Securing the Network Infrastructure

Question 1

You are a guest at a hotel offering free Wi-Fi Internet access to guests. You connect to the wireless network at full signal strength and obtain a valid TCP/IP configuration. When you try to access Internet web sites, a web page displays instead asking for a code before allowing access to the Internet. What type of network component is involved in providing this functionality?

DHCP server

NAT

Proxy server

Answer 1

Proxy server

Proxy servers retrieve content for connected clients and can also require authentication before doing so

Question 2

You are configuring a wireless router at a car repair shop so that waiting customers can connect to the Internet. You want to ensure that wireless clients can connect to the Internet but cannot connect to internal computers owned by the car repair shop. Where should you plug in the wireless router?

LAN

Port 1 on the switch

DMZ

Answer 2

DMZ

A demilitarized zone (DMZ) is a network that allows external unsecure access to resources while preventing direct access to internal resources. If the wireless router is plugged into the DMZ, this will provide Internet access to customers while disallowing them access to internal business computers. Plugging the wireless router into the internal LAN would also allow Internet access but would place customers on a business LAN

Question 3

What will detect a network or host intrusion and take action to prevent the intrusion from succeeding?

IPS

IDS

IPSec

Answer 3

IPS

An intrusion prevention system (IPS) actively monitors network or system activity for abnormal activity and also takes steps to stop it. Abnormal activity can be detected by checking for known attack patterns (signature-based), variations beyond normal activity (anomaly-based), or behavioral variations

Question 4

What technology uses a single external IP address to represent many computers on an internal network?

IPSec

DHCP

NAT

Answer 4

NAT

NAT runs on a router and allows computers on an internal network to access an external network using only a single external IP address. NAT routers track outbound connections in order to deliver inbound traffic to the originating internal host

Question 5

You must purchase a network device that supports content filtering and virus defense for your LAN. What should you choose?

NAT router

HIPS

Web security gateway

Answer 5

Web security gateway

Web security gateways can perform deep packet inspection (content) to filter network traffic. They also include the ability to detect and deal with malware

Question 6

You have been asked to somehow separate Engineering departmental network traffic from Accounting departmental traffic because of a decrease in network throughput. What should you use?

VLAN

DMZ

NAT

Answer 6

VLAN

A virtual local area network (VLAN) creates separate broadcast domains in the same way a router physically separates two network segments. Both the Engineering and Accounting departments should be configured on their own VLANs, thus separating their network traffic

Question 7

Which tool would enable you to capture and view network traffic?

Vulnerability scanner

Port scanner

Protocol analyzer

Answer 7

Protocol analyzer

Protocol analyzers capture and view network traffic by placing the network card into promiscuous mode. In a switched environment, you will capture only network traffic involving your machine in addition to multicast and broadcast packets. Enable port monitoring or mirroring on your switch to view all network activity on the switch

Question 8

You are reviewing router configurations to ensure they comply with corporate security policies. You notice the routers are configured to load their configurations using TFTP and also that TCP port 22 is enabled. What security problem exists with these routers?

Telnet should be disabled.

Telnet should have a password configured.

TFTP is an insecure protocol.

Answer 8

TFTP is an insecure protocol.

Trivial File Transfer Protocol (TFTP) transmits data (such as router configurations) in clear text. TFTP does not have an authentication mechanism; therefore, anybody with network access could have access to all router configurations. It would be more secure to store router configurations locally on the router and to secure the router with the appropriate passwords

Question 9

A router must be configured to allow traffic only from certain hosts. How can this be accomplished?

ACL

Subnet

Proxy server

Answer 9

ACL

An access control list (ACL) is a router setting that allows or denies various types of network traffic from or to specific hosts

Question 10

Which technologies enable analysis of network traffic? (Choose two.)

Port scanner

Sniffer

DMZ

NIDS

Answer 10

Sniffer

NIDS

Sniffers use network card promiscuous mode to capture all network traffic instead of only traffic addresses to the host running the sniffer. Switches isolate each port from one another, so sniffers will not see all switch network traffic unless a switch port is configured to do so. NIDSs are placed on the network strategically so they can analyze all network traffic to identify and report on suspicious activity

Question 11

Sylvia’s workstation has been moved to a new cubicle. On Monday morning, Sylvia reports that even though the network card is plugged into the network jack, there is no link light on the network card. What is the problem?

The workstation has an APIPA address. Issue the ipconfig / renew command.

The default gateway has not been set.

Since the MAC address has changed, switch port security has disabled the port.

Answer 11

Since the MAC address has changed, switch port security has disabled the port.

A disabled switch port is the only choice that would result in an unlit link light on a network card

Question 12

You need a method of authenticating Windows workstations before allowing local LAN access. What should you use?

VPN concentrator

Router

802.1x-compliant switch

Answer 12

802.1x-compliant switch

The 802.1x protocol defines how devices must first be authenticated before getting LAN access

Question 13

An attacker sends thousands of TCP SYN packets with unreachable source IP addresses to a server. After consuming server resources with this traffic, legitimate traffic can no longer reach the server. What can prevent this type of attack?

Packet-filtering firewall

Antivirus software

SYN flood protection

Answer 13

SYN flood protection

SYN flood protection prevents the described DoS attack by limiting the number of half-open TCP connections. A normal TCP conversation follows a three-way handshake, whereby a SYN packet is sent to the target, which responds with a SYN-ACK packet. The originator then sends an ACK packet to complete the handshake. A large number of SYN packets consume server resources

Question 14

A junior IT employee links three network switches together such that each switch connects to the two others. As a result, the network is flooded with useless traffic. What can prevent this situation?

Web application firewall

Loop protection

SYN flood guard

Answer 14

Loop protection

Loop protection is a switch feature that prevents uplink switch ports from switching to “forwarding” mode, thus preventing bridging loops

Question 15

Your boss asks that specific HTTP traffic be monitored and blocked. What should you use?

Web application firewall

Protocol analyzer

Packet-filtering firewall

Answer 15

Web application firewall

Web application firewalls can stop inappropriate HTTP activity based on a configured policy. They can be stateful, in which they watch traffic end to end and can know what state in a transaction each packet is from, or stateless, in which they just examine the packet without knowing anything about what “conversation” it is a part of

Question 16

A high school principal insists on preventing student access to known malware web sites. How can this be done?

DMZ

URL filtering

DNS forwarding

Answer 16

URL filtering

URL filtering examines where traffic is going and compares that against a list of allowed and forbidden sites to allow or prevent access. This can be done on a dedicated network appliance, or it could simply be server software

Question 17

Which of the following scenarios best describes an implicit deny?

Allow network access if it is 802.1x authenticated.

Block outbound network traffic destined for TCP port 25.

Block network traffic unless specifically permitted.

Answer 17

Block network traffic unless specifically permitted.

Implicit denial applies when there is no setting explicitly stating network traffic is allowed

Question 18

A university student has a wired network connection to a restrictive university network. At the same time, the student is connected to a Wi-Fi hotspot for a nearby coffee shop that allows unrestricted Internet access. What potential problem exists in this case?

The student computer could link coffee shop patrons to the university network.

The student computer could override the university default gateway setting.

Encrypted university transmissions could find their way onto the Wi-Fi network.

Answer 18

The student computer could link coffee shop patrons to the university network.

Many operating systems automatically create a network connection between networks when two network interfaces are detected. This would link network segments together in a single broadcast domain but create multiple collision domains. This means, for example, that a coffee shop patron could get a valid TCP/IP configuration from a university DHCP server. This would make the laptop a transparent proxy

Question 19

Which network device encrypts and decrypts network traffic over an unsafe network to allow access to private LANs?

Proxy server

IPSec

VPN concentrator

Answer 19

VPN concentrator

VPNs are encrypted tunnels established over an unsafe network with the goal of safely connecting to a private LAN

Question 20

You suspect malicious activity on your DMZ. In an effort to identify the offender, you have intentionally configured an unpatched server to attract further attention. What term describes what you have configured?

Honeynet

Logging server

Honeypot

Answer 20

Honeypot

A honeypot is designed to attract the attention of hackers or malware in an effort to learn how to mitigate the risk or to identify the offender. This is done by analyzing log files on the honeypot host. Multiple honeypots placed on a network is called a honeynet

Question 21

Your NIDS incorrectly reports legitimate network traffic as being suspicious. What is this known as?

False positive

Explicit false

False negative

Answer 21

False positive

Reporting there is a problem when in truth no problems exist is known as a false positive

Question 22

Your corporate network access policy states that all connecting devices require a host-based firewall, an antivirus scanner, and the latest operating system updates. You would like to prevent noncompliant devices from connecting to your network. What solution should you consider?

NIDS

NAC

VLAN

Answer 22

NAC

Network access control (NAC) ensures that connecting devices are compliant with configured requirements before allowing network access. This can be done with 802.1x network equipment such as a switch, or it can be done with software such as a VPN server checking connecting clients. They can be installed on the end device and stay there permanently, remove themselves after first time authentication, or even do it all on the server end

Question 23

Which of the following are true regarding NAT? (Choose two.)

The NAT client is unaware of address translation.

The NAT client is aware of address translation.

Internet hosts are unaware of address translation.

NAT provides a layer.

Answer 23

The NAT client is unaware of address translation.

Internet hosts are unaware of address translation.

The NAT client simply sees the NAT router as its default gateway. Beyond that, it does not detect that for outbound packets its source IP address is being changed to that of the NAT router’s public interface. To Internet hosts, the traffic appears to come from the NAT router’s public interface (which it really does); there is no indication of IP address translation

Question 24

You are a sales executive for a real estate firm. One of your clients calls you wondering why you have not e-mailed her critical documentation regarding a sale. You check your mail program to verify the message was sent two days ago. You also verify the message was not sent back to you as undeliverable. You tell your client that you did in fact send the message. What should you next tell your client?

DLP prevented the e-mail from being sent.

Encryption of the e-mail failed and the message wasn’t sent.

Check your junk mail; anti-spam software sometimes incorrectly identifies legitimate

Answer 24

Check your junk mail; anti-spam software sometimes incorrectly identifies legitimate

Assuming the message was sent according to the sender’s system two days ago and the sender did not receive an undeliverable message, the most likely answer is that it was flagged as junk mail by the receiver’s mail system

Question 25

You are an IT network consultant. You install a new wireless network for a hotel. What must you do to prevent wireless network users from gaining administrative access to wireless routers?

Apply MAC filtering.

Disable SSID broadcasting.

Change the admin password.

Answer 25

Change the admin password.

Wireless routers ship with a standard admin username and password. It is critical that the wireless router admin password be changed to prevent unauthorized admin access

Question 26

You are an IT specialist with a law enforcement agency. You have tracked illegal Internet activity down to an IP address. Detectives would like to link a person to the IP address in order to secure an arrest warrant. Which of the following are true regarding this situation? (Choose two.)

The IP address might be that of a NAT router or a proxy server.

The IP address could not have been spoofed; otherwise, it would not have reached its destination.

IP addresses can be traced to a regional ISP.

IP addresses are unique for every individual device connecting to the Internet.

Answer 26

The IP address might be that of a NAT router or a proxy server.

IP addresses can be traced to a regional ISP.

NAT routers and proxy servers change the source IP address of packets going to the Internet to be that of their public interface, so on the Internet the packets appear to have originated from those hosts; the internal IP address of a client behind the NAT router or proxy server is not known. Law enforcement could obtain a warrant to examine the logs on a NAT router or proxy server to identify internal clients, but privacy laws in some countries prevent Internet service providers from disclosing this information

Question 27

Your IT security director asks you to configure packet encryption for your internal network. She expresses concerns about how existing packet-filtering firewall rules might affect this encrypted traffic. How would you respond to her concerns?

Encrypted packets will not be affected by existing packet-filtering firewall rules.

Encrypted packet headers could prevent outbound traffic from leaving the internal network.

Encrypted packet payloads will prevent outbound traffic from leaving the internal network.

Answer 27

Encrypted packet headers could prevent outbound traffic from leaving the internal network.

Packet headers include addressing information such as IP and port addresses. These are used to get a packet to its destination. Packet-filtering firewalls allow or deny traffic based on IP or port addresses, to name just a few criteria. If, for example, packets headers containing port addresses are encrypted, packet-filtering firewalls may block traffic when perhaps it should be allowed

Question 28

Acme Inc. has hired you to implement security solutions as recommended by the findings of a network security audit. Stations connecting to the network must have a host-based firewall enabled and must have an up-to-date antivirus solution installed. What should you implement?

ACL

NAC

802.1x

Answer 28

NAC

Network access control (NAC) checks connecting stations (VPN, switch, Wi-Fi, and so on) to ensure that they meet configured policies, such as having a firewall and antivirus solution running

Question 29

Acme Inc. has hired you to implement security solutions as recommended by the findings of a network security audit. Stations used by Accounting staff should not be able to communicate with other stations on the network. What should you implement?

NAC

802.1x

VLAN

Answer 29

VLAN

Virtual local area networks (VLANs) create communication boundaries between network devices within a switch. A port-based VLAN, for example, groups machines plugged into specific physical switch ports into their own logical network

Question 30

Acme Inc. has hired you to implement security solutions as recommended by the findings of a network security audit. Currently, any station plugged into a switch can communicate on the network without any type of authentication. Acme Inc. would like to limit network communications by connecting stations until they have been authenticated. What should you implement?

ACL

NAC

802.1x

Answer 30

802. 1x
803. 1x is a security standard that requires devices connecting to a network to be authenticated before allowing full network communication

Question 31

Acme Inc. has hired you to implement security solutions as recommended by the findings of a network security audit. Currently, all users have Read access to project files on the main file server. Your configuration must ensure that only members of the Project Managers group have access to project files. What should you implement?

ACL

NAC

802.1x

Answer 31

ACL

Access control lists (ACLs) are used to determine what actions a user can issue against a network resource such as a shared folder

Question 32

Which of the following are network connectivity devices? (Choose two.)

Correlation engine

Bridge

Load balancer

Aggregation switch

Answer 32

Bridge

Aggregation switch

Both bridges and aggregation switches can aggregate two or more networks or network segments. Bridges increase network efficiency by tracking which bridge-connected network segment host MAC addresses reside on. Aggregation switches are used to interconnect other network switches

Question 33

You have noticed that a server has slowed down considerably since encryption was enabled for its outbound traffic. What of the following is the best solution to speed up the server?

SDN

SSL decryptor

SSL/TLS accelerator

Answer 33

SSL/TLS accelerator

An SSL/TLS accelerator offloads SSL/TLS encryption to a coprocessor to free up the main processor resources

Question 34

Your boss approaches you about attaching the PBX system to the Ethernet network. Which device would allow this?

Hardware security module

Media gateway

An ad hoc network

Answer 34

Media gateway

A media gateway converts data from a format one network can accept to a format that another network can accept, such as a PBX to the internal Ethernet network

Question 35

How can different networks be segmented from one another? (Choose three.)

Virtualized networks

Port mirror

Physically

Air gap

Answer 35

Virtualized networks

Physically

Air gap

Virtualized networks can be used to segment network traffic just as physical switches and VLANs can. Networks can be physically segmented, using different switches. Networks not connected to any other network at all are called air-gapped networks, but these can still be compromised with malware delivered on removable media, which is exactly what happened with the Stuxnet worm in 2010 that targeted a specific Iranian nuclear power plant

Question 36

What type of device is used to monitor the physical environment in which the network is housed?

Sensors

DLP

DDoS mitigator

Answer 36

Sensors

Sensors allow the physical environment to be monitored for possible anomalies. They do this by monitoring environment and physical conditions including temperature