Network Security Flashcards

Question 1

Q

What do most firewalls use as the last rule?

Answer

A

Implicit deny rule

Question 2

Q

What type of cloud-based service is webmail?

Answer

A

Software as a Service (SaaS)

Question 3

Q

What type of attack can a flood guard help prevent?

Answer

A

SYN flood attack

Question 4

Q

What can a company use to distribute web-based requests to several web servers hosting the same content?

Answer

A

Load balancer

Question 5

Q

What are two common protocols used to secure FTP?

Answer

A

File Transfer Protocol Secure (FTPS) and Secure FTP (SFTP)

Question 6

Q

A network is using CAT 5 cable. What can prevent data loss?

Answer

A

Shielding

Question 7

Q

What protocol does SFTP use?

Answer

A

Secure FTP (SFTP) uses Secure Shell (SSH) over port 22.
Provides restarting and continuing interrupted transfers
Listing directories
Removing remote files

Question 8

Q

What is a wireless device that provides unauthorized access to a network?

Answer

A

Rogue access point

Question 9

Q

What is a wireless device that provides unauthorized access to a network and uses the same SSID as an authorized wireless access point?

Answer

A

Evil twin

Question 10

Q

What is needed to use WPA2 with an 802.1X server instead of using pre-shared keys?

Answer

A

Remote Authentication Dial-in User Service (RADIUS)

Question 11

Q

What should be used to prevent wireless users from accessing other wireless computers through a wireless access point?

Answer

A

Isolation mode

Question 12

Q

You want to reduce the success of war driving. What can you do to the WAP?

Answer

A

Reduce the power output of the WAP (or adjust the antenna placement)

Question 13

Q

What protocol provides the best security for a wireless network?

Question 14

Q

What wireless security protocol has been hacked and should not be used?

Question 15

Q

What should be done with the SSID for security?

Answer

A

Change default name

Question 16

Q

What can you do with the SSID to hide a wireless network from casual users (but not informed attackers)?

Answer

A

Disable said broadcasting

Question 17

Q

What can be used to prevent specific wireless computers from accessing a wireless network?

Answer

A

MAC filtering

Question 18

Q

What protocol is used to monitor network devices?

Answer

A

Simple Network Management Protocol (SNMP)

Question 19

Q

An organization wants to allow 300 employees to remotely access the corporate network. What is a good choice?

Answer

A

Virtual private network (VPN) concentrator

Question 20

Q

What would an organization create to host Internet-based servers but protect servers on an internal network?

Answer

A

Demilitarized zone (DMZ)

Question 21

Q

What port would you block to prevent Telnet traffic?

Question 22

Q

What port does TFTP use?

Answer

A

Trivial File Transfer Protocol (TFTP) uses port 69

Question 23

Q

Between UDP and TCP, what does FTP use?

Answer

A

File Transfer Protocol (FTP) uses TCP

Question 24

Q

Between UDP and TCP, what does TFTP use?

Answer

A

Trivial File Transfer Protocol (TFTP) uses UDP

Question 25

Q

What port does SCP use?

Answer

A

Secure Copy (SCP) uses port 22

Question 26

Q

What port does SMTP use?

Answer

A

Simple Mail Transfer Protocol (SMTP) uses port 25

Question 27

Q

What port does HTTPS use?

Question 28

Q

What can an attacker check to determine the services running on a server?

Answer

A

Open ports

Question 29

Q

What should you do with unused ports on a switch for better security?

Answer

A

Disable them

Question 30

Q

Your organization uses switches for connectivity. Of the following choices, what will protect the switch?
(A)Disable unused MAC addresses
(B)Disable unused ports
(C)Disable unused IPv4 addresses
(D)Disable unused IPv6 addresses

Answer

A

Disabling unused ports is a part of basic port security.

Question 31

Q

Of the following choices, what represents the best choice to prevent intrusions on an individual computer?
(A)HIDS
(B)NIDS
(C)Host-based firewall
(D)Network-based firewalls

Answer

A

A host-based firewall can help prevent intrusions on individual computers such as a server or desktop computer.

Question 32

Q

Of the following choices, what controls traffic between networks?
(A)A firewall
(B)Load balancer
(C)VPN concentrator
(D)Protocol analyzer

Answer

A

A firewall controls traffic between networks using rules within an ACL.

Question 33

Q

An organization has a web security gateway installed. What function is this performing?
(A)MAC filtering
(B)Caching content
(C)Hiding internal IP addresses
(D)Content filtering

Answer

A

A web security gateway performs content filtering (including filtering for malicious attachments, malicious code, blocked URLs and more).

Question 34

Q

Your organization hosts a large web site served by multiple servers. They need to optimize the workload and distribute it equally among all the servers. What should they use?
(A)Proxy server
(B)Load balancer
(C)Web security gateway
(D)Security appliance

Answer

A

A load balancer can optimize and distribute data loads across multiple computers or multiple networks.

Question 35

Q

Of the following choices, what is the best choice for a device to filter and cache content from web pages?
(A)Web security gateway
(B)VPN concentrator
(C)Proxy server
(D)MAC filtering

Answer

A

A proxy server includes the ability to filter and cache content from web pages.

Question 36

Q

What can an administrator use to detect malicious activity after it occurred?
(A)Firewall
(B)Sniffer
(C)Port scanner
(D)IDS

Answer

A

An intrusion detection system (IDS) detects malicious activity after it has occurred.

Question 37

Q

Of the following choices, what would detect compromises on a local server?
(A)HIDS
(B)NIPS
(C)Firewall
(D)Protocol analyzer

Answer

A

A host-based intrusion detection system (HIDS) can detect attacks (including successful attacks resulting in compromises) on local systems such as workstations and servers.

Question 38

Q

Of the following choices, what represents the best choice for a system to detect attacks on a network, but not block them?
(A)NIDS
(B)NIPS
(C)HIDS
(D)HIPS

Answer

A

A network-based intrusion detection system (NIDS) will detect attacks, but will not necessarily block them (unless it is an active NIDS).

Question 39

Q

Your organization is using a NIDS. The NIDS vendor regularly provides updates for the NIDS to detect known attacks. What type of NIDS is this?
(A)Anomaly-based
(B)Signature-based
(C)Prevention-based
(D)Honey-based

Answer

A

Signature-based, network-based intrusion detection systems (NIDS) use signatures similar to antivirus software, which are downloaded regularly as updates.

Question 40

Q

You are preparing to deploy an anomaly-based detection system to monitor network activity. What would you create first?
(A)Flood guards
(B)Signatures
(C)Baseline
(D)Honeypot

Answer

A

An anomaly-based (also called heuristic or behavior-based) detection system compares current activity with a previously created baseline to detect any anomalies or changes.

Question 41

Q

Of the following choices, what best describes the function of an IPS?
(A)Detect attacks
(B)Stop attacks in progress
(C)Prevent attackers from attacking
(D)Notify appropriate personnel of attacks

Answer

A

The primary purpose of an intrusion prevention system (IPS) is to stop attacks in progress.

Question 42

Q

Of the following choices, what provides active protection for an operating system?
(A)NIDS
(B)NIPS
(C)HIDS
(D)HIPS

Answer

A

A host-based intrusion prevention system (HIPS) provides active protection for an individual host, including its operating system.

Question 43

Q

Of the following choices, what most accurately describes a NIPS?
(A)Detects and takes action against threats
(B)Provides notification of threats
(C)Detects and eliminates threats
(D)Identifies zero day vulnerabilities

Answer

A

A network-based intrusion prevention system (NIPS) attempts to detect and mitigate threats by taking action to block them.

Question 44

Q

An IPS is monitoring data streams looking for malicious behavior. When it detects malicious behavior, it blocks the traffic. What is this IPS using?
(A)Smurf detection
(B)Honeypot
(C)Content inspection
(D)Port scanner

Answer

A

Many intrusion prevention systems (IPSs) use content inspection techniques to monitor data streams in search of malicious code or behaviors.

Question 45

Q

A user plugged a cable into two RJ-45 wall jacks connected to unused ports on a switch. In a short period, this disrupted the overall network performance. What should you do to protect against this problem in the future?
(A)Enable loop protection on the switch
(B)Disable port security
(C)Create DMZ
(D)Use a VLAN

Answer

A

Loop protection such as Spanning Tree Protocol (STP) protects against the switching loop problem described in the scenario.

Question 46

Q

What can you use to logically separate computers in two different departments within a company?
(A)A hub
(B)A VLAN
(C)NAT
(D)A flood guard

Answer

A

A virtual local area network (VLAN) can group several different computers into a virtual network, or logically separate the computers in two different departments.

Question 47

Q

Most firewalls have a default rule placed at the end of the firewalls ACL. Which of the following is the most likely default rule?
(A)Deny any any
(B)Deny ICMP all
(C)Allow all all
(D)Allow TCP all

Answer

A

A deny any any or drop all statement is placed at the end of an ACL and enforces an implement deny strategy.

Question 48

Q

Of the following choices, what best describes a method of managing the flow of network traffic by allowing or denying traffic based on ports, protocols, and addresses?
(A)Implicit deny
(B)Firewall rules
(C)Proxy server content filter
(D)Firewall logs

Answer

A

Firewalls use firewall rules (or rules within an ACL) to identify what traffic is allowed and what traffic is denied. A basic packet filtering firewall can filter traffic based on ports, protocols, and addresses.

Question 49

Q

Your network includes a subnet that hosts accounting servers with sensitive data. You want to ensure that users in the Marketing department (on a separate subnet) cannot access these servers. Of the following choices, what would be the easiest to achieve the goal?
(A)Enable load balancing
(B)Enable port security
(C)Use an ACL
(D)Add a host-based firewall to each server.

Answer

A

An access control list (ACL) on a router can block access to the subnet from another subnet.

Question 50

Q

You are deploying a remote access server for your organization. Employees will use this to access the network while on the road. Of the following choices, what must you configure?
(A)NAC
(B)ACLs
(C)MACs
(D)NAT-T

Answer

A

Access control lists within a firewall must include rules to open the appropriate ports.

Question 51

Q

You are reviewing a firewall's ACL and see the following statement: drop all. What security principle does this enforce?
(A)Least privilege
(B)Integrity
(C)Availability
(D)Implicit deny

Answer

A

A drop all or deny any any statement is placed at the end of an access control list (ACL) and enforces an implement deny strategy.

Question 52

Q

Firewalls include rules in an ACL. Which of the following would block network traffic that isn't in any of the previously defined rules?
(A)Explicit allow
(B)Implicit allow
(C)Explicit deny
(D)Implicit deny

Answer

A

Most firewalls have an implicit deny statement (such as drop all or deny any any) at the end of an access control list (ACL) to block all traffic not previously allowed.

Question 53

Q

An organization recently created a security policy. Of the following choices, what is a technical implementation of security policy?
(A)Training
(B)Acceptable use acknowledgement
(C)Implicit deny rule in a firewall
(D)Job rotation

Answer

A

Firewall rules (including the implicit deny rule) provide technical implementation of security policies. The other choices are not technical controls.

Question 54

Q

Which of the following IP addresses are on the same subnet?
   I. 192.168.1.50, 255.255.255.192
   II. 192.168.1.100, 255.255.255.192
   III. 192.168.1.165, 255.255.255.192
   IV. 192.168.1.189, 255.255.255.192
(A)I and II
(B)II and III
(C)III and IV
(D)All of them

Answer

A

Both 192.168.1.165 and 192.168.1.189 are on the same subnet since bits 25 and 26 are the same (10). If a calculator is needed on the exam (such as for a problem like this), it will be available.

Question 55

Q

Of the following choices, what can be used to allow access to specific services from the Internet while protecting access to an internal network?
(A)SSH
(B)Implicit deny
(C)DMZ
(D)Port security

Answer

A

A demilitarized zone (DMZ) can provide access to services (hosted on servers) from the Internet while providing a layer of protection for the internal network.

Question 56

Q

Of the following choices, what hides the IP addresses of computers inside a network from computers outside the network?
(A)Web security gateway
(B)Replacing all hubs with switches
(C)WAF
(D)NAT

Answer

A

Network Address Translation (NAT) translates public IP addresses to private IP addresses, and private back to public and hides addresses on the internal network.

Question 57

Q

Your organization is creating a site-to-site VPN tunnel between the main business location and a remote office. What can they use to create the tunnel?
(AWPA2-Enterprise
(B)RADIUS
(C)NAC
(D)IPsec

Answer

A

IPsec is one of many tunneling protocols the organization can use to create a VPN tunnel.

Question 58

Q

You are planning to deploy a VPN with IPsec. Users will use the VPN to access corporate resources while they are on the road. How should you use IPsec?
(A)With AH in tunnel mode
(B)With AH in transport mode
(C)With ESP in tunnel mode
(D)With ESP in transport mode

Answer

A

Encapsulating Security Payload (ESP) in tunnel mode encapsulates the entire IP packets and provides confidentiality, integrity, and authentication.

Question 59

Q

An employee connects to the corporate network using a VPN. However, the client is not able to access internal resources, but instead receives a warning indicating their system is not up-to-date with current patches. What is causing this behavior?
(A)The VPN is using IPsec
(B)The VPN is not using IPsec
(C)NAC is disabled on the network and remediation must take place before the client can access internal resources
(D)NAC is enabled on the network and remediation must take place before the client can access internal resources

Answer

A

Network access control (NAC) inspects clients for specific health conditions and can redirect access to a remediation network for unhealthy clients.

Question 60

Q

What technology can an organization use to assist with computing requirements in heavily utilized systems?
(A)ISP
(B)DLP
(C)Cloud computing
(D)Remote wipe

Answer

A

Cloud computing is very useful for heavily utilized systems and networks, and cloud providers provide the services.

Question 61

Q

Employees in your organization access web-based email using cloud-based technologies. What type of technology is this?
(A)IaaS
(B)PaaS
(C)SaaS
(D)Network-based DLP

Answer

A

Applications such as web-based email provided over the Internet are Software as a Service (SaaS) cloud-based technologies.

Question 62

Q

Of the following choices, what is the best explanation of what a PaaS provides to customers?
(A)Web-based applications provided over the Internet.
(B)A device that reduces the risk of employees emailing confidential information outside the organization
(C)Protection against VM escape attacks
(D)An easy-to-configure operating system and on-demand computing capabilities

Answer

A

Platform as a Service (PaaS) provides cloud customers with an easy-to-configure operating system and on-demand computing capabilities.

Question 63

Q

An organization is considering using virtualization in their datacenter. What benefits will this provide?
   I. Increased footprint
   II. Decreased footprint
   III. Reduction in physical equipment needing security
   IV. Elimination of VM escape attacks
(A)I and II
(B)II and III
(C)III and IV
(D)All of them

Answer

A

Virtualization can reduce the footprint of a datacenter, eliminate wasted resources, and result in less physical equipment needing physical security.

Question 64

Q

An organization wants to hide addresses it uses on its internal network. What can assist with this goal?
(A)MAC filtering
(B)NAC
(C)NAT
(D)DMZ

Answer

A

Network Address Translation (NAT) translates public IP addresses to private, private IP addresses back to public, and hides addresses on the internal network.

Answer 61

A

B. Virtual machines all run in their own separate and isolated area on the system as if they were on a separate physical machine. This greatly increases security, as any issues arising in one virtual machine will not affect another virtual system. This also allows multiple operating systems to be installed on the same physical hardware, which saves money by avoiding the need to buy multiple hardware systems.

Answer 62

A

B. The NIPS system actively tries to mitigate an incoming intrusion rather than just detect it. A network intrusion detection system actively monitors for intrusions and will alert the administrator when one is detected. A network intrusion prevention system goes a step further and tries to actively prevent the intrusion as it is occurring.

Answer 63

A

A. The demilitarized zone (DMZ) is a network that typically contains Internet servers and services that are accessible from the outside world but should be isolated from your internal network. The DMZ ensures incoming connections for these services are routed to the DMZ and never reach the internal LAN.

Answer 64

A

A. Network address translation (NAT) allows internal hosts with nonroutable Internet addresses to access the Internet using an external address. NAT also hides the IP information of the internal network from the outside world.

Answer 65

A

D. A virtual LAN (VLAN) is used to segment a network into smaller logical units to aid in security and performance. The virtual LANs are logically isolated from each other to prevent network traffic and unauthorized access.

Answer 66

A

B. You could convert your legacy application to a secure, cloud-based web resource that allows clients to remotely access the application and its data from any Internet connection. The data can be easily shared, and multiple users can collaborate on projects.

Answer 67

A

D. A web security gateway device is specifically engineered to content-filter HTTP web traffic and prevent attacks on web clients via the HTTP protocol. A network firewall, web proxy, or antispam filter would not prevent security issues specifically for HTTP applications.

Answer 68

A

A. A content filtering server can analyze network traffic and block specific file types, such as MP3 music files, from being downloaded. The end users will receive an error when they try to access blocked files.

Answer 69

A

A. Web proxy servers are used primarily for their caching capability, which boosts web browsing performance by storing content retrieved from an external web serve

Answer 70

A

C. A protocol analyzer is best suited for examining and capturing network packets and frames between the two devices. You would be able to examine the network traffic to determine the details of the unauthorized connection and use firewall rules to block it.

Answer 71

A

A. SFTP is used to encrypt FTP sessions with SSH (Secure Shell). The other methods such as FTP, TFTP, or FTP over HTTP are not secure and communicate in clear text.

Answer 72

A

D. You should enable MAC address security on your switch ports to only allow the hardware addresses of the specific clients on the development network to access those ports.

Answer 73

A

C. The access rule should be set to deny the SNMP UDP port 161 for the specified IP address.

Answer 74

A

D. In the event that a documented vulnerability is found in a network device firmware or operating system, it should be updated or a patch applied to fix the bug to prevent the device from being compromised.

Answer 75

A

C. A smurf attack uses a spoof attack combined with a DDoS attack to exploit the use of IP broadcast addressing and ICMP. By spoofing the address of the web server in an IP broadcast, the attacker causes the replies from other systems on the network to the broadcast all to be sent back to the web server, causing a denial of service.

Answer 76

A

A. Implicit deny means that anything that is not explicitly defined in an access rule is denied. This denies all access by default until you apply access rules for only the specific services required.

Answer 77

A

B. A distributed denial-of-service (DDoS) attack comes from multiple, geographically distributed hosts, making it difficult for the network administrator to block it.

Answer 78

A

A. TCP port 21 (FTP) is not required on your e-mail server, and it should be disabled to prevent hackers from connecting to the e-mail server on this port.

Answer 79

A

D. To securely administer your router remotely with a web browser, you should make sure you are using an HTTPS connection that is encrypted via SSL. Other methods send their communications in clear text.

Answer 80

A

C. The default SNMP community string is “public.” This is a basic type of password used between all systems being monitored by SNMP. This should be changed to a more secure value.

Answer 81

A

A. When using an open wireless access point and browsing personal web sites such as your e-mail and banking sites, make sure you use secure, encrypted websites via SSL, or use a VPN connection. This ensures that your session with the web server is encrypted. Any hacker on the same open network can use a packet sniffer to view unencrypted communications.

Answer 82

A

D. WPA2 is currently the strongest level of encryption security available for a wireless network. WPA2 replaces the weaker WPA and adds Robust Security Network (RSN) support that includes added protection for ad hoc networks, key caching, preroaming authentication, and CCMP, which utilizes the AES cipher to replace TKIP

Answer 83

A

C. WPA-PSK uses a preshared key passphrase that requires all devices on the wireless network to use the same passphrase to access the network. WPA-Enterprise uses an authentication server to perform key management and exchange for all wireless clients.

Answer 84

A

A. Bluesnarfing is a hacking method in which an unauthorized user can connect to unprotected Bluetooth devices and access any data stored on the device. Link-level security authenticates the actual communications link before data transmission begins. Data encryption can also be performed when the link is authenticated

Answer 85

A

D. By disabling SSID broadcast, you assure your access points will not advertise the SSID they are using for wireless clients to connect. A user would require prior knowledge of the SSID before he could access the network.

Answer 86

A

A. The IV (initialization vector) attack uses the weakness in the 24-bit generated IV that is paired with the WEP encryption key. The IV can be discovered over time on busy networks that use repeat IV values, and used to decrypt the cipher stream without knowing the WEP key.

Answer 87

A

A. A list of authorized client MAC addresses must be configured on each access point for the network. If any client tries to communicate with the access point and its MAC address isn’t in the list, it will be denied access.

Answer 88

A

B. You can use a cable and an external antenna to extend the range of your closest access point to the office with the low signal. This is an easy and inexpensive solution rather than purchasing and installing a new access point.

Answer 89

A

D. Antenna and access point placement is important to make sure that it is not close to any other electrical wires or devices (especially those that broadcast on a similar frequency) where electrical interference can cause a loss of wireless signal.

Answer 90

A

C. An initial site survey should be performed before installation of a wireless network to ensure the environment will be conducive to wireless communications. The survey can also help determine the best placement and coverage for your wireless access points.

Answer 91

A

Signature-Based
Behavior/Anomaly-Based
Heuristic-Based
Rule-Based

Answer 92

A

It works by using a predefined db of known attacks that have appeared previously. Each type can be recognized by its unique chars, and signature.
Pros- Powerful and efficient because it relys on the collective knowledge of security vendors.
Cons - Must keep db continually updated.
Unable to detect very new attacks whose signatures are not yet availble.

Answer 93

A

A baseline of normal behavior and then monitor network traffic based on these performance profiles to recognize behavioral anomalies that exceed the thresholds of the normal baseline.
Pros - More effient as time goes on (more data collected)
Easily and quickly adapt to the current environment and can detect new variants of attacks that a signature or rule-based might not.

Answer 94

A

B. Obtain a software as a service agreement with a cloud computing verndor

Answer 95

A

A. traffic is easily sniffed

Answer 96

A

B. Access control list

Answer 97

A

class A network - 10.0.0.0 - 10.255.255.255
class B network - 172.16.0.0 - 172.31.255.255
class C network - 192.168.0.0 - 192.168.255.255

Answer 98

A

It is a device that is specifically engineered to content-filter HTTP web traffic and prevent attacks on web clients via the HTTP protocol.
Used for safe web-browsing and block certain content downloading.

Answer 99

A

Servers(s) primarily used for caching capability, which boosts web browsing performance by storing content retrieved from tan external web server.

Answer 100

A

It is best suited for examining and capturing network packets and frames between the firewall and the email server.

Answer 101

A

TCP/IP
ICMP
HTTP/HTTPS
Telnet
SSH
FTP
TFTP
FTPS/SFTP
SCP
DNS
SNMP
IPsec
NetBIOS

Answer 102

A

TCP
UDP
HTTP
FTP
Packet sniffing and Spoofing because they don't use authentication functions.

Answer 103

A

They are used for the IP or address of a computer.
IPv4 -
IPv6 -

Answer 104

A

Application - Data
Presentation - Data
Session - Data
Transport - Segments
Network - packets
Data Link - frames
Physical - Bits

Answer 105

A

7th layer: It provides services needed by software applications to help users interact with the network.

Protocols:
HTTP,FTP, SMTP, DHCP, NFS, Telnet, SNMP, POP3, NNTP and IRC

Answer 106

A

6th layer: is responsible for data presentation, ensuring that the data sent from the application layer can be read by the corresponding application layer on the receiving end.
It defines protocols that provide coding and data conversion function - transition, (de)compression, encryption and decryption. These are applied to the application level data to make it transparent to the layers around it.

Protocols:
SSL

Answer 107

A

5th layer: Required for inter-host communication. Establish, maintain and terminate communication sessions between the software application on different networks. Attaches header information to data packets and coordination data transfer for providing dialog control between devices and determine if data is to be sent as simplex, half-duplex or full-duplex messages.
Protocols:
PPTP

Answer 108

A

4th layer: Provides the services required for end-to-end connectivity and ensuring that data is delivered error-free and in the proper sequence.
Provides process-level addressing, multiplexing and e-multiplexing, and segmentation, packaging and reassembly of data. Includes protocols for establishing , managing, and termination of connections for acknowledgement and retransmission of lost data, flow control, error checking and recovery.
Protocols:
TCP, UDP

Answer 109

A

3rd layer: Enable multiple individual networks to be combined into an internetwork.. Handles logical addressing. It provides path determination- routing messages using the best path available and is responsible for creating virtual circuits between network devices. Performs datagram and encapsulation, packet fragmentation and reassembly, and error handling and diagnostics.
Protocol:
IP

Answer 110

A

2nd Layer: Provides services for the various protocols at the network layer. Divided into 2 sub layers: logical link control (LLC) and media access control (MAC).
LLC - takes the packets from the network layer and breaks them into frames using synchronization flow control and error checking functions.
MAC - provides control for accessing the transmission medium at the physical layer. It converts the data into binary digits and prepares them for the physical layer.

Answer 111

A

1st layer: defines the networks hardware specs and physical topology. Defines the encoding and signaling functions required to transmit data across the transmission medium and physically transmits and receives data.

Answer 112

A

Application - mail, file transfer, login applications
Transport (Host-to-Host) TCP or UDP
Internet - package, route, transmit via IP
Network Access (Link) physical data delivery
Uses TCP/IP protocols (TCP/IP Model)

Answer 113

A

A set of network protocols that specifies how computers communicate, and provides a set of conversions for interconnection networks and routing traffic. Fucntions independent of the underlying network tech. Includes and integrated addressing system (IP). Operates at OSI layers Application, Transport, Internet and Network Interface.
2 Main Transport Protocols:
TCP - connection-oriented delivery
UDP- connectionless delivery. No error checking

Answer 114

A

Is used to transmit control messages between systems. Used for diagnostics (ping)

Answer 115

A

Internet Layer

Answer 116

A

Control Message Protocol - used to send management messages between systems.

Answer 117

A

port 53 (TCP or UDP)

Answer 118

A

Name Service - 137
Datagram Service - 138
Session Service - 139

Answer 119

A

Name Service - TCP/UDP 137 usually UDP
Datagram Service used to send small msgs - UDP 138
Session Service allow 2 computers communicate lrg msgs via a connection with error detection and recovery - TCP 139

Answer 120

A

TCP Transmission Control Protocol

UDP User Datagram Protocol

Answer 121

A

Telnet allows a user to remotely connect to a host server and login. Telnet does not encrypt data.

Answer 122

A

User Datagram Protocol is a TCP/IP protocol.
Simple and fast connectionless and best used when speed is required to broad cast data or multicast. Message is not guaranteed to arrive with no error checking.

Answer 123

A

UPD
TCP can not broadcast or multicast since it enables communication between a specific sender and receiver. It is for unicast communication.

Answer 124

A

TCP - unicast

UDP - broadcast or multicast

Answer 125

A

TCP - establishes and manages a connection between the source and destination devices. It sequences messages, retransmits messages lost in transmit and implements data flow and congestion control.

Answer 126

A

Ephemeral ports are assigned only temporarily to client processes. Port numbers range from 1024 - 65535, and can be used by user-developed programs on most systems. The IP/port combination must be unique for data to be transported.

Answer 127

A

Provides a secure channel for data exchange on port 22. Provides encryption and authentication. It ensures that the entire flow of information between the machine and other devices (router/firewall) are encrypted.

Answer 128

A

SMTP on port 25 (Send email)
POP3 on port 110 (retrieve email, can be used with SMTP)
IMAP on port 143 (retrieve email)

Answer 129

A

It is used on LANs to enable software on individual computers to communicate.

Answer 130

A

BOOTP used via DHCP to determine its IP. Allows a file to be loaded into memory so a machine can be boot without a disk drive. UPD 67
TFTP is a basic file transfer for small data transfers, boot computers, x-terminals and diskless workstations. UPD 69
NTP used to synch clock times on computers. UPD 123
SNMP (Simple Network Mng Protocol) enables network devices to exchange mng information. UPD 161

Answer 131

A

Limited via a checksum with no recovery.

Answer 132

A

Port Scanner

Answer 133

A

To capture, analyze and transmit data packets

When performing traffic analysis to detect patterns

Answer 134

A

CNAC
TNC
NAP

Answer 135

A

A specific TCP packet is sent to a particular device on a network, usually a router. The packet has the flags turned on for the URG,PUSH and FIN. These flags being turned on looks like a Christmas Tree.

Answer 136

A

B, C,D
Intrusion detection systems are designed to analyze data, identify attacks, and respond to the intrusion. Answer A is incorrect because preventing attacks is associated with an intrusion prevention system.

Answer 137

A

B
IDSs are different from firewalls in that firewalls control the information that gets in and out of the network, whereas IDSs can identify unauthorized activity.
IDSs are also designed to catch attacks in progress within the network, not just on the boundary between private and public networks. Intrusion prevention differs from intrusion
detection in that it actually prevents attacks instead of only detecting the occurrence of an attack.

Answer 138

A

D

A HIDS collects and analyzes data that originates on the local machine.

Answer 139

A

A
A NIDS tries to locate packets not allowed on the network that the firewall
missed and looks at the information exchanged between machines.

Answer 140

A

B
Intrusion prevention differs from intrusion detection in that it actually prevents
attacks in real-time instead of only detecting the occurrence.

Answer 141

A

D
Network Load Balancers are servers configured in a cluster to provide scalability and high availability. Load Balancing distributes IP traffic to multiple copies of a TCP/IP service, such as a web server, each running on a host within the cluster.

Answer 142

A

B,C
When implementing a NIPS, keep in mind that the sensors must be physically inline to function properly. This adds single points of failure to the network.

Answer 143

A

D
When implementing a NIPS, keep in mind that the sensors must be physically
inline to function properly. This adds single points of failure to the network. A good way to prevent this issue is to use fail-open technology. This means that if the
device fails, it does not cause a complete network outage; instead, it acts like a patch cable.

Answer 144

A

C
A firewall is a component placed on computers and networks to help eliminate undesired access by the outside world. It can be composed of hardware, software, or a combination of both.

Answer 145

A

An application-level gateway understands services and protocols. All traffic is examined to check for OSI application layer (Layer 7) protocols that are allowed. Examples of this type of traffic are File Transfer Protocol
(FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP). Because the filtering is application-specific, it adds over-head to the transmissions but is more secure than packet filtering.

Answer 146

A

Network-based intrusion-detection systems monitor the packet flow and try to locate packets that are not allowed for one reason or another and might have gotten through the firewall.
Host-based intrusion-detection systems monitor communications on a host-by-host basis and try to filter malicious data. These types of IDSs are good at detecting unauthorized file modifications and user activity

Answer 147

A

Proxy servers can be placed between the private network and the Internet for Internet connectivity or internally for web content caching. If the organization is using the proxy server for both Internet connectivity and web content caching, the proxy server should be placed between the internal network and the Internet, with access for users who are requesting the web content. In some proxy server designs, the proxy server is placed in
parallel with IP routers. This allows for network load balancing by forwarding of all HTTP and FTP traffic through the proxy server and all other IP traffic through the router.

Answer 148

A

A firewall is a component placed on computers and networks to help eliminate undesired access by the outside world. It can be composed of hardware, soft-
ware, or a combination of both. A firewall is the first line of defense for the network. The primary function of a firewall is to mitigate threats by monitoring all traffic entering or leaving a network.

Answer 149

A

A
A VPN concentrator is used to allow multiple users to access network resources using secure features that are built in to the device and are deployed where the requirement is for a single device to handle a very large number of VPN tunnels.

Answer 150

A

B
A packet-filtering firewall is typically a router. Packets can be filtered based on IP addresses, ports, or protocols. They operate at the network layer (Layer 3) of
the OSI model. Packet-filtering solutions are generally considered less-secure firewalls because they still allow packets inside the network, regardless of communication pattern within the session.

Answer 151

A

A
A stateful-inspection firewall is a combination of all types of firewalls. This firewall relies on algorithms to process application layer data.

Answer 152

A

C
circuit-level gateway operates at the OSI session layer (Layer 5) by monitoring the TCP packet flow to determine whether the session requested is a legitimate one.

Answer 153

A

D
With an application-level gateway, all traffic is examined to check for OSI application layer (Layer 7) protocols that are allowed. Examples of this type of traffic are File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP).

Answer 154

A

A,B,D
Proxy servers are used for security, logging, and caching. When the proxy server receives a request for an Internet service, it passes through filtering
requirements and checks its local cache of previously downloaded web pages.

Answer 155

A

A,B
An exposed server that provides public access to a critical service, such as a web or email server, may be configured to isolate it from an organization’s network
and to report attack attempts to the network administrator. Such an isolated server is referred to as a bastion host, named for the isolated towers that were used to provide castles advanced notice of pending assault.

Answer 156

A

B
When a proxy server receives a request for an Internet service, it passes through filtering requirements and checks its local cache of previously downloaded
web pages. Because web pages are stored locally, response times for web pages are faster, and traffic to the Internet is substantially reduced.

Answer 157

A

D
A packet-filtering firewall filters packets based on IP addresses, ports, or protocols and is a simple, good first line of defense.

Answer 158

A

A
Internet content filters use a collection of terms, words, and phrases that are compared to content from browsers and applications. This type of software can filter content from various types of Internet activity and applications, such as instant messaging, email, and office documents. It can be used to monitor and stop the disclosure of the organization’s proprietary or confidential information.

Answer 159

A

C
Protocol analyzers help you troubleshoot network issues by gathering packet-level information across the network. These applications capture packets and decode the information into readable data for analysis.

Answer 160

A

A
Internet content filters use a collection of terms, words, and phrases that are compared to content from browsers and applications. Because content filtering
uses screen captures of each violation with time-stamped data, it provides proper documentation
for forensic investigations and litigation purposes.

Answer 161

A

D
Content filtering is integrated at the operating system level so that it can monitor events such as opening files via Windows Explorer. It can be used to monitor
and stop the disclosure of the organization’s proprietary or confidential information.

Answer 162

A

C
Unlike antivirus and antispyware applications, content monitoring does not require daily updates to keep the database effective and current. On the downside,
content filtering needs to be “trained.” For example, to filter non-pornographic material, the terminology must be input and defined in the database.

Answer 163

A

A,B
Protocol analyzers can do more than just look at packets. They prove useful in many other areas of network management, such as monitoring the network
for unexpected, unwanted, and unnecessary traffic. For example, if the network is running slowly, a protocol analyzer can tell you whether necessary protocols are running on the network.

Answer 164

A

B
Content filtering will report only on violations identified in the specified applications listed for the filtering application. In other words, if the application will filter only Microsoft Office documents and a user chooses to use open Office, the content will not be filtered.

Answer 165

A

B
Like most other solutions, firewalls have strengths and weaknesses. By design, firewalls close off systems to scanning and entry by blocking ports or nontrusted services and applications. However, they require proper configuration.

Answer 166

A

A,B
A host intrusion detection system uses either misuse detection or anomaly detection. A HIDS monitors events for suspicious activity. This can be
done by using either misuse detection or anomaly detection. In misuse detection, a database of signatures is used, and the information monitored is compared to the database. This is similar to the way antivirus software works

Answer 167

A

D
Monitoring outbound connections is important in the case of malware that “phones home.” Without this type of protection, the environment is not properly protected.

Answer 168

A

A,B
HIDSs monitor communications on a host-by-host basis and try to filter malicious data. These types of IDSs are good at detecting unauthorized file modifications
and user activity. NIDSs monitor the packet flow and try to locate packets that may have gotten through misconfigured firewalls and are not allowed for one reason or another. They are best at detecting DoS attacks and unauthorized user access.

Answer 169

A

D
NIDSs try to locate packets not allowed on the network. HIDSs collect and analyze data that originate on the local machine or a computer hosting a service. NIDSs tend to be more distributed.

Answer 170

A

A, C

Port 110 is used for POP3 incoming mail and port 25 is used for SMTP mail.

Answer 171

A

A, B.

UDP ports 161 and 162 are used by SNMP

Answer 172

A

B.
A demilitarized zone (DMZ) is a small network between the internal network and the Internet that provides a layer of security and privacy.

Answer 173

A

D.
The purpose of a virtual local-area network (VLAN) is to unite network
nodes logically into the same broadcast domain regardless of their physical attachment to the network. VLANs provide a way to limit broadcast traffic in a switched network.

Answer 174

A

A.
NAT allows multiple computers to connect to the Internet using one IP
address.

Answer 175

A

C.
Subnetting splits one network into two or more, using routers to connect each subnet. Answer A is incorrect. NAT allows multiple computers to connect to the
Internet using one IP address.

Answer 176

A

B.
Network Address Translation (NAT) acts as a liaison between an internal network and the Internet. It allows multiple computers to connect to the Internet using
one IP address. An important security aspect of NAT is that it hides the internal network from the outside world.

Answer 177

A

D.
Subnetting can be done for several reasons. If you have a Class C address and 1,000 clients, you will have to subnet the network or use a custom subnet mask
to accommodate all the hosts. The most common reason networks are subnetted is to control network traffic by limiting broadcast domains, which limits broadcast storms.

Answer 178

A

C.
There are specific reserved private IP addresses for use on an internal network. In a Class C network, valid nonroutable host IDs are from 192.168.0.1 to
192.168.255.254. Network addresses with the first byte between 192 and 223 are Class C and can have about 250 hosts. Answer A is incorrect because it is a Class A
address. Valid host IDs are from 10.0.0.1 to 10.255.255.254. Network addresses with the first byte between 1 and 126 are Class A and can have about 17 million hosts each.

Answer 179

A

A. 
Another address range to keep in mind when designing IP address space is Automatic Private IP Addressing (APIPA). In the event that no Dynamic Host
Configuration Protocol (DHCP) server is available at the time that the client issues a DHCP lease request, the client is automatically configured with an address from the169.254.0.1 through 169.254.255.254 range.

Answer 180

A

B.
In the event that no Dynamic Host Configuration Protocol (DHCP) server is available at the time the client issues a DHCP lease request, the client is automatically configured with an address from the 169.254.0.1 through 169.254.255.254 range.

Answer 181

A

D.
One of the most effective ways to protect the network from malicious hosts is to use network access control (NAC). NAC offers a method of enforcement
that helps ensure that computers are properly configured. The premise behind NAC is to secure the environment by examining the user’s machine and, based on the results,
grant access accordingly.

Answer 182

A

A, B, C.
In a Class A network, valid nonroutable host IDs are from 10.0.0.1 to 10.255.255.254. In a Class B network, valid nonroutable host IDs are from 172.16.0.1
through 172.31.255.254. In a Class C network, valid nonroutable host IDs are from 192.168.0.1 to 192.168.255.254.

Answer 183

A

A, C, D.
The basic components of NAC products are the Access requestor (AR), which is the device that requests access; the policy decision point (PDP), which
is the system that assigns a policy based on the assessment; and the policy enforcement point (PEP), which is the device that enforces the policy.

Answer 184

A

B, C, D.

The policy enforcement point is the device that enforces the policy. This device may be a switch, firewall, or router.

Answer 185

A

B.
The four ways NAC systems can be integrated into the network are inline, out-of-band, switch based, and host based. An out-of-band intervenes and performs an assessment as hosts come online, and then grants appropriate access.

Answer 186

A

A, C, D.
In addition to providing the capability to enforce security policy, contain noncompliant users, and mitigate threats, NAC offers a number of business benefits. The business benefits include compliance, a better security posture, and operational cost management.

Answer 187

A

A, B.
To protect your network, make sure the PBX is in a secure area, any default passwords have been changed, and only authorized maintenance is done.
Many times, hackers can gain access to the phone system via social engineering because this device is usually serviced through a remote maintenance port.

Answer 188

A

D.
Many times, hackers can gain access to the phone system via social engineering because this device is usually serviced through a remote maintenance port. To
protect your network, make sure the Private Branch Exchange (PBX) is in a secure area, any default passwords have been changed, and only authorized maintenance is done

Answer 189

A

A, B, C.
Man-in-the-middle attacks are executed between the SIP phone and a SIP proxy, allowing the audio to be manipulated, causing dropped, rerouted, or playback
calls. VoIP PBX servers are susceptible to the same type of exploits as other network servers. These attacks include DoS and buffer overflows, with DoS being the
most prevalent.

Answer 190

A

C. Session Initiation Protocol (SIP) is commonly used in instant messaging, but it can also be used as an alternative for VoIP. Using SIP can leave VoIP networks
open to unauthorized transport of data.

Answer 191

A

A.
For years, PBX-type systems have been targeted by hackers, mainly to get free long-distance service. The vulnerabilities that phone networks are subject to
include social engineering, long-distance toll fraud, and breach of data privacy.

Answer 192

A

B.
Leaving modems open for incoming calls with little to no authentication for users dialing in can be a clear security vulnerability in the network. For example,
war-dialing attacks take advantage of this situation. War-dialing is the process by which an automated software application is used to dial numbers in a given range to
determine whether any of the numbers are serviced by modems that accept dial-in requests. Answer

Answer 193

A

A, C. Implementing the following solutions can help mitigate the risks and vulnerabilities associated with VoIP: encryption, authentication, data validation, and
nonrepudiation. VoIP is basically based on a TCP/IP network; therefore, technologies that are used to secure IP networks can be used for VoIP, too.

Answer 194

A

B, D
Setting the callback features to have the modem call the user back at a preset number and using encryption and firewall solutions will help keep the environment
safe from attacks.

Answer 195

A

A.

The loop guard feature makes additional checks in Layer 2 switched networks.

Answer 196

A

B.

A flood guard is a firewall feature to control network activity associated with denial of service attacks (DoS).

Answer 197

A

D.
Port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of
source MAC addresses coming in through the port.

Answer 198

A

C.
With interconnected networks, the potential for damage greatly increases because one compromised system on one network can easily spread to other networks.
Networks that are shared by partners, vendors, or departments should have clear separation boundaries.

Answer 199

A

D.
VLANs provide a way to limit broadcast traffic in a switched network. This creates a boundary and, in essence, creates multiple, isolated LANs on one switch.
VLANs are a logical separation of a physical network.

Answer 200

A

B.

Logging is the process of collecting data to be used for monitoring and auditing purposes

Answer 201

A

A.
Logging procedures and evaluation are an important part of keeping your network safe. However, before you can configure logging, it is essential to identify what is typical behavior for your network

Answer 202

A

B.
When choosing what to log, be sure you choose carefully. Logs take up disk space and use system resources. They also have to be read, and if you log too
much, will bog down the system; it will take a long time to weed through the log files to determine what is important

Answer 203

A

C, D.
Standards should be implemented for the types of events you want to log based on business, technical, and regulatory requirements, and the threats the
organization faces.

Answer 204

A

A.

Not only do you need to read the logs, you may also have to know how to correlate events examining output

Answer 205

A

B, C.
The main objective for the placement of firewalls is to allow only traffic that the organization deems necessary and provide notification of suspicious behavior.

Answer 206

A

C.
Most organizations deploy, at a minimum, two firewalls. The first firewall is placed in front of the DMZ to allow requests destined for servers in the DMZ or to
route requests to an authentication proxy. The second firewall is placed to allow outbound requests. All initial necessary connections are located on the DMZ machines.
For example, a RADIUS server may be running in the DMZ for improved performance and enhanced security, even though its database resides inside the company intranet.

Answer 207

A

A.
A packet-filtering firewall is typically a router. Packets can be filtered based on IP addresses, ports, or protocols. They operate at the network layer (Layer 3) of
the Open Systems Interconnection (OSI) model. Packet-filtering solutions are generally considered less secure firewalls because they still allow packets inside the network, regardless of communication patterns within the session

Answer 208

A

D.
Proxy service firewalls are go-betweens for the network and the Internet. They can be used to hide the internal addresses from the outside world through NAT.
This does not allow the computers on the network to directly access the Internet.

Answer 209

A

B.
Proxy service firewalls are go-betweens for the network and the Internet. They hide the internal addresses from the outside world and don’t allow the computers
on the network to directly access the Internet. This type of firewall has a set of rules that the packets must pass to get in or out. Because the firewall check traffic
against a set of rules, setting, policies, and guidelines are incorrect.

Answer 210

A

C.
The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network.

Answer 211

A

D. 
A DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer A is incorrect because a virtual
private network (VPN) is a network connection that allows you access via a secure tunnel created through an Internet connection

Answer 212

A

C, D.
Because you want to monitor both types of traffic, the IDSs should be used together. Network-based intrusion detection systems monitor the packet flow and
try to locate packets that are not allowed for one reason or another and may have gotten through the firewall. Host-based intrusion detection systems monitor communications on a host-by-host basis and try to filter malicious data. These types of IDSs are good at detecting unauthorized file modifications and user activity. A firewall protects computers and networks from undesired access by the outside world

Answer 213

A

B.
Proxy servers can be placed between the private network and the Internet for Internet connectivity. If the organization is using the proxy server for both Internet
connectivity and web content caching, the proxy server should be placed between the internal network and the Internet, with access for users who are requesting the web content.

Answer 214

A

A.

Proxy servers are usually placed internally for web content caching.

Answer 215

A

B.
Proxy servers can be placed between the private network and the Internet for Internet connectivity. If the organization is using the proxy server for both Internet
connectivity and web content caching, the proxy server should be placed between the internal network and the Internet, with access for users who are requesting the web
content.

Answer 216

A

D.
In some proxy server designs, such as for a large organization, the proxy server is placed in parallel with IP routers. This design allows for network load balancing
by forwarding of all HTTP and FTP traffic through the proxy server and all other IP traffic through the router.

Answer 217

A

A.
Internet content filtering works by analyzing data against a database contained in the software. Content filtering reports only on violations identified in the
specified applications listed for the filtering application. In other words, if the application will only filter Microsoft Office documents and a user chooses to use Open Office,
the content will not be filtered

Answer 218

A

A, C, D.
Network Internet content filters can be hardware or software. Many network solutions combine both. Hardware appliances are usually connected to the
same network segment as the users they will monitor. Other configurations include being deployed behind a firewall or in a DMZ, with public addresses behind a packet filtering router. These appliances use access control filtering software on the dedicated filtering appliance. The device monitors every packet of traffic that passes over a network.

Answer 219

A

C.
In some proxy server designs, the proxy server is placed in parallel with IP routers. This design allows for network load balancing by forwarding of all HTTP and
FTP traffic through the proxy server and all other IP traffic through the router.

Answer 220

A

A, D.
Protocol analyzers can be placed inline or in between the devices from which you want to capture the traffic. If you are analyzing SAN traffic, the analyzer can
be placed outside the direct link with the use of an optical splitter. The analyzer is placed to capture traffic between the host and the monitored device

Answer 221

A

C.
A packet-filtering firewall is best suited for simple networks or used to protect a network that is used mainly for Internet access. The placement of a packet filtering firewall is between the Internet and the protected network. It filters all traffic entering or leaving the network.

Answer 222

A

B.
When deploying multiple firewalls, you might experience network latency. If you do, check the placement of the firewalls and possibly reconsider the topology to be sure you get the most out of the firewalls

Answer 223

A

A.
Proxy service firewalls allow organizations to offer services securely to Internet users. All servers hosting public services are placed in the demilitarized zone
(DMZ) with the proxy firewall between the DMZ and the internal network

Answer 224

A

D.
A stateful-inspection firewall is suited for main perimeter security. Stateful-inspection firewalls can thwart port scanning by closing off ports until a connection to the specific port is requested.

Answer 225

A

D.
If attackers can compromise the virtual machines, they will likely have control of the entire machine. Most virtual machines run with very high privileges on
the host because a virtual machine needs access to the host’s hardware so that it can map the physical hardware into virtualized hardware.

Answer 226

A

A.
Segmenting virtual machines by the information they handle will keep highly sensitive data from being on the same physical hardware as virtual machines
used for testing or lower security applications. The organization should have a policy in place that states that high-security virtual machines containing vital information never share the same hardware as virtual machines for testing.

Answer 227

A

B, C.
Virtual environments can be used to improve security by allowing unstable applications to be used in an isolated environment and providing better disaster
recovery solutions. Virtual environments are used for cost-cutting measures, too. One well-equipped server can host several virtual servers. This reduces the need for power and equipment. Forensic analysts often use virtual environments to examine environments that may contain malware or as a method of viewing the environment the same way the criminal did.

Answer 228

A

B.
The hypervisor controls how access to a computer’s processors and memory is shared. A hypervisor or virtual machine monitor (VMM) is a virtualization platform that provides more than one operating system to run on a host computer at the
same time.

Answer 229

A

A, D.
Forensic analysts often use virtual environments to examine environments that may contain malware or as a method of viewing the environment the same
way the criminal did.

Answer 230

A

B.
Virtualized environments, if compromised, can provide access to not only the network, but also any virtualization infrastructure. This puts a lot of data at risk.
Security policy should address virtual environments

Answer 231

A

A, C.
Vulnerabilities also come into play in virtual environments. For example,a few years ago, VMware’s NAT service had a buffer-overflow vulnerability that allowed remote attackers to execute malicious code by exploiting the virtual machine itself.Virtual machine environments need to be patched just like host environments and are susceptible to the same issues as a host operating system. You should be cognizant of
share files among guest and host operating systems

Answer 232

A

C.
Security policy should address virtual environment vulnerabilities. Any technology software without a defined business need should not be allowed on systems. This applies to all systems, including virtual environments

Answer 233

A

C, D.
Hardware vendors are rapidly embracing virtualization and developing new features to simplify virtualization techniques. Virtual environments can be used to
improve security by allowing unstable applications to be used in an isolated environment and providing better disaster recovery solutions

Answer 234

A

C.
With more emphasis being placed on going green and power becoming more expensive, virtualization offers cost benefits by decreasing the number of physical
machines required within an environment; however, the security of the VMs must be considered. Segmenting virtual machines by the information they handle will keep
highly sensitive data from being on the same physical hardware as virtual machines used for testing or lower security applications. The organization should have a policy in place that states that high-security virtual machines containing vital information never share the same hardware as virtual machines for testing.

Answer 235

A

A, B, C, D.

Virtual environments are available to run on just about everything from servers and routers to USB thumb drives.

Answer 236

A

D.
A hypervisor or virtual machine monitor (VMM) is a virtualization platform that provides more than one operating system to run on a host computer at the same
time.

Answer 237

A

B.
The security concerns of virtual environments begin with the guest operating system. If a virtual machine is compromised, an intruder can gain control of all the
guest operating systems. In addition, because hardware is shared, most virtual machines run with very high privileges. This can allow an intruder who compromises a virtual machine to compromise the host machine, too

Answer 238

A

C.
The security concerns of virtual environments begin with the guest operating system. If a virtual machine is compromised, an intruder can gain control of all the
guest operating systems. In addition, because hardware is shared, most virtual machines run with very high privileges. This can allow an intruder who compromises a virtual machine to compromise the host machine, too

Answer 239

A

D.
To secure a virtualized environment, machines should be segmented by the sensitivity of the information they contain. A policy should be in place that specifies
that hardware is not shared for test environments and sensitive data.

Answer 240

A

C.
Platform-as-a-Service (PaaS) is the delivery of a computing platform, often an operating system with associated services, that is delivered over the Internet
without downloads or installation.

Answer 241

A

A.
Software-as-a-Service (SaaS) is the delivery of a licensed application to customers over the Internet for use as a service on demand. Answer B is incorrect
because Infrastructure-as-a-Service (IaaS) is the delivery of computer infrastructure in a hosted service model over the Internet.

Answer 242

A

B.
Infrastructure-as-a-Service (IaaS) is the delivery of computer infrastructure in a hosted service model over the Internet. This method of cloud computing
allows the client to literally outsource everything that would normally be in a typical IT department

Answer 243

A

B.
Infrastructure-as-a-Service (IaaS) is the delivery of computer infrastructure in a hosted service model over the Internet. This method of cloud computing
allows the client to literally outsource everything that would normally be in a typical IT department.

Answer 244

A

A, B
Both essentially serve the same purpose
with TLS being the successor to SSL.

Answer 245

A

D.
Layer 2 Tunneling Protocol (L2TP) is an encapsulated tunneling protocol often used to support the creation of virtual private networks (VPNs).

Answer 246

A

B.
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks.

Answer 247

A

B.
Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating
a virtual private network (VPN) across TCP/IP-based data networks.

Answer 248

A

A.
 Secure Shell (SSH) utilizes the asymmetric (public key) Rivest, Shamir,Adleman (RSA) cryptography method to provide both connection and authentication.

Answer 249

A

A, B, C.
Data encryption with SSH is accomplished using one of the following algorithms: International Data Encryption Algorithm (IDEA), Blowfish, or Data Encryption Standard (DES).

Answer 250

A

A, D.
Secure Shell (SSH) provides an authenticated and encrypted data stream, as opposed to the cleartext communications of a Telnet session. The SSH
suite encapsulates three secure utilities: slogin, ssh, and scp.

Answer 251

A

C.
IPsec provides authentication services, as well as encapsulation of data through support of the Internet Key Exchange (IKE) protocol

Answer 252

A

D. 
Authentication Header (AH) provides connectionless integrity and data origin authentication for IP packets

Answer 253

A

B.
If IPsec is configured to do authentication header only (AH), you must permit protocol 51 traffic to pass through the stateful firewall or packet filter.

Answer 254

A

C.
Encapsulating Security Payload (ESP) provides encryption and limited traffic flow confidentiality, or connectionless integrity, data origin authentication, and
an anti-replay service. In an IP header, ESP can be identified as IP protocol number 50

Answer 255

A

B.
If IPsec uses nested Authentication Header (AH) and Encapsulating Security Payload (ESP), IP can be configured to let only protocol 51 (AH) traffic pass
through the stateful firewall or packet filter.

Answer 256

A

A.
S/MIME utilizes the Rivest, Shamir, Adleman (RSA) asymmetric encryption scheme to encrypt electronic mail transmissions over public networks

Answer 257

A

C.
An alternative to HTTPS is the Secure Hypertext Transport Protocol (SHTTP),which was developed to support connectivity for banking transactions and
other secure web communications

Answer 258

A

D.
S/MIME utilizes the Rivest, Shamir, Adleman (RSA) asymmetric encryption scheme to encrypt electronic mail transmissions and provides email privacy using
encryption and authentication via digital signatures s.

Answer 259

A

B.
PGP/MIME derives from the Pretty Good Privacy application and is an alternative to S/MIME. Basically, it encrypts and decrypts email messages using asymmetric
encryptions schemes such as RSA.

Answer 260

A

D.
Transport Layer Security (TLS) consist of two additional protocols: the TLS record protocol and the TLS handshake protocol. The handshake protocol allows
the client and server to authenticate to one another and the record protocol provides connection security

Answer 261

A

A.
Transport Layer Security (TLS) consist of two additional protocols: the TLS record protocol and the TLS handshake protocol. The handshake protocol allows
the client and server to authenticate to one another and the record protocol provides connection security

Answer 262

A

C.

Hypertext Transfer Protocol Secure (HTTPS) traffic typically occurs over port 443.

Answer 263

A

D. 
Secure Shell (SSH) provides an authenticated and encrypted data stream, as opposed to the cleartext communications of a Telnet session

Answer 264

A

D.
An alternative to HTTPS is the Secure Hypertext Transport Protocol (S-HTTP), which was developed to support connectivity for banking transactions and other secure web communications

Answer 265

A

A.
SFTP, or secure FTP, is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and
sensitive information from being transmitted in the clear over the network

Answer 266

A

B.
The Secure Copy Protocol (SCP) is a network protocol that supports file transfers. SCP is a combination of RCP and SSH. It uses the BSD RCP protocol tunneled
through the Secure Shell (SSH) protocol to provide encryption and authentication.

Answer 267

A

B.

Traceroute uses an ICMP echo request packet to find the path between two addresses.

Answer 268

A

D

A connection using the HTTP protocol over SSL (HTTPS) will be made using the RC4 cipher and will be made using port 443

Answer 269

A

C
When a client attempts to make an 802.1x-compliant connection, the client attempts to contact a wireless access point (AP). The AP authenticates the client
through a basic challenge-response method, and then provides connectivity to a wired network or serves as a bridge to a secondary wireless AP.

Answer 270

A

D
An IPv6 address uses 128-bit IP addresses and includes eight groups of four hexadecimal characters. Double colons indicate no compression so the zeros must be shown

Answer 271

A

Mac Flooding
ARP poisoning
Spanning Tree attacks

Answer 272

A

Involves sending a switch lots of Ethernet frames with different source MAC addresses. The switch caches the MAC addresses against the port they arrive on. If too many are sent the cache is overloaded. This forces the switch to broadcast to all the ports, thus acting like a hub. This allows hackers to sniff out ALL the ports using dsniff or ettercap.

Answer 273

A

The attacker enters false MAC-IP address mapping into the switch’s Address Resolution Protocol table. This false mapping sets up the attacker as the subnets default gateway and all traffic is sent to him. This allows them to receive and send data masquerading as an authorized user.

Answer 274

A

A form of DoS attacks that target the Spanning Tree Protocol (STP). The STP prevents looped broadcast traffic between switches. The attack mimics the root bridge and the traffic storms may crash the network.

Answer 275

A

configure port security - restrict the number of MAC address and configure authentication at the port level.
disable unused ports - place unused ports in a vLAN that is not allowed to connect to the network.
keep the switch updated - firmware updates
mitigate spanning tree attacks - enable features to prevent attacks, such as Loop Guard, Root Guard and portfast. Use IEEE 802.iD protocol
Secure the management console - use ACL to restrict hoses.

Answer 276

A

Switches divide a network into different collision domains.

Routers divide networks into subnets.They connect switches to one another and to the internet.

Answer 277

A

Layer 3 - network layer.
They provide complex signaling and packet translations and allow for some security filtering such the blocking of specific ports, broadcast traffic, and traffic without a correct network address.

Answer 278

A

Layer 2 - Data link
Used to divide a network into separate segments (logically-VLAN or physically). Each port is a separate collision domain.

Answer 279

A

It checks the destination of the received traffic against the media access control or MAC address table residing in the switch. It then forwards the traffic to the specific port for that address.

Answer 280

A

A hub broadcasts the message to ALL ports while a switch uses the MAC address table to determine which port to send the message(P2P).

Answer 281

A

Physical - Use separate switches with it own routers that do not connect.
Logical (VLAN) on switches using routers.

Answer 282

A

Spanning Tree Protocol (STP).

Answer 283

A

802.1D and the most common protocol that is based on this is STP

Answer 284

A

monitor active paths between source and destination networks and select the best routes for information in response to traffic loads and line speeds.

Answer 285

A

Open Shortest Path First (OSPF)
Routing Information Protocol (RIP)
Border Gateway Protocol (BGP)

Answer 286

A

SSH
HTTPS
SCP

Answer 287

A

By using ACL traffic is allow/disallowed based on IP and port number, source and destination.

Answer 288

A

0.0.1 - 10.255.255.254
16.0.1 - 172.31.255.254
168.0.1 - 192.168.255.254

Answer 289

A

When 2 computers are on the same VLAN but are on different physical switches (different buildings). They can still talk to each other without having to be routed.

Answer 290

A

The request is sent out the switch to the trunking router to check the ACL. If it passes then it goes back to the switch to the destination port.

Answer 291

A

On border devices:

Firewalls and proxy servers

Answer 292

A

maps multiple private IPs to a single public IP using different ports

Answer 293

A

Uses a pool of public IPs and binds a private IP to one of the IPs in the public pool. The address translation is held until the connection ends. This is limited to the number of public IPs in the pool.

Answer 294

A

Also known as Destination NAT. It is when inbound traffic is requesting a resource by its public IP and port which is translated to the private IP. Ex a user requesting a web page requests the public IP for the web server and the NAT will translate it to the internal private IP for the web server.

Answer 295

A

maps a public IP on inbound traffic to an internal IP (Destination NAT)
maps multiple internal IP to a single public IP via port mapping (Source NAT)
maps internal IP addresses to a public address for internal requests made by internal users (Source NAT)

Brainscape's Knowledge GenomeTM

Network Security Flashcards

Brainscape's Knowledge Genome^TM