Network Security Test 2

A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database.

Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports.

Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection.

Which key steps should you take when implementing this configuration? (Select two.)

Configure the VPN connection to use IPsec

Configure the browser to send HTTPS requests through the VPN connection

A VPN is primarily used for which of the following purposes?

Support secured communications over an untrusted network

Which VPN implementation uses routers on the edge of each site?

Site-to-site VPN

Which VPN tunnel style routes only certain types of traffic?

Split

In addition to Authentication Header (AH), IPSec is comprised of what other service?

Encapsulating Security Payload (ESP)

A network engineer has the task of creating a remote access solution for a global enterprise. The solution should secure encrypted communication for the company's employees worldwide and detect potential security threats in real time.

Which configuration should the network engineer deploy to meet these requirements?

A VPN utilizing IKE and IPSec protocols, combined with an inline intrusion detection system (IDS)

Which of the following is commonly used in the first phase of Internet Key Exchange (IKE) negotiations for authenticating the identity of peers?

Digital certificates

Which statement BEST describes IPsec when used in tunnel mode?

The entire data packet, including headers, is encapsulated

Which VPN protocol typically employs IPsec as its data encryption mechanism?

L2TP

The IT department in a large multinational corporation faces challenges managing secure communications for remote desktop connections. The increasing number of remote employees has made it essential to ensure that their remote desktop connections are secure. The IT department is considering various measures to establish secure communication.

Given the challenges the corporation faces, what approach should the IT department adopt to ensure secure communications for remote desktop connections while maintaining the manageability and performance of the enterprise infrastructure?

Implement TLS for all remote desktop connections

Which of the following NAC agent types would be used for IoT devices?

Agentless

Which of the steps in the Network Access Control (NAC) implementation process occurs once the policies have been defined?

Apply

Which of the following defines all the prerequisites a device must meet in order to access a network?

Authentication

Which of the following applies the appropriate policies in order to provide a device with the access it's defined to receive?

Authorization

As a network administrator, you have implemented a Network Access Control (NAC) system with automatic remediation capabilities in your organization.

One day, you notice that a significant number of devices are being quarantined frequently by the NAC system due to non-compliance with security policies.

What should be your next course of action?

Investigate the root cause of the frequent non-compliance and address it.

In a Network Access Control (NAC) system, a nonpersistent (or dissolvable) agent is used during the posture assessment process.

Which of the following statements about a nonpersistent NAC agent is true?

A nonpersistent agent is loaded into memory during posture assessment but is not installed on the device.

You are part of a committee that is meeting to define how Network Access Control (NAC) should be implemented in the organization.

Which step in the NAC process is this?

Plan

A large enterprise recently introduced a bring your own device (BYOD) policy and is seeing an uptick in the use of Internet of Things (IoT) devices in the office.

Concerns about unauthorized network access and compliance with security standards accompany these changes.

Assess the following options and determine the MOST suitable strategy to alleviate these security concerns.

Deploy agent-based Network Access Control (NAC) with dynamic Virtual Local Area Networks (VLANs) and firewall integration.

An international business is experiencing an increase in remote work scenarios, resulting in a significant rise in employees using personal devices and smart appliances for work.

This development raises potential issues related to unauthorized network access and adherence to security standards.

Which of the following solutions MOST effectively addresses these security issues?

Deploy agent-based Network Access Control (NAC) with dynamic Virtual Local Area Networks (VLANs) and firewall integration

Which of the following BEST describes zero-trust security?

Only devices that pass both authentication and authorization are trusted.

While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application.

Which type of security weakness does this describe?

Backdoor

An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later.

Which type of attack is this an example of?

Backdoor

Which of the following are characteristics of a complex password? (Select two.)

Has a minimum of eight characters

Consists of letters, numbers, and symbols

An attacker has gained access to the administrator's login credentials.

Which type of attack has MOST likely occurred?

Password cracking

A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas.

This situation indicates which of the following has occurred?

Privilege escalation

An attacker has obtained the logon credentials for a regular user on your network.

Which type of security threat exists if this user account is used to perform administrative functions?

Privilege escalation

Travis and Craig are both standard users on the network. Each user has a folder on the network server that only they can access. Recently, Travis has been able to access Craig's folder.

This situation indicates which of the following has occurred?

Privilege escalation

In a rapidly evolving IT environment, a cloud service provider offers various services to businesses, enabling them to store and process data securely. To enhance security, the provider regularly updates its systems and software.

Despite these efforts, a security researcher discovers a previously unknown vulnerability in one of the cloud-specific applications, leaving customer data exposed to potential threats.

In this scenario, which vulnerability is the security researcher likely to have found in the cloud-specific application?

Zero-day vulnerability

In the context of information security, an organization discovers a zero-day vulnerability in its database software.

At the same time, a known hacking group has expressed intentions to target entities using this specific software.

Which of the following BEST describes this situation's relation to vulnerability, threat, and risk?

The organization increases its risk of a security breach due to the threat and vulnerability

A major software vendor becomes aware of a new zero-day vulnerability in one of its products due to an anonymous tip. The vulnerability could potentially allow unauthorized access to sensitive data stored in the software.

The vendor is currently creating a patch to address the issue.

Which of the following BEST describes the current risk to the software users and the appropriate response from the software vendor?

The risk to the users is significant, and the vendor should quietly create a patch without informing the users until it is ready.

As the IT manager of a company, you've decided to implement an application allow list to enhance network security and control software usage.

What is the MOST effective way to proceed?

Implement the allow list, inform employees about the change, and provide a process for requesting additions to the list.

As a company grows, so does its attack surface and the desirability for a malicious actor to compromise its systems. A company must monitor all software usage, secure applications, third-party software, libraries, and dependencies to keep systems secure.

What are some ways to BEST accomplish this? (Select two.)

Using package monitoring

Implementing application vulnerability scanning

A system administrator at a software development company is working on integrating package monitoring into the organization's vulnerability management strategy. The administrator aims to track software packages and applications to ensure they remain free from vulnerabilities and continue to support the firm's security framework.

As the system administrator incorporates package monitoring into the vulnerability management process, which actions will MOST likely get prioritized to enhance the effectiveness of this approach? (Select two.)

Tracking outdated software packages

Monitoring software repositories for new updates

A cybersecurity analyst for a large organization permits employees to use instant messaging (IM) services on their devices. Despite using encryption, the analyst's concern is the potential software vulnerabilities and difficulty scanning messages and attachments for threats. Which actions should the cybersecurity analyst use to address this concern?

Regularly update and patch the instant messaging apps to address any known software vulnerabilities.

Which of the following are important practices in application vulnerability assessment to ensure the security of third-party software packages, libraries, and dependencies used within an organization?

SCA

SBOM

What do application control solutions use to identify specific applications?

Application signatures

You have implemented a new application control solution. After monitoring traffic and use for a while, you have noticed an application that continuously circumvents blocking.

How should you configure the application control software to handle this application?

Tarpit

You are the IT manager of a company that develops its own software applications. You've been tasked with enhancing the security of these applications. You decide to implement application vulnerability scanning.

What is the MOST effective way to proceed?

Implement application vulnerability scanning and provide comprehensive training to the development team on the process and how to address identified vulnerabilities.

Which of the following security actions represents a non-intrusive scanning type of framework?

Vulnerability scanning

You are implementing a new application control solution.

Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review.

How should you configure the application control software to handle applications not contained in the whitelist?

Flag

Which of the following scenarios would typically utilize 802.1x authentication?

Controlling access through a switch

As a network administrator, you have implemented MAC filtering as a security measure on your company's network. You notice that an unauthorized device has been able to connect to the network despite the MAC filtering.

Which of the following is the MOST likely explanation for this occurrence and what should be your next step?

The unauthorized device has spoofed the MAC address of an authorized device. You should implement a secondary authentication method to increase security.

You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet.

The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet.

What can you do?

Configure port security on the switch.

You manage a single subnet with three switches. They are connected to provide redundant paths between the switches.

Which feature prevents switching loops and ensures there is only a single active path between any two switches?

Spanning Tree Protocol

When configuring VLANs on a switch, which type of switch ports are members of all VLANs defined on the switch?

Trunk ports

Which of the following BEST describes the concept of a virtual LAN?

Devices on the same network logically grouped as if they were on separate networks.

As a network administrator, you are tasked with creating VLANs on a switch to improve network performance and security.

You decide to create VLANs based on different departments in your company. However, you notice that devices from different VLANs are unable to communicate with each other.

Which of the following is the MOST likely reason for this and what should be your next step?

Inter-VLAN routing is not enabled. You should implement a router or a Layer 3 switch to enable communication between VLANs.

Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?

ARP spoofing/poisoning

ARP spoofing/poisoning

Dynamic Trunking Protocol

MAC flooding

MAC spoofing

The source device sends frames to the attacker's MAC address instead of to the correct device.

Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network.

Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called Fail Open Mode.

Can be used to hide the identity of the attacker's computer or impersonate another device on the network.

Which of the following attacks, if successful, causes a switch to function like a hub?

MAC flooding

Which of the following should be configured on the router to filter traffic at the router level?

Access control list

You are a network security engineer at a large corporation. You have been tasked with implementing anti-spoofing rules on the company's routers to enhance network security.

You have noticed an increase in spoofing attacks where IP packets have a source address that does not belong to the sender.

Which of the following anti-spoofing rule configurations would be the MOST effective in mitigating these attacks?

Source: An IP address belonging to the internal network or the IP address of the router itself, Destination: Any, Service: Any, Interface: Any external interface, Direction: Inbound, Action: Deny, Time: Any

Which of the following happens by default when you create and apply a new ACL on a router?

All traffic is blocked.

You are deploying a brand new router. After you change the factory default settings, what should you do next?

Update the firmware.

Which of the following can make passwords useless on a router?

Not controlling physical access to the router

A financial institution is processing transactions and wishes to improve its security posture. The institution divides its network into different sections to minimize risk while actively updating or retrieving transaction data.

What method does the financial institution intend to use?

Segmentation

A critical infrastructure organization responsible for managing energy distribution across a large region relies heavily on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems to monitor and control the power grid.

Given the critical nature of the operations, the IT team has implemented a unique control to safeguard these systems.

Which unique control did the IT team use to protect ICS and SCADA systems?

Network segmentation

Upon reviewing the results of an organizational assessment, the cyber team implements various remediation practices to safeguard the company's data.

What remediation practices include the division of a network into separate pieces to contain an attack or attempted breach within one piece of the network?

Segmentation

You've just deployed a new Cisco router that connects several network segments in your organization.

The router is physically located in a server room that requires an ID for access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer using a Telnet client with a username of admin and a password of P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.

What should you do to increase the security of this device? (Select two.)

Change the default administrative username and password.

Use an SSH client to access the router configuration.

You've just deployed a new Cisco router that connects several network segments in your organization.

The router is physically located in a locked server closet. You use an FTP client to regularly back up the router configuration to a remote server in an encrypted file. You access the router configuration interface from a notebook computer that is connected to the router's console port. You've configured the device with the username admin01 and the password P@ssW0rd. You have used the MD5 hashing algorithm to protect the password.

What should you do to increase the security of this device?

Use SCP to back up the router configuration to a remote location.

Which of the following are solutions that address physical security? (Select two.)

Escort visitors at all times.

Require identification and name badges for all employees.

If a fingerprint or retina scan is required to open a secured door, which kind of physical security has been implemented?

Biometric locks

A security manager decides to enhance the physical security of a warehouse storing high-value tech equipment by installing a deterrent at the perimeter to prevent vehicle-based attacks.

Which security measure would be the MOST suitable for this purpose?

Bollards

You want to use CCTV to increase your physical security, and you want the ability to remotely control the camera position.

Which camera type should you choose?

PTZ

Which of the following controls is an example of a physical access control method?

Locks on doors

A data center must enhance its security measures to prevent unauthorized access to its facility. The center are considering different methods to achieve this goal.

What should the data center implement first to ensure a strong physical barrier against intrusions?

Fencing

To increase the physical security of a secured location, an organization deploys motion detection sensors throughout the grounds and building.

What type of sensor uses this technology?

Infrared sensor

As the head of physical security at a large tech company, you have been tasked with investigating a series of unauthorized entries into secure areas of your facilities.

The intrusions have been sporadic and seemingly random, with no clear pattern or motive. The intruders have not been caught on camera, and no physical damage or theft has been reported. However, you notice that the access logs show entries made using the credentials of employees who were not on-site at the time of the incidents.

Which of the following is the MOST likely method the intruders are using to gain access?

RFID cloning

Which kind of access control technology allows more than just the identity of an individual to be transmitted wirelessly to either allow or deny access?

Smart card

A company wants to improve the physical security at its headquarters. They need a solution that can help regulate access to the building and deter potential intruders during nighttime.

Which physical security measure should they prioritize?

Access control vestibule

You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram.

Which tool should you use?

Network mapper

You need to check network connectivity from your computer to a remote computer.

Which of the following tools would be the BEST option to use?

ping

As a cybersecurity analyst, you are tasked with performing active reconnaissance on a potential client's network to identify vulnerabilities. You have already completed the passive reconnaissance phase.

Which of the following steps would you take next, and why?

Begin with port scanning to identify open ports and the services running on them.

You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches.

Which tool should you use?

Nessus

Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?

OSINT

Which type of reconnaissance is associated with dumpster diving?

Passive

Which passive reconnaissance tool is used to gather information from a variety of public sources?

theHarvester

Which of the following tools can be used to see if a target has any online IoT devices without proper security?

Shodan

You are a cybersecurity analyst tasked with performing passive reconnaissance on a potential client's network.

You need to gather information from a variety of public sources including emails, names, subdomains, IPs, and URLs.

Which of the following tools would be most appropriate for this task?

theHarvester

Which of the following is known as the process of walking around an office building with an 802.11 signal detector.

War driving

You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections.

Which type of device should you use?

Anomaly-based IDS

Which of the following describes the worst possible action by an IDS?

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

Which of the following describes a false positive when using an IPS device?

Legitimate traffic being flagged as malicious.

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices.

You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.

Which solution should you implement?

Host-based IDS

What is the MOST common form of host-based IDS that employs signature or pattern-matching detection methods?

Antivirus software

An active IDS system often performs which of the following actions? (Select two.)

Performs reverse lookups to identify an intruder.

Updates filters to block suspect traffic.

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible.

Which tool should you use?

IPS

Your organization uses a web server to host an e-commerce site.

Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them.

What should you do?

Implement an application-aware IPS in front of the web server.

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?

Signature-based IDS

A multinational corporation has recently implemented an intrusion detection system (IDS) and intrusion prevention system (IPS) to protect its network infrastructure.

The security team receives many alerts and struggles to manage false positives. The team must optimize the IDS and IPS to identify and prioritize actual threats while minimizing irrelevant alerts.

Which primary strategy should the team adopt to achieve this objective?

Implement trend analysis to identify patterns and anomalies, tune the IDS/IPS over time, and prioritize genuine threats.

You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address.

Which of the following can you use to simplify this process?

Capture filters

Which of the following processes identifies an operating system based on its response to different types of network traffic?

Fingerprinting

You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router.

When you run the software, you see frames addressed to the four workstations, but not to the router.

Which feature should you configure on the switch?

Port mirroring

You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation.

Which of the following must you configure in order to see all of the network traffic?

Configure the network interface to use promiscuous mode.

Which of the following accurately describes what a protocol analyzer is used for? (Select two.)

A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack).

A passive device that is used to copy frames and allow you to view frame contents.

You want to identify traffic that is generated and sent through a network by a specific application running on a device.

Which tool should you use?

Protocol analyzer

You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol.

Which tool should you use?

Packet sniffer

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall.

Which tool should you use?

Packet sniffer

Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors?

Security operations team

You want to use a tool to see packets on a network, including the source and destination of each packet.

Which tool should you use?

Wireshark