Security + Domain 1 Network Security – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which of the following is a firewall function? -Frame Filtering -Packet Filtering -FTF hosting -encrypting -Protocol conversion
answer
Packet Filtering
question
You have worked as the network administrator for a company for seven months. One day all picture files on the server become corrupted. You discover that a user downloaded a virus from the Internet onto his workstation, and it propagated to the server. you successfully restore all files from backup, but your boss is adamant that this situation does not recoccur. What should you do? -Install a firewall -Allow users to access the internet only from terminals that are not attached to the main network. -Disconnect the user from the Internet -Install a network virus detection software solution
answer
Install a network virus detection software solution
question
You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to implement scanning of e-mails for all users. You want to scan the e-mails and prevent any e-mails with malicious attachments from being received by users. Your solution should minimize adminstration,allowing you to centrally manage the scan settings. Which solution should you use? -DMZ -SMTP -Network based firewall -Host based firewall
answer
-Network based firewall
question
As a security precaution, you have implement IPsec is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? -Protocol analyzer -VPN concentrator -Network-based IDS -Host-based IDS -Port scanner
answer
-Host-based IDS
question
Your company has a connection to the internet that allows users to access the Internet. You aslo have a Web sever and an e-mail server that you want to make available to the Internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?
answer
Network-based firewall
question
Which of the following are characteristics of a circuit-level gateway?(Select two) -Filter IP address and port -Filter based on session -Stateful -Filters based on URL -Stateless
answer
-Filter based on sessions -Stateful
question
Which of the following are characteristics of a packet filtering firewall?(Select two) -Stateful -Filters based on sessions -Stateless -Filters based on URL -Filters IP address and port
answer
-Stateless -Filters IP address and port
question
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use? -Circuit-level -Packet filtering -Application level -VPN concentrator
answer
-Circuit-level
question
You provide Internet access for a local school. You want to control Internet access based on users, and prevent access to specific URLs. Which type of firewall should be install? -Circuit-level -Application level -IPS -Packet filtering
answer
-Application level
question
You are concerned about protection your network from a network-based attack from the Internet. Specifically, you are concerned about attacks that have not yet been identified or do not have prescribed protections. What type of device should you use? -Anti-virus scanner -Signature based IDS -Network based firewall -Anomaly based IDS -Host based firewall
answer
-Anomaly based IDS
question
Which of the following describes how a router can be used to implement security on your network? -Use a lookup table to deny access to traffic from specific MAC address -Use an access control list to deny traffic from specific IP addresses. -Examine the packet payload to deny packets with malformed data. -Use an access control list to deny traffic sent from specific users
answer
-Use an access control list to deny traffic from specific IP addresses
question
What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet? -Security alarm -IDS -Biometric system -Firewall
answer
-IDS
question
Which of the following is the best device to deploy to protect your private network from a public untrusted network? -HUB -Router -Gateway -Firewall
answer
-Firewall
question
Which of the following is a valid security measure to protect e-mails from viruses? -Blockers on e-mail gateways -Use PGP to sign outbound e-mail -Limit attachment to a max of 1MB -Use reverse DNS lookup
answer
-Use blockers on e-mail gateways
question
Virtual LAN can be created using which of the following? -Router -Switch -Gateway -HUB
answer
-Switch
question
What do host based intrusion detection systems often rely upon to perform their detection activities? -Network traffic -Remote monitoring tools -External sensors -Host system auditing capabilities
answer
-Host system auditing capabilities
question
What actions can a typical passive Intrusion Detection System(IDS) take when it detects an attack? (Select Two) -An alert is generated and delivered via e-mail, the console, or an SNMP trap. -The IDS configuration is changed dynamically and the source IP address is banned -LAN side clients are halted and removed from the domain -The IDS logs all pertinent data about the intrusion
answer
-An alert is generated and delivered via e-mail, the console, or an SNMP trap. -The IDS logs all pertinent data about the intrusion.
question
You have been getting a lot of phishing e-mails from the domain kenyan.msn.pl. Links within these e-mails open new browser windows at youneedit.com.pl. You want to make sure that these e-mails never reach your inbox, but that e-mail from other senders are not affected. What should you do? -Add kenyan.msn.pl to the email blacklist -add pl to the email blacklist. -add youneedit.com.pl to the email blacklist. -add msn.pl to the e-mail blacklist.
answer
-Add kenyan.msn.pl to the e-mail blacklist
question
Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations? -firewall -switch -IDS -Padded cell
answer
IDS
question
Network based intrusion dectection is most suited to detect and prevent which types of attacks? -Buffer overflow exploitation of software -Application implementation flaw -Bandwidth-based denial of service -Brute force password attack
answer
-Bandwidth-based denial of service
question
Which of the following activities are considered passive in regards to the functioning of an intrusion detection system?(choose two) -Disconnecting a port being used by a zombie -Listening to network traffic -Transmitting FIN or RES packets to an external host -Monitoring the audit trails on a server
answer
-listening to network traffic -Monitoring the audit trails on a server
question
An active IDS system often performs which of the following actions? (Select two) -Request a second logon test for users performing abnormal activities. -Perform revers lookups to identify an intruder. -Trap and delay the intruder until the authorities arrive. -Update filters to block suspect traffic
answer
-Perform reverse lookup to identify an intruder -Update filters to block suspect traffic
question
Which of the following prevents access based on websites rating and classification? -NIDS -DMZ -Packet-filtering firewall -Content filter
answer
-Content filter
question
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database? -Signature based -Heuristic based -Anomaly analysis based -Stateful inspection based
answer
-Signature based
question
What does an IDS that uses signature recognition use for identifying attacks? -Statistical analysis to find unusual deviations -Comparison of current statistics to past statistics -Comparison to a database of known attacks -Exceeding threshold values
answer
-Comparison to database of know attacks
question
You want to implement an IDS system that uses rules or statistical analysis to detect attacks. Which type of IDS should you deploy? -Anomaly -Signature -NIDS -HIDS
answer
-Anomaly
question
You have just installed a new network-based IDS system that uses signature recognition. What should you do on your regular basis? -Modify clipping levels -Check for backdoors -Generate a new baseline -Update the signature files
answer
-Update the signature files
question
Which of the following is the most common detection method used by an IDS? -Signature -Behavior -Anomaly -Heuristic
answer
-Signature
question
What is the most common form of hosted based IDS that employs signature or pattern matching detection methods? -Anti-virus software -Motion detectors -Honey pots -Firewalls
answer
-Anti-virus software
question
Which of the following devices accepts incoming client request and distributes those requests to specific servers? -Coaching engine -Load balancer -Media converter -CSU/DSU -IPS
answer
load balancer
question
You have a group of salesman who would like to access your private network through the Internet while they are traveling. you want to control access private network through a single server. Which solution should you implement? -IDN -VPN concentrator -RADIUS -IPS -DMZ
answer
-VPN concentrator
question
Which of the following devices can monitor a network and dectect potential security attacks? -Load balancer -IDS -PROXY -DNS server -CSU/DSU
answer
IDS
question
You want to be able to identify traffic that is being generated and sent through the network by a specific application running on a device Which tool should you use? -Protocol analyzer -TDR -Multimeter -Toner probe -Certifier
answer
-Protocol analyzer
question
You have been given a laptop to use for work. You connect the laptop to your company network, use it form home, and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use? -Host based firewall -Proxy server -VPN concentrator -Network based firewall
answer
Host based firewall
question
You connect your computer to a wireless network available at the local library. You find that you can access all web sites you want on the internet except for two. What could be the reason? -Router has not been configured to perform port forwarding -A firewall is blocking ports 80 and 443 -A proxy server is blocing access to the web sites -Port triggering is redirecting traffic to the wrong IP address
answer
-Proxy server is blocking access to the web sites
question
Which of the following function are performed by proxies?(Select two) -Give users tthe ability to participate in real-based Internet discussions -Cache web pages -Block unwanted packets from entering your private network -Store client files -Filter unwanted e-mail -Block employees from accessing certain web sites
answer
-Cache web pages -Block employees from accessing certain web sites
question
Which of the following are true of a circuit proxy filter firewall?(Choose two) -Operates at the session layer -Operates at ring 0 at the operating system -Verifies sequencing of session packets. -Examines the entire message contents.. -Operates at the network and transport layers -Operates at the application layer
answer
-Operates at the session layer -Verifies sequencing of session packets
question
Which of the following are security devices that perform statful inspection of packet data, looking for patterns that indicate malicious code?(choose two) -VPN -Firewall -ACL -IDS -IPS
answer
-IDS -IPS
question
Would like to control Internet access based on users, time of day, and web sites visited. How can you do this? -Configure the local security policy of each system to add internet restrictions. -Configure Internet zones using the Internet Options -Install a proxy server. Allow Internet access only through the proxy server. -Configure a packet-filtering firewall. Add rules to allow or deny Internet access. -Enable Windows Firewall on each system. Add or remove exception to control access.
answer
-Install a proxy server. Allow Internet access only through the proxy server.
question
You are the office manager of a small financial credit business. Your company handles personal, financial information for clients seeking small loans over the Internet. you are aware of your obligation to secure clients records, but budget is an issue. Which item would provide the best security for this situation? -Proxy server with access controls -All in one security appliance -Firewall on your gateway server to the Internet -Network access control system
answer
All in one security appliance
question
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the Internet form the library's computers. The students will use the computes to search the Internet for research paper content. The school budget is limited. Which content filtering option would you choose? -Restrict content based on content categories -Block specific DNS domain names -Block all content except for contect you have identified as permitted -Allow all content except for the content you have identified as restricted.
answer
-Restrict content based on content categories
question
Which of the following solutions would you implement to track which websites that network users are accessing? -Tarpit -NIDS -Packet-filtering firewall -Proxy
answer
-Proxy
question
When configuring VLANs on a switch, what is used to identify VLAN membership of a device? -Switch port -Hostname -Mac address -IP address
answer
-Switch port
question
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped? -IPsec -VNC -ACL -RDP -PPP
answer
-ACL
question
You have a router that is configured as a firewall. The router is a layer 3 devices only. Which of the following does the router use for identify allowed or denied packets? -Session ID -MAC address -Username and password -IP address
answer
-IP address
question
You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch. Which of the following should you implement? -IPsec -Spanning tree -802.1x -Port security
answer
-802.1x
question
Which of the following application typically use 802.1x authentication? (Select two) -Controlling access through a switch -Authentication remote access clients -Controlling access through a wireless access point -Authenticating VPN users through the Internet
answer
-Controling access through a switch -Controling access through a wireless access point
question
Which of the following attacks, if successful, causes a switch to function like a hub? -Replay -ARP poisoning -MAC spoofing -Mac flooding
answer
-Mac flooding
question
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow vistors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees, connected throughout the rest of your building should have private and Internet access. Which feature should you implement? -NAT -port authentication -VLANs -DMZ
answer
-VLANs
question
You have just installed a packet filtering firewall on your network. What options will you be able to set on your firewall? Select all that apply. -Digital signature -Destination address of a packet -Checksum -Sequence number -Port number -Acknowledgement number -Source address of a packet
answer
-Destination address of a packet -Port number -Source address of a packet
question
Which configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch? -Any port not assigned to a VLAN -Each port can only be a member of a single VLAN -Trunk ports -Gigabit and higer Ethernet ports -Uplink ports
answer
-Trunk ports
question
Which of the following is most important thing to do to prevent console access to the router? -Implement an access list to prevent console connections. -Keep the router in a locked room -Set console and enable secret passwords. -Disconnect the console cable when not in use
answer
-Keep the router in a locked room
question
Which of the following describes how access lists can be used to improve network security? -An access list filters based on the frame header such as source or destination MAC -AN access list identifies traffic that must use authentication or encryption -An access list looks for patterns of traffic between multiple packets and take action to stop detected attacks. -An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.
answer
-An access list filters traffic based on the IP header or destination IP address, protocol, or socket numbers
question
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that vistors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to coneect to the network. What feature should you configure? -Bonding -Spanning tree -Port authentication -Mirroring -VLANs
answer
-Port authentication
question
Which of the following solutions would you implement to eliminate switching loops? -Inner-vlan routing -Auto-duplex -Spanning tree -CSMA/CD
answer
-Spanning tree
question
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches? -PoE -Trunking -802.1x -Spanning tree
answer
-Spanning tree
question
You manage a network that uses multiple switches. You want to provide mulitple paths between switches so that if one link goes down, an alternate path is available. Which feature should your switch support? -PoE -Mirroring -OSPF -Spanning tree -Trunking
answer
-Spanning tree
question
In which of the following situations would you use port security? -You want to restrict the device that could connect through a switch port. - You want to prevent MAC address spoffing -You want to control the packets sent and received by a router -You want to prevent sniffing attacks on the network.
answer
You want to restrict the devices that could connect through a switch port
question
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the Internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do? -Create static Mac address for each computer -Configure port security on the switch. -Create a VLAN for each group of four computers. -Remove the hub and place each library computer on its own access port
answer
-Configure port security on the switch
question
You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which should you do? -Create a GPO folder policy for the folders containing the files. -Create a GPO computer policy for the computers in the Development OU -Create a GPO user for the development OU -Create a GPO computer policy for the computers container
answer
-Create a GPO computer policy for the computers in the Development OU
question
Computer policies include a special category called user rights. Whcih action do they allow an administrator to perform? -Identify users who can perform maintenance task on computers in an OU -Specify the registry for users on specified computers in an OU -Designate a basic set of rights for all users in an OU
answer
-Identify users who can perform maintenance tasks on computer in an OU
question
Which statement is true regarding application of GPO settings? (Flip for answer. Too much to write)
answer
If a setting is defined in the local group policy on the computer and not defined in the GPO linked to the OU, the setting will be applied
question
Which step is required to configured a NAP on a RD gateway server? -Configure the server to issue a valid statement of health certificate -Configure the enforcement point as a RADIUS client to the NAP server -On the 802.1x switch, define the RD gateway server as a compliant network VLAN -Edit the properties for the server and select REQUST CLIENT TO SEND A STATEMENT OF HEALTH
answer
Edit the properties for the server and select REQUST CLIENT TO SEND A STATEMENT OF HEALTH
question
LAB
answer
Add an HTTP Firewall Rule that allows traffic from the WAN to the Web server in the DMZ Hide Details From Zone: UNSECURE (WAN) To Zone: DMZ Service: HTTP Action: Allow Always Source Hosts: Any Internal IP Address: 172.16.2.100 External IP Address: Dedicated WAN Add an HTTPS Firewall Rule that allows traffic from the WAN to the Web server in the DMZ Hide Details From Zone: UNSECURE (WAN) To Zone: DMZ Service: HTTPS Action: Allow Always Source Hosts: Any Internal IP Address: 172.16.2.100 External IP Address: Dedicated WAN Add an FTP Firewall Rule that allows traffic from the administrator workstation to the Web server in the DMZ Hide Details From Zone: SECURE (LAN) To Zone: DMZ Service: FTP Action: Allow Always Source Address: 192.168.1.200 Destination Address: 172.16.2.100 Add an SSH (TCP) Firewall Rule that allows traffic from the administrator workstation to the Web server in the DMZ Hide Details From Zone: SECURE (LAN) To Zone: DMZ Service: SSH (TCP) Action: Allow Always Source Address: 192.168.1.200 Destination Address: 172.16.2.100 Explanation To configure the Firewall, complete the following steps: 1.In the Security Appliance Configuration Utility, select Firewall > IPv4 Rules. 2.Click Add.... 3.Enter Firewall Rule parameters as required by the scenario and click Apply. 4.Repeat steps 2 and 3 for additional firewall rules
question
You have a company network that is connected to the Internet. You want all users to have Internet access, but need to protect your private network and users. You also need to make a Web server publicly available to Internet users. Which solution should you use? -Use single firewall. Put the Web server in front of the firewall, and the private network behind the firewall. -Use firewall to create a DMZ. Place the Web server inside the DMZ, and the private network behind the DMZ -Use firewall to create a DMZ. Place the Web server and the private network inside the DMZ -Use a single firewall. Put the Web server and the private network behind the firewall
answer
-Use firewall to create a DMZ. Place the web server inside the DMZ, and the private network behind the DMZ.
question
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to Internet users. The Web server must communicate with database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the severs?(SELECT TWO)
answer
-Put the web server inside the DMZ -Put the database server on the private network
question
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet? -Padded cell -DMZ -Extranet -Intranet
answer
-DMZ
question
Which of the following is likely to be located in a DMZ? -FTP server -User workstation -Domain controller -Backup server
answer
-FTP server
question
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with the computer through the switch, but you still need to access the network through the computer? What should you use for the situation? -VPN -Port security -Spanning tree -VLAN
answer
-VLAN
question
Which of the following best describe the concept of a virtual LAN?
answer
Devices on the same network logically grouped as if they were on separate networks