Secure Network Administration Flashcards
You need to set up a secure FTP server to allow your company’s clients to upload their files. Which of the following FTP protocols would you use?
SFTP
FTP
TFTP
SFTP
SFTP is used to encrypt FTP sessions with SSH (Secure Shell). The other methods (FTP, TFTP, and FTP over HTTP) are not secure and communicate in clear text
You want to secure one of your network switch segments to only allow access from specific clients on the development network. Which of the following should you implement?
Create a firewall rule to restrict access to the switch ports.
Create a VLAN for the entire development network.
Restrict the switch port access to the MAC addresses of the clients.
Restrict the switch port access to the MAC addresses of the clients.
You should enable MAC address security on your switch ports to only allow the hardware addresses of the specific clients on the development network to access those ports
It is discovered that your primary router has a serious software vulnerability that makes it susceptible to denial-of-service attacks. What should you do to resolve the issue?
Disable SNMP.
Enable flood protection.
Update the firmware.
Update the firmware.
If a documented vulnerability is found in a network device’s firmware or operating system, it should be updated or a patch applied to fix the bug to prevent the device from being compromised
Your web server is being flooded by a denial-of-service attack. Using a network analyzer, you see that there are IP broadcast replies being sent back to the address of your server from multiple addresses. Which type of network attack is this?
Man-in-the-middle
Back door
Smurf
Smurf
A smurf attack uses a spoof attack combined with a DDoS attack to exploit the use of IP broadcast addressing and ICMP. By spoofing the address of the web server in an IP broadcast, the attacker causes all the replies from other systems on the network to the broadcast to be sent back to the web server, causing a denial of service
When you’re creating firewall rules, which of the following principles should be applied to maximize security by blocking all traffic and only allowing access as required?
Implicit deny
Explicit deny
Unauthenticated deny
Implicit deny
Implicit deny means that anything that is not explicitly defined in an access rule is denied. This denies all access by default, until you apply access rules for only the specific services required
During a denial-of-service attack, a network administrator blocks the source IP with the firewall, but the attack continues. What is the most likely cause of the problem?
The denial-of-service worm has already infected the firewall locally.
The attack is coming from multiple distributed hosts.
A firewall can’t block denial-of-service attacks.
The attack is coming from multiple distributed hosts.
A distributed denial-of-service (DDoS) attack comes from multiple geographically distributed hosts, making it difficult for the network administrator to block it
You have just performed a security port scan on your e-mail server. Which of the following services and ports that appeared in the test as open and accepting connections should be disabled?
TCP port 21
TCP port 25
TCP port 110
TCP port 21
TCP port 21 (FTP) is not required on your e-mail server, and it should be disabled to prevent hackers from connecting to the e-mail server on this port
Your network router can be remotely configured through a web browser. Which of the following would be the most secure method for remote access?
HTTP connection
Telnet
HTTPS connection
HTTPS connection
Of the options listed, the most secure would be the HTTPS connection
A few systems have been infected with malware; log analysis indicates the users all visited the same legitimate website to order office supplies. What is the most likely attack the users have fallen victim to?
Replay
Watering hole
ARP poisoning
Watering hole
The users most likely fell victim to a watering hole attack. The third-party supplier could be hosting malware with your organization as the target