SNMP for improved security.
Unlock all answers in this set
Unlock answersquestion
You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?
answer
Implement version 3 of SNMP SNMP is a protocol designed for managing complex networks, SNMP lets network hosts exchange configuration and status information. The original version of SNMP has several vulnerabilities. For added security, implement version 3 of SNMP. SSH allows for secure interactive control fo remote systems, but does not provide the same features as SNMP. RADIUS is used to control remote access authentication, authorization, and accounting from a centralized server.
question
You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. What protocol should you implement?
answer
DNS DNS is a system that is distributed throughout the inter-network to provide address/name resolution. For example, the name www.mydomain.com would be identified with a specific IP address. ARP is a protocol for finding the IP address from a known MAC address. DHCP is a protocol used to assign IP addresses to hosts. Telnet is a remote management utility.
question
Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery?
answer
ICMP The Internet Control Message Protocol (ICMP) allows hosts to exchange messages to indicate the status of a packet as it travels through the network.
question
You are configuring a network firewall to allow SMTP outbound email traffic, and POP3 inbound email traffic. Which of the following TCP/IP ports should you open on the firewall? (Select Two)
answer
25,110 SMTP uses TCP/IP port 25. POP3 uses TCP/IP port 110. FTP uses 21. IMAP uses 143. TCP/IP port 443 is used by SSL
question
Which port number is used by SNMP?
answer
161 SMTP uses port 25 POP3 uses port 110 NNTP uses port 119 IMAP4 uses port 143
question
Which of the following ports does FTP use to establish sessions and manage traffic?
answer
FTP FTP uses ports 20 and 21 to establish sessions and manage traffic. Once sessions are established, FTP uses random higher order port to perform the actual file transfers. Port 80 is used by HTTP and TLS, port 443 is used by SSL and TLS. Port 25 is used by SMTP and port 110 is used by POP3. Ports 125-129 are used by NetBIOS.
question
Using the Netstat command you notice that a remote system has made a connection to your Windows server 2003 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing ?
answer
Downloading a file Port 21 is used by FTP which is used to download files.
question
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, however, though you can browse the Internet, you are unable to perform some secure credit card transactions.
answer
443 To perform secure transactions, SSL on port 443 needs to be enabled. HTTPS uses port 443 by default.
question
Which of the following network services or protocols uses TCP/IP port 22?
answer
SSH SSH uses port 22 TFTP uses port 69 NNTP uses port 119 IMAP4 uses port 143.
question
Which two of the following lists accurately describes TCP and UDP?
answer
TCP: Connection-oriented, reliable, sequenced, high overhead UDP: connection-less, unreliable, unsequenced, low overhead
question
You are an application developer creating applications for a wide variety of customers. In which two of the following situations would you select a connectionless protocol?(Select 2
answer
A company connects two networks through an expensive WAN link. The communication media is reliable, but very expensive. They want to minimize connection times. A gaming company wants to create a networked version of its latest game. Communication speed and reducing packet overhead are more important than error-free delivery.
question
Matching ports to associated services
answer
SNMP = 161 TCP and UDP SSH = 22 TCP and UDP TFTP = 69 UDP SCP = 22 TCp and UDP Telnet = 23 TCP HTTPS = 443 TCP and UDP HTTP = 80 TCP FTP = 20 TCP SMTP = 25 TCP POP3 = 110 TCP
question
You want to maintain tight security on your internal network so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable?
answer
53 The DNS service uses port 53.
question
Your company's network provides HTTP, HTTPS, and SSH access to remote employees. Which ports must be opened on the firewall to allow this traffic to pass?
answer
80,443,22 Port 80 for traditional HTTP Web Port 443 for HTTPS Port 22 for Secure Shell(SSH)
question
Your network recently experienced a series of attacks at the Telnet and FTP services. You have rewritten the security policy to abolish the unsecured services, and now you must secure the network using your firewall and routers. Which ports must be closed to prevent traffic directed to these two services?
answer
23,21 Close port 23 to prevent Telnet traffic and port 21 for FTP. Both protocols pass user credentials in clear text and represent a serious vulnerability toyour network.
question
What is the main difference between a DoS attack and a DDoS attack?
answer
The DDos attack uses zombie computers. In a DDos attack: The attacker identifies one of the computers as the master The master uses zombies/bots to attack The master directs the zomvies to attack the same target DoS is a generic term meaning many different types of attacks, in a DoS attack, a single attacker directs an attack against a single target, sending packets directly to the target.
question
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
answer
DDos Spamming is just a traffic generation form of attack. Replay and backdoor attacks are just flaw exploitation forms of attack. Replay attacks exploit software flaws by capturing traffic, possibly editing it, then replaying the traffic in an attempt to gain access to a system.
question
You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack? (Select two.)
answer
The system will unavailable to respond to legitimate requests. The threat agent will obtain information about open ports on the system. A Christmas tree attack conducts reconnaissance by scanning for open ports. It also conducts a DoS attack if sent in large amounts.
question
You need to enumerate the devices on your network and display the configuration details of the network. Which of the following utilities should you use?
answer
NMAP Nmap is an open source security scanner used for network enumeration and to create a map of configuration details of a network. Nmap sends specially crafted packets to the target host and then analyzes the responses to create the map.
question
An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing?
answer
Browsing the organization's Website Other forms include putting a sniffer on the wire or eavesdroppiong on employee conversations.
question
Which type of active scan turns off all flags in a TCP header?
answer
Null A null scan turns off all flags in a TCP header, creating a lack of TCP flags that should never occur in the real world.
question
Which of the following Denial of Service (DoS) attacks uses ICMP packets and will only be successful if the victim has less bandwidth than the attacker?
answer
Ping Flood A ping flood is where the attacker overwhelms the victim with ICMP Echo Request (ping) packets. In a ping flood, the attack succeeds only if the attacker has more bandwidth than the victim.
question
In which of the following Denial of Service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot?
answer
Teardrop In the Teardrop attac, fragmented UDP packets with overlapping offsets are sent. Then when the victim system re-builds the packets, an invalid UDP packet is created, causing the system to crash or reboot.
question
A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?
answer
Land Attack A land attack is the form of attack where the SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server.
question
Which of the following is a form of denial of service attack that subverts the TCP three-way handshake process by attempting to open numerous sessions on a victim server but intentionally falling to complete the session by not sending the final required packet?
answer
SYN flood A SYN attack or a SYN flood is a form of denial of service attack that subverts the TCP three-way handshake process by attempting to open numerous sessions on a victim server but intentionally failing to complete the session by not sending the final required packet.
question
Which of the following is a form of denial of service attack uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?
answer
Smurf Smurf is a form of denial of service attack which uses spoofed ICMP packets to flood a civtim with echo requests using a bounce/amplification network.
question
A SYN attack or a SYN flood exploits or alters which element of the TCP three-way handshake?
answer
ACK A Syn attack or SYN flood exploits or attacks the ACK packet of the TCP-three-way handshake. By not sending the final ACK packet, the server holds open an incomplete session, thus consuming system resources.
question
When a Syn flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what?
answer
Land Attack A land attack is a SYN flood where the source and destination address of the SYN packets are both defined as the victim's IP address.
question
A surf attack requires all but which of the following elements to be implemented?
answer
Padded Cell A smurf attack does not require a padded cell to be implemented. It requires an attack system, an amplification network, and a victim computer or network. A padded cell is a type of intrusion enticement mechanism similar to a honey pot. A padded cell is a simulated network environment that is created when an intruder is detected.
question
Which of the following best describes the ping of death?
answer
An ICMP packet that is larger than 65,536 bytes.
question
Which of the following is the best countermeasure against man-in-the-middle attacks?
answer
IPSec IPSec is the best countermeasure against man-in-the middle attacks. Use IPSec to encrypt data in a VPN tunnel as it passes between two communication partners. Even if someone intercepts the traffic, they will be unable to extract the contents of the messages because they are encrypted.
question
What is modified in the most common form of spoofing on a typical IP Packet?
answer
Source Address In this way, the correct source device address is hidden.
question
Which type of Denial of Service (DoS) attack occurs when a name server receives malicious or misleading data that the incorrectly maps host names and IP Addresses?
answer
DNS poisoning In a DNS poisoning attack: Incorrect DNS data is introduced into a primart DNS server. The incorrect mapping is made available to client applications through the resolver. Traffic is directed to incorrect sites.
question
Which of the following describes a man-in-the-middle attack?
answer
A false server intercepts communications from a client by impersonating the intended server
question
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concerns?
answer
Man-in-the-middle attack
question
When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communications stream, what type of attack has occurred?
answer
Hijacking A hijacking attack is one where the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream. Session hijacking has become difficult to accomplish due to the use of time stamps and randomized packet squencing rules employed by modern operating systems.
question
What is the goal of a TCP/IP hijacking attack?
answer
Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access
question
Which of the following is NOT a protection against session hijacking?
answer
DHCP reservations Not a protection against session hijacking as if a valid MAC address can be discovered, then an IP address is handed out freely to the spoofed client by the DHCP server.
question
Which of the following is the most effective protection against IP packet spoofing on a private network?
answer
Ingress and egress filters Ingress filters examine packets coming into the network Egress filters examine packets going out of the network.
question
While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the IP address of the Web server, the correct site displayed. Which type of attack has likely occurred.
answer
DNS poisoning
question
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
answer
ARP poisoning Arp spoofing/poisoning associates the attacker's MAC address with the IP address of victim devices. When computers send an ARP request to get the MAC address of a known IP address, the attacker's system responds with its MAC address.
question
What are the most common network traffic captured and used in a reply attack?
answer
Authentication Authentication traffic is the most commonly captured type of network traffic packets used in replay attacks. If someone is able to replay the stream of authentication packets successfully, they can gain the same access to the system or network as the original user.
question
When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?
answer
An unauthorized user gained access to sensitive resources
question
A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received in the Internet-facing interface. This is an example of what form of attack?
answer
Spoofing
question
An attacker uses an exploit to push a modified host file to clients systems. This host file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. What kind of exploit has been used.
answer
DNS poisoning Pharming
question
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
answer
Extranet An extranet is a privately controlled portion of a network that is accessible to some specific external entities. Often those external entities are business partners, suppliers, distributors, vendors, or possibly customers.
question
You are the office manager of a small financial credit business. Your company handles personal, financial information for clients seeking small loans over the Internet. You are aware of your obligation to secure clients records, but budget is an issue. Which item would provide the best security for this situation?
answer
All-in-one security appliance Would provide the best overall protection. The all-in-one security appliance takes up the least amount of space and requires the least amount of technical assistance for setup and maintenance.
question
You are implementing security at a local high school that is concerned with student accessing inappropriate material on the Internet from the library's computers. The students will use the computers to search the Internet for research paper content. The school budget is limited. Which content filtering option would you choose?
answer
Restrict content based on content categories.
question
Match the application-aware network device on the right with the appropriate description on the left.
answer
Application-aware proxy Improves application performance Application-aware firewall Enforces security rules based on the application that is generating network traffic, instead of the traditional port and protocol Application-aware IDS Analyzes network packets to detect malicious payloads targeted at application-layer services
question
Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to the internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?
answer
Network-based firewall DMZ is a buffer network that sits between the private network and an untrusted network. To create a DMZ, use two network-based firewall devices: one connected ot the public network and one connected to the private network.
question
You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use?
answer
Use firewalls to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ.
question
You have used firewalls to create a demilitarized zone. You have a Web server that needs to be accessible to Internet users. The Web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
answer
Put the database server on the private network. Put the Web server inside the DMZ
question
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet?
answer
DMZ Servers as a buffer network
question
Which of the following is likely to be located in a DMZ?
answer
FTP Server
question
Members of the Sales team use laptops to connect to the company network. While travelling, they connect their laptops to the Internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed. Which solution should you use?
answer
NAC Network Access Control controls access to the network by not allowing computers to access network resources unless they meet certain predefined security requirements.
question
In which of the following situations would you most likely implement a demilitarized zone (DMZ)?
answer
You want to protect public Web Server from attack.
question
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
answer
Bastion or sacrificial host A bastion or sacrificial host is one that is unprotexted by a firewall. The term bastion host can be used to describe any device fortified against attack, such as a firewall. A sacrificial host might be a device interntionally exposed to attack, such as a honey pot.
question
Which of the following is a firewall function?
answer
Packet Filtering
question
Which of the following are characteristics of a circuit-level gateway?(Select two)
answer
Filters based on sessions Stateful
question
Which of the following are characteristics fo a packet filtering firewall?
answer
Stateless Filters IP address and port
question
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
answer
Circuit- Level
question
You provide Internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?
answer
Application Level
question
Which of the following is the best device to deploy to protect your private network from a public untrusted network?
answer
Firewall
question
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-bases attacks. What solution should you use?
answer
Host Based Firewall
question
You connect your computer to a wireless network available at the local library. You find that you can access all web sites you want on the Internet except two. What might be causing the problem?
answer
A proxy server is blocking access to the web sites.
question
Which of the following functions are performed by proxies?(Select two)
answer
Cache web pages Block employees from accessing certain Web sites
question
Which of the following are true of a circuit proxy filter firewall?(Select two)
answer
Operates at the Session Layer AND Verifies sequencing of session packets
question
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
answer
ACL
question
You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?
answer
IP Address
question
You have just installed a packet-filtering firewall on your network. What options will you be able to set on your firewall? Select all that apply.
answer
Source address of a packet, Destination address of a packet, AND Port Number
question
When designing a firewall, what is the recommended approach for opening and closing ports?
answer
Close all ports; open only ports required by applications inside the DMZ
question
Which of the following firewall types can be a proxy between servers and clients?(Select two)
answer
Application layer firewall AND Circuit proxy filtering firewall
question
You have a small network at home that is connected to the internet. On your home network you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow Internet hosts to contact the server to browse a persona Web site. What should you use to allow access?
answer
Static NAT
question
You are the network administrator for a small company that implements NAT to access the Internet. However, you recently acquired 5 servers that must be accessible from outside your network. Your ISP has provided you with 5 additional registered IP addresses to support these new servers but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these 5 servers?
answer
Static
question
YOU want to connect your small company network to the Internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of NAT should you implement?
answer
Dynamic
question
Which of the following in NOT one of the ranges of IP addresses define in RFC 1918 that are commonly used behind a NAT server?
answer
169.254.0.0-169.254.255.255
question
Which of the following network devices or services prevent the use of IPsec in most cases?
answer
NAT
question
Which of the following is NOT a benefit of NAT?
answer
Improving the throughput rate of traffic
question
You have a group of salesmen who would like to access your private network through the Internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?
answer
VPN Concentrator
question
A VPN is used primary for what purpose?
answer
Support secured communications over an untrusted network
question
Which VPN protocol typically employs IPsec as its data encryption mechanism?
answer
L2TP
question
Which statement best describes IPSec when used in tunnel mode?
answer
The entire data packet, including headers, is encapsulated
question
Which IPSec subprotocol provides data encryption?
answer
ESP
question
Which is the best countermeasure for someone attempting to view your network traffic?
answer
VPN
question
PPTP is quickly becoming obsolete because of what VPN protocol?
answer
L2TP
question
What is the primary use of tunneling?
answer
Supporting private traffic through a public communication medium
question
In addition to Authentication Header (AH), IPSec is comprised of what other service?
answer
ESP
question
A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using WiFi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public WiFi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook
answer
Configure the VPN connection to use IPsec Configure the browser to send HTTPS requests through the VPN connection.
question
Which of the following is a valid security measure to protect e-mail from viruses?
answer
Use blockers on e-mail gateways
question
Which of the following prevents access based on website ratings and classifications?
answer
Content Filter
question
Drag the Web threat protection method on the left to the correct definition on the right.
answer
Prevents visiting malicious Web sites. Web threat filtering. Prevents outsided attempts to access confidential information. Antiphishing software. Identifies and disposes of infected content. Virus blockers. Prevents unwanted email from reaching your network. Gateway email spam blockers. Prevents visiting restricted Web sites. URL content filtering
question
You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download. Which of the following components will be part of your solution?(Select two)
answer
Remediation Servers 802.1x Authentication
question
Which step is required to configure a NAP on a Remote Desktop(RD) Gateway server?
answer
Edit the properties for the server and select Request clients to send a statement of health.
question
In a NAP system, what is the function of the System Health Validator?
answer
Compare the statement of health submitted by the client to the health requirements
question
How does IPsec NAP enforcement differ from other NAP enforcement methods?
answer
Clients must be issued a valid certificate before a connection to the private network is allowed.
question
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security goals is most at risk?
answer
Confidentiality
question
Smart phones with cameras and Internet capabilities pose a risk to which security goal?
answer
Confindentiality
question
By definition, which security concept ensures that only authorized parties can access data?
answer
Confidentiality
question
You computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user.
answer
Integrity
question
Which of the following is an example of an internal threat?
answer
A user accidentally deletes the new product designs
question
What is the greatest threat to the confidentiality of data in most secure organizations?
answer
USB Devices
question
Which of the following the correct definition of a threat?
answer
Any potential danger to the confidentiality, integrity, or availability of information systems.
question
Which of the following is an example of a vulnerability
answer
Misconfigured Server
question
Which of the following is not a valid concept to associate with integrity?
answer
Control access to resources to prevent unwanted access
question
When a cryptographic system is used to protect the confidentiality of data, what is actually protected?
answer
Unauthorized users are prevented from view or accessing the resource.
question
By definition, which security concept uses the ability to prove that a sender sent an excrypted message
answer
Non-Repudiation
question
The company network is protected by a firewall, an ids, and tight access controls. All of the files on this protexted network are copied to tape every 24 hours. the backup solution imposed on this network is designed to provide protection for what security service?
answer
Availability
