Chapter 12: Network Security

2. Which of the following is an example of an internal threat?

3. Telnet is inherently unsecure because its communication is in plaintext and is easily intercepted. Which of the following is an acceptable alternative to Telnet?

4. Which of the following protocols can you use to securely manage a network device from a remote connection?

5. Which protocol does HTTPS use to offer greater security for web transactions?

6. You want to allow traveling users to connect to your private network through the internet. Users will connect from various locations, including airports, hotels, and public access points (like coffee shops and libraries). As such, you won't be able to configure the firewalls that might be controlling access to the internet in these locations.

Which of the following protocols is MOST likely to be allowed through the widest number of firewalls?

7. Which of the following protocols are often added to other protocols to provide secure data transmission? (Select two.)

8. Which of the following intrusion detection and prevention systems uses fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data?

Creating fake resources such as honeypots, honeynets, and tarpits fulfills which of the following main intrusion detection and prevention goals? (Select two.)

10. Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks.

You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches have been installed.

Which solution should you use?

11. A network utilizes a network access control (NAC) solution to defend against malware.

When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied.

What is this process called?

12. When analyzing assets, which analysis method assigns financial values to assets?

13. What is the main difference between vulnerability scanning and penetration testing?

14. A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses Nmap to probe various network hosts to see which operating system they are running.

Which process did the administrator use for the penetration test in this scenario?

16. Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?

17. Which of the following Security Orchestration, Automation, and Response (SOAR) system components helps to document the processes and procedures that are to be used by a human during a manual intervention?

18. You want to make sure that a set of servers only accepts traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers do not accept packets sent to those services.

Which tool should you use?

19. A security administrator logs on to a Windows server on her organization's network. Then she runs a vulnerability scan on that server.

Which type of scan did she conduct in this scenario?

20. You want to be able to identify the services running on a set of servers on your network. Which tool would BEST give you the information you need?

21. Five salespeople work out of your office. They frequently leave their laptops on the desks in their cubicles. You are concerned that someone might walk by and take one of these laptops.

Which of the following is the BEST way to address your concerns?

22. What is the primary benefit of CCTV?

23. Which of the following CCTV types would you use in areas with little or no light?

25. You want to use CCTV as a preventative security measure. Which of the following is a requirement for your plan?

26. Which of the following is the MOST important way to prevent console access to a network switch?

27. Which of the following controls is an example of a physical access control method?

28. Which of the following can you use to stop piggybacking from occurring at a front entrance where employees swipe smart cards to gain entry?

29. You are an IT consultant and are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following:

When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock.

The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet.

She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media.

You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace.

You notice that a router/firewall-content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks.

Which security-related recommendations should you make to this client? (Select two.)

30. Which of the following is a secure doorway that can be used with a mantrap to allow an easy exit but actively prevents re-entrance through the exit portal?

31. An organization's receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. Which type of social engineering is this individual engaging in?

32. What is the primary countermeasure to social engineering?

34. What is the definition of any attack involving human interaction of some kind?

35. Dumpster diving is a low-tech way of gathering information that may be useful for gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

36. You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that as part of a system upgrade, you need enter your username and password in a new website so you can manage your email and spam using the new service.

What should you do?

37. Which of the following is a common social engineering attack?

38. On your way into the back entrance of your work building one morning, a man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do?

39. Which of the following are examples of social engineering attacks? (Select two.)

40. A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule.

Which type of attack BEST describes the scenario?

41. While browsing the internet, you notice that the browser displays ads linked to recent keyword searches you performed.

Which attack type is this an example of?

42. What should you try first if your antivirus software does not detect and remove a virus?

43. Which of the following best describes spyware?

44. What is the main difference between a worm and a virus?

45. Which of the following BEST describes the key difference between DoS and DDoS?

46. Which type of denial-of-service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps hostnames to IP addresses?

47. Which of the following is an attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?

48. You are using a password attack that tests every possible keystroke for each single key in a password until the correct one is found. Which of the following technical password attacks are you using?

49. Which of the following is a text file that a website stores on a client's hard drive to track and record information about the user?

50. You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?

51. As you are helping a user with a computer problem, you notice that she has written her password on a note stuck to her computer monitor. You check your company's Password Policy and find that the following settings are currently required:

Minimum password length = 10

Minimum password age = 4

Maximum password age = 30

Password history = 6

Account lockout clipping level = 3

Require complex passwords that include numbers and symbols

Which of the following is the best action to take to make remembering passwords easier so that the user no longer has to write their password down?

52. A router on the border of your network detects a packet with a source address from an internal client, but the packet was received on the internet-facing interface.

Which attack form is this an example of?

53. What is spoofing?

54. Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

55. Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network?

56. Which of the following attacks can also be used to perform denial of service (DoS) attacks?

57. Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the BEST countermeasure for securing the captured network traffic?

58. Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against?

59. Which of the following is the MOST effective protection against IP packet spoofing on a private network?

60. Which of the following describes an on-path attack?

61. Which of the following attack types consists of capturing packets as they travel from one host to another with the intent of altering the contents?