Network Security Chapter 5 & 6 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Keep the router in a locked room.
answer
Which of the following is the most important thing to do to prevent console access to the router?
question
Use cable locks to chain the laptops to the desks.
answer
You have 5 salesmen who work out of your office and who frequently leave their laptops on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns?
question
Relocate the switch to the locked server closet. Control access to the work area with locking doors and card readers.
answer
You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: -When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with cable lock. -The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. -She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. -You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. -You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client?
question
Implement a hardware checkout policy.
answer
You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: -When you enter the facility, a receptionist greets you and escorts you through a locked door to the work area where the office manager sits. -The office manager informs you that the organization's servers are kept in a locked closet. An access card is required to enter the server closet. -She informs you that server backups are configured to run each night. A rotation of tapes are used as the backup media. -You notice the organization's network switch is kept in the server closet. -You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. -The office manager informs you that her desktop system will no longer boot and asks you to repair or replace it. recovering as much data as possible in the process. You carry the workstation out to you car and bring it back to your office to work on it. What security-related recommendations should you make to this client?
question
Remote wipe
answer
A smart phone was lost at the airport. There is no way to recover the device. Which of the following will ensure data confidentiality on the device?
question
When the device is inactive for a period of time.
answer
Which of the following are not reasons to remote wipe a mobile device?
question
Screen lock
answer
Which of the following mobile device security considerations will disable the ability to use the device after a short period of inactivity?
question
Most accurate GPS More accurate Wi-Fi triangulation Less accurate Cell phone tower triangulation Least accurate IP address resolution
answer
Most mobile device management (MDM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate.
question
Implement storage segmentation Enable device encryption
answer
Your organization has recently purchased 20 tablet devices for the Human Resources department to use for training sessions. You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible. Which actions should you take?
question
Implement a mobile endpoint management (MEM) solution.
answer
Over the last several years, the use of mobile devices within your organization has increased dramatically. Unfortunately, many department heads circumvented your Information Systems procurement policies and directly purchased tablets and smartphones for their employees without authorization. As a result there is a proliferation of devices within your organization without accountability. You need to get things under control and begin tracking the devices that are owned by your organization. How should you do this?
question
Preventing malware infections. Implement a network access control (NAC) solution. Supporting mobile device users. Specify who users can call for help with mobile device apps in your acceptable use policy. Preventing loss of control of sensitive data Enroll devices in a mobile device management system. Preventing malicious insider attacks Specify where and when mobile devices can be possessed in your acceptable use policy. Applying the latest anti-malware definitions Implement a network access control (NAC) solution.
answer
Match each bring your own device (BYOD) security issue on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all.
question
Users take pictures of proprietary processes and procedures Specify where and when mobile devices can be possessed in your acceptable use policy. Devices with a data plan can e-mail stolen data Specify where and when mobile devices can be possessed in your acceptable use policy. Devices have no PIN or password configured Enroll devices in a mobile device management system. Anti-malware software is not installed Implement a network access control (NAC) solution. A device containing sensitive data may be lost Enroll devices in a mobile device management system.
answer
Match each bring your own device (BYOD) security issue on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all.
question
War dialing
answer
The presence of unapproved modems on desktop systems gives rise to the LAN being vulnerable to which of the following?
question
Cramming
answer
Which of the following phone attacks adds unauthorized charges to a telephone bill?
question
VoIP
answer
Which Internet connectivity method sends voice phone calls using the TCP/IP protocol over digital data lines?
question
Cramming
answer
A customer just received a phone bill on which there are charges for unauthorized services. This customer is a victim of which type of attack?
question
Subnets divide an IP network address into multiple network addresses.
answer
Which of the following best describes the purpose of using subnets?
question
Combine different media type on the same subnet.
answer
Which of the following is not a reason to use subnets on a network?
question
::1
answer
Which of the following IPv6 addresses is equivalent to the IPv4 loopback address of 127.0.0.1?
question
Eight hexadecimal quartets 128-bit address
answer
Which of the following describes an IPv6 address?
question
Hexadecimal numbers 32 numbers, grouped by colons
answer
Which of the following correctly describes the most common format for expressing IPv6 addresses?
question
6384:1319:7700:7631:446A:5511:8940:2552 141:0:0:0:15:0:0:1
answer
Which of the following are valid IPv6 addresses?
question
FEC0::AB:9007
answer
Which of the following is a valid IPv6 address?
question
Network layer
answer
Routers operate at what level of the Open System Interconnect model?
question
172.17.0.0 172.17.128.0
answer
You've decided to use a subnet mask of 255.255.192.0 on the 172.17.0.0 network to create four separate subnets. Which network IDs will be assigned to these subnets in this configuration?
question
Implement version 3 of SNMP.
answer
You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?
question
DNS
answer
You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. Which protocol should you implement?
question
ICMP
answer
Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery?
question
25 110
answer
You are configuring a network firewall to allow SMTP outbound e-mail traffic, and POP3 inbound e-mail traffic. Which of the following TCP/IP ports should you open on the firewall?
question
161
answer
Which port number is used by SNMP?
question
20, 21
answer
Which of the following ports does FTP use to establish sessions and manage traffic?
question
Downloading a file
answer
Using the Netstat command, you notice that a remote system has made a connection to your Windows Server 2008 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing?
question
443
answer
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the Internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
question
SSH
answer
Which of the following network services or protocols uses TCP/IP port 22?
question
SNMP: 161 TCP and UDP SSH: 22 TCP and UDP TFTP: 69 UDP SCP: 22 TCP and UDP Telnet: 23 TCP HTTPS: 443 TCP and UDP HTTP: 80 TCP FTP: 20 TCP SMTP: 25 TCP POP3: 110 TCP
answer
Drag each IP port on the left to its associated service on the right. Be aware that some port numbers may be used more than once.
question
UDP: connectionless, unreliable, unsequenced, low overhead TCP: connection-oriented, reliable, sequenced, high overhead
answer
Which two of the following lists accurately describes TCP and UDP?
question
A gaming company wants to create a networked version of its latest game. Communication speed and reducing packet overhead are more important than error-free delivery. A company connects two networks through an expensive WAN link. The communication media is reliable, but very expensive. They want to minimize connection times.
answer
You are an application developer creating applications for a wide variety of customers. In which two of the following situations would you select a connectionless protocol?
question
53
answer
You want to maintain tight security on your internal network so you restrict access to the network through certain port numbers. If you want to allow users to use DNS, which port should you enable?
question
80, 443, 22
answer
Your company's network provides HTTP, HTTPS, and SSH access to remote employees. Which ports must be opened on the firewall to allow this traffic to pass?
question
23, 21
answer
Your network recently experienced a series of attacks aimed at the Telnet and FTP services. You have rewritten the security policy to abolish the unsecured services, and now you must secure the network using your firewall and routers. Which ports must be closed to prevent traffic directed to these two services?
question
The DDoS attack uses zombie computers.
answer
Which of the following is the main difference between a DoS attack and a DDoS attack?
question
DDoS
answer
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
question
The threat agent will obtain information about open ports on the system. The system will unavailable to respond to legitimate requests.
answer
You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack?
question
nmap
answer
You need to enumerate the devices on your network and display the configuration details of the network. Which of the following utilities should you use?
question
Browsing the organization's Website.
answer
An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing?
question
Null
answer
Which type of active scan turns off all flags in a TCP header?
question
Ping flood
answer
Which of the following Denial of Service (DoS) attacks uses ICMP packets and will only be successful if the victim has less bandwidth than the attacker?
question
Teardrop
answer
In which of the following Denial of Service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot?
question
Land attack
answer
A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?
question
SYN flood
answer
Which of the following is a form of denial of service attack thatsubverts the TCP three-way handshake process by attempting to open numerous sessions on a victim server but intentionally failing to complete the session by not sending the final required packet?
question
Smurf
answer
Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?
question
ACK
answer
A SYN attack or SYN flood exploits or alters which element of the TCP three-way handshake?
question
Land attack
answer
When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination addresses as a single victim IP address, the attack is now called what?
question
Padded cell
answer
A Smurf attack requires all but which of the following elements to be implemented?
question
An ICMP packet that is larger than 65,536 bytes
answer
Which of the following best describes the ping of death?
question
IPSec
answer
Which of the following is the best countermeasure against a man-in-the-middle attacks?
question
Source address
answer
What is modified in the most common form of spoofing on a typical IP packet?
question
DNS poisoning
answer
Which type of Denial of Service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?
question
A false server intercepts communications from a client by impersonating the intended server.
answer
Which of the following describes a man-in-the-middle attack?
question
Man-in-the-middle attack
answer
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which concern?
question
Hijacking
answer
When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream, what type of attack has occurred?
question
Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access
answer
What is the goal of a TCP/IP hijacking attack?
question
DHCP reservations
answer
Which of the following is not a protection against session hijacking?
question
Ingress and egress filters
answer
Which of the following is the most effective protection against IP packet spoofing on a private network?
question
DNS poisoning
answer
While using the Internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the IP address of the Web server, the correct site is displayed. Which type of attack has likely occurred?
question
ARP poisoning
answer
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
question
Authentication
answer
What are the most common network traffic packets captured and used in a replay attack?
question
An unauthorized user gaining access to sensitive information
answer
When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?
question
Spoofing
answer
A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received on the Internet-facing interface. This is an example of what form of attack?
question
Pharming DNS poisoning
answer
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. What kind of exploit has been used in this scenario?
question
Extranet
answer
Which of the following is a privately controlled portion of a network that is accessible to some specific eternal entities?
question
All-in-one appliance
answer
You are the office manager of a small financial credit business. Your company handles personal, financial information for clients seeking small loans over the Internet. You are aware of your obligation to secure clients records, but budget is an issue. Which item would provide the best security for this situation?
question
Restrict content based on content categories
answer
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the Internet from the library's computers. The students will use the computers to search the Internet for research paper content. The school budget is limited. Which content filtering option would you choose?
question
Application-aware proxy Improves application performance Application-aware firewall Enforces security rules based on the application that is generating network traffic, instead of the traditional port and protocol Application-aware IDS Analyzes network packets to detect malicious payloads targeted at application-layer services
answer
Match the application-aware network device on the right with the appropriate description on the left. Each description may be used once, more than once, or not at all.
question
Packet filtering
answer
Which of the following is a firewall function?
question
Filters based on sessions Stateful
answer
Which of the following are characteristics of a circuit-level gateway?
question
Stateless Filters IP address and port
answer
Which of the following are characteristics of a packet filtering firewall?
question
Circuit-level
answer
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
question
Application level
answer
You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?
question
Firewall
answer
Which of the following is the best device to protect your private network from a public untrusted network?
question
Host base firewall
answer
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use?
question
A proxy server is blocking access to the web sites.
answer
You connect your computer to a wireless network available at the local library. You find that you can access all web sites you want on the Internet except for two. What might be causing the problem?
question
Block employees from accessing certain Web sites. Cache web pages
answer
Which of the following functions are performed by proxies?
question
Operates at the Session layer. Verifies sequencing of session packets.
answer
Which of the following are true of a circuit proxy filter firewall?
question
ACL
answer
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
question
IP address
answer
You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?
question
Destination address of a packet Source address of a packet Port number
answer
You have just installed a packet-filtering firewall on your network. What options will you be able to set on your firewall? Select all that apply.
question
Close all ports; open only ports required by applications inside the DMZ.
answer
When designing a firewall, what is the recommended approach for opening and closing ports?
question
Circuit proxy filtering firewall Application layer firewall
answer
Which of the following firewall types can be a proxy between servers and clients?
question
VPN concentrator
answer
You have a group of salesmen who would like to access your private network through the Internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?
question
Support secured communications over an untrusted network
answer
A VPN is used primarily for what purpose?
question
L2TP
answer
Which VPN protocol typically employs IPSec as its data encryption mechanism?
question
The entire data packet, including headers, is encapsulated.
answer
Which statement best describes IPSec when used in tunnel mode?
question
ESP
answer
Which IPSec subprotocol provides data encryption?
question
RADIUS
answer
Which of the following is not a VPN tunnel protocol?
question
VPN
answer
Which is the best countermeasure for someone attempting to view your network traffic?
question
L2TP (Layer 2 Tunneling Protocol)
answer
PPTP (Point to Point Tunneling Protocol) is quickly becoming obsolete because of what VPN protocol?
question
Supporting private traffic through a public communication medium
answer
What is the primary use of tunneling?
question
Encapsulating Security Payload (ESP)
answer
In addition to Authentication Header (AH), IPSec is comprised of what other service?
question
Configure the VPN connection to use IPSec. Configure the browser to send HTTPS requests through the VPN connection.
answer
A salesperson in your organization spends most of here time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unecrypted public Wi-Fi, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration?
question
Remediation servers 802.1x authentication
answer
You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download. Which of the following components will be part of your solution?
question
Edit the properties for the server and select Request clients to send a statement of health.
answer
Which step is required to configure a NAP on a Remote Desktop (RD) Gateway server?
question
Compare the statement of health submitted by the client to the health requirements
answer
In a NAP system, what is the function of the System Health Validator?
question
Clients must be issued a valid certificate before a connection to the private network is allowed.
answer
How does IPSec NAP enforcement differ from other NAP enforcement methods?
question
Rogue access point
answer
Your company security policy states that wireless networks are not to be used because of the potential risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?
question
War chalking
answer
Which of the following describes marks that attackers place outside a building to identify an open wireless network?
question
War driving
answer
The process of walking around an office building with an 802.11 signal detector known as what?
question
Unauthorized viewing calendar, e-mails, and messages on a mobile device
answer
Which of the following best describes Bluesnarfing?
question
Bluejacking`
answer
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
question
Disable Bluetooth on the phone
answer
Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?
question
802.11g Bluetooth
answer
You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using?
question
The wireless TV system
answer
Your organization uses an 802.11g wireless network. Recently, other tenants installed the following equipment in your building: -A wireless television distribution system running at 2.4 GHz -A wireless phone system running at 5.8 GHz -A wireless phone system running at 900 MHz -An 802.11n wireless network running in the 5 GHz frequency range Since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame?
question
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.
answer
Which of the following best describes an evil twin?
question
Encryption
answer
Network packet sniffing is often used to gain the information needed to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?
question
Sniffing
answer
Which of the following common network monitoring or diagnostic activity can be used as a passive malicious attack?
question
Conduct a site survey. Check the MAC addresses of devices connected to your wired switch.
answer
You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do?
question
Spark jamming Repeatedly blasts receiving equipment with high-intensity, short-duration RF bursts at a rapid pace Random noise jamming Produces RF signals using random amplitudes and frequencies Random pulse jamming Uses radio signal pulses of random amplitude and frequency
answer
Match the malicious interference type on the right with the appropriate characteristics on the left. Each characteristic can be used once, more than once, or not at all.
question
NFC relay attack
answer
An attacker as hidden an NFC reader behind an NFC-based kiosk in an airport. The attacker uses the device to capture NFC data in transit between end-user and the reader in the kiosk. She then uses that information later on to masquerade as the original end-user device and establish an NFC connection to the kiosk. What kind of attack has occurred in this scenario?
question
Disable WPS in the access point's configuration
answer
You are implementing a wireless network in a dentist's office. The dentist's practice is small, so you choose to use an inexpensive, consumer-grade access point. While reading the documentation, you notice that the access point supports Wi-Fi Protected Setup (WPS) using a PIN. You are concerned about the security implications of this functionality. What should you do to reduce the risk?
question
Disable SSID broadcast
answer
Which of the following measures will make your wireless network invisible to the casual attacker performing war driving?
question
EAP
answer
Which remote access authentication protocol allows for the use of smart cards for authentication?
question
MAC filtering
answer
Which of the following do switches and wireless access points use to control access through the device?
question
On a RADIUS server
answer
You want to implement 802.1x authentication on your wireless network. Where would you configure passwords that are used for authentication?
question
The system is vulnerable because LEAP is susceptible to dictionary attacks.
answer
You are the wireless network administrator for your organization. As the size of the organization has grown, you've decided to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. You've decided to use LEAP to authenticate wireless clients. To do this, you configured a Cisco RADIUS server and installed the necessary Cisco client software on each RADIUS client. Which of the following is true concerning this implementation?
question
Configure the RADIUS server with a server certificate. Configure all wireless access points with client certficates
answer
You are the wireless network administrator for your organization. As the size of the organization has grown, you've decided to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. To do this, you need to configure a RADIUS server and RADIUS clients. You want the server and the clients to mutually authenticate with each other. What should you do?
question
EAP-TLS
answer
Which EAP implementation is mot secure?
question
MAC address filtering
answer
Which of the following features on a wireless network allows or rejects client connections based on the hardware address?
question
Change the administrative password to AP.
answer
You've just finished installing a wireless access point for a client. What should you do to prevent unauthorized users from accessing the access point (AP) configuration utility?
question
WPA2 with AES
answer
You are concerned about sniffing attacks on your wireless network. Which of the following implementations offers the best countermeasure to sniffing?
question
Near a window
answer
What is the least secure place to locate an access point with an omni-directional antenna when creating a wireless cell?
question
To identify existing or potential sources of interference. To identify the coverage area and preferred placement of access points.
answer
What purpose does a wireless site survey server?
question
Int the top floor
answer
You need to place a wireless access point in your two-story building. While trying to avoid interference, which of the following is the best location for the access point?
question
A: Directional B: Directional C: Omnidirectional D: Directional E: Directional F: Directional G: Directional
answer
Your are designing a wireless network implementation for a small business. The business deals with sensitive customer information, so data emanation must be reduced as much as possible. The floor plan of the office is shown below. Match each type of access point antenna on the left with the appropriate location on the floor plan on the right. Each antenna type can used once, more than once, or not at all.
question
Implement a captive portal
answer
The owner of a hotel has contracted with you to implement a wireless network to provide Internet access for guests. The owner has asked that you implement security controls such that only paying guests are allowed to use the wireless network. She wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code by the concierge at check-in, guests should then be allowed full access to the Internet. If a user does not provide the correct code, they should not be allowed to access the Internet. What should you do?
question
Use a router to configure a subnet for the accounting computers.
answer
You manage a network with a single switch. All hosts connect to the network through the switch. You want t increase the security of devices that are part of the accounting department. You want to make sure that broadcast traffic sent by an accounting computer is only received by other accounting computers, and you want to implement ACLs to control traffic sent to accounting computers through the network. What should you do?
question
Switch
answer
You want to reduce collisions by creating separate collision domains and virtual LANs. Which of the following devices should you choose?
question
Broadcast traffic travels to a subset of devices rather than to all devices on the network.
answer
Which of the following is an advantage of using switches to create virtual LANs?
question
A switch filters port traffic based on MAC address.
answer
Which characteristic of a switch can improve bandwidth utilization and reduce the risk of sniffing attacks on the network?
question
Hubs transmit frames to all hosts on all ports.
answer
What characteristic of hubs poses a security threat?
question
Hub
answer
Which of the following devices does not examine the MAC address in a frame before processing or forwarding the frame?
question
Use an access control list to deny traffic from specific IP addresses.
answer
Which of the following describes how a router can be used to implement security on your network?
question
Privilege escalation
answer
A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all of the other data entry employees. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?
question
Privilege escalation
answer
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?
question
Use a stronger administrative password.
answer
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You configure the management interface with a user name of admin and a password of password. What should you do to increase the security of this device?
question
Backdoor
answer
While developing a network application, a programmer adds functionally that allows her to access the running program, without authentication, to capture debugging. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. What type of security weakness does this represent?
question
MAC flooding
answer
Which of the following attacks, if successful, causes a switch to function like a hub?
question
ARP spoofing/poisoning
answer
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's device.
question
Bypass 802.1x port-based security
answer
What is a typical goal of MAC spoofing?
question
DTP
answer
Which protocol should you disable on the user access ports of a switch?
question
Change the default administrative user name and password Use an SSH client to access the router configuration
answer
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a user name of admin and a password of admin. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?
question
Move the router to a secure server room.
answer
You've just deployed a new Cisco router that connects several network segments in you organization. The router is physically located in a cubicle near your office. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using an SSH client with a user name of admin01 and a password of P@ssW0rd. You have used MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?
question
Use SCP to back up the router configuration to a remote location.
answer
You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with a user name of admin01 and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password. What should you do to increase the security of this device?
question
SSL: Uses public-key cryptography HTTP: Transfers data in clear text SSH: Uses public-key cryptography Telnet: Transfers data in clear text Console port: Cannot be sniffed
answer
You can use a variety of methods to manage the configuration of a network router. Match the management option on the right with its corresponding description on the left.
question
Anomaly based IDS
answer
You are concerned about protecting your network from network-based attacks from the Internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?
question
Host system auditing
answer
What do host based intrusion detection systems often rely upon to preform their detection activities?
question
The IDS logs all pertinent data about the intrusion. An alert is generated and delivered via e-mail, the console, or an SNMP trap.
answer
What actions can a typical passive Intrusion Detection System (IDS) take when it detects an attack?
question
Monitoring the audit trails on a server. Listening to network traffic
answer
Which of the following activities are considered passive in regards to the functioning of an intrusion detection system?
question
Perform reverse lookups to identify an intruder. Update filters to block suspect traffic.
answer
An active IDS system often performs which of the following actions?
question
Signature based
answer
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database?
question
Update the signature files
answer
You have just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis?
question
Anti-virus software
answer
What is the most common form of host based IDS that employs signature or pattern matching detection methods?
question
False negative
answer
You have configured a NIDS to monitor network traffic. Which of the following describes an attack that is not detected by the NIDS device?
question
Legitimate traffic being flagged as malicious
answer
Which of the following describes a false positive when using an IPS device?
question
Disconnect the intruder
answer
If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?
question
IPS
answer
Which of the following devices is capable of detecting and responding to security threats?
question
Honeynet
answer
You want to create a collection of computers on your network that appears to have valuable data, but are really computers configured with fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about methods of attack that are being deployed. What should you implement?
question
To delay intruders in order to gather auditing data
answer
A honey pot is used for what purpose?
question
Implement an application-aware IPS in front of the Web server.
answer
Your organization uses a Web server to host an e-commerce site. Because this Web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the Web server. The security control must be able to identify malicious payloads and block them. What should you do?
question
Group Policy
answer
Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on through the network, or loading and unloading device drivers?
question
Group Policy
answer
For users who are members of the Sales team, you want to force their computers to use specific desktop background and remove access to administrative tools from the Start menu. Which solution should you use?
question
1. The Local Group Policy on the computer. 2. GPOs linked to the domain that contains the user or computer object. 3. GPOs linked to the organizational unit that contains the object.
answer
Arrange the Group Policy Objects (GPOs) in the order in which they are applied.
question
Software that should be installed on a specific computer: Computer Configuration Software that should be installed for a specific user: User Configuration Scripts that should run at startup or shutdown: Computer Configuration Scripts that should run at logon or logoff: User Configuration Network communication security settings: Computer Configuration
answer
Match the Group Policy type on the left with the function that it can perform on the right.
question
SSL
answer
FTPS uses which mechanism to provide security for authentication and data transfer?
question
Create a security group for the managers. Add all users as members of the group. Add the group to the file's DACL.
answer
You want to give all managers the ability to view and edit a certain file. To do so, you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this?
question
Make Mark a member of the Sales group; add Mark's user account directly to the ACL for the Design folder.
answer
You have two folders that contain documents used by various departments: The Development group has been given the Write permission to the Design folder. The Sales group has been given the Write permission to the Products folder. No other permissions have been given to either group. User Mark Tillman needs to have the Read permission to the Design folder and the Write permission to the Products folder. You want to use groups as much as possible. What should you do?
question
Create a security group for the administrators; add all users to the group. Grant the group necessary user rights.
answer
You have multiple users who are computer administrators. You want each administrator to be able to shut down systems and install drivers. What should you do?
question
NTFS and share permissions
answer
You have a file server named Srv3 that holds files used by the Development department. You want to allow users to access the files over the network, and control access to files when files are accessed through the network or through a local logon. Which solution should you implement?
question
Add Mark Mangum to the ACL for the Confidential.xls file with Deny permissions.
answer
You have a shared folder named Reports. Members of the Managers group have been given Write access to the shared folder. Mark Mangum is a member of the Managers group. He needs access to the files in the Reports folder, but should not have any access to the Confidential.xls file. What should you do?
question
Open ports 20 and 21 for inbound and outbound connections
answer
You have placed an FTP server in your DMZ behind your firewall. The FTP server will be used to distribute software updates and demonstration versions of your products. Users report that they are unable to access the FTP server. What should you do to enable access?
question
Allowing NetBIOS traffic outside of your secured network
answer
Many popular operating systems allow for quick and easy sharing of files and printers with other network members. Which of the following is not a means by which file and printer sharing is hardened?
question
nmap -sT
answer
Which command should you use to scan for open TCP ports on your Linux system?
question
nmap
answer
You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports?
question
netstat -a
answer
Which command should you use to display both listening and non-listening sockets on your Linux system?
question
All listening and non-listening sockets
answer
What will the netstat -a command show?
question
Verify that your network's existing security infrastructure is working properly. Install the latest firmware updates from the device manufacturer.
answer
You manage the information systems for a large manufacturing firm. Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an Internet connection. You are concerned about security of these devices. What can you do to increase their security posture?
question
Verify that your network's existing security infrastructure is working properly. Install the latest firmware updates from the device manufacturer.
answer
You manage the information systems for a large co-location data center. Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology allowing them to be managed using a mobile device app over an Internet connection. You are concerned about the security of these devices. What can you do to increase their security posture?
question
These devices are typically more difficult to monitor than traditional network devices. These devices tend to employ much weaker security than traditional network devices.
answer
Why do attackers prefer static devices to conduct distributed network attacks?
question
Client-side scripts
answer
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?
question
Buffer overflow
answer
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
question
XSS
answer
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
question
Drive-by download
answer
When you browse to a website, a pop-up window tells you that your computer has been infected with a virus. You click on the window to see what the problem is. Later, you find out that the window has installed spyware on your system. What type of attack has occurred?
question
Database servers
answer
Which of the following are subject to SQL injection attacks?
question
SQL injection
answer
You have a website that accepts input from users for creating customer accounts. Input on the form is passed to a database server where the user account information is stored. An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?
question
Buffer overflow
answer
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
question
Buffer overflow
answer
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?
question
Pop-up blocker
answer
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view. Which tool can you implement to prevent these windows from showing?
question
Integer overflow
answer
While using a Web-based order form, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is refunded a large sum of money. What type of attack has occurred in this scenario?
question
Locally shared object (LSO) exploit
answer
While using a Web-based game created using Adobe Flash, a Flash cookie is set on a user's computer. The game saves legitimate data in the Flash cookie, such as statistics and user preferences. However, the game creator also programmed the game to track the Web sites that that user visits while the game is running and save them in the Flash cookie. This data is transferred to a server over an Internet connection without the user's permission. What type of exploit has occurred in this scenario?
question
Typosquatting
answer
Recently, a Web site named www.vidshare.com has become extremely popular with users around the world. An attacker registers the following domain names: www.videoshare.com www.vidshar.com www.vidsshar.com Each of these URLs points to a phising Web site that tricks users into supplying their vidshare.com user names and passwords. What type of attack has occurred in this scenario?
question
Watering hole attack: An attacker compromises a Web site, hoping that a target individual will access the site and be exposed to the exploit. Arbitrary code execution exploit: A vulnerability in a running process allows an attacker to inject malicious instructions and run them. LSO exploit: A Flash cookie is used to collect information about the user's browsing habits without their permission. Zero-day attack: An attacker exploits computer application vulnerabilities before they are known and patched by the application's developer.
answer
Match the exploit on the right with the appropriate description on the left.
question
Implementing a client-side validation
answer
An attacker inserts SQL database commands into a data input field of an order form used by a Web-based application. When submitted, these commands are executed on the remote database server, causing customer contact information from the database to be sent to the malicious user's Web browser. Which practice would have prevented this exploit?
question
Implementing server-side validation. Implementing client-side validation.
answer
While using a Web-based order from, an attacker enters an unusually large value in the Quantity field. The value she entered is so large that it exceeds the maximum value supported by the variable type used to store the quantity in the Web application. This causes the value of the quantity variable to wrap around to the minimum possible value, which is a negative number. As a result, the Web application processes the order as a return instead of a purchase, and the attacker's account is credited with a large sum of money. Which practices would have prevented this exploit?
question
Peer-to-peer networking
answer
What common design feature among Instant Messaging clients make them more insecure than other means of communicating over the Internet?
question
Sniffing
answer
What type of attack is most likely to succeed against communications between Instant Messaging clients?
question
Privacy
answer
Instant messaging does not provide which of the following?
question
Implement an application control solution
answer
Your organization's security policy specifies that peer-to-peer file sharing is not allowed. Recently, you received an anonymous tip that an employee has been using a BitTorrent client to download copyrighted media while at work. You research BitTorrent and find that it uses TCP ports 6881-6889 by default. You check your perimeter firewall configuration and only ports 80 and 443 are open. However, when you check your firewall logs, you find that no network traffic using ports 6881-6889 has been blocked. What should you do?
question
Flag
answer
You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist?
question
A compromise of the host system might affect multiple servers
answer
Which of the following are disadvantages to server virtualization?
question
A failure in one hardware component could affect multiple servers
answer
Which of the following are disadvantages to server virtualization?
question
Run the browser within a virtual environment
answer
You have a development machine that contains sensitive information relative to your business. You are concerned that spyware and malware might get installed while browsing websites and could compromise your system or pose a confidential risk. Which of the following would best protect your system?
question
Protects the host operating system from malicious downloads
answer
Which of the following is an advantage of a virtual browser?
question
Easy migration of systems to different hardware Centralized administration
answer
Which of the following are advantages of virtualization?
question
Connect the virtual network interfaces in the virtual machines to the virtual switch. Create a new virtual switch configured for host-only (internal) networking.
answer
You are an application developer. You use hypervisor with multiple virtual machines installed to test your applications on various operating system versions and editions. Currently, all of your testing virtual machines are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could possibly adversely impact other network hosts if mistakes or errors exist in the code. To prevent this, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other. What should you do?
question
Flexibility: Moving virtual machines between hypervisor hosts. Testing: Verifying that security controls are working as designed. Server consolidation: Performing a physical-to-virtual migration (P2V). Sandboxing: Isolating a virtual machine from the physical network.
answer
Match the virtualization feature on the right with the appropriate description on the left.
question
Connect the virtual network interfaces in the virtual machines to the virtual switch. Create a new virtual switch configured for bridged (external) networking.
answer
You are responsible for maintaining Windows workstation operating systems in your organization. Recently, an update from Microsoft was automatically installed on your workstations that caused an application that was developed in-house to stop working. To keep this from happening again, you decide to test all updates on a virtual machine before allowing them to be installed on production workstations. Currently, all of your testing virtual machines do not have a network connection. However, they need to be able to connect to the update servers at Microsoft to download and install updates. What should you do?
question
Fuzzing
answer
Which of the following will enter random data to the inputs of an application?
question
Input validation
answer
Which of the following is specifically meant to ensure that a program operates on clean, correct and useful data?
question
Configuration testing
answer
During the application development cycle, an application tester creates multiple virtual machines on a hypervisor, each with a different version and edition of Windows installed. She then installs the latest build of the application being developed on each virtual machine and evaluates them for security vulnerabilities. Which assessment technique was used in this scenario?
question
Code review
answer
During the application development cycle, a developer asks several of his peers to assess the portion of the application he was assigned to write for security vulnerabilities. Which assessment technique was used in this scenario?
question
Data will be stored in the database in unencrypted format. The database admin user has no password assigned.
answer
You've been assigned to evaluate NoSQL databases as a part of a big analysis initiative in your organization. You've downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment. Which of the following are likely to be true about this test system?
question
Implement an Application later protocol to encrypt data prior to saving it in the database. Disable anonymous access.
answer
You've been assigned to evaluate NoSQL databases as a part of a big data analysis initiative in your organization. You've downloaded an Open Source NoSQL database from the Internet and installed it on a test system in an isolated lab environment. What should you do to harden this database before implementing it in a production environment?
