Understanding Basic Network Security

Question 1

Which of the following protocols is a file transfer protocol using SSH?      
A. SFTP      
B. TFTP      
C. SICMP      
D. CCMP

Answer 1

A. Secure FTP (SFTP) is a secure implementation of FTP, an extension of Secure Shell (SSH), and transmits data using port 22. Trivial FTP is a form of FTP using UDP to transmit smaller amounts of data than FTP. ICMP is a diagnostic protocol used by tools such as ping, but there is no such thing as SICMP. CCMP is an encryption protocol used with wireless networks.

Question 2

Of the following choices, which one provides the most security for FTP?      
A. FTP active mode      
B. FTPS      
C. TFTP      
D. SCP

Answer 2

B. File Transfer Protocol Secure (FTPS) uses SSL to secure FTP transmissions. FTP can work in active or passive mode, but this only affects how the ports are used, not the security. TFTP is a trivial form of FTP and doesn’t provide security. SCP uses SSH to copy files over a network and isn’t related to FTP.

Question 3

Of the following choices, what is a benefit of IPsec?      
A. MAC filtering      
B. Flood guard      
C. Load balancing      
D. Payload encryption

Answer 3

D. Internet Protocol security (IPsec) includes Encapsulating Security Payload (ESP), which can encrypt the IP packet payload. Port security and network access control can use MAC filtering. A flood guard protects against SYN flood attacks, and a load balancer can optimize and distribute data loads across multiple computers, but neither are related to IPsec.

Question 4

What protocol is used to monitor and configure network devices?      
A. ICMP      
B. SFTP      
C. SNMP      
D. DNS

Answer 4

C. Simple Network Management Protocol (SNMP) can monitor and manage network devices such as routers or switches and uses device traps. Diagnostic tools such as ping use ICMP, and many firewalls block ICMP traffic. SFTP is a secure form of FTP used to upload and download files. DNS resolves host names to IP addresses.

Question 5

Which of the following is an IPv6 address? A. 192.168.1.100
B. 192.168.1.100/ 128
C. FE80: 20D4: 3FF7: 003F:DE62
D. FE80: 0000: 0000: 0000: 20D4: 3FF7: 003F:DE62

Answer 5

D. An IPv6 address uses 128-bit IP addresses and includes eight groups of four hexadecimal characters. IPv4 (not IPv6) uses the dotted decimal format with decimals separated by dots. A double colon indicates zero compression, when less than eight groups are shown, but if omitted the address isn’t valid.

Question 6

Which of the following IP addresses are on the same subnet? (Choose all that apply.)
A. 192.168.1.50, 255.255.255.192
B. 192.168.1.100, 255.255.255.192
C. 192.168.1.165, 255.255.255.192
D. 192.168.1.189, 255.255.255.192

Answer 6

C, D. Both 192.168.1.165 and 192.168.1.189 are on the same subnet since bits 25 and 26 are the same (10). Bits 25 and 26 are 00 for 192.168.1.50, and 01 for 192.168.1.100 so these two are on different subnets from the any of the other IP addresses.

Question 7

An administrator decides to block Telnet access to an internal network from any remote device on the Internet. Which of the following is the best choice to accomplish this?
A. Block port 22 at the host firewall
B. Block port 22 on internal routers
C. Block port 23 at the network firewall
D. Block port 23 on internal routers

Answer 7

C. You can block all telnet traffic into the network by blocking port 23 on the network firewall. Port 22 is used for SSH, SCP or SFTP, not Telnet (unless Telnet is encrypted with SSH). Additionally, blocking it at the host firewall only blocks it to the host, not the network. It’s easier to block the port once at the firewall rather than block the port on all internal routers. Additionally, the scenario states that the goal is to block access from the Internet, but Telnet may be authorized internally.

Question 8

What port does SFTP use?      
A. 22      
B. 23      
C. 443      
D. 1443

Answer 8

A. Secure File Transfer Protocol (SFTP) uses port 22, as do other protocols encrypted with Secure Shell (SSH) such as Secure Copy (SCP). Telnet uses port 23. HTTPS uses port 443. Microsoft’s SQL Server uses port 1443.

Question 9

What ports do HTTP and HTTPS use?      
A. 20 and 21      
B. 22 and 25      
C. 80 and 443      
D. 80 and 1433

Answer 9

C. Hypertext Transfer Protocol (HTTP) uses port 80 and HTTP Secure (HTTPS) uses port 443, and they are both used to transfer web pages. FTP uses ports 20 and 21. Microsoft’s SQL server uses port 1433. SFTP and SCP use port 22. SMTP uses port 25.

Question 10

What port does SMTP use?      
A. 22      
B. 25      
C. 110      
D. 143

Answer 10

B. Simple Mail Transfer Protocol (SMTP) uses port 25. SCP, TFTP, and SSH all use port 22. POP3 uses port 110. IMAP4 uses port 143.

Question 11

Of the following choices, what ports are used by NetBIOS? (Choose two.)      
A. 80      
B. 137      
C. 139      
D. 3389

Answer 11

B, C. NetBIOS uses ports 137, 138, and 139. HTTP uses port 80, and remote desktop services uses port 3389.

Question 12

Your organization uses switches for connectivity. Of the following choices, what will protect the switch?
A. Disable unused MAC addresses
B. Disable unused ports
C. Disable unused IPv4 addresses
D. Disable unused IPv6 addresses

Answer 12

B. Disabling unused ports is a part of basic port security. While switches can associate MAC addresses associated with ports, it’s not possible to disable unused MAC addresses on the switch. Switches track traffic based on MAC addresses, not IP addresses.

Question 13

A user plugged a cable into two RJ-45 wall jacks connected to unused ports on a switch. In a short period, this disrupted the overall network performance. What should you do to protect against this problem in the future?
A. Enable loop protection on the switch
B. Disable port security
C. Use a VLAN
D. Create DMZ

Answer 13

A. Loop protection such as Spanning Tree Protocol (STP) protects against the switching loop problem described in the scenario. While disabling unused ports may help against this problem, you do this by implementing port security, not disabling port security. A DMZ is used to host Internet facing servers and isn’t relevant in this situation. VLANs can logically separate computers using the same switch but do not prevent switching loops.

Question 14

What can you use to logically separate computers in two different departments within a company?      
A. A hub      
B. A VLAN      
C. NAT      
D. A flood guard

Answer 14

B. A virtual local area network (VLAN) can group several different computers into a virtual network, or logically separate the computers in two different departments. A hub doesn’t have any intelligence and can’t separate the computers. NAT translates private IP addresses to public IP addresses, and public back to private. A flood guard protects against SYN flood attacks.

Question 15

Most firewalls have a default rule placed at the end of the firewall’s ACL. Which of the following is the most likely default rule?      
A. Deny any any      
B. Deny ICMP all      
C. Allow all all      
D. Allow TCP all

Answer 15

A. A deny any any or drop all statement is placed at the end of an ACL and enforces an implicit deny strategy. While many firewalls include a rule to deny ICMP traffic (such as pings or ICMP sweeps), it isn’t a default rule and wouldn’t be placed last. An allow all all rule allows all protocol traffic that wasn’t previously blocked but is rarely (if ever) used in a firewall. Similarly, it’s rare to allow all TCP traffic on any port. Instead, a firewall uses an implicit deny principle by specifying what is allowed, and blocking everything else.

Question 16

Of the following choices, what best describes a method of managing the flow of network traffic by allowing or denying traffic based on ports, protocols, and addresses?
A. Implicit deny
B. Firewall rules
C. Proxy server content filter
D. Firewall logs

Answer 16

B. Firewalls use firewall rules (or rules within an ACL) to identify what traffic is allowed and what traffic is denied, and a basic packet filtering firewall can filter traffic based on ports, protocols, and addresses. Firewalls use implicit deny to block all traffic not previously allowed, but this more accurately describes what is blocked rather describing the entire flow of traffic. A proxy server content filter can filter traffic based on content (such as URLs), but can’t allow or deny traffic based on ports or protocols. Firewall logs are useful to determine what traffic a firewall has allowed or blocked but do not allow or deny traffic themselves.

Question 17

Of the following choices, what represents the best choice to prevent intrusions on an individual computer?      
A. HIDS      
B. NIDS      
C. Host-based firewall      
D. Network-based firewalls

Answer 17

C. A host-based firewall can help prevent intrusions on individual computers such as a server or desktop computer. A host-based intrusion detection system (HIDS) and a network-based intrusion detection system (NIDS) can detect intrusions, not prevent them. A network-based firewall is used to monitor and control traffic on a network, not just an individual system.

Question 18

Your network includes a subnet that hosts accounting servers with sensitive data. You want to ensure that users in the Marketing Department (on a separate subnet) cannot access these servers. Of the following choices, what would be the easiest to achieve the goal?
A. Enable load balancing
B. Enable port security
C. Use an ACL
D. Add a host-based firewall to each server

Answer 18

C. An access control list (ACL) on a router can block access to the subnet from another subnet. A load balancer can optimize and distribute data loads across multiple computers or multiple networks, but it doesn’t isolate traffic. Disabling unused ports is a part of basic port security and wouldn’t separate subnet traffic. A host-based firewall can protect against intrusions on individual systems and could block the traffic, but you’d have to enable it on every server, as opposed to creating a single rule in an ACL.

Question 19

Of the following choices, what controls traffic between networks?      
A. A firewall      
B. Load balancer      
C. VPN concentrator      
D. Protocol analyzer

Answer 19

A. A firewall controls traffic between networks using rules within an ACL. A load balancer can optimize and distribute data loads across multiple computers. A VPN concentrator provides access to an internal network from a public network such as the Internet. A protocol analyzer (a sniffer) is used to view headers and clear-text contents in IP packets, but it can’t control the traffic.

Question 20

An organization has a web security gateway installed. What function is this performing? A. MAC filtering
B. Caching content
C. Hiding internal IP addresses
D. Content filtering

Answer 20

D. A web security gateway performs content filtering (including filtering for malicious attachments, malicious code, blocked URLs, and more). Port security and network access control use MAC filtering to limit access. A proxy server caches content. NAT translates public IP addresses to private IP addresses, private back to public, and can hide addresses on the internal network.

Question 21

Your organization hosts a large website served by multiple servers. They need to optimize the workload and distribute it equally among all the servers. What should they use?     
A. Proxy server      
B. Load balancer      
C. Web security gateway      
D. Security appliance

Answer 21

B. A load balancer can optimize and distribute data loads across multiple computers or multiple networks. A proxy server provides content filtering and caching. Web security gateways and all-in-one security appliances provide content filtering, but not load balancing.

Question 22

Of the following choices, what can be used to allow access to specific services from the Internet while protecting access to an internal network? A. SSH
B. Implicit deny
C. DMZ
D. Port security

Answer 22

C. A demilitarized zone (DMZ) can provide access to services (hosted on servers) from the Internet while providing a layer of protection for the internal network. SSH encrypts traffic such as Telnet, SCP, and SFTP over port 22, but it can’t control access. Implicit deny blocks all traffic not explicitly allowed. Port security enhances switch security and includes disabling unused ports.

Question 23

Of the following choices, what hides the IP addresses of computers inside a network from computers outside the network?
A. Web security gateway
B. Replacing all hubs with switches
C. WAF
D. NAT 24.

Answer 23

D. Network Address Translation (NAT) translates public IP addresses to private IP addresses, and private back to public, and hides addresses on the internal network. A Web security gateway performs content filtering, including filtering for malicious attachments, malicious code, blocked URLs, and more. Replacing hubs with switches improves network performance and adds security, but doesn’t hide addresses outside of a network. A WAF is an additional firewall designed to protect a web application.

Question 24

Of the following choices, what is the best choice for a device to filter and cache content from web pages?     
A. Web security gateway      
B. VPN concentrator      
C. Proxy server      
D. MAC filtering

Answer 24

C. A proxy server includes the ability to filter and cache content from web pages. A web security gateway can filter web-based content, but it doesn’t always have caching capabilities. A VPN concentrator provides access to VPN clients. MAC filtering can be used with port security on a switch, but doesn’t filter web page content.