Practice Test 3 Flashcards
Which of the following networking technologies provides for local area network segregation using switches?
A) RADIUS
B) Virtualization
C) VPN
D) VLAN
D) VLAN
VLANs (virtual LANs) provide for local area network segmentation and separation and are implemented on switches.RADIUS is a remote access authentication technology. Virtualization refers to the creation and management of virtual hosts running in a virtualized environment. VPN is a secure remote access technology.
All of the following are considered elements of a password policy EXCEPT:
A) Password aging
B) Password sharing
C) Password history
D) Password complexity
B) Password sharing
Password sharing typically will be in the acceptable use policy (AUP), as a directive to users about what they can and cannot do.Password history, aging, and complexity will all typically be found in a password policy, as technical elements that describe how passwords should be constructed, implemented, and managed by administrators.
All of the following are considered secure application development practices EXCEPT:
A) Input validation
B) Back doors
C) Memory management
D) Error and exception handling
B) Back doors
Back doors are a security risk due to the possibility that an attacker could use them to gain unauthorized access to the program.All of these are considered secure coding and application development practices.
All of the following are types of penetration testing EXCEPT:
A) Black box
B) Gray box
C) White box
D) Blue box
D) Blue box
Blue box testing is not a type of penetration testing.Black box testing involves a penetration test where the test team has no knowledge of the network. In gray box testing, the tester may have some knowledge given to them, such as an infrastructure diagram or IP address list. In a white box test, the test team has full and detailed knowledge of the network, its design, functions, and applications.
The network administrator for your office has configured the company web site for SSL by applying a certificate to the site. What port will you need to open on the firewall to allow communication to the site?
A) 80
B) 22
C) 443
D) 53
C) 443
TCP port 443 must be opened on the firewall to allow SSL traffic to pass.None of these ports are used by SSL.
Which of the following security controls is designed to prevent tailgating?
A) Separation of duties
B) Mantrap
C) Multifactor authentication
D) Least privilege
B) Mantrap
A mantrap, an area between two locked doors from which the second door cannot be opened until the first door is locked, is designed to allow only one person at a time to enter a facility, effectively preventing tailgating.Separation of duties and least privilege are two security principles designed to prevent collusion and elevated privileges, respectively. Multifactor authentication is designed to positively identify and authenticate an individual but does not prevent tailgating.
Ashlyn, the senior security officer within your organization, has requested that you create a plan for an active security test that tries to bypass the security controls of an asset. What type of test would you plan?
A) Vulnerability scan
B) Risk assessment
C) Code review
D) Penetration test
D) Penetration test
A penetration test is considered an active test because you are actually interacting with the target system and trying to bypass the security controls.A vulnerability scan is considered a passive test because it only involves reviewing the configuration of a system to determine if there are any vulnerabilities. A risk assessment helps identify risks for each asset. A code review involves reviewing the code of an application to look for flaws.
Which of the following attacks involves sending ICMP packets from a spoofed IP address to the network’s broadcast address?
A) Smurf attack
B) Watering hole attack
C) Botnet
D) RAT
A) Smurf attack
A smurf attack is a type of ICMP attack where large amounts of ping packets are sent from a spoofed IP address on the network to the network broadcast address, causing many replies back to the victim and possibly bringing about a denial of service. A smurf attack is an example of a DDoS attack.A remote access Trojan (RAT) is malicious software that the user typically installs without knowing it, such as by installing a game from the Internet or by running a program that was e-mailed to them that is malicious software. The RAT program then opens a back door for the hacker to gain access to the system remotely at a later time. A botnet is a group of compromised systems that the hacker has control over and uses to attack a victim’s system. A watering hole attack is when the hacker determines sites you may want to visit and then compromises those sites by planting viruses or malicious code on them. When you visit the site (which you trust), you are then infected with the virus.
Which of the following simple command-line tools would be used from the host to determine what open ports a host is listening on?
A) ping
B) netstat
C) ifconfig
D) nbtstat
B) netstat
netstat is a tool found on both Unix/Linux and Windows hosts that can give network statistics and connection information, including port usage. This would help determine if a host is listening on an unexpected or unwanted port.None of the other choices give information on open ports. nbtstat is a command found only on Windows hosts and gives NetBIOS usage information. Ping is found on both Unix/Linux and Windows hosts but only sends simple ICMP requests to a host. ifconfig is found only on Unix and Linux hosts and only gives network interface configuration information.
A term used to identify an authentication scheme that involves both sides of the communication authenticating is:
A) Single sign on
B) Nonrepudiation
C) Mutual authentication
D) Hashing
C) Mutual authentication
Mutual authentication requires both sides of a communications session to authenticate to each other.Single sign-on (SSO) is a concept that provides for one authentication to be used for multiple resources. Nonrepudiation ensures that a party cannot deny that it took an action. Hashing involves a one-way function that produces a message digest from a piece of text.
You are troubleshooting a communication problem with an application that sends data to a remote system. What tool can you use to view the traffic being sent on the network by the application?
A) Spectrum analyzer
B) Frequency analyzer
C) Protocol analyzer
D) Switch monitor
C) Protocol analyzer
In order to view network traffic, it must be sniffed or captured using a protocol analyzer (sometimes called a sniffer).These devices cannot be used to capture and view network traffic.
Which type of malware is difficult to detect and replaces key operating system files?
A) Worm
B) Rootkit
C) Logic bomb
D) Trojan
B) Rootkit
A rootkit is very difficult to detect and often replaces key operating system files with compromised versions, allowing an attacker to access administrative-level functions.A worm is a self-propagating piece of malware that can spread without user intervention. A Trojan is a piece of malware that disguises itself as useful software. A logic bomb is a malicious script that typically activates after a certain date or event.
A user complains that he or she cannot access sites that use the HTTPS protocol. Which port should be opened on the firewall to allow this traffic?
A) 8080
B) 443
C) 80
D) 22
B) 443
TCP port 443 is used by HTTPS protocol, which uses SSL as its secure session protocol. Both are associated with port 443.Port 80 is used by HTTP, port 22 by SSH, and port 8080 by some proxy server implementations.
You are configuring IPSec on your network and need to allow for security association (SA) traffic to pass through the firewall. Which of the following ports does the Internet Key Exchange (IKE) protocol, which is the protocol responsible for the SA setup within IPSec, use?
A) 8080
B) 500
C) 22
D) 443
B) 500
IKE uses UDP port 500.Port 443 is used by SSL, 22 is used by SSH, and 8080 does not fall into the range of well-known ports (0-1023) but is frequently used by proxy servers and other security devices.
Which of the following is a Type I error?
A) False negative
B) False rejection rate
C) False acceptance rate
D) Crossover error rate
B) False rejection rate
A false rejection rate (FRR) is a Type I error in biometrics. This also equates to a false positive.A false acceptance rate (FAR) is a Type II error and referred to sometimes as a false negative. The crossover error rate (CER) is the point where the FRR and FAR are equal.
Which of the following protocols is considered a secure replacement for Telnet?
A) SSL
B) SSH
C) TLS
D) RLOGIN
B) SSH
Secure Shell (SSH) is considered a secure replacement for Telnet.TLS and SSL are secure session protocols used in HTTPS traffic. RLOGIN is an older, nonsecure protocol.
Which of the following choices concerns itself with ensuring that data is not modified or destroyed while in storage or transit?
A) Integrity
B) Confidentiality
C) Availability
D) Nonrepudiation
A) Integrity
Integrity is concerned with ensuring that data is not modified.Confidentiality protects information from unauthorized access. Availability provides for information and systems to be online and ready for users at any time. Nonrepudiation means that a user cannot deny that he or she took an action.
Which type of intrusion detection system identifies suspicious activity by monitoring log files on the system?
A) NIDS
B) ACL
C) HIDS
D) NIPS
C) HIDS
A host-based intrusion detection system (HIDS) monitors local system activity and logs for indications of an attack.A NIDS is a network-based intrusion detection system and does not monitor host log files. A NIPS is a network-based intrusion prevention system and works on the network instead of the host. An ACL is an access control list and is used to allow or deny traffic through a router or grant/deny permissions to resources.
You are the security administrator for a small company and would like to limit clients that can connect to the wireless network by hardware address. What would you do?
A) Implement NAC
B) Implement WEP
C) Enable SSID cloaking
D) Implement MAC filtering
D) Implement MAC filtering
MAC address filtering, although not an effective security measure by itself, can be used to limit which clients, by hardware address, can connect to the wireless network. WEP is a wireless security protocol. NAC prevents clients from connecting that do not meet specified security requirements, such as patch level or antivirus signature. SSID cloaking merely prevents potential wireless clients from seeing the wireless network name by stopping it from being broadcast.
Which of the wireless encryption protocols uses the RC4 symmetric algorithm for encrypting wireless communication?
A) WPA2
B) WEP
C) TLS
D) EAP
B) WEP
WEP (Wired Equivalent Privacy) uses a faulty implementation of the RC4 protocol, in addition to weak initialization vectors, making it an unsecure wireless protocol and as a result should never be used.None of these other protocols use RC4.
Which of the following identifies a security reason to perform a site survey to identify rogue access points?
A) Frequency overlap
B) Signal propagation
C) Bypass security controls
D) Interference
C) Bypass security controls
Rogue wireless routers could be used by unauthorized individuals to access the network and bypass security controls such as firewalls.These issues may affect performance and can be important to security, but do not have a direct impact on securing the wireless network.
Which of the following steps is the first to be accomplished during a penetration test?
A) Port scanning
B) Password cracking
C) Obtain permission for the test
D) Privilege escalation
C) Obtain permission for the test
Before beginning any type of penetration test or vulnerability assessment, you must first obtain permission from the responsible system owner to avoid legal or liability issues.Although these are all valid steps to take during a penetration test or vulnerability assessment, none of these should be started without obtaining permission from the responsible system owner.
When performing an investigation on a mobile device, you would like to ensure that you shield the device from sending or receiving signals. What would you use?
A) Protocol analyzer
B) Spectrum analyzer
C) Faraday cage
D) Signal reducer
C) Faraday cage
A Faraday cage can be used to shield devices from sending or receiving electronic signals.A protocol analyzer is used to capture and view network traffic. A spectrum analyzer is used for site surveys when designing wireless networks. A signal reducer is not a device used in this context.
All of the following accurately describe the differences between TACACS and RADIUS EXCEPT:
A) TACACS encrypts only passwords between the client and server
B) RADIUS encrypts only passwords between the client and the server
C) RADIUS uses UDP
D) TACACS uses TCP
A) TACACS encrypts only passwords between the client and server
TACACS encrypts all information between the client and server, whereas RADIUS only encrypts the passwords.All of these are accurate descriptions of differences between RADIUS and TACACS.
When a user types his or her username into a logon screen, this is known as ___________?
A) Authorization
B) Authentication
C) Impersonation
D) Identification
D) Identification
Identification is the first step in the process and involves the user presenting his or her credentials to the server.Authentication occurs after identification and involves the user?s credentials being authenticated by the server. Authorization refers to granting an authenticated user the correct access to an object. Impersonation is an invalid term in this context.
The risk that remains after all reducing and mitigation actions have been taken is called:
A) Residual risk
B) Low risk
C) Mitigated risk
D) Accepted risk
A) Residual risk
Residual risk is what risk remains after all mitigation and reduction strategies have been implemented.Low risk is a level that may be accepted without mitigation or requires little mitigation. Accepted risk is what risk the management authority chooses to accept with or without mitigations in place. Mitigated risk is that risk that has been reduced to a lower level.
When users connect to the wireless network, management wants them to receive a message asking them to agree to the terms of use before being granted wireless network access. What network service could be used to perform this goal?
A) NAC
B) Multifactor authentication
C) PKI
D) Kerberos
A) NAC
Network access control (NAC) can be used to enforce logon or connection banners that will require users to agree to terms of use before being allowed to connect to the network.None of these other technologies can be used to enforce logon warning banners requiring users to agree to terms of use before being allowed to access the network.
Your company has a salesperson who travels a lot and will be connecting to hotel networks. What security recommendation would you make for her laptop?
A) Unencrypted drive
B) Host-based firewall
C) FDE
D) Null password
B) Host-based firewall
A host-based firewall should be used when connecting to untrusted networks, such as one in a hotel.Having an unencrypted drive and null password are not security recommendations. Although full disk encryption (FDE) can help if the laptop is lost or stolen, it will not help you in situations when you are making connections to an unknown and potentially unsecure network. You could potentially be infected with a virus by connecting to an unknown network without having a firewall enabled, or be vulnerable to an attack.
Your manager is interested in implementing a strong authentication scheme. Which of the following is considered the strongest authentication?
A) PIN
B) Fingerprint
C) Username/password
D) Iris scan
D) Iris scan
Out of the choices given, an iris scan is the strongest method of authentication, as these patterns are very unique to individuals. Of all of the biometric authentication methods, including voiceprint and fingerprints, iris scans are most accurate.Username and password combinations are not considered strong methods of authentication, as would be a PIN by itself. These are all considered single-factor forms of authentication. Fingerprints are not considered as strong a method of biometric authentication as iris scans.
In a PKI infrastructure, what is the name of the list that contains all the certificates that have been deemed invalid?
A) Certification invalidation list
B) Certificate revocation list
C) Certificate denial list
D) Certificate authority
B) Certificate revocation list
A certificate revocation list (CRL) contains a list of all invalid or revoked certificates.A certificate denial list and certificate invalidation list are false choices and do not exist. A certificate authority is responsible for issuing certificates.
When working with asymmetric encryption, which of the following is used to encrypt a message sent from Bob to Sue?
A) Bob’s public key
B) Sue’s private key
C) Sue’s public key
D) Bob’s private key
C) Sue’s public key
Sue’s public key is used to encrypt a message from Bob to Sue, as only Sue?s private key can decrypt it. Sue’s private key can only decrypt the message, and Bob does not possess it. Neither of Bob’s keys can be used to encrypt a confidential message to Sue.
Which of the following statements are correct with regard to the concepts of fail-secure and fail-safe? (Choose two.)
A) A fail-safe device responds by not doing anything to cause harm when the failure occurs
B) A fail-safe device responds by making sure the device is using a secure state when a failure occurs
C) A fail-secure device responds by not doing anything to cause harm when the failure occurs
D) A fail-secure device responds by making sure the device is using a secure state when a failure occurs
A) A fail-safe device responds by not doing anything to cause harm when the failure occurs
D) A fail-secure device responds by making sure the device is using a secure state when a failure occurs
A fail-safe device responds by not doing anything to cause harm when the failure occurs. A fail-secure device responds by making sure the device is using a secure state when a failure occurs.A is the definition of fail-safe, and B is the definition of fail-secure, not the other way around.
Which of the following is typically conducted as a first step in the overall business continuity/disaster recovery strategy?
A) System backup plan
B) Disaster recovery plan
C) Business continuity plan
D) Business impact analysis
D) Business impact analysis
The business impact analysis (BIA) is a critical first step in developing the business continuity plan (BCP). It involves determining what risks are present and their effects on the business and its assets.The BCP is the overall and final product that the BIA contributes to. The BIA must be completed as one of the first steps, as it essentially is the risk assessment for the BCP. The disaster recovery plan (DRP) concerns itself with recovering the assets and operations of the business immediately following a disaster. A system backup plan is but one element of the DRP and may or may not be one of the first things accomplished for that plan.
Which of the following protocols is a more secure version of the SSL protocol?
A) AES
B) RSA
C) TLS
D) SSH
C) TLS
Transport Layer Security (TLS) is considered a strong replacement for SSL.SSH is a secure replacement for Telnet and other nonsecure protocols. AES is a symmetric algorithm that replaces DES. RSA is an asymmetric algorithm used in public key cryptography.
Which device, when implemented with VLANs, can help reduce both collision and the size of broadcast domains?
A) Switch
B) Bridge
C) Router
D) Hub
A) Switch
Switches natively help reduce collision domains and, when VLANs are implemented on them, help reduce broadcast domains.Routers can help reduce or eliminate broadcast domains, and bridges can help reduce collision domains, but neither of these devices use VLANs. Hubs do not reduce collision or broadcast domains.