Communication and Network Security

Question 1

Q. 1 The purpose of intrusion detection is

To detect attacks and other anomalies
Your selection is incorrect
To make sure that people aren’t trying to tailgate through security entrances
To verify that the honeypot or honeynet is working correctly
To detect hacking attempts that the firewall misses

Answer 1

A.
[Communication and Network Security] Intrusion detection identifies intrusion attempts, attacks, and other anomalies on the host or network.

Question 2

Q. 2  Which of the following are examples of encapsulation protocols? Drag and drop the correct answer(s) from top to bottom.
PGP
IPSec
L2TP
SMTP
PPP
SLIP

Answer 2

IPSec
SLIP
PPP
L2TP

[Communication and Network Security] The Simple Mail Transfer Protocol (SMTP) is used to send email; it is not an encapsulation protocol. Pretty Good Privacy (PGP) is a data encryption program; it is not an encapsulation protocol.

Question 3

Q. 3 Which of the following cable types is most difficult to tap by eavesdroppers?

Fiber optic
UTP
Coax
STP

Answer 3

Fiber optic

A. [Communication and Network Security] Unshielded twisted pair (UTP), shielded twisted pair (STP), and coax cables all are relatively easy for an eavesdropper to tap. Fiber optic cable is more difficult to tap because it requires specialized equipment to tap light media and the fiber optic cable can be easily damaged, which would make eavesdropping activity easily detectable.

Question 4

Q. 4 Which of the following are link-state routing protocols? Drag and drop the correct answer(s) from top to bottom.

RIP
BGP
IS-IS
OSPF

Answer 4

IS-IS
OSPF

[Communication and Network Security] Routing Information Protocol (RIP) is a distance vector routing protocol. Border Gateway Protocol (BGP) is distance vector (or path vector) routing protocol.

Question 5

Q. 5 An access control list is NOT used by

A firewall or screening router to determine which packets should pass through
A router to determine which administrative nodes may access it
A bastion host to determine which network services should be permitted
A client system to record and save passwords

Answer 5

A client system to record and save passwords

D.
[Communication and Network Security] Access control lists (ACLs) commonly are used on firewalls, routers, and bastion hosts. ACLs are not used to save passwords on a computer.

Question 6

Q. 6 The purpose of a bastion host is to

Be a backup firewall in case the main firewall fails or becomes overloaded
Host Internet-facing services
Serve as the security management server
Serve as the firewall management server

Answer 6

Host Internet-facing services

[Communication and Network Security] A bastion host is used to host Internet-facing services, such as a website or domain name service (DNS) server.

Question 7

Q. 7 PAP is considered a weak authentication protocol because

It uses a static password that’s not encrypted
It uses a changing, but predictable, password that’s not encrypted
Its session keys are easily guessed
Only the first four characters of the password are significant

Answer 7

It uses a static password that’s not encrypted

[Communication and Network Security] Password Authentication Protocol (PAP) uses a static password that is not encrypted.

Question 8

Q. 8 Wardriving is the term used to describe

Aggressive driving
Sniffing wireless networks to look for vulnerabilities
Running multiple concurrent port scanning tools on a system
Running Call of Duty™ on a gigabit Ethernet

Answer 8

Sniffing wireless networks to look for vulnerabilities

[Communication and Network Security] War driving is similar to war dialing; an individual uses a wireless mobile device and special software while driving or roaming around looking for vulnerable WiFi networks.

Question 9

Q. 9 A disadvantage of signature-based intrusion detection is that

It can’t recognize unknown attacks
It detects intrusions only on hosts, not on networks
It detects intrusions only on networks, not on hosts
It can detect only mechanized attacks, not hacker attack

Answer 9

It can’t recognize unknown attacks

[Communication and Network Security] Signature-based IDS only can detect attacks that are defined in its signature file. Therefore, it is of limited effectiveness for zero-day threats.

Question 10

Q. 10 Operational security issues associated with virtualized environments include which of the following? Drag and drop the correct answer(s) from top to bottom. Keep the correct answers in alphabetical order.

Dynamic DNS
Dormant VMs
Hypervisor Incompatibility
Network Visibilty
VM sprawl

Answer 10

Dormant VMs
VM sprawl
Network Visibilty

[Communication and Network Security] The rapid and often unmanaged (uncontrolled) growth of VMs in the data center (VM sprawl), VMs that aren’t actively running and therefore not regularly patched (dormant VMs), and a lack of network visibility to multiple VMs running on a physical host are all operational security issues associated with virtualized environments.

Question 11

Q. 11 The ping command sends

IGRP Echo Reply packets
IGRP Echo Request packets
ICMP Echo Request packets
UDP Echo Request packets

Answer 11

ICMP Echo Request packets

[Communication and Network Security] Packet Internet Groper (ping) is an Internet Control Message Protocol (ICMP) command that sends Echo Reply packets.

Question 12

Q. 12 Which of the following are private circuit technologies? Drag and drop the correct answer(s) from top to bottom.

MPLS
E1
T3
xDSL

Answer 12

E1
T3
xDSL

[Communication and Network Security] Multiprotocol label switching (MPLS) is a type of data-carrying technique commonly used on carrier networks. It is not a private circuit technology.

Question 13

Q. 13 The biggest disadvantage of callback security is

The caller can call only from a predetermined location
It only works in networks that support caller ID
It’s vulnerable to replay attack
It works only in networks that support *69 functionality

Answer 13

The caller can call only from a predetermined location

[Communication and Network Security] Callback security associates a dial-in user with a callback phone number, which requires the caller to call from a predetermined phone number (location).

Question 14

Q. 14 A security engineer has determined that a Wi-Fi access point uses the WEP protocol and broadcasts its SSID. The best course of action is

Change to WPA2
Turn off broadcast
Change to WPA2 and turn off broadcast
Add MAC address access control

Answer 14

Change to WPA2 and turn off broadcast

[Communication and Network Security] Implementing the WiFi Protected Access 2 (WPA2) security protocol and turning off SSID broadcasting is the most secure solution.

Question 15

Q. 15 What’s the purpose of NAT?

To convert a session’s private IP address to a public address
To detect spoofed IP packets
To counterattack hacking attempts
To facilitate court-ordered wiretaps

Answer 15

To convert a session’s private IP address to a public address

[Communication and Network Security] Network Address Translation (NAT) is used to convert private, non-routable IP addresses into routable public IP addresses.

Question 16

Q. 16 The primary security benefit of a switched LAN versus a shared-media LAN is

Switches don’t transmit spoofed IP packets
Broadcast packets are sent only to nodes on the local switch
Unlike a shared-media LAN, a network sniffer can’t capture all switched LAN traffic
Switches aren’t vulnerable to broadcast storms

Answer 16

Unlike a shared-media LAN, a network sniffer can’t capture all switched LAN traffic

[Communication and Network Security] Traffic on a switched LAN is sent only to the physical switch port associated with the destination node. A shared-media LAN broadcasts traffic across ports.

Question 17

Q. 17 Which of the following are examples of protocols used to create a VPN? Drag and drop the correct answer(s) from top to bottom.

IPSec
L2TP
P2P
PPTP
MAC
SSL

Answer 17

IPSec
SSL
PPTP
L2TP

Communication and Network Security] P2P is not a VPN protocol standard; it refers to a point-to-point network connection or a peer-to-peer distributed application architecture. Media access control (MAC) is a physical hardware address, not a VPN protocol standard.

Question 18

Q. 18 A disadvantage of host-based intrusion detection is that

Event correlation isn’t possible
It can’t detect broadcast packets
It consumes resources on the host
It can perform only signature-based detection

Answer 18

It consumes resources on the host

[Communication and Network Security] Host-based IDS consumes resources on the host because the IDS must analyze potentially high volumes of network traffic.

Question 19

Q. 19 The main disadvantage of signature-based intrusion detection is

It’s considerably more expensive than linguistic intrusion detection
Some hackers are good at forging other people’s signatures
Signatures must be kept up-to-date
Handwriting samples are inconsistent and not always legible

Answer 19

Signatures must be kept up-to-date

[Communication and Network Security] Like antivirus (anti-malware) software, signature-based intrusion detection systems must be frequently updated to be effective against new and evolving (zero-day) threats.

Question 20

Q. 20 Which of the following is NOT true of an Ethernet network?

Ethernet is a broadcast medium
Ethernet is a switched medium
IP addresses can be forged on an Ethernet network
MAC addresses can be forged on an Ethernet network

Answer 20

Ethernet is a broadcast medium

[Communication and Network Security] Ethernet is a switched medium; it is not a broadcast medium.

Question 21

Q. 21 The purpose of Layer 1 in the OSI model is to

Transmit and receive bits
Sequence packets and calculate checksums
Perform application-to-application communications
Transmit and receive frames

Answer 21

Transmit and receive bits

[Communication and Network Security] The Physical layer (Layer 1) in the OSI model is concerned with sending and receiving bits.

Question 22

Q. 22 Which of the following are basic types of wireless antennas? Drag and drop the correct answer(s) from top to bottom.

omnidirectional
Parabolic
Sectorized
Compartmentalized
Anabolic
Yagi

Answer 22

omnidirectional
Parabolic
Sectorized
Yagi

[Communication and Network Security] Compartmentalized and anabolic are not antenna types.

Question 23

Q. 23 Which of the following are examples of routed protocols? Drag and drop the correct answer(s) from top to bottom.

OSPF
EIGRP
BGP
IPX

Answer 23

IPX

[Communication and Network Security] Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and Border Gateway Protocol (BGP) are all routing protocols, not routed protocols.

Question 24

Q. 24 Which of the following authentication technologies are commonly used in federated environments? Drag and drop the correct answer(s) from top to bottom.

OAuth
OTP
OpenID
SAML
API
SSO

Answer 24

OAuth
OTP
OpenID
SAML
SSO

[Identity and Access Management] Neither one-time passwords (OTPs) nor application programming interfaces (APIs) are authentication technologies.

Question 25

Q. 25 A system used to identify anomalies on a network is known as a Protocol analyzer Network-based intrusion detection system Signature-based intrusion prevention system Packet sniffer

Answer 25

Network-based intrusion detection system [Communication and Network Security] A network-based IDS is used to detect possible intrusions based on signature- or anomaly-based methods.

Question 26

Q. 26 Stateful inspection firewalls Are no longer used because all network traffic is stateless Record the state of each packet in their logs Are more CPU intensive than simple packet-filtering firewalls Are easy to manage because their rule sets are self-healing

Answer 26

Are more CPU intensive than simple packet-filtering firewalls [Communication and Network Security] Stateful inspection firewalls require more CPU power than packet-filtering firewalls because they maintain state information about all active sessions traversing the firewall.

Question 27

Q. 27 132.116.72.5 is a(n) MAC address IPv4 address Subnet mask IPv6 address

Answer 27

IPv4 address [Communication and Network Security] An IP address is a 32-bit numeric address separated into four octets.

Question 28

Q. 28 TCP is a poor choice for streaming video because It’s too bursty for large networks Acknowledgement and sequencing add significantly to its overhead Checksums in video packets are meaningless TCP address space is nearly exhausted

Answer 28

Acknowledgement and sequencing add significantly to its overhead [Communication and Network Security] TCP is a connection-oriented protocol that adds overhead to guarantee delivery, sequencing, and acknowledgement of packets that are sent over a network, which typically is not necessary for streaming video communications.

Question 29

Q. 29 10.20.30.40 is an example of A Boolean operator on a complex firewall rule A subnet mask The default step function for VPN encryption A private, non-routable IP address

Answer 29

A private, non-routable IP address [Communication and Network Security] Private, non-routable IP addresses include addresses in the following ranges: 10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255, and 192.168.0.0 – 192.168.255.255.

Question 30

Q. 30 SMTP is used to Transmit network management messages Tunnel private sessions through the Internet Simulate modems Transport email

Answer 30

Transport email [Communication and Network Security] The Simple Mail Transfer Protocol (SMTP) is used to send email messages on the Internet.

Question 31

Q. 31 04:c6:d1:45:87:E8 is a(n) MAC address IPv4 address Subnet mask IPv6 address

Answer 31

MAC address [Communication and Network Security] A media access control (MAC) address is a 48-bit hardware or physical address separated in 6 byte segments.

Question 32

Q. 32 A denial of service attack Is the result when an administrator disables unnecessary network services Is designed to prevent legitimate users from being able to use a resource Occurs when a user lacks sufficient security credentials Is when an intruder replays a previous session to establish non-repudiation

Answer 32

Is designed to prevent legitimate users from being able to use a resource [Communication and Network Security] A denial of service (DOS) attack denies the availability of a system, application, or network from legitimate users.

Question 33

Q. 33 Which of the following diagrams depicts a private, non-routable IP address? Click one of the four panels below to select your answer choice. 00: 50:56:b8:03:bb 172. 16.256.12 192. 168.250.24 172. 15.222.22

Answer 33

192.168.250.24 [Communication and Network Security] 192.168.250.24 is an example of a private, non-routable Class C address in the range 192.168.0.0 to 192.168.255.255.

Question 34

Q. 34 The Routing Information Protocol (RIP) uses which of the following methods to prevent routing loops? Drag and drop the correct answer(s) from top to bottom. ``` Dual homing Route poisoning Event horizon Holddown timers Split horizon ```

Answer 34

Holddown timers Split horizon [Communication and Network Security] Split horizon and holddown timers are valid techniques used to prevent routing loops in Routing Information Protocol (RIP) networks.

Question 35

Q. 35 Which of the following are examples of converged protocols? Drag and drop the correct answer(s) from top to bottom. ``` FCoe SSL DNP3 BGP iSCSI MPLS SIP ```

Answer 35

FCoe iSCSI MPLS SIP [Communication and Network Security] Session Initiation Protocol (SIP), Internet Small Computer System Interface (iSCSI) Fiber Channel over Ethernet (FCoE), and Multiprotocol Label Switching (MPLS) are converged protocols. Border Gateway Protocol (BGP) is a routing protocol. Distributed Network Protocol (DNP3) is a set of communications protocols used between components in process automation systems.

Question 36

Q. 36 The core component of virtualization technology which runs between a hardware kernel and an operating system is the Hypervisor Flux capacitor Software kernel API

Answer 36

Hypervisor [Communication and Network Security] The hypervisor abstracts the hardware kernel from the operating system in virtualized environments.

Question 37

Q. 37 What’s the purpose of RARP? When given an IP address, RARP returns a MAC address When given a MAC address, RARP returns an IP address It traces the source address of a spoofed packet It determines the least cost route through a multipath network

Answer 37

When given a MAC address, RARP returns an IP address [Communication and Network Security] The Reverse Address Resolution Protocol (RARP) is used to translate a MAC address to a IP address.

Question 38

Q. 38 Which of the following diagrams depicts an IPv6 address? 2016:db6::8000:ac12:fe01 192.168.12.220 00:50:56:b8:03:bb E3:52:9D:B1

Answer 38

2016:db6::8000:ac12:fe01 [Communication and Network Security] An IPv6 address is represented as eight groups of four hexadecimal digits with each group representing 16 bits (two octets) and separated by a colon.

Question 39

Q. 39 Common anti-malware approaches include which of the following? Drag and drop the correct answer(s) from top to bottom. ``` Neural-based Anomaly-based Application whitelisting Container-based Email notification Signature-based ```

Answer 39

Anomaly-based Application whitelisting Container-based Signature-based [Communication and Network Security] Neural-based and email notification are not valid anti-malware approaches. Signature-based (most common), anomaly-based, application whitelisting, and container-based anti-malware approaches are commonly used.

Question 40

Q. 40 UDP is sometimes called the “unreliable data protocol” because It works only on low-speed wireless LANs UDP packets rarely get through because they have a low priority Few people know how to program UDP The UDP protocol does not guarantee delivery

Answer 40

The UDP protocol does not guarantee delivery [Communication and Network Security] UDP is a connectionless protocol that does not guarantee delivery, sequencing, or acknowledgement of packets that are sent over a network.

Question 41

Q. 41 Which of the following diagrams correctly illustrates the levels of the OSI model? 1. Application, Session, Presentation, Network, Transport, Data Link, Physical 2. Application, Transport, Internet, Network Access 3. Application, Presentation, Session, Transport, Network, Data Link, Physical 4. Application, Presentation, Session, Transport, Internet, Data Link, Physical

Answer 41

3. Application, Presentation, Session, Transport, Network, Data Link, Physical [Communication and Network Security] The layers of the OSI Model, from Layer 1 to Layer 7, are: Physical, Data Link, Network, Transport, Session, Presentation, Application.

Question 42

Q. 42 One of the difficulties associated with network-based intrusion detection systems is Synchronizing the signature file with the firewall The steep learning curve associated with IDS The high number of false negatives that must be eliminated The high number of false positives that must be eliminated

Answer 42

The high number of false positives that must be eliminated [Communication and Network Security] IDS is known for a high number of false positive results that must be investigated, classified, and eliminated.

Question 43

Q. 43 What’s the purpose of ARP? When given an IP address, ARP returns a MAC address When given a MAC address, ARP returns an IP address It calculates the shortest path between two nodes on a network It acquires the next IP address on a circular route

Answer 43

When given an IP address, ARP returns a MAC address [Communication and Network Security] The Address Resolution Protocol (ARP) is used to translate an IP address to a MAC address.