Network Security

Question 1

Which motion detection system has a reflective panel to create zones of detection?

Microwave

Vibration

Passive infrared (PIR)

Answer 1

Passive infrared (PIR)

Passive infrared (PIR) contains a reflective panel that creates different zones of detection. The reflective panel is distinctive to PIR sensors

Question 2

You need to deploy a surveillance camera in an area that requires you to record the equipment the entire time it has entered your datacenter to the time it is installed. Which type of surveillance camera should you deploy?

CCTV

PTZ

Coaxial

Answer 2

PTZ

Pan tilt zoom (PTZ) cameras allow for intervention of a situation. In situations where you must track and record equipment as it is moved, such as in casino environments, PTZ cameras should be used

Question 3

You work for a library and require an asset tracking system that is inexpensive and will notify you when equipment leaves the building. Which type of system should you purchase and deploy?

Bluetooth

Passive RFID

802.11 asset tracking

Answer 3

Passive RFID

A passive RFID system is inexpensive because the transponder powers the RFID tag. Transponders located at egress points of the library will achieve the requirement

Question 4

You require a physical security system that authenticates and authorizes employees into an area. Which system should you implement?

Key fobs

ID badges

Biometrics

Answer 4

Biometrics

Key fobs, ID badges, and combination locks do not provide authentication of employees. Only biometrics will provide a factor of authentication

Question 5

Which is a physical authentication system that requires both a personal identification number (PIN) and the physical card?

Key fobs

Biometrics

Smart cards

Answer 5

Smart cards

Smart cards are the size of a credit card and contain an integrated circuit chip (ICC). The ICC contains a user’s private key that is unlocked with a PIN code

Question 6

Which principle describes the process of verification of a user’s identity?

Authentication

Authorization

Accounting

Answer 6

Authentication

Authentication is the process of verification of the user’s identify. It can be performed with various factors such as something you know, you are, or have, in addition to other factors

Question 7

Which authentication system is an open standard originally proposed by the Internet Engineer Task Force (IETF)?

RADIUS

TACACS+

Kerberos

Answer 7

RADIUS

Remote Authentication Dial-In User Service (RADIUS) was originally proposed by the IETF and became an open standard for authentication, often used with 802.1x

Question 8

Which authentication system can use Advanced Encryption Standard (AES) encryption for encryption of user credentials?

RADIUS

TACACS+

Kerberos

Answer 8

Kerberos

Kerberos is an authentication system that can use Data Encryption Standard (3DES) and Advanced Encryption Standard (AES) encryption for encryption of user credentials. It is exclusively used by Microsoft Active Directory as an authentication protocol

Question 9

Which protocol is often used with single sign-on (SSO) to exchange credentials?

LDAP

SAML

ADFS

Answer 9

SAML

Security Assertion Markup Language (SAML) is an open-standard XML-based framework used for transmitting authentication and authorization information of users and computers

Question 10

Which principle describes the process of verification of a user’s permissions?

Authentication

Authorization

Accounting

Answer 10

Authorization

Authorization is the process of verifying whether a user has permission for a specific action; it is followed by the authentication of the user

Question 11

What protocol and port number does LDAP use for directory lookups?

TCP/389

TCP/1812

UDP/389

Answer 11

TCP/389

The protocol of TCP and the port number of 389 is used for LDAP lookups

Question 12

Which authentication factor is an example of personal human characteristic?

Typing your password

A location you are in

Your voice

Answer 12

Your voice

Voice recognition is an example of a personal human characteristic

Question 13

Which authentication factor is an example somewhere you are?

Your IP address

An RFID tag

Your MAC address

Answer 13

Your IP address

Your IP address is an example of an authentication factor of somewhere you are. Geographical IP lookups via a Geo-IP database helps provide your approximate location

Question 14

Which Cisco proprietary protocol is used to transmit credentials for 802.1x authentication systems?

LEAP

EAP

PEAP

Answer 14

LEAP

Lightweight Extensible Authentication Protocol (LEAP) is a Cisco proprietary protocol that was developed and is used by Cisco devices for authentication via 802.1x

Question 15

What is the proper terminology for a switch or wireless access point (WAP), when 802.1x is implemented?

Authenticating server

Authenticator

Supplicant

Answer 15

Authenticator

A switch or WAP is considered an 802.1x authenticator. The authenticator directly communicates between the supplicant and the authenticating server to relay credentials

Question 16

You need to restrict a switch port to a maximum of two devices. What should you implement to guarantee only two devices can communicate on the switch port?

802.1x

ACLs

Port security

Answer 16

Port security

Port security can restrict a switch port to a specific number of ports configured by the administrator. The specific MAC addresses can be preconfigured or learned dynamically

Question 17

You are implementing a public guest wireless network and require that users accept and acceptable use policy (AUP). What should you implement to accomplish the goal?

ACLs

MAC filtering

Captive portal

Answer 17

Captive portal

A captive portal will capture the users’ first web page request and redirect them to either a login page or AUP

Question 18

Which wireless protocol introduced message integrity checks (MIC) and Temporal Key Integrity Protocol (TKIP)?

WPA

WEP

WPA2

Answer 18

WPA

Wi-Fi Protected Access (WPA) replaced WEP as a wireless protocol and introduced many new security features, such as MIC and TKIP

Question 19

You are implementing a wireless network and need to make sure that only hosts that have up-to-date antivirus protection can join. Which technology should you implement?

NAC

802.1x

EAP-TLS

Answer 19

NAC

Network access control (NAC) is used in conjunction with 802.1x and can restrict clients if specific security policies are not met, such as current antivirus and software updates

Question 20

Which network attack involves malicious code that is dormant until specific conditions are met?

Evil twin

Logic bomb

Spoofing

Answer 20

Logic bomb

A logic bomb is malicious code that is not activated until specific conditions are met that triggers the code

Question 21

Which statement accurately describes an exploit?

A known weakness in the operating system

A known operating system security flaw

A technique to gain unauthorized access

Answer 21

A technique to gain unauthorized access

An exploit is a script, code, application, or technique to gain unauthorized access to an operating system through a vulnerability

Question 22

Which algorithm is commonly used with file hashing techniques?

RC4

MD5

HMAC

Answer 22

MD5

SHA1 and MD5 are two common file hashing algorithms used to validate the integrity of a file

Question 23

Which attack involves the attacker impersonating both side of a conversation between two hosts?

MitM

Deauthentication

DoS

Answer 23

MitM

A man-in-the-middle attack allows the attacker to impersonate both parties involved in a network conversation

Question 24

Which console-based management protocol has built-in security?

SSH

SCP

HTTPS

Answer 24

SSH

Secure Shell (SSH) negotiates encryption when a connection is made. SSH is used a replacement for the unencrypted Telnet protocol

Question 25

Which mitigation technique is configured on user-facing switch ports to protect the Spanning Tree Protocol (STP)?

Root Guard

DHCP snooping

BPDU Guard

Answer 25

BPDU Guard

Bridge Protocol Data Unit (BPDU) Guard is configured on user-facing switchports to protect the STP protocol from being attacked. If another switch is connected to a switch port protected with BPDU Guard and BPDUs are received, the switch port is placed into an err-disable state