Preassessment Flashcards
Which type of ethernet cable can maintain 10 Gbps transmission speeds through the course of its maximum 100-meter length?
Cat 6a
Which internet access technology uses ordinary telephone wires for data transmission?
DSL
Which device is used to organize network cables as they run between switches and other network devices??
Patch panel
Which network device is used to connect two or more network segments by performing OSI layer 3 functions like packet forwarding?
Router
Which network device is used to convert between digital information from my LAN and analog signals for transmission over a standard telephone wire?
Modem
Which device could be used to send commands to the mainframe for remote execution in early mainframe installations?
Dumb terminals
Which device is responsible for implementing network address translation?
Router
Which OSI layer is related to the function of the IP protocol suite?
Network
Which OSI layer is responsible for organizing how bits are passed over the physical layer between devices within the same collision domain?
Data link
Which OSI layer would define the scope of a protocol that makes sure packets of data are received correctly and resends them if they are not?
Transport
Which protocol suite performs functions of OSI layer 4?
TCP
Which command should be used to manually enter the default gateway for a computer?
route
Which network diagnostic tool displays the path packets take between two endpoints?
traceroute
Which network type is used to wire multiple PCs to a home router?
LAN
An office’s infrastructure connects network devices and printers through a central access point without the use of cabling. Which network type does this office use?
WLAN
What type of medium is commonly used within a 1,000 Mbps Ethernet network?
CAT5e
Which network topology is being implemented when each node connects to exactly two other nodes forming a single continuous pathway for signals through each node?
Ring
In which physical LAN topology are nodes connected to each other with a backbone cable that loops around and ends at the same point it started?
Ring
Which cloud service provides hardware, operating systems and web servers but not end user applications?
IaaS
Which cloud model provides an exclusive cloud computing service environment that is shared between two or more organizations?
Community
Which type of software is used to provide virtualization?
Hypervisor
Which OSI layer ensures error-free packets?
Transport
Which topology uses a switch or hub to connect to all devices in the same network?
Star
A user that does not want to be identified while communicating on a network uses an application to alter the computers identity. Which type of exploit is being perpetrated?
Spoofing
An attacker attempts to misdirect traffic on a network back to the attacker by corrupting the network computers cache of IP addresses to MAC address mappings that are cached. Which exploit is the attacker perpetrating?
ARP Poisoning
Which exploit actually breaches the physical medium or uses devices to monitor signals from outside the physical medium itself?
Wire tapping
Which type of attack can overwhelm a web server by inserting more data into a web form then the system was configured to hold?
Buffer overflow
Which type of attack sends an email claiming to be from a reputable business in order to entice the recipient to provide sensitive information?
Phishing
A user on a network is planning to launch an exploit against a co-worker in a neighboring department. The user needs to identify the IP address of a co-worker in the desired department. Which tool or utility will allow the user to watch network traffic in real time to identify a target?
Sniffer
Which group of attackers is typically used for penetration testing?
Red team
Which type of attack exploits an unpatched software vulnerability?
Zero day
A company has the policy that all new user passwords are P@ssw0rd but does not require new users to change their password. An employee randomly tries a co-worker’s account with the new user password to see if they can log in as the co-worker. Which type of vulnerability does this create?
Default password
An employee that does not want to miss emails from important clients sets up her cellular smartphone to allow her to check her email. Unfortunately, she does not install antivirus software on the cell phone. What type of vulnerability is represented?
BYOD/Mobile
What is the definition of vulnerability in computer security?
It is a weakness which can be exploited by a threat such as an attacker to perform unauthorized actions within a computer system
What is required to establish a secure connection to a remote network over an insecure link?
Virtual private network (VPN) service
An organization is concerned about brute force attacks. How should the organization counter this risk?
Institute a login policy that locks users out of an account after three failed password attempts
An organization suffers a social engineering attack that results in a cyber criminal gaining access to its networks and to its customers private information. How can the organization mitigate this risk in the future?
Provide regular cyber security training for employees
An attacker plans to exploit flaws in an operating system to gain access to a user’s computer system. What is a prevention mechanism for this type of attack?
Patching
An unauthorized third party has gained access to a company network. How can they be prevented from deleting data?
Access controls
An attacker has gained access to the passwords of several employees of a company through a brute force attack, which authentication method would keep the attacker from accessing the employees devices
Multi-factor authentication (MFA)
After downloading a CD burning program, a user notices that someone is remotely accessing the computer during night time hours. Which type of malware is likely found in the CD software?
Trojan horse
A user is working on a home computer. When another user seems to open an application to view documents on the same computer, the user immediately suspects that a back door into the computer exists. Which action should be taken first to deal with the problem?
Unplug the PC’s network connection
A user receives an email from an unknown bank saying that the user’s account with the bank has been compromised. The user suspects this is a phishing exploit. How should the user safely proceed?
Open a new browser page, navigate to the bank’s website and acquire legitimate contact information to report the email
A malicious user was able to lock a user’s account after guessing the user’s password multiple times unsuccessfully. Which category of the CIA triad did the malicious user target in this attack?
Availability?
Which category of the CIA triad is affected when an unauthorized user changes the data within a read-only file?
Integrity
An analyst has identified an active denial of service attack. Which category of the CIA triad is affected?
Availability
While investigating a security incident, a technician discovers an unauthorized packet capturing tool on the network. Which category of the CIA triad is being attacked?
Confidentiality
Which type of firewall initiates a new connection on behalf of the client and presents its own IP to the server when a client initiates a connection to a server?
Circuit level
Which feature of a firewall allows an organization to use private non-routable networks while enabling communication to the internet?
Port address translation (PAT)
What is the meaning of “state” when referring to stateful inspection in firewalls?
It refers to the connection state of a conversation between two computers
What can I use or install to detect malicious software?
Antivirus
Which feature of a network intrusion prevention system uses a list of known bad IP addresses to protect the network?
Reputation-based prevention
Which attack tricks a client into mapping an IP address to a spoofed MAC address?
ARP spoofing
Which type of port has access to all VLANs by default in a traditional two layer switch?
Trunk
A company provides access to employees, tax and personal information via a public facing web portal. What should the company implement to encrypt employees web access to this information?
Transport layer security (TLS)
Which cloud feature is used to prevent data loss and provide for data retrieval in the event of a disaster?
Data backups and archives
Which cloud hosting model provides exclusive cloud access for a single company?
Private
What should a cloud provider use to secure data in flight?
Private key encryption
Which type of wireless security protocol is the most secure?
WPA2 + AES
Which statement is true when comparing AES encryption to Triple DES (3DES)
AES requires less CPU utilization and uses a larger block size than 3DES
What is the best defense against fake access attacks?
Never use unsecured Wi-Fi hotspots
Which network device is usually placed in line between the trusted network and an untrusted network?
Firewall
Which type of firewall technology reads and analyzes the actual content of a message before forwarding to its destination?
Proxy servers
An organization’s IT department is concerned that malicious insiders may be using elevated access rights. Which security control can be used to draw attacks away from critical systems?
Honey pots
What is end to end encryption?
Data is encrypted on the sender system and only the recipient is able to decrypt it
Which phrase describes unencrypted data?
In the clear
An administrator fails to configure protection for usernames and passwords transmitted across the network. Which component of the AAA model is weakened?
Authentication
A user is mistakenly granted access to customer accounts not required for his duties. Which component of the AAA model is violated?
Authorization