Technologies and Tools (1) Flashcards
John is looking for a new firewall for a small company. He is concerned about DoS attacks, particularly the SYN flood. Which type of firewall would give the best protection against the SYN flood?
Packet filter
Bastion
SPI
SPI
The correct answer is stateful packet inspection (SPI). SPI looks at the entire context of the conversation and will stop SYN floods
You are responsible for network security at an insurance company. A lot of employees bring their own devices. You have security concerns about this. You have decided to implement a process whereby when users connect to your network, their devices are scanned. If a device does not meet your minimum security requirements, it is not allowed to connect. What best describes this?
NAC
SPI
IDS
NAC
The correct answer is NAC, or Network Access Control. NAC is a network management solution that defines and implements a policy that enables only compliant and trusted endpoint devices to access network resources
Ahmed is responsible for VPN connections at his company. His company uses IPSec exclusively. He has decided to implement IPSec in a mode that encrypts the data of only the packet, not the headers. What is this called?
Tunneling
IKE
Transport
Transport
Transport mode is the mode wherein IPSec encrypts the data, but not the packet header
Maria is responsible for monitoring IDS activity on her company’s network. Twice in the past month there has been activity reported on the IDS that investigation has shown was legitimate traffic. What best describes this?
False negative
Passive
False positive
False positive
When an IDS (or any security device) labels legitimate traffic as an attack, that is called a false positive
Juanita is a network administrator for a large university. The university has numerous systems, each with logs she must monitor and analyze. What would be the best approach for her to view and analyze logs from a central server?
NAC
IDS
SIEM
SIEM
Security Information and Event Management (SIEM) systems are designed specifically for log aggregation and analysis
Enrique is responsible for web application security at his company. He is concerned about attacks such as SQL injection. Which of the following devices would provide the best protection for web attacks on his web application server?
ACL
SPI
WAF
WAF
A web application firewall (WAF) is designed to provide firewall protection that also will protect against specific web attacks
ACME Company has several remote offices. The CIO wants to set up permanent secure connections between the remote offices and the central office. What would be the best solution for this?
L2TP VPN
IPSEC VPN
Site-to-site VPN
Site-to-site VPN
A site-to-site VPN is a permanent VPN connection between sites. Connecting remote offices is a typical site-to-site VPN implementation
Mary is responsible for network security at a medium-sized insurance company. She is concerned that the offices are too open to public traffic and someone could simply connect a laptop to an open RJ45 jack and access the network. Which of the following would best address this concern?
ACL
VLAN
Port security
Port security
By mapping network jacks to specific MAC addresses of machines, you can prevent a rogue machine from being connected
You are the network administrator for an e-commerce company. You are responsible for the web server cluster. You are concerned about not only failover, but also load-balancing and using all the servers in your cluster to accomplish load-balancing. What should you implement?
Active-active
Active-passive
Affinity
Active-active
An active-active cluster has all servers working, rather than keeping a duplicate server in reserve
Donald is working as a network administrator. He is responsible for the database cluster. Connections are load-balanced in the cluster by each new connection being simply sent to the next server in the cluster. What type of load-balancing is this?
Round-robin
Affinity
Weighted
Round-robin
Round-robin load balancing simply sends each new connection to the next server in the cluster
Gerald is setting up new wireless access points throughout his company’s building. The wireless access points have just the radio transceiver, with no additional functionality. What best describes these wireless access points?
Fat
Thick
Thin
Thin
The term for this is thin wireless access point
Mohaned is an IT manager for a hotel. His hotel wants to put wireless access points on each floor. The specifications state that the wireless access points should have minimal functionality, with all the configuration, authentication, and other functionality centrally controlled. What type of wireless access points should Mohaned consider purchasing?
Fat
Controller-based
Stand-alone
Controller-based
Controller-based wireless access points have minimal functionality, with most functions centrally controlled
What IPSec protocol provides authentication and encryption?
AH
ESP
IKE
ESP
Encapsulating Security Payload provides both integrity and encryption
Terrance is implementing IPSec. He wants to ensure that the packets are encrypted, and that the packet and all headers are authenticated. What should he implement?
AH
ESP
AH and ESP
AH and ESP
ESP provides encryption and AH provides complete authentication, including the header, so both are needed to meet the requirements
You are responsible for security at your company. One of management’s biggest concerns is that employees might exfiltrate sensitive data. Which of the following would you implement first?
Routine audits of user machines
VLAN
USB blocking
USB blocking
USB blocking will prevent anyone from plugging in a USB and taking out data
You are responsible for email server security in your company. You want to implement encryption of all emails, using third-party authenticated certificates. What protocol should you implement?
IMAP
S/MIME
SMTP-S
S/MIME
Secure Multipurpose Internet Mail Extensions (S/MIME) encrypts email using X.509 certificates that are created and authenticated by a trusted third party
Joanne is responsible for all remote connectivity to her company’s network. She knows that administrators frequently log in to servers remotely to execute command-line commands and Linux shell commands. She wants to make sure this can only be done if the transmission is encrypted. What protocol should she use?
HTTPS
RDP
SSH
SSH
Secure Shell gives a remote command-line interface that is encrypted
You are responsible for network management at your company. You have been using SNMP for many years. You are currently using SNMP v2. A colleague has recently suggested you upgrade to SNMP v3. What is the primary benefit of SNMP v3?
It is much faster.
It integrates with SIEM.
It is encrypted.
It is encrypted.
Earlier versions of SNMP sent all traffic in clear text. SNMP v3 sends all data encrypted
Employees in your company are allowed to use tablets. They can select a tablet from four different models approved by the company but purchased by the employee. What best describes this?
BYOD
CYOD
COPE
CYOD
Choose Your Own Device (CYOD) allows employees to bring their own devices to work, but only if they are chosen from a list of approved models
Mahmoud is considering moving all company desktops to a VDI deployment. Which of the following would be a security advantage of VDI?
Employees can work from any computer in the company.
VDI is more resistant to malware.
Patch management is centrally controlled.
Patch management is centrally controlled.
Virtual Desktop Infrastructure does have all patch management centrally controlled
You have been assigned to select a backup communication method for your company to use in case of significant disasters that disrupt normal communication. Which option would provide the most reliability?
Cellular
WiFi
SATCOM
SATCOM
Satellite communications are most resistant to disasters that disrupt communications
John is concerned about the security of data on smartphones and tablets that his company issues to employees. Which of the following would be most effective in preventing data loss, should a device be stolen?
Remote wipe
Geolocation
Strong PIN
Remote wipe
The most effective protection against data loss is the ability to remotely wipe the phone
What does geofencing accomplish?
Provides the location for a mobile device.
Limits the range a mobile device can be used in.
Determines WiFi coverage areas.
Limits the range a mobile device can be used in.
Geofencing sets up geographic boundaries, beyond which a device won’t work
What best describes mobile device content management?
Limiting how much content can be stored.
Limiting the type of content that can be stored.
Blocking certain websites.
Limiting the type of content that can be stored.
Content management for a mobile device involves limiting what content can be placed on the phone
Frank believes there could be a problem accessing the DHCP server from a specific client. He wants to check by getting a new dynamic IP. What command will do this?
ipconfig /request
NETSTAT -renew
ipconfig /renew
ipconfig /renew
The ipconfig /renew command will request a new IP from the DHCP server
Teresa is responsible for network administration at a health club chain. She is trying for find a communication technology that uses low power and can spend long periods in low-power sleep modes. Which of the following technologies would be the best fit?
WiFi
Cellular
ANT
ANT
ANT is a proprietary wireless network technology that provides low-power modes and is used in WiFi settings. It has been used in sports-related technologies
What technology was first introduced in Windows Vista and still exists in Windows that helps prevent malware by requiring user authorization to run executables?
DEP
DLP
UTM
DEP
Date Execution Prevention (DEP) requires the user to authorize any executable to execute. It should be noted that this is the definition Microsoft used for its functionality. A more technical definition is that Data Execution Prevention is preventing software from accessing restricted memory such as the operating system’s memory
John is responsible for security of his company’s new e-commerce server. He wants to ensure that online transactions are secure. What technology should he use?
L2TP
SSL
TLS
TLS
Transport Layer Security (TLS) is used to encrypt and secure web traffic
Frank is a network administrator for a small college. The college has implemented a simple NIDS. However, the NIDS seems to only catch well-known attacks. What technology is this NIDS likely missing?
Heuristic scanning
Signature scanning
Passive scanning
Heuristic scanning
Heuristic scanning involves scanning for anomalous behavior that might indicate an attack, even if there is no known attack signature
