Network and Security - Foundations_Pre-Assessment: Flashcards
A network is being created for an office, and there is a need for a router that manages internal network connections with no contact with the internet.
Which type of router is needed
A. Inter-provider border router
B. Core router
C. Subscriber edge router
D. Broadband router
Core router
An IT manager is designing a new network and needs a device that connects multiple networks.
Which device is needed?
A.Switch
B.Modem
C.Server
D.Router
Router
A network in a small office building connects all devices using wired connections with a star topology.
Which type of network is described?
A. LAN
B. WLAN
C. WAN
D. CAN
LAN
Users of a network have been experiencing issues. In the course of troubleshooting, an administrator wants to view a list of network addresses and port numbers.
Which command in Linux should be used for this purpose?
A. ifconfig
B. ping
C. traceroute
D. netstat
netstat
Users of a network have been experiencing issues. In the course of troubleshooting, an administrator wants to determine which ports have an active connection.
Which command in Windows should be used for this purpose?
A. ipconfig
B. tracert
C. netstat -an
D. arp -a
netstat -an
In the process of setting up a Linux-based network system, a technician needs to view network interfaces and their settings.
Which command should be used?
A. ifconfig
B. dig
C. ping
D. nslookup
ifconfig
A person is troubleshooting a network issue and needs to test DNS connectivity.
Which Linux command should be used?
A. nslookup
B. ifconfig
C. netstat
D. traceroute
nslookup
What is the TCP/IP layer that includes the Transmission Control Protocol (TCP)?
A. Physical or network access
B. Transport
C. Application
D. Network or internet
Transport
Which layer of the TCP/IP model includes the Internet Message Access Protocol (IMAP)?
A. Application
B. Physical or network access
C. Network or internet
D. Transport
Transport
Which OSI model layer creates, maintains, and disconnects process communications over the network?
A. Application
B. Transport
C. Session
D. Physical
Session
Which OSI model layer is responsible for breaking data into packets?
A. Physical
B. Application
C. Session
D. Transport
Application
Which layer of the OSI reference model includes all computer programs that interact with the network?
A. Physical
B. Application
C. Transport
D. Presentation
Application
What is the OSI model layer that includes the IPX?
A. Transport
B. Application
C. Session
D. Network
Network
What is the layer of the OSI model that is responsible for logical addressing?
A. Physical
B. Transport
C. Data link
D. Network
Network
What is the layer of the OSI model that translates binary computer language into the language of the transmission medium?
A. Physical
B. Presentation
C. Transport
D. Session
Physical
A company uses cloud service to manage its IT resources. The underlying hardware resources are shared by other companies as well.
What is the cloud deployment model described in the scenario?
A. Multi
B. Public
C. Hybrid
D. Private
Public
.
An organization uses one cloud service provider for data management and another service provider for development platforms.
What is the cloud deployment model described in the scenario?
A. Hybrid
B. Public
C. Community
D. Multi
Multi
A developer has an existing computer with an operating system. The developer wants to use a hypervisor to have access to several virtual machines for a specific project.
Which form of hypervisor fits the need described in the scenario?
A. Proprietary
B. Type 1
C. Open source
D. Type 2
Type 2
A company needs to maximize the number of virtual machines that can run on each host.
Which hypervisor should be used?
A. Open source
B. Type 1
C. Type 2
D. Proprietary
Type 1
An attacker gains unauthorized access to a computer and modifies browser security settings.
What is the purpose of the attack?
A. Denial of availability
B. Launch point
C. Data export
D. Data modification
Data modification
An attacker uses a trojan horse to forward usernames and passwords to an anonymous email address.
What is the purpose of the attack?
A. Launch point
B. Data modification
C. Denial of availability
D. Data export
Data export
A hacker purposefully breaks IT security to gain unauthorized access to systems and publish sensitive data.
Which term describes the given hacker?
A. White-hat
B. Black-hat
C. Blue-hat
D. Gray-hat
Black-hat
A hacker acts as an information system security professional who is hired to perform penetration testing.
Which term describes the given hacker?
A. Black-hat
B. Gray-hat
C. White-hat
D. Blue-hat
White-hat
An organization is the victim of an attack in which an attacker uses a software program to try all possible combinations of a password and user ID.
What is the type of cyberattack described in this scenario?
A. Dictionary attack
B. Session hijacking
C. Brute-force attack
D. Man-in-the-middle attack
Brute-force attack
An attacker uses a list of commonly used access credentials to attempt to gain access to an online account.
Which type of cyberattack is described?
A. IP address spoofing
B. Pharming
C. Brute-force attack
D. Dictionary attack
Dictionary attack
An organization is the victim of an attack in which an attacker tries to gain access to a system by disguising their computer as another computer.
What is the type of cyberattack described in this scenario?
A. Man-in-the-middle attack
B. Pharming
C. IP address spoofing
D. Brute-force attack
IP address spoofing
An organization is the victim of an attack in which an attacker uses a program to take control of a connection by pretending to be each end of the connection.
What is the type of cyberattack described in this scenario?
A. Social engineering
B. Credential stuffing
C. Session hijacking
D. Pharming
Session hijacking
An attacker intercepts messages between two parties before transferring them on to the correct destination.
Which type of cyberattack is described?
A. Man-in-the-middle attack
B. Pharming
C. Phishing
D. IP address spoofing
Man-in-the-middle attack
An attacker uses a false identification to gain physical access to IT infrastructure.
Which malicious attack strategy is represented in the scenario?
A. Pharming
B. Social engineering
C. Credential stuffing
D. Man-in-the-middle attack
Social engineering
An attacker sends emails claiming that an online account has been locked. The email provides a fake link with the goal of tricking the users into providing login credentials.
Which type of cyberattack is described?
A. Phishing
B. Brute-force attack
C. Pharming
D. Social engineering
Phishing
An organization is the victim of an attack in which an attacker uses a DNS poisoning strategy to direct users from a legitimate website to the attacker’s website.
What is the type of cyberattack described in this scenario?
A. Session hijacking
B. Dictionary attack
C. Social engineering
D. Pharming
Pharming
A company is implementing network security components to ensure a higher level of data trustworthiness.
What is the CIA triad component targeted in the scenario?
A. Adaptation
B. Integrity
C. Confidentiality
D. Availability
Integrity
Which CIA triad component is a driver for enabling data encryption?
A. Availability
B. Integrity
C. Consistency
D. Confidentiality
Confidentiality
Which component of the IT security CIA triad is a driver for implementing audit and monitoring controls?
A. Integrity
B. Confidentiality
C. Application
D. Availability
Confidentiality
What is the component of the CIA triad for IT security that requires that IP packets be retransmitted if the receiving host has an invalid checksum value?
A. Integrity
B. Confidentiality
C. Consistency
D. Availability
Integrity
What is an example of a violation of the CIA triad component confidentiality?
A. An employee accidentally modified a customer account incorrectly.
B. A software glitch resulted in several important system files being overwritten.
C. A company has an unacceptably high network downtime during high-traffic time periods.
D. A company stores sensitive customer data without access controls.
A company stores sensitive customer data without access controls.
What is an example of a violation of the CIA triad component availability?
A. A company stores sensitive customer data without access controls.
B. An employee accidentally modified a customer account incorrectly.
C. An organization does not have controls in place to limit employee access to sensitive customer data.
D. A new employee has not been issued access credentials to the company’s network for needed information.
A new employee has not been issued access credentials to the company’s network for needed information.
A company uses hash value comparisons to determine if the data in a database has changed.
What is the CIA triad component targeted in the scenario?
A. Confidentiality
B. Availability
C. Adaptation
D. Integrity
Integrity
A company is updating the devices it provides to employees to ensure that each employee has consistent network access.
What is the CIA triad component targeted in the scenario?
A. Availability
B. Application
C. Integrity
D. Confidentiality
Availability
A development team is designing a web application. The team is considering possible errors and exceptions. The team is committed to protecting sensitive information above all else in the event of an error or exception.
What is the security principle implemented in this scenario?
A. Economy of mechanism
B. Fail-safe
C. Separation of duties
D. Least common mechanism
Fail-safe
An organization is designing an information system dashboard that can be customized for various departments. The goal is to make the dashboard intuitive, user-friendly, and secure.
Which design principle for security is being incorporated?
A. Separation of duties
B. Human-centeredness
C. Fail-safe
D. Economy of mechanism
Human-centeredness
After discovering that employees have been circumventing session timeouts for a company’s internal network, the company is holding meetings to inform employees of the motivation behind the timeouts and risks involved in the workaround.
Which security principle is demonstrated in this scenario?
A. Fail-safe
B. Least common mechanism
C. Least privilege
D. Psychological acceptability
Psychological acceptability
An organization needs to define a data classification standard and designate the assets that are critical to the organization’s mission.
Which type of policy should be used?
A. Acceptable use policy
B. Security awareness policy
C. Asset management policy
D. Asset classification policy
Asset classification policy
A company needs to specify security operations and management of all IT assets within the seven domains of the IT infrastructure.
Which type of policy should be used?
A. Asset classification policy
B. Asset protection policy
C. Acceptable use policy
D. Asset management policy
Asset management policy
An organization has experienced war chalking in the past and wants to take actions to mitigate this type of attack.
What should this organization do?
A. Disable IP broadcast
B. Use Wi-Fi Protected Access 2 (WPA2)
C. Implement intrusion protection software
D. Disable caching
Use Wi-Fi Protected Access 2 (WPA2)
A company is specifically worried about DoS/DDoS attacks.
Which strategy should be used as a mitigation against this type of attack?
A. Require complex passwords
B. Implement intrusion protection software
C. Monitor normal traffic patterns
D. Configure switch port tracing
Monitor normal traffic patterns
An organization uses an access control in which employees working in similar categories are grouped together and given the same permissions.
What is the form of access control involved in this scenario?
A. Attribute-based
B. Discretionary
C. Rule-based
D. Role-based
Role-based
An organization’s network has been the target of several cyberattacks.
Which strategy should the organization use for Wi-Fi hardening?
A. Add more access points
B. Trust local hosts by default
C. Configure the Wi-Fi signal strength to reduce range
D. Use role-based access controls
Configure the Wi-Fi signal strength to reduce range
A company set up a firewall to analyze network traffic, considering each packet and how groups of packets are used.
What is the form of access control involved in this scenario?
A. Discretionary
B. Rule-based
C. Context-based
D. Role-based
Context-based
A company is developing a data protection methodology in order to improve data protection measures.
What is a strategy that should be used?
A. Require that passwords change weekly
B. Implement wired equivalent privacy (WEP)
C. Avoid the use of asymmetric encryption
D. Implement authentication methodologies
Implement authentication methodologies
After a series of attacks, an organization needs to bolster its data protection measures.
Which strategy should be used to increase data protection?
A. Require that passwords change weekly
B. Use transport level encryption
C. Increase wireless access point range
D. Implement wired equivalent privacy (WEP)
Use transport level encryption
When assigned to a new project, a user is given temporary permissions as an editor.
Which network security concept does this scenario address?
A. Accounting
B. Availability
C. Authorization
D. Authentication
Authorization
A financial company requires a manager to verify any changes made to a client’s electronic profile made by an employee.
What is the principle used to address accounting in this situation?
A. Multifactor authentication
B. Least privilege
C. Separation of duties
D. Anonymous access
Separation of duties
In order to reduce the risk of insider attacks, a company assigned role-based permissions to its users.
Which network security concept does this scenario address?
A. Authentication
B. Availability
C. Accounting
D. Authorization
Authorization
An organization is updating its information security policies in order to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).
What should this organization expect to be required to do under this legislation?
A. Encrypt sensitive personal data with two or more encryption algorithms
B. Disclose how personal identifiable information is used
C. Disclose the software used to protect personal data
D. Notify individuals each time their personal information is viewed
Disclose how personal identifiable information is used
An organization is updating its information security policies in order to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).
What should this organization expect to be required to do under this legislation?
A. Compensate individuals for revenue from the sale of their information
B. Disclose the software used to protect personal data
C. Implement appropriate security safeguards for stored personal data
D. Store personal information in no more than one physical location
Implement appropriate security safeguards for stored personal data
A company is creating an information security policy document with many sub-policies.
Which information should be included for each sub-policy to ensure the policy is clear and comprehensive?
A. A rating of the sub-policy’s importance
B. Compliance requirements the sub-policy is designed to meet
C. A list of similar or related sub-policies
D. Contact information for the regional government authority
Compliance requirements the sub-policy is designed to meet
