Question 1

Which facet of securing access to network data makes data unusable to anyone except authorized users?&#10;A) encryption&#10;B) authentication&#10;C) malware protection&#10;D) security devices

Accepted Answer

Encryption uses complex algorithms to convert plaintext data into an unreadable format, making it unusable to anyone who doesn't have the key to decrypt the data. This ensures that even if an unauthorized user gains access to the data, they won't be able to read it without the key. Authentication, malware protection, and security devices are all important facets of securing access to network data, but they don't necessarily make the data unusable to unauthorized users on their own.

Question 2

You have purchased a network-based IDS. You have been tasked with deploying the device in a location where the entire network can be protected. Where should you deploy it?&#10;A) datacenter&#10;B) intermediate distribution frame&#10;C) demilitarized zone&#10;D) internal LAN

Accepted Answer

The demilitarized zone, or DMZ, is the most secure location to deploy a network-based IDS. It is a separate network segment that is isolated from the internal LAN, but accessible from the internet. By placing the IDS in the DMZ, it can monitor and analyze all incoming and outgoing traffic and detect any suspicious activity. Placing the IDS in the datacenter or intermediate distribution frame would provide protection for only a portion of the network, while deploying it on the internal LAN would not provide sufficient visibility or protection for external threats.

Question 3

A DoS attack ties up network bandwidth or services, rendering resources useless to legitimate users.

Accepted Answer

A denial-of-service (DoS) attack is designed to overload a server, website, or network with traffic so that it becomes unavailable to legitimate users. This ties up bandwidth or services, effectively rendering resources useless to legitimate users.

Question 4

What is a type of malware that is so difficult to detect and remove that most experts agree that it is better to backup your critical data and reinstall the OS?&#10;A) rootkit&#10;B) Trojan&#10;C) hoax virus&#10;D) spyware

Accepted Answer

Rootkits are a type of malware that is designed to hide their presence on the infected system, making them extremely difficult to detect and remove. They often modify the operating system to disguise their activities and can even intercept system calls to avoid detection. Due to their advanced techniques, most experts recommend backing up critical data and reinstalling the OS to ensure complete removal of the rootkit.

Question 5

Which standard feature on NTFS-formatted disks encrypts individual files and uses a certificate matching the user account of the user who encrypted the file?&#10;A) IPsec&#10;B) BitLocker&#10;C) GPG&#10;D) EFS

Accepted Answer

The standard feature on NTFS-formatted disks that encrypts individual files and uses a certificate matching the user account of the user who encrypted the file is called EFS (Encrypting File System). IPsec is a network protocol used for securing communication, BitLocker is a disk encryption tool used for entire disk encryption, and GPG (GNU Privacy Guard) is an open-source encryption tool used for encrypting files and messages.

Question 6

A honeypot is configured to entice attackers and allows administrators to get information about the attack techniques being used.

Accepted Answer

A honeypot is designed to attract attackers and gather information about their techniques and motivations. It is a decoy system that is configured to mimic vulnerable services or applications, in order to lure attackers away from the real systems they are targeting. The information gathered from a honeypot can be used by administrators to improve security and better protect their networks.

Question 7

Which Windows domain-based protocol provides mutual authentication between devices?&#10;A) Kerberos&#10;B) TACACS+&#10;C) EAP&#10;D) RADIUS

Accepted Answer

Kerberos is a Windows domain-based protocol that provides mutual authentication between devices. It uses tickets to verify the identity of devices and ensures that sensitive information is not transmitted over the network in clear text. TACACS+, EAP, and RADIUS are also authentication protocols, but they are not domain-based and do not provide mutual authentication.

Question 8

Which form of authentication involves the exchange of a password-like key that must be entered on both devices?&#10;A) Kerberos authentication&#10;B) digital certificate&#10;C) GNU privacy guard&#10;D) preshared key

Accepted Answer

Preshared key authentication involves the exchange of a password-like key that must be entered on both devices in order to establish a secure connection. Kerberos authentication involves the use of a trusted third-party authentication server to verify the identity of the user and the system providing the service. Digital certificates involve the use of a trusted third-party issuer to verify the identity of the user or system requesting a connection. GNU Privacy Guard (GPG) involves the use of public and private keys to encrypt and decrypt data.

Question 9

Which of the following is NOT a guideline of a security policy?&#10;A) easy for users to understand&#10;B) should be enforceable&#10;C) uses legal terminology to protect the organization&#10;D) clearly states the policy objectives

Accepted Answer

Using legal terminology can make the policy difficult for users to understand, which goes against the first guideline mentioned. It is important for policies to be easy for users to understand, enforceable, and clearly state objectives.

Question 10

What type of device should you install as a decoy to lure potential attackers?&#10;A) honeypot&#10;B) Trojan&#10;C) IPS&#10;D) HIDS

Accepted Answer

A honeypot is specifically designed to be a decoy system that appears vulnerable to attackers, but in reality is isolated and monitored by security professionals. This allows for the detection and analysis of potential attack methods, without risking damage to actual systems. Trojan, IPS, and HIDS are all different types of security measures, but are not designed specifically for use as decoys.

Question 11

What type of policy defines the methods involved when a user sign in to the network?&#10;A) audit&#10;B) security&#10;C) authentication&#10;D) acceptable use

Accepted Answer

The answer of What type of policy defines the methods...

Question 12

Which protocol works by establishing an association between two communicating devices and can use a preshared key for authentication?&#10;A) EFS&#10;B) Kerberos&#10;C) IPsec&#10;D) SMB

Accepted Answer

The answer of Which protocol works by establishing an association...

Question 13

Which VPN implementation typically needs no additional firewall configuration to be allowed access through the firewall?&#10;A) SSTP&#10;B) IPSec&#10;C) PPTP&#10;D) L2TP

Accepted Answer

The answer of Which VPN implementation typically needs no additional...

Question 14

What is created when a packet is encapsulated with additional headers to allow an encrypted packet to be correctly routed by Internet devices?&#10;A) frame&#10;B) EFS&#10;C) tunnel&#10;D) access point

Accepted Answer

The answer of What is created when a packet is...

Question 15

What can firewalls do to help ensure that a packet is denied if it's not part of an ongoing legitimate conversation?&#10;A) intrusion detection&#10;B) MAC filtering&#10;C) content filter&#10;D) stateful packet inspection

Accepted Answer

The answer of What can firewalls do to help ensure...

Question 16

If the minimum password length on a Windows system is set to zero, what does that mean?&#10;A) The user never has to change the password.&#10;B) The user can use a blank password.&#10;C) The user has to change the password every day.&#10;D) The user account is disabled.

Accepted Answer

The answer of If the minimum password length on a...

Question 17

What process, available on most routers, will help improve security by replacing the internal IP address of the transmitting device with a public IP address?&#10;A) IPSec&#10;B) NAT&#10;C) EFS&#10;D) VPN

Accepted Answer

The answer of What process, available on most routers, will...

Question 18

You don't need to physically secure your servers as long as you use a good strong password for your accounts.

Accepted Answer

The answer of You don't need to physically secure your...

Question 19

A security policy should clearly state the desired rules, even if they cannot be enforced.

Accepted Answer

The answer of A security policy should clearly state the...

Question 20

A rootkit is a self-replicating program that masks itself as a useful program but is actually a type of malware.

Accepted Answer

The answer of A rootkit is a self-replicating program that...

Question 21

Match each item with a statement below.&#10;a.digital certificates&#10;b.virus&#10;c.denial-of-service&#10;d.firewall&#10;e.preshared key&#10;f.logic bomb&#10;g.worm&#10;h.stateful packet inspection&#10;i.IDS&#10;j.backdoor&#10;used to discover breaches in security

Accepted Answer

The answer of Match each item with a statement below.&#10;a.digital...

Question 22

Match each item with a statement below.&#10;a.digital certificates&#10;b.virus&#10;c.denial-of-service&#10;d.firewall&#10;e.preshared key&#10;f.logic bomb&#10;g.worm&#10;h.stateful packet inspection&#10;i.IDS&#10;j.backdoor&#10;spreads by replicating itself into programs or documents

Accepted Answer

The answer of Match each item with a statement below.&#10;a.digital...

Question 23

Which of the following are true about WPA3? (Choose all that apply.)&#10;A) strongest wireless encryption standard&#10;B) uses TKIP&#10;C) requires PMF&#10;D) backward compatible&#10;E) has only the Enterprise variation

Accepted Answer

The answer of Which of the following are true about...

Question 24

Match each item with a statement below.&#10;a.digital certificates&#10;b.virus&#10;c.denial-of-service&#10;d.firewall&#10;e.preshared key&#10;f.logic bomb&#10;g.worm&#10;h.stateful packet inspection&#10;i.IDS&#10;j.backdoor&#10;monopolizes network services or network bandwidth

Accepted Answer

The answer of Match each item with a statement below.&#10;a.digital...

Question 25

A common guideline about network security is that if there's ____________ access to the equipment, there's no security.

Accepted Answer

The answer of A common guideline about network security is...

Question 26

Which of the following is a type of malware that isn't self-replicating and is usually installed by the user without his knowledge. It's primary goal is to invade your privacy by monitoring your system and reporting your activities to advertisers and spammers.

A) rootkit
B) Trojan
C) hoax virus
D) spyware

Accepted Answer

The answer of Which of the following is a type...

Question 27

Match each item with a statement below.&#10;a.digital certificates&#10;b.virus&#10;c.denial-of-service&#10;d.firewall&#10;e.preshared key&#10;f.logic bomb&#10;g.worm&#10;h.stateful packet inspection&#10;i.IDS&#10;j.backdoor&#10;a series of letters, numbers, and special characters, much like a password, that both communicating devices use to authenticate each other's identity

Accepted Answer

The answer of Match each item with a statement below.&#10;a.digital...

Question 28

Which of the following is a type of denial-of-service attack that involves flooding the network with broadcast messages that contain a spoofed source address of an intended victim?&#10;A) packet storm&#10;B) broadcast flood&#10;C) smurf attack&#10;D) half-open SYN attack

Accepted Answer

The answer of Which of the following is a type...

Question 29

Match each item with a statement below.&#10;a.digital certificates&#10;b.virus&#10;c.denial-of-service&#10;d.firewall&#10;e.preshared key&#10;f.logic bomb&#10;g.worm&#10;h.stateful packet inspection&#10;i.IDS&#10;j.backdoor&#10;inspects packets as they go into and out of the network

Accepted Answer

The answer of Match each item with a statement below.&#10;a.digital...

Question 30

Match each item with a statement below.&#10;a.digital certificates&#10;b.virus&#10;c.denial-of-service&#10;d.firewall&#10;e.preshared key&#10;f.logic bomb&#10;g.worm&#10;h.stateful packet inspection&#10;i.IDS&#10;j.backdoor&#10;malware that's activated when a particular event occurs

Accepted Answer

The answer of Match each item with a statement below.&#10;a.digital...

Question 31

Which of the following is a credential category used in multifactor authentication? (Choose all that apply.)&#10;A) authority&#10;B) knowledge&#10;C) rank&#10;D) possession&#10;E) inherence

Accepted Answer

The answer of Which of the following is a credential...

Question 32

Which of the following can be used to secure data on disk drives? (Choose all that apply.)&#10;A) EFS&#10;B) VPN&#10;C) IPSec&#10;D) BitLocker&#10;E) TrueCrypt

Accepted Answer

The answer of Which of the following can be used...

Question 33

Match each item with a statement below.&#10;a.digital certificates&#10;b.virus&#10;c.denial-of-service&#10;d.firewall&#10;e.preshared key&#10;f.logic bomb&#10;g.worm&#10;h.stateful packet inspection&#10;i.IDS&#10;j.backdoor&#10;a self-contained, self-replicating program

Accepted Answer

The answer of Match each item with a statement below.&#10;a.digital...

Question 34

____________ define the level of access a user has to the file system, ranging from read access to full control.

Accepted Answer

The answer of ____________ define the level of access a...

Question 35

Match each item with a statement below.&#10;a.digital certificates&#10;b.virus&#10;c.denial-of-service&#10;d.firewall&#10;e.preshared key&#10;f.logic bomb&#10;g.worm&#10;h.stateful packet inspection&#10;i.IDS&#10;j.backdoor&#10;packets are denied on context as well as packet properties

Accepted Answer

The answer of Match each item with a statement below.&#10;a.digital...

Question 36

You have been asked to determine what services are accessible on your network so you can close those that are not necessary. What tool should you use?&#10;A) port scanner&#10;B) protocol finder&#10;C) ping scanner&#10;D) trace route

Accepted Answer

The answer of You have been asked to determine what...

Question 37

How the network resources are to be used should be clearly defined in a (an) ____________ policy.

Accepted Answer

The answer of How the network resources are to be...

Question 38

____________ authentication requires the identities of both parties involved in a communication session to be verified.

Accepted Answer

The answer of ____________ authentication requires the identities of both...

Question 39

Match each item with a statement below.&#10;a.digital certificates&#10;b.virus&#10;c.denial-of-service&#10;d.firewall&#10;e.preshared key&#10;f.logic bomb&#10;g.worm&#10;h.stateful packet inspection&#10;i.IDS&#10;j.backdoor&#10;documents used in encryption and authentication protocols that identify a person or computer and can be verified by a certification authority

Accepted Answer

The answer of Match each item with a statement below.&#10;a.digital...

Question 40

Someone who wants to send encrypted data must acquire a digital certificate from a ____________ authority.

Accepted Answer

The answer of Someone who wants to send encrypted data...

Question 41

Why is it important that a network is physically secured?

Accepted Answer

The answer of Why is it important that a network...

Question 42

What is the difference between an IDS and IPS?

Accepted Answer

The answer of What is the difference between an IDS...

Question 43

Describe the purpose of a protocol analyzer and how an attacker could use one to compromise your network.

Accepted Answer

The answer of Describe the purpose of a protocol analyzer...

Question 44

How should a room that is going to house your servers be equipped?

Accepted Answer

The answer of How should a room that is going...

Question 45

What is the difference between a virus and a worm?

Accepted Answer

The answer of What is the difference between a virus...

Question 46

How will advances in biometric authentication affect security?

Accepted Answer

The answer of How will advances in biometric authentication affect...

Question 47

What is a penetration tester?

Accepted Answer

The answer of What is a penetration tester?...

Question 48

What is a network security policy?

Accepted Answer

The answer of What is a network security policy?...

Question 49

What are the complexity requirements for a Windows password? List the four characteristics.

Accepted Answer

The answer of What are the complexity requirements for a...

Question 50

Match each item with a statement below.&#10;a.digital certificates&#10;b.virus&#10;c.denial-of-service&#10;d.firewall&#10;e.preshared key&#10;f.logic bomb&#10;g.worm&#10;h.stateful packet inspection&#10;i.IDS&#10;j.backdoor&#10;permits access to computer, bypasses normal authentication

Accepted Answer

The answer of Match each item with a statement below.&#10;a.digital...

Deck 9: Introduction to Network Security