chapter 6 Network

Your page rank:

Total word count: 4053
Pages: 15

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

You notice that over the last few months more and more static systems, such as the office environment control system, security , and lighting controls, you know these devices can be a threat.
Which of the following measures can you take to minimize the damage these devices can cause if they are compromised?

Create a VLAN to use as a low-trust network zone for these static systems to connect to

Your network devices are categorized into the following zone types: no trust, low trust, medium trust, high trust zones

What type of secure architecture concept is being used on this network

Network segmentation

Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise.
What should you do

User Education and Training

A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employee accounts. However, audit logs have shown that the user account has changed ACLS and several confidential files and accessed data in restricted areas
what has occurred

Privilege escalation

An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if the user account is used to perform administrative functions?

Privilege escalation

While developing a network application the programmer adds a function that allows access to the running application without authentication so they can capture debugging data. If they do not remove this what type of security weakness does this represent?

Backdoor

What common design feature among instant messaging clients make them less secure than other means of communicating over the internet?

Peer-to-peer networking

What type of attack is most likely to succeed with communications between instant messaging clients?

Sniffing

Instant messaging does not provide which of the following?

Privacy

Peer to peer file sharing is not allowed, recently you recieved a tip that an employee has been using a Bittorrent client to download copyrighted media while at work.
You research Bir torrent they use TCP ports 6881-6889 by default when you check the firewall config only ports 80 and 443 are open not network traffic using ports 6881-6889 has been blocked

What should you do?

Implement an application control solution

You are implementing a new application control solution.
Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review.

How should you configure the application control software to handle application not contained in the whitelist?

Flag

Which of the following attacks, if successful, causes a switch to function like a hub?

Mac Flooding

Which of the following switch attacks associates the attackers MAC address with the IP address of the victim’s devices?

ARP spoofing/poisoning

Which is the typical goal of MAC spoofing?

Bypassing 802.1x port-based security

Which protocol should you disable on the user access ports of a switch?

DTP (Dynamic Trunking Protocol)

A virtual LAN can be created using which of the following?

Switch

When configuring VLAN’s on a switch, what is used to identify which VLAN a device belongs to

Switch Port

You want to increase the security of your network by allowing only authenticated users to access network devices through a switch

802.1x

Which of the following applications typically use 802.1x authentication?

Controlling access through a switch or Wireless access point

You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your network. Employees connected throughout the rest of your building should have both private and internet access
What feature should you implement?

VLANs

When configuring VLANs on a switch, what type of switch ports are members of all VLAN’s defined on the switch?

Trunk Ports

You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch.

You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network.
What feature should you configure?

Port Authentication

Which of the following solution who’ll you implement to eliminate switching loops?

spanning tree

You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches.

Which feature prevents switching loops and ensures there is only one single active path between any two switches?

Spanning tree

In which of the following situations would you use port security?

you want to restrict the devices that could connect through a switch port.

You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You’ve had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet.

The library computers are in groups of four. Each group is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet.

what can you do?

Configure port security on the switch

You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer.
what should you use for this situation?

VLAN

Which of the following best describe the concept of a Virtual LAN

Devices on the same network logically grouped as if they were on separate networks

Your company is a small startup company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. a single switch connects all devices in the building to the router that provides internet access.

You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?

VLAN

You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available.
Which feature should your switch support?

Spanning tree

Which of the following is an appropriate definition of a VLAN?

A logical grouping of devices based on service need, protocol, or other criteria

The IT manager has asked you to create a separate VLAN to be used exclusively for wireless guest devices to connect to. Which of the following is the primary benefit of creating this VLAN?

You can control security by isolating wireless guest devices within this VLAN

Which of the following is NOT an administrative benefit of implementing VLANs?

You can simplify routing traffic between separate networks

You’ve just deployed a new cisco router that connects several network segments in your organization.

The router is physically located in a server room that requires an ID for access. You’ve backed up the router configuration to a remote location in a encrypted file. you access the router configuration interface from your notebook computer using a telnet client with a user name of admin and password of admin you have used the MD5 hashing algorithm to protect the password.

What should you do to increase security?

Change default user name and password Use SSH client to access the router Config

You’ve just deployed a new cisco router that connects several network segments in your organization.
The router is physically located in a cubical near your office. You’ve backed up the router configuration to a remote location in a encrypted file. you access the router configuration interface from your notebook computer using a SSH client with a user name of admin01 and password of [email protected] you have used the MD5 hashing algorithm to protect the password.
What should you do to increase security?

Move the router to a secure room

You’ve just deployed a new cisco router that connects several network segments in your organization.
The router is physically located in a locked server closet. You use an FTP client to regularly backup the router configuration to a remote server in a encrypted file. you access the router configuration interface from your notebook computer using the routers console port. You’ve configured the device with a user name of admin01 and password of [email protected] you have used the MD5 hashing algorithm to protect the password.
What should you do to increase security?

Use SCP (secure copy protocol) to back up the router

Which of the following can make passwords useless on a router?

not controlling the physical access to the router

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provided encryption for traffic between devices.

You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.

what security solution should you implement?

Host based IDS

What do host based IDS often rely upon to perform detection activities?

Host system auditing capabilities

Which actions can a typical passive intrusion detection system (IDS) take when it detects an attack?

An alert is generated and delivered via email, the console, or an SNMP trap The IDS logs all pertinent data about the intrusion.

Network based intrusion detection is most suited to detect and prevent which types of attacks?

Bandwidth-based denial of service

which of the following activities are considered passive in regard to the function of an intrusion detection system?

Listening to network traffic Monitoring the audit trails on a server

Which of the following devices can monitor a network and detect potential security attacks?

IDS

Which of the following are security devices that perform stateful inspection of packet data and look for patterns that indicate malicious code?

IPS IDS

You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device?

False Positive

Which of the following describes a false positive when using an IPS device?

Legitimate traffic being flagged as malicious

Which of the following devices is capable of detecting and responding to security threats?

IPS

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible.

Which tool should you use?

IPS

Network-based intrusion detection is most suited to detect and prevent which types of attacks?

Bandwidth based DOS

A honey pot is used for which purpose?

To delay intruders in order to gather auditing data

Which of the following describes the worst possible action by an IDS?

The system identified a harmful traffic as harmless and allowed it to pass with our generating any alerts

Which of the following functions can a port scanner provide?

Discovering unadvertised servers Determining which ports are open on a firewall

Which of the following is the type of port scan that does not complete the full three-way handshake, but rather listens only for either SYN/ACK or RST/ACK packets?

TCP SYN scan

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept the packets sent to those services.
Which tool should you use?

Port Scanner

You want to be able to identify the services running on a set of servers on your network. Which tool would best give you the information you need?

Vulnerability scanner

You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?

Network mapper

You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tools should you use?

Retina, Nessus

You want to check a server for user accounts that have weak passwords. Which tool should you use?

John the Ripper

Which of the following are performed by the Microsoft Baseline Security Analyzer (MBSA) tool?

Checks user accounts for weak passwords Checks for open ports Check for missing patches

Which of the following identifies standards and XML formats for reporting and analyzing system vulnerabilities?

Open Vulnerability and Assessment Language (OVAL)

You are using a vulnerability scanner that conforms to the OVAL specifications. Which of the following items contains a specific vulnerability or security issue that could present on a system?

Definition

You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?

Run the Vulnerability assessment again

You want to use a vulnerability scanner to check a system for known security risks. What should you do first?

Update the scanner definition files

A security administrator logs on to a windows server on her organizations network. She then runs a vulnerability scan on that server.

Credentialed scan

A security administrator needs to run vulnerability scan that will analyze a system from the perspective of a hacker attacking the organization from the outside.

what type of scan should he use?

Non- credentialed scan

You want to identify traffic that is generated and sent through the network by a specific application running on a device.

Which tool should you use?

Protocol analyzer

You want to know which protocols are being used on your network. You’d like to monitor network traffic and sort traffic by protocol

packet sniffer

You want o use a tool to see packets on a network including the source and destination of each packet. What tool should you use?

Wireshark

You have a small network of devices connected using a switch. You want to capture the traffic that is sent from Host A to Host B.

On Host C you install a packet sniffer that captures network traffic. After running the packet sniffer, you cannot find any captured packets between Host A and Host B.

What should you do?

Configure Port Mirroring

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall.
What tool should you use?

Packet Sniffer

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device, which is connected to the same hub that is connected to the router.
When you run the software, you only see frames addressed to the workstation, no the other devices.

Which feature should you configure?

Promiscuous Mode

You decide to use a packet sniffer to identify the type of traffic sent to a router.You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to the same switch that is connected to the router.

When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure?

Port Mirroring

You have recently reconfigured FTP to require encryption of both passwords and data transfers. you would like to check network traffic to verify that all FTP passwords and data are encrypted.
What tool should you use?

Protocol analyzer

You want to set up a service to allow multiple users to dial in to the office server from modems on their home computers. What service should you implement?

Remote Access Server

You often travel away from the office while traveling you would like to use a model on your laptop computer to connect directly to a server in your office and access files.
You want the connection to be as secure as possible. Which type of connection will you need?

Remote Access

Which of the following are methods for providing centralized authentication, authorization and accounting for remote access?

RADIUS, TACACS+

Which of the following are characteristics of TACACS+

Used TCP Allows three different servers, one each for authentication, authorization and accounting.

Which of the following are differences between RADIUS and TACACS+

RADIUS combines AAA into a single function. TACACS+ allows each service to be provided by a different server.

RADIUS is primarily used for what purpose?

Authenticating remote clients before access to the network is granted

Which of the following is a characteristic of TACACS+

Encrypts the entire packet, not just authentication packets

What port for TACACS

Port 49

You have a network with three remote access servers, A RADIUS server used for authentication and authorization, and a second radius server for accounting.
Where should you configure remote access policies?

On the RADIUS server used fro authentication and authorization

Which of the following is the best example of remote access authentication?

A user establishes a dial-up connection to a server to gain access to shared resources.

You are configuring a dial-up connection to a remote access server. Which protocols would you choose to establish the connection to authenticate, providing the most secure connection possible?

PPP and CHAP

Which of the following protocols transmits passwords in clear text, and is, therefore, considered too insecure to modern networks

PAP Password authentication protocol

Which of the following is a feature of MS-CHAP V2 that is not included in CHAP

Mutual Authentication

CHAP performs which of the following security functions?

Periodically verifies the identity of a peer using a three way handshake

Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?

CHAP

When using Kerberos authentication which of the following terms is used to describe the token that verifies the users identity to the target system?

Ticket

Which of the following are required when implementing KERberos for authentication and authorization?

Ticket granting server and Time synchronization

Which of the following are requirements to deploy KERBEROs on a network?

Time Synchronization between devices A centralized database of users and passwords

Which ports does LDAP use by default

636 389

You want to deploy SSL to protect authentication traffic with your LDAP- based directory service which port does this action use

636

Your LDAP directory services solution used simple authentication. what should you always do when using simple authentication.

Use SSL

You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?

SASL

A user has just authenticated using Kerberos. Which object is issued to the user immediately following login?

ticket granting ticket

Which of the following protocols uses port 88

Kerberos

Which of the following authentication mechanisms is designed to protect a nine character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into a separate hash?

LANMAN

What is Mutual Authentication

A process by which each party in an online communication verifies the identity of each other party

Which of the following protocols can be used to centralize access authentication

TACACS

A manager has told you she is concerned about her employees writing their passwords for websites, your office runs exclusively in a windows environment
Which tool could you use

Credential Manager

Kwallet manager is a Linus-based credential management system that stores encrypted account credentials for network resources
Which encryption methods can KWalleyManager use to secure account credentials?

Blowfish GPG

Which of the following identifies an operating system of network service based on its response to ICMP messages?

Fingerprinting

Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Penetration testing

you have decided to preform a double blind pen test. which of the following actions would you perform first?

inform Senior management

Which of the following activities are typically associated with a penetration test?

Attempting social engineering Running a port scanner

What is the primary purpose of penetration testing

Test the effectiveness of your security perimeter

A security administrator is conducting a pen test she runs linux to the wireless network and uses NMAP to probe various network hosts to see which OS systems they are running

Active fingerprinting

When using a packet sniffer to monitor network traffic and try to determine which operating systems are running on the network hosts
what is the process called

Passive fingerprinting

What is included in an operations penetration test

Dumpster Diving, Eaves dropping social engineering

What phase of step of a security assessment is a passive activity

Reconnaissance

You are an app developer. You use a hypervisor with multiple virtual machines installed to test your apps on various operating system versions and editions.

Currently all of your testing virtual machine are connected to the production network through the hypervisors network interface. However you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code.

To prevent issues you decide to isolate the virtual machines from the production network. they still need to be able to communicate directly with each other.
What should you do?

Connect the virtual network interfaces in the virtual machines to the virtual switch Create a new virtual switch configured for host-only (internal) networking

You are responsible for maintaining windows workstation OS in your organization. Recently an update from Microsoft crashed the system
To prevent this you want to test all updates on virtual machines before allowing them to be installed on production workstations
currently they all do not have network connections, they need it to be able to recieve the updates.

What should you do.

Connect the virtual network interfaces int eh virtual machines to the virtual switch create a new virtual switch configured for bridged (external) networking

Which of the following devices facilities communication between different virtual machines by checking data packets before moving them to a destination?

Virtual switch

Which of the following devices is computer software, firmware, or hardware that creates and runs virtual machines?

Hypervisor

Which of the following statements about virtual networks is true?

Multiple virtual networks can be associated with a single physical network adapter a virtual network is dependent on the configuration and physical hardware of the host operating system

Software defined networking uses a controller to manage the devices. The controller is able to inventory hardware components in the network, gather network stats make routing decision based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make wide-spread configuration changes on just one device.

Which describes an SDN controller?

The SDN controller is Software

Which of the following is a disadvantage of SDN

The standards are still being developed

Which of the following describes what the SDN control layer does to networking devices that comprise the physical layer?

The control layer removes the control plane from networking devices and creates a single control plane

Network engineers have the option of using software to configure and intelligently control the network rather than relying on the individual static configuration files that are located on each network device.
Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control and make changes to a network?

Software Defined Networking (SDN)

Which of the following cloud computing solutions delivers software apps to a client either over the internet or on a local area network?

SAAS

Describe Platform as a Service PaaS

PaaS delivers everything a developer needs to build an application onto the cloud infrastructure.

Which of the following are true concerning VDI’s

In the event of a widespread malware infection, the administrator can quickly reimage all user desktops on a few central servers User desktop environments are centrally hosted on servers instead of on individual desktop systems

Share This
Flashcard

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more

NCLEX 300-NEURO

A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message
sending