Practice Exam 12 Flashcards
(25 cards)
A computer system or an application that acts as an intermediary between another computer and the Internet is commonly referred to as:
Answer: Proxy
Concept (Quick Explanation)
A proxy is a system or application that acts as an intermediary between a client (computer) and the Internet.
Key Points
Forwards requests from clients to servers and returns responses.
Can provide anonymity, content filtering, caching, and security controls.
Used to control or monitor user Internet access.
Helps mask client IP addresses from external servers.
Why the Answer is Correct
The proxy fits the definition of a system sitting between a computer and the Internet, handling communications on behalf of the client.
Why It Matters
Proxies help enhance privacy, enforce security policies, reduce bandwidth use, and monitor network traffic effectively.
Which of the answers listed below refers to a solution that simplifies web browser configurations by using predefined rules or scripts to make server selection decisions for specific web traffic?
Answer: PAC (Proxy Auto-Config)
Concept (Quick Explanation)
PAC is a file containing a JavaScript function that helps web browsers automatically determine which proxy server to use for specific web requests.
Key Points
Contains rules/scripts to decide proxy usage based on URL, IP address, or other criteria.
Simplifies browser proxy configuration without manual setup for each user.
Can route some traffic directly, some via proxies, improving flexibility and control.
Commonly used in enterprise networks for managing proxy access efficiently.
Why the Answer is Correct
PAC files provide a rule-based script to automate proxy server selection for web traffic, simplifying configuration for browsers.
Why It Matters
PAC reduces manual errors, optimizes network traffic routing, and enhances management of web access policies across many users.
Which of the following provides passive network security breach response on an individual computer system?
Answer: HIDS (Host-Based Intrusion Detection System)
Concept (Quick Explanation)
HIDS is software installed on an individual computer to monitor and detect suspicious activities or security breaches on that host.
Key Points
Monitors system logs, file integrity, and processes locally on the host.
Detects malicious behavior, policy violations, and unauthorized access attempts.
Provides passive response by alerting admins but doesn’t block attacks automatically.
Complements network-based systems by focusing on individual endpoints.
Why the Answer is Correct
HIDS operates directly on a host to detect security issues without actively blocking traffic, making it a passive defense at the system level.
Why It Matters
HIDS helps identify threats targeting specific computers, enabling quicker incident response and reducing potential damage within a network.
Which of the answers listed below refer to the characteristic features of a NIDS? (Select 3 answers)
Answer: Does not take direct action to block or prevent attacks, Generates alerts and notifies security personnel or administrators when suspicious activity is detected, and Monitors network traffic without direct involvement in traffic routing or packet modification
Concept (Quick Explanation)
NIDS is a security system that monitors network traffic to detect suspicious or malicious activities without interfering with the traffic flow.
Key Points
Does not block attacks directly; it’s passive and focuses on detection.
Generates alerts to notify security teams when suspicious patterns or anomalies are found.
Operates by monitoring traffic passively, not modifying or routing packets itself.
Why the Answer is Correct
All selected features align with NIDS’s role: monitoring traffic to detect threats and alert defenders, but without actively blocking or altering network traffic.
Why It Matters
NIDS provides network-wide visibility for early threat detection, helping organizations respond to attacks before significant damage occurs.
Which of the following answers refer to a NIPS? (Select 3 answers)
Answer: Takes proactive measures to block or mitigate intrusion attempts, Operates in an inline mode, actively intercepting and inspecting network traffic, and Can drop or reject network packets, terminate connections, or take other actions to stop the attack
Concept (Quick Explanation)
NIPS is an active security system that monitors, inspects, and blocks malicious network traffic in real time to prevent attacks from reaching the network or hosts.
Key Points
Takes proactive measures to stop intrusions rather than just detecting them.
Operates inline, meaning it sits directly in the network path, inspecting and controlling traffic as it flows.
Can drop packets, terminate connections, or apply other actions to block threats immediately.
Why the Answer is Correct
These features highlight NIPS’s role as a defensive barrier that actively prevents attacks by intercepting and mitigating malicious traffic — unlike NIDS, which only detects and alerts.
Why It Matters
NIPS helps protect networks in real-time by stopping attacks before they can cause harm, improving overall security posture and reducing response time.
Which of the answers listed below refers to network security technology designed to monitor WLANs for unauthorized access, security threats, and suspicious activities?
Answer: WIDS (Wireless Intrusion Detection System)
Concept:
Wireless Intrusion Detection System (WIDS) monitors wireless networks to identify unauthorized access, attacks, or suspicious activity.
Key Points:
Monitors WLAN traffic continuously
Detects rogue access points and unauthorized devices
Alerts on security threats specific to wireless environments
Why the answer is correct:
WIDS is designed exactly to monitor wireless LANs for unauthorized access and threats, which matches the question’s focus on network security technology for WLAN monitoring.
Why it matters:
Wireless networks are vulnerable to unique attacks due to their open-air transmission. WIDS helps protect sensitive data and network integrity by early detection of wireless threats.
Which of the following answers refers to network security technology designed to monitor, detect, and mitigate unauthorized access, security threats, and suspicious activities in WLANs?
Answer: WIPS (Wireless Intrusion Prevention System)
Concept:
Wireless Intrusion Prevention System (WIPS) is a security technology designed to not only monitor and detect unauthorized or malicious activity in wireless networks but also to actively prevent or mitigate such threats.
Key Points:
Monitors wireless LAN traffic continuously
Detects rogue access points, unauthorized devices, and attacks
Actively blocks or mitigates detected threats (e.g., disconnects rogue devices)
Operates inline to prevent attacks in real time
Why the answer is correct:
Unlike WIDS, which only detects and alerts, WIPS takes proactive action to prevent or stop wireless threats, perfectly matching the question’s emphasis on monitoring and mitigating unauthorized access and threats in WLANs.
Why it matters:
WLANs are particularly vulnerable due to their wireless nature, making them a common target. WIPS helps protect networks by not just alerting administrators but by actively stopping attacks, thus reducing risk and improving overall wireless security posture.
A network hardware or software solution designed for managing the optimal distribution of workloads across multiple computing resources is known as:
Answer: Load balancer
Concept:
A load balancer is a network device or software that distributes incoming network or application traffic across multiple servers or computing resources to optimize performance, reliability, and resource utilization.
Key Points:
Distributes workloads evenly to prevent any single server from becoming overwhelmed
Improves responsiveness and availability of applications or services
Can detect server health and route traffic away from failed or overloaded servers
Supports scalability by efficiently managing traffic
Why the answer is correct:
The question describes a solution that manages the distribution of workloads across multiple computing resources, which is exactly the function of a load balancer.
Why it matters:
Efficient workload distribution ensures better performance, fault tolerance, and uptime for applications and services, which is critical for maintaining seamless user experiences and preventing service disruptions.
In active-active mode, load balancers distribute network traffic across:
Answer: All servers
Concept:
Active-active mode in load balancing means that all servers or resources are running and actively handling network traffic simultaneously.
Key Points:
All servers are online and processing requests at the same time
Traffic is distributed evenly or based on predefined rules to all active servers
Provides high availability and better resource utilization
If one server fails, others continue handling the load without disruption
Why the answer is correct:
The question asks where load balancers distribute traffic in active-active mode. Since all servers are active, the traffic is spread across all servers.
Why it matters:
Using active-active mode maximizes system performance and redundancy, reducing the risk of downtime and improving user experience by balancing the workload efficiently.
In active-passive mode, load balancers distribute network traffic across:
Answer: Servers marked as active
Concept:
In active-passive mode, load balancers use one or more servers to handle traffic (active), while the other servers (passive) remain on standby and do not process traffic unless the active ones fail.
Key Points:
Only the active servers handle all network traffic
Passive servers are idle or in standby mode, ready to take over if an active server fails
Provides fault tolerance and high availability
Traffic is not distributed to passive servers unless failover happens
Why the answer is correct:
The question asks where traffic is distributed in active-passive mode. Since only servers marked as active handle requests, the load balancer sends traffic only to active servers.
Why it matters:
Active-passive mode ensures continuous service availability by having backup servers ready without splitting traffic load, which is critical for systems that prioritize stability and failover capabilities.
Which of the answers listed below refers to an IEEE standard that can be implemented in a situation where an Ethernet switch acts as an authenticator for devices that intend to connect to a network through one of its ports?
Answer: IEEE 802.1X
Concept:
IEEE 802.1X is a network access control standard that provides an authentication mechanism for devices trying to connect to a LAN or WLAN. It is often used in environments where an Ethernet switch or wireless access point acts as the authenticator, controlling port-based network access.
Key Points:
It enforces authentication before granting access to the network
Typically involves three components: the supplicant (client device), the authenticator (switch or access point), and the authentication server (e.g., RADIUS)
Prevents unauthorized devices from connecting by controlling port access
Supports dynamic VLAN assignment and encryption key distribution
Why the answer is correct:
The question describes a scenario where an Ethernet switch acts as an authenticator for devices connecting through its ports — this is precisely the function defined by IEEE 802.1X. It controls access at the port level and requires authentication before granting network access.
Why it matters:
Implementing IEEE 802.1X helps organizations secure their networks by ensuring only authorized devices can connect, reducing the risk of unauthorized access, network breaches, and improving overall network security posture.
Extensible Authentication Protocol (EAP) is an authentication framework frequently used in wireless networks and point-to-point connections. EAP provides an authentication framework, not a specific authentication mechanism. There are many authentication mechanisms (referred to as EAP methods) that can be used with EAP. Wireless networks take advantage of several EAP methods, including PEAP, LEAP, EAP-FAST, EAP-TLS, and EAP-TTLS.
Answer: True
Concept:
Extensible Authentication Protocol (EAP) is a flexible authentication framework used primarily in network access, especially wireless and point-to-point connections. Instead of being a single authentication method, EAP supports multiple authentication techniques (called EAP methods), allowing different mechanisms to be used depending on security requirements.
Key Points:
EAP itself is a framework, not a standalone authentication method
Supports various EAP methods like PEAP, LEAP, EAP-FAST, EAP-TLS, and EAP-TTLS
Commonly used in wireless networks to authenticate users and devices
Enables secure network access by integrating different authentication protocols
Why the answer is correct:
The statement accurately describes EAP as a framework rather than a specific method, and it lists common EAP methods used in wireless environments. This matches how EAP functions in real-world network security.
Why it matters:
Understanding EAP’s role as a flexible authentication framework is crucial for designing and implementing secure wireless networks. It allows organizations to choose appropriate authentication methods based on their security needs, enhancing protection against unauthorized access.
Which of the following EAP methods offers the highest level of security?
Answer: EAP-TLS (Extensible Authentication Protocol Transport Layer Security)
Concept:
EAP methods are different ways to perform authentication within the Extensible Authentication Protocol framework. Among these methods, some provide stronger security guarantees by using robust cryptographic techniques.
Key Points:
EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) uses certificates for both client and server authentication
It provides mutual authentication, ensuring both parties verify each other’s identity
Relies on public key infrastructure (PKI) to establish a secure, encrypted connection
Considered the most secure EAP method because it resists common attacks like password guessing and man-in-the-middle
Why the answer is correct:
EAP-TLS is widely regarded as the most secure EAP method because it requires digital certificates on both client and server, enabling strong mutual authentication and encrypted sessions. This is stronger than other EAP methods that might rely on passwords or less secure mechanisms.
Why it matters:
Choosing EAP-TLS improves wireless network security by significantly reducing the risk of unauthorized access and eavesdropping. For organizations requiring high assurance in network access control, EAP-TLS is the preferred method to protect sensitive data and maintain trust in the network infrastructure.
A dedicated security solution that filters, monitors, and blocks HTTP/HTTPS traffic between a web application and the Internet is called:
Answer: WAF (Web Application Firewall)
Concept:
A Web Application Firewall (WAF) is a security device or software that specifically protects web applications by filtering, monitoring, and blocking malicious HTTP/HTTPS traffic.
Key Points:
Operates at the application layer (Layer 7 of the OSI model)
Protects against attacks like SQL injection, cross-site scripting (XSS), and other web-based threats
Sits between the web application and the Internet, inspecting incoming and outgoing traffic
Can enforce custom security policies tailored to specific applications
Why the answer is correct:
The question describes a solution that filters and monitors HTTP/HTTPS traffic to protect web applications from malicious activity. This is exactly the function of a WAF, which is designed to shield web apps from common and sophisticated internet threats.
Why it matters:
Web applications are frequent targets of attacks that exploit vulnerabilities. A WAF helps prevent data breaches, downtime, and reputational damage by providing an additional layer of defense focused specifically on web traffic, complementing traditional firewalls and security controls.
The term “Unified Threat Management” (UTM) refers to a network security solution, commonly in the form of a dedicated device (called UTM appliance or web security gateway), which combines the functionality of a firewall with additional features such as URL filtering, content inspection, spam filtering, gateway antivirus protection, IDS/IPS function, or malware inspection.
Answer: True
Concept:
Unified Threat Management (UTM) is a comprehensive network security approach that consolidates multiple security functions into a single device or appliance.
Key Points:
Combines traditional firewall capabilities with additional features like:
URL filtering
Content inspection
Spam filtering
Gateway antivirus
Intrusion Detection/Prevention Systems (IDS/IPS)
Malware inspection
Designed to simplify security management by providing an all-in-one solution
Often deployed as a dedicated UTM appliance or integrated within a web security gateway
Why the answer is correct:
The definition in the question matches the accepted understanding of UTM solutions. UTM devices are known for integrating multiple security services into one platform to enhance protection and reduce complexity.
Why it matters:
Using a UTM appliance helps organizations streamline their security infrastructure, reduce operational costs, and improve overall network defense by managing threats from a single point, which is especially useful for small to medium-sized businesses.
Which of the answers listed below refers to a firewall type that improves upon first- and second-generation firewalls by offering additional features, such as more in-depth inspection of network traffic and application-level inspection?
Answer: NGFW (Next-Generation Firewall)
Concept:
Next-Generation Firewall (NGFW) is an advanced firewall technology that goes beyond traditional packet filtering and stateful inspection to provide deeper visibility and control over network traffic.
Key Points:
Builds upon first-generation (packet filtering) and second-generation (stateful inspection) firewalls
Offers application-level inspection (Layer 7)
Includes features like intrusion prevention, deep packet inspection, and malware detection
Provides better identification and control of applications and users
Often integrates with threat intelligence for enhanced security
Why the answer is correct:
NGFWs are specifically designed to improve traditional firewall functions by adding deeper traffic analysis and application awareness, which aligns exactly with the description in the question.
Why it matters:
With increasing complexity of cyber threats and applications, NGFWs enable organizations to detect sophisticated attacks and enforce more granular security policies, which traditional firewalls cannot effectively handle.
Which of the following answers refer to the characteristic features of a Layer 4 firewall? (Select 3 answers)
Answer: Filters traffic based on source/destination IP addresses, ports, and protocol types (e.g., TCP/UDP), Offers basic (faster) traffic filtering, and Operates at the transport layer of the OSI model
Concept:
A Layer 4 firewall operates at the transport layer (Layer 4) of the OSI model, focusing on filtering traffic based on IP addresses, ports, and protocol types, providing basic but efficient control over network connections.
Key Points:
Filters traffic using source/destination IP addresses, port numbers, and protocols (TCP/UDP)
Provides faster, simpler traffic filtering compared to deeper inspection firewalls
Operates at Layer 4 (Transport Layer) of the OSI model, handling connections rather than inspecting content
Why the answer is correct:
The question asks about characteristic features of a Layer 4 firewall, and these answers perfectly describe its operation scope and capabilities—basic filtering focused on transport layer attributes without deep packet or application-level inspection.
Why it matters:
Layer 4 firewalls are efficient for high-speed filtering and are suitable when speed is prioritized over in-depth inspection. However, they may miss complex threats visible only at higher layers, which is important when designing network defenses.
Which of the answers listed below refer to a Layer 7 firewall? (Select 3 answers)
Answer: Offers complex (slower) traffic filtering, Adds the ability to inspect the contents of data packets in addition to the header information, and Operates at the application layer of the OSI model
Concept:
A Layer 7 firewall, also known as an application-layer firewall, operates at the highest layer of the OSI model—the application layer. It inspects not only the packet headers but also the actual data within packets, enabling it to understand and filter traffic based on specific applications and content.
Key Points:
Operates at the application layer (Layer 7) of the OSI model
Performs deep packet inspection, analyzing the content of data packets, not just header information
Offers more complex and thorough traffic filtering, which is generally slower due to the deeper inspection involved
Why the answer is correct:
These answers describe how Layer 7 firewalls work by inspecting both packet headers and payload data, allowing filtering based on application-level data such as HTTP requests or specific commands, which aligns with the question about Layer 7 firewalls.
Why it matters:
Layer 7 firewalls provide stronger security against sophisticated threats by understanding application behavior and content, making them critical in protecting modern networks where attacks often exploit application vulnerabilities. However, this comes with a tradeoff in processing speed.
Examples of protocols typically used for implementing secure VPN tunnels include: (Select all that apply)
Answer: IPsec, TLS, and L2TP
Concept:
VPN (Virtual Private Network) tunnels secure communication between two points over an untrusted network, like the internet. Various protocols are used to create these secure tunnels by encrypting data and authenticating endpoints.
Key Points:
IPsec: A widely used protocol suite for securing IP communications by authenticating and encrypting each IP packet in a data stream.
TLS (Transport Layer Security): Often used to secure VPN tunnels in SSL/TLS VPNs, encrypting data and ensuring secure communication.
L2TP (Layer 2 Tunneling Protocol): A tunneling protocol that is often combined with IPsec to provide encryption and secure VPN connections.
Why the answer is correct:
IPsec, TLS, and L2TP are all protocols commonly implemented to establish secure VPN tunnels, either on their own or in combination. For example, L2TP is frequently paired with IPsec to add encryption, and TLS is the foundation for SSL VPNs.
Why it matters:
Knowing these protocols helps in understanding how VPNs provide confidentiality, integrity, and authentication over insecure networks, ensuring safe remote access and secure data transmission.
Which of the following terms is used to describe a type of VPN that alleviates bottlenecks and conserves bandwidth by enabling utilization of both the VPN and public network links?
Answer: Split tunnel
Concept:
A split tunnel VPN allows users to route some traffic through the secure VPN tunnel while other traffic goes directly to the public internet without passing through the VPN.
Key Points:
Enables simultaneous use of VPN and direct internet connection.
Reduces network congestion and bandwidth use on the VPN.
Improves performance by not routing all traffic through the VPN.
Why the answer is correct:
Split tunneling specifically refers to the VPN configuration that divides traffic, sending only certain data through the VPN while other data accesses the internet directly, thereby reducing bottlenecks and conserving bandwidth.
Why it matters:
Split tunneling optimizes network resource usage and improves user experience by preventing unnecessary load on the VPN and minimizing latency, but it must be carefully managed to avoid security risks from unencrypted traffic.
Which VPN type is used for connecting computers to a network? (Select 2 answers)
Answer: Remote access and Client-to-site
Concept:
VPNs enable secure connections over public networks. Two common types for connecting individual computers to a network are Remote Access VPN and Client-to-Site VPN (often used interchangeably).
Key Points:
Remote Access VPN: Allows individual users to connect securely from anywhere to a private network.
Client-to-Site VPN: Refers to a client device connecting to a company network or site securely.
Why the answer is correct:
Both Remote Access and Client-to-Site VPNs describe setups where individual computers (clients) securely connect to a network, enabling access to network resources remotely.
Why it matters:
These VPN types ensure secure communication for remote workers or users accessing organizational resources, especially important in today’s remote and hybrid work environments.
Which type of VPN enables connectivity between two networks?
Answer: Site-to-site
Concept:
A Site-to-Site VPN connects entire networks to each other over the Internet, securely linking two separate locations (like branch offices) as if they were on the same local network.
Key Points:
Connects two or more distinct networks.
Often used between corporate headquarters and branch offices.
Encrypts traffic between the sites to maintain confidentiality and integrity.
Why the answer is correct:
The question asks for a VPN type that enables connectivity between two networks, not individual devices. Site-to-site VPNs specifically provide this capability by linking entire networks together securely.
Why it matters:
Site-to-site VPNs are crucial for organizations with multiple locations, allowing seamless and secure communication and resource sharing across geographically dispersed networks.
An HTML5 VPN portal is an example of clientless VPN implementation where an HTML5-compliant web browser along with TLS encryption can be used instead of a dedicated VPN client software.
Answer: True
Concept:
A clientless VPN allows users to connect securely to a network without needing to install special VPN software. Instead, they use a standard web browser that supports HTML5, which uses TLS encryption to secure the connection.
Key Points:
Uses an HTML5-compliant browser.
No need for dedicated VPN client software installation.
Connection is secured using TLS encryption.
Often provides access through a web portal.
Why the answer is correct:
The statement accurately describes a clientless VPN portal using HTML5 technology, where the browser acts as the VPN client, enabling secure access without installing additional software.
Why it matters:
Clientless VPNs simplify remote access, reduce software deployment and maintenance overhead, and provide easy, secure access from almost any device or platform with a web browser.
Which of the answers listed below refers to a hardware or software solution providing secure remote access to networks and resources?
Answer: RAS (Remote Access Server)
Concept:
RAS (Remote Access Service) is a hardware or software solution that enables users to connect securely to a network from a remote location. It provides secure access to internal network resources over public networks like the Internet.
Key Points:
Facilitates remote connectivity to a private network.
Can be implemented via hardware (dedicated devices) or software solutions.
Often uses encryption and authentication to secure the connection.
Supports remote users such as telecommuters or traveling employees.
Why the answer is correct:
RAS directly refers to the service or solution that allows secure remote access to networks and resources, exactly matching the description in the question.
Why it matters:
Secure remote access is essential for modern organizations to enable flexible work environments and maintain productivity without compromising security. RAS solutions ensure that remote users can connect safely to critical systems.
