Topic 5: Network Security Flashcards by Drew Labate

The security administrator needs to restrict specific devices from connecting to certain WAPs. Which of the following security measures would BEST fulfill this need?
A. WAP placement
B. MAC address filtering
C. Content filtering
D. Encryption type and strength

Answer: B
Explanation: MAC Filtering (or EUI filtering, or layer 2 address filtering) is a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network

How well did you know this?

Not at all

Perfectly

Which of the following performs authentication and provides a secure connection by using 3DES to encrypt all information between two systems?
A. HTTPS
B. SSH
C. RSA
D. SSL

Answer: B
Explanation: DES encryption algorithm encrypts data three times. Three 64-bit keys are used, instead of one, for an overall key length of 192 bits (the first encryption is encrypted with second key, and the resulting cipher text is again encrypted with a third key).

How well did you know this?

Not at all

Perfectly

Several users are reporting connectivity issues with their laptops. Upon further investigation, the network technician identifies that their laptops have been attacked from a specific IP address outside of the network. Which of the following would need to be configured to prevent any further attacks from that IP address?
A. Port security
B. IDS
C. Firewall rules
D. Switch VLAN assignments

Answer: C
Explanation: Firewall rules block or allow specific traffic passing through from one side of the router to the other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine what outside resources local users can have access to.

How well did you know this?

Not at all

Perfectly

The company is setting up a new website that will be requiring a lot of interaction with external users. The website needs to be accessible both externally and internally but without allowing access to internal resources. Which of the following would MOST likely be configured on the
firewall?
A. PAT
B. DHCP
C. DMZ
D. NAT

Answer: C
Explanation: DMZ is a physical or logical subnetwork that contains and exposes an
organization’s external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.

How well did you know this?

Not at all

Perfectly

Which of the following attacks would allow an intruder to do port mapping on a company’s internal server from a separate company server on the Internet?
A. SYN flood
B. Teardrop
C. Smurf
D. FTP bounce

Answer: D
Explanation: FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request.

How well did you know this?

Not at all

Perfectly

Which of the following would be used to check whether a DoS attack is taking place from a specific remote subnet?
A. Syslog files
B. Honeypot
C. Network sniffer
D. tracert

Answer: C
Explanation: A network sniffers monitors data flowing over computer network links. It can be a self-contained software program or a hardware device with the appropriate software or firmware programming.

How well did you know this?

Not at all

Perfectly

An unusual amount of activity is coming into one of the switches in an IDF. A malware attack is suspected. Which of the following tools would appropriately diagnose the problem?
A. Cable tester
B. Protocol analyzer
C. Load balancer
D. OTDR

Answer: B
Explanation: A packet analyzer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network.As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet’s raw data, showing the values of various fields in the packet, and analyzes its content.

How well did you know this?

Not at all

Perfectly

Which of the following can a network technician change to help limit war driving?
A. Signal strength
B. SSID
C. Frequency
D. Channel

Answer: A
Explanation: War driving is a term used to describe the process of a hacker who, armed with a laptop and a wireless adapter card and traveling via a car, bus, subway train, or other form of mechanized transport, goes around sniffing for WLANs. Over time, the hacker builds up a database comprising the network name, signal strength, location, and ip/namespace in use..

How well did you know this?

Not at all

Perfectly

Which of the following ports would have to be allowed through a firewall for POP3 traffic to pass on its default port?
A. 110
B. 123
C. 143
D. 443

Answer: A
Explanation:
Post Office Protocol (POP) is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection. POP3 server listens on well-known port 110.

How well did you know this?

Not at all

Perfectly

Which of the following monitoring devices are used only to recognize suspicious traffic from specific software?
A. Signature based IPS
B. Application based IDS
C. Anomaly based IDS
D. Application based IPS

Answer: B
Explanation:
An APIDS monitors the dynamic behavior and state of the protocol and will typically consist of a system or agent that would typically sit between a process, or group of servers, monitoring and analyzing the application protocol between two connected devices.

How well did you know this?

Not at all

Perfectly

Which of the following security appliances are used to only identify traffic on individual systems? A. Host based IPS
B. Application based IPS
C. Network based IDS
D. Host based IDS

Answer: D
Explanation:
A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyzes the internals of a computing system as well as the network packets on its network interfaces.

How well did you know this?

Not at all

Perfectly

Which of the following uses SSL encryption?
A. SMTP
B. FTP
C. HTTPS
D. SNMP

Answer: C
Explanation:
HTTPS is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.

How well did you know this?

Not at all

Perfectly

Management has decided that they want a high level of security. They do not want Internet requests coming directly from users. Which of the following is the BEST recommendation?
A. Content filter
B. Proxy server
C. Layer 3 switch
D. Firewall

Answer: B

How well did you know this?

Not at all

Perfectly

A company wants to secure its WAPs from unauthorized access. Which of the following is the MOST secure wireless encryption method?
A. SSID disable
B. SNMPv3
C. WEP
D. WPA2

Answer: D
Explanation:
WPA2 improves security of Wi-Fi connections by not allowing use of an algorithm called TKIP (Temporal Key Integrity Protocol) that has known security holes (limitations) in the original WPA implementation.

How well did you know this?

Not at all

Perfectly

A customer wants to increase firewall security. Which of the following are common reasons for implementing port security on the firewall? (Select TWO).
A. Preventing dictionary attacks on user passwords
B. Reducing spam from outside email sources
C. Shielding servers from attacks on internal services
D. Blocking external probes for vulnerabilities
E. Directing DNS queries to the primary server

Answer: C,D
Explanation:
Port security is required because if we keep the ports unsecure then hackers can do port scanning and can compromise the internal secured network so we will have to shield servers to avoid attacks from outside and we need to block incoming scanning request coming from outside.

How well did you know this?

Not at all

Perfectly

The security measure used to reduce vulnerabilities for MOST network devices that require regular application and monitoring is:
A. patch management
B. security limitations
C. documentation
D. social engineering

Answer: A
Explanation:
A patch is a piece of software designed to fix security vulnerabilities and other bugs, and improving the usability or performance.

How well did you know this?

Not at all

Perfectly

Which of the following appliances creates and manages a large number of secure remote-access sessions, and also provides a high availability solution? 
A. Media converter
B. Proxy server
C. VPN concentrator
D. Load balancer

Answer: C
Explanation:
The VPN Concentrator is used for Remote Access VPN’s that allows users to use an encrypted tunnel to securely access a corporate or other network via the Internet.

How well did you know this?

Not at all

Perfectly

Which of the following network access security methods ensures communication occurs over a secured, encrypted channel, even if the data uses the Internet?
A. MAC filtering
B. RAS
C. SSL VPN
D. L2TP

Answer: C
Explanation: SSL VPN consists of one or more VPN devices to which the user connects by using his Web browser. The traffic between the Web browser and the SSL VPN device is encrypted with the SSL protocol or its successor, the Transport Layer Security (TLS) protocol.

How well did you know this?

Not at all

Perfectly

A network administrator is responding to a statement of direction made by senior management to implement network protection that will inspect packets as they enter the network. Which of the following technologies would be used?
A. Packet sniffer
B. Stateless firewall
C. Packet filter
D. Stateful firewall

Answer: D
Explanation: Stateful firewall keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.

How well did you know this?

Not at all

Perfectly

A network administrator is looking to implement a solution allowing users to utilize a common password to access most network resources for an organization. Which of the following would BEST provide this functionality?
A. RADIUS
B. Single sign on
C. Multifactor authentication
D. Two-factor authentication

Answer: B
Explanation: Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.

How well did you know this?

Not at all

Perfectly

A strong network firewall would likely support which of the following security features for controlling access? (Select TWO).
A. War driving
B. War chalking
C. MAC filtering
D. FTP bouncing
E. Port filtering

Answer: C,E
Explanation:
MAC filtering set the security level at layer 2 and port filtering will set the security level on layer 4 so by filtering the traffic on both layers our network will get secure.

How well did you know this?

Not at all

Perfectly

A small office has created an annex in an adjacent office space just 20 feet (6 meters) away. A network administrator is assigned to provide connectivity between the existing office and the new office. Which of the following solutions provides the MOST security from third party tampering?
A. CAT5e connection between offices via the patch panel located in building’s communication closet.
B. CAT5e cable run through ceiling in the public space between offices.
C. VPN between routers located in each office space.
D. A WEP encrypted wireless bridge with directional antennae between offices.

Answer: C
Explanation:
A VPN connection across the Internet is similar to a wide area network (WAN) link between the sites. From a user perspective, the extended network resources are accessed in the same way as resources available from the private network.

How well did you know this?

Not at all

Perfectly

Users at a remote site are unable to establish a VPN to the main office. At which of the following layers of the OSI model does the problem MOST likely reside?
A. Presentation
B. Application
C. Physical
D. Session

Answer: D

How well did you know this?

Not at all

Perfectly

A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied?
A. TCP
B. SMTP
C. ICMP
D. ARP

Answer: C
Explanation: The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. It is assigned protocol number 1.

How well did you know this?

Not at all

Perfectly

``` A network technician has configured a new firewall with a rule to deny UDP traffic. Users have reported that they are unable to access Internet websites. The technician verifies this using the IP address of a popular website. Which of the following is the MOST likely cause of the error? A. Implicit deny B. HTTP transports over UDP C. Website is down D. DNS server failure ```

Answer: A Explanation: In a network firewall ruleset if a certain type of traffic isn't identified it will be denied or stopped by Implicit Deny.

``` Which of the following describes a single computer that is setup specifically to lure hackers into revealing their methods, and preventing real attacks on the production network? A. Evil twin B. Honeypot C. DMZ D. Honeynet ```

Answer: B Explanation: In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

``` Which of the following network appliances will only detect and not prevent malicious network activity? A. IDS B. Network sniffer C. IPS D. Firewall ```

Answer: A Explanation: An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.

``` A network administrator is implementing a wireless honeypot to detect wireless breach attempts. The honeypot must implement weak encryption to lure malicious users into easily breaking into the network. Which of the following should the network administrator implement on the WAP? A. WPA B. WPA2 C. WEP D. VPN ```

Answer: C Explanation: Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network.WEP, recognizable by the key of 10 or 26 hexadecimal digits, is widely in use and is often the first security choice presented to users by router configuration tools

``` Joe, a technician, suspects a virus has infected the network and is using up bandwidth. He needs to quickly determine which workstation is infected with the virus. Which of the following would BEST help Joe? A. Web server B. Syslog C. Network sniffer D. SNMP ```

Answer: C Explanation: Network sniffer is a tool to analyze packets that are being exchanged between the hosts and using this Joe can understand whether there was traffic encountered to server or not which was infected

``` Users are reporting that external web pages load slowly. The network administrator determines that the Internet connection is saturated. Which of the following is BEST used to decrease the impact of web surfing? A. Caching B. Load balancing C. Port filtering D. Traffic analyzer ```

Answer: A Explanation: In computer science, a cache is a component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere. If requested data is contained in the cache (cache hit), this request can be served by simply reading the cache, which is comparatively faster.

``` Which of the following would be the BEST solution for an IDS to monitor known attacks? A. Host-based B. Signature-based C. Network-based D. Behavior-based ```

Answer: B Explanation: Signature detection involves searching network traffic for a series of bytes or packet sequences known to be malicious. A key advantage of this detection method is that signatures are easy to develop and understand if you know what network behavior you're trying to identify.

``` Which of the following is a specialized piece of hardware designed to encrypt and decrypt user traffic? A. Proxy server B. TDR C. Smart jack D. VPN concentrator ```

Answer: D Explanation: The VPN Concentrator is used for Remote Access VPN's. In typical use, a Remote Access VPN allows users to use an encrypted tunnel to securely access a corporate or other network via the Internet.

``` Which of the following wireless security measures, although widely implemented, does not provide strong security? A. IPSec B. WPA2 C. MAC address filtering D. 802.1x ```

Answer: C Explanation: By MAC address filtering you can only filter layer 2 traffic but in security system layer 4 and layer 4 security is also essential.

``` Which of the following does Kerberos provide? A. Non-repudiation B. Accounting C. Exchange D. Authentication ```

Answer: D Explanation: Kerberos is a trusted third-party authentication service based on the model presented by Needham and Schroeder. It is trusted in the sense that each of its clients believes Kerberos' judgment as to the identity of each of its other clients to be accurate.

``` Which of the following does Kerberos use to authenticate? A. Tickets B. Servers C. Users D. Clients ```

Answer: A Explanation: Kerberos keeps a database of its clients and their private keys. The private key is a large number known only to Kerberos and the client it belongs to. In the case that the client is a user, it is an encrypted password. Network services requiring authentication register with Kerberos, as do clients wishing to use those services. The private keys are negotiated at registration.

``` Which of the following security methods is used to attract users attempting to gain unauthorized access to various systems within a single network? A. Network based IDS B. Firewall C. Network based IPS D. Honeynet ```

Answer: D Explanation: A network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.

``` An administrator needs to open ports in the firewall to support both major FTP transfer modes. Which of the following default ports was MOST likely opened? (Select TWO) A. 20 B. 21 C. 22 D. 23 E. 25 F. 53 ```

Answer: A,B Explanation: FTP use both port 21 and 20 (port 21 for the command port and port 20 for the data).

``` The network administrator has been tasked to create a network segment where resources can be placed for public web access. Which of the following should be implemented? A. DMZ B. Honeynet C. PAT D. Port security ```

Answer: A Explanation: In computer security, a DMZ is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet.

``` A network administrator has been tasked to deploy a new WAP in the lobby where there is no power outlet. Which of the following options would allow the network administrator to ensure the WAP is deployed correctly? A. QoS B. Install 802.11n WAP C. PoE D. Parabolic antenna ```

Answer: C Explanation: Power over Ethernet or PoE describes any of several standardized or ad-hoc systems which pass electrical power along with data on Ethernet cabling. This allows a single cable to provide both data connection and electrical power to devices such as wireless access points or IP cameras.

Honeypots and honeynets are different in which of the following ways? A. Honeynets are managed collections of honeypots. B. Honeypots only test software security, not hardware. C. Honeynets require specialized hardware to implement. D. Honeypots are usually servers and honeynets are routers and switches.

Answer: A Explanation: A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems.

A corporate office recently had a security audit and the IT manager has decided to implement very strict security standards. The following requirements are now in place for each employee logging into the network: Biometric fingerprint scan Complex 12 character password 5 digit pin code authorization Randomized security question prompt upon login ``` Which of the following security setups does this company employ? A. Single factor authentication B. Three factor authentication C. Two factor authentication D. Single sign-on ```

Answer: C Explanation: According to proponents, two-factor authentication could drastically reduce the incidence of online identity theft, phishing expeditions, and other online fraud, because the victim's password would no longer be enough to give a thief access to their information.

``` Which of the following will BEST block a host from accessing the LAN on a network using static IP addresses? A. IP filtering B. Port filtering C. MAC address filtering D. DHCP lease ```

Answer: A Explanation: IPFilter (commonly referred to as IPF) is an open source software package that provides firewall services and network address translation (NAT) for many UNIX-like operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall.

``` Which of the following remote access types requires a certificate for connectivity? A. SSH B. PPP C. HTTPS D. WEP ```

Answer: A Explanation: Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively)

``` A technician is troubleshooting authentication issues on a server. It turns out the clock on the server was 72 minutes behind. Setting the clock to the correct time fixed the issue. Given the scenario, which of the following authentication methods was being used? A. Kerberos B. CHAP C. TACACS+ D. RADIUS ```

Answer: A Explanation: Kerberos is a distributed authentication service that allows a process (a client) running on behalf of a principal (a user) to prove its identity to a verifier (an application server, or just server) without sending data across the network that might allow an attacker or the verifier to subsequently impersonate the principal. Kerberos optionally provides integrity and confidentiality for data sent between the client and server.

``` Which of the following wireless standards uses a block encryption cipher rather than a stream cipher? A. WPA2-CCMP B. WPA C. WEP D. WPA2-TKIP ```

Answer: A Explanation: Counter Cipher Mode with Block Chaining Message Authentication Code Protocol or CCMP (CCM mode Protocol) is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. It was created to address the vulnerabilities presented by WEP, a dated, insecure protocol.

``` A network administrator is performing a penetration test on the WPA2 wireless network. Which of the following can be used to find the key? A. DoS B. Buffer overflow C. Dictionary file D. SQL injection ```

Answer: C Explanation: A file used by the debugger. It contains information about a program's structure and contents. The Compiler creates the dictionary file in the first phase of compilation, when checking the syntax. A dictionary file has the filename extension .idy, and is often referred to an .idy file.

``` Which of the following can be used to compromise a WPA encrypted wireless network when the rainbow table does not contain the key? A. Evil twin B. War chalking C. Buffer overflow D. Virus ```

Answer: A Explanation: An evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.This type of evil twin attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.

``` A system administrator is implementing an IDS on the database server to see who is trying to access the server. The administrator relies on the software provider for what to detect. Which of the following would MOST likely be installed? A. Behavior based IDS B. Network based IDS C. Signature based IDS D. Honeypot ```

Answer: C Explanation: Signature detection involves searching network traffic for a series of bytes or packet sequences known to be malicious. A key advantage of this detection method is that signatures are easy to develop and understand if you know what network behavior you're trying to identify.

``` A vendor releases an emergency patch that fixes an exploit on their network devices. The network administrator needs to quickly identify the scope of the impact to the network. Which of the following should have been implemented? A. Change management B. Asset management C. Network sniffer D. System logs ```

Answer: B Explanation: Asset management is defined as the business practice of managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of hardware and software applications within an organization.

Which of the following can be described as a DoS attack? A. Disabling a specific system and making it unavailable to users B. Implementing a keylogger C. Intercepting a packet and decrypting the contents D. Communicating with employees to get company information

Answer: A Explanation: A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.

``` A user is connecting to the Internet at an airport through an ad-hoc connection. Which of the following is the MOST likely security threat? A. Man-in-the-middle B. Social engineering C. Phishing D. DoS ```

Answer: A Explanation: A man in the middle attack is one in which the attacker intercepts messages in a public key exchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other.

``` An application server is placed on the network and the intended application is not working correctly. Which of the following could be used to make sure sessions are being opened properly? A. Antivirus scanner B. IDS C. Packet sniffer D. Toner probe ```

Answer: C Explanation: Explanation: Packet Sniffer is a tool that can help you locate network problems by allowing you to capture and view the packet level data on your network.So we can capture the session and find the cause of failure.

Which of the following is the MOST secure way to prevent malicious changes to a firewall? A. SNMPv2 access only B. TELNET access only C. SSH access only D. Console access only

Answer: D Explanation: Console access requires physical access to the device, so this is the most secure method

``` Which of the following allows a malicious attacker to view network traffic if the attacker is on the same network segment as Joe, an administrator? A. DoS attack B. Man-in-the-middle attack C. Smurf attack D. Xmas attack ```

Answer: B Explanation: An attack where a user gets between the sender and receiver of information and sniffs any information being sent. In some cases, users may be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any unencrypted information. In other cases, a user may be able to obtain information from the attack, but have to unencrypt the information before it can be read.

``` An administrator determines there are an excessive number of packets being sent to a web server repeatedly by a small number of external IP addresses. This is an example of which of the following attacks? A. DDoS B. Viruses C. Worms D. Man-in-the-middle ```

Answer: A Explanation: DDoS attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols

``` Which of the following features will a firewall MOST likely use to detect and prevent malicious traffic on the network? A. Zone filtering B. Signature identification C. Port identification D. Port scanner ```

Answer: B Explanation: Signature-based detection really is more along the lines of intrusion detection than firewalls. However, many personal firewalls and some corporate firewalls contain this functionality. Essentially, the system can be configured to look for specific patterns, known to be malicious, and block the traffic

``` Stateful packet inspection is a security technology used by which of the following devices? A. Unmanaged switch B. Hardware firewall C. Bridge D. IDS ```

Answer: B Explanation: With Stateful Packet Inspection (SPI), every time a packet is sent out of the computer, the firewall keeps track of it. When a packet comes back to the firewall, the firewall can tell whether or not the in-bound packet is a reply to the packet that was sent out.This way, the firewall can handle most network traffic safely without a complex configuration of firewall rules.

``` An administrator would like to inspect all traffic flowing over the SMTP protocol on a given network. Which of the following tools would accomplish this? (Select TWO). A. Packet sniffer B. Honeypot C. Port mirroring D. IPS E. Port scanner F. IDS ```

Answer: A,C Explanation: (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. And we use packet sniffer to detect the types of packet.

``` PKI is a method of user authentication which uses which of the following? A. Various router commands B. Access control lists C. Certificate services D. A RADIUS server ```

Answer: C Explanation: A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.

``` Which of the following a network technician would use to reverse engineer malware and virus? A. IDS B. VLAN C. Virtual Machine D. Switch ```

Answer: C Explanation: Virtual Machine --- even if the VM gets infected, host machine will run as normal.

``` Which of the following authentication solutions use tickets that include valid credentials to access additional network resources? A. Kerberos B. RADIUS C. Multi-factor authentication D. TACACS+ ```

Answer: A

``` Which of the following protocols is used to provide secure authentication and encryption over nonsecure networks? A. RADIUS B. TLS C. PPTP D. HTTP ```

Answer: B

``` Which of the following would be used in a firewall to block incoming TCP packets that are not from established connections? A. Access control lists B. Port address translation C. Blocking unauthorized ports D. Stateful inspection ```

Answer: D

``` Which of the following would be used to place extranet servers in a separate subnet for security purposes? A. VPN B. NAT C. DMZ D. IDS ```

Answer: C

``` Which of the following would a network administrator use to scan a network for vulnerabilities? A. ICMP B. NMAP C. ACL D. TCPDUMP ```

Answer: B

``` Which of the following attack types is being used if the originating IP address has been spoofed? A. Ping flood B. Trojan C. Smurf D. Worm ```

Answer: C

``` Which of the following preventative measures would BEST secure a web server from being port scanned by attackers publicly? A. Content filter B. Proxy server C. ACL implicit allow D. Firewall ```

Answer: D

``` Which of the following provides RSA encryption at the session layer? A. SSH B. ISAKMP C. SSL D. TLS ```

Answer: C

``` Which of the following wireless router security measures provides access to a network by allowing only devices on an approved physical address list? A. Port filtering B. MAC filtering C. SSID masking D. Port forwarding ```

Answer: B

``` Which of the following BEST describes a firewall that can be installed via Add/Remove programs on a Windows computer? A. Managed B. Software C. Hardware D. Wireless ```

Answer: B

``` An administrator determines that an attack is taking place on the email server from a group of users on the same ISP. Which of the following is the BEST way to mitigate an attack on the network? A. Packet filtering B. Spam filtering C. MAC filtering D. CSU ```

Answer: A

``` Users trying to access a website using HTTPS are being blocked by the firewall. Which of the following ports needs to be allowed? A. 80 B. 143 C. 443 D. 3389 ```

Answer: C

``` Which of the following tools could attempt to detect operating system vulnerabilities? A. nslookup B. honeynet C. netstat D. nessus ```

Answer: D

``` A network technician has a RADIUS server IP address that must be included as part of the security settings for a WAP. Which of the following encryption types should the technician select? A. WPA enterprise B. TKIP C. WPA2 CCMP D. WEP 128-bit ```

Answer: A

``` A technician has configured a router to authenticate VPN users to an LDAP server on the network. In order to allow the authentication service, both UDP and TCP ports needed to be allowed on the router. Which of the following services was MOST likely used? A. Kerberos B. TACACS+ C. RADIUS D. 802.1x ```

Answer: C

``` An administrator configuring remote access opens ports 500/UDP and 10000/UDP on the firewall. Which of the following services are MOST likely being allowed? (Select TWO). A. SSL B. IPSec C. Kerberos D. RDP E. L2TP F. PPTP ```

Answer: B,E

``` An administrator wants to restrict traffic to FTP sites regardless of which PC the request comes from. Which of the following would BEST accomplish this? A. An IP filtering ACL B. A MAC filtering ACL C. A port filtering ACL D. A class matching ACL ```

Answer: C

``` Which of the following provides the STRONGEST security for a tunneled connection over the Internet? A. RDP B. SMTP C. RAS D. IPSec ```

Answer: D

``` A network administrator has decided to tighten company security after a recent data breach. The new scheme calls for a strong 10 character password, a special 4 digit pin code, and a one-time use dynamic token that is accessed via a smartphone application. Which of the following is being implemented? A. Two-factor authentication B. Biometric security C. Multi-factor authentication D. Single factor authentication ```

Answer: A

``` A technician needs to enter a username and password and have their fingerprint scanned to access a server. Which of following types of authentication is this an example of? A. Single sign-on B. Network access control C. PKI authentication D. Two-factor authentication ```

Answer: D

``` A technician enters a username and password once and can access multiple databases without being prompted to reenter their password. This is an example of which of the following? A. Two-factor authentication B. Network access control C. Multifactor authentication D. Single sign-on ```

Answer: D

``` Which of the following protocols would the network administrator use to protect login credentials when accessing a router terminal session? A. SCP B. SNMPv3 C. SSL D. SSH ```

Answer: D

``` A user at a hotel sees two SSIDs; both are called "HotelWireless". After the PC connects to one of the APs, the user notices their browser homepage has been changed. Which of the following BEST describes this AP? A. Man-in-the-middle B. DDoS C. Evil twin D. War driving ```

Answer: C

``` Which of the following assists a network administrator in reverse engineering malware and viruses? A. Virtual switches B. Virtual machines C. VLANs D. IDS ```

Answer: B

``` A network administrator decides to secure their small network by allowing only specific MAC addresses to gain access to the network from specific switches. Which of the following is described by this example? A. Packet filtering B. Hardware firewalls C. Port security D. Stateful inspection ```

Answer: C

``` Which of the following can use a third party back-end LDAP user database for authentication? A. ISAKMP B. TACACS+ C. PKI D. CHAP ```

Answer: B

``` A network administrator is implementing an IPS on VLAN 1 and wants the IPS to learn what to prevent on its own. Which of the following would MOST likely be installed? A. Honeynet B. Signature based IPS C. Behavior based IPS D. Host based IPS ```

Answer: C

Which of the following firewall rules will block destination telnet traffic to any host with the source IP address 1.1.1.2/24? A. Deny any source host on source port 23 to destination any B. Deny any source network 1.1.1.0/24 to destination any on port 23 C. Deny source host 1.1.12 on source port 23 to destination any D. Deny any source network 1.1.1.0/24 with source port 23 to destination any

Answer: B

``` Which of the following configurations of a wireless network would be considered MOST secure? A. WEP using MAC Filtering B. WEP and hiding the SSID C. WPA2 D. WPA TKIP and hiding the SSID ```

Answer: C

``` Which of the following is used to determine whether or not a user’s account is authorized to access a server remotely? A. VPN B. RDP C. LDAP D. Encryption ```

Answer: C

``` Which of the following are authentication methods that can use AAA authentication? (Select TWO). A. Kerberos B. PKI C. TKIP/AES D. MS-CHAP E. RADIUS F. TACACS+ ```

Answer: E,F

``` Which of the following are considered AAA authentication methods? (Select TWO). A. Kerberos B. Radius C. MS-CHAP D. TACACS+ E. 802.1X ```

Answer: B,D

``` Which of the following protocols provides a secure connection between two networks? A. L2TP B. IPSec C. PPP D. PPTP ```

Answer: B

When installing new WAPs in a small office, which of the following is the BEST way to physically mitigate the threats from war driving? A. Implement multiple wireless encryption techniques. B. Implement PoE on each WAP. C. Decrease signal strength. D. Increase signal strength.

Answer: C

``` A company wants to simplify network authentication for their users. Which of the following would be used to implement wireless security with single sign-on? A. WPA2 enterprise B. WEP C. Stateful firewall D. PAT ```

Answer: A

``` The company requires all users to authenticate to the network with a smart card, a pin number, and a fingerprint scan. Which of the following BEST describes the user authentication being used? A. Multi-factor authentication B. Two-factor authentication C. Biometrics D. Single sign-on ```

Answer: A

``` Which of the following protocols can be implemented to provide encryption during transmission between email gateways? A. TLS B. PPTP C. SSH D. HTTPS ```

Answer: A

``` Which of the following authentication methods is MOST secure? A. NTLM B. CHAP C. MS-CHAP D. Kerberos ```

Answer: D

``` A user wants to send information and ensure that it was not modified during transmission. Which of the following should be implemented? A. MAC filtering B. Digital signatures C. MS-CHAP D. CHAP ```

Answer: B

``` Which of the following VPN technologies uses IKE and ISAKMP for key exchange? A. SSL B. IPSec C. L2TP D. PPTP ```

Answer: B

``` A user reports that they are unable to access a new server but are able to access all other network resources. Based on the following firewall rules and network information, which of the following ACL entries is the cause? User’s IP: 192.168.5.14 Server IP: 192.168.5.17 Firewall rules: Permit 192.168.5.16/28 192.168.5.0/28 Permit 192.168.5.0/24 192.168.4.0/24 Permit 192.168.4.0/24 192.168.5.0/24 Deny 192.168.5.0/28 192.168.5.16/28 Deny 192.168.14.0/24 192.168.5.16/28 Deny 192.168.0.0/24 192.168.5.0/24 ``` A. Deny 192.168.0.0/24 192.168.5.0/24 B. Deny 192.168.5.0/28 192.168.5.16/28 C. Deny 192.168.14.0/24 192.168.5.16/28 D. Implicit Deny rule

Answer: B Explanation: 192.168.5.0 is the broadcast IP. Denying it prevents the user from accessing the server.

``` A home user wishes to secure the wireless network using strong encryption, so they decide to use AES. Which of the following would be used as the encryption method? A. WEP B. CCMP C. TKIP D. CHAP ```

Answer: B

``` Which of the following security protocols would BEST protect a connection to a remote email server and ensure full integrity of all transmitted email communication? A. TLS 1.2 B. SNMPv3 C. WPA2 D. SMTP ```

Answer: A

A network administrator is tasked with blocking unwanted spam which is being relayed by an internal email server. Which of the following is the FIRST step in preventing spam that is originating from bots on the network? A. Closing off port 25 on the firewall B. Closing off port 53 on the firewall C. Turning off the SMTP service on the email server D. Turning off the IMAP service on the email server

Answer: A

``` A technician is asked to filter inbound and outbound traffic of a specific service on the network. Which of the following would BEST allow the technician to comply with the request? A. MAC filtering B. IP filtering C. Port filtering D. Content filtering ```

Answer: C

``` A user enters a password into a logon box on a PC. The server and the PC then compare one way hashes to validate the password. Which of the following methods uses this process? A. PKI B. Kerberos C. Single sign-on D. CHAP ```

Answer: D

``` A user receives a phone call at home from someone claiming to be from their company’s IT help desk. The help desk person wants to verify their username and password to ensure that the user’s account has not been compromised. Which of the following attacks has just occurred? A. Evil twin B. Phishing C. Man-in-the-middle D. Social engineering ```

Answer: D

``` Which of the following is being described when symbols are displayed on the side of the building and/or walking path, to identify open hot-spots? A. Social engineering B. War chalking C. WPA cracking D. Packet sniffing ```

Answer: B

``` A company would like to use the enterprise RADIUS server to authenticate and identify their secure wireless users. Which of the following standards should the company use to facilitate this? A. Stateful inspection B. WEP C. WPA D. Open with EAP ```

Answer: C

``` A network manager is interested in a device that watches for threats on a network but does not act on its own, and also does not put a strain on client systems. Which of the following would BEST meet these requirements? A. HIDS B. NIDS C. NIPS D. HIPS ```

Answer: B

``` A small company is looking to install a wireless network to enable its relatively old fleet of laptops to have limited internet access internally. The technician on the project knows that the units do not support modern encryption standards. If backwards compatibility is the greatest concern, which of the following is the MOST appropriate wireless security type to choose? A. WEP B. WPS C. WPA D. WPA2 ```

Answer: A

``` A technician notices that guests have plugged their laptops into a network wall jack located in the conference room. Which of the following could the technician implement in order to ensure that ONLY employees are able to access network resources? A. Port mirroring B. VTP configuration C. MAC address filtering D. Traffic filtering ```

Answer: C

``` Which of the following would allow a network administrator to implement a user authentication method that uses X.509 certificates? A. PKI B. Kerberos C. TACACS+ D. RADIUS ```

Answer: A

``` A network administrator is considering implementation of network access restrictions based upon layer two addressing information. Which of the following describes this method of network restrictions? A. MAC filtering B. Port filtering C. IP filtering D. ACL filtering ```

Answer: A

``` Which of the following is the wireless encryption standard associated with WPA2? A. AES-CCMP B. EAP C. WEP D. 802.1x ```

Answer: A

``` Which of the following is the default authentication method for a Windows client using PPP over a dialup connection? A. TACACS+ B. WINS C. Kerberos D. MS-CHAP ```

Answer: D

``` A server administrator, Ann, is deploying a server that she wants to mitigate intrusions from zero day exploits. Which of the following should be deployed? A. Behavior based IPS B. Signature based IDS C. Antivirus software D. Access Control Lists ```

Answer: A

``` Which of the following should the last line of an ACL normally contain? A. Explicit allow B. Statically routed C. Random access D. Implicit deny ```

Answer: D

``` Joe, a network technician, is implementing a wireless network and needs to support legacy devices. He has selected to use WPA mixed mode. WPA mixed mode is normally implemented with which of the following encryption factors? (Select TWO). A. SSH B. 3DES C. AES D. SSL E. TLS F. TKIP ```

Answer: C,F

``` Which of the following is a common threat that collects Initialization Vectors to help speed up the algorithm for the attack? A. WEP cracking B. WPA cracking C. War driving D. Rogue access point ```

Answer: A

``` A user authenticated to more than one website using their same credentials is an example of: A. Multifactor authentication B. User access control C. Two-factor authentication D. Single sign-on ```

Answer: D

``` Ann, a user, connects to her company’s secured wireless network in the conference room when attending meetings. While using the conference room this morning, Ann notices an unsecured wireless network with the same name is available. Ann connects her laptop to this network instead of to the secured one. Ann has fallen victim to which of the following threats? A. Rogue access point B. ARP poisoning C. Replay attack D. Evil twin ```

Answer: D

``` Which of the following is an example of asymmetric encryption? A. PKI B. SHA1 C. AES D. 3DES ```

Answer: A

``` Which of the following describes blocking traffic based upon the Layer 3 sources address of the traffic? A. Port filtering B. IP filtering C. MAC filtering D. Application filtering ```

Answer: B

``` The process of restricting internal web traffic to an employee-only website based upon Layer 3 addresses is known as which of the following? A. MAC filtering B. Traffic shaping C. Session filtering D. IP filtering ```

Answer: D

``` Encryption provides which of the following to data being transferred across the network? A. Confidentiality B. Resistance to Jitter C. High Availability D. Data Integrity ```

Answer: A

``` Which of the following network devices is meant to actively protect against network treats and can disable connections to stop malicious traffic if necessary? A. DMZ B. IPS C. SSL VPN D. Layer 3 switch ```

Answer: B

``` Which of the following attacks is spread by attaching themselves to files? A. Worms B. Botnet C. DDoS D. FTP bounce ```

Answer: A

``` A company has a remote access VPN and wants to ensure that if a username and password are compromised, the corporate network will remain secure. Which of the following will allow the company to achieve its security goal? A. Posture assessment B. Kerberos C. TACACS+ D. Two-factor authentication ```

Answer: D

``` A malicious user connects to an open wireless network and is able to copy, reassemble and play back live VoIP data streams from wireless VoIP users. Which of the following attacks has the user performed? A. Man-in-the-middle B. Evil Twin C. Packet Sniffing D. IV attack ```

Answer: C

A technician is tasked with adding an ACL to the host-based firewall of a PC. The ACL should allow the Development Server to only connect to the PC's HTTP server on the default port. Given the IP addresses below, which of the following ACLs would accomplish this goal? Development Server: 192.168.1.100 PC. 192.168.3.3 A. Source. 192.168.1.100; Source Port: Any; Destination: 192.168.3.3; Destination Port:80; Action: Permit B. Source. 192.168.1.100; Source Port:80; Destination: 192.168.3.3; Destination Port:80; Action: Permit C. Source. 192.168.3.3; Source Port:80; Destination: 192.168.1.100; Destination Port: Any; Action: Permit D. Source. 192.168.3.3; Source Port:80; Destination: 192.168.1.100; Destination Port:80; Action: Permit E. Source. 192.168.1.100; Source Port: Any; Destination: 192.168.3.3; Destination Port: Any; Action: Permit

Answer: A

Many of the corporate users work from a coffee shop during their lunch breaks. The coffee shop only has an open wireless network. Which of the following should the administrator recommend to users to secure their wireless communications at the coffee shop? A. Enable the host-based firewall on each of the laptops B. Use a VPN after connecting to the coffee shop wireless C. Edit the SSID connection information and change 'open' to 'shared' D. Connect to the open SSID then switch on WPA2 encryption

Answer: B

``` Malicious users have used multiple workstations to target a single server with the intent of preventing legitimate users from accessing the server. This server suffered which of the following types of attack? A. DDoS B. Trojan C. Cross-site scripting D. Man in the middle E. Replay attack ```

Answer: A

``` A security appliance is blocking a DDoS attack on the network. Which of the following logs would be used to troubleshoot the traffic patterns trying to go across the network? A. IPS logs B. Application logs C. IDS logs D. History logs ```

Answer: A

``` A network administrator wants to add the firewall rule to allow SSH traffic to the FTP server with the assigned IP 192.168.0.15 from the Internet. Which of the following is the correct firewall rule? A. Allow ANY to 192.168.0.15 port 21 B. Allow ANY to 192.168.0.15 port 22 C. Allow ANY to 192.168.0.15 port 80 D. Allow ANY to ANY port ANY ```

Answer: B

``` Which of the following should be mitigated by employing proper coding techniques when developing software? A. Distributed denial of service attacks B. Buffer overflows C. War driving D. Packet sniffing ```

Answer: B

``` A company is experiencing a denial of service attack and wants to identify the source IP address of the attacker in real time. Which method is the BEST way to accomplish this? A. Network sniffer B. Syslog C. SNMPv3 D. System logs ```

Answer: A

``` A company needs to implement a secure wireless system that would require employees to authenticate to the wireless network with their domain username and password. Which of the following would a network administrator deploy to implement these requirements? (Select TWO). A. 802.1q B. MAC address filtering C. WPA2 Personal D. WPA Enterprise E. 802.1x ```

Answer: D,E

``` A network technician is doing a wireless audit and finds an SSID that does not match the company’s SSID. The company uses the SSID of ABC123, and the SSID the technician found is Default. Which of the following threats did the network technician find? A. AP isolation B. DDoS C. Evil twin D. Rogue AP ```

Answer: D

``` An administrator would like to search for network vulnerabilities on servers, routers, and embedded appliances. Which of the following tools would MOST likely accomplish this? A. Baseline analyzer B. Ping C. Protocol analyzer D. Nessus ```

Answer: D

``` A technician needs to install a new wireless encryption system. They are evaluating the feasibility of implementing WPA. WPA increases protection over WEP by implementing which of the following? A. Strong RC4 encryption B. Shared secret keys C. AES encryption D. Key rotation ```

Answer: D

``` A network administrator wants to perform a test to see if any systems are passing clear text through the network. Which of the following would be used? A. Social engineering B. Packet sniffing C. Rogue access point D. Man-in-the-middle ```

Answer: B

``` A firewall that detects and prevents attacks from outside the network based on learned data patterns can BEST be described as which of the following? A. Signature based IDS B. Behavior based IPS C. Host based IPS D. Network based IDS ```

Answer: B

``` A technician is troubleshooting a network issue and needs to view network traffic on a switch in real-time. Which of the following would allow the technician to view network traffic on a switch? A. ISAKMP B. Port forwarding C. Port security D. Port mirroring ```

Answer: D

``` A technician needs to make a web server with a private IP address reachable from the Internet. Which of the following should the technician implement on the company firewall? A. DOCSIS B. NAT C. CIDR D. VPN ```

Answer: B

``` A user is unable to connect to a remote computer using RDP. The technician checks the firewall rules and notes that there is no rule that blocks RDP. Which of the following features of the firewall is responsible for blocking RDP? A. Stateful inspection B. NAT/PAT C. Port security D. Implicit deny ```

Answer: D

``` A company wants to have a security zone to isolate traffic within the firewall. Which of the following could be used? A. VPN B. ACL C. DMZ D. VLAN ```

Answer: C

``` An organization only has a single public IP address and needs to host a website for its customers. Which of the following services is required on the network firewall to ensure connectivity? A. Forwarding proxy B. Port address translation C. DMZ port security D. Application inspection ```

Answer: B

``` A user reports sporadic network outages. The user tells the administrator it happens after approximately 20 minutes of work on an application. The administrator should begin troubleshooting by checking which of the following? A. The IDS server logs B. The DNS resolution time C. The firewall’s blocked logs D. The patch cable ```

Answer: D

``` If a wireless key gets compromised, which of the following would MOST likely prevent an unauthorized device from getting onto the network? A. Device placement B. Wireless standard C. Encryption type D. MAC filtering ```

Answer: D

``` Which of the following would a network administrator MOST likely use to actively discover unsecure services running on a company’s network? A. IDS B. Nessus C. NMAP D. Firewall ```

Answer: B

``` A company has a total of two public IP addresses and must allow 150 devices to connect to the Internet at the same time. Which of the following is the BEST option for connectivity? A. VLSM B. NAT C. CIDR D. PAT ```

Answer: D

A network technician has recently discovered rogue devices on their network and wishes to implement a security feature that will prevent this from occurring. Which of the following will prevent unauthorized devices from connecting to a network switch? A. Implement 802.11i on all switches in the network. B. Implement port security on all computers in the company. C. Implement port security on all switches in the network. D. Implement rules on the firewall to block unknown devices.

Answer: C

``` Which of the following security appliances would be used to only analyze traffic and send alerts when predefined patterns of unauthorized traffic are detected on the network? A. Host based IPS B. Network based firewall C. Signature based IDS D. Behavior based IPS ```

Answer: C

``` An administrator would like to provide outside access to the company web server and separate the traffic from the local network. Which of the following would the administrator use to accomplish this? A. Network Address Translation B. Stateful Inspection C. Port Address Translation D. Demilitarized Zone ```

Answer: D

``` An administrator needs to provide remote connectivity to server1, web traffic to server2, and FTP access to server3 using a single outside IP address. Which of the following would the administrator implement on the firewall to accomplish this? A. Port Address Translation B. Demilitarized Zone C. Stateful Packet Inspection D. Network Address Translation ```

Answer: A

``` An administrator would like to scan for open ports on the subnet and determine if any vulnerable applications are listening. Which of the following tools would the administrator MOST likely use? A. Ping B. Nessus C. IMAP D. Telnet ```

Answer: B

``` An attack used to find unencrypted information in network traffic is called: A. WEP cracking B. packet sniffing C. ping sweep D. social engineering ```

Answer: B

``` An administrator would like to block all HTTP traffic and allow all HTTPS traffic on the firewall. Using the default port numbers, which of the following should the administrator configure? (Select TWO). A. Allow port 443 B. Deny port 53 C. Deny port 20 D. Deny port 80 E. Allow port 23 ```

Answer: A,D

``` Which of the following protocols would be MOST likely found to be running on a device in a SOHO environment? A. BGP B. SONET C. IPSec D. OSPF ```

Answer: C

``` Which of the following tools will scan a network for hosts and provide information on the installed operating system? A. DOCSIS B. NMAP C. IMAP D. BERT ```

Answer: B

A network technician is configuring a new firewall for placement into an existing network infrastructure. The existing network is connected to the Internet by a broadband connection. Which of the following represents the BEST location for the new firewall? A. The firewall should be placed between the Internet connection and the local network. B. The firewall should be placed inside the local network. C. The firewall should be placed between the broadband connection and the Internet. D. The firewall should be placed in the Internet cloud.

Answer: A

``` A company would like their technicians to be able to connect to employee desktops remotely via RDP. Which of the following default port numbers need to be opened on the firewall to support this? A. 143 B. 443 C. 3389 D. 8080 ```

Answer: C