|
You notice that over the last few months more and more static systems, such as the office environment control system, security , and lighting controls, you know these devices can be a threat. |
Create a VLAN to use as a low-trust network zone for these static systems to connect to |
|
Your network devices are categorized into the following zone types: no trust, low trust, medium trust, high trust zones What type of secure architecture concept is being used on this network |
Network segmentation |
|
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. |
User Education and Training |
|
A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employee accounts. However, audit logs have shown that the user account has changed ACLS and several confidential files and accessed data in restricted areas |
Privilege escalation |
|
An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if the user account is used to perform administrative functions? |
Privilege escalation |
|
While developing a network application the programmer adds a function that allows access to the running application without authentication so they can capture debugging data. If they do not remove this what type of security weakness does this represent? |
Backdoor |
|
What common design feature among instant messaging clients make them less secure than other means of communicating over the internet? |
Peer-to-peer networking |
|
What type of attack is most likely to succeed with communications between instant messaging clients? |
Sniffing |
|
Instant messaging does not provide which of the following? |
Privacy |
|
Peer to peer file sharing is not allowed, recently you recieved a tip that an employee has been using a Bittorrent client to download copyrighted media while at work. What should you do? |
Implement an application control solution |
|
You are implementing a new application control solution. How should you configure the application control software to handle application not contained in the whitelist? |
Flag |
|
Which of the following attacks, if successful, causes a switch to function like a hub? |
Mac Flooding |
|
Which of the following switch attacks associates the attackers MAC address with the IP address of the victim’s devices? |
ARP spoofing/poisoning |
|
Which is the typical goal of MAC spoofing? |
Bypassing 802.1x port-based security |
|
Which protocol should you disable on the user access ports of a switch? |
DTP (Dynamic Trunking Protocol) |
|
A virtual LAN can be created using which of the following? |
Switch |
|
When configuring VLAN’s on a switch, what is used to identify which VLAN a device belongs to |
Switch Port |
|
You want to increase the security of your network by allowing only authenticated users to access network devices through a switch |
802.1x |
|
Which of the following applications typically use 802.1x authentication? |
Controlling access through a switch or Wireless access point |
|
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your network. Employees connected throughout the rest of your building should have both private and internet access |
VLANs |
|
When configuring VLANs on a switch, what type of switch ports are members of all VLAN’s defined on the switch? |
Trunk Ports |
|
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. |
Port Authentication |
|
Which of the following solution who’ll you implement to eliminate switching loops? |
spanning tree |
|
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only one single active path between any two switches? |
Spanning tree |
|
In which of the following situations would you use port security? |
you want to restrict the devices that could connect through a switch port. |
|
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You’ve had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. what can you do? |
Configure port security on the switch |
|
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. |
VLAN |
|
Which of the following best describe the concept of a Virtual LAN |
Devices on the same network logically grouped as if they were on separate networks |
|
Your company is a small startup company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. a single switch connects all devices in the building to the router that provides internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented? |
VLAN |
|
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. |
Spanning tree |
|
Which of the following is an appropriate definition of a VLAN? |
A logical grouping of devices based on service need, protocol, or other criteria |
|
The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN? |
You can control security by isolating wireless guest devices within this VLAN |
|
Which of the following is NOT an administrative benefit of implementing VLANs? |
You can simplify routing traffic between separate networks |
|
You’ve just deployed a new cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID for access. You’ve backed up the router configuration to a remote location in a encrypted file. you access the router configuration interface from your notebook computer using a telnet client with a user name of admin and password of admin you have used the MD5 hashing algorithm to protect the password. What should you do to increase security? |
Change default user name and password Use SSH client to access the router Config |
|
You’ve just deployed a new cisco router that connects several network segments in your organization. |
Move the router to a secure room |
|
You’ve just deployed a new cisco router that connects several network segments in your organization. |
Use SCP (secure copy protocol) to back up the router |
|
Which of the following can make passwords useless on a router? |
not controlling the physical access to the router |
|
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provided encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. what security solution should you implement? |
Host based IDS |
|
What do host based IDS often rely upon to perform detection activities? |
Host system auditing capabilities |
|
Which actions can a typical passive intrusion detection system (IDS) take when it detects an attack? |
An alert is generated and delivered via email, the console, or an SNMP trap The IDS logs all pertinent data about the intrusion. |
|
Network based intrusion detection is most suited to detect and prevent which types of attacks? |
Bandwidth-based denial of service |
|
which of the following activities are considered passive in regard to the function of an intrusion detection system? |
Listening to network traffic Monitoring the audit trails on a server |
|
Which of the following devices can monitor a network and detect potential security attacks? |
IDS |
|
Which of the following are security devices that perform stateful inspection of packet data and look for patterns that indicate malicious code? |
IPS IDS |
|
You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device? |
False Positive |
|
Which of the following describes a false positive when using an IPS device? |
Legitimate traffic being flagged as malicious |
|
Which of the following devices is capable of detecting and responding to security threats? |
IPS |
|
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? |
IPS |
|
Network-based intrusion detection is most suited to detect and prevent which types of attacks? |
Bandwidth based DOS |
|
A honey pot is used for which purpose? |
To delay intruders in order to gather auditing data |
|
Which of the following describes the worst possible action by an IDS? |
The system identified a harmful traffic as harmless and allowed it to pass with our generating any alerts |
|
Which of the following functions can a port scanner provide? |
Discovering unadvertised servers Determining which ports are open on a firewall |
|
Which of the following is the type of port scan that does not complete the full three-way handshake, but rather listens only for either SYN/ACK or RST/ACK packets? |
TCP SYN scan |
|
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept the packets sent to those services. |
Port Scanner |
|
You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need? |
Vulnerability scanner |
|
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use? |
Network mapper |
|
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tools should you use? |
Retina, Nessus |
|
You want to check a server for user accounts that have weak passwords. Which tool should you use? |
John the Ripper |
|
Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool? |
Checks user accounts for weak passwords Checks for open ports Check for missing patches |
|
Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities? |
Open Vulnerability and Assessment Language (OVAL) |
|
You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could present on a system? |
Definition |
|
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches? |
Run the Vulnerability assessment again |
|
You want to use a vulnerability scanner to check a system for known security risks. What should you do first? |
Update the scanner definition files |
|
A security administrator logs on to a windows server on her organizations network. She then runs a vulnerability scan on that server. |
Credentialed scan |
|
A security administrator needs to run vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside. what type of scan should he use? |
Non- credentialed scan |
|
You want to identify traffic that is generated and sent through the network by a specific application running on a device. Which tool should you use? |
Protocol analyzer |
|
You want to know which protocols are being used on your network. You’d like to monitor network traffic and sort traffic by protocol |
packet sniffer |
|
You want o use a tool to see packets on a network including the source and destination of each packet. What tool should you use? |
Wireshark |
|
You have a small network of devices connected using a switch. You want to capture the traffic that is sent from Host A to Host B. On Host C you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B. What should you do? |
Configure Port Mirroring |
|
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. |
Packet Sniffer |
|
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device, which is connected to the same hub that is connected to the router. Which feature should you configure? |
Promiscuous Mode |
|
You decide to use a packet sniffer to identify the type of traffic sent to a router.You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure? |
Port Mirroring |
|
You have recently reconfigured FTP to require encryption of both passwords and data transfers. you would like to check network traffic to verify that all FTP passwords and data are encrypted. |
Protocol analyzer |
|
You want to set up a service to allow multiple users to dial in to the office server from modems on their home computers. What service should you implement? |
Remote Access Server |
|
You often travel away from the office while traveling you would like to use a model on your laptop computer to connect directly to a server in your office and access files. |
Remote Access |
|
Which of the following are methods for providing centralized authentication, authorization and accounting for remote access? |
RADIUS, TACACS+ |
|
Which of the following are characteristics of TACACS+ |
Used TCP Allows three different servers, one each for authentication, authorization and accounting. |
|
Which of the following are differences between RADIUS and TACACS+ |
RADIUS combines AAA into a single function. TACACS+ allows each service to be provided by a different server. |
|
RADIUS is primarily used for what purpose? |
Authenticating remote clients before access to the network is granted |
|
Which of the following is a characteristic of TACACS+ |
Encrypts the entire packet, not just authentication packets |
|
What port for TACACS |
Port 49 |
|
You have a network with three remote access servers, A RADIUS server used for authentication and authorization, and a second radius server for accounting. |
On the RADIUS server used fro authentication and authorization |
|
Which of the following is the best example of remote access authentication? |
A user establishes a dial-up connection to a server to gain access to shared resources. |
|
You are configuring a dial-up connection to a remote access server. Which protocols would you choose to establish the connection to authenticate, providing the most secure connection possible? |
PPP and CHAP |
|
Which of the following protocols transmits passwords in clear text, and is, therefore, considered too insecure to modern networks |
PAP Password authentication protocol |
|
Which of the following is a feature of MS-CHAP V2 that is not included in CHAP |
Mutual Authentication |
|
CHAP performs which of the following security functions? |
Periodically verifies the identity of a peer using a three way handshake |
|
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default? |
CHAP |
|
When using Kerberos authentication which of the following terms is used to describe the token that verifies the users identity to the target system? |
Ticket |
|
Which of the following are required when implementing KERberos for authentication and authorization? |
Ticket granting server and Time synchronization |
|
Which of the following are requirements to deploy KERBEROs on a network? |
Time Synchronization between devices A centralized database of users and passwords |
|
Which ports does LDAP use by default |
636 389 |
|
You want to deploy SSL to protect authentication traffic with your LDAP- based directory service which port does this action use |
636 |
|
Your LDAP directory services solution used simple authentication. what should you always do when using simple authentication. |
Use SSL |
|
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose? |
SASL |
|
A user has just authenticated using Kerberos. Which object is issued to the user immediately following login? |
ticket granting ticket |
|
Which of the following protocols uses port 88 |
Kerberos |
|
Which of the following authentication mechanisms is designed to protect a nine character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into a separate hash? |
LANMAN |
|
What is Mutual Authentication |
A process by which each party in an online communication verifies the identity of each other party |
|
Which of the following protocols can be used to centralize access authentication |
TACACS |
|
A manager has told you she is concerned about her employees writing their passwords for websites, your office runs exclusively in a windows environment |
Credential Manager |
|
Kwallet manager is a Linus-based credential management system that stores encrypted account credentials for network resources |
Blowfish GPG |
|
Which of the following identifies an operating system of network service based on its response to ICMP messages? |
Fingerprinting |
|
Which of the following uses hacking techniques to proactively discover internal vulnerabilities? |
Penetration testing |
|
you have decided to preform a double blind pen test. which of the following actions would you perform first? |
inform Senior management |
|
Which of the following activities are typically associated with a penetration test? |
Attempting social engineering Running a port scanner |
|
What is the primary purpose of penetration testing |
Test the effectiveness of your security perimeter |
|
A security administrator is conducting a pen test she runs linux to the wireless network and uses NMAP to probe various network hosts to see which OS systems they are running |
Active fingerprinting |
|
When using a packet sniffer to monitor network traffic and try to determine which operating systems are running on the network hosts |
Passive fingerprinting |
|
What is included in an operations penetration test |
Dumpster Diving, Eaves dropping social engineering |
|
What phase of step of a security assessment is a passive activity |
Reconnaissance |
|
You are an app developer. You use a hypervisor with multiple virtual machines installed to test your apps on various operating system versions and editions. Currently all of your testing virtual machine are connected to the production network through the hypervisors network interface. However you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code. To prevent issues you decide to isolate the virtual machines from the production network. they still need to be able to communicate directly with each other. |
Connect the virtual network interfaces in the virtual machines to the virtual switch Create a new virtual switch configured for host-only (internal) networking |
|
You are responsible for maintaining windows workstation OS in your organization. Recently an update from Microsoft crashed the system What should you do. |
Connect the virtual network interfaces int eh virtual machines to the virtual switch create a new virtual switch configured for bridged (external) networking |
|
Which of the following devices facilities communication between different virtual machines by checking data packets before moving them to a destination? |
Virtual switch |
|
Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines? |
Hypervisor |
|
Which of the following statements about virtual networks is true? |
Multiple virtual networks can be associated with a single physical network adapter a virtual network is dependent on the configuration and physical hardware of the host operating system |
|
Software defined networking uses a controller to manage the devices. The controller is able to inventory hardware components in the network, gather network stats make routing decision based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make wide-spread configuration changes on just one device. Which describes an SDN controller? |
The SDN controller is Software |
|
Which of the following is a disadvantage of SDN |
The standards are still being developed |
|
Which of the following describes what the SDN control layer does to networking devices that comprise the physical layer? |
The control layer removes the control plane from networking devices and creates a single control plane |
|
Network engineers have the option of using software to configure and intelligently control the network rather than relying on the individual static configuration files that are located on each network device. |
Software Defined Networking (SDN) |
|
Which of the following cloud computing solutions delivers software apps to a client either over the internet or on a local area network? |
SAAS |
|
Describe Platform as a Service PaaS |
PaaS delivers everything a developer needs to build an application onto the cloud infrastructure. |
|
Which of the following are true concerning VDI’s |
In the event of a widespread malware infection, the administrator can quickly reimage all user desktops on a few central servers User desktop environments are centrally hosted on servers instead of on individual desktop systems |
Share This
Flashcard
