CYBR 201: Exam 2 Review

A(n) _______________ is a group of two or more devices linked together to share data.

Network

A packet in an IP network is sometimes called a(n) _______________.

Datagram

Moving packets from source to destination across multiple networks is called ____________.

Routing

The _______________ is the hardware address used to uniquely identify each device on a network.

MAC Address (Media Access Control Address)

A(n) _______________ tells you what portion of a 32-bit IP address is being used as the network ID and what portion is being used as the host ID.

Subnet mask

The shape or arrangement of a network, such as bus, star, ring, or mixed, is known as the _______________ of the network.

Topology

A small, typically local network covering a relatively small area such as a single floor of an office building is called a(n) _______________.

LAN

A(n) _______________ is an agreed-upon format for exchanging information between systems.

Protocol

The packet exchange sequence (SYN, SYN/ACK, ACK) that initiates a TCP connection is called the _______________.

Three-way Handshake

_______________ is the protocol that allows the use of private, internal IP addresses for internal traffic and public IP addresses for external traffic.

Network Address Translation (NAT)

What is Layer 1 of the OSI model called?

A. The physical layer

B. The network layer

C. The initial layer

D. The presentation layer

A) Physical Layer

What is the process that dynamically assigns an IP address to a network device called?

A. NAT

B. DNS

C. DHCP

D. Routing

C) DHCP

What is the three-way handshake sequence used to initiate TCP connections?

A. ACK, SYN/ACK, ACK

B. SYN, SYN/ACK, ACK

C. SYN, SYN, ACK/ACK

D. ACK, SYN/ACK, SYN

B) SYN, SYN/ACK, ACK

Which of the following is a control and information protocol used by network devices to determine such things as a remote network’s availability and the length of time required to reach a remote network?

A. UDP

B. NAT

C. TCP

D. ICMP

D) ICMP

What is the name of the protocol that translates names into IP addresses?

A. TCP

B. DNS

C. ICMP

D. DHCP

B) DNS

Dividing a network address space into smaller, separate networks is called what?

A. Translating

B. Network configuration

C. Subnetting

D. Address translation

C) Subnetting

Which protocol translates private (nonroutable) IP addresses into public (routable) IP addresses?

A. NAT

B. DHCP

C. DNS

D. ICMP

A) NAT

Which of the following statements best describes the User Datagram Protocol (UDP)?

A. It provides excellent error-checking algorithms.

B. It is a connectionless protocol.

C. It guarantees delivery of packets.

D. It requires a permanent connection between the source and destination.

B) It is a connectionless protocol

9. Which of the following statements best describes the Transmission Control Protocol (TCP)?

A. It is connectionless.

B. It provides no error checking.

C. It allows for packets to be processed in the order they were sent.

D. It has no overhead.

C) It allows for packets to be processed in the order they were sent

10. Which of the following would be a valid MAC address?

A. 00:07:e9

B. 00:07:e9:7c:c8

C. 00:07:e9:7c:c8:aa

D. 00:07:e9:7c:c8:aa:ba

C) 00:07:e9:7c:c8:aa [6 groups of hex]

A(n) _______________ routes packets based on IP addresses.

Router

Technology used to verify endpoint compliance with security rules before connecting to a network is called _______________.

Network Access Control (NAC)

To connect a computer to a network, you use a(n) _______________.

NIC (Network Interface Card)

A(n) _______________ or _______________ distributes traffic based on MAC addresses.

Bridge or Switch

_______________ is quarantining or isolation of a system from its surroundings.

Sandboxing

_______________ is a name for the typical computer a user uses on a network.

Workstation

A(n) _______________ repeats all data traffic across all connected ports.

Hub

Cat 6 is an example of _______________ cable.

UTP

Basic packet filtering occurs at the ____________.

Firewall

A(n) _______________ is an extension of the telephone service into a firm’s telecommunications network.

Private Branch Exchange (PBX)

Switches operate at which layer of the OSI model?

A. Physical layer

B. Transport layer

C. Data link layer

D. Application layer

C) Data link layer

UTP cables are terminated for Ethernet using what type of connector?

A. A BNC plug

B. An Ethernet connector

C. A standard phone jack connector

D. An RJ-45 connector

D) An RJ-45 Connector

Coaxial cable carries how many physical channels?

A. Two

B. Four

C. One

D. None of the above

C) One

Network access control is associated with which of the following?

A. NAP

B. IPSec

C. IPv6

D. NAT

D) NAT

What is the purpose of twisting the wires in twisted-pair circuits?

A. To increase speed

B. To increase bandwidth

C. To reduce crosstalk

D. To allow easier tracing

C) To reduce crosstalk

What is one of the challenges when managing a large number of VMs in the enterprise?

A. VM permissions

B. VM sprawl

C. VM size

D. VM locking

B) VM Sprawl

SNMP is a protocol used for which of the following functions?

A. Secure e-mail

B. Secure encryption of network packets

C. Remote access to user workstations

D. Remote access to the network infrastructure

D) Remote access to the network infrastructure

Firewalls can use which of the following in their operation?

A. Stateful packet inspection

B. Port blocking to deny specific services

C. NAT to hide internal IP addresses

D. All of the above

D) All of the above

SMTP is a protocol used for which of the following functions?

A. E-mail

B. Secure encryption of network packets

C. Remote access to user workstations

D. None of the above

A) E-mail

USB-based flash memory is characterized by which of the following?

A. High cost

B. Low capacity

C. Slow access

D. None of the above

D) None of the above

_______________ is an authentication model designed around the concept of using tickets for accessing objects.

Kerberos

_______________ is designed around the type of tasks people perform.

RBAC (Roll Based Access Control)

_______________ refers to the condition where trust is extended to another domain that is already trusted.

Transitive Trust

_______________ describes a system where every resource has access rules set for it all of the time.

Mandatory Access Control (MAC, not to be confused with MAC Addresses)

_______________ is an authentication process where the user can enter their user ID (or username) and password and then be able to move from application to application or resource to resource without having to supply further authentication information.

Single Sign On (SSO)

If your fingerprints fail to let you into a system when they should, this is called a(n) _______________.

False Negative

When both the client and the server authenticate each other, this is called _______________.

Mutual Authentication

_______________ is an access control method that would allow you to control access to records only when someone is scheduled to work.

ABAC (Attribute Access Control)

Authentication that is sent in plaintext with only Base64 encoding is an example of ______________.

Basic authentication

Authentication can be based on what?

A. Something a user possesses

B. Something a user knows

C. Something measured on a user, such as a fingerprint

D. All of the above

D) All of the above

You’ve spent the last week tweaking a fingerprint-scanning solution for your organization. Despite your best efforts, roughly 1 in 50 attempts will fail even if the user is using the correct finger and their fingerprint is in the system. Your supervisor says 1 in 50 is “good enough” and tells you to move onto the next project. Your supervisor just defined which of the following for your fingerprint-scanning system?

A. False rejection rate

B. False acceptance rate

C. Critical threshold

D. Failure acceptance criteria

A) False rejection rate

A ticket-granting server is an important element in which of the following authentication models?

A. L2TP

B. RADIUS

C. PPP

D. Kerberos

D) Kerberos

What protocol is used for RADIUS?

A. UDP

B. NetBIOS

C. TCP

D. Proprietary

A) UDP

Under which access control system is each piece of information and every system resource (files, devices, networks, and so on) labeled with its sensitivity level?

A. Discretionary access control

B. Resource access control

C. Mandatory access control

D. Media access control

C) Mandatory Access Control

Which of the following algorithms uses a secret key with a current timestamp to generate a one-time password?

A. Hash-based Message Authentication Code

B. Date-hashed Message Authorization Password

C. Time-based One-Time Password

D. Single sign-on

C) Time-based One-Time Password

You have to implement an OpenID solution. What is the typical relationship with existing systems?

A. OpenID is used for authentication, OAuth is used for authorization.

B. OpenID is used for authorization, OAuth is used for authentication.

C. OpenID is not compatible with OAuth.

D. OpenID only works with Kerberos.

A) OpenID is used for authentication, OAuth is used for authorization

Elements of Kerberos include which of the following?

A. Tickets, ticket-granting server, ticket-authorizing agent

B. Ticket-granting ticket, authentication server, ticket

C. Services server, Kerberos realm, ticket authenticators

D. Client-to-server ticket, authentication server ticket, ticket

B) Ticket-granting ticket, authentication server, ticket

To establish a PPTP connection across a firewall, you must do which of the following?

A. Do nothing. PPTP does not need to cross firewalls by design.

B. Do nothing. PPTP traffic is invisible and tunnels past firewalls.

C. Open a UDP port of choice and assign it to PPTP.

D. Open TCP port 1723.

D) Open TCP port 1723

To establish an L2TP connection across a firewall, you must do which of the following?

A. Do nothing. L2TP does not cross firewalls by design.

B. Do nothing. L2TP tunnels past firewalls.

C. Open a UDP port of choice and assign it to L2TP.

D. Open UDP port 1701.

D) Open UDP port 1701

An AP uses _______________ to advertise its existence to potential wireless clients.

Beacon Frames

The _______________ is the part of the RC4 cipher that has a weak implementation in WEP.

Initialization Vector (IV)

Two common mobile device security measures are _______________ and _______________.

Screenlocking and Remote Wiping

To identify a specific AP and network, one would use the _______________.

BSSID

The 32-character identifier attached to the header of a packet used for authentication to an 802.11 access point is the _______________.

SSID

_______________ is a feature that can disclose a user’s position when sharing photos.

Geotagging

802.11i updates the flawed security protocol called _______________.

WEP

The standard for wireless local area networks is called _______________.

IEEE802.11

The type of application used to control security across multiple mobile devices in an enterprise is called _______________.

Mobile Device Management (MDM)

802.11a uses frequencies in the _______________.

5GHz (b, g, and n use 2.4 GHz)

Bluebugging can give an attacker what?

A. All of your contacts

B. The ability to send “shock” photos

C. Total control over a mobile phone

D. A virus

C) Total control over a mobile phone

How does 802.11n improve network speed?

A. Wider bandwidth

B. Higher frequency

C. Multiple-input multiple-output (MIMO)

D. Both A and C

D) Both A and C

802.11ax is also called?

A. Wi-Fi 4

B. Wi-Fi 5

C. Wi-Fi 6

D. 5G

C) Wi-Fi 6

WEP has used an implementation of which of the following encryption algorithms?

A. SHA

B. ElGamal

C. RC4

D. Triple-DES

C) RC4

What element does not belong in a mobile device security policy in an enterprise employing BYOD?

A. Separation of personal and business-related information

B. Remote wiping

C. Passwords and screen locking

D. Mobile device carrier selection

D) Mobile device carrier selection

What is bluejacking?

A. Stealing a person’s mobile phone

B. Sending an unsolicited message via Bluetooth

C. Breaking a WEP key

D. Leaving your Bluetooth in discoverable mode

B) Sending an unsolicited message via Bluetooth

While the SSID provides some measure of authentication, why is it not very effective?

A. It is dictated by the manufacturer of the access point.

B. It is encrypted.

C. It is broadcast in every beacon frame.

D. SSID is not an authentication function.

C) It is broadcast in every beacon frame

802.1X is a protocol for which aspect of Ethernet?

A. Authentication

B. Speed

C. Wireless

D. Cabling

A) Authentication

What is the best way to avoid problems with Bluetooth?

A. Keep personal info off your phone.

B. Keep Bluetooth discoverability off.

C. Buy a new phone often.

D. Encryption.

B) Keep Bluetooth discoverability off

Why is attacking wireless networks so popular?

A. There are more wireless networks than wired.

B. They all run Windows.

C. It’s easy.

D. It’s more difficult and more prestigious than other network attacks.

C) It’s easy

A(n) _______________ is a piece of software or an integrated software/hardware system that can capture and decode network traffic.

Protocol analyzer (Wireshark is an example)

When an IDS generates an alarm on “normal” traffic that is actually not malicious or suspicious, that alarm is called a(n) _______________.

False Positive

An attacker scanning a network full of inviting, seemingly vulnerable targets might actually be scanning a(n) _______________, where the attacker’s every move can be watched and monitored by security administrators.

Honeypot

A(n) _______________ looks at a certain string of characters inside a TCP packet.

Content Based Signature

An IDS that looks for unusual or unexpected behavior is using a(n) _______________.

Anomaly Detection Model

_______________ allows administrators to send all traffic passing through a network switch to a specific port on the switch.

Port Mirroring

Within an IDS, the _______________ examines the collected network traffic and compares it to known patterns of suspicious or malicious activity stored in the signature database.

Analysis Engine

_______________ is a technique whereby a host is queried and identified based on its response to a query.

Banner Grabbing

_______________ is a technique for matching an element against a large set of patterns and using activity as a screening element.

Context Based Signature

_______________ is a new entry in the IDS toolset as a replacement for Snort.

Suricata

What are the two main types of intrusion detection systems?

A. Network based and host based

B. Signature based and event based

C. Active and reactive

D. Intelligent and passive

A) Network based and host based

What are the two main types of IDS signatures?

A. Network based and file based

B. Context based and content based

C. Active and reactive

D. None of the above

B) Context based and Content based

Which of the following describes a passive, host-based IDS?

A. It runs on the local system.

B. It does not interact with the traffic around it.

C. It can look at system event and error logs.

D. All of the above.

D) All of the above

Which of the following is not a capability of network-based IDS?

A. It can detect denial-of-service attacks.

B. It can decrypt and read encrypted traffic.

C. It can decode UDP and TCP packets.

D. It can be tuned to a particular network environment.

B) It can decrypt and read encrypted traffic

An active IDS can do which of the following?

A. Respond to attacks with TCP resets

B. Monitor for malicious activity

C. A and B

D. None of the above

C) A and B

What are honeypots used for?

A. To attract attackers by simulating systems with open network services

B. To monitor network usage by employees

C. To process alarms from other IDSs

D. To attract customers to e-commerce sites

A) To attract attackers by simulating systems with open network services

Connecting to a server and sending a request over a known port in an attempt to identify the version of a service is an example of what?

A. Port sniffing

B. Protocol analysis

C. Banner grabbing

D. TCP reset

C) Banner grabbing

Preventative intrusion detection systems:

A. Are cheaper

B. Are designed to stop malicious activity from occurring

C. Can only monitor activity

D. Were the first type of IDS

B) Are designed to stop malicious activity from occurring

IPS stands for which of the following?

A. Intrusion processing system

B. Intrusion prevention sensor

C. Intrusion prevention system

D. Interactive protection system

C) Intrusion prevention system

What is a protocol analyzer used for?

A. To troubleshoot network problems

B. To collect network traffic statistics

C. To monitor for suspicious traffic

D. All of the above

D) All of the above

_______________ is the process of establishing a system’s security state.

Baselining