Topic 5: Network Security

Question 1

The security administrator needs to restrict specific devices from connecting to certain WAPs. Which of the following security measures would BEST fulfill this need?
A. WAP placement
B. MAC address filtering
C. Content filtering
D. Encryption type and strength

Answer 1

Answer: B
Explanation: MAC Filtering (or EUI filtering, or layer 2 address filtering) is a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network

Question 2

Which of the following performs authentication and provides a secure connection by using 3DES to encrypt all information between two systems?
A. HTTPS
B. SSH
C. RSA
D. SSL

Answer 2

Answer: B
Explanation: DES encryption algorithm encrypts data three times. Three 64-bit keys are used, instead of one, for an overall key length of 192 bits (the first encryption is encrypted with second key, and the resulting cipher text is again encrypted with a third key).

Question 3

Several users are reporting connectivity issues with their laptops. Upon further investigation, the network technician identifies that their laptops have been attacked from a specific IP address outside of the network. Which of the following would need to be configured to prevent any further attacks from that IP address?
A. Port security
B. IDS
C. Firewall rules
D. Switch VLAN assignments

Answer 3

Answer: C
Explanation: Firewall rules block or allow specific traffic passing through from one side of the router to the other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine what outside resources local users can have access to.

Question 4

The company is setting up a new website that will be requiring a lot of interaction with external users. The website needs to be accessible both externally and internally but without allowing access to internal resources. Which of the following would MOST likely be configured on the
firewall?
A. PAT
B. DHCP
C. DMZ
D. NAT

Answer 4

Answer: C
Explanation: DMZ is a physical or logical subnetwork that contains and exposes an
organization’s external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.

Question 5

Which of the following attacks would allow an intruder to do port mapping on a company’s internal server from a separate company server on the Internet?
A. SYN flood
B. Teardrop
C. Smurf
D. FTP bounce

Answer 5

Answer: D
Explanation: FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request.

Question 6

Which of the following would be used to check whether a DoS attack is taking place from a specific remote subnet?
A. Syslog files
B. Honeypot
C. Network sniffer
D. tracert

Answer 6

Answer: C
Explanation: A network sniffers monitors data flowing over computer network links. It can be a self-contained software program or a hardware device with the appropriate software or firmware programming.

Question 7

An unusual amount of activity is coming into one of the switches in an IDF. A malware attack is suspected. Which of the following tools would appropriately diagnose the problem?
A. Cable tester
B. Protocol analyzer
C. Load balancer
D. OTDR

Answer 7

Answer: B
Explanation: A packet analyzer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network.As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet’s raw data, showing the values of various fields in the packet, and analyzes its content.

Question 8

Which of the following can a network technician change to help limit war driving?
A. Signal strength
B. SSID
C. Frequency
D. Channel

Answer 8

Answer: A
Explanation: War driving is a term used to describe the process of a hacker who, armed with a laptop and a wireless adapter card and traveling via a car, bus, subway train, or other form of mechanized transport, goes around sniffing for WLANs. Over time, the hacker builds up a database comprising the network name, signal strength, location, and ip/namespace in use..

Question 9

Which of the following ports would have to be allowed through a firewall for POP3 traffic to pass on its default port?
A. 110
B. 123
C. 143
D. 443

Answer 9

Answer: A
Explanation:
Post Office Protocol (POP) is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection. POP3 server listens on well-known port 110.

Question 10

Which of the following monitoring devices are used only to recognize suspicious traffic from specific software?
A. Signature based IPS
B. Application based IDS
C. Anomaly based IDS
D. Application based IPS

Answer 10

Answer: B
Explanation:
An APIDS monitors the dynamic behavior and state of the protocol and will typically consist of a system or agent that would typically sit between a process, or group of servers, monitoring and analyzing the application protocol between two connected devices.

Question 11

Which of the following security appliances are used to only identify traffic on individual systems? A. Host based IPS
B. Application based IPS
C. Network based IDS
D. Host based IDS

Answer 11

Answer: D
Explanation:
A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyzes the internals of a computing system as well as the network packets on its network interfaces.

Question 12

Which of the following uses SSL encryption?
A. SMTP
B. FTP
C. HTTPS
D. SNMP

Answer 12

Answer: C
Explanation:
HTTPS is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.

Question 13

Management has decided that they want a high level of security. They do not want Internet requests coming directly from users. Which of the following is the BEST recommendation?
A. Content filter
B. Proxy server
C. Layer 3 switch
D. Firewall

Answer 13

Answer: B

Question 14

A company wants to secure its WAPs from unauthorized access. Which of the following is the MOST secure wireless encryption method?
A. SSID disable
B. SNMPv3
C. WEP
D. WPA2

Answer 14

Answer: D
Explanation:
WPA2 improves security of Wi-Fi connections by not allowing use of an algorithm called TKIP (Temporal Key Integrity Protocol) that has known security holes (limitations) in the original WPA implementation.

Question 15

A customer wants to increase firewall security. Which of the following are common reasons for implementing port security on the firewall? (Select TWO).
A. Preventing dictionary attacks on user passwords
B. Reducing spam from outside email sources
C. Shielding servers from attacks on internal services
D. Blocking external probes for vulnerabilities
E. Directing DNS queries to the primary server

Answer 15

Answer: C,D
Explanation:
Port security is required because if we keep the ports unsecure then hackers can do port scanning and can compromise the internal secured network so we will have to shield servers to avoid attacks from outside and we need to block incoming scanning request coming from outside.

Question 16

The security measure used to reduce vulnerabilities for MOST network devices that require regular application and monitoring is:
A. patch management
B. security limitations
C. documentation
D. social engineering

Answer 16

Answer: A
Explanation:
A patch is a piece of software designed to fix security vulnerabilities and other bugs, and improving the usability or performance.

Question 17

Which of the following appliances creates and manages a large number of secure remote-access sessions, and also provides a high availability solution? 
A. Media converter
B. Proxy server
C. VPN concentrator
D. Load balancer

Answer 17

Answer: C
Explanation:
The VPN Concentrator is used for Remote Access VPN’s that allows users to use an encrypted tunnel to securely access a corporate or other network via the Internet.

Question 18

Which of the following network access security methods ensures communication occurs over a secured, encrypted channel, even if the data uses the Internet?
A. MAC filtering
B. RAS
C. SSL VPN
D. L2TP

Answer 18

Answer: C
Explanation: SSL VPN consists of one or more VPN devices to which the user connects by using his Web browser. The traffic between the Web browser and the SSL VPN device is encrypted with the SSL protocol or its successor, the Transport Layer Security (TLS) protocol.

Question 19

A network administrator is responding to a statement of direction made by senior management to implement network protection that will inspect packets as they enter the network. Which of the following technologies would be used?
A. Packet sniffer
B. Stateless firewall
C. Packet filter
D. Stateful firewall

Answer 19

Answer: D
Explanation: Stateful firewall keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.

Question 20

A network administrator is looking to implement a solution allowing users to utilize a common password to access most network resources for an organization. Which of the following would BEST provide this functionality?
A. RADIUS
B. Single sign on
C. Multifactor authentication
D. Two-factor authentication

Answer 20

Answer: B
Explanation: Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.

Question 21

A strong network firewall would likely support which of the following security features for controlling access? (Select TWO).
A. War driving
B. War chalking
C. MAC filtering
D. FTP bouncing
E. Port filtering

Answer 21

Answer: C,E
Explanation:
MAC filtering set the security level at layer 2 and port filtering will set the security level on layer 4 so by filtering the traffic on both layers our network will get secure.

Question 22

A small office has created an annex in an adjacent office space just 20 feet (6 meters) away. A network administrator is assigned to provide connectivity between the existing office and the new office. Which of the following solutions provides the MOST security from third party tampering?
A. CAT5e connection between offices via the patch panel located in building’s communication closet.
B. CAT5e cable run through ceiling in the public space between offices.
C. VPN between routers located in each office space.
D. A WEP encrypted wireless bridge with directional antennae between offices.

Answer 22

Answer: C
Explanation:
A VPN connection across the Internet is similar to a wide area network (WAN) link between the sites. From a user perspective, the extended network resources are accessed in the same way as resources available from the private network.

Question 23

Users at a remote site are unable to establish a VPN to the main office. At which of the following layers of the OSI model does the problem MOST likely reside?
A. Presentation
B. Application
C. Physical
D. Session

Answer 23

Answer: D

Question 24

A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied?
A. TCP
B. SMTP
C. ICMP
D. ARP

Answer 24

Answer: C
Explanation: The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. It is assigned protocol number 1.

Question 25

A network technician has configured a new firewall with a rule to deny UDP traffic. Users have reported that they are unable to access Internet websites. The technician verifies this using the IP address of a popular website. Which of the following is the MOST likely cause of the error?
A. Implicit deny
B. HTTP transports over UDP
C. Website is down
D. DNS server failure

Answer 25

Answer: A
Explanation:
In a network firewall ruleset if a certain type of traffic isn’t identified it will be denied or stopped by Implicit Deny.

Question 26

Which of the following describes a single computer that is setup specifically to lure hackers into revealing their methods, and preventing real attacks on the production network?
A. Evil twin
B. Honeypot
C. DMZ
D. Honeynet

Answer 26

Answer: B
Explanation:
In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Question 27

Which of the following network appliances will only detect and not prevent malicious network activity?
A. IDS
B. Network sniffer
C. IPS
D. Firewall

Answer 27

Answer: A
Explanation:
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.

Question 28

A network administrator is implementing a wireless honeypot to detect wireless breach attempts. The honeypot must implement weak encryption to lure malicious users into easily breaking into the network. Which of the following should the network administrator implement on the WAP?
A. WPA
B. WPA2
C. WEP
D. VPN

Answer 28

Answer: C
Explanation:
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks.
Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network.WEP, recognizable by the key of 10 or 26 hexadecimal digits, is widely in use and is often the first security choice presented to users by router configuration tools

Question 29

Joe, a technician, suspects a virus has infected the network and is using up bandwidth. He needs to quickly determine which workstation is infected with the virus. Which of the following would BEST help Joe?
A. Web server
B. Syslog
C. Network sniffer
D. SNMP

Answer 29

Answer: C
Explanation:
Network sniffer is a tool to analyze packets that are being exchanged between the hosts and using this Joe can understand whether there was traffic encountered to server or not which was infected

Question 30

Users are reporting that external web pages load slowly. The network administrator determines that the Internet connection is saturated. Which of the following is BEST used to decrease the impact of web surfing?
A. Caching
B. Load balancing
C. Port filtering
D. Traffic analyzer

Answer 30

Answer: A
Explanation:
In computer science, a cache is a component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere. If requested data is contained in the cache (cache hit), this request can be served by simply reading the cache, which is comparatively faster.

Question 31

Which of the following would be the BEST solution for an IDS to monitor known attacks?
A. Host-based
B. Signature-based
C. Network-based
D. Behavior-based

Answer 31

Answer: B
Explanation:
Signature detection involves searching network traffic for a series of bytes or packet sequences known to be malicious. A key advantage of this detection method is that signatures are easy to develop and understand if you know what network behavior you’re trying to identify.

Question 32

Which of the following is a specialized piece of hardware designed to encrypt and decrypt user traffic?
A. Proxy server
B. TDR
C. Smart jack
D. VPN concentrator

Answer 32

Answer: D
Explanation: The VPN Concentrator is used for Remote Access VPN’s. In typical use, a Remote Access VPN allows users to use an encrypted tunnel to securely access a corporate or other network via the Internet.

Question 33

Which of the following wireless security measures, although widely implemented, does not provide strong security?
A. IPSec
B. WPA2
C. MAC address filtering
D. 802.1x

Answer 33

Answer: C
Explanation:
By MAC address filtering you can only filter layer 2 traffic but in security system layer 4 and layer 4 security is also essential.

Question 34

Which of the following does Kerberos provide?
A. Non-repudiation
B. Accounting
C. Exchange
D. Authentication

Answer 34

Answer: D
Explanation:
Kerberos is a trusted third-party authentication service based on the model presented by Needham and Schroeder. It is trusted in the sense that each of its clients believes Kerberos’ judgment as to the identity of each of its other clients to be accurate.

Question 35

Which of the following does Kerberos use to authenticate?
A. Tickets
B. Servers
C. Users
D. Clients

Answer 35

Answer: A
Explanation:
Kerberos keeps a database of its clients and their private keys. The private key is a large number known only to Kerberos and the client it belongs to. In the case that the client is a user, it is an encrypted password. Network services requiring authentication register with Kerberos, as do clients wishing to use those services. The private keys are negotiated at registration.

Question 36

Which of the following security methods is used to attract users attempting to gain unauthorized access to various systems within a single network?
A. Network based IDS
B. Firewall
C. Network based IPS
D. Honeynet

Answer 36

Answer: D
Explanation:
A network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.

Question 37

An administrator needs to open ports in the firewall to support both major FTP transfer modes. Which of the following default ports was MOST likely opened? (Select TWO)
A. 20
B. 21
C. 22
D. 23
E. 25
F. 53

Answer 37

Answer: A,B
Explanation:
FTP use both port 21 and 20 (port 21 for the command port and port 20 for the data).

Question 38

The network administrator has been tasked to create a network segment where resources can be placed for public web access. Which of the following should be implemented?
A. DMZ
B. Honeynet
C. PAT
D. Port security

Answer 38

Answer: A
Explanation:
In computer security, a DMZ is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to a larger and untrusted network, usually the Internet.

Question 39

A network administrator has been tasked to deploy a new WAP in the lobby where there is no power outlet. Which of the following options would allow the network administrator to ensure the WAP is deployed correctly?
A. QoS
B. Install 802.11n WAP
C. PoE
D. Parabolic antenna

Answer 39

Answer: C
Explanation:
Power over Ethernet or PoE describes any of several standardized or ad-hoc systems which pass electrical power along with data on Ethernet cabling. This allows a single cable to provide both data connection and electrical power to devices such as wireless access points or IP cameras.

Question 40

Honeypots and honeynets are different in which of the following ways?
A. Honeynets are managed collections of honeypots.
B. Honeypots only test software security, not hardware.
C. Honeynets require specialized hardware to implement.
D. Honeypots are usually servers and honeynets are routers and switches.

Answer 40

Answer: A
Explanation:
A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker’s activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and “trap” people who attempt to penetrate other people’s computer systems.

Question 41

A corporate office recently had a security audit and the IT manager has decided to implement very strict security standards. The following requirements are now in place for each employee logging into the network:

Biometric fingerprint scan
Complex 12 character password
5 digit pin code authorization
Randomized security question prompt upon login

Which of the following security setups does this company employ?
A. Single factor authentication
B. Three factor authentication
C. Two factor authentication
D. Single sign-on

Answer 41

Answer: C
Explanation: According to proponents, two-factor authentication could drastically reduce the incidence of online identity theft, phishing expeditions, and other online fraud, because the victim’s password would no longer be enough to give a thief access to their information.

Question 42

Which of the following will BEST block a host from accessing the LAN on a network using static IP addresses?
A. IP filtering
B. Port filtering
C. MAC address filtering
D. DHCP lease

Answer 42

Answer: A
Explanation:
IPFilter (commonly referred to as IPF) is an open source software package that provides firewall services and network address translation (NAT) for many UNIX-like operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall.

Question 43

Which of the following remote access types requires a certificate for connectivity?
A. SSH
B. PPP
C. HTTPS
D. WEP

Answer 43

Answer: A
Explanation:
Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively)

Question 44

A technician is troubleshooting authentication issues on a server. It turns out the clock on the server was 72 minutes behind. Setting the clock to the correct time fixed the issue. Given the scenario, which of the following authentication methods was being used?
A. Kerberos
B. CHAP
C. TACACS+
D. RADIUS

Answer 44

Answer: A
Explanation: Kerberos is a distributed authentication service that allows a process (a client) running on behalf of a principal (a user) to prove its identity to a verifier (an application server, or just server) without sending data across the network that might allow an attacker or the verifier to subsequently impersonate the principal. Kerberos optionally provides integrity and confidentiality for data sent between the client and server.

Question 45

Which of the following wireless standards uses a block encryption cipher rather than a stream cipher?
A. WPA2-CCMP
B. WPA
C. WEP
D. WPA2-TKIP

Answer 45

Answer: A
Explanation:
Counter Cipher Mode with Block Chaining Message Authentication Code Protocol or CCMP (CCM mode Protocol) is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. It was created to address the vulnerabilities presented by WEP, a dated, insecure protocol.

Question 46

A network administrator is performing a penetration test on the WPA2 wireless network. Which of the following can be used to find the key?
A. DoS
B. Buffer overflow
C. Dictionary file
D. SQL injection

Answer 46

Answer: C
Explanation:
A file used by the debugger. It contains information about a program’s structure and contents. The Compiler creates the dictionary file in the first phase of compilation, when checking the syntax. A dictionary file has the filename extension .idy, and is often referred to an .idy file.

Question 47

Which of the following can be used to compromise a WPA encrypted wireless network when the rainbow table does not contain the key?
A. Evil twin
B. War chalking
C. Buffer overflow
D. Virus

Answer 47

Answer: A
Explanation:
An evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.This type of evil twin attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.

Question 48

A system administrator is implementing an IDS on the database server to see who is trying to access the server. The administrator relies on the software provider for what to detect. Which of the following would MOST likely be installed?
A. Behavior based IDS
B. Network based IDS
C. Signature based IDS
D. Honeypot

Answer 48

Answer: C
Explanation:
Signature detection involves searching network traffic for a series of bytes or packet sequences known to be malicious. A key advantage of this detection method is that signatures are easy to develop and understand if you know what network behavior you’re trying to identify.

Question 49

A vendor releases an emergency patch that fixes an exploit on their network devices. The network administrator needs to quickly identify the scope of the impact to the network. Which of the following should have been implemented?
A. Change management
B. Asset management
C. Network sniffer
D. System logs

Answer 49

Answer: B
Explanation:
Asset management is defined as the business practice of managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of hardware and software applications within an organization.

Question 50

Which of the following can be described as a DoS attack?
A. Disabling a specific system and making it unavailable to users
B. Implementing a keylogger
C. Intercepting a packet and decrypting the contents
D. Communicating with employees to get company information

Answer 50

Answer: A
Explanation:
A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.

Question 51

A user is connecting to the Internet at an airport through an ad-hoc connection. Which of the following is the MOST likely security threat?
A. Man-in-the-middle
B. Social engineering
C. Phishing
D. DoS

Answer 51

Answer: A
Explanation:
A man in the middle attack is one in which the attacker intercepts messages in a public key exchange and then retransmits them, substituting his own public key for the requested one, so that the two original parties still appear to be communicating with each other.

Question 52

An application server is placed on the network and the intended application is not working correctly. Which of the following could be used to make sure sessions are being opened properly?
A. Antivirus scanner
B. IDS
C. Packet sniffer
D. Toner probe

Answer 52

Answer: C
Explanation:
Explanation: Packet Sniffer is a tool that can help you locate network problems by allowing you to capture and view the packet level data on your network.So we can capture the session and find the cause of failure.

Question 53

Which of the following is the MOST secure way to prevent malicious changes to a firewall? A. SNMPv2 access only
B. TELNET access only
C. SSH access only
D. Console access only

Answer 53

Answer: D
Explanation: Console access requires physical access to the device, so this is the most secure method

Question 54

Which of the following allows a malicious attacker to view network traffic if the attacker is on the same network segment as Joe, an administrator?
A. DoS attack
B. Man-in-the-middle attack
C. Smurf attack
D. Xmas attack

Answer 54

Answer: B
Explanation: An attack where a user gets between the sender and receiver of information and sniffs any information being sent. In some cases, users may be sending unencrypted data, which means the man-in-the-middle (MITM) can obtain any unencrypted information. In other cases, a user may be able to obtain information from the attack, but have to unencrypt the information before it can be read.

Question 55

An administrator determines there are an excessive number of packets being sent to a web server repeatedly by a small number of external IP addresses. This is an example of which of the following attacks?
A. DDoS
B. Viruses
C. Worms
D. Man-in-the-middle

Answer 55

Answer: A
Explanation: DDoS attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols

Question 56

Which of the following features will a firewall MOST likely use to detect and prevent malicious traffic on the network?
A. Zone filtering
B. Signature identification
C. Port identification
D. Port scanner

Answer 56

Answer: B
Explanation:
Signature-based detection really is more along the lines of intrusion detection than firewalls. However, many personal firewalls and some corporate firewalls contain this functionality. Essentially, the system can be configured to look for specific patterns, known to be malicious, and block the traffic

Question 57

Stateful packet inspection is a security technology used by which of the following devices?
A. Unmanaged switch
B. Hardware firewall
C. Bridge
D. IDS

Answer 57

Answer: B
Explanation:
With Stateful Packet Inspection (SPI), every time a packet is sent out of the computer, the firewall keeps track of it. When a packet comes back to the firewall, the firewall can tell whether or not the in-bound packet is a reply to the packet that was sent out.This way, the firewall can handle most network traffic safely without a complex configuration of firewall rules.

Question 58

An administrator would like to inspect all traffic flowing over the SMTP protocol on a given network. Which of the following tools would accomplish this? (Select TWO).
A. Packet sniffer
B. Honeypot
C. Port mirroring
D. IPS
E. Port scanner
F. IDS

Answer 58

Answer: A,C
Explanation: (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. And we use packet sniffer to detect the types of packet.

Question 59

PKI is a method of user authentication which uses which of the following?
A. Various router commands
B. Access control lists
C. Certificate services
D. A RADIUS server

Answer 59

Answer: C
Explanation:
A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.

Question 60

Which of the following a network technician would use to reverse engineer malware and virus?
A. IDS
B. VLAN
C. Virtual Machine
D. Switch

Answer 60

Answer: C
Explanation: Virtual Machine — even if the VM gets infected, host machine will run as normal.

Question 61

Which of the following authentication solutions use tickets that include valid credentials to access additional network resources?
A. Kerberos
B. RADIUS
C. Multi-factor authentication
D. TACACS+

Answer 61

Answer: A

Question 62

Which of the following protocols is used to provide secure authentication and encryption over nonsecure networks?
A. RADIUS
B. TLS
C. PPTP
D. HTTP

Answer 62

Answer: B

Question 63

Which of the following would be used in a firewall to block incoming TCP packets that are not from established connections?
A. Access control lists
B. Port address translation
C. Blocking unauthorized ports
D. Stateful inspection

Answer 63

Answer: D

Question 64

Which of the following would be used to place extranet servers in a separate subnet for security purposes?
A. VPN
B. NAT
C. DMZ
D. IDS

Answer 64

Answer: C

Question 65

Which of the following would a network administrator use to scan a network for vulnerabilities?
A. ICMP
B. NMAP
C. ACL
D. TCPDUMP

Answer 65

Answer: B

Question 66

Which of the following attack types is being used if the originating IP address has been spoofed?
A. Ping flood
B. Trojan
C. Smurf
D. Worm

Answer 66

Answer: C

Question 67

Which of the following preventative measures would BEST secure a web server from being port scanned by attackers publicly?
A. Content filter
B. Proxy server
C. ACL implicit allow
D. Firewall

Answer 67

Answer: D

Question 68

Which of the following provides RSA encryption at the session layer?
A. SSH
B. ISAKMP
C. SSL
D. TLS

Answer 68

Answer: C

Question 69

Which of the following wireless router security measures provides access to a network by allowing only devices on an approved physical address list?
A. Port filtering
B. MAC filtering
C. SSID masking
D. Port forwarding

Answer 69

Answer: B

Question 70

Which of the following BEST describes a firewall that can be installed via Add/Remove programs on a Windows computer?
A. Managed
B. Software
C. Hardware
D. Wireless

Answer 70

Answer: B

Question 71

An administrator determines that an attack is taking place on the email server from a group of users on the same ISP. Which of the following is the BEST way to mitigate an attack on the network?
A. Packet filtering
B. Spam filtering
C. MAC filtering
D. CSU

Answer 71

Answer: A

Question 72

Users trying to access a website using HTTPS are being blocked by the firewall. Which of the following ports needs to be allowed?
A. 80
B. 143
C. 443
D. 3389

Answer 72

Answer: C

Question 73

Which of the following tools could attempt to detect operating system vulnerabilities?
A. nslookup
B. honeynet
C. netstat
D. nessus

Answer 73

Answer: D

Question 74

A network technician has a RADIUS server IP address that must be included as part of the security settings for a WAP. Which of the following encryption types should the technician select?
A. WPA enterprise
B. TKIP
C. WPA2 CCMP
D. WEP 128-bit

Answer 74

Answer: A

Question 75

A technician has configured a router to authenticate VPN users to an LDAP server on the network. In order to allow the authentication service, both UDP and TCP ports needed to be allowed on the router. Which of the following services was MOST likely used?
A. Kerberos
B. TACACS+
C. RADIUS
D. 802.1x

Answer 75

Answer: C

Question 76

An administrator configuring remote access opens ports 500/UDP and 10000/UDP on the firewall. Which of the following services are MOST likely being allowed? (Select TWO).
A. SSL
B. IPSec
C. Kerberos
D. RDP
E. L2TP
F. PPTP

Answer 76

Answer: B,E

Question 77

An administrator wants to restrict traffic to FTP sites regardless of which PC the request comes from. Which of the following would BEST accomplish this?
A. An IP filtering ACL
B. A MAC filtering ACL
C. A port filtering ACL
D. A class matching ACL

Answer 77

Answer: C

Question 78

Which of the following provides the STRONGEST security for a tunneled connection over the Internet?
A. RDP
B. SMTP
C. RAS
D. IPSec

Answer 78

Answer: D

Question 79

A network administrator has decided to tighten company security after a recent data breach. The new scheme calls for a strong 10 character password, a special 4 digit pin code, and a one-time use dynamic token that is accessed via a smartphone application. Which of the following is being implemented?
A. Two-factor authentication
B. Biometric security
C. Multi-factor authentication
D. Single factor authentication

Answer 79

Answer: A

Question 80

A technician needs to enter a username and password and have their fingerprint scanned to access a server. Which of following types of authentication is this an example of?
A. Single sign-on
B. Network access control
C. PKI authentication
D. Two-factor authentication

Answer 80

Answer: D

Question 81

A technician enters a username and password once and can access multiple databases without being prompted to reenter their password. This is an example of which of the following?
A. Two-factor authentication
B. Network access control
C. Multifactor authentication
D. Single sign-on

Answer 81

Answer: D

Question 82

Which of the following protocols would the network administrator use to protect login credentials when accessing a router terminal session?
A. SCP
B. SNMPv3
C. SSL
D. SSH

Answer 82

Answer: D

Question 83

A user at a hotel sees two SSIDs; both are called "HotelWireless". After the PC connects to one of the APs, the user notices their browser homepage has been changed. Which of the following BEST describes this AP?
A. Man-in-the-middle
B. DDoS
C. Evil twin
D. War driving

Answer 83

Answer: C

Question 84

Which of the following assists a network administrator in reverse engineering malware and viruses?
A. Virtual switches
B. Virtual machines
C. VLANs
D. IDS

Answer 84

Answer: B

Question 85

A network administrator decides to secure their small network by allowing only specific MAC addresses to gain access to the network from specific switches. Which of the following is described by this example?
A. Packet filtering
B. Hardware firewalls
C. Port security
D. Stateful inspection

Answer 85

Answer: C

Question 86

Which of the following can use a third party back-end LDAP user database for authentication?
A. ISAKMP
B. TACACS+
C. PKI
D. CHAP

Answer 86

Answer: B

Question 87

A network administrator is implementing an IPS on VLAN 1 and wants the IPS to learn what to prevent on its own. Which of the following would MOST likely be installed?
A. Honeynet
B. Signature based IPS
C. Behavior based IPS
D. Host based IPS

Answer 87

Answer: C

Question 88

Which of the following firewall rules will block destination telnet traffic to any host with the source IP address 1.1.1.2/24?
A. Deny any source host on source port 23 to destination any
B. Deny any source network 1.1.1.0/24 to destination any on port 23
C. Deny source host 1.1.12 on source port 23 to destination any
D. Deny any source network 1.1.1.0/24 with source port 23 to destination any

Answer 88

Answer: B

Question 89

Which of the following configurations of a wireless network would be considered MOST secure?
A. WEP using MAC Filtering
B. WEP and hiding the SSID
C. WPA2
D. WPA TKIP and hiding the SSID

Answer 89

Answer: C

Question 90

Which of the following is used to determine whether or not a user’s account is authorized to access a server remotely?
A. VPN
B. RDP
C. LDAP
D. Encryption

Answer 90

Answer: C

Question 91

Which of the following are authentication methods that can use AAA authentication? (Select TWO).
A. Kerberos
B. PKI
C. TKIP/AES
D. MS-CHAP
E. RADIUS
F. TACACS+

Answer 91

Answer: E,F

Question 92

Which of the following are considered AAA authentication methods? (Select TWO).
A. Kerberos
B. Radius
C. MS-CHAP
D. TACACS+
E. 802.1X

Answer 92

Answer: B,D

Question 93

Which of the following protocols provides a secure connection between two networks?
A. L2TP
B. IPSec
C. PPP
D. PPTP

Answer 93

Answer: B

Question 94

When installing new WAPs in a small office, which of the following is the BEST way to physically mitigate the threats from war driving?
A. Implement multiple wireless encryption techniques.
B. Implement PoE on each WAP.
C. Decrease signal strength.
D. Increase signal strength.

Answer 94

Answer: C

Question 95

A company wants to simplify network authentication for their users. Which of the following would be used to implement wireless security with single sign-on?
A. WPA2 enterprise
B. WEP
C. Stateful firewall
D. PAT

Answer 95

Answer: A

Question 96

The company requires all users to authenticate to the network with a smart card, a pin number, and a fingerprint scan. Which of the following BEST describes the user authentication being used?
A. Multi-factor authentication
B. Two-factor authentication
C. Biometrics
D. Single sign-on

Answer 96

Answer: A

Question 97

Which of the following protocols can be implemented to provide encryption during transmission between email gateways?
A. TLS
B. PPTP
C. SSH
D. HTTPS

Answer 97

Answer: A

Question 98

Which of the following authentication methods is MOST secure?
A. NTLM
B. CHAP
C. MS-CHAP
D. Kerberos

Answer 98

Answer: D

Question 99

A user wants to send information and ensure that it was not modified during transmission. Which of the following should be implemented?
A. MAC filtering
B. Digital signatures
C. MS-CHAP
D. CHAP

Answer 99

Answer: B

Question 100

Which of the following VPN technologies uses IKE and ISAKMP for key exchange?
A. SSL
B. IPSec
C. L2TP
D. PPTP

Answer 100

Answer: B

Question 101

A user reports that they are unable to access a new server but are able to access all other network resources. Based on the following firewall rules and network information, which of the following ACL entries is the cause?
User’s IP: 192.168.5.14
Server IP: 192.168.5.17
Firewall rules:
Permit 192.168.5.16/28   192.168.5.0/28
Permit 192.168.5.0/24   192.168.4.0/24
Permit 192.168.4.0/24   192.168.5.0/24
Deny 192.168.5.0/28   192.168.5.16/28
Deny 192.168.14.0/24   192.168.5.16/28
Deny 192.168.0.0/24   192.168.5.0/24

A. Deny 192.168.0.0/24 192.168.5.0/24
B. Deny 192.168.5.0/28 192.168.5.16/28
C. Deny 192.168.14.0/24 192.168.5.16/28
D. Implicit Deny rule

Answer 101

Answer: B
Explanation:
192.168.5.0 is the broadcast IP. Denying it prevents the user from accessing the server.

Question 102

A home user wishes to secure the wireless network using strong encryption, so they decide to use AES. Which of the following would be used as the encryption method?
A. WEP
B. CCMP
C. TKIP
D. CHAP

Answer 102

Answer: B

Question 103

Which of the following security protocols would BEST protect a connection to a remote email server and ensure full integrity of all transmitted email communication?
A. TLS 1.2
B. SNMPv3
C. WPA2
D. SMTP

Answer 103

Answer: A

Question 104

A network administrator is tasked with blocking unwanted spam which is being relayed by an internal email server. Which of the following is the FIRST step in preventing spam that is originating from bots on the network?
A. Closing off port 25 on the firewall
B. Closing off port 53 on the firewall
C. Turning off the SMTP service on the email server
D. Turning off the IMAP service on the email server

Answer 104

Answer: A

Question 105

A technician is asked to filter inbound and outbound traffic of a specific service on the network. Which of the following would BEST allow the technician to comply with the request?
A. MAC filtering
B. IP filtering
C. Port filtering
D. Content filtering

Answer 105

Answer: C

Question 106

A user enters a password into a logon box on a PC. The server and the PC then compare one way hashes to validate the password. Which of the following methods uses this process?
A. PKI
B. Kerberos
C. Single sign-on
D. CHAP

Answer 106

Answer: D

Question 107

A user receives a phone call at home from someone claiming to be from their company’s IT help desk. The help desk person wants to verify their username and password to ensure that the user’s account has not been compromised. Which of the following attacks has just occurred?
A. Evil twin
B. Phishing
C. Man-in-the-middle
D. Social engineering

Answer 107

Answer: D

Question 108

Which of the following is being described when symbols are displayed on the side of the building and/or walking path, to identify open hot-spots?
A. Social engineering
B. War chalking
C. WPA cracking
D. Packet sniffing

Answer 108

Answer: B

Question 109

A company would like to use the enterprise RADIUS server to authenticate and identify their secure wireless users. Which of the following standards should the company use to facilitate this?
A. Stateful inspection
B. WEP
C. WPA
D. Open with EAP

Answer 109

Answer: C

Question 110

A network manager is interested in a device that watches for threats on a network but does not act on its own, and also does not put a strain on client systems. Which of the following would BEST meet these requirements?
A. HIDS
B. NIDS
C. NIPS
D. HIPS

Answer 110

Answer: B

Question 111

A small company is looking to install a wireless network to enable its relatively old fleet of laptops to have limited internet access internally. The technician on the project knows that the units do not support modern encryption standards. If backwards compatibility is the greatest concern, which of the following is the MOST appropriate wireless security type to choose?
A. WEP
B. WPS
C. WPA
D. WPA2

Answer 111

Answer: A

Question 112

A technician notices that guests have plugged their laptops into a network wall jack located in the conference room. Which of the following could the technician implement in order to ensure that ONLY employees are able to access network resources?
A. Port mirroring
B. VTP configuration
C. MAC address filtering
D. Traffic filtering

Answer 112

Answer: C

Question 113

Which of the following would allow a network administrator to implement a user authentication method that uses X.509 certificates?
A. PKI
B. Kerberos
C. TACACS+
D. RADIUS

Answer 113

Answer: A

Question 114

A network administrator is considering implementation of network access restrictions based upon layer two addressing information. Which of the following describes this method of network restrictions?
A. MAC filtering
B. Port filtering
C. IP filtering
D. ACL filtering

Answer 114

Answer: A

Question 115

Which of the following is the wireless encryption standard associated with WPA2?
A. AES-CCMP
B. EAP
C. WEP
D. 802.1x

Answer 115

Answer: A

Question 116

Which of the following is the default authentication method for a Windows client using PPP over a dialup connection?
A. TACACS+
B. WINS
C. Kerberos
D. MS-CHAP

Answer 116

Answer: D

Question 117

A server administrator, Ann, is deploying a server that she wants to mitigate intrusions from zero day exploits. Which of the following should be deployed?
A. Behavior based IPS
B. Signature based IDS
C. Antivirus software
D. Access Control Lists

Answer 117

Answer: A

Question 118

Which of the following should the last line of an ACL normally contain?
A. Explicit allow
B. Statically routed
C. Random access
D. Implicit deny

Answer 118

Answer: D

Question 119

Joe, a network technician, is implementing a wireless network and needs to support legacy devices. He has selected to use WPA mixed mode. WPA mixed mode is normally implemented with which of the following encryption factors? (Select TWO).
A. SSH
B. 3DES
C. AES
D. SSL
E. TLS
F. TKIP

Answer 119

Answer: C,F

Question 120

Which of the following is a common threat that collects Initialization Vectors to help speed up the algorithm for the attack?
A. WEP cracking
B. WPA cracking
C. War driving
D. Rogue access point

Answer 120

Answer: A

Question 121

A user authenticated to more than one website using their same credentials is an example of:
A. Multifactor authentication
B. User access control
C. Two-factor authentication
D. Single sign-on

Answer 121

Answer: D

Question 122

Ann, a user, connects to her company’s secured wireless network in the conference room when attending meetings. While using the conference room this morning, Ann notices an unsecured wireless network with the same name is available. Ann connects her laptop to this network instead of to the secured one. Ann has fallen victim to which of the following threats?
A. Rogue access point
B. ARP poisoning
C. Replay attack
D. Evil twin

Answer 122

Answer: D

Question 123

Which of the following is an example of asymmetric encryption?
A. PKI
B. SHA1
C. AES
D. 3DES

Answer 123

Answer: A

Question 124

Which of the following describes blocking traffic based upon the Layer 3 sources address of the traffic?
A. Port filtering
B. IP filtering
C. MAC filtering
D. Application filtering

Answer 124

Answer: B

Question 125

The process of restricting internal web traffic to an employee-only website based upon Layer 3 addresses is known as which of the following?
A. MAC filtering
B. Traffic shaping
C. Session filtering
D. IP filtering

Answer 125

Answer: D

Question 126

Encryption provides which of the following to data being transferred across the network?
A. Confidentiality
B. Resistance to Jitter
C. High Availability
D. Data Integrity

Answer 126

Answer: A

Question 127

Which of the following network devices is meant to actively protect against network treats and can disable connections to stop malicious traffic if necessary?
A. DMZ
B. IPS
C. SSL VPN
D. Layer 3 switch

Answer 127

Answer: B

Question 128

Which of the following attacks is spread by attaching themselves to files?
A. Worms
B. Botnet
C. DDoS
D. FTP bounce

Answer 128

Answer: A

Question 129

A company has a remote access VPN and wants to ensure that if a username and password are compromised, the corporate network will remain secure. Which of the following will allow the company to achieve its security goal?
A. Posture assessment
B. Kerberos
C. TACACS+
D. Two-factor authentication

Answer 129

Answer: D

Question 130

A malicious user connects to an open wireless network and is able to copy, reassemble and play back live VoIP data streams from wireless VoIP users. Which of the following attacks has the user performed?
A. Man-in-the-middle
B. Evil Twin
C. Packet Sniffing
D. IV attack

Answer 130

Answer: C

Question 131

A technician is tasked with adding an ACL to the host-based firewall of a PC. The ACL should allow the Development Server to only connect to the PC’s HTTP server on the default port. Given the IP addresses below, which of the following ACLs would accomplish this goal?

Development Server: 192.168.1.100 PC. 192.168.3.3

A. Source. 192.168.1.100; Source Port: Any; Destination: 192.168.3.3; Destination Port:80; Action: Permit

B. Source. 192.168.1.100; Source Port:80; Destination: 192.168.3.3; Destination Port:80; Action: Permit

C. Source. 192.168.3.3; Source Port:80; Destination: 192.168.1.100; Destination Port: Any; Action: Permit

D. Source. 192.168.3.3; Source Port:80; Destination: 192.168.1.100; Destination Port:80; Action: Permit

E. Source. 192.168.1.100; Source Port: Any; Destination: 192.168.3.3; Destination Port: Any; Action: Permit

Answer 131

Answer: A

Question 132

Many of the corporate users work from a coffee shop during their lunch breaks. The coffee shop only has an open wireless network. Which of the following should the administrator recommend to users to secure their wireless communications at the coffee shop?
A. Enable the host-based firewall on each of the laptops
B. Use a VPN after connecting to the coffee shop wireless
C. Edit the SSID connection information and change ‘open’ to ‘shared’
D. Connect to the open SSID then switch on WPA2 encryption

Answer 132

Answer: B

Question 133

Malicious users have used multiple workstations to target a single server with the intent of preventing legitimate users from accessing the server. This server suffered which of the following types of attack?
A. DDoS
B. Trojan
C. Cross-site scripting
D. Man in the middle
E. Replay attack

Answer 133

Answer: A

Question 134

A security appliance is blocking a DDoS attack on the network. Which of the following logs would be used to troubleshoot the traffic patterns trying to go across the network?
A. IPS logs
B. Application logs
C. IDS logs
D. History logs

Answer 134

Answer: A

Question 135

A network administrator wants to add the firewall rule to allow SSH traffic to the FTP server with the assigned IP 192.168.0.15 from the Internet. Which of the following is the correct firewall rule?
A. Allow ANY to 192.168.0.15 port 21
B. Allow ANY to 192.168.0.15 port 22
C. Allow ANY to 192.168.0.15 port 80
D. Allow ANY to ANY port ANY

Answer 135

Answer: B

Question 136

Which of the following should be mitigated by employing proper coding techniques when developing software?
A. Distributed denial of service attacks
B. Buffer overflows
C. War driving
D. Packet sniffing

Answer 136

Answer: B

Question 137

A company is experiencing a denial of service attack and wants to identify the source IP address of the attacker in real time. Which method is the BEST way to accomplish this?
A. Network sniffer
B. Syslog
C. SNMPv3
D. System logs

Answer 137

Answer: A

Question 138

A company needs to implement a secure wireless system that would require employees to authenticate to the wireless network with their domain username and password. Which of the following would a network administrator deploy to implement these requirements? (Select TWO).
A. 802.1q
B. MAC address filtering
C. WPA2 Personal
D. WPA Enterprise
E. 802.1x

Answer 138

Answer: D,E

Question 139

A network technician is doing a wireless audit and finds an SSID that does not match the company’s SSID. The company uses the SSID of ABC123, and the SSID the technician found is Default. Which of the following threats did the network technician find?
A. AP isolation
B. DDoS
C. Evil twin
D. Rogue AP

Answer 139

Answer: D

Question 140

An administrator would like to search for network vulnerabilities on servers, routers, and embedded appliances. Which of the following tools would MOST likely accomplish this?
A. Baseline analyzer
B. Ping
C. Protocol analyzer
D. Nessus

Answer 140

Answer: D

Question 141

A technician needs to install a new wireless encryption system. They are evaluating the feasibility of implementing WPA. WPA increases protection over WEP by implementing which of the following?
A. Strong RC4 encryption
B. Shared secret keys
C. AES encryption
D. Key rotation

Answer 141

Answer: D

Question 142

A network administrator wants to perform a test to see if any systems are passing clear text through the network. Which of the following would be used?
A. Social engineering
B. Packet sniffing
C. Rogue access point
D. Man-in-the-middle

Answer 142

Answer: B

Question 143

A firewall that detects and prevents attacks from outside the network based on learned data patterns can BEST be described as which of the following?
A. Signature based IDS
B. Behavior based IPS
C. Host based IPS
D. Network based IDS

Answer 143

Answer: B

Question 144

A technician is troubleshooting a network issue and needs to view network traffic on a switch in real-time. Which of the following would allow the technician to view network traffic on a switch?
A. ISAKMP
B. Port forwarding
C. Port security
D. Port mirroring

Answer 144

Answer: D

Question 145

A technician needs to make a web server with a private IP address reachable from the Internet. Which of the following should the technician implement on the company firewall?
A. DOCSIS
B. NAT
C. CIDR
D. VPN

Answer 145

Answer: B

Question 146

A user is unable to connect to a remote computer using RDP. The technician checks the firewall rules and notes that there is no rule that blocks RDP. Which of the following features of the firewall is responsible for blocking RDP?
A. Stateful inspection
B. NAT/PAT
C. Port security
D. Implicit deny

Answer 146

Answer: D

Question 147

A company wants to have a security zone to isolate traffic within the firewall. Which of the following could be used?
A. VPN
B. ACL
C. DMZ
D. VLAN

Answer 147

Answer: C

Question 148

An organization only has a single public IP address and needs to host a website for its customers. Which of the following services is required on the network firewall to ensure connectivity?
A. Forwarding proxy
B. Port address translation
C. DMZ port security
D. Application inspection

Answer 148

Answer: B

Question 149

A user reports sporadic network outages. The user tells the administrator it happens after approximately 20 minutes of work on an application. The administrator should begin troubleshooting by checking which of the following?
A. The IDS server logs
B. The DNS resolution time
C. The firewall’s blocked logs
D. The patch cable

Answer 149

Answer: D

Question 150

If a wireless key gets compromised, which of the following would MOST likely prevent an unauthorized device from getting onto the network?
A. Device placement
B. Wireless standard
C. Encryption type
D. MAC filtering

Answer 150

Answer: D

Question 151

Which of the following would a network administrator MOST likely use to actively discover unsecure services running on a company’s network?
A. IDS
B. Nessus
C. NMAP
D. Firewall

Answer 151

Answer: B

Question 152

A company has a total of two public IP addresses and must allow 150 devices to connect to the Internet at the same time. Which of the following is the BEST option for connectivity?
A. VLSM
B. NAT
C. CIDR
D. PAT

Answer 152

Answer: D

Question 153

A network technician has recently discovered rogue devices on their network and wishes to implement a security feature that will prevent this from occurring. Which of the following will prevent unauthorized devices from connecting to a network switch?
A. Implement 802.11i on all switches in the network.
B. Implement port security on all computers in the company.
C. Implement port security on all switches in the network.
D. Implement rules on the firewall to block unknown devices.

Answer 153

Answer: C

Question 154

Which of the following security appliances would be used to only analyze traffic and send alerts when predefined patterns of unauthorized traffic are detected on the network?
A. Host based IPS
B. Network based firewall
C. Signature based IDS
D. Behavior based IPS

Answer 154

Answer: C

Question 155

An administrator would like to provide outside access to the company web server and separate the traffic from the local network. Which of the following would the administrator use to accomplish this?
A. Network Address Translation
B. Stateful Inspection
C. Port Address Translation
D. Demilitarized Zone

Answer 155

Answer: D

Question 156

An administrator needs to provide remote connectivity to server1, web traffic to server2, and FTP access to server3 using a single outside IP address. Which of the following would the administrator implement on the firewall to accomplish this?
A. Port Address Translation
B. Demilitarized Zone
C. Stateful Packet Inspection
D. Network Address Translation

Answer 156

Answer: A

Question 157

An administrator would like to scan for open ports on the subnet and determine if any vulnerable applications are listening. Which of the following tools would the administrator MOST likely use?
A. Ping
B. Nessus
C. IMAP
D. Telnet

Answer 157

Answer: B

Question 158

An attack used to find unencrypted information in network traffic is called:
A. WEP cracking
B. packet sniffing
C. ping sweep
D. social engineering

Answer 158

Answer: B

Question 159

An administrator would like to block all HTTP traffic and allow all HTTPS traffic on the firewall. Using the default port numbers, which of the following should the administrator configure? (Select TWO).
A. Allow port 443
B. Deny port 53
C. Deny port 20
D. Deny port 80
E. Allow port 23

Answer 159

Answer: A,D

Question 160

Which of the following protocols would be MOST likely found to be running on a device in a SOHO environment?
A. BGP
B. SONET
C. IPSec
D. OSPF

Answer 160

Answer: C

Question 161

Which of the following tools will scan a network for hosts and provide information on the installed operating system?
A. DOCSIS
B. NMAP
C. IMAP
D. BERT

Answer 161

Answer: B

Question 162

A network technician is configuring a new firewall for placement into an existing network infrastructure. The existing network is connected to the Internet by a broadband connection. Which of the following represents the BEST location for the new firewall?
A. The firewall should be placed between the Internet connection and the local network.
B. The firewall should be placed inside the local network.
C. The firewall should be placed between the broadband connection and the Internet.
D. The firewall should be placed in the Internet cloud.

Answer 162

Answer: A

Question 163

A company would like their technicians to be able to connect to employee desktops remotely via RDP. Which of the following default port numbers need to be opened on the firewall to support
this?
A. 143
B. 443
C. 3389
D. 8080

Answer 163

Answer: C