in network security? A - Business continuity B - Vulnerability scanning C - End-user awareness and training D - Adherence to standards and policies
A
C - End-user awareness and training
12
Q
A network administrator is about to make a major update to a server. The administrator wants to take a snapshot of the current configuration so that the update can be rolled back if needed. What is this snapshot called? A - Baseline B - Graphing C - Log management D - Asset management
A
A - Baseline
13
Q
Which is true about on-boarding and off-boarding a mobile device?
A - On-boarding involves placing it on the network while off-boarding involves removing it from the network
B - On-boarding involves placing it on the network while off-boarding involves removing company-owned applications and resources
C - On-boarding is the process of getting a mobile device ready for network connectivity while off-boarding involves removing it from the network
D - On-boarding is the process of getting a mobile device ready for network connectivity while off-boarding involves removing company-owned applications and resources
A
D - On-boarding is the process of getting a mobile device ready for network connectivity while off-boarding involves removing company-owned applications and resources
14
Q
What is the role of a first responder?
A - To start chain of custody
B - To start forensics analysis
C - To be the first to collect evidence in an incident
D - To see if a potential security incident is indeed an incident
A
D - To see if a potential security incident is indeed an incident
15
Q
What is the release of secure information to an untrusted environment known as? A - Data breach B - Data incident C - Information breach D - Information incident
A
A - Data breach
16
Q
A network administrator wants to exploit weaknesses in network security. What should the administrator conduct? A - Session hijacking B - Social engineering C - Penetration testing D - Vulnerability scanning
A
C - Penetration testing
17
Q
What is the main method for a denial of service (DoS) attack?
A - Turn off all network services
B - Attack and turn off all of the routers in a network
C - Take over the administrator account and change its password
D - Overload a network with traffic so that there is no bandwidth left
A
D - Overload a network with traffic so that there is no bandwidth left
18
Q
Which is a collection of computers that contain malicious software that can be controlled remotely? A - Botnet B - Zombie C - Keylogger D - Trojan horse
A
A - Botnet
19
Q
A flood of ping requests have come into the network, causing the regular network functionality to slow down, and, in some cases, stop. What is this best described as? A - Botnet B - Traffic spike C - Smurf attack D - Coordinated attack
A
B - Traffic spike
20
Q
A user calls the help desk and says that when accessing an internal website, the user is being redirected to a site that is asking for personal information. This is most likely what type of attack? A - DNS B - Phishing C - Spoofing D - ARP cache poisoning
A
A - DNS
21
Q
A network attack in which an attacker sends a UDP request to a server managing time and then gets a response containing multiple responses is what type of attack? A - NTP B - DNS C - Smurf D - Kerberos
A
A - NTP
22
Q
A junior network administrator is learning about DoS attacks. The administrator stages an NTP attack. The only problem is the administrator thought he/she was on the testing network but this was done in production. What type of DoS attack is this? A - Inside B - Physical C - Distributed D - Unintentional
A
D - Unintentional
23
Q
A DoS attack on a network has taken place. Upon examining the situation, it is determined that the only way to end the attack is to change the IP address of the router on the network. What type of DoS attack has taken place? A - Reflective B - Distributed C - Permanent D - Unintentional
A
C - Permanent
24
Q
What type of attack involves a TCP attack in which packets are never acknowledged? A - Reflective B - SYN flood C - ACK flood D - Brute force
A
B - SYN flood
25
```
Which type of attack spoofs UDP packets to a network's broadcast address?
A - Fraggle
B - Smurfing
C - Brute force
D - Ping of Death
```
A - Fraggle
26
```
A wireless access point added to a network without permission is known as what type of access point?
A - Evil twin
B - Smurfing
C - Session hijack
D - Rogue access point
```
D - Rogue access point
27
A junior network administrator asks a senior network administrator about wardriving. How would the senior network administrator respond?
A - Wardriving is the act of driving around looking for evil twins
B - Wardriving is the act of driving around looking for rogue access points
C - Wardriving is the act of driving around looking for an open wireless access point
D - Wardriving is the act of driving around looking for a chalk mark indicating an open wireless access point
C - Wardriving is the act of driving around looking for an open wireless access point
28
```
Which is the process of sending unsolicited messages over a Bluetooth connection?
A - Bluejacking
B - Bluesnarfing
C - Bluehijacking
D - Bluemessaging
```
A - Bluejacking
29
```
Which is the process of gaining unauthorized access to a Bluetooth connection and then viewing, copying, or deleting data?
A - Bluejacking
B - Bluesnarfing
C - Bluehijacking
D - Bluemessaging
```
B - Bluesnarfing
30
```
A person attempting to hack a network is doing so through constantly trying to guess the Administrator account password. What type of attack is taking place?
A - Dictionary
B - Brute force
C - Session hijacking
D - Man-in-the-middle
```
B - Brute force
31
```
Which is an attack that steals session information from a user and uses it to make the recipient think the original session with the original user is still open?
A - Spoofing
B - Zero day attack
C - Session hijacking
D - Session engineering
```
C - Session hijacking
32
```
Two users are having an instant message conversation. One user gets up and forgets to lock the machine. A disgruntled employee sits down and keeps the conversation going, obtaining confidential information during the conversation. What type of attack is this?
A - Brute force
B - Session hijacking
C - Man-in-the-middle
D - Social engineering
```
C - Man-in-the-middle
33
```
Which is an attack that uses a VLAN to gain access to resources on other VLANs?
A - VLAN hopping
B - VLAN hijacking
C - VLAN smurfing
D - VLAN engineering
```
A - VLAN hopping
34
```
Which are types of malware that will typically degrade network performance? Choose three.
A - Virus
B - Worm
C - Trojan horse
D - Social engineering
```
A - Virus
B - Worm
C - Trojan horse
35
```
What is often perceived as the biggest threat to network security?
A - Open ports
B - Unsecure protocols
C - Disgruntled employees
D - Unnecessary running services
```
C - Disgruntled employees
36
What is the best way to reduce vulnerabilities in network services?
A - Make sure all services are patched
B - Turn off services that are not needed
C - Make sure all services are encrypted
D - Use a domain account as the service account
B - Turn off services that are not needed
37
```
A network administrator wants to find open ports on a system. What tool should the administrator use?
A - Port mapper
B - Port scanner
C - Port replicator
D - Protocol analyzer
```
B - Port scanner
38
```
What is a major vulnerability for transferring data through wireless networks?
A - Using WEP encryption
B - Unencrypted channels
C - Broadcasting the SSID
D - Turning off MAC filtering
```
B - Unencrypted channels
39
```
Which protocol sends a username and password in clear text?
A - PAP
B - RSA
C - CHAP
D - MS-CHAP
```
A - PAP
40
```
Which protocol is not considered secure for logging into UNIX systems?
A - SSH
B - SLIP
C - TFTP
D - Telnet
```
D - Telnet
41
Why is it not a good idea to log into a website if the URL starts with HTTP?
A - In HTTP, data is encrypted
B - In HTTP, data is not encrypted
C - HTTP does not support biometrics
D - In HTTP, passwords are not covered up when entered
B - In HTTP, data is not encrypted
42
```
A user needs to transfer a file to a business partner, but the file is too large for email. What is a good alternative to email for transferring files?
A - FTP
B - SLIP
C - HTTP
D - Telnet
```
A - FTP
43
```
Which is a better alternative to Telnet given that it is more secure than Telnet?
A - SSL
B - SSH
C - SFTP
D - HTTPS
```
B - SSH
44
```
What does SNMPv3 support that SNMPv2 does not?
A - Encryption
B - Automation
C - Accounting
D - Authorization
```
A - Encryption
45
```
What should a URL start with if a website requires the user to log in?
A - FTP
B - HTTP
C - SFTP
D - HTTPS
```
D - HTTPS
46
```
Which is the switch security feature that limits connectivity to its network to a specific list of IP addresses?
A - ARP inspection
B - DHCP snooping
C - IP address filtering
D - MAC address filtering
```
B - DHCP snooping
47
```
Which switch port security feature, when set up, will drop data packets from invalid IP-to-MAC address bindings?
A - ARP inspection
B - DHCP snooping
C - IP address filtering
D - MAC address filtering
```
A - ARP inspection
48
Twenty users are in one building in a LAN; ten are in sales and the other 10 in administrative positions. Their job duties and permission needs to the network differ greatly between the two groups. What is the best way to set two networks up, one for each group?
A - Separate the two groups into VLANs
B - Create two subnets, one for each group
C - Set different permissions for each group
D - Create two collision domains, one for each group
A - Separate the two groups into VLANs
49
```
Which are parts of a strong password? Choose three.
A - At least one number
B - At least eight characters
C - An expiration every 30 days
D - At least one uppercase letter
```
A - At least one number
B - At least eight characters
D - At least one uppercase letter
50
```
An antivirus program that is installed on each workstation is known as what type of antimalware program?
A - Host-based
B - Cloud-based
C - Server-based
D - Network-based
```
A - Host-based
51
```
What is the biggest advantage of running antimalware software from the cloud versus running antimalware software from a local server?
A - Lower CPU usage
B - Lower RAM usage
C - Lower bandwidth usage
D - Less time to run a virus scan
```
A - Lower CPU usage
52
```
A new network policy states that guest accounts on the network cannot use the web to check personal e-mail. What should be installed to enforce this policy?
A - Router
B - Firewall
C - Proxy server
D - Reverse proxy server
```
C - Proxy server
53
```
Blocking all attempts to relay traffic through SMTP is an example of which type of filtering?
A - IP
B - Port
C - Web
D - Content
```
B - Port
54
```
When first setting up a network, users are granted access to one specific folder on one specific network drive. All other access has to be approved by management. This is an example of which concept?
A - Explicit Deny
B - Explicit Allow
C - Implicit Deny
D - Implicit Allow
```
C - Implicit Deny
55
```
Which authentication method does EAP not support?
A - Tokens
B - Smart cards
C - Digital certificates
D - Fingerprint recognition
```
D - Fingerprint recognition
56
`What are advantages to using Kerberos for authentication? Choose three.
A - It uses encryption on its messages
B - It is a cross-platform authentication piece
C - It uses multiple sign-ons for authentication
D - It provides secure authentication over insecure networks
A - It uses encryption on its messages
B - It is a cross-platform authentication piece
D - It provides secure authentication over insecure networks
57
```
Which type of authentication is known for single-sign on?
A - EAP
B - PAP
C - CHAP
D - Kerberos
```
D - Kerberos
58
```
To make sure all incoming ICMP data packets are blocked, which is the best tool to use?
A - NIPS
B - HIDS
C - Firewall
D - Content filter
```
C - Firewall
59
```
A firewall application running on a desktop is an example of which kind of firewall?
A - Host-based
B - Network-based
C - Session-based
D - Application-based
```
A - Host-based
60
```
What devices on home networks often contain firewall capabilities? Choose two.
A - Hub
B - Switch
C - Router
D - Wireless access point
```
C - Router
| D - Wireless access point
61
```
What type of firewall detects applications, users, and devices?
A - User-aware
B - Context-aware
C - Software-aware
D - Application-aware
```
B - Context-aware
62
How is a virtual-wire firewall different from a routed firewall?
A - Virtual-wire supports NAT
B - Virtual-wire supports layer 3
C - Virtual-wire supports switching
D - Virtual-wire does not need an IP address
D - Virtual-wire does not need an IP address
63
```
What part of a network needs to be accessible to both inside and outside sources in the network?
A - DMZ
B - Routed
C - Perimeter
D - Virtual-wire
```
A - DMZ
64
```
Which type of device will warn an administrator about a possible intrusion on a workstation?
A - HIDS
B - NIDS
C - Firewall
D - PacketShaper
```
A - HIDS
65
```
Which type of device can temporarily shut off a port if it suspects a network attack?
A - HIPS
B - NIPS
C - HIDS
D - NIDS
```
B - NIPS
66
```
Which type of device/service can stop an employee from reaching a gaming website?
A - Proxy server
B - Content filter
C - PacketShaper
D - Web redirector
```
B - Content filter
67
```
Which type of server can cache content and also act as a content filter?
A - NAT
B - DNS
C - Proxy
D - DHCP
```
C - Proxy
68
```
When a firewall is referred to as one that performs UTM, what can it perform besides firewall duties? Choose three.
A - Load balancing
B - Content filtering
C - User management
D - Intrusion prevention
```
A - Load balancing
B - Content filtering
D - Intrusion prevention
69
```
A network diagram that shows all of the cabling, the cabling types, and distances is known as what diagram?
A - Logical topology
B - Cabling diagram
C - Physical topology
D - Wiring schematic
```
D - Wiring schematic
70
What will an IP address utilization document most likely contain?
A - A list of DNS servers
B - A list of DHCP scopes
C - IP addresses of every device on the network
D - IP addresses of every device on the network with a static IP address
D - IP addresses of every device on the network with a static IP address
71
```
System manuals, support manuals, and instructional books are examples of what type of documentation?
A - Training manuals
B - Vendor documentation
C - Application documentation
D - Manufacturer documentation
```
B - Vendor documentation
72
```
What type of network authentication provides for port-based authentication?
A - 802.1q
B - 802.1w
C - 802.1X
D - 802.1ac
```
C - 802.1X
73
```
What is evaluated during a posture assessment on a system? Choose two.
A - Settings
B - Equipment
C - Applications
D - Vulnerabilities
```
A - Settings
| C - Applications
74
```
A user logs into a college campus computer. None of the information is saved when the user logs out. What type of agent is running on the computer?
A - Guest
B - Persistent
C - Quarantine
D - Nonpersistent
```
D - Nonpersistent
75
```
A user attempts to connect to the corporate network from a home machine. The remote access server discovers that the home machine's antivirus software is not up to date. What type of network can the remote access server connect the home machine to until it updates its antivirus software?
A - Edge network
B - Guest network
C - Update network
D - Quarantine network
```
D - Quarantine network
76
```
Upon conducting a security review, the head of security notices that there is a lot of tailgating going on at the building's main entrance. What should be set up in order to mitigate tailgating?
A - Mantrap
B - Video monitor
C - Security guard
D - Door access control
```
A - Mantrap
77
```
Which is the best type of authority figure to use an access list to control who is allowed in a building?
A - Key fob
B - ID badges
C - Security guard
D - Door access control
```
C - Security guard
78
```
Besides the front door and data-confidential areas, what is considered the most important room to protect in a building?
A - Mantrap
B - Security room
C - Network closet
D - Video monitoring room
```
C - Network closet
79
```
The protection of computer centers and network closets, key fobs, keypads, cipher locks, and biometrics are all examples of what?
A - Door locks
B - Multiple barriers
C - Proximity readers
D - Door access controls
```
D - Door access controls
80
```
Which devices allows entrance to a building based on seeing an ID card or badge?
A - Key fob
B - Cipher lock
C - Keypad lock
D - Proximity reader
```
D - Proximity reader
81
```
What type of door access control involves entering a code on the lock in order to access a room?
A - Key fob
B - Biometrics
C - Cipher lock
D - Proximity reader
```
C - Cipher lock
82
An electrical outlet that is typically orange signifies a dedicated ground. What is the purpose of a dedicated ground?
A - A sag on this ground does not affect any other device
B - A blackout on this ground does not affect any other device
C - A brownout on this ground does not affect any other device
D - A spike sent to this ground does not affect any other device
D - A spike sent to this ground does not affect any other device
83
```
What should a technician wear in order to avoid ESD while working on hardware?
A - Antistatic vest
B - Antistatic smock
C - Antistatic gloves
D - Antistatic wrist strap
```
D - Antistatic wrist strap
84
Which is a best practice when installing racks?
A - Avoid stacking racks too high
B - Follow the manufacturer's manual
C - Make the rack fit in the space given
D - Use the tools that come with the rack
B - Follow the manufacturer's manual
85
```
What should be taken into consideration when placing servers in a server room? Choose three.
A - Safety
B - Air flow
C - Electrical access
D - Grouping the servers
```
A - Safety
B - Air flow
C - Electrical access
86
```
In case of an emergency, what should be posted and known so that people know where the emergency exits are?
A - Fail open
B - Fail close
C - Server room
D - Building layout
```
D - Building layout
87
```
Which part of a building layout shows ways to get out of a building should a fire start?
A - Fire escape plan
B - Fail open/Fail close
C - Emergency alert system
D - Fire suppression system
```
A - Fire escape plan
88
```
A UPS generating power in the case of an outage is what type of fail system?
A - Fail safe
B - Fail open
C - Fail closed
D - Fail on demand
```
B - Fail open
89
```
In emergency alert systems, which extinguisher system requires a sealed environment to operate?
A - Gas-based
B - Foam-based
C - Water-based
D - Chemical-based
```
A - Gas-based
90
```
What types of HVACs condition a server room for humidity levels?
A - ARV
B - ERV
C - CRV
D - HRV
```
B - ERV
91
```
Who is the person whose duty is to see if a security incident is indeed an incident?
A - First responder
B - Forensics analyst
C - Evidence collector
D - Security administrator
```
A - First responder
92
```
A network administrator has secured an area after a security incident. What should the network administrator immediately start doing?
A - Collect evidence
B - Escalate the case
C - Transport the data
D - Document the scene
```
D - Document the scene
93
```
What site helps with steps to recover after a computer has been compromised?
A - www.fbi.gov
B - www.cert.org
C - www.iana.org
D - www.us-cert.gov
```
B - www.cert.org
94
```
Which is the process of logging who has evidence, who has seen evidence, and where the evidence has been?
A - Data transport
B - Data collection
C - Forensics report
D - Chain of custody
```
D - Chain of custody
95
```
Besides physical security, what can be used to secure data during transport?
A - Encryption
B - Legal hold
C - Backup copies
D - Documentation
```
A - Encryption
96
```
What is the process in which data needs to be kept for evidence even long after an incident takes place known as?
A - Legal hold
B - Data collection
C - Chain of custody
D - Forensics report
```
A - Legal hold
