Network Security

Question 1

A company owns four kiosks that are near a shopping center. The owner is concerned about someone accessing the Internet via the kiosk’s wireless network. What should be implemented to provide wireless access only to the employees working at the kiosk?

Answer 1

MAC filtering

Question 2

A malicious user is blocking wireless devices from connecting to the Internet when people are in the coffee shop. What is the malicious user performing?

Answer 2

Frequency jamming

Question 3

In what type of attack does the potential intruder trick a user into providing sensitive information?

Answer 3

Social engineering

Question 4

A technician is concerned about security and is asked to set up a network management protocol. Which network management protocol will provide the best security?

Answer 4

SNMPv3

Question 5

Which of the following network concepts is prevented by using a split-horizon?

Answer 5

Routing loops

Question 6

An outside organization has completed a penetration test for a company. One of the report items reflects the ability to read SSL traffic from the webserver. What is the MOST likely mitigation for this reported item?

Answer 6

Ensure patches are deployed

Question 7

A company has just installed a VoIP system on their network. Prior to the installation, all of the switches were upgraded to layer 3 capable in order to more adequately route packets. What network segmentation technique is this an example of?

Answer 7

Performance optimization

Question 8

A network technician wants to allow HTTP traffic through a stateless firewall. The company uses the 192.168.0.0/24 network. Which of the following ACLs should the technician implement?

Answer 8

Permit SRCIP 192.168.0.0/24 Sport: ANY DSTIP: ANY DPORT 80

Question 9

Which of the following threats can policies, procedures, and end-user training help to effectively mitigate?

Answer 9

Social engineering attempts

Question 10

You are working as a network administrator and are worried about the possibility of an insider threat. You want to enable a security feature that would remember the Layer 2 address first connected to a particular switch port to prevent someone from unplugging a workstation from the switch port and connecting their own laptop to that same switch port. Which of the following security features would BEST accomplish this goal?

Answer 10

Sticky MAC

Question 11

A network administrator receives a call asking for assistance with connecting to the network. The person on the phone asks for the IP address, subnet mask, and VLAN required to access the network. What type of attack might this be?

Answer 11

Social engineering

Question 12

Your physical security manager, Janice, wants to ensure she can detect any unauthorized access to the data center. Which technology should be used to meet her requirement?

Answer 12

Video surveillance

Question 13

A network engineer is designing a campus-wide wireless network. Wireless access points will be distributed across the campus for maximum availability. The network is to be designed to handle a large number of roaming wireless devices. What feature should he employ?

Answer 13

LWAPP

Question 14

Which protocol is used to establish a secure and encrypted VPN tunnel that can be initiated through a web browser?

Answer 14

SSL

Question 15

Your company has purchased a new building down the street for its executive suites. You have been asked to choose the best encryption for AP4 and AP5 in order to establish a secure wireless connection between the main building and the executive suites.

Answer 15

WPA2-CCMP

Question 16

A new network administrator is hired to replace a consultant who ran the network for several months and whose contract was just canceled. After a month of working on the network, the new network administrator realized some network issues and configuration changes in the server settings. The log files on the servers do not contain any error messages related to the issues or changes. What could be the problem?

Answer 16

A backdoor has been installed to access the network

Question 17

Barbara, an employee, has properly connected her personal wireless router to a network jack inside her office. The router cannot get a DHCP address even though her corporate laptop can get a DHCP address when connected to the same jack. Barbara checked the router’s configuration to ensure it is set up to obtain a DHCP address. Which of the following is the MOST likely reason that the router is not getting a DHCP address?

Answer 17

The administrator has implemented a feature that only allows whitelist MAC addresses to connect to the network

Question 18

You are trying to increase your network’s security by implementing a system of two-factor authentication (2FA). Which of the following authentication factors should you choose to meet this requirement?

Answer 18

Smartcard and PIN

Question 19

A new piece of malware attempts to exfiltrate user data by hiding the traffic and sending it over a TLS-encrypted outbound traffic over random ports. What technology would be able to detect and block this type of traffic?

Answer 19

Application-aware firewall

Question 20

Your company has just installed a new web server that will allow inbound connections over port 80 from the internet while not accepting any connections from the internal network. You have been asked where to place the web server in the network architecture and configure the ACL rule to support the requirements. The current network architecture is segmented using a firewall to create the following three zones:

ZONE INTERFACE, IP address
PUBLIC, eth0, 66.13.24.16/30
DMZ, eth1, 172.16.1.1/24
PRIVATE, eth2, 192.168.1.1/24

Based on the requirements and current network architecture above, what is the BEST recommendation?

Answer 20

Put the server in the DMZ with an inbound rule from eth0 to eth1 that allows port 80 traffic to the server’s IP

Question 21

What is a common technique used by malicious individuals to perform a man-in-the-middle attack on a wireless network?

Answer 21

Creating an evil twin

Question 22

A technician needs to add new features to existing hardware devices. Which of the following should be performed to add the new features?

Answer 22

Firmware updates

Question 23

Rick is upset that he was passed over for a promotion. He decides to take revenge on his nemesis, Mary, who got the job instead of him. Rick sets up a man-in-the-middle attack against Mary’s computer by redirecting any layer 2 traffic destined for the gateway to his own computer first. Rick is careful only to affect the traffic associated with Mary’s computer and not the entire network. Which type of man-in-the-middle attack is Rick conducting against Mary?

Answer 23

ARP cache poisoning

Question 24

A home user reports to a network technician that the Internet is slow. The network administrator discovers that multiple unknown devices are connected to the access point. What is MOST likely the cause of this issue?

Answer 24

A successful WPS attack has occurred

Question 25

An employee of a highly-secure company needs to use facial recognition in addition to a username/password to establish a VPN successfully. What BEST describes this methodology?

Answer 25

Two-factor authentication

Question 26

You are working at the service desk as a network security technician and just received the following email from an end-user who believes a phishing campaign is being attempted.

From: user@diontraining.com
To: abuse@diontraining.com
Subject: You won a free iPhone!

Dear Susan,

You have won a brand new iPhone!
Just click the following link to provide your address so we can ship it out to you this afternoon: (http://www.freephone.io:8080/winner.php)

What should you do to prevent any other employees from accessing the link in the email above while still allowing them access to any other webpages at the domain freephone.io?

Answer 26

Add http://www.freephone.io:8080/winner.php to the browser’s group policy block list

Question 27

Your network is currently under attack from multiple hosts outside of the network. Which type of attack is most likely occurring?

Answer 27

DDoS

Question 28

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the back-end authentication system supports EAP and TTLS. What should the network administrator implement?

Answer 28

802.1x using EAP with MSCHAPv2

Question 29

A facility would like to verify each individual’s identity before allowing access to its server room and data center. Additionally, the building should ensure that users do not tailgate behind other users. What solution would BEST meet these requirements?

Answer 29

Implement a biometric reader at the datacenter entrance and require passage through a mantrap

Question 30

A company is installing several APs for a new wireless system that requires users to authenticate to the domain. The network technician would like to authenticate to a central point. What solution would be BEST to achieve this?

Answer 30

RADIUS server and access point

Question 31

(This is a simulated Performance-Based Question. On the real certification exam, you will be asked to drag-and-drop the correct antennas onto the APs.)

Your company has purchased a new building down the street for its executive suites. You have been asked to select an antenna for AP1, AP2, and AP3 to establish a wireless connection inside the main building for visitors to use.

Answer 31

5 dB directional right for AP1, 5 dB omnidirectional for AP2, and 5 dB directional left for AP3

Question 32

Sarah connects a pair of switches using redundant links. When she checks the links’ status, one of them is not active, even when she changes ports. What MOST likely disabled the redundant connection to the other switch?

Answer 32

Spanning tree

Question 33

A technician has finished configuring AAA on a new network device. However, the technician cannot log into the device with LDAP credentials but can with a local user account. What is the MOST likely reason for the problem?

Answer 33

Shared secret key is mismatched

Question 34

An increased amount of web traffic to an e-commerce server is observed by a network administrator but without increasing the number of financial transactions. Which kind of attack might the company be experiencing?

Answer 34

DoS

Question 35

What access control model will a network switch utilize if it requires multilayer switches to use authentication via RADIUS/TACACS+?

Answer 35

802.1x

Question 36

A company has a secondary datacenter in a remote location. The data center staff handles cable management and power management. The building’s security is also handled by the data center staff with little oversight from the company. Which of the following should the technician do to follow the best practices?

Answer 36

Ensure rack security is performed

Question 37

What would provide the highest level of physical security for the client if they are concerned with the theft of equipment from the data center?

Answer 37

Man trap

Question 38

Your company has just hired a contractor to attempt to exploit a weakness in your network to identify all their vulnerabilities. This person has been permitting to perform these actions and only conduct their actions within the contract’s scope of work. Which of the following will be conducted by the contractor?

Answer 38

Penetration testing

Question 39

A network technician is tasked with designing a firewall to improve security for an existing FTP server on the company network and is accessible from the Internet. The security personnel are concerned that the FTP server is compromised and is possibly being used to attack other company servers. What is the BEST way to mitigate this risk?

Answer 39

move the sever to the company’s DMZ

Question 40

An outside technician notices that a SOHO employee who is logged into the company VPN has an unexpected source IP address. What is the employee MOST likely using?

Answer 40

Proxy server

Question 41

A NAC service has discovered a virus on a client’s laptop. What location should the NAC service put the laptop in?

Answer 41

Quarantine network

Question 42

You work for a fast-food restaurant installing a new electronic signboard to display their menu items to customers. The signboard is connected to the network. It came preconfigured with a public IP address so that the central office can connect to it remotely to update the menu items and prices being displayed. One of the employees unboxed the new device, installed this new signboard by hanging it on the wall and plugging it into the network. When you arrive at work the next day, you see that the menu items have all been changed to include vulgar names and prices like $6.66. It appears the signboard has been hacked and is being used for digital vandalism. What is the MOST likely reason the attackers were able to access the signboard?

Answer 42

The signboard’s default credentials were never changed during installation

Question 43

The network administrator noticed that the border router has high network capacity loading during non-working hours. This load is causing web services outages. Which of the following is the MOST likely cause of the issue?

Answer 43

Distributed DoS

Question 44

A company is implementing enhanced user authentication for system administrators accessing the company’s confidential servers. They intend to use two-factor authentication to accomplish this. Which of these BEST represents two-factor authentication?

Answer 44

Password and key fob

Question 45

Which of the following provides accounting, authorization, and authentication via a centralized privileged database, as well as challenge/response and password encryption?

Answer 45

TACACS+

Question 46

A technician is installing a network firewall and would like to block all WAN to LAN traffic that is using ports other than the default ports for Internet and email connectivity. What rule should the technician verify FIRST?

Answer 46

An implicit deny is enabled

Question 47

A company has implemented the capability to send all log files to a central location by utilizing an encrypted channel. The log files are sent to this location to be reviewed. A recent exploit has caused the company’s encryption to become insecure. What would be required to resolve the exploit?

Answer 47

Install recommended updates

Question 48

Which of the following must be added to a VLAN with a gateway to add security to it?

Answer 48

An ACL

Question 49

What is the term for exploiting a weakness in a user’s wireless headset to compromise their smartphone?

Answer 49

Bluejacking

Question 50

Which of the following should be implemented to allow wireless network access for clients in the lobby using a password key?

Answer 50

WPA2

Question 51

A technician is configuring a computer lab at a school. The computers need to be able to communicate with each other, but students using computers should not access the Internet. What rule on the firewall should the technician configure to prevent student access to the Internet?

Answer 51

Block all LAN to WAN traffic

Question 52

The corporate network uses a centralized server to manage credentials for all of its network devices. What type of server is MOST likely being used in this configuration?

Answer 52

RADIUS

Question 53

A network technician needs to protect IP-based servers in the network DMZ from an intruder trying to discover them. What should the network technician do to protect the network from ping sweeps?

Answer 53

Block ICMP at the firewall

Question 54

(This is a simulated Performance-Based Question. On the real certification exam, you would be asked to drag-and-drop the correct encryption onto the APs.)

Your company has purchased a new building down the street for its executive suites. You have been asked to choose the BEST encryption for AP1, AP2, and AP3 to establish a wireless connection inside the main building for visitors to use. Your boss has stated that the main building’s internal wireless network is for visitors’ use only and MUST NOT require the visitors to set up any special configuration on their devices to connect.

Answer 54

Open

Question 55

What is used to authenticate remote workers who connect from offsite?

Answer 55

802.1x

Question 56

What is BEST used to perform a one-time temporary posture assessment in a NAC environment?

Answer 56

Non-persistent agent

Question 57

What anti-malware solution should be implemented to deter attackers from loading custom files onto a distributed target platform?

Answer 57

Network-based anti-malware

Question 58

The physical security manager has asked you to assist with his risk assessment of his proposed security measures. He is concerned that during a power outage, the server room might be targeted for attack. Luckily, he has many different protection measures in place to keep intruders out of the server room. During a power outage, which of the following security controls would still be usable?

Answer 58

Door locks

Question 59

Users connecting to an SSID appear to be unable to authenticate to the captive portal. Which of the following is the MOST likely cause of the issue?

Answer 59

RADIUS

Question 60

A network architect is designing a highly-redundant network with a distance vector routing protocol to prevent routing loops. The architect has configured the routers to advertise failed routes with the addition of an infinite metric. What method should the architect utilize?

Answer 60

Route poisoning

Question 61

You want to ensure that only one person can enter or leave the server room at a time. Which of the following physical security devices would BEST help you meet this requirement?

Answer 61

Mantrap

Question 62

The network technician has received a large number of complaints from users that there is poor network performance. The network technician suspects a user may have created a malicious flood on the network with many ping requests. What should the technician do?

Answer 62

Block all ICMP request

Question 63

A network technician is responsible for the basic security of the network. Management has asked if there is a way to improve the level of access users have to the company file server. Right now, any employee can upload and download files with basic system authentication (username and password). What should he configure to increase security?

Answer 63

Multi-factor authentication

Question 64

A project lead reviews the statement of work for an upcoming project that is focused on identifying potential weaknesses in the organization’s internal and external network infrastructure. As part of the project, a team of external contractors will attempt to employ various attacks against the organization. The work statement specifically addresses the utilization of an automated tool to probe network resources in an attempt to develop logical diagrams indicating weaknesses in the infrastructure. Based on this scope of work, what type of activity is to be performed?

Answer 64

Penetration testing

Question 65

A network engineer has been tasked with designing a network for a new branch office with approximately 50 network devices. This branch office will connect to the other offices via a MAN. Many of the other branch offices use off-the-shelf SOHO equipment. It is a requirement that the routing protocol chosen use the least amount of overhead. Additionally, all the computers on the network will be part of a single VLAN. The connection between these computers should produce the highest throughput possible in the most cost-effective manner. What devices would be MOST appropriate?

Answer 65

A router should be used as a gateway device, with RIPv2 as the routing protocol. The computers should be connected with a Gigabit Layer 2 switch

Question 66

A user is receiving certificate errors in other languages within their web browser when accessing your company’s website. Which of the following is the MOST likely cause of this issue?

Answer 66

Man in the middle

Question 67

The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?

Answer 67

WPA personal

Question 68

A network technician has designed a network consisting of an external Internet connection, a DMZ, an internal private network, and an administrative network. From which network segment should all routers and switches be configured to accept SSH connections?

Answer 68

Administrative network allowing only admin access

Question 69

Mallory is unhappy with her job at a large beverage company. She decides to steal sensitive information about the company’s proprietary formula for a new energy drink. She installs a keylogger onto some of the product team’s workstations, which then emails out the information to her personal email account each evening so she can post the information to WikiLeaks. How would you best classify Mallory and her actions?

Answer 69

Insider threat

Question 70

A company has had several virus infections over the past few months. The cause was vulnerabilities in the software applications in use. What should an administrator implement to prevent future outbreaks?

Answer 70

Patch management

Question 71

A network technician must allow HTTP traffic from the Internet over port 80 to an internal server running HTTP over port 81. Which of the following is this an example of?

Answer 71

Port forwarding

Question 72

What benefit does network segmentation provide?

Answer 72

Security through isolation

Question 73

Which type of security measure is used to control access to an area by using a retina scan?

Answer 73

Biometic

Question 74

After an employee connected one of the switch ports on a SOHO router to the office’s wall jack, other employees in the building started losing network connectivity. Which of the following could be implemented on the company’s switch to prevent this type of loss of connection?

Answer 74

DHCP snooping

Question 75

During a recent penetration test, it was discovered that your company’s wireless network could be reached from the parking lot. The Chief Security Officer has submitted a change request to your network engineering team to solve this issue because he wants to ensure that the wireless network is only accessible from within the building. Based on these requirements, which of the following settings should be changed to ensure the wireless signal doesn’t extend beyond your building’s interior while maintaining a high level of availability to your users?

Answer 75

Power level

Question 76

A technician wants to implement a network for testing remote devices before connecting to the corporate network. What could the technician implement to meet this requirement?

Answer 76

Quarantine

Question 77

What common technique is used by malicious individuals to perform a man-in-the-middle attack on a wireless network?

Answer 77

Creating an evil twin

Question 78

A network administrator follows the best practices to implement firewalls, patch management, and policies on his network. Which of the following should be performed to verify that the security controls are in place?

Answer 78

Penetration testing

Question 79

A network technician needs to set up two public-facing web servers and ensure that the intruder cannot access its intranet if the servers are compromised. Which of the following methods should the technician use?

Answer 79

Place them in the demilitarized zone

Question 80

A user is receiving certificate errors in other languages in their web browser when accessing the company’s main intranet site. Which of the following is the MOST likely cause of the issue?

Answer 80

Man in the middle

Question 81

A client is concerned about a hacker compromising a network to gain access to confidential research data. What could be implemented to redirect any attackers on the network?

Answer 81

Honeypot

Question 82

A firewall technician configures a firewall to allow HTTP traffic as follows:

Source IP Zone Dest IP Zone Port Action
Any Untrust Any DMZ 80 Allow The organization should upgrade to what technology to prevent unauthorized traffic from traversing the firewall?

Answer 82

Application aware firewall

Question 83

A disgruntled employee executes a man-in-the-middle attack on the company network. Layer 2 traffic destined for the gateway is redirected to the employee’s computer. What type of attack is this an example of?

Answer 83

ARP cache poisoning

Question 84

When a switch has multiple paths to reach the root bridge, what state is the port with the LEAST desirable path placed by the spanning tree protocol?

Answer 84

Blocking

Question 85

Which attack utilizes a wireless access point made to look as if it belongs to the network to eavesdrop on the wireless traffic?

Answer 85

Evil twin

Question 86

What is the BEST way to secure the most vulnerable attack vector for a network?

Answer 86

Provide end user awareness training for office staff

Question 87

You want to install a perimeter device on the network that will help ensure FTP commands are not being sent out over port 25. Which of the following devices would allow for deep packet inspection to catch this type of activity?

Answer 87

Layer 7 firewall

Question 88

Which of the following is the BEST way to regularly prevent different security threats from occurring within your network?

Answer 88

User training and awareness