Network Security Flashcards
Get Net+ Certified (27 cards)
Which technology will an organization MOST likely deploy to manage industrial machinery?
A. SCADA
B. SNMP
C. SIP
D. SIEM
Which policy sets guidelines for allowing employees to use their own personal devices for work-related tasks?
A. BYOD
B. AUP
C. NDA
D. SLA
Which type of vulnerability would NOT be reported by a vulnerability scan?
A. Missing passwords
B. Configuration errors
C. Missing patches
D. Zero day
Which of the following is an example of valid multifactor authentication factors?
A. Smare card and proximity tag
B. Facial recognition and PIN
C. PIN and password
D. Thumb print and retinal scan
B. Facial recognition and PIN
Understanding The 5 Factors Of Multi-Factor Authentication
How it works: Microsoft Entra multifactor authentication
A company wants to implement an authentication and authorization solution for network devices that also directly supports device management.
What should the company use?
A. SNMP
B. Kerberos
C. TACACS+
D. RADIUS
What should a company use as an authentication and authorization server for WPA2-Enterprise?
A. RADIUS
B. TACACS+
C. LDAP
D. Kerberos
Which protocol is an open, vendor-neutral standard protocol for accessing and maintaining directory services?
A. IMAP
B. SNMP
C. SMTP
D. LDAP
Identify whether each statement describes an exploit or a vulnerability.
- An application has an open maintenance hook that provides access to configuration settings.
- A database server’s operating system is missing several security patches.
- Deceptive calls are used to gather critical information about network servers.
- User login accounts have administrative rights to client computers.
- A data breach exposes personal information about customers.
- An application has an open maintenance hook that provides access to configuration settings. = VULNERABILITY
- A database server’s operating system is missing several security patches. = VULNERABILITY
- Deceptive calls are used to gather critical information about network servers. = EXPLOIT
- User login accounts have administrative rights to client computers. = VULNERABILITY
- A data breach exposes personal information about customers. = EXPLOIT
Penetration Testing Terminology
What Are The Different Types Of Penetration Testing?
Which statement describes a primary benefit provided by multifacotr authentication?
A. Required use of biometrics
B. Protection of data in motion
C. Mitigation of phishing attacks
D. Federated authentication
C. Mitigation of phishing attacks
Back to basics: Multi-factor authentication (MFA)
Biometric Authentication
A company recently implemented a bring your own device (BYOD) policy and is adding security controls over personal devices. The company wants to ensure that some managed apps and most company data will be unavailable when a device leaves the corporate campus.
What should the company use to implement this?
A. WPA2
B. Geotagging
C. EAP-FAST
D. Geofencing
A company needs to have a reliable record of everyone who enters or leaves a locked area of the building.
What should the company use?
A. Biometric lock
B. Video surveillance
C. Sign-in log
D. Motion detector
An attacker posing as a janitor manages to access a storage cabinet where sensitive printed documents are kept. Which physical preventative control should the organization implement to address this risk?
A. install alarms on all doors leading to the storage cabinet.
B. Install a locked cabinet that limits access to the documents.
C. Install surveillance cameras throughout the storage area.
D. Define a policy that forbids unauthorized access to the cabinet.
B. Install a locked cabinet that limits access to the documents.
What Are Security Controls?
IT Explained: CCTV
What Are Administrative Security Controls?
The 3 Types Of Security Controls (Expert Explains)
An attacker steals backup tapes from a datacenter. Which is the BEST option for detecting such physical breaches?
A. Biometrics
B. Badge readers
C. Cameras
D. Access control vestibule
Against which type of attack is end user training most effective?
A. War driving
B. Man-in-the-middle
C. Evil twin
D. Phishing
A malware attack encrypts the data on a critical network server. A dialog box displays on the server display screen with instructions about how to pay for a recovery code to decrypt the server data.
Which type of attack does this scenario describe?
A. Deauthentication
B. Man-in-the-middle
C. Ransomware
D. Brute force
What type of attack is designed to flood a server with traffic, either crashing the server or making it unavailable?
A. Brute Force
B. DoS
C. Ransomware
D. Logic bomb
Which two attack types are examples of social engineering attacks? (Choose two.)
A. Spoofing
B. Tailgating
C. Man-in-the-middle
D. Logic bomb
E. Phishing
A NIDS reports several attempts to download files from an external IP address. The Technical Services department determines that the source is a website that is made to look like a site from which network users download reference materials and blank PDF forms. Users enter the correct URL for the website but are being sent to a different IP address.
Which type of attack is this?
A. DNS poisoning
B. Evil twin
C. VLAN hopping
D. ARP poisoning
A network administrator would change the ID on a switch’s native VLAN to mitigate what type of attack?
A. Rogue trunking
B. VLAN hopping
C. DDoS
D. ARP attack
A user reports odd behavior when attempting to access network resources from their Windows laptop. While reviewing the laptop’s configuration, a network technician discovers that the hosts file has been modified. Which type of attack has the security administrator likely uncovered?
A. DNS poisoning
B. On-path attack
C. Domain hijacking
D. MAC spoofing
A. DNS poisoning
Poisoning Your Hosts File — A Guide
Layer 2 Attacks – MAC Address Spoofing Attacks
What is Domain Hijacking?
[What is an on-path attacker?]https://www.cloudflare.com/learning/security/threats/on-path-attack/)
A network technician is concerned about the risk of tailgating in their environment. What should the technician do to mitigate the risk?
A. Implement an access control vestibule
B. Implement a shredding policy
C. Implement a data lifecycle policy
D. Implement multifactor authentication (MFA)
Match network devices with their role in 802.1x port-based authentication.
To answer, match the appropriate 802.1x role to each network device. A role may be used once, more than once, or not at all.
A technician configures an access point as shown in the exhibit. He creates a list of MAC addresses to allow on the network using MAC filtering. The technician realizes that despite this configuration, any device can still connect. What should the technician do?
A. Change the order of IDs.
B. Enable MAC filtering globally.
C. Change the method to Blacklisting.
D. Reboot the access point.
B. Enable MAC filtering globally.
A server on the internal network is determined to be at risk for potential attack. The Technical Services team is directed to harden the server to minimize this risk. The network supports wired and wireless access. The server is connected through a wired connection.
The computer is back up to a network location once a week, over the weekend. The computer is rebooted after the backup.
Which two actions should hardening include? (Choose two.)
A. Stop unnecessary services
B. Add wireless access
C. Schedule more frequent backups
D. Disable unused ports
E. Bring patches up-to-date.
D. Disable unused ports
E. Bring patches up-to-date.
Wireless Access Point
Windows Server Hardening Checklist
