(3) Connect and Protect: Networks and Network Security Flashcards by Ho Sun Choe

To connect an entire city, the most effective network type would be a local area network (LAN).

True

False

To connect an entire city, the proper network type would be a WAN. A LAN is a network that spans a small area; a wide area network (WAN) spans a large geographical area.

How well did you know this?

Not at all

Perfectly

A security professional wants to ensure information is being broadcast to every computer on their organization’s network. What device should they investigate?

Modem

Router

Hub

Internet

Hub

They would use a hub. A hub is a network device that broadcasts information like a radio tower.

How well did you know this?

Not at all

Perfectly

What are some benefits of switches? Select all that apply.

They can improve network performance.

They control the flow of traffic.

They only pass data to the intended destination.

They automatically install device-protection software.

They can improve network performance.

They control the flow of traffic.

They only pass data to the intended destination.

How well did you know this?

Not at all

Perfectly

Fill in the blank: The practice of using servers, applications, and network services that are hosted on the internet is called _____ computing.

cloud

uploadable

connected

website

cloud

The practice of using servers, applications, and network services that are hosted on the internet is called cloud computing.

How well did you know this?

Not at all

Perfectly

What type of information is contained within the header of an IP packet?

An explanation of how the port number will be processed by the receiving device

The sender’s IP address, the size of the packet, and the protocol to use

The message that needs to be transmitted to the receiving device

A string of data indicating that the data transmission is complete

The sender’s IP address, the size of the packet, and the protocol to use

How well did you know this?

Not at all

Perfectly

What characteristics do the TCP/IP and OSI models share? Select all that apply.

Both models define standards for networking and divide the network communication process into different layers.

Both models include an application and a transport layer.

Both models illustrate network processes and protocols for data transmission between two or more systems.

Both models have 7 layers.

Both models define standards for networking and divide the network communication process into different layers.

Both models include an application and a transport layer.

Both models illustrate network processes and protocols for data transmission between two or more systems.

How well did you know this?

Not at all

Perfectly

What is the Transmission Control Protocol (TCP)?

An internet communication convention

A unique address that every device on a network is assigned

A software application that organizes data

Guidelines for proper network operations

An internet communication convention

The TCP is an internet communication convention, or protocol. It allows two devices to form a connection and stream data.

How well did you know this?

Not at all

Perfectly

Fill in the blank: A _____ is a software-based location that organizes the sending and receiving of data between devices on a network.

port

packet

channel

segment

port

A port is a software-based location that organizes the sending and receiving of data between devices on a network.

How well did you know this?

Not at all

Perfectly

Which layer of the TCP/IP model has protocols that organize file transfers and email services?

Transport layer

Application layer

Network access layer

Internet layer

Application layer

The application layer has protocols that organize file transfers and email services. It does this by determining how data packets will interact with receiving devices. The application layer is the fourth layer in the TCP/IP model.

How well did you know this?

Not at all

Perfectly

Fill in the blank: An Internet Protocol (IP) address is a unique string of characters that identifies the _____ of a device on the internet.

location

operating system

speed

size

location

An IP address is a unique string of characters that identifies the location of a device on the internet.

How well did you know this?

Not at all

Perfectly

Which of the following is an example of an IPv4 address?

25, 443, 20

00-B1-D0-63-C2-26

172.16.254.1

2001:0db8:85a3:0000:0000:8a2e:0370:7336

172.16.254.1

An example of an IPv4 address is 172.16.254.1. IPv4 addresses are written as four, 1-3-digit numbers separated by decimal points. Each one can contain the values 0-255.

How well did you know this?

Not at all

Perfectly

What type of address is assigned by an internet service provider and connected to a geographic location?

WAN address

MAC address

Public IP address

Private IP address

Public IP address

A public IP address is assigned by an internet service provider and shared by all devices on a local area network. It is connected to geographic location. All communications from devices in the same local area have the same public-facing address due to network address translation or a forwarding proxy.

How well did you know this?

Not at all

Perfectly

Fill in the blank: A switch uses a MAC _____ to direct data packets to the correct device.

address table

geographic location

home network

public address

address table

A switch uses a MAC address table to direct data packets to the correct device.

How well did you know this?

Not at all

Perfectly

What is the term for a group of connected devices?

Hub

Cloud

Protocol

Network

How well did you know this?

Not at all

Perfectly

Which network device connects multiple networks together?

A modem

A hub

A router

A switch

A router

How well did you know this?

Not at all

Perfectly

Which of the following statements accurately describe switches? Select all that apply.

When a switch receives a data packet, it reads the MAC address of the destination device and maps it to a port.

Some benefits to switches are effective control of traffic flow and improved network performance.

Switches are less secure than hubs.

A switch is a device that makes connections between specific devices on a network by sending and receiving data between them.

When a switch receives a data packet, it reads the MAC address of the destination device and maps it to a port.

Some benefits to switches are effective control of traffic flow and improved network performance.

A switch is a device that makes connections between specific devices on a network by sending and receiving data between them.

How well did you know this?

Not at all

Perfectly

Which of the following are benefits for businesses that are considering using a cloud service provider (CSP)? Select all that apply.

CSP remote servers allow online services to be accessed from any location.

CSPs provide business analytics to monitor web traffic and sales.

CSPs offer on-demand storage.

CSP data and devices are more secure because they are stored locally.

CSP remote servers allow online services to be accessed from any location.

CSPs provide business analytics to monitor web traffic and sales.

CSPs offer on-demand storage.

How well did you know this?

Not at all

Perfectly

What is the purpose of the protocol number of a data packet?

To contain the IP and MAC addresses

To identify the message to be transmitted to the receiving device

To signal to the receiving device that the packet is finished

To tell the receiving device what to do with the information in the packet

How well did you know this?

Not at all

Perfectly

What are the three main categories of services that CSPs provide? Select all that apply.

Infrastructure as a service (IaaS)

Desktop as a service (DaaS)

Platform as a service (PaaS)

Software as a service (SaaS)

Infrastructure as a service (IaaS)

Platform as a service (PaaS)

Software as a service (SaaS)

How well did you know this?

Not at all

Perfectly

Which port is used for secure internet communication?

443

How well did you know this?

Not at all

Perfectly

Which layer in the TCP/IP model is used to inspect the flow of traffic across a network?

Layer 1, network access

Layer 2, internet

Layer 3, transport

Layer 4, application

Layer 3, transport

How well did you know this?

Not at all

Perfectly

Fill in the blank: 127.0.0.1 is an example of an ___ address.

IPv4

MAC

IPv6

Ethernet

IPv4

How well did you know this?

Not at all

Perfectly

Which of the following addresses is an accurate IPv6 address?

fda2:7360:1e5b:e8f5:a69f:c8bd:1b3e:2578

a634:b123:cd34:3f56:0023:2345:7890:0000:ffff

fda2::7361:135b::38f5:c8bd:1b3e:2578

a360::abf7:h234:0011:g126:1130::ffj2

fda2:7360:1e5b:e8f5:a69f:c8bd:1b3e:2578

How well did you know this?

Not at all

Perfectly

Fill in the blank: Network protocols are rules used by two or more devices on a network to describe the _____ and structure of data.

order of delivery

optimum speed

access level

maximum size

order of delivery

Network protocols are rules used by two or more devices on a network to describe the order of delivery and the structure of data.

How well did you know this?

Not at all

Perfectly

Which network protocol provides a secure method of communication between clients and web servers? DNS ARP HTTPS TCP

HTTPS Hypertext transfer protocol secure (HTTPS) provides a secure method of communication between clients and web servers. HTTPS uses digital certificates to perform authentication and can operate over TCP ports 443 and 80.

To keep information safe from malicious actors, what security protocol can be used? Secure sockets layer and transport layer security (SSL/TLS) Domain name system (DNS) Address resolution protocol (ARP) Transmission control protocol (TCP) Correct To keep information safe from malicious actors, SSL/TLS can be used. It secures hypertext transfer protocol (HTTP) transactions, which is known as hypertext transfer protocol secure (HTTPS).

Secure sockets layer and transport layer security (SSL/TLS) To keep information safe from malicious actors, SSL/TLS can be used. It secures hypertext transfer protocol (HTTP) transactions, which is known as hypertext transfer protocol secure (HTTPS).

IEEE 802.11, also known as Wi-Fi, is a set of standards that define communication for wireless LANs. True False

True IEEE 802.11, also known as Wi-Fi, is a set of standards that define communication for wireless LANs.

What monitors and filters traffic coming in and out of a network? Firewall Domain name system (DNS) Forward proxy server Uncontrolled zone

Firewall A firewall monitors and filters traffic coming in and out of a network. It either allows or denies traffic based on a defined set of security rules.

Stateless is a class of firewall that keeps track of information passing through it and proactively filters out threats. True False

False Stateful is a class of firewall that keeps track of information passing through it and proactively filters out threats. Stateless operates based on predefined rules and does not keep track of information from data packets.

Fill in the blank: Encapsulation can be performed by a _____ to help protect information by wrapping sensitive data in other data packets. VPN service firewall proxy server security zone

VPN service Encapsulation can be performed by a VPN service to help protect information by wrapping sensitive data in other data packets. VPNs change a public IP address and hide a virtual location to keep data private when using a public network.

Which security zone is used to ensure highly confidential information and is only accessible to employees with certain privileges? Management zone Uncontrolled zone Demilitarized zone (DMZ) Restricted zone

Restricted zone The restricted zone protects highly confidential information that only people with certain privileges can access. It typically has a separate firewall.

Fill in the blank: A security analyst uses a _____ to regulate and restrict access to an internal server from the internet. This tool works by accepting traffic from external parties, approving it, and forwarding it to internal servers. port filter forward proxy server controlled zone reverse proxy server

reverse proxy server A security analyst uses a reverse proxy server to regulate and restrict access to an internal server from the internet. This tool works by accepting traffic from external parties, approving it, and forwarding it to internal servers.

What network protocol helps data get to the right place by determining the MAC address of the next router or device on its path? Secure Sockets Layer/Transport Layer Security (SSL/TLS) Transmission Control Protocol (TCP) Hypertext Transfer Protocol Secure (HTTPS) Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP)

Which of the following statements accurately describe wireless protocols? Select three answers. WPA is a wireless security protocol pertaining to connecting to the internet. Wi-Fi protocols provide significantly lower security levels than wired connections. The set of standards IEEE 802.11 is also referred to as Wi-Fi. The Institute of Electrical and Electronics Engineers maintains Wi-Fi standards.

WPA is a wireless security protocol pertaining to connecting to the internet. The set of standards IEEE 802.11 is also referred to as Wi-Fi. The Institute of Electrical and Electronics Engineers maintains Wi-Fi standards.

A firewall administrator installs a firewall function to either block or allow certain port numbers to limit unwanted communication. What function does this scenario describe? Port filtering Organizing data packets Location masking Using cloud-based firewalls

Port filtering

Which of the following types of firewalls can perform deep packet inspection and intrusion detection? Stateless firewall Stateful firewall Documented firewall Next generation firewall (NGFW)

Next generation firewall (NGFW)

How do VPNs preserve confidentiality? Monitor traffic to and from a network Translate internet domain names to IP addresses Encrypt data in transit Use temporary memory to store data requested by external servers

Encrypt data in transit

Which of the following does encapsulation protect? proxy servers data in transit cryptographic keys public IP addresses

data in transit

What network zone contains the internet and other services that are outside of an organization’s control? Controlled Demilitarized Restricted Uncontrolled

Uncontrolled

What network zone acts as a network perimeter to the internal network by isolating servers that are exposed to the internet? Demilitarized zone Restricted zone Virtual private network Uncontrolled zone

Demilitarized zone

Which of the following services client requests by forwarding them to other servers? Router Proxy server Firewall Virtual private network (VPN)

Proxy server

Which of the following statements accurately describe forward and reverse proxy servers? Select three answers. Forward proxy servers receive outgoing traffic from an employee, approve it, then forward it to its destination on the internet. Reverse proxy servers work by hiding a user’s IP address and approving all outgoing requests. Reverse proxy servers accept traffic from external parties, approve it, then forward it to internal servers. Forward proxy servers regulate and restrict a person’s access to the internet.

Forward proxy servers receive outgoing traffic from an employee, approve it, then forward it to its destination on the internet. Reverse proxy servers accept traffic from external parties, approve it, then forward it to internal servers. Forward proxy servers regulate and restrict a person’s access to the internet.

What type of attack uses multiple devices or servers in different locations to flood the target network with unwanted traffic? Distributed Denial of Service (DDoS) attack Phishing attack Tailgating attack Denial of Service (DoS) attack

Distributed Denial of Service (DDoS) attack A DDoS attack uses multiple devices or servers in different locations to flood the target network with unwanted traffic.

What type of attack poses as a TCP connection and floods a server with packets simulating the first step of the TCP handshake? SYN flood attack SYN-ACK flood attack ICMP flood On-path attack

SYN flood attack A SYN flood attack poses as a TCP connection and floods a server with packets simulating the first step of the TCP handshake. This overwhelms the server, making it unable to function.

Fill in the blank: The Denial of Service (DoS) attack _____ is caused when a hacker sends a system an ICMP packet that is bigger than 64KB. Ping of Death On-path SYN flood ICMP flood

Ping of Death The DoS attack Ping of Death is caused when a hacker sends a system an ICMP packet that is bigger than 64KB.

Which types of attacks take advantage of communication protocols by sending an overwhelming number of requests to a server? Select all that apply. SYN flood attack Tailgating attack ICMP flood attack TCP connection attack

SYN flood attack ICMP flood attack ICMP flood and SYN flood attacks take advantage of communication protocols by sending an overwhelming number of requests to a server.

Passive packet sniffing involves data packets being manipulated while in transit, which may include injecting internet protocols to redirect the packets to unintended ports or changing the information the packet contains. True False

False Active packet sniffing is a type of attack that involves data packets being manipulated while in transit. This can include injecting internet protocols to redirect the packets to unintended ports or changing the information the packet contains. Passive packet sniffing is a type of attack where data packets are read in transit.

Fill in the blank: A security analyst can protect against malicious packet sniffing by _____ to encrypt data as it travels across a network. using free public Wi-Fi using a VPN using only websites with HTTP at the beginning of their domain addresses using a network hub

using a VPN A security analyst can protect against malicious packet sniffing by using a VPN to encrypt data as it travels across a network. A VPN is a network security service that changes a public IP address and hides a virtual location to keep data private when using a public network.

Which type of attack involves an attacker changing the source IP of a data packet to impersonate an authorized system and gain access to the network? Ping of death Replay attack On-path attack IP spoofing

IP spoofing IP spoofing involves an attacker changing the source IP of a data packet to impersonate an authorized system and gain access to the network.

Which of the following statements accurately describes a smurf attack? A DoS attack that is caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than the maximum size A network attack performed when an attacker intercepts a data packet in transit and delays it or repeats it at another time A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets A DoS attack performed by an attacker repeatedly sending ICMP packets to a network server

A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets A smurf attack is a network attack performed when an attacker sniffs an authorized user’s IP address and floods it with packets. It is a combination of a DDoS attack and an IP spoofing attack.

What do network-level Denial of Service (DoS) attacks target? All hardware within an organization Commonly used software applications Network bandwidth The personal information of employees

Network bandwidth

Fill in the blank: A _____ attack uses multiple devices in different locations to flood the target network with unwanted traffic. Distributed Denial of Service (DDoS) Tailgating Ping of death ICMP flood

Distributed Denial of Service (DDoS)

A security team discovers that an attacker has taken advantage of the handshake process that is used to establish a TCP connection between a device and their server. Which DoS attack does this scenario describe? Ping of Death On-path attack SYN flood attack ICMP flood

SYN flood attack

Which type of attack occurs when a malicious actor sends an oversized ICMP packet to a server? on-path SYN flood smurf Ping of Death

Ping of Death

Which type of packet sniffing allows malicious actors to view and read data packets in transit? Passive packet sniffing Active packet sniffing IP packet interception Hardware packet sniffing

Passive packet sniffing

A malicious actor changes to the source IP of a data packet in order to communicate over an organization's internal network. Which type of attack is this? Ping of Death IP spoofing Active packet sniffing Passive packet sniffing

IP spoofing

Fill in the blank: To reduce the chances of an IP spoofing attack, a security analyst can configure a _____ to reject all incoming traffic with the same source IP addresses as those owned by the organization. firewall HTTPS domain address demilitarized zone VPN

firewall

A malicious actor impersonates a web browser or web server by placing themselves between two devices, then sniffing the packet information to discover the IP and MAC addresses. Which type of attack is this? Packet flooding attack Malware attack Smurf attack On-path attack

On-path attack

A malicious actor intercepts a network transmission that was sent by an authorized user and repeats it at a later time to impersonate a user. Which type of attack is this? SYN flood replay smurf on-path

replay

Fill in the blank: A ___ attack happens when a malicious actor sniffs an authorized user’s IP address and floods it with packets. On-path attack Smurf attack Ping of Death Replay attack

Smurf attack

Fill in the blank: The _____ acts as an intermediary between software applications and computer hardware. access system operating system authorized user baseline

operating system The operating system acts as an intermediary between software applications and computer hardware.

Which of the following activities are security hardening tasks? Select all that apply. Making patch updates Enforcing password policies Exploiting an attack surface Disposing of hardware and software properly

Making patch updates Enforcing password policies Disposing of hardware and software properly Making patch updates, disposing of hardware and software properly, and enforcing password policies are security hardening tasks. Security hardening is the process of strengthening a system to reduce its vulnerability and attack surface.

Multifactor authentication (MFA) is a security measure that requires a user to verify their identity in at least two ways before they can access a system or network. True False

True MFA is a security measure that requires a user to verify their identity in at least two ways before they can access a system or network.

What are examples of physical security hardening? Select all that apply. Installing security cameras Hiring security guards Removing or disabling unused applications Reducing access permissions across devices

Installing security cameras Hiring security guards Physical security is also a part of security hardening and may include securing a physical space with security cameras and security guards.

Fill in the blank: Security teams can use _____ to examine network logs and identify events of interest. security information and event management (SIEM) tools network segmentation baseline configuration port filtering

security information and event management (SIEM) tools Security teams can use security information and event management (SIEM) tools to examine network logs and identify events of interest. SIEM tools collect and analyze log data to monitor critical activities in an organization.

What is a basic principle of port filtering? Allow users access to only areas of the network that are required for their role. Block all ports in a network. Disallow ports that are used by normal network operations. Allow ports that are used by normal network operations.

Allow ports that are used by normal network operations. A basic principle of port filtering is to allow ports that are used by normal network operations. Any port that is not being used by the normal network operations should be disallowed to protect against vulnerabilities.

A security professional creates different subnets for the various departments in their business, ensuring users have access that is appropriate for their particular roles. What does this scenario describe? Network log analysis Network segmentation Patch updates Firewall maintenance

Network segmentation This scenario describes network segmentation, which involves creating isolated subnets for different departments in an organization.

Data in restricted zones should have the same encryption standards as data in other zones. True False

False Restricted zones on a network, which contain highly classified or confidential data, should have much higher encryption standards than data in other zones to make them more difficult to access.

Fill in the blank: A key distinction between cloud and traditional network hardening is the use of a server baseline image, which enables security analysts to prevent _____ by comparing data in cloud servers to the baseline image. improper resource storage slow speeds unverified changes damaged data

unverified changes A key distinction between cloud and traditional network hardening is the use of a server baseline image, which enables security analysts to prevent unverified changes by comparing data in cloud servers to the baseline image.

Data and applications on cloud networks do not need to be separated based on their service category, such as their age or internal functionality. True False

False Similar to OS hardening, data and applications on a cloud network should be kept separate depending on their service category. For example, older applications should be kept separate from new applications. And software that deals with internal functions should be kept separate from front-end applications seen by users.

Who is responsible for ensuring the safety of cloud networks? Select all that apply. Cloud service provider Research department Security team Individual users

Cloud service provider Security team Both the organization’s security team and its cloud service provider are responsible for ensuring the safety of cloud networks.

Fill in the blank: _____ cloud services are a common source of cloud security issues. Misconfigured Unauthorized Shared Managed

Misconfigured Misconfigured cloud services are a common source of cloud security issues.

Fill in the blank: ____ is the process of strengthening a system to reduce its vulnerability and attack surface. Security hardening Network hardening Port filtering SIEM

Security hardening

What is the term for all the potential system vulnerabilities that a threat actor could exploit? Risk Security challenge Security architecture Attack surface

Attack surface

Fill in the blank: Hiring a security guard is an example of a _____ security hardening practice. network-focused physical virtual software-based

physical

A company’s executive team approves a proposal by the security director. The proposal involves security professionals simulating an attack on the company’s systems in order to identify vulnerabilities. What does this scenario describe? Packet sniffing Penetration testing A Distributed Denial of Service (DDoS) attack The Ping of Death

Penetration testing

Which of the following statements accurately describe OS hardening tasks? Select three answers. Multi-factor authentication is a security measure requiring users to change passwords every month. Some OS hardening tasks are performed at regular intervals, while others are performed only once. OS hardening is a set of procedures that maintain and improve OS security. When disposing of software, it is a best practice to delete any unused applications.

Some OS hardening tasks are performed at regular intervals, while others are performed only once. OS hardening is a set of procedures that maintain and improve OS security. When disposing of software, it is a best practice to delete any unused applications.

Fill in the blank: A/An _____ is a documented set of specifications within a system that is used as a basis for future builds, releases, and updates network segment internet control message protocol update baseline configuration virtual private network installation

baseline configuration

Fill in the blank: The security measure _____ requires a user to verify their identity in two or more ways to access a system or network. network log analysis password policy multifactor authentication (MFA) baseline configuration

multifactor authentication (MFA)

In what way might port filtering be used to protect a network from an attack? By helping analysts inspect, analyze, and react to security events based on their priority By blocking or allowing certain port numbers in order to limit unwanted communication By creating isolated subnets for each of the various departments within an organization By increasing the attack surface within a business network

By blocking or allowing certain port numbers in order to limit unwanted communication

Fill in the blank: Security analysts use ____ to create isolated subnets for different departments in an organization. cloud hardening network segmentation patch updating penetration testing

network segmentation

How can a security professional confirm that no unverified changes have occurred within a cloud server? Perform a penetration test Compare the server baseline image to the data in cloud servers Use port filtering to block or allow certain updates Establish multifactor authentication (MFA)

Compare the server baseline image to the data in cloud servers