Network Security

Question 1

An organization notices a large amount of malware and virus incidents at one satellite office, but hardly any at another. All users at both sites are running the same company image and receive the same group policies. Which of the following has MOST likely been
implemented at the site with the fewest security issues?
A. Consent to monitoring
B. Business continuity measures
C. Vulnerability scanning
D. End-user awareness training

Answer 1

D. End-user awareness training

Question 2

What describes a smurf attack?

Answer 2

The smurf attack is a DDOS attack in which large numbers of internet control message protocol (ICMP) packets with the intended victims spoofed source IP are broadcast to a computer network using an IP Broadcast address.

Question 3

A malicious user floods a switch with frames hoping to redirect traffic to the users server. Which of the following attacks is the user MOST likely using?
A. DNS poisoning
B. ARP poisoning
C. Reflection
D. SYN attack

Answer 3

B. ARP poisoning
( Form of attack in which an attacker changes the media access control(MAC) address and attacks an ethernet LAN by changing the target computers ARP cache with a a forged ARP request and reply packets.
This modifies the layer - Ethernet MAC address into the hackers known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hackers computer first instead of sending it t the original destination. As a result, both the users data and privacy are compromised. )

Question 4

An attacker has connected to an unused VoIP phone port to gain unauthorized access to a network. This is an example of which of the following attacks?
A. Smurf attack
B. VLAN hopping
C. Bluesnarfing
D. Spear phishing

Answer 4

B. VLAN hoping (The VoIP phone port can be used to attack a VLAn on the local network. VLAn hopping is a computer security exploit, a method of attacking networked resources on a virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attack hosts on a VLAN to gain access to traffic on other VLANS that would normally not be accessible.)

Question 5

A company has decided to update their usage policy to allow employees t o surf the web unrestricted from their work computers. Which of the following actions should the IT team implement to help protect the network from attack as a result of this new policy?
A. Install host-based anti-malware software
B. Implement MAC filtering on all wireless access points
C. Add an implicit deny to the core router ACL
D. Block port 80 outbound on the company firewall
E. Require users to utilize two-factor authentication

Answer 5

A. Install host-based anti-malware software

Question 6

A network technician has been tasked to configure a new network monitoring tool that will examine interface settings throughout various network devices. Which of the following would need to be configured on each network device to provide that information in a secure manner?
A. S/MIME
B. SYSLOG
C. PGP
D. SNMPv3
E. RSH

Answer 6

D. SNMPv3
( The network monitoring need to use a network management protocol. SNMP has become the de facto standard of network management protocols.)

Question 7

A technician wants to securely manage several remote network devices. Which of the following should be implemented to securely manage the device?
A. WPA2
B. IPv6
C. SNMPv3
D. RIPv2

Answer 7

C. SNMPv3

Question 8

A technician needs to secure web traffic for a new e-commerce website. Which of the following will secure traffic between a web browser and a website?
A. SSL
B. DNSSEC
C. WPA2
D. MTU

Answer 8

A. SSL
(Secure Sockets Layer provides cryptography and reliability for upper layers of the OSI model. SSL provide secure web browsing via hypertext transfer protocol secure.)

Question 9

A company has seen an increase in ransomware across the enterprise. Which of the following should be implemented to reduce the occurrences?
A. ARP inspection
B. Intrusion detection system
C. Web content filtering
D. Port filtering

Answer 9

C. Web content filtering

Question 10

A wireless network technician for a local retail store is installing encrypted access points within the store for real-time inventory verification, as well as remote price checking capabilities, while employees are away from the registers. The store is in a fully occupied
strip mall that has multiple neighbors allowing guest access to the wireless networks. There are a finite known number of approved handheld devices needing to access the store’s wireless network. Which of the following is the BEST security method to implement
on the access points?
A. Port forwarding
B. MAC filtering
C. TLS/TTLS
D. IP ACL

Answer 10

B. MAC filtering
( MAC filtering allows traffic to be permitted or denied based on a devices MAC address.We make a MAC filtering which contains the MAC addresses of all approved devices that need to access the wireless network. This ensures that only approved devices are
given access to the network. )

Question 11

A network technician has set up an FTP server for the company to distribute software updates for their products. Each vendor is provided with a unique username and password for security. Several vendors have discovered a virus in one of the security updates.
The company tested all files before uploading them but retested the file and found the virus. Which of the following could the technician do for vendors to validate the proper security patch?
A. Use TFTP for tested and secure downloads
B. Require biometric authentication for patch updates
C. Provide an MD5 hash for each file
D. Implement a RADIUS authentication

Answer 11

C. Provide an MD5 hash for each file

If we put an MD5 hash for each file we can see if the file has been changed or not. Used to verify data integrity.

Question 12

A technician needs to install software onto company laptops to protect local running services, from external threats. Which of the following should the technician install and configure on the laptops if the threat is network based?
A. A cloud-based antivirus system with a heuristic and signature based engine
B. A network based firewall which blocks all inbound communication
C. A host-based firewall which allows all outbound communication
D. A HIDS to inspect both inbound and outbound network communication

Answer 12

C. A host-based firewall which allows all outbound communications

Question 13

A firewall ACl is configured as follows:

• 10. Deny Any Trust to Any DMZ eq TCP ports 22
• 11. Allow 10.200.0.0/16 to Any DMZ eq to Any
• 12. Allow 10.0.0.0/8 to Any DMZ eq to Tcp ports 80, 443
• 13. Deny Any Trust to Any to Any DMZ eq to Any

A technician notices that users in the 10.200.0.0./16 network are unable to SSH into servers in the DMZ. The company wants 10.200.0.0/16 to be able to use any protocol, but restrict the rest of the 10.0.0.0/8 subnet to web browsing only. Reordering the ACL which of the following manners would meet the company’s objectives?

A. 11, 10, 12, 13
B. 12, 10, 11, 13
C. 13, 10, 12, 11
D. 13, 12, 11, 10

Answer 13

A. 11, 10, 12, 13

( ACLs are processed in TOP DOWN process in routers or switches. This means that when a condition in the ACL is met, all processing is stopped.

We start by allowing any protocol on the 10.200.0.0/16 subnet:11. Allow 10.200.0.0/16 to Any DMZ eq to Any
We then deny any traffic on TCP port 22:10. Deny Any Trust to Any DMZ eq to TCP port 22
We allow browsing (port 80 and 443) on the 10.0.0.0/8 subnet:Allow 10.0.0.0/8 to Any DMZ eq to TCP ports 80, 443
Finally we deny all other traffic:13. Deny Any Trust to Any DMZ eq to Any )