Security + Chapter 5 second half

You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network.
you want to configure the server as a web server and allow internet host to contact the server to browse a personal website.

Static NAT

You are the network admin for a small company that implements NAT to access the internet. However, you recently acquired file servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new serves, but you dont want the public to access these servers directly. you want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside.

Which method of NAT translation should you implement for these serves?

Static NAT

You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. what type of network address translation (NAT) should you implement.

Dynamic

Which of the following is not one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT Server

169.254.0.0 – 169.254.255.255

Which of the following networking devices or services prevent the use of IPsec in most cases?

NAT

Which of the following is NOT a benefit of NAT?

Improving the throughput rate of traffic

A group of salesman would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server.
Which solution would you implement?

VPN concentrator

A VPN is primarily used for what purpose?

Support secured communications over an untrusted network

Which VPN protocol typically employs IPSEC as its data encryption mechanism?

LWTP (Layer 2 Tunneling Protocol)

Which statement best describes IPsec when used in tunnel mode?

The entire data packet, including headers, is encapsulated

which IPsec subprotocol provides data encryption

ESP

Which is the best countermeasure for someone attempting to view your network traffic?

VPN

PPTP is quickly becoming obsolete because of which VPN protocol?

L2TP Layer 2 transport protocol

What is the primary use of tunneling

Supporting private traffic through a public communication medium

In addition to Authentication Header (AH), IPsec is comprised of what other service?

ESP Encapsulating Security Payload

A salesperson travel a ton
she uses her laptop to communicate with the company servers from hotels and airports untrusted wireless connections

you know she should VPN
Which key steps should you take to implement it

Configure the browser to send Https requests through the VPN connection Configure the VPN to use IPsec

Which of the following is a valid security measure to protect email from viruses

Use Blockers on Email gateways

Which of the following prevents access based on website rating and classifications?

Content Filter

You are investigating the use of the website and URL content filtering to prevent users from listing certain websites.
Which benefits are the result of implementing this technology in your organization?

Enforcement of the organizations internet usage policy an increase in bandwidth availability

Which of the following are functions of gateway email spam blockers?

Blocks email from specific senders Filters messages containing specific content.

You have a company network with a single switch. All Devices connect to the network through the switch.

you want to control which devices are able to connect to your network. For device that do not have the latest OS patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download
Which component will be part of your solution?

802.1x authentication Remediation servers

Which step is required to configure NAP on a Remote Desktop (RD) gateway server

edit the properties for the server and select REQUEST CLIENTS TO SEND A STATEMENT OF HEALTH

In a NAP system, what is the function fo the System Health Validator?

Compare the statement of health submitted by the client to the health requirements

How does IPsec NAP enforcement differ from other NAP enforcement methods?

Clients must be issued a valid certificate before a connection to the private network is allowed.

Your organization’s security policy requires you to restrict network access to allow only clients that have their firewall enabled.
Which of the following is a collection of components that would allow you to meet this requirement.

NAP, NAC Network access protection network access control

Which of the following specifications identify security that can be added to wireless network? (select two)

802.1x 802.11i

Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?

WEP, WPA Personal, WPA2 Personal

Which of the following offers the WEAKEST form of encryption for an 802.11 wireless network?

WEP Wired Equivalent Privacy

What encryption method is used by WPA for wireless networks?

TKIP

Which of the following features are supplied by WPA2 on a wireless network?

Encryption

You need to configure a wireless network. You want to use WPA2 Enterprise. which of the following components
will be part of your design?

802.1x AES encryption

You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption.
What should you do?

Configure the connection to use WPA2-Enterprise

Which of the following are typically used for encrypting data on a wireless network?

TKIP AES

You want to connect a laptop computer running windows to a wireless network.
The wireless network uses multiple access points and WPA-2 Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled.
What should you do?

Configure the connection with a pre-shared key and AES encryption

Which of the following is used on a wireless network to identify the network name?

SSID

Which of the following are true about WI-FI protected access 2 (WPA2)? (select 2)

Upgrading from a network using WEP typically requires installing new hardware. WPA2 uses AES for encryption and CBC-MAC for data integrity

WIMax is an implementation of which IEEE committee?

802.16

You have a small wireless network that uses multiple access points. the network uses WPA and broadcasts the SSID. WPA2 is not supported by the wireless access points.

You want to connect a laptop computer to the wireless network. which of the following parameters will you need to configure on the laptop? (select two)

TKIP Pre-shared key

Your Company security policy states that wireless networks are not to be used because of the potential security risk they present to your network.

One day, you find that an employee has connected a wireless access point to the network in his office.

what type of security risk is this?

Rogue access point

Which of the following best describes Bluesnarfing?

Viewing calendar, emails, and messages on a mobile device without authorization

Which of the following sends unsolicited business cards and messages to a bluetooth device

BlueJacking

Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?

Disable Bluetooth on the phone

You are troubleshooting a wireless connectivity issue in a small office. you determine that the 2.4ghz cordless phones used in the office are interfering with the wireless network transmissions.

If the cordless phones are causing interference, which of the following wireless standards could the network be using.

Bluetooth 802.11g Both run on 2.4GHz

Your organization uses an 802.11g wireless network. Recently other tenants installed the following equipment in your building.

Wireless tv @2.4GHZ, wireless phone @5.8GHz
wireless phone @900GHZ
Network running is @5GHZ

Which one is causing interference?

2.4GHZ Wireless TV

Which of the following best describes an evil twin?

An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.

Network packet sniffing is often used to gain the information necessary to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?

Encryption

Which of the following common network monitoring or diagnostic activities can be used as a passive malicious attack?

Sniffing

An attacker has hidden an NFC reader behind an NFC-based kiosk in an airport.

The attacker uses the device to capture NFC data in transit between end user devices and the reader in the kiosk.
She then uses that information to masquerade as the original end user device and establish an NFC connection to the kiosk.

NFC relay attack

You are implementing a wireless network in a dentist’s office. the dentist’s practice is small so you choose to use an inexpensive consumer-grade access point.

While reading the documentation, you notice that the access point supports Wi-Fi Protected Setup (WPS)
Using a pin you are concerned about the security implications of this functionality.

Disable WPS in the access point’s configuration

You are concerned that wireless access points may have been deployed within your organization without authorization.

Conduct a site survey Check the MAC addresses of devices connected to your wired switch.

Which of the following locations contributes the greatest amount of interference for a wireless access point? (select two)

Near backup generators Near cordless phones

Which of the following network protection methods prevents the wireless network name from being broadcast?

SSID Broadcast

Which of the following do switches and wireless access points use to control access through the device?

MAC address filtering

You have physically added a wireless access point to your network and installed a wireless networking card in two laptops that run windows. Neither laptop can find the network. You have com to the conclusion that you must manually configure the wireless access point (AP).

Which of the following values uniquely identifies the network AP?

SSID

You want to implement 802.1x authentication on your wireless network. Which of the following will be required.

Radius

You are the wireless network administrator for your organization. As the size of the organization has grown, you have decided to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys.

You have decided to use LEAP to authenticate wireless clients. To do this, you configured a Cisco RADIUS server and installed the necessary Cisco client software on each RADIUS client.
Which of the following is true concerning this implementation?

The system is vulnerable because LEAP is susceptible to dictionary attacks.

You are the wireless network administrator for your organization. As the size of the organization has grown, you have decided to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys.

To do this, you need to configure a RADIUS server and RADIUS clients. You want the server and the clients to mutually authenticate with each other.
What should you do? (select two)

Configure the RADIUS server with a server certificate Configure the wireless access points with client certificates

You need to place a wireless access point in your two-story building. while trying to avoid interference, which of the following is the best location for the access point?

On the top floor

Which of the following recommendations should you follow when placing access points to provide wireless access for users within your company building?

place access points above where most clients are.

The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests.
The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. she wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the internet. If a user does not provide the correct code, they should not be allowed to access the internet

What should you do?

Implement a captive portal

You are replacing a wired business network with an 802.11g wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network will have multiple wireless access points. you want to use WPA2 on the network. What should you do to configure the wireless network? (select two)

Install a RADIUS server and use 802.1x authentication Configure devices to run in infrastructure mode.

Which of the following features on a wireless network allows or rejects client connections based on the hardware address?

MAC address filtering

A customer has called and indicated that he thinks his neighbor is connecting to his wireless access point (AP) to use his high-speed internet connection. Which of the following will resolve this issue?

Implement Mac address filters Disable SSID broadcast on the AP

You have installed a wireless access point (AP) for your organizations network. You know that the radio signals used but the AP extend beyond your organization’s building and are concerned that unauthorizes users outside may be able to access your internal network.

What can you do to protect the wireless network? (select two)

Disable DHCP on the AP Configure the AP to filter out unauthorized MAC addresses

You are concerned about sniffing attacks on your wireless network. which of the following implementation offers the best countermeasure to sniffing?

WPA2 with AES