Network Security Flashcards

Question

Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete’s access to this site? A. Internet content filter B. Firewall C. Proxy server D. Protocol analyzer

Answer 1

**Answer: A** **Explanation:** Web filtering software is designed to restrict or control the content a reader is authorized to access, especially when utilized to restrict material delivered over the Internet via the Web, e-mail, or other means.

Answer 2

**Answer: C** **Explanation:** An all-in-one appliance, also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW), is one that provides a good foundation for security. A variety is available; those that you should be familiar with for the exam fall under the categories of providing URL filtering, content inspection, or malware inspection. Malware inspection is the use of a malware scanner to detect unwanted software content in network traffic. If malware is detected, it can be blocked or logged and/or trigger an alert.

Answer 3

**Answer: A** **Explanation:** A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified. As the protocols used to access a web server (typically HTTP and HTTPS) run in layer 7 of the OSI model, then web application firewall (WAF) is the correct answer.

Answer 4

**Answer: D,E,G** **Explanation:** A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. Firewalls manage traffic using a rule or a set of rules. A URL is a reference to a resource that specifies the location of the resource. A URL filter is used to block access to a site based on all or part of a URL.

Answer 5

**Answer: B** **Explanation:** A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. It’s intended to be an applicationspecific firewall to prevent cross-site scripting, SQL injection, and other web application attacks.

Answer 6

**Answer: C** **Explanation:** The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it

Answer 7

**Answer: B** **Explanation:** An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization. IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack's content.

Answer 8

**Answer:** **Use the following answer for this simulation task.** * *10.4.255.10/24 | 10.4.255.101 | 443 | TCP | Allow 10. 4.255.10/23 | 10.4.255.2 | 22 | TCP | Allow 10. 4.255.10/25 | 10.4.255.102 | Any | Any | Allow** **Explanation:** Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule’s criteria: Block the connection Allow the connection Allow the connection only if it is secured

Answer 9

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443. Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22 Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.

Answer 10

**Answer: C** **Explanation:** DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers.

Answer 11

**Answer: D** **Explanation:** Trivial File Transfer Protocol (TFTP) is a simple file-exchange protocol that doesn’t require authentication. It operates on UDP port 69.

Answer 12

**Answer: D** **Explanation:** Firewall rules are used to define what traffic is able pass between the firewall and the internal network. Firewall rules block the connection, allow the connection, or allow the connection only if it is secured. Firewall rules can be applied to inbound traffic or outbound traffic and any type of network.

Answer 13

**Answer: C** **Explanation:** A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments.

Answer 14

**Answer: B** **Explanation:** A subinterface is a division of one physical interface into multiple logical interfaces. Routers commonly employ subinterfaces for a variety of purposes, most common of these are for routing traffic between VLANs. Also, IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.

Answer 15

**Answer: A** **Explanation:** VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. This can be accomplished by not defining a route between different VLANs or by specifying a deny filter between certain VLANs (or certain members of a VLAN). Any network segment that doesn’t need to communicate with another in order to accomplish a work task/function shouldn’t be able to do so.

Answer 16

**Answer: D** **Explanation:** In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer). In this question we need to configure routing. When configuring routing, you specify which IP range (in this case, the IP subnet of the remote site) is allowed to route traffic through the router to the FTP server. Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.

Answer 17

**Answer: A,F** **Explanation:** A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. A virtual switch is a software application that allows communication between virtual machines. A combination of the two would best satisfy the question.

Answer 18

**Answer: C** **Explanation:** Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.

Answer 19

**Answer: D** **Explanation:** Port security in IT can mean several things: The physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. The management of TCP and User Datagram Protocol (UDP) ports. If a service is active and assigned to a port, then that port is open. All the other 65,535 ports (of TCP or UDP) are closed if a service isn’t actively using them. Port knocking is a security system in which all ports on a system appear closed. However, if the client sends packets to a specific set of ports in a certain order, a bit like a secret knock, then the desired service port becomes open and allows the client software to connect to the service.

Answer 20

**Answer: C** **Explanation:** Port security in IT can mean several things. It can mean the physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. This can be accomplished by locking down the wiring closet and server vaults and then disconnecting the workstation run from the patch panel (or punch-down block) that leads to a room’s wall jack. Any unneeded or unused wall jacks can (and should) be physically disabled in this manner. Another option is to use a smart patch panel that can monitor the MAC address of any device connected to each and every wall port across a building and detect not just when a new device is connected to an empty port, but also when a valid device is disconnected or replaced by an invalid device.

Answer 21

**Answer: D** **Explanation:** The question states that the network uses 802.1x with PEAP. The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS). A RADIUS server will be configured with a digital certificate. When a digital certificate is created, an expiration period is configured by the Certificate Authority (CA). The expiration period is commonly one or two years. The question states that no configuration changes have been made so it’s likely that the certificate has expired.

Answer 22

**Answer: D** **Explanation:** IEEE 802.1x is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols and provides an authentication mechanism to wireless devices connecting to a LAN or WLAN.

Answer 23

**Answer: D** **Explanation:** 802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection-management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS+), and Network Access Control (NAC).

Answer 24

**Answer: A,F** **Explanation:** Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present. DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers. These are zone file exchanges between DNS servers, special manual queries, or used when a response exceeds 512 bytes. UDP port 53 is used for most typical DNS queries.

Answer 25

**Answer: D Explanation:** Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.

Answer 26

**Answer: B** **Explanation:** Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.

Answer 27

**Answer: D** **Explanation:** 802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection-management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS+), and Network Access Control (NAC). A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. By default, all ports on a switch are part of VLAN 1. But as the switch administrator changes the VLAN assignment on a port-by-port basis, various ports can be grouped together and be distinct from other VLAN port designations. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Answer 28

**Answer: Create a virtual switch.** **Explanation:** A Hyper-V Virtual Switch implements policy enforcement for security, isolation, and service levels.

Answer 29

**Answer: MaaS** **Explanation:** Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service (XaaS). MaaS allows for the deployment of monitoring functionalities for several other services and applications within the cloud.

Answer 30

**Answer: Connections to port 22** **Explanation:** Log analysis is the art and science of reviewing audit trails, log files, or other forms of computergenerated records for evidence of policy violations, malicious events, downtimes, bottlenecks, or other issues of concern. SSH uses TCP port 22. All protocols encrypted by SSH also use TCP port 22, such as SFTP, SHTTP, SCP, SExec, and slogin.

Answer 31

**Answer: Unified Threat Management** **Explanation:** When you combine a firewall with other abilities (intrusion prevention, antivirus, content filtering, etc.), what used to be called an all-in-one appliance is now known as a unified threat management (UTM) system. The advantages of combining everything into one include a reduced learning curve (you only have one product to learn), a single vendor to deal with, and—typically—reduced complexity.

Answer 32

**Answer: Unified Threat Management** **Explanation:** Unified Threat Management (UTM) is, basically, the combination of a firewall with other abilities. These abilities include intrusion prevention, antivirus, content filtering, etc. Advantages of combining everything into one: You only have one product to learn. You only have to deal with a single vendor. IT provides reduced complexity.

Answer 33

**Answer: DMZ** **Explanation:** A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "demilitarized zone", an area between nation states in which military operation is not permitted.

Answer 34

**Answer: Firewall** **Explanation:** The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Answer 35

**Answer: DMZ** **Explanation:** A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Answer 36

**Answer: DMZ** **Explanation:** A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Answer 37

**Answer: DMZ** **Explanation:** A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Answer 38

**Answer: A buffer zone between protected and unprotected networks.** **Explanation:** A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Answer 39

**Answer: Subnetting** **Explanation:** Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.

Answer 40

**Answer: 10.4.4.165, 10.4.4.189** **Explanation:** With the given subnet mask, a maximum number of 30 hosts between IP addresses 10.4.4.161 and 10.4.4.190 are allowed. Therefore, option C and D would be hosts on the same subnet, and the other options would not.

Answer 41

**Answer: /29** **Explanation:** Using this option will result in all three servers using host addresses on different broadcast domains.

Answer 42

**Answer: Subnetting** **Explanation:** Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.

Answer 43

**Answer: Create a server VLAN Create an ACL to access the server** **Explanation:** We can protect the servers from the user devices by separating them into separate VLANs (virtual local area networks). The network device in the question is a router/switch. We can use the router to allow access from devices in one VLAN to the servers in the other VLAN. We can configure an ACL (Access Control List) on the router to determine who is able to access the server. In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a virtual local area network, virtual LAN or VLAN. This is usually achieved on switch or router devices. Simpler devices only support partitioning on a port level (if at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs. Grouping hosts with a common set of requirements regardless of their physical location by VLAN can greatly simplify network design. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together more easily even if they are not on the same network switch. The network described in this question is a DMZ, not a VLAN.

Answer 44

**Answer: VLAN** **Explanation:** A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Answer 45

**Answer: Create a voice VLAN.** **Explanation:** It is a common and recommended practice to separate voice and data traffic by using VLANs. Separating voice and data traffic using VLANs provides a solid security boundary, preventing data applications from reaching the voice traffic. It also gives you a simpler method to deploy QoS, prioritizing the voice traffic over the data.

Answer 46

**Answer: Create three VLANs on the switch connected to a router** **Explanation:** A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Answer 47

**Answer: VLAN** **Explanation:** A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Answer 48

**Answer: VLANs** **Explanation:** A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Answer 49

**Answer: VLAN** **Explanation:** A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches.

Answer 50

**Answer: The router implements NAT.** **Explanation:** Network address translation (NAT) allows you to share a connection to the public Internet via a single interface with a single public IP address. NAT maps the private addresses to the public address. In a typical configuration, a local network uses one of the designated "private" IP address subnets. A router on that network has a private address (192.168.1.1) in that address space, and is also connected to the Internet with a "public" address (10.2.2.1) assigned by an Internet service provider.

Answer 51

**Answer: NAT** **Explanation:** NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request.

Answer 52

**Answer: RDP** **Explanation:** RDP uses TCP port 3389.

Answer 53

**Answer: RPC** **Explanation:** Remote Procedure Call (RPC) is a programming interface that allows a remote computer to run programs on a local machine.

Answer 54

**Answer: VPN gateway** **Explanation:** VPNs are usually employed to allow remote access users to connect to and access the network, and offer connectivity between two or more private networks or LANs. A VPN gateway (VPN router) is a connection point that connects two LANs via a nonsecure network such as the Internet.

Answer 55

**Answer: Quality of service** **Explanation:** Quality of Service (QoS) facilitates the deployment of media-rich applications, such as video conferencing and Internet Protocol (IP) telephony, without adversely affecting network throughput.

Answer 56

**Answer: Network Access Control** **Explanation:** Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.

Answer 57

**Answer: NAC** **Explanation:** Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.

Answer 58

**Answer: Virtualization** **Explanation:** Virtualization allows a single set of hardware to host multiple virtual machines.

Answer 59

**Answer: Virtualization** **Explanation:** Virtualization allows a single set of hardware to host multiple virtual machines.

Answer 60

**Answer: The administrator may spend more on licensing but less on hardware and equipment.** **Explanation:** Migrating to a virtual server environment reduces cost by eliminating the need to purchase, manage, maintain and power physical machines. The fewer physical machines you have, the less money it costs.

Answer 61

**Answer: Virtualization** **Explanation:** Because Virtualization allows a single set of hardware to host multiple virtual machines, it requires less hardware to maintain the current scenario.

Answer 62

**Answer: The system is virtualized.** **Explanation:** Virtualization allows a single set of hardware to host multiple virtual machines.

Answer 63

**Answer: Cloud computing** **Explanation:** Cloud computing refers to performing data processing and storage elsewhere, over a network connection, rather than locally. Because users have access to the data, it can easily be copied to a USB device.

Answer 64

**Answer: Software as a Service** **Explanation:** Software as a Service (SaaS) allows for on-demand online access to specific software applications or suites without having to install it locally. This will allow the data center to continue providing network and security services.

Answer 65

**Answer: Software as a Service** **Explanation:** Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.

Answer 66

**Answer: Infrastructure as a Service** **Explanation:** Cloud users install operating-system images and their application software on the cloud infrastructure to deploy their applications. In this model, the cloud user patches and maintains the operating systems and the application software.

Answer 67

**Answer: Infrastructure as a service** **Explanation:** Cloud users install operating-system images and their application software on the cloud infrastructure to deploy their applications. In this model, the cloud user patches and maintains the operating systems and the application software.

Answer 68

**Answer: Cloud computing** **Explanation:** One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This “multitenant” nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security.

Answer 69

**Answer: Cloud computing** **Explanation:** One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This “multitenant” nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security.

Answer 70

**Answer: Layer 7 firewall** **Explanation:** An application-level gateway firewall filters traffic based on user access, group membership, the application or service used, or even the type of resources being transmitted. This type of firewall operates at the Application layer (Layer 7) of the OSI model.

Answer 71

**Answer: Layered security.** **Explanation:** Layered security is the practice of combining multiple mitigating security controls to protect resources and data.

Answer 72

**Answer: IPsec** **Explanation:** Layer 2 Tunneling Protocol (L2TP) came about through a partnership between Cisco and Microsoft with the intention of providing a more secure VPN protocol. L2TP is considered to be a more secure option than PPTP, as the IPSec protocol which holds more secure encryption algorithms, is utilized in conjunction with it. It also requires a pre-shared certificate or key. L2TP’s strongest level of encryption makes use of 168 bit keys, 3 DES encryption algorithm and requires two levels of authentication. L2TP has a number of advantages in comparison to PPTP in terms of providing data integrity and authentication of origin verification designed to keep hackers from compromising the system. However, the increased overhead required to manage this elevated security means that it performs at a slower pace than PPTP.

Answer 73

**Answer: IPSec** **Explanation:** IPSec can operate in tunnel mode or transport mode. It uses symmetric cryptography to provide encryption security. Furthermore, it makes use of Internet Security Association and Key Management Protocol (ISAKMP).

Answer 74

**Answer: IPv6,IPSec** **Explanation:** Telnet supports IPv6 connections. IPv6 is the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec is a compulsory component for IPv6. IPsec operates at Layer 3 of the OSI model, whereas Telnet operates at Layer 7.

Answer 75

**Answer: SNMPv3** **Explanation:** Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.

Answer 76

**Answer: SNMPv3** **Explanation:** Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.

Answer 77

**Answer: SSH** **Explanation:** SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text.

Answer 78

**Answer: SSH** **Explanation:** SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text.

Answer 79

**Answer: SSH** **Explanation:** Secure Shell (SSH) is a tunneling protocol originally used on Unix systems. It’s now available for both Unix and Windows environments. SSH is primarily intended for interactive terminal sessions. SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance.

Answer 80

**Answer: SCP,SSH** **Explanation:** SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP). SCP is commonly used on Linux and Unix platforms.

Answer 81

**Answer: Bind server** **Explanation:** BIND (Berkeley Internet Name Domain) is the most widely used Domain Name System (DNS) software on the Internet. It includes the DNS server component contracted for name daemon. This is the only option that directly involves DNS.

Answer 82

**Answer: IPv6 DNS record** **Explanation:** The AAAA Address record links a FQDN to an IPv6 address.

Answer 83

**Answer: Secure zone transfers** **Explanation:** A primary DNS server has the "master copy" of a zone, and secondary DNS servers keep copies of the zone for redundancy. When changes are made to zone data on the primary DNS server, these changes must be distributed to the secondary DNS servers for the zone. This is done through zone transfers. If you allow zone transfers to any server, all the resource records in the zone are viewable by any host that can contact your DNS server. Thus you will need to secure the zone transfers to stop an attacker from mapping out your addresses and devices on your network.

Answer 84

**Answer: TLS** **Explanation:** Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key. The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.

Answer 85

**Answer: TLS** **Explanation:** Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key.

Answer 86

**Answer: EAP-TLS** **Explanation:** The majority of the EAP-TLS implementations require client-side X.509 certificates without giving the option to disable the requirement.

Answer 87

**Answer: SSL** **Explanation:** SSL (Secure Sockets Layer) is used for establishing an encrypted link between two computers, typically a web server and a browser. SSL is used to enable sensitive information such as login credentials and credit card numbers to be transmitted securely.

Answer 88

**Answer: FTPS Explanation:** FTPS refers to FTP Secure, or FTP SSL. It is a secure variation of File Transfer Protocol (FTP).

Answer 89

**Answer: 989 and 990** **Explanation:** FTPS uses ports 989 and 990.

Answer 90

**Answer: SFTP,SCP** **Explanation:** Standard FTP is a protocol often used to move files between one system and another either over the Internet or within private networks. SFTP is a secured alternative to standard FTP. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP).

Answer 91

**Answer: ICMP is being blocked** **Explanation:** ICMP is a protocol that is commonly used by tools such as ping, traceroute, and pathping. ICMP offers no information If ICMP request queries go unanswered, or ICMP replies are lost or blocked.

Answer 92

**Answer: IPv6** **Explanation:** IPSec security is built into IPv6.

Answer 93

**Answer: IPv6 address** **Explanation:** IPv6 addresses are 128-bits in length. An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). The hexadecimal digits are case-insensitive, but IETF recommendations suggest the use of lower case letters. The full representation of eight 4-digit groups may be simplified by several techniques, eliminating parts of the representation.

Answer 94

**Answer: NDP** **Explanation:** The Neighbor Discovery Protocol (NDP) is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6).

Answer 95

**Answer: IPv6** **Explanation:** The main advantage of IPv6 over IPv4 is its larger address space. The length of an IPv6 address is 128 bits, compared with 32 bits in IPv4.

Answer 96

**Answer: TCP port 80 and TCP port 443** **Explanation:** HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall.

Answer 97

**Answer: 22/TCP Explanation:** SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Answer 98

**Answer: SFTP Explanation:** SFTP encrypts authentication and data traffic between the client and server by making use of SSH to provide secure FTP communications. As a result, SFTP offers protection for both the authentication traffic and the data transfer taking place between a client and server.

Answer 99

**Answer: TFTP utilizes UDP and FTP uses TCP. Explanation:** FTP employs TCP ports 20 and 21 to establish and maintain client-to-server communications, whereas TFTP makes use of UDP port 69.

Answer 100

**Answer: 69 Explanation:** TFTP makes use of UDP port 69.

Answer 101

**Answer: Block port 23 on the network firewall Explanation:** Telnet is a terminal-emulation network application that supports remote connectivity for executing commands and running applications but doesn’t support transfer of fi les. Telnet uses TCP port 23. Because it’s a clear text protocol and service, it should be avoided and replaced with SSH.

Answer 102

**Answer: A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. Explanation:** B: The Telnet program parameters are: telnet is the name or IP address of the remote server to connect to. is the port number of the service to use for the connection. TCP port 443 provides the HTTPS (used for secure web connections) service; it is the default SSL port. By running the Telnet some-host 443 command, the security analyst is checking that routing is done properly and not blocked by a firewall.

Answer 103

**Answer: NetBIOS Explanation:** The LMHOSTS file provides a NetBIOS name resolution method that can be used for small networks that do not use a WINS server. NetBIOS has been adapted to run on top of TCP/IP, and is still extensively used for name resolution and registration in Windows-based environments.

Answer 104

FTP uses TCP port 21. Telnet uses port 23. SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP). Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP). SMTP uses TCP port 25. Port 69 is used by TFTP. SNMP makes use of UDP ports 161 and 162.

Answer 105

**Answer: D Explanation:** LDAP makes use of port 389.

Answer 106

**Answer: B Explanation:** The question states that traffic on port 21, 69, 80, and 137-139 is blocked, while ports 22 and 443 are allowed. Port 21 is used for FTP by default. Port 69 is used for TFTP. Port 80 is used for HTTP. Ports 137-139 are used for NetBIOS. VMM uses SFTP over default port 22. Port 22 is used for SSH by default. SCP runs over TCP port 22 by default. Port 443 is used for HTTPS.

Answer 107

**Answer: C,D Explanation:** A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a second GRE tunnel to the same peer. The PPTP GRE packet format is non-standard, including an additional acknowledgement field replacing the typical routing field in the GRE header. However, as in a normal GRE connection, those modified GRE packets are directly encapsulated into IP packets, and seen as IP protocol number 47.

Answer 108

**Answer: B Explanation:** The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for distributing IP addresses for interfaces and services. DHCP makes use of port 68.

Answer 109

**Answer: B Explanation:** When establishing an FTP session, clients start a connection to an FTP server that listens on TCP port 21 by default.

Answer 110

**Answer: D Explanation:** Secure Shell (SSH) is a cryptographic network protocol for securing data communication. It establishes a secure channel over an insecure network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login, remote command execution, but any network service can be secured with SSH. SSH uses port 22.

Answer 111

**Answer: D,G,H Explanation:** G: Secure Shell (SSH) is a cryptographic network protocol for securing data communication. It establishes a secure channel over an insecure network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login, remote command execution, but any network service can be secured with SSH. SSH uses port 22. D: SCP stands for Secure Copy. SCP is used to securely copy files over a network. SCP uses SSH to secure the connection and therefore uses port 22. H: SFTP stands for stands for Secure File Transfer Protocol and is used for transferring files using FTP over a secure network connection. SFTP uses SSH to secure the connection and therefore uses port 22.

Answer 112

**Answer: C Explanation:** SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP). Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP).

Answer 113

**Answer: A,D,E Explanation:** SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Answer 114

**Answer: A Explanation:** Secure Shell (SSH) is a more secure replacement for Telnet, rlogon, rsh, and rcp. SSH can be called a remote access or remote terminal solution. SSH offers a means by which a commandline, text-only interface connection with a server, router, switch, or similar device can be established over any distance. SSH makes use of TCP port 22.

Answer 115

**Answer: B Explanation:** SCP copies files securely between hosts on a network. It uses SSH for data transfer, and uses the same authentication and provides the same security as SSH. Unlike RCP, SCP will ask for passwords or passphrases if they are needed for authentication. SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Answer 116

**Answer: B Explanation:** SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Answer 117

**Answer: B Explanation:** DNS (Domain Name System) uses port 53.

Answer 118

**Answer: C,E Explanation:** DNS uses TCP and UDP port 53. TCP port 53 is used for zone transfers, whereas UDP port 53 is used for queries.

Answer 119

**Answer: C Explanation:** DNS links IP addresses and human-friendly fully qualified domain names (FQDNs), which are made up of the Top-level domain (TLD), the registered domain name, and the Subdomain or hostname. Therefore, if the DNS ports are blocked websites will not be reachable.

Answer 120

**Answer: C Explanation:** Port 80 is used by HTTP, which is the foundation of data communication for the World Wide Web.

Answer 121

**Answer: A,F Explanation:** A secure remote administration solution and Remote Desktop protocol is required. Secure Shell (SSH) is a secure remote administration solution and makes use of TCP port 22. Remote Desktop Protocol (RDP) uses TCP port 3389.

Answer 122

**Answer: D Explanation:** Remote Desktop Protocol (RDP) uses TCP port 3389.

Answer 123

**Answer: C Explanation:** SCP (Secure Copy) uses SSH (Secure Shell). SSH runs in the application layer (layer 7) of the OSI model.

Answer 124

**Answer: A Explanation:** Of the options supplied, WiFi Protected Access (WPA) is the most secure and is the replacement for WEP.

Answer 125

**Answer: C Explanation:** There are three steps to penetrating a WPA-protected network. Sniffing Parsing Attacking

Answer 126

**Answer: D Explanation:** When setting up a wireless network, you’ll find two very different modes of Wi-Fi Protected Access (WPA) security, which apply to both the WPA and WPA2 versions. The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK) mode. It doesn’t require anything beyond the wireless router or access points (APs) and uses a single passphrase or password for all users/devices. The other is the Enterprise mode —which should be used by businesses and organizations—and is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides better security and key management, and supports other enterprise-type functionality, such as VLANs and NAP. However, it requires an external authentication server, called a Remote Authentication Dial In User Service (RADIUS) server to handle the 802.1X authentication of users. To help you better understand the process of setting up WPA/WPA2-Enterprise and 802.1X, here’s the basic overall steps: Choose, install, and configure a RADIUS server, or use a hosted service. Create a certificate authority (CA), so you can issue and install a digital certificate onto the RADIUS server, which may be done as a part of the RADIUS server installation and configuration. Alternatively, you could purchase a digital certificate from a public CA, such as GoDaddy or Verisign, so you don’t have to install the server certificate on all the clients. If using EAP-TLS, you’d also create digital certificates for each end-user. On the server, populate the RADIUS client database with the IP address and shared secret for each AP. On the server, populate user data with usernames and passwords for each end-user. On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server IP address and the shared secret you created for that particular AP. On each Wi-Fi computer and device, configure the security for WPA/WPA2-Enterprise and set the 802.1X authentication settings.

Answer 127

**Answer: D Explanation:** WPA-Enterprise is also referred to as WPA-802.1X mode, and sometimes just WPA (as opposed to WPA-PSK), this is designed for enterprise networks and requires a RADIUS authentication server. This requires a more complicated setup, but provides additional security (e.g. protection against dictionary attacks on short passwords). Various kinds of the Extensible Authentication Protocol (EAP) are used for authentication. RADIUS can be managed centrally, and the servers that allow access to a network can verify with a RADIUS server whether an incoming caller is authorized. Thus the RADIUS server can perform all authentications. This will require users to use their passwords on their user accounts.

Answer 128

**Answer: A Explanation:** WPA2-Enterprise is designed for enterprise networks and requires a RADIUS authentication server.

Answer 129

**Answer: D Explanation:** D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP has vulnerabilities and isn’t considered highly secure. Extensible Authentication Protocol (EAP) provides a framework for authentication that is often used with wireless networks. Among the five EAP types adopted by the WPA/ WPA2 standard are EAP-TLS, EAP-PSK, EAPMD5, as well as LEAP and PEAP. PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.

Answer 130

**Answer: D Explanation:** WEP is based on RC4, but due to errors in design and implementation, WEP is weak in a number of areas, two of which are the use of a static common key and poor implementation of initiation vectors (IVs). When the WEP key is discovered, the attacker can join the network and then listen in on all other wireless client communications.

Answer 131

**Answer: C Explanation:** PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards.

Answer 132

**Answer: D Explanation:** PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards. Only servers running Network Policy Server (NPS) or PEAP-MS-CHAP v2 are required to have a certificate.

Answer 133

**Answer: A Explanation:** Each network interface on your computer or any other networked device has a unique MAC address. These MAC addresses are assigned in the factory, but you can easily change, or “spoof,” MAC addresses in software. Networks can use MAC address filtering, only allowing devices with specific MAC addresses to connect to a network. This isn’t a great security tool because people can spoof their MAC addresses.

Answer 134

**Answer: A Explanation:** MAC filtering allows you to include or exclude computers and devices based on their MAC address.

Answer 135

**Answer: B Explanation:** MAC filtering allows you to include or exclude computers and devices based on their MAC address.

Network Security Flashcards

(159 cards)