Security Chapter 6 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which of the following best describes the purpose of using subnets?
answer
subnets divide an IP network address into multiple network addresses
question
Which of the following is not a reason to use subnets on a network?
answer
combine different media type on to the same subnet
question
Which of the following IPV6 addresses is equivalent to the IPV4 loopback address of 127.0.0.1?
answer
: :1
question
Which of the following IP addresses best describes an IPv6 address?
answer
128- bit address Eight hexadecimal quartets
question
Which of the following correctly describe the most common format for expressing IPv6 addresses?
answer
Hexadecimal numbers 32 numbers, grouped using colons
question
Which of the following are valid IPv6 addresses?
answer
141:0:0:15:0:0:1 6384:1319:7700:7631:446A:5511:8940:2552
question
Which of the following is a valid IPv6 address?
answer
FECO ::AB:9007
question
Routers operate at what level of the Open System Interconnect model ?
answer
Network Layer
question
You decided to use a subnet mask of 255.255.192.0 on the 172.17.0.0 network to create four separate subnets. Which network IDs will be assigned to these subnets in this configuration?
answer
172.17.128.0.0 172.17.0.0
question
You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?
answer
Implement version 3 of SNMP
question
You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. Which protocol should you implement?
answer
DNS
question
Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery?
answer
ICMP
question
You are configuring a network firewall to allow SMTP outbound email traffic and POP3 inbound email traffic. Which of the following TCP/IP ports should you open on the firewall?
answer
25 110
question
Which port number is only used by SNMP
answer
161
question
Which of the following ports does FTP use to establish sessions and manage traffic?
answer
20, 21
question
Using the Netstat command you notice the remote system has made a connection to your Windows Server 2008 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing?
answer
Downloading a file
question
To increase security on your company's internal network the admin has disabled as many ports as possible. Now however though you can browse the internet you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
answer
443
question
Which of the following network services or protocols uses TCP/IP port 22?
answer
SSH
question
1. SNMP 2. SSH 3. TFTP 4. SCP 5. Telnet 6.HTTPS 7. HTTP 8. FTP 9. SMTP 10. POP3
answer
1. 161 TCP and UDP 2. 22 TCP and UDP 3. 69 UDP 4. 22TCP and UDP 5. 23 TCP 6. 443 TCP and UDP 7. 80 TCP 8. 20 TCP 9. 25 TCP 10. 110 TCP
question
Which of the two following lists accurately describes TCP and UDP ?
answer
UDP: connectionless, unreliable, unsequenced,low overheard TCP: connection-oriented, reliable, sequenced, high overhead
question
You are an app developer creating apps for a wide variety of customers. In which two of the following situations would you select a connectionless protocol?
answer
A gaming company wants to create a networked version of its latest game. Communication speed and reducing packet overhead are more important than error-free delivery A company connects two networks through an expensive WAN link. The communication media is reliable but very expensive. They want to minimize connection times
question
You want to maintain tight security on your internal network so you can restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS which port should you enable?
answer
53
question
Your company's network provides HTTP HTTPS and SSH access to remote employees. Which ports must be opened on the firewall to allow this traffic to pass?
answer
80, 443, 22
question
Your network recently experienced a series of attacks aimed at the Telnet FTP services. You have rewritten the security policy to abolish the unsecured services and now you must secure the network using your firewall routers. Which ports must be closed to prevent traffic directed to these two services ?
answer
23,21
question
Which of the following is the main difference between a DoS attack and a DDoS attack?
answer
The DDoS attack uses zombie computers
question
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
answer
DDoS
question
You suspect that an Xmas attack is occurring on the system. Which of the following could result if you do not stop the attack?
answer
The system will be unavailable to respond to legitimate requests The threat agent will obtain info about open ports on the system
question
You need to enumerate the devices on your network and display the configuration details of the network. Which of the following should you use?
answer
nmap
question
An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing?
answer
browsing the organization's website
question
Which type of active scans turns off all flags in a TCP header?
answer
Null
question
Which of the following Denial of Service (DOS) attacks uses ICMP packets and will only be successful if the victim has less bandwidth then the attacker?
answer
Ping flood
question
In which of the following Denial of Service (DOS) attacks does the victim's system rebuild invalid UDP packets causing them to crash or reboot?
answer
Teardrop
question
A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver address, which is the address of the server. This is an example of what type of attack?
answer
Land Attack
question
Which of the following is a form of denial of service attack that subverts the TCP three-way handshake process by attempting to open numerous sessions on a victim server but intentionally failing to complete the session by not sending the final required packet?
answer
SYN flood
question
Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?
answer
Smurf
question
A SYN attack or a SYN flood exploits or alters which element of the TCP three-way handshake?
answer
ACK
question
When a SYN is flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address the attack is now called what ?
answer
Land attack
question
A smurf attack requires all but which of the following elements to be implemented?
answer
padded cell
question
Which of the following best describes the ping of death?
answer
An ICMP packet that is larger than 65,536 bytes
question
Which of the following is the best countermeasure against man-in-the-middle attacks?
answer
IPSec
question
What is modified in the most common form of spoofing on a typical IP packet
answer
source address
question
Which type of denial of service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?
answer
DNS poisoning
question
Which of the following describes a man-in-the-middle attack?
answer
a false server intercepts communications from a client by impersonating an intended server
question
Capturing packets as they travel from one host to another with the intent of altering contents of the packets is a form of which security concern?
answer
man-in-the-middle attack
question
When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets in the communication stream what type of attack has occurred?
answer
Hijacking
question
What is the goal of TCP/IP hijacking attack?
answer
Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access
question
Which of the following is not a protection against session hijacking?
answer
DHCP reservations
question
Which of the following is the most effective protection against IP packet spoofing on a private network?
answer
Ingress and egress filters
question
While using the internet you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, the browser displays a completely different website. When you use the IP address of the web server the correct site is displayed. What type of attack has likely occurred?
answer
DNS poisoning
question
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
answer
ARP poisoning
question
What are the most common network traffic packets captured and used in a replay attack?
answer
Authentication
question
When a malicious user captures authentication traffic and replays it against the network later what is the security problem you are most concerned about?
answer
an unauthorized user gaining access to sensitive resources
question
A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received on the internet-facing interface. This is an example of what form of attack?
answer
spoofing
question
An attacker uses an exploit to push a modified hosts file to client systems. This host file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial info. What kind of exploit has been used in this scenario?
answer
Pharming DNS poisoning
question
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
answer
Extranet
question
You are the office manager of a small financial credit business. Your company handles personal financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records but budget is an issue. Which item would provide the best security for this situation?
answer
all-in-one security appliance
question
You are implementing security at a local highschool that is concerned with students accessing inappropriate material on the internet from the library's computers. The students will use the computers to search the internet for research paper content. The school budget is limited. Which content filtering option would you choose?
answer
restrict content based on content categories
question
1. application-aware proxy 2. application-aware firewall 3. application-aware IDS
answer
1. improves application performance 2. Enforces security rules based on application that is generating network traffic instead of the traditional port and protocol 3. analyzes network packets to detect malicious payloads targeted at application-layer services
question
Your company has a connection to the internet that allows users to access the internet You also have a web server and an email server that you want to make available to internet users. You want to create DMZ for these two servers. Which type of device should you use to create the DMZ?
answer
Network based firewall
question
You have a company network that is connected to the internet. You want all users to have internet access but need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?
answer
use firewalls to create a DMZ. Place the web server inside the DMZ and private network behind the DMZ
question
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer and order information. How should you place devices on the network to best protect the servers?
answer
Put the database server on the private network put the web server inside the DMZ
question
Of the following security zones which one can serve as a buffer network between a private secured network and the untrusted internet?
answer
DMZ
question
Which of the following is likely to be located in a DMZ?
answer
FTP server
question
Members of the sales team use laptops to connect to the company network. While traveling they connect their laptops to the internet through the airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed. Which solution should you use?
answer
NAC
question
In which of the following situations would you most likely implement Demilitarized zone (DMZ) ?
answer
You want to protect a public webserver from attack
question
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
answer
bastion or sacrificial host
question
Which of the following is a firewall function?
answer
packet filtering
question
Which of the following are characteristics of a circuit-level gateway?
answer
stateful filters based on sessions
question
Which of the following are characteristics of a packet filtering firewall?
answer
stateless filters IP address and port
question
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
answer
circuit level
question
You provide internet access for a local school. You want to control internet access based on user and prevent access to specific URLs. Which type of firewall should you install?
answer
Application level
question
Which of the following is the best device to deploy to protect your private network from a public untrusted network?
answer
firewall
question
You have been given a laptop to use for work. You connect the laptop to your company network use it from home and for travel. You want to protect the laptop from internet based attacks. Which solution should you use?
answer
host based firewall
question
You connect your computer to a wireless network available at the local library. You find that you can access all websites you want on the internet except for two. What might be causing the problem?
answer
a proxy server is blocking access to the websites
question
Which of the following functions are performed by proxies?
answer
Block employees from accessing certain web sites cache web pages
question
Which of the following are true of a circuit proxy firewall ?
answer
Verifies sequencing of session packets operates at the session layer
question
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped ?
answer
ACL
question
You have a router that is configured as a firewall. The router is a layer 3 device only. Which of the following does the router use for identifying allowed or denied packets ?
answer
IP address
question
You have just installed a packet - filtering firewall on your network. What options will you be able to set on your firewall?
answer
Port number Source address of the packet Destination address of the packet
question
When designing a firewall what is the recommended approach for opening and closing ports?
answer
close all ports; open only ports required by applications inside the DMZ
question
Which of the following firewall types can be proxy between servers and clients?
answer
Application layer firewall circuit proxy firewall
question
You have a small network at home that is connected to the internet. On your home network you have a server with the IP address 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. You want to configure the server as a web server and allow internet hosts to contact the server to browse a personal website. You want to configure the server as a web server and allow Internet hosts to contact the server and browse a personal website. What should you use to allow access?
answer
static NAT
question
You are the network admin for a small company that implements NAT to access the internet. However you recently acquired 5 servers that must be accessible from outside your network. Your ISP has provided you with 5 addt'l registered IP addresses to support these new servers but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network yet still allow them to be accessible to the public from the outside? Which method of NAT translation should you implement for these 5 servers?
answer
static
question
You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of network address translation (NAT) should you implement?
answer
Dynamic
question
Which of the following is not one of the ranges of IP addresses defined in RFC 1918 that are commonly used behind a NAT server?
answer
169.254.0.0 -169.254.255.255
question
Which of the following networking devices or services prevents the use of IPsec in most cases ?
answer
NAT
question
Which of the following is not a benefit of NAT?
answer
Improving the throughput rate of traffic
question
You have a group of salesmen who would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?
answer
VPN concentrator
question
A VPN is used primarily for what purpose?
answer
support secured communications over an untrusted network
question
Which VPN protocol typically employs IPsec as its data encryption mechanism?
answer
L2TP
question
Which statement best describes IPsec when used in tunnel mode?
answer
The entire data packet including headers is encapsulated
question
Which IPsec sub protocol provides data encryption?
answer
ESP
question
Which of the following is not a VPN tunnel protocol?
answer
RADIUS
question
Which is the best countermeasure for someone attempting to view your network traffic?
answer
VPN
question
PPTP(Point to Point Tunneling Protocol) is quickly becoming obsolete because of what VPN protocol?
answer
L2TP (Layer 2 Tunneling Protocol)
question
What is the primary use of tunneling?
answer
Supporting private traffic through a public communication medium
question
In addition to Authentication Header(AH) IPsec is compromised of what other service?
answer
Encapsulating Security Payload (ESP)
question
A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks such as updating your organization's order database. Because she rarely comes back to your home office she usually accesses the network from her notebook using a Wi-Fi access provided by hotels, restaurants and airports. Many of these locations provide unencrypted public Wi-Fi access and you are concerned that sensitive data could be exposed. To remedy this solution you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration?
answer
Configure the browser to send HTTPS requests through a VPN connection Configure the VPN connection to use IPsec
question
What is the following is a valid security measure to protect email from viruses ?
answer
use blockers on e-mail gateways
question
Which of the following prevents access based on website ratings and classifications?
answer
content filter
question
1. prevents visiting malicious websites 2. prevents outsided attempts to access confidential information 3. identifies and disposes of infected content 4. prevents unwanted email from reaching your network 5. prevents visiting restricted websites
answer
1 web threat filtering 2 anti phishing software 3 virus blockers 4 gateway e-mail spam blockers 5 URL content filtering
question
You are investigating the use of web site URL content filtering to prevent users from visiting certain web sites. Which benefits are the result of implementing this technology in your organization?
answer
An increase to bandwidth availability Enforcement of the organizations Internet usage policy
question
You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devise except for a special server that holds the patches that the computers need to download. Which of the following components will be part of your solution?
answer
802.1x authentication Remediation servers
question
Which step is required to configure a NAP on a remote desktop (RD) gateway server?
answer
Edit the properties for the server and select request clients to send a statement of health
question
In a NAP system what is the function of the System Health Validator ?
answer
Compare the statement of health submitted by the client to the health requirements
question
How does IPsec NAP enforcement differ from the other NAP enforcement methods?
answer
Clients must be issued a valid certificate before a connection to the private network is allowed
question
Which of the following wireless security methods uses a common key configured on the wireless access point and all wireless clients?
answer
WEP WPA Personal and WPA2 Personal
question
Which of the following offers the weakest form of encryption for an 802.11 wireless network ?
answer
WEP
question
Which of the following features are supplied by WPA2 on a wireless network?
answer
Encryption
question
You need to secure your wireless network. Which security protocol would be the best choice?
answer
WPA2
question
You need to configure a wireless network. You want to use WPA2 Enterprise. Which of the following components will be part of your design?
answer
802.1x AES Encryption
question
Which of the following locations will contribute the greatest amount of interference for a wireless access point?
answer
Near cordless phones Near backup generators
question
You need to implement a wireless network link between two buildings on a college campus. A wired network has already been implemented within each building. The buildings are 100 meters apart. What type of wireless antennae should you use on each side of the link?
answer
High Gain Parabolic
question
How does WPA2 differ from WPA?
answer
WPA2 uses AES for encryption WPA uses TKIP
question
You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption. What should you do?
answer
Configure the connection to use WPA2-Enterprise
question
1. Short initialization vector makes key vulnerable 2. Uses AES for encryption 3. Uses RC4 for encryption 4. Uses TKIP for encryption 5. Uses CB-MAC for data integrity 6. Uses CCMP for key rotation
answer
1. WEP 2. WPA2 3. WEP 4. WPA 5. WPA2 6. WPA2
question
You need to add security for your wireless network. You would like to use the most secure method. Which method should you implement?
answer
WPA2
question
Which of the following is used on the wireless network to identify the network name?
answer
SSID
question
Which of the following are true about Wi-Fi protected Access 2 (WPA2) ?
answer
Uses AES for encryption and CBC-MAC for data integrity Upgrading from a network using WEP typically requires installing new hardware
question
WiMAX is an implementation of which IEEE committee?
answer
802.16
question
You want to connect a laptop computer running Windows 7 to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?
answer
Configure the connection with a preshared key and AES encryption
question
Your company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day you find that an employee has connected a wireless access point to the network in his office. What type of security risk is this?
answer
Rogue access point
question
Which of the following describes marks that attackers place outside a building to identify an open wireless network?
answer
War chalking
question
The process of walking around an office building with an 802.11 signal detector is known as what?
answer
War driving
question
Which of the following best describes Bluesnarfing?
answer
Unauthorized viewing calendar emails and messages on a mobile
question
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
answer
bluejacking
question
Which of the following is the best protection to prevent attacks on mobile phones through a Bluetooth protocol?
answer
disable Bluetooth on the phone
question
You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing interference, which of the following wireless standards could the network be using?
answer
802.11g Bluetooth
question
Your organization uses a 802.11g wireless network. Recently other tenants installed the following equipment in your building: A wireless television distribution system running at 2.4 GHz A wireless phone system running at 5.8 GHz A wireless phone system running at 900 MHz An 802.11 wireless network running at the 5GHz frequency range Since this equipment was installed your wireless network has been experiencing significant interference. Which system is to blame?
answer
The wireless TV system
question
Which of the following best describes evil twin?
answer
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive info
question
Network packet sniffing is often used to gain the info needed to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?
answer
Encryption
question
Which of the following common network monitoring or diagnostic activity can be used as a passive malicious attack?
answer
sniffing
question
You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do?
answer
Check the MAC address of devices connected to your wired switch conduct a site survey
question
1. Spark jamming 2. Random noise jamming 3. Random pulse jamming
answer
1. repeatedly blasts receiving equipment with high-intensity short duration RF bursts at a rapid pace 2. Produces RF signals using random amplitudes and frequencies 3. Uses radio signal pulses of random amplitude and frequency
question
An attacker has hidden an NFC reader behind an NFC-Based kiosk in an airport. The attacker uses the device to capture NFC data in transit between end-user devices and the reader in the kiosk. She then uses that info later on to masquerade as the original end-user device and establish an NC connection in the kiosk. What kind of attack has occurred in this scenario?
answer
NFC relay attack
question
You are implementing a wireless network in a dentist's office. The dentist's practice is small so you choose to use an inexpensive consumer grade access point. While reading the documentation, you notice that the access point supports Wi-Fi protected Setup (WPS) using a pin. You are concerned about the security implication of this functionality. What should you do to reduce risk?
answer
Disable WPS in the access point's configuration
question
Which of the following measures will make your wireless network invisible to the casual attacker performing war driving?
answer
Disable SSID broadcast
question
Which remote access authentication protocol allows for the use of smart cards for authentication?
answer
EAP
question
Which of the following do switches and wireless access points use to control access through the device?
answer
MAC filtering
question
You want to implement 802.11x authentication on your network Where would you configure passwords that are used for authentication?
answer
on a RADIUS server
question
You are the wireless admin for your organization. As the size of your organization has grown you've decided to upgrade your wireless network to use 802.11x authentication instead of pre-shared keys. You've decided to use LEAP to authenticate wireless clients. To do this you configured a Cisco RADIUS server and installed the necessary Cisco client software on each RADIUS client. Which of the following is true concerning this implementation?
answer
The system is vulnerable because LEAP is susceptible to dictionary attacks
question
You are the wireless admin for your organization. As the size of the organization has grown, you've decicided to upgrade your network to use 802.11x authentication instead of preshared keys. To do this you need to configure the RADIUS server and RADIUS clients. You want the server and the clients to manually authenticate each other. What should you do?
answer
Configure all wireless access points with client certificates Configure the RADIUS server with a server certificate
question
Which EAP implementation is most secure?
answer
EAP-TLS
question
Which of the following features on a wireless network allows or rejects client connections based on a hardware address?
answer
MAC address filtering
question
You've just finished installing a wireless access point for each client. What sh0uld you do to prevent unauthorized users from accessing the access point (AP) configuration utility?
answer
change the admin password on AP
question
You are concerned about sniffing attacks on your wireless network. Which of the following implementations offers the best countermeasure to sniffing?
answer
WPA2 with AES
question
What is the least secure place to locate an access point with Omni-directional antenna when creating a wireless cell?
answer
near a window
question
What purpose does a wireless site survey serve?
answer
To identify the coverage area and preferred placement of access points To identify existing or potential sources of interference
question
You need to place a wireless access point in your two story building. While trying to avoid interference which of the following is the best location for the access point?
answer
In the top floor