Telecommunications and Network Security

Question 1

In the OSI reference model, on which layer would ethernet 802.3 be placed?
A. Layer 1 Phyisical
B. Layer 2 Data link
C. Layer 3 Network
D. Layer 4 Transport

Answer 1

B. Layer 2 Data link

Question 2

Which tactic would best be considered a part of a proactive network defense?
A. redundant firewalls
B. business continuity planning
C. disallowing p2p traffic
D. perimeter surveillance and intelligence gathering

Answer 2

D. perimeter surveillance and intelligence gathering

Question 3

In which situation is the network not the target of the attack?
A. denial of service
B. hacking into a router
C. virus outbreak
D. man in the middle

Answer 3

D. man in the middle

Question 4

Which of the following is most effective against a distributed denial of service attack?
A. secret fully qualified domain names
B. redundant network layout
C. traffic filtering
D. NAT

Answer 4

C. traffic filtering

Question 5

What is the optimal placement for network based IDS?
A. On the network perimeter, to alert the network administrator of all suspicious traffic
B. On network segments with business critical systems.
C. at the network operations center
D. at an external service provider

Answer 5

A. On the network perimeter, to alert the network administrator of all suspicious traffic

Question 6

Which of the following end-point devices would most likely be considered part of a converged IP network?
A. file server, IP phone, security camera
B. IP phone, thermostat, cypher lock
C. security camera, cypher lock, IP phone
D. thermostat, file server, cypherlock

Answer 6

A. file server, IP phone, security camera

Question 7

Which of the following is an advantage of fiber-optic over copper cables from a security perspective?
A. fiber optics provides higher bandwidth
B. fiber optics are more difficult to wiretap
C. fiber optics are immune to wiretap
D. none. The two are equivalent; network security is independent from the physical layer.

Answer 7

B. fiber optics are more difficult to wiretap

Question 8

Which of the following devices should be part of a network’s perimeter defense?
A. a boundary router, a firewall, a proxy server
B. a firewall, a proxy server, a HIDS
C. a proxy server, a HIDS, a firewall
D. a HIDS, a firewall, a boundary router

Answer 8

B. a firewall, a proxy server, a HIDS

Question 9

Which of the following is a principal security risk of wireless LANs?
A. Lack of physical access control
B. demonstrably insecure standards
C. implementation weaknesses
D. war driving

Answer 9

A. Lack of physical access control

Question 10

Which of the following configurations of a WLAN’s SSID offers adequate security protection?
A. Using an obscure SSID to confuse and distract an attacker.
B. Not using any SSID to all to prevent an attacker from connecting to the network
C. Not broadcasting an SSID to make it harder to detect the WLAN
D. An SSID does not provide protection.

Answer 10

D. An SSID does not provide protection.

Question 11

IPSec
A. provides mechanisms for authentication and encryption.
B. provides mechanisms for nonrepudiation.
C. will only be deployed with IPv6
D. only authenticates clients against a server.

Answer 11

A. provides mechanisms for authentication and encryption.

Question 12

A security event management service performs the following function:
A. gathers firewall logs for archiving
B. aggregates logs from security devices and application servers looking for suspicious activity
C. reviews access controls logs on servers and physical entry points to match user system authorization with physical access permissions.
D. Coordination software for security conferences and seminars.

Answer 12

B. aggregates logs from security devices and application servers looking for suspicious activity

Question 13

Which of the following is the principal weakness of DNS?
A. lack of authentication of servers and thereby authenticity of records.
B. Its latency, which enables insertion of records between the time when a record has expired and when it is refreshed.
C. The fact that it is simple, distributed, hierarchical database instead of a singular, relation one, thereby giving rise to the possibility of inconsistencies going undetected for a certain amount of time.
D. The fact that addresses in e-mail can be spoofed without checking their validity in DNS, caused by the fact that DNS addresses are not digitally signed.

Answer 13

A. lack of authentication of servers and thereby authenticity of records.

Question 14

Which of the following statements about open email relays is incorrect?
A. An open email relay is a server that forwards email from domains other than the one it serves.
B. Open email relays are a principal tool for distribution of spam.
C. Using a blacklist of open email relays provides a secure way for an email administrator to identify open mail relays and filter spam.
D. An open email relay is widely considered a bad sign of system administration.

Answer 14

C. Using a blacklist of open email relays provides a secure way for an email administrator to identify open mail relays and filter spam.

Question 15

A botnet can be characterized as
A. A network used solely for internal communications
B. an automatic security alerting tool for corporate networks.
C. A group of dispersed, compromised machines controlled remotely for illicit reasons.
D. a type of virus.

Answer 15

C. A group of dispersed, compromised machines controlled remotely for illicit reasons.

Question 16

A mesh network topology is rarely implemented in modern networks due to
A. cost
B. poor redundancy
C. throughput
D. optical fiber limits.

Answer 16

A. cost

Question 17

In installing an 801.11N wireless access point, which of the following provides the strongest wireless encryption?
A. WPA
B. WEP
C. PKI
D WPA2

Answer 17

D WPA2

Question 18

A new installation requires a network in a heavy manufacturing area with substantial amounts of EMR and power fluctuations.  Which media is best suited for this environment if little traffic degradation is tolerated?
A. Coax
B. wireless
C. shielded twisted pair
D. fiber

Answer 18

D. fiber

Question 19

Multi-layer protocols such as modbus used in industrial control systems.
A. often have their own encryption and security like IPv6
B. are used in modern routers as a routing interface control
C. are often insecure by their very nature as they were not designed to natively operate over today’s IP networks.
D. have largely been retired and replaced with newer protocols such as IPv6 and netbios.

Answer 19

C. are often insecure by their very nature as they were not designed to natively operate over today’s IP networks.

Question 20

A security professional needs to administer a server remotely.  Assuming they can access the server from their location which is the best approach for access?
A. telnet
B. sshv2
C. ftp
D. tftp

Answer 20

B. sshv2

Question 21

Layer 2 of the OSI model has two sublayers.  What are those sublayers, and what are two IEEE standards that describe technologies at that layer?
A. LCL and MAC; IEEE 802.2 and 802.3
B. LCL and MAC; IEEE 802.1 and 802.3
C. Network and MAC; IEEE 802.1 and 802.3
D. LLC and MAC; IEEE 802.2 and 802.3

Answer 21

D. LLC and MAC; IEEE 802.2 and 802.3

Question 22

Which of the following is not an effective countermeasure against spam?
A. Open mail relay servers
B. Properly configured mail relay servers
C. Filtering on an email gateway
D. Filtering on the client

Answer 22

A. Open mail relay servers

Question 23

Robert is responsible for implementing a common architecture used when customers need to access confidential information through Internet connections.  Which of the following best describes this type of architecture?
A. Two tiered model
B. Screened host
C. Three Tiered model
D. Public and private DNS zones

Answer 23

C. Three Tiered model

Question 24

Two commonly used networking protocols are TCP and UDP. Which of the following correctly describes the two?
A. TCP provides best effort delivery, and UDP sets up a virtual connection with the destination.
B. TCP provides more services and is more reliable in data transmission whereas UDP takes less resources and overhead to transmit data.
C. TCP provices more services and is more reliable, but UDP provides more security services.
D. TCP is reliable, and UDP deals with flow control and ACKs.

Answer 24

B. TCP provides more services and is more reliable in data transmission whereas UDP takes less resources and overhead to transmit data.

Question 25

Which of the following indicates to a packet where to go and how to communicate with the right service or protocol on the destination computer?
A. Socket
B. IP address
C. Port
D. Frame

Answer 25

A. Socket

Question 26

Several different tunneling protocols can be used in dial up situations.  Which of the following would be best to use as a VPN tunneling solution?
A. L2P
B. PPTP
C. IPSec
D. L2TP

Answer 26

B. PPTP

Question 27

Which of the following correctly describes bluejacking?
A. Bluejacking is a harmful malicious attack
B. It is the process of taking over another portable device via a bluetooth enabled device
C. It is commonly used to send unsolicited contact information
D. The term was coined by the use of a bluetooth device and the act of highjacking another device.

Answer 27

C. It is commonly used to send unsolicited contact information

Question 28

DNS is a popular target for attackers due to its strategic role on the Internet.  What type of attack uses recursive queries to poison the cache of a DNS server?
A. DNS spoofing
B. Manipulation of the hosts file
C. Social engineering
D. Domain litigation

Answer 28

A. DNS spoofing

Question 29

IP telephony networks require the same security measures as those implemented on an IP data network. Which of the following is unique to IP telephony?
A. Limiting IP sessions going through media gateways
B. Identification of rogue devices
C. Implementation of authentication
D. Encryption of packets containing sensitive information

Answer 29

A. Limiting IP sessions going through media gateways

Question 30

Cross site scripting (XSS) is an application security vulnerability usually found in web applications.  What type of vulnerability occurs when a victim is tricked into opening a URL programmed with a rogue script to steal sensitive information?
A. Persistent XSS vulnerability
B. Nonpersistent XSS vulnerability
C. Second order vulnerability
D. DOM based vulnerability

Answer 30

B. Nonpersistent XSS vulnerability

Question 31

What are the 3 types of XSS vulnerabilities?

Answer 31

Persistent XSS vulnerability
Nonpersistent XSS vulnerability
DOM based vulnerability

Question 32

What is a persistent XSS vulnerabilty?

Answer 32

targeted at web sites that allow users to input data that is stored in a database or similar location. The code for this type of attack can be rendered automatically without the need of luring a user to a third party web site.

Question 33

What is another name for persistent XSS vulnerabilty?

Answer 33

Second order vulnerability

Question 34

What is another name for a nonpersistent vulnerability?

Answer 34

Reflected vulnerability

Question 35

What is a DOM based XSS vulnerability?

Answer 35

The DOM environment is used to modify the client side java script.

Question 36

Angela wants to group together computers by department to make it easier for them to share network resources.  Which of the following will allow her to group computers logically?
A. VLAN
B. Open Network Architecture
C. Intranet
D. VAN

Answer 36

A. VLAN

Question 37

Both de facto and proprietary interior protocols are in use today.  Which of the following is a proprietary interior protocol that chooses the best path between source and destination?
A. IGRP
B. RIP
C. BGP
D. OSPF

Answer 37

A. IGRP

Question 38

Is RIP a proprietary protocol?

Answer 38

No

Question 39

What does RIP do?

Answer 39

outlines how routers exchange routing table data

Distance vector protocol which calculates shortest distance

Question 40

What does BGP do?

Answer 40

Exterior gateway protocol enabling routers to share routing info.

Question 41

Is OSPF proprietary?

Answer 41

No

Question 42

What did OSPF replace?

Answer 42

RIP

Question 43

Which of the following categories of routing protocols builds a topology database of the network?
A. Dynamic
B. Distance vector
C. Link state
D. Static

Answer 43

C. Link state

Question 44

What are the two types of routing protocols?

Answer 44

Link state

Distance vector

Question 45

Which of the following does not describe IP telephony security?
A. VoIP networks should be protected with the same security controls used on a data network.
B. Softphones are more secure than IP phones
C. As endpoints, IP phones can become the target of attacks.
D. The current internet architecture over which voice is transmitted is less secure than physical phone lines.

Answer 45

B. Softphones are more secure than IP phones

Question 46

When an organization splits naming zones, the names of its hosts that are only accessible from an intranet are hidden from the internet. Which of the following best describes why this is done?
A. To prevent attackers from accessing servers
B. To prevent the manipulation of the hosts file
C. To avoid providing attackers with valuable information that can be used to prepare for an attack
D. To avoid providing attackers with information needed for cyber squatting.

Answer 46

C. To avoid providing attackers with valuable information that can be used to prepare for an attack

Question 47

Which of the following best describes why email spoofing is easily executed?
A. SMTP lacks an adequate authentication mechanism
B. Adminstrators often forget to configure an SMTP server to prevent inbound SMTP connections for domains it doesn’t serve
C. Keyword filtering is technically obsolete
D. Blacklists are undependable

Answer 47

A. SMTP lacks an adequate authentication mechanism

Question 48

Which of the following is not a benefit of VoIP?
A. Cost
B. Convergence
C. Flexibility
D. Security

Answer 48

D. Security

Question 49

Today satellites are used to provide wireless connectivity between different locations. What two prerequisites are needed for two different locations to communicate via satellite links?
A. They must be connected via a phone line and have access to a modem.
B. They must be within a satellite’s line of site and footprint.
C. They must have broadband and a satellite in low Earth orbit
D. They must have a transponder and be within the satellite’s footprint.

Answer 49

B. They must be within a satellite’s line of site and footprint.

Question 50

Brad is a security manager at Thingamabobs Inc. He is preparing a presentation for his company’s executives on the risks of using IM and his reasons for wanting to prohibit its use on the company network. Which of the following should not be included in his presentation?
A. Sensitive data and files can be transferred from system to system over IM
B. Users can receive information including malware from an attacker posing as a legitimate sender
C. IM can be stopped by simply blocking specific ports on the network firewalls
D. A security policy is needed specifying IM usage restrictions

Answer 50

C. IM can be stopped by simply blocking specific ports on the network firewalls

Question 51

Hanna needs to implement a solution that ensures only authorized devices are allowed access to the company network.  Which of the following IEEE standards was developed for this type of protection?
A. IEEE 802.1AR
B. IEEE 802.1AE
C. IEEE 802.1AF
D. IEEE 802.1XR

Answer 51

A. IEEE 802.1AR

Question 52

\_\_\_\_\_\_\_\_\_\_\_ is a set of extensions to DNS to provide DNS clients origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types.
A. Resource records
B. Zone transfer
C. DNSSEC
D. Resource transfer

Answer 52

C. DNSSEC

Question 53

Which of the following best describes the difference between a virtual firewall that works in bridge mode vs one that is embedded into a hypervisor?
A. Bridge mode virtual firewall allows the firewall to monitor individual traffic links, and hypervisor integration allows the firewall to monitor all activities taking place within a host system.
B. Bridge mode virtual firewall allows the firewall to monitor individual network links, and hypervisor integration allows the firewall to monitor all activities taking place within a guest system.
C. Bridge mode virtual firewall allows the firewall to monitor individual traffic links, and hypervisor integration allows the firewall to monitor all activities taking place within a guest system
D. Bridge mode virtual firewall allows the firewall to monitor individual guest systems, hypervisor integration allows the firewall to monitor all activities taking place within a network system.

Answer 53

A. Bridge mode virtual firewall allows the firewall to monitor individual traffic links, and hypervisor integration allows the firewall to monitor all activities taking place within a host system.