Network and Security - Foundations_Pre-Assessment:

Question 1

A network is being created for an office, and there is a need for a router that manages internal network connections with no contact with the internet.
Which type of router is needed
A. Inter-provider border router
B. Core router
C. Subscriber edge router
D. Broadband router

Answer 1

Core router

Question 2

An IT manager is designing a new network and needs a device that connects multiple networks.

Which device is needed?

A.Switch
B.Modem
C.Server
D.Router

Answer 2

Router

Question 3

A network in a small office building connects all devices using wired connections with a star topology.

Which type of network is described?

A. LAN
B. WLAN
C. WAN
D. CAN

Answer 3

LAN

Question 4

Users of a network have been experiencing issues. In the course of troubleshooting, an administrator wants to view a list of network addresses and port numbers.

Which command in Linux should be used for this purpose?

A. ifconfig
B. ping
C. traceroute
D. netstat

Answer 4

netstat

Question 5

Users of a network have been experiencing issues. In the course of troubleshooting, an administrator wants to determine which ports have an active connection.

Which command in Windows should be used for this purpose?

A. ipconfig
B. tracert
C. netstat -an
D. arp -a

Answer 5

netstat -an

Question 6

In the process of setting up a Linux-based network system, a technician needs to view network interfaces and their settings.

Which command should be used?

A. ifconfig
B. dig
C. ping
D. nslookup

Answer 6

ifconfig

Question 7

A person is troubleshooting a network issue and needs to test DNS connectivity.

Which Linux command should be used?

A. nslookup
B. ifconfig
C. netstat
D. traceroute

Answer 7

nslookup

Question 8

What is the TCP/IP layer that includes the Transmission Control Protocol (TCP)?

A. Physical or network access
B. Transport
C. Application
D. Network or internet

Answer 8

Transport

Question 9

Which layer of the TCP/IP model includes the Internet Message Access Protocol (IMAP)?

A. Application
B. Physical or network access
C. Network or internet
D. Transport

Answer 9

Transport

Question 10

Which OSI model layer creates, maintains, and disconnects process communications over the network?

A. Application
B. Transport
C. Session
D. Physical

Answer 10

Session

Question 11

Which OSI model layer is responsible for breaking data into packets?

A. Physical
B. Application
C. Session
D. Transport

Answer 11

Application

Question 12

Which layer of the OSI reference model includes all computer programs that interact with the network?

A. Physical
B. Application
C. Transport
D. Presentation

Answer 12

Application

Question 13

What is the OSI model layer that includes the IPX?
A. Transport
B. Application
C. Session
D. Network

Answer 13

Network

Question 14

What is the layer of the OSI model that is responsible for logical addressing?

A. Physical
B. Transport
C. Data link
D. Network

Answer 14

Network

Question 15

What is the layer of the OSI model that translates binary computer language into the language of the transmission medium?

A. Physical
B. Presentation
C. Transport
D. Session

Answer 15

Physical

Question 16

A company uses cloud service to manage its IT resources. The underlying hardware resources are shared by other companies as well.

What is the cloud deployment model described in the scenario?

A. Multi
B. Public
C. Hybrid
D. Private

Answer 16

Public

Question 17

.

An organization uses one cloud service provider for data management and another service provider for development platforms.

What is the cloud deployment model described in the scenario?

A. Hybrid
B. Public
C. Community
D. Multi

Answer 17

Multi

Question 18

A developer has an existing computer with an operating system. The developer wants to use a hypervisor to have access to several virtual machines for a specific project.

Which form of hypervisor fits the need described in the scenario?

A. Proprietary
B. Type 1
C. Open source
D. Type 2

Answer 18

Type 2

Question 19

A company needs to maximize the number of virtual machines that can run on each host.

Which hypervisor should be used?

A. Open source
B. Type 1
C. Type 2
D. Proprietary

Answer 19

Type 1

Question 20

An attacker gains unauthorized access to a computer and modifies browser security settings.

What is the purpose of the attack?

A. Denial of availability
B. Launch point
C. Data export
D. Data modification

Answer 20

Data modification

Question 21

An attacker uses a trojan horse to forward usernames and passwords to an anonymous email address.

What is the purpose of the attack?

A. Launch point
B. Data modification
C. Denial of availability
D. Data export

Answer 21

Data export

Question 22

A hacker purposefully breaks IT security to gain unauthorized access to systems and publish sensitive data.

Which term describes the given hacker?

A. White-hat
B. Black-hat
C. Blue-hat
D. Gray-hat

Answer 22

Black-hat

Question 23

A hacker acts as an information system security professional who is hired to perform penetration testing.

Which term describes the given hacker?

A. Black-hat
B. Gray-hat
C. White-hat
D. Blue-hat

Answer 23

White-hat

Question 24

An organization is the victim of an attack in which an attacker uses a software program to try all possible combinations of a password and user ID.

What is the type of cyberattack described in this scenario?

A. Dictionary attack
B. Session hijacking
C. Brute-force attack
D. Man-in-the-middle attack

Answer 24

Brute-force attack

Question 25

An attacker uses a list of commonly used access credentials to attempt to gain access to an online account.

Which type of cyberattack is described?

A. IP address spoofing
B. Pharming
C. Brute-force attack
D. Dictionary attack

Answer 25

Dictionary attack

Question 26

An organization is the victim of an attack in which an attacker tries to gain access to a system by disguising their computer as another computer.

What is the type of cyberattack described in this scenario?

A. Man-in-the-middle attack
B. Pharming
C. IP address spoofing
D. Brute-force attack

Answer 26

IP address spoofing

Question 27

An organization is the victim of an attack in which an attacker uses a program to take control of a connection by pretending to be each end of the connection.

What is the type of cyberattack described in this scenario?

A. Social engineering
B. Credential stuffing
C. Session hijacking
D. Pharming

Answer 27

Session hijacking

Question 28

An attacker intercepts messages between two parties before transferring them on to the correct destination.

Which type of cyberattack is described?

A. Man-in-the-middle attack
B. Pharming
C. Phishing
D. IP address spoofing

Answer 28

Man-in-the-middle attack

Question 29

An attacker uses a false identification to gain physical access to IT infrastructure.

Which malicious attack strategy is represented in the scenario?

A. Pharming
B. Social engineering
C. Credential stuffing
D. Man-in-the-middle attack

Answer 29

Social engineering

Question 30

An attacker sends emails claiming that an online account has been locked. The email provides a fake link with the goal of tricking the users into providing login credentials.

Which type of cyberattack is described?

A. Phishing
B. Brute-force attack
C. Pharming
D. Social engineering

Answer 30

Phishing

Question 31

An organization is the victim of an attack in which an attacker uses a DNS poisoning strategy to direct users from a legitimate website to the attacker’s website.

What is the type of cyberattack described in this scenario?

A. Session hijacking
B. Dictionary attack
C. Social engineering
D. Pharming

Answer 31

Pharming

Question 32

A company is implementing network security components to ensure a higher level of data trustworthiness.

What is the CIA triad component targeted in the scenario?

A. Adaptation
B. Integrity
C. Confidentiality
D. Availability

Answer 32

Integrity

Question 33

Which CIA triad component is a driver for enabling data encryption?

A. Availability
B. Integrity
C. Consistency
D. Confidentiality

Answer 33

Confidentiality

Question 34

Which component of the IT security CIA triad is a driver for implementing audit and monitoring controls?

A. Integrity
B. Confidentiality
C. Application
D. Availability

Answer 34

Confidentiality

Question 35

What is the component of the CIA triad for IT security that requires that IP packets be retransmitted if the receiving host has an invalid checksum value?

A. Integrity
B. Confidentiality
C. Consistency
D. Availability

Answer 35

Integrity

Question 36

What is an example of a violation of the CIA triad component confidentiality?

A. An employee accidentally modified a customer account incorrectly.
B. A software glitch resulted in several important system files being overwritten.
C. A company has an unacceptably high network downtime during high-traffic time periods.
D. A company stores sensitive customer data without access controls.

Answer 36

A company stores sensitive customer data without access controls.

Question 37

What is an example of a violation of the CIA triad component availability?

A. A company stores sensitive customer data without access controls.
B. An employee accidentally modified a customer account incorrectly.
C. An organization does not have controls in place to limit employee access to sensitive customer data.
D. A new employee has not been issued access credentials to the company’s network for needed information.

Answer 37

A new employee has not been issued access credentials to the company’s network for needed information.

Question 38

A company uses hash value comparisons to determine if the data in a database has changed.

What is the CIA triad component targeted in the scenario?

A. Confidentiality
B. Availability
C. Adaptation
D. Integrity

Answer 38

Integrity

Question 39

A company is updating the devices it provides to employees to ensure that each employee has consistent network access.

What is the CIA triad component targeted in the scenario?

A. Availability
B. Application
C. Integrity
D. Confidentiality

Answer 39

Availability

Question 40

A development team is designing a web application. The team is considering possible errors and exceptions. The team is committed to protecting sensitive information above all else in the event of an error or exception.

What is the security principle implemented in this scenario?

A. Economy of mechanism
B. Fail-safe
C. Separation of duties
D. Least common mechanism

Answer 40

Fail-safe

Question 41

An organization is designing an information system dashboard that can be customized for various departments. The goal is to make the dashboard intuitive, user-friendly, and secure.

Which design principle for security is being incorporated?

A. Separation of duties
B. Human-centeredness
C. Fail-safe
D. Economy of mechanism

Answer 41

Human-centeredness

Question 42

After discovering that employees have been circumventing session timeouts for a company’s internal network, the company is holding meetings to inform employees of the motivation behind the timeouts and risks involved in the workaround.

Which security principle is demonstrated in this scenario?

A. Fail-safe
B. Least common mechanism
C. Least privilege
D. Psychological acceptability

Answer 42

Psychological acceptability

Question 43

An organization needs to define a data classification standard and designate the assets that are critical to the organization’s mission.

Which type of policy should be used?

A. Acceptable use policy
B. Security awareness policy
C. Asset management policy
D. Asset classification policy

Answer 43

Asset classification policy

Question 44

A company needs to specify security operations and management of all IT assets within the seven domains of the IT infrastructure.

Which type of policy should be used?

A. Asset classification policy
B. Asset protection policy
C. Acceptable use policy
D. Asset management policy

Answer 44

Asset management policy

Question 45

An organization has experienced war chalking in the past and wants to take actions to mitigate this type of attack.

What should this organization do?

A. Disable IP broadcast
B. Use Wi-Fi Protected Access 2 (WPA2)
C. Implement intrusion protection software
D. Disable caching

Answer 45

Use Wi-Fi Protected Access 2 (WPA2)

Question 46

A company is specifically worried about DoS/DDoS attacks.

Which strategy should be used as a mitigation against this type of attack?

A. Require complex passwords
B. Implement intrusion protection software
C. Monitor normal traffic patterns
D. Configure switch port tracing

Answer 46

Monitor normal traffic patterns

Question 47

An organization uses an access control in which employees working in similar categories are grouped together and given the same permissions.

What is the form of access control involved in this scenario?

A. Attribute-based
B. Discretionary
C. Rule-based
D. Role-based

Answer 47

Role-based

Question 48

An organization’s network has been the target of several cyberattacks.

Which strategy should the organization use for Wi-Fi hardening?

A. Add more access points
B. Trust local hosts by default
C. Configure the Wi-Fi signal strength to reduce range
D. Use role-based access controls

Answer 48

Configure the Wi-Fi signal strength to reduce range

Question 49

A company set up a firewall to analyze network traffic, considering each packet and how groups of packets are used.

What is the form of access control involved in this scenario?

A. Discretionary
B. Rule-based
C. Context-based
D. Role-based

Answer 49

Context-based

Question 50

A company is developing a data protection methodology in order to improve data protection measures.

What is a strategy that should be used?

A. Require that passwords change weekly
B. Implement wired equivalent privacy (WEP)
C. Avoid the use of asymmetric encryption
D. Implement authentication methodologies

Answer 50

Implement authentication methodologies

Question 51

After a series of attacks, an organization needs to bolster its data protection measures.

Which strategy should be used to increase data protection?

A. Require that passwords change weekly
B. Use transport level encryption
C. Increase wireless access point range
D. Implement wired equivalent privacy (WEP)

Answer 51

Use transport level encryption

Question 52

When assigned to a new project, a user is given temporary permissions as an editor.

Which network security concept does this scenario address?

A. Accounting
B. Availability
C. Authorization
D. Authentication

Answer 52

Authorization

Question 53

A financial company requires a manager to verify any changes made to a client’s electronic profile made by an employee.

What is the principle used to address accounting in this situation?

A. Multifactor authentication
B. Least privilege
C. Separation of duties
D. Anonymous access

Answer 53

Separation of duties

Question 54

In order to reduce the risk of insider attacks, a company assigned role-based permissions to its users.

Which network security concept does this scenario address?

A. Authentication
B. Availability
C. Accounting
D. Authorization

Answer 54

Authorization

Question 55

An organization is updating its information security policies in order to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).

What should this organization expect to be required to do under this legislation?

A. Encrypt sensitive personal data with two or more encryption algorithms
B. Disclose how personal identifiable information is used
C. Disclose the software used to protect personal data
D. Notify individuals each time their personal information is viewed

Answer 55

Disclose how personal identifiable information is used

Question 56

An organization is updating its information security policies in order to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).

What should this organization expect to be required to do under this legislation?

A. Compensate individuals for revenue from the sale of their information
B. Disclose the software used to protect personal data
C. Implement appropriate security safeguards for stored personal data
D. Store personal information in no more than one physical location

Answer 56

Implement appropriate security safeguards for stored personal data

Question 57

A company is creating an information security policy document with many sub-policies.

Which information should be included for each sub-policy to ensure the policy is clear and comprehensive?

A. A rating of the sub-policy’s importance
B. Compliance requirements the sub-policy is designed to meet
C. A list of similar or related sub-policies
D. Contact information for the regional government authority

Answer 57

Compliance requirements the sub-policy is designed to meet