Chpt 6 perimeter defense – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which of the following best describes the purpose of using subnets
answer
Subnets divide an IP network address into multiple Network addresses
question
Which of the following is not a reason to use subnets on a network
answer
Combine different media type onto the same subnet
question
Which of the following IPv6 addresses is equivalent to the ipv4 loopback address of 127. 0. 0. 1
answer
:: 1
question
Which of the following describes an IPv6 address
answer
8 hexadecimal quartets and 128-bit address
question
Which of the following correctly describes the most common format for expressing IPv6 addresses
answer
32 numbers grouped using colons and hexadecimal numbers
question
Which of the following are valid IPv6 addresses
answer
6384: 1319: 7700: 7631: 4468: 5511: 8940: 2552 141: 0: 0: 0: 15: 0: 0: 1
question
Which of the following is a valid IPv6 address
answer
FEC 0::AB: 9007
question
Routers operate at what level of the open system interconnect model
answer
Network layer
question
You've decided to use a subnet mask of 255. 255. 192. 0 on the 172. 17. 0. 0 Network to create for separate subnets which network IDs will be assigned to these subnets in the configuration
answer
172. 17. 0. 0 and 172. 17. 128. 0
question
You have been using SNMP on your network for monitoring and management you are concerned about the security of this configuration what should you do
answer
Implement version 3 of SNMP
question
You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name which protocol should you implement
answer
DNS
question
Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery
answer
Icmp
question
You are configuring a network firewall to allow SMTP outbound email traffic and POP3 inbound email traffic which of the following TCP / IP port should you open on the firewall
answer
25 + 1 10
question
Which port number is used by SNMP
answer
161
question
Which of the following ports does FTP used to establish sessions and manage traffic
answer
20 + 21
question
Using the Nets at command you notice that the remote system has made a connection to your Windows Server 2008 system using TCP / ip port 21 which of the following actions is the remote system most likely to be performing
answer
Downloading a file
question
To increase Security on your company's internal network administrator has disabled as many points as possible now however though you can browse the internet you are unable to perform secured credit card transactions which Port needs to be enabled to allow
answer
443
question
Which of the following Network Services or protocols uses TCP /ip Port 22
answer
SSH
question
Drag each IP port number on the left to its Associated service on the right be aware that some sport numbers may be used more than once
answer
SNMP equals 61 SSH equals 22 tftp equals 69 SCP equals 22 telnet equals 23 https equals 44 3 HTTP equals 80 ft P equals 20 SMTP equals 25 EO P3 equals 110
question
Which two of the following lists accurately describes TCP and UDP
answer
TCP: connection oriented, reliable, sequence, High overhead UDP: connection list, unreliable, unsequenced, low overhead
question
You are an application developer creating applications for a wide variety of customers in which two of the following situations would you select a connectionless protocol
answer
A gaming company wants to create a network to version of its latest game communication speed and reducing packet overhead or more important than error free delivery A company connect to networks through an expensive WAN link the communication media is reliable but very expensive they want to minimize connection times
question
You want to maintain tight security on your internal Network so you restrict access to the network do certain port numbers if you want to allow users to continue to use DNS which pork should you enable
answer
53
question
Your company's Network provides HTTP, https, and SSH access to remote employees which ports must be opened on the firewall to allow this traffic to pass
answer
80, 443, 22
question
Your networks recently experienced this series of attacks aimed at the telnet and FTP Services you have Rewritten the security policies to abolish the unsecured services and now you must secure the network using your firewall and routers which ports must be close to prevent traffic directed to the these two services
answer
23, 21
question
Which of the following is the main difference between a Dos attack and a DDOS attack
answer
The DDOS attack uses zombie computers
question
An attacker sets up a hundred drone computers that flood a DNS server with invalid request this is an example of which kind of attack
answer
DDOS
question
You suspect that an Xmas tree attack is occurring on a system which of the following could result if you do not stop the attack
answer
The threat agent will obtain information about open ports on the system and the system will unavailable to respond to legitimate request
question
You need to enumerate the devices on your network and display the configuration details of the network which of the following utilities should you use
answer
Nmap
question
An attacker is conducting passive reconnaissance on a targeted company which of the following could he be doing
answer
Browsing the organization's website
question
Which type of active scan turns off all Flags in a TCP header
answer
Null
question
Which of the following denial-of-service attacks uses icmp packets it will only be successful if the victim has less bandwidth than the attacker
answer
Ping flood
question
In which of the following denial-of-service attacks does the victim's system rebuild invalid UDP packets causing the system to crash or reboot
answer
Teardrop
question
I send package is received by a server the same packet has the exact same address for both the sender and receiver addresses which is the address of the server this is an example of what type of
answer
Land attack
question
Which of the following is a form of denial service attack that subvert the TCP 3-way handshake process by attempting to open numerous sessions on a victim server but intentionally failing to complete the session by not sending the final required packet
answer
Syn flood
question
Which of the following is a form of denial of service attack that uses spoofed icmp packets to flood a victim with Echo request using a bounce/ amplification Network
answer
Smurf
question
A Synattack or a Syn flood exploits or altars which element of the TCP 3-way handshake
answer
Ack
question
When a syn flood is altered so that the Syn and packet are spoofed in order to define the source and destination address as a single victim IP the attack is now called what
answer
Land attack
question
A Smurf attack requires all but which of the following elements to be implemented
answer
Padded cell
question
Which of the following best describes the Ping of death
answer
An icmp packet that is larger than 65536 bites
question
Which of the following is the best countermeasure against man-in-the-middle
answer
IPsec
question
What is modified in the most common form of spoofing on a typical IP packet
answer
Source address
question
Which type of denial of service attack occurs when a name server receives malicious or misleading data that incorrectly maps hostnames and IP addresses
answer
DNS poisoning
question
Which of the following describes a man-in-the-middle attack
answer
... a full server intercepts communication from a client by impersonating the intended
question
Capturing packets as they travel from one host to another with intent of altering the contents of the package is a form of which security concern
answer
Man in the middle
question
When the TCP /ip session state is manipulated so that a third party is able to insert alternate packets into the communication stream what type of attack has occurred
answer
Hijacking
question
What is the goal of TCP slash IP hijacking attack
answer
Executing commands or accessing resources on the system the attacker does not otherwise have authorization to access
question
Which of the following is not a protection against session hijacking
answer
DHCP reservations
question
Which of the following is most effective protection against IP packet spoofing on a private Network
answer
Ingress and egress filters
question
While using the internet you type the URL of one of your favorite sites in the browser instead of going to the correct site however the browser displays a completely different website when you use the IP address of the web server the correct site is displayed what type of attack has likely occurred
answer
DNS poisoning
question
Which of the following attacks tries to associate an incorrect Mac address with a known IP address
answer
ARP poisoning
question
What are the most common Network traffic packets captured and used in a reply attack
answer
Authentication
question
When a malicious user captures altercation traffic and replace it against the network later what is the security problem you are most concerned about
answer
An unauthorized user gaining access to sensitive resources
question
A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received on internet-facing interface this is an example of what form of attack
answer
Spoofing
question
An attacker uses and exploit to push a modified hosts file to client systems this host file redirects traffic from legitimate tax preparation sites to malicious sites together personal and financial information what kind of exploit has been used in this scenario
answer
DNS poisoning Pharming
question
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
answer
Extranet
question
You are the office manager of a small financial credit business. Your company handles personal, financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records, but budget is an issue. Which item would provide the best security for this situation?
answer
all-in-one security appliance
question
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the internet form the library's computers. The students will use the computers to search the internet for research paper content. The school budget is limited Which content filtering option would you choose?
answer
Restrict content based on content categories.
question
Match the application-aware network device on the right with the appropriate description on the left.
answer
Application-aware proxy: Improves application performance Application-aware firewall: Enforce security rules based on the application that is generating network traffic, instead of the traditional port and protocol. Application-aware IDS: Analyzes network packets to detect malicious payloads targeted at application-layer services.
