Network Security Foundations Flashcards by Derek Manuel

Is this TCP/IP or OSI?

Application Layer: This layer is responsible for the communication protocols between nodes. The protocols in this layer include hypertext transfer protocol (HTTP and HTTPS), Secure Shell (SSH), and network time protocol (NTP), among many others.
Transport Layer: This layer is responsible for the end-to-end transport of data. The protocols that live in this layer are transmission control protocol (TCP) and user datagram protocol (UDP).
Network Layer: This layer defines the logical transmission protocols for the whole network. The main protocols that live in this layer are internet protocol (IP), internet control message protocol (ICMP), and address resolution protocol (ARP).
Network Interface Layer: This layer establishes how data should be physically sent through the network.

TCP/IP

How well did you know this?

Not at all

Perfectly

Application Layer.

Transport Layer.

Network Layer.

Network Interface Layer.

Which is this, OSI or TCP/IP?

TCP/IP

How well did you know this?

Not at all

Perfectly

The ……. ? model is used for practical application when locating specific protocol.

TCP/IP

How well did you know this?

Not at all

Perfectly

The #1……..? model was developed by the International Standards Organization (ISO) after the #2…….? model to provide greater granularity of networking assignments within the model.

1. OSI

How well did you know this?

Not at all

Perfectly

OSI stands for what?

Open System Interconnection model.

How well did you know this?

Not at all

Perfectly

Which computer/internet protocol uses seven layers?

OSI (Open System Interconnection)

How well did you know this?

Not at all

Perfectly

The ……..? model consists of a seven-layer architecture that organizes the sending of data from hosts across a network.

OSI (Open System Interconnection)

How well did you know this?

Not at all

Perfectly

The …… is widely used throughout networking documentation and discussions. Layers are often referred to by number, not name, so memorizing the numbers and having a good understanding of each layer’s uses are essential for success in the IT community.

OSI model

How well did you know this?

Not at all

Perfectly

Example:
Receives the frames and data and sends them via the local media (copper wires, fiber-optic cables, etc.) to the switches, routers, etc., along the network path. All of this takes a matter of microseconds to achieve.

What model and what layer is the above example?

Layer 1

Layer 5

Layer 7

Layer 3

OSI

Layer 1

How well did you know this?

Not at all

Perfectly

What number is the transport layer of OSI?

Layer 4

How well did you know this?

Not at all

Perfectly

What number is the Session Layer of OSI?

Layer 5

How well did you know this?

Not at all

Perfectly

Example:
This layer is responsible for the error-free delivery of data to the receiving device or node. This layer is implemented through the use of devices such as switches and bridge devices, as well as anything with a network interface, like wireless or wired network cards.

What OSI layer is this and what is its name?

Layer 2

Data Link Layer

How well did you know this?

Not at all

Perfectly

Application Layer.
This layer is responsible for network applications (like HTTP or FTP) and their production of data to be transferred over the network.

What number is the Application Layer?

Layer 7

How well did you know this?

Not at all

Perfectly

Receives the packets and adds physical addressing by adding sender and receiver MAC addresses to each data packet. This information forms a unit called a frame.

What OSI Layer is this? And what number?

Layer 2

Data Link Layer

How well did you know this?

Not at all

Perfectly

This layer is responsible for translating data from the application layer into the format required to transmit the data over the network as well as encrypting the data for security if encryption is used.

What layer is this and what number?

Layer 6

OSI Presentation Layer

How well did you know this?

Not at all

Perfectly

This layer is responsible for the transmission of data between hosts in different networks as well as routing of data packets. This layer is implemented through the use of devices such as routers and some switches.

What layer is this and what number?

Network Layer

Number 3

How well did you know this?

Not at all

Perfectly

Layer 5 of the OSI model is?

Session Layer

How well did you know this?

Not at all

Perfectly

Which layer of the OSI model establishes, manages, and terminates connections?

Session

Application

Presentation

Network

Session layer

How well did you know this?

Not at all

Perfectly

Which layer of the OSI model does a bridge use to make decisions about forwarding data packets?

Network

Physical

Data Link

Transport

Data Link

How well did you know this?

Not at all

Perfectly

Which transmission control protocol/internet protocol (TCP/IP) layer performs addressing and routing?

Application

Transport

Presentation

Network

Network layer

How well did you know this?

Not at all

Perfectly

OSI model:
The …….. represents network communication at a MAC-address level and forwards packets on …….. devices, like a bridge.

Data Link layer (Layer 2)

Layer 2

How well did you know this?

Not at all

Perfectly

Which device is used to connect host devices within a local area network?

Gateway

Repeater

Switch

Router

Switch

How well did you know this?

Not at all

Perfectly

Which device operates at layer 2 of the OSI model?

Hub

Repeater

Switch

Router

Switch

How well did you know this?

Not at all

Perfectly

A …….. is a layer 3 device that connects networks together

Hub

Repeater

Switch

Router

How well did you know this?

Not at all

Perfectly

……. is also used in Ethernet LANs and data centers. …… is made up of four tightly woven twisted pairs (more twists per linear foot) and supports 1 Gbps for up to 100 meters or 10 Gbps for up to 55 meters.

Cat6 cables

…….. is used in Ethernet LANs containing two twisted pairs allowing for up to 100 Mbps up to 100 meters between the device and the switch, hub, or router. This has been practically replaced by the …. specification.

Cat5 Cat5e

……… is an improvement of the Cat6 standard, supporting the same standards and lengths (with the ability to run 10 Gbps over 100 meters maximum), but using a higher quality cable that is more resistant to interference. This is most commonly used in wired networks today.

Cat6a

There are several different connectors that can be connected to the end of these UTP cables; the two most common are:

RJ11 & RJ45

UTP cables. UTP stands for?

Unshielded twisted pair cables.

…… is made up of four tightly woven twisted pairs (more twists per linear foot) and supports 1 Gbps for up to 100 meters or 10 Gbps for up to 55 meters.

Cat6

……. are analog cables made of copper but specifically engineered with a metal shield intended to block signal interference. This cable was patented in 1880 by Oliver Heaviside and was used as an improvement over the bare copper cables widely used in that day.

Coaxial Cables

Copper cables: There are several types of ….. cables, but since they are not widely used in networking today, they are not discussed further.

coaxial

……….use glass or plastic threads within cables to transfer the data using light (lasers or LEDs) as opposed to traditional metal cables using electricity.

Fiber optic cables (Fiber cables)

……….. cables are useful for high bandwidth needs, meaning they can carry more data at one time.

Fiber optic cables

…….. cables are lighter and thinner to install but are much more expensive.

Fiber optic cables

There are two types of fiber cables: These are?

single-mode multimode.

………. fibers are highly effective over medium distances (500 meters or less at higher speeds) and are generally used within a LAN.

Multimode

The benefit of a ……. fiber cable is the ability to carry higher bandwidth for 50 times the distance of a multimode cable.

single (fiber optic cable mode)

…….. cables are more protected from outdoor weather than traditional copper cables.

Fiber optic cables

Connectors: …………? : This stands for ……... This is a smaller version of the standard connector (SC). This supports more ports to be used in the same space. This is probably the most common type used in corporate data centers today and is usually used with SFP (small form-factor pluggable) transceivers.

LC lucent connector

………? : This stands for a ………. This was the most commonly used connector with multimode fiber until the mid-2000s. It was used on campuses, corporate networks, and for military purposes. Today, LC connectors are usually used instead, as they are denser and more convenient at almost the same cost.

ST Straight tip connector

……..cables are used to connect two computing devices of the same type directly to each other. In computers, this is accomplished via their network interface controllers (NIC) or switches.

Crossover cable

……….. are used to connect a device to a wall outlet, for example. The wall outlet is wired to another patch panel in the networking closet, and that networking panel is wired into a switch. These cables can also be used to wire servers in a rack to the top-of-rack (ToR) switch.

Patch cables

……. is an association of professional electronic and electrical engineers responsible for many of the standards created in networking today. Founded in 1963. IEEK BCGF KBIE IEEEC IEEE

The Institute of Electrical and Electronics Engineers (IEEE)

….. is one of the most basic tools for testing connectivity to other hosts.

Ping

……….. are used to trace the route an IP packet takes to a destination.

Traceroute and tracert

Ipconfig stands for?

Internet Protocol Configuration

…….. is similar to traceroute or tracert in that it displays the path taken by a packet from its source to its destination.

Tracepath

……… provides the user with the IP, subnet mask, and default gateway for each network adapter by default with the /all option information, such as MAC address, DHCP status, and lease information.

Ipconfig (internet protocol configuration)

Similar to ipconfig, …….. is used to configure the kernel network interfaces. It is implemented at the time of booting to configure the necessary interfaces. Once the interfaces are configured, it is used for debugging or tuning the system. It is primarily used in Linux.

ifconfig

Network Commands: ARP stands for?

Address Resolution Protocol

……… displays the IP to physical (MAC) address mappings for hosts that have been discovered in the …….

ARP (Address Resolution Protocol) ARP cache

telnet/ssh tcpdump nmap finger These are examples of what?

Network Commands

……. displays information about active ports and their state and can be useful in troubleshooting and capacity management. The command netstat -r displays routing information for network adapters. It is available in Windows, MacOS, and Linux.

Netstat (network statistics)

…….. displays information for displaying DNS information and troubleshooting DNS problems. It is useful in displaying names to IP address mappings.

Nslookup (name server lookup)

………….is a command used to query the DNS name servers. It is helpful in troubleshooting DNS problems. It is also used for lookups and will display answers from the query. It is a replacement for nslookup. dig nslookup ARP ipconfig

dig

Dig stands for?

domain information groper

……..is a tool most often used to look up who owns a domain or block of IP addresses on the internet, including name, email address, and physical address. However, there are many privacy options that hide this information from being returned. It is primarily used in Linux.

Whois

……. can be used to display the current route tables on a host.

Route

The ……… command is used to securely copy files between servers, leveraging SSH (secure shell) for authentication and encryption.

SCP (Secure Copy Protocol)

………. copies the file from one host to another host. telnet/ssh FTP Netstat Dig

FTP (file transfer protocol)

Network commands: SSH stand for?

Secure shell

………. transfers a file from either a client to a server or from a server to a client using UDP (user datagram protocol) instead of TCP, and so it is usually used on reliable (local) networks. ARP dig tftp ftp

TFTP (trivial file transfer protocol)

………. displays information about a user or users on a remote system, including things such as last log-in time and username. It is primarily used in Linux. dig ftp ifconfig Finger

Finger

……….. scans networks to see what it can find in terms of hosts and open ports (including well-known ones for many applications). It is commonly used to determine what is deployed on a network for vulnerability analysis, security scans, and related activities.

Nmap (Network Mapper)

…….. and …….. are not native to either Linux or Windows but can be downloaded for free and used with both. dig finger tcpdump nslookup Nmap

tcpdump Nmap

……….. displays TCP/IP packets and other network packets that are being transmitted over the network system.

Tcpdump

…………: It is a form of protocol analyzer (sometimes called a sniffer) and is designed to show the contents of network packets in human-readable form for troubleshooting, security analysis, etc.

Tcpdump

…….. allows a user to manage accounts and devices remotely but unencrypted.

Telnet

………….allows a user to manage accounts and devices remotely but it is encrypted.

SSH Secure Shell

An organization needs to perform an analysis to identify vulnerabilities such as open firewall ports, unauthorized operating systems or device types, and weak passwords. Which tool is recommended? nslookup nmap tracepath finger

nmap

The ………. utility is the correct answer and can perform many types of vulnerability scans by sending specially crafted data packets and learning about the target(s) based on the responses of the target(s).

Network Mapper (nmap)

A server administrator is tasked to harden the database servers, and one of the requirements is to document any firewall ports that are open and closed. Which native Windows command line utility should the administrator use? finger tcpdump dig netstat

netstat

The …… is used in Linux to limits the number of pings within a single session. In this example, the ping command attempts transmission eight times and is the correct answer.

-c switch

Which protocol provides remote access over encrypted connections? File transfer protocol (FTP) Secure shell (SSH) Domain Name System (DNS) Internet control method protocol (ICMP)

Secure shell (SSH)

What does the address resolution protocol (ARP) cache map? IP addresses to network destinations IP addresses to MAC addresses MAC addresses to interfaces MAC addresses to ICMP

IP addresses to MAC addresses

Bluetooth ear pods connected to a phone or laptop would be an example of what kind of network? LAN WAN PAN WLAN

PAN Personal Area Network

Networks: SAN stand for?

Storage Area Network

WAN stands for? WLAN stands for?

Wide Area Network (WAN) Wireless Local Area Network (WLAN)

Examples of ….. are a home, lab, or office building. Most often, ….. use Ethernet, Wi-Fi, or both to connect the network devices.

LANs

Many private homes use …. in the form of Wi-Fi, as it allows for multiple users to be connected to the network (and usually the broader internet), but not be tied down to a specific location in the home.

WLAN

………… allow servers to access devices such as tape libraries and disk arrays while presenting them to the operating system like any other locally attached device.

SANs

………. may also use other protocols, such as Fibre Channels that do not usually operate on traditional network equipment.

SANs

….. there is no individually designated server or client. Each machine on the network can act as both server and client, sometimes requesting data from other nodes and sometimes answering requests from others. Bitcoin and Tor are examples of ……. networks.

Peer to Peer (P2P)

The server is the system that stores data and information. The client is the machine that needs access to that data. This is the traditional model of networking since the 1990s. This is an example of what networking model?

Client Server

Unlike other topologies such as bus, ring, or star, …….? topologies are not necessarily constructed using physical network cables. The nodes may connect using Wi-Fi or radio signals or by virtual links such as virtual private networks (VPNs). What topology is this?

Mesh topology

…….. networks are typically used where communication within a network must be highly available and redundancy is needed. Which topology is this? Star Bus (Linear) Mesh Ring

Mesh

Architecturally speaking, there are two extremes in networking and computing architecture: Which are?

centralization & decentralization

In the early days of mainframe computers, nearly all computing and network power was …… in a large data center.

centralized

The performance is also much more constant and reliable. While security is a great benefit of …….? The above is an example of what type of network architecture. Centralized? Or… Decentralized?

Centralized

Another advantage of ……….. is the lack of a single point of failure, or, perhaps more accurately, each computer is its own single point of failure because the computers do not rely on each other.

decentralization

What is the principle advantage of wireless networks? Redundancy Stability Security Portability

Portability

Which network model is characterized by client computers that act as both servers and workstations? Client/server Wired Wireless Peer-to-peer

Peer-to-peer

Virtualization relies on a special type of software, known as a …….., which creates the virtual hardware for devices.

hypervisor

Regardless, all …….. have something in common: they use software to create the illusion of physical hardware.

hypervisors

…… is essentially programming instructions baked into copper and silicon chips.

Hardware

Each instance of virtual hardware is called a ……, or VM.

virtual machine

NOT A FLASHCARD. The operating system (OS) installed within the VM is often referred to as a guest OS to differentiate it from the operating system of the underlying physical computer, which is called the host OS.

The ……. serves as a resource traffic cop in that it manages how each VM (virtual machine) accesses and consumes the physical hardware resources, such as CPU, RAM, networking, and storage.

hypervisor

…….. hypervisors typically requires dedicated hardware and are installed as that machine’s operating system, making them more commonly found in data centers than in home networks. Type 1 Type 2 Which?

Type 1

Bare metal hypervisor is…. Type 1 Or… Type 2

Type 1 hypervisor is bare metal

Hypervisor that is hosted is…. Type 1 Or… Type 2

Type 2 hypervisor is hosted (Installed as an application in the device’s operating system.

VMware Workstation or Microsoft Hyper-V… Are examples of what type of hypervisor? Type 1 Or… Type 2

Type 2

…… hypervisor for MacOS, such as VMware Fusion or Parallels Desktop, which would allow you to create and run a Linux VM on your laptop. Which type of hypervisor? Type 2 Or… Type 1.

Type 2

……….hypervisor is competing for hardware resources with all the other running applications on your computer; and second, the hypervisor does not have direct and unrestricted access to the physical hardware but instead must send all your VM’s hardware requests through your computer’s operating system. This is what type of hypervisor? Type 1 Or… Type 2

Type 2

What kind of software will the IT team need to install on a Mac to enable it to run this Windows environment? Keyboard video mouse (KVM) switch Type 2 hypervisor Virtual machine (VM) Type 1 hypervisor

Type 2 hypervisor

What is a hypervisor? A hardware tool used to host virtual systems A virtual application developer A software tool used to host virtual systems A virtual system administrator

A software tool used to host virtual systems

……. are like a layer of system software between computer hardware and virtualized systems.

Hypervisors

Which cloud service model requires the customer to be responsible for operating systems? PaaS IaaS SaaS

IaaS Infrastructure as a Service

PaaS stand for?

Platform as a Service

SaaS stands for?

Software as a Service.

However, the industry also includes the catch-all term …. as a service, where …. could be nearly anything from security, accounting, hardware, etc.

XaaS X as a Service

Facebook Salesforce Gmail Outlook Are examples of? IaaS SaaS PaaS DaaS

SaaS Software as a Service

Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP)…. These are examples of Public Cloud providers or Private Cloud providers?

Public Cloud providers.

Which type of cloud between Public Cloud or Private Cloud providers is more likely to be secure?

Public Cloud providers.

……. is the concept of leveraging the services of multiple public cloud providers, such as hosting your website at AWS and GCP and balancing the users between these providers. This concept, in practice, can add redundancy and flexibility. Which cloud is the above an example of? Public cloud. Private cloud. Community cloud. Multi-cloud.

Multi-cloud

For …… cloud computing, the customer will require a dedicated connection between their on-premises data center and the public cloud provider. This is an example of? Hybrid cloud Public cloud Private cloud Community cloud Multi-cloud

Hybrid cloud

Why would a business likely choose a hybrid cloud solution? They want a cloud provider to take responsibility for all hardware aspects of their systems. They want to maintain total control of all hardware their software runs on. They want to jointly own and control the hardware their software runs on. They want to use their own systems but add the ability to scale up for burst demand.

They want to use their own systems but add the ability to scale up for burst demand.

The ….. is a reference model that takes into account confidentiality, integrity, and availability.

CIA triad

…….: The abbreviation for IT security operations; a discipline within IT responsible for protecting assets by reducing the risk of attacks.

SecOps

……. : A weakness in software, hardware, facilities, or humans that can be exploited by a threat.

Vulnerability

……. : The potential of a threat to exploit a vulnerability via an attack.

Risk: The potential of a threat to exploit a vulnerability via an attack.

……: Something or someone that can exploit a vulnerability to attack an asset.

Threat

…….: An action taken by a threat that exploits a vulnerability that attempts to either block authorized access to an asset, or to gain unauthorized access to an asset.

Attack

………: A person, device, location, or information that SecOps aims to protect from attack.

Asset: A person, device, location, or information that SecOps aims to protect from attack.

To gain access to the information, the attacker needs to get into the middle of the conversation; however, to do so, the attacker must impersonate the sender and receiver of the traffic. This act is known as "……? its identity." This is an example of? Spoofing Taking control SQL Attack Buffer overflow

Spoofing

An application called a "…….." can systematically check each of these ports by sending thousands of TCP/IP packets to the victim’s computer, each packet on a different TCP port.

port scanner

An attacker just needs to send traffic to each and every port to learn which services are running. Unfortunately for the attacker, there are tens of thousands of ports, numbered from 0 to 65,535. This type of attack is called?

Port Scanning

The …… attack overwhelms a victim’s computer with an immense volume of ICMP echo-request packets, all containing a forged, randomized source address.

Ping flood attack

Threats known as ……. attacks do just that: they deny someone access to a service, usually by overwhelming the victim with enormous amounts of useless traffic.

denial-of-service (DoS)

Two common social engineering attacks are: Impersonation Phishing Denial of Service Spoofing Wiretapping Poor physical security measures

Impersonation & Phishing

A ….. attack creates half-open connections. SYN Wiretapping Spoofing Smurf attack

SYN attack

How does a Smurf attack operate? It causes hosts to reboot repeatedly. It creates multiple VPN connections with hosts. It creates half-open connections. It spoofs the source address for all ICMP packets.

It spoofs the source address for all ICMP packets. This is a Denial-Of-Service attack.

Another example involves ARP poisoning, which is a method attackers use to cause an Ethernet switch to flood all traffic to every port on the switch, including the attacker’s computer. What kind of attack is the above? Spoofing Wiretapping Denial of Service

Spoofing

The Smurf Attack is what kind of attack? (It spoofs the source address for all ICMP packets) Spoofing Wiretapping Phishing Denial-of Service.

Denial-of-Service.

A …… attempts to spoof the source address of ICMP packets and broadcast to the network in an attempt to flood it.

Smurf attack

……..software protects against malware, identifies it, quarantines it, and removes it.

Antivirus

…….. may prevent unwanted connections to a system. Which is the correct answer? Antivirus Personal Firewalls Content Filter

Personal firewalls

……. prevent malicious or inappropriate network traffic. Which is the correct answer? Antivirus Encryption Content Filter

Content filters

……. makes content unreadable unless a private key is used. Content Filter Firewall Encryption

Encryption

Which software protection provides malware identification? Antivirus Content Filter Encryption

Antivirus

Which device provides web content filtering and URL scanning? Web proxy Stateful firewall Router Intrusion detection

Web proxy

A ….. compares inbound and outbound packets and determines whether they are allowed. Antivirus Stateful firewall Content Filter

Stateful firewall

An …….. device or system detects network attacks based on signature.

intrusion detection

A ….. moves traffic from a network to a different network. Antivirus Content filter Router

Router

A ….. filters internet content and performs security checks on sites visited, files downloaded, etc. Antivirus Web proxy Phishing

Web proxy

It is also known as a "tar pit" because it is intended to attract or distract would-be attackers from the actual targets on the network. This is an example of? Antivirus Honeypot Smurf Attack

Honey Pot

Some attacks are …… and may not cause obvious damage right away. Such is the case with rootkits, backdoor attacks, and Trojan horses. Forced. Silent. Announced.

Silent. These attack; rootkits, backdoor attacks, and Trojan horses… are meant to be silent and not cause any detection.

CIA triad: Helps maintain the accuracy of data and to identify the trustworthiness of the information. This is an example of? Availability Integrity Confidentiality

Integrity

CIA Triad: Ensures the data is always accessible by its authorized user This is an example of? Availability Integrity Confidentiality

Availability

CIA Triad: Helps limit access to information, preventing an unauthorized user from accessing, copying, or transmitting the information. This is an example of? Integrity Confidentiality Availability

Confidentiality

Firewall: A ……. is a firewall that operates at Layers 3 and 4 of the OSI network model: network and transport.

Packet filter firewall

Firewall: A ……. is a device that operates as a middleman between two or more systems to help conceal the true identity of the client and server.

circuit-level gateway

Firewall: …….are the foundation of network address translation (NAT) and port address translation (PAT), which are commonly used in firewalls to allow private IP address ranges to communicate on the internet.

Circuit-level gateways

Firewall: These firewalls inspect incoming (ingress) and outgoing (egress) traffic and compare the following attributes to a database of …….. rules that determine if the firewall will forward (allow) or drop (deny) the traffic. This is an example of what type of Firewall?

Packet Filter

Remember, ……… firewalls lack the ability to inspect the contents of the packets. Because of this, malicious traffic could pass into the network unchecked.

Packet filter

A system administrator wants to protect the local network from untrustworthy external traffic. Which device should this system administrator implement? Switch Repeater Router Firewall

Firewall

A network …. is a barrier that intercepts and inspects traffic moving from one network to another.

Firewall

Which three levels of the OSI model does stateful inspection require? Layers 1, 2 and 3 Layers 3, 4, and 5 Layers 2, 4, and 7 Layers 3, 5, and 7

Layers 3, 4, and 5

In order for a ….. to understand whether there is a conversation going on between two endpoints, it must be able to analyze the address (Layer 3), it must be able to analyze the type of traffic—usually TCP or UDP—which requires Layer 4 inspection, and it must be able to analyze Layer 5 data in order to recognize that a session has been requested and established. This is an example of? Antivirus Hypervisor Type 1 Firewall Hypervisor Type 2

Firewall

Which layers of the OSI model does a packet-filtering firewall operate in? Layers 1 and 2 Layers 3 and 4 Layers 4 and 5 Layers 6 and 7

OSI Layers 3 & 4

……. intercept and block threats. Which one? IPS or IDS

IPS Intrusion Prevention System

……monitor the network to detect threats. Which one? IDS or IPS

IDS Intrusion Detection System

Both types of systems (IPS & IDS) can be configured to operate in …., which is where they attach to the network as listening devices only. (Eavesdropping/Wiretapping listening devices) Which mode is this called?

tap mode

Tap mode works wells for ……? IDS or IPS

IDS Intrusion detection system

For an ……. device to stop traffic, it must be positioned in the middle of the traffic stream, a configuration known as in-line mode. Which one is the correct answer? IDS IPS Circuit-level gateway

IPS Intrusion Prevention System

There are also cases where the IPS device may block traffic, particularly files that are known to carry viruses and malware. This is a method known as ………? IDS Tap mode CIA triad reputation-based protection

reputation-based protection

A good example of this is when IPS devices and firewalls block executable (EXE) attachments or downloads. This is called? CIA Triad Reputation-based protection OSI Layer 7 Protocol

Reputation-based protection

Intercepts and blocks threats Has many network ports to operate as input/output pairs Has cables routed physically through devices to create choke points The above is an example of? IDS IPS OSI Layer 3 Antivirus

IPS Intrusion Prevention System

Monitors the network to detect threats Listens passively on the network Alerts network admin of any detected suspicious behavior This is an example of? Antivirus CIA Triad IDS IPS

IDS Intrusion Detection System

Identifies malicious traffic Available as virtual and host-based applications Can be configured to operate in tap mode This is an example of? IPS IDS IDS & IPS (Both) CIA Triad Mesh Topology

IDS & IPS (Both)

Suspicious traffic comes into the switch Intrusion system inspects traffic and alerts. admin of suspicious packets. An alarm is sent to admin’s management system. This is an example of? OSI Layer 6 IDS deployment IPS deployment CIA Triad

IDS deployment

Suspicious traffic comes in. An intrusion system blocks suspicious packets before it gets to the switch. This is an example of? IPS deployment IDS deployment OSI layer 5 Hadoop

IPS deployment

Consider the security-related differences between a wired network using Category 6 cables versus a wired network using fiber optic cables. If wiretapping or electronic eavesdropping is a concern, the ……………. provide greater security. Which cable provides better security? Fiber optic cables or Cat6 (Category 6) cables

Fiber optic cable

Wiretapping is a …… threat because it involves tampering with the physical cables of a victim’s network What OSI layer is wiretapping? OSI layer 3 OSI layer 6 OSI layer 7 OSI layer 1

OSI Layer 1 Physical

For instance, check the security of the locks on the doors to the data center, equipment racks, and wiring closets throughout your building. What OSI layer is the above example? Layer 4 Layer 7 Layer 3 Layer 1

Layer 1 Physical

An attacker executes a radio jammer attack at ………..?. The radio jammer sends radio signals, which interfere with the victim's wireless network card and prevents the victim from communicating with a wireless access point (WAP). What OSI Layer is this? Layer 5 Layer 3 Layer 7 Layer 1

Layer 1 Physical

WAP stands for?

Wireless access point

The attacker sends special Ethernet frames on the network that quickly poison or overwhelm the switch's internal traffic-handling database called the forwarding information base (FIB). Without the FIB, the switch no longer knows where to forward traffic, and so it begins flooding all its ports with every frame it receives, allowing the attacker to receive a copy of all the traffic passing through the switch. When coupled with a packet sniffer, the attacker can reconstruct and analyze the received frames to gather information that will help the attacker to conduct further attacks against the network. What kind if attack is this and what OSI layer? Smurf attack, layer 2. or ARP poisoning, layer 2.

ARP poisoning, layer 2.

What is the best defenses against ARP poisoning? IPS IDS Hadoop OSI layer 7

IPS

Spoofing is an attack that can occur at both OSI layer ……? & OSI Layer …..? Layer 4 & Layer 7 Layer 5 & Layer 6 Layer 4 & Layer 1 Layer 2 & Layer 3

Layer 2 (Data link) & Layer 3 (Network)

The best defense of a Spoofing attack is? IDS CIA Triad IPS

IPS

Port scanner attacks happen typically on what layer of OSI? Layer 2 Layer 7 Layer 4 Layer 6

OSI Layer 4 Transport

Remote procedure call (RPC) is an example protocol at Layer ….? and is used by computers to execute functions and procedures on other computers, such as a central server launching a program or print job. Layer 3 Layer 7 Layer 2 Layer 5

Layer 5 (Session)

Man-in-the-middle attack happens at what OSI Layer? Layer 3 Layer 6 Layer 4 Layer 5

Layer 6 (Presentation)

Encryption typically happens at what OSI Layer? Layer 4 Layer 7 Layer 3 Layer 6

Layer 6 (Presentation)

The ……. layer serves as a translation and security layer between applications, allowing computers to encode and encrypt data. Physical Layer 1 Network Layer 3 Presentation Layer 6 Session Layer 5

Presentation Layer 6

TLS and SSL (Shell) are commonly performed at what OSI Layer? Presentation Layer 6 Physical Layer 1 Network Layer 3 Data Link Layer 2

Presentation Layer 6

For example, the ping sweep attack sends pings to a large number of IP addresses to detect which computers are online and may, therefore, be susceptible to other attacks. Fortunately, these attacks can be easily mitigated by using a …….? Packet-filtering firewall IPS IDS CIA triad

Packet-filtering firewall

Ping flood DoS attack described in an earlier lesson, are typically intended to disrupt ……. on the network.

Communication

Ping attacks commonly are performed at what OSI layer? Layer 4 Layer 5 Layer 3 Layer 1

Layer 3 Network

API stands for?

application programming interface

Another way to mitigate attacks at the Application layer 7 is to leverage a ……. that is able to scan the incoming packet for malicious behavior instead of simply forwarding the malicious payload to the destination. An IPS device will also protect against these threats.

reverse proxy system

Security professionals use a tool called a ………. to detect problems and known bad code that result in vulnerabilities in your applications.

vulnerability scanner

A security analyst is testing the security of an organization’s website by placing a script directly into a search box. Which level of the OSI model is the analyst addressing? Layer 4 Layer 5 Layer 6 Layer 7

Layer 7 (Application)

The Application layer 7 defines how users connect with the application services through protocols such as ……? & ….?

HTTP HTTPS

Application layer is an application programming interface (API) endpoint for web services and websites, both of which leverage the ….. and ….. protocols. Prime targets are web servers, especially web servers that host APIs.

HTTP HTTPS

Which Transport layer protocol is best suited for streaming audio and video? User datagram protocol (UDP) Internet protocol (IP) Hypertext transfer protocol (HTTP) Transmission control protocol (TCP)

User datagram protocol (UDP)

The analyst in this scenario is testing for cross-site scripting vulnerabilities, which would affect the Layer ….?

Layer 7 Application

SQL Injection Attack Security solution: Leverage a reverse proxy system and scan incoming packets for malicious behavior. OSI Layer…..?

Layer 7 Application

Man-in-the-Middle Attack Security solution: Mitigate by using an application-layer proxy or an IPS, and train users about fake security certificates. OSI Layer ….?

Presentation Layer 6

RPC Attack Security solution: Mitigate with regular OS and application patching. OSI Layer ……?

Session Layer 5

Wiretapping Security solution: Look for physical vulnerabilities, check the locks on doors, racks, and wiring closets. OSI Layer:……?

Layer 1 Physical

VLAN Hopping Security solution: Configure the VLAN tagging per the switch vendor’s recommendation. OSI Layer: …..?

Data Link Layer 2

Ping Sweep Attack Security solution: Mitigate by using a packet-filtering firewall. OSI Layer: ….?

Network Layer 3

Port Scanner Security solution: Mitigate by using a packet-filtering firewall. OSI Layer: …..?

Transport Layer 4

…………..?, also known as private key encryption, uses the same key to encrypt the data as it does to decrypt the data, meaning that when used for data transmissions, symmetric key encryption requires that both the sender and the receiver possess the same cipher key. Symmetric key encryption Asymmetric key encryption Elliptic curve cryptography (ECC)

Symmetric key encryption

………………? rely on two different keys to encrypt and decrypt the traffic. This is particularly useful on the internet where the encryption of the data being sent to and from e-commerce and banking websites is needed. Elliptic curve cryptography (ECC) Asymmetric key ciphers Symmetric key encryption

Asymmetric key ciphers

PKI is an asymmetric key solution that allows two parties to exchange encrypted data without having first exchanged a private or shared key with one another. This is used in? Elliptic Curve Cryptography Asymmetric Key Encryption Symmetric key encryption

Asymmetric Key Encryption

In order to add complexity to the keys that defies current brute force attack methods, a new breed of asymmetric key creation was unveiled: ………? PKI Symmetric Encryption Elliptic curve cryptography (ECC)

Elliptic curve cryptography (ECC)

………….? uses the algebraic structure of elliptic curves to create a key that is even smaller than traditional asymmetric keys, yet it is substantially more difficult to crack without the aid of quantum computers.

ECC elliptical curve cryptography

…………..?, as well as ………….?, is performed using a symmetric key to optimize its speed, but that key is exchanged using an asymmetric key cipher to ensure perfect secrecy of the key exchange. (These are hybrid encryption methods that use both symmetric and asymmetric encryption techniques)

Transport Layer Security (TLS) encryption Bulk data encryption

Which encryption application provides authentication and encryption services that are commonly used to create VPN tunnels at OSI Layer 3? Secure Socket Layer (SSL) Internet protocol security (IPSec) Transport Layer Security (TLS) Advanced Encryption Standard (AES)

Internet protocol security (IPSec)

What is a characteristic of symmetric key encryption? Use of a public key and a private key Public key infrastructure Use of a shared key Elliptic curve cryptography

Use of a shared key

…….? data is called plaintext.

Unencrypted

Encrypted plaintext is called……..?

Ciphertext.

IPSec is commonly used to create …… at OSI Layer 3.

VPN tunnels

What is the fastest encryption method for bulk encryption of data? Asymmetric key encryption TLS Symmetric key encryption PKI

Symmetric key encryption

An ………….? relies on two different keys to encrypt and decrypt the data. Which one? Asymmetric key cipher Symmetric key encryption

Asymmetric key cipher

………… dictate how long a piece of data should remain available, whether in active day-to-day storage or in archive copies. Retention policies Data protection Device hardening Encryption of Data at Rest

Retention policies

The key used to encrypt and decrypt your data is called a ………?

data encryption key (DEK)

When you encrypt the DEK, you use an asymmetric encryption key called a ………….? . To help keep all these keys organized, you will store the encrypted DEK inside a key management server (KMS) that grants access to the key based on the validity of your KEK.

key encryption key (KEK)

To help keep all these keys organized, you will store the encrypted DEK inside a ……?

key management server (KMS)

It is equally important to encrypt your data in transit, also known as “……”.

“data in flight.”

If you are developing a web application that will require internet users to create credentials for your application, consider instead using an authentication service known as ……? Federated identity management Key management server Data in flight

Federated identity management

IAM stands for?

identity and access management (IAM)

Form of encryption: SSL stands for?

Secure Sockets Layer

Encryption: TLS stand for?

Transport Layer Security

Encryption: IPsec stands for?

Internet Protocol Security

………..? provides an authentication and encryption solution that secures IP network traffic at Layer 3 of the OSI model.

Internet protocol security (IPsec)

This is in contrast to the ….. protocol discussed above, which operates at Layer 6.

TLS

Which layer does TLS operate at?

OSI Layer 6

What is the name of OSI Layer 6?

OSI Presentation layer 6.

Currently, the most secure algorithm for storing and encrypting data at rest is the……….?

Advanced Encryption Standard (AES)

Depending on the key length, as many as 14 transformations can be made against a given block of data, making it exceptionally difficult, if not impossible, to reverse the encryption without the key or the aid of quantum computers. This is what type of encryption? TLS SSL Advanced Encryption Standard (AES) Elliptic curve cryptography

Advanced Encryption Standard (AES)

Regardless of your backup solution plan, be sure to test it regularly. In fact, consider automating a restore process once a …..? to check for failures or inconsistencies in the backup. Month. Year. Day. Week. Quarter.

Week.

Encryption: DEK stands for?

Data encryption key

Concepts of data encryption: These two terms are used in IT Security: True or False? Encryption of Data at Rest Encryption of Data in Transit

True

MFA stands for?

multifactor authentication

API stands for? (keys)

application programming interface

Public cloud providers keep detailed …. of the actions taken within their system to help you account for changes and to discover any unauthorized use of privileged credentials.

audit logs

……..? are scalable, single-tenant clusters of computing, storage, and networking resources owned and maintained by a single company, typically (but not always) located within a data center belonging to that company.

Private clouds

…….? are hosted by companies, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), and tend to offer highly scalable, multi-tenant solutions in data centers placed around the world.

Public clouds

A …… is the combination of services running in both public and private clouds.

hybrid cloud

IAM stands for?

Identity & Access Management

Cloud Security Steps: Log in using Google ID User verified with identity token This would be? Application Network Cloud Platform

Application

Cloud Security Steps: Configure firewalls to inspect traffic Add layers to protect against an attacker This is an example of? Network Application Cloud Platform

Network

Cloud Security Steps: Employs IAM to determine who has access to specific resources Service provider maintains physical equipment This is an example of? Application Cloud Platform Network

The ….. algorithm uses only 56-bit encryption and can be compromised by brute force software running on modern hardware in less than a day.

Triple DES aka 3DES

……. is a symmetric encryption algorithm that uses the now antiquated DES (data encryption standard) algorithm three times in a row to encrypt your data

Triple DES (often abbreviated 3DES)

………? can be used with a 128-bit, 192-bit, or 256-bit key

AES advanced encryption standard

WEP stands for?

Wired equivalent privacy

Because all packets are encrypted by that key, …..? is very vulnerable to attack today.

WEP wired equivalent privacy

……..? key is either 10 or 26 hexadecimal digits. Each hexadecimal digit is 4 bits. WPA WPA2 WEP AES WPA3 3DES

WEP

WPA stands for?

Wi-Fi protected access WPA

Why would someone choose to implement Advanced Encryption Standards (AES) encryption over Triple Data Encryption Standard (3DES) encryption? For transmission over longer distances. For a more secure level of encryption due to increased complexity. Because they prefer to use a symmetric key algorithm. To hide the network name from discovery protocols

For a more secure level of encryption due to increased complexity.

Which IEEE 802 standard is for wireless LAN connections? 802.3 802.1x 802.11 802.15

802.11

What is one disadvantage of using WPA3 on a wireless network? The licensing fees can be costly on large networks. Security levels are higher using WEP. Transmission rates are higher using WPA2. WPA3 may not be supported by many older network devices.

WPA3 may not be supported by many older network devices.

In …….? , all wireless communication is performed in a peer-to-peer fashion and does not require or involve a WAP.

ad-hoc mode

Which network type does not require a wireless router or access point between clients? WAN Ad-hoc SAN Infrastructure

Ad-hoc

EAP stands for? And is a?

Extensible Authentication Protocol Protocol

The …..? security standard was designed to fit that exact situation. It provides network access control at the port level, whether physical or wireless, and it provides an authentication standard based on the Extensible Authentication Protocol (EAP) 802.3 802.1x 802.11 802.15

802.1x

In WPA3, all devices now use the ………..? (SAE) method to exchange the network key as defined in the IEEE 802.11-2016 standard.

simultaneous authentication of equals

A …. is a way for perpetrators to force victims to connect to rogue networks. In other cases, it interrupts the operation of security systems to facilitate burglaries or porch piracy.

deauth attack

………. is a denial-of-service (DoS) attack where the attacker can force any client (or even every client) off of the network.

Deauthentication (abbreviated deauth)

Best defense against a Deauth Attack?

WPA3

The attacker sets up an illegitimate wireless network using their own WAP and may even share their own cellular data to create an internet hotspot. The attacker usually opens this network without any security or authentication so as to entice people in a hurry to connect to the attacker’s rogue WAP. This type of attack is called?

Fake Access

AAA stands for?

Authentication, authorization, and accounting.

AAA Confirm user is who they claim to be Usernames and passwords Public key infrastructure (PKI) certificates This is? Accounting Authentication Authorization

Authentication

AAA Report on user’s access Provides forensic trail after a security breach Logs successful and unsuccessful connection attempts This is? Accounting Authentication Authorization

Accounting

AAA Define what the user can access, permissions. Give permissions to a user Write and delete or read-only This is? Accounting Authentication Authorization

Authorization

AAA A system can confirm your identity via usernames and passwords or with certificates, as is the case with …….? This is? Accounting Authentication Authorization

1. public key infrastructure (PKI) 2. Authentication

Below are examples of what? Change Default Passwords Remove Unnecessary Logins Enforce a Strong Password Policy Remove Unnecessary Services Keep Patches Up to Date Limit Physical Access to the Device Only Allow Changes from a Trusted Network Require Encryption for Wireless Networks Audit Access Backup

Device Hardening methods

…… ? is a common way to gather the logs and send them to a …..? server for storage. There are many applications, both commercial and open-source, that can review these logs and alert you when anomalies are detected and should be further investigated by a person.

Syslog Syslog server

Which OSI layer is related to the function of the IP protocol suite? Transport Network Data link Session

Network

Which OSI layer is responsible for organizing how bits are passed over the physical layer between devices within the same collision domain? Frame Connection Transport Data link

Data Link

Which OSI layer would define the scope of a protocol that makes sure packets of data are received correctly and resends them if they are not? Validation Transmission Transport Connection

Transport

Which protocol suite performs functions of OSI layer 4? IPX MAC CSMA/CD TCP

TCP

Which type of Ethernet cable can maintain 10Gbps transmission speeds through the course of its maximum 100-meter length? CAT 5e CAT 5 CAT 3 CAT 6a

CAT 6a

Which Internet access technology uses ordinary telephone wires for data transmission? DSL Cable Wi-Fi Hotspot

DSL

Which device is used to organize network cables as they run between switches and other network devices? Jack Hub Patch panel Router

Patch panel

Which network device is used to connect two or more network segments by performing OSI layer 3 functions like packet-forwarding? Router Repeater Wire Switch

Router

Which network device is used to convert between digital information from a LAN and analog signals for transmission over a standard telephone wire? Repeater Modem Signal generator Bit stretcher

Modem

Which device could be used to send commands to the mainframe for remote execution in early mainframe installations? Distributed screens Dumb terminals Execution displays Command receivers

Dumb terminals

Which device is responsible for implementing network address translation (NAT)? Modem Router NIC Switch

Router

Which command produces the following output? Non-authoritative answer: Name: www.google.com Address: 172.217.11.132 dig nslookup whois nmap

nslookup

Which command should be used to manually enter the default gateway for a computer? route ipconfig arp netstat

Route

Which network diagnostic tool displays the path packets take between two endpoints? ifconfig traceroute ftp nslookup

traceroute

Which network type is used to wire multiple PCs to a home router? LAN PAN MAN WAN

LAN

An office's infrastructure connects network devices and printers through a central access point without the use of cabling. Which network type does this office use? WLAN WAN CAN SAN

WLAN

What type of medium is commonly used within a 1000 Mbps Ethernet network? CAT 5 CAT5e Coax Wireless

CAT5e

Which network topology is being implemented when each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node? Star Full mesh Ring Bus

Ring

In which physical LAN topology are nodes connected to each other with a backbone cable that loops around and ends at the same point it started? Ring Bus Star Tree

Ring

Which OSI layer ensures error-free packets? Application Transport Session Presentation

Transport

Which topology uses a switch or hub to connect to all devices in the same network? Mesh Ring Star Bus

Star

Which cloud service provides hardware, operating systems, and web servers but not end-user applications? IaaS PaaS SaaS RaaS

PaaS

Which cloud model provides an exclusive cloud computing service environment that is shared between two or more organizations? Public Private Community Hybrid

Community

Which type of software is used to provide virtualization? Database Hypervisor Antivirus Spreadsheet

Hypervisor

A user that does not want to be identified while communicating on a network uses an application to alter the computer’s identity. Which type of exploit is being perpetrated? Denial-of-service ARP poisoning Smurf attack Spoofing

Spoofing

An attacker attempts to misdirect traffic on a network back to the attacker by corrupting the network computer’s cache of IP address to MAC address mappings that are cached. Which exploit is the attacker perpetrating? Port scanning Wiretapping Denial-of-service ARP poisoning

ARO poisoning

Which exploit actually breaches the physical medium or uses devices to monitor signals from outside the physical medium itself? Spoofing Wiretapping Sniffing Port scanning

Wiretapping

Which type of attack can overwhelm a web server by inserting more data into a web form than the system was configured to hold? Buffer overflow ARP poisoning Session hijacking Cross-site scripting

Buffer overflow

Which type of attack sends an email claiming to be from a reputable business in order to entice the recipient to provide sensitive information? Denial-of-service Phishing Password attacks Man-in-the-middle

Phishing

A user on a network is planning to launch an exploit against a coworker in a neighboring department. The user needs to identify the IP address of a coworker in the desired department. Which tool or utility will allow the user to watch network traffic in real time to identify a target? Port scan Antivirus software Sniffer Port redirection

Sniffer

Which group of attackers is typically used for penetration testing? Red team Blue team White team Gray team

Red team

Which type of attack exploits an unpatched software vulnerability? Zero-day Brute-force Diffie-Hellman Man-in-the-middle

Zero-day

A company has the policy that all new user passwords are P@ssw0rd but does not require new users to change their password. An employee randomly tries a coworker’s account with the new user password to see if they can log in as the coworker. Which type of vulnerability does this create? BYOD Weak password Default password Misconfigured firewall rules

Default password

An employee that does not want to miss emails from important clients sets up her cellular smartphone to allow her to check email. Unfortunately, she does not install antivirus software on the cellular phone. What type of vulnerability is represented? Industry threat Misconfigured firewall rules Weak passwords BYOD/Mobile

BYOD/Mobile

It is a weakness which can be exploited by a threat, such as an attacker, to perform unauthorized actions within a computer system. This is the definition of vulnerability, in computer security. True or False?

True

What is required to establish a secure connection to a remote network over an insecure link? Virtual Private Network (VPN) service Linux Command Line Interface TOR Network

Virtual Private Network (VPN) service

An organization is concerned about brute force attacks. How should the organization counter this risk? Install a mantrap and biometric scanner at the entrance of its data center. Implement a system hardening policy that ensures operating system updates and software patches are installed regularly. Institute a log-in policy that locks users out of an account after three failed password attempts. Initiate role-based access to its systems to reduce the possibility of escalated privileges.

Institute a log-in policy that locks users out of an account after three failed password attempts.

An organization suffers a social engineering attack that results in a cybercriminal gaining access to its networks and to its customers’ private information. How can the organization mitigate this risk in the future? Update user antivirus software to the latest version Implement a stronger password policy Provide regular cybersecurity training for employees Install a sophisticated intrusion detection system

Provide regular cybersecurity training for employees

An attacker plans to exploit flaws in an operating system to gain access to a user's computer system. What is a prevention mechanism for this type of attack? Firewall Patching Antivirus Virtual Private Network (VPN)

Patching

An unauthorized third-party has gained access to a company network. How can they be prevented from deleting data? Access controls Physical controls Biometrics Man trap

Access controls

An attacker has gained access to the passwords of several employees of a company through a brute force attack. Which authentication method would keep the attacker from accessing the employees’ devices? MFA (multi-factor authentication) AAA (authentication, authorization, and accounting) PKI (public key infrastructure) TCP/IP (transmission control protocol/internet protocol

MFA (multi-factor authentication)

After downloading a CD/DVD burning program, a user notices that someone is remotely accessing the computer during nighttime hours. Which type of malware is likely found in the CD/DVD software? Virus Adware Worm Trojan horse

Trojan horse

An analyst has identified an active denial of service attack. Which category of the CIA triad is affected? Confidentiality Availability Integrity Application Checkmark

Availability

While investigating a security incident, a technician discovers an unauthorized packet-capturing tool on the network. Which category of the CIA triad is being attacked? Authenticity Confidentiality Availability Integrity

Confidentiality

A malicious user was able to lock a user's account after guessing the user's password multiple times unsuccessfully. Which category of the CIA triad did the malicious user target in this attack? Confidentiality Integrity Availability Accessibility

Availability

Which category of the CIA triad is affected when an unauthorized user changes the data within a read-only file? Confidentiality Integrity Authenticity Accessibility

Integrity

Which type of firewall initiates a new connection on behalf of the client and presents its own IP to the server when a client initiates a connection to a server? Application level Packet filtering Circuit level Stateful inspection

Circuit level

Which feature of a firewall allows an organization to use private non-routable networks while enabling communication to the internet? Port Address Translation (PAT) Border Gateway Protocol (BGP) Static routing Packet filtering

Port Address Translation (PAT)

What is the meaning of “state” when referring to stateful inspection in firewalls? Which one? It refers to the connection state of a conversation between two computers. It refers to the connection state of a computer to the network.

It refers to the connection state of a conversation between two computers.

What can a user install to detect malicious software? Proxy Antivirus Firewall Patch

Antivirus

Which feature of a network intrusion prevention system (NIPS) uses a lists of known bad IP addresses to protect the network? Reputation-based prevention Anomaly-based protection Behavior-based analysis Cloud-based sandbox environment

Reputation-based prevention

A company provides access to employees' tax and personal information via a public-facing web portal. What should the company implement to encrypt employees' web access to this information? Transport layer security (TLS) Network intrusion detection system (NIDS) Advanced encryption standard (AES) L Two-factor authentication (2FA)

Transport layer security (TLS)

Which attack tricks a client into mapping an IP address to a spoofed MAC address? ARP spoofing Evil-twin attack Rogue DHCP server IP starvation

ARP spoofing

Which type of port has access to all VLANs by default in a traditional layer 2 switch? Uplink Downlink Trunk Console

Trunk

What is end-to-end encryption? Data is encrypted on the sender's system and only the recipient is able to decrypt it. True or False?

True

Which phrase describes unencrypted data? In the clear At rest In transit Ciphertext

In the clear

Which statement is true when comparing AES encryption to Triple DES (3DES)? AES requires less CPU utilization and uses a larger block size than 3DES. 3DES requires less CPU utilization and uses a larger block size than AES. 3DES is a superior encryption protocol due to the triple nature.

AES requires less CPU utilization and uses a larger block size than 3DES.

What is the best defense against fake access attacks? Never use unsecured Wi-Fi hotspots. Never open unsolicited offers. Never click on a link within an email. Never reply to an unsolicited email.

Never use unsecured Wi-Fi hotspots.

Which cloud feature is used to prevent data loss and provide for data retrieval in the event of a disaster? Data backups and archives Database encryption Data cleansing and analytics Database monitoring

Data backups and archives

Which cloud-hosting model provides exclusive cloud access for a single company? Private Public Community Hybrid

Private

What should a cloud provider use to secure data in flight? Private key encryption Demilitarized zone Multifactor authentication Updated antivirus software

Private key encryption

An adminstrator fails to configure protection for usernames and passwords transmitted across the network. Which component of the AAA model is weakened? Authentication Authorization Access Availability

Authentication

67. A user is mistakenly granted access to customer accounts not required for his duties. Which component of the AAA model is violated? Authentication Authorization Availability Access

Authorization

Which type of firewall technology reads and analyzes the actual content of a message before forwarding to its destination? Proxy servers Stateful Stateless Router

Proxy servers

An organization’s IT department is concerned that malicious insiders may be using elevated access rights. Which security control can be used to draw attacks away from critical systems? Firewalls Honeypots IDS IPS

Honeypots

CIA Triad Some of the common actions that can compromise the ………..? of data include: denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, which prevent legitimate users from accessing the resource by sending an overwhelming amount of data to the target server. Availability Integrity Confidentiality

Availability

Some of the compromises of data …..? include: Man-in-the-middle attacks, where an attacker changes the contents of the message after it was sent, but before it was received Confidentiality Availability Integrity

Integrity

In the CIA Triad, Privacy can be equated to …….?

Confidentiality

CIA Triad Social engineering is a method used by attackers to gain an unsuspecting victim’s trust to provide information, such as passwords or server names, or even just to gain physical building access. This is an example of? Integrity Availability Confidentiality

Confidentiality

CIA Triad The physical theft of a device gives an attacker an unlimited time window to break the encryption of your data. This would be an example of? Integrity Confidentiality Availability

Confidentiality

CIA Triad Accidents and malfunctions also play into the equation. For example, …..? of information can easily be breached by storing files in the wrong location, emailing data to the wrong person, or printing ……. information to a public printer. Confidentiality Availability Integrity

Confidentiality Printing confidential information to a public printer

CAT6 Cat6 is also used in Ethernet LANs and data centers. Cat is made up of four tightly woven twisted pairs (more twists per linear foot) and supports 1 Gps for up to 100 meters or 10 Gbps for up to 55 meters.

Cat5e doubles the number of twisted pairs to four for up to 1 Gbps (Gigabits per second over up to 100 meters.

Cat5 is used in Ethernet LANs containing two twisted pairs allowing for up to 100 Mbps up to 100 meters between the device and the switch, hub, or router. This has been practically replaced by the Cate specification.

CAT6a is an improvement of the CAT6 standard, supporting the same standards and lengths (with the ability to run 10 Gbps over 100 meters maximum), but using a higher quality cable that is more resistant to interference. This is most commonly used in wired networks today.

Cat4 supports 16 Mbps for up to 100 meters and is not commonly used today.

Cat3 supports up to 10 Mbps (Megabits per second for up to 100 meters and is commonly used for phone lines today.

OSI Layer 1 Physical Cables Hubs Modem devices Repeaters

OSI Layer 2 Data Link Switches Bridge devices Network Interface Cards (Wireless or Wired)

OSI Layer 3 is Network Routing data packets. Routers and some switches.

OSI Layer 4 Transport This layer is often called the Heart of OSI. Provides services to the Application layer (Layer 7)

OSI Layer 5 Session Connection establishment Session Maintenance Authentication

OSI Layer 6 Presentation Translating data Encryption