Network Security & Management Exam 1

A Media Access Control (MAC) address is the 48-bit physical hardware address of a network interface card (NIC) assigned by the manufactur

True

A combination of intrusion detection and prevention, as well as logging and monitoring, provides the best defense against what kind of attack?

Zero-day exploit

A company has discovered that confidential business information has been repeatedly acquired by a competitor over the past six months. The IT security team has been unable to find the leaks. The team suspects a form of side-channel eavesdropping may be involved. What is the suspected hacking method?

The competitor is using a phreaking attack

A major U.S. online retailer has discovered that thousands of purchases have been paid for by stolen credit card numbers. An initial analysis of the location of the buyers reveals IP addresses from within the United States. Upon further investigation, it is found that the actual origin point of the fraudulent buyer is a series of IP addresses located in Asia. What technology is the fraudster
using?

A VPN?

As part of the bring your own device (BYOD) program, the company CIO is encouraging employees to use their personal devices for business purposes. However, an attacker with the right kind of antenna can access the wireless network from a great distance, putting internal assets at risk. Of the following, what is the best solution?

Ability to encrypt network communications on clients?

Authentication is the proof or verification of a user's identity before granting access to a secured area

True

Authorization is also known as access control

True

Caching is a data storage mechanism that keeps a local copy of content that is fairly static in nature.

True

Determining who or what is trustworthy on a network is an ongoing activity

True

Estefan is a network professional for an e-commerce company. The chief information officer (CIO) wants the customer web portal downtime to be reduced from 5 minutes per year to 30 seconds per year. The change should occur over the next 6 months. Which security objective must Estefan employ to accomplish this goal?

Availability

Hardening is the process of securing or locking down a host against threats and attacks

True

In any organization, network administrators have the ultimate and final responsibility for security

False

In terms of networking, permission is the abilities granted on the network

False

In terms of networking, privilege is the authorization to access an asset

False

Information leakage sometimes stems from malicious employees

True(often)

Integrity is the protection against unauthorized access, while providing authorized users access to resources without obstruction

False

Kristin's position in IT focuses on using antivirus, anti-spyware, and vulnerability software patch management to maintain security and integrity. Which IT infrastructure domain is she protecting?

Workstation Domain

Many company employees work from home on a full-time basis. What technology do they commonly use to communicate securely with the organization's network?

Virtual private network (VPN)

Mei is working from home and speaking with her department manager on a Voice over IP (VoIP) phone connection. This technology allows telephone conversations to be routed over the Internet. During a VoIP conversation, Mei loses a few moments of what the manager has said to her. What is the problemd

Packet delivery

Nonrepudiation is the security principle that prevents a user from being able to deny having performed an action

True

RFC 1918 addresses are for use only in private networks

True

Security objectives are goals that an organization strives to achieve through its security efforts

True

Temika is the IT security officer for her company. The CIO has told her that network security success is not about preventing all possible attacks or compromises. Of the following, what goal or accomplishment should she work toward?

Improving the state of security so that it is more protected in the future than it was in the past

The LAN Domain of an IT infrastructure includes routers, firewalls, and switches

False

The User Domain of an IT infrastructure refers to actual users, whether they are employees, consultants, contractors, or other third-party users

True

The WAN Domain of an IT infrastructure includes networks owned by a telco or a carrier network company that leases access to corporations

True

To secure the System/Application Domain of an IT infrastructure, what is the primary focus?

• Network design

• Authentication

• Authorization

• Accounting

Which OSI model layer deals with frames?

Data Link Layer

Which form of firewall filtering is NOT as clear or distinct as other types?

Filtering on whether an address is real or spoofed

Which network index technology allows users to locate resources on a private network, keeps track of which servers and clients are online, and identifies the resources that network hosts share?

Directory Services

Which network security technology can block or restrict access if a computer does NOT have the latest antivirus update, a certain security patch, or a host firewall?

Network access control (NAC)

Which of the following is considered a node?

• Any device on the network

• client computers

• servers

• switches

• routers

• firewalls

• Anything with a network interface + MAC address

Which of the following is described as “confidence in your expectation that others will act in your best interest”?

General

Which of the following must be done first to accomplish an organization's security goals?

Write down security goals

Which of the following roles is most commonly responsible for observing system and user activity, looking for violations, trends toward bottlenecks, and attempts to perform violations?

Auditors

Whitelisting blocks the execution of any program not on the approved list.

True

Wireless networks are more secure than wired networks

False

You are a network professional. You want to overcome the security shortcomings of the Domain Name System (DNS). Of the following, what is one of those shortcomings?

• allows a false/”spoofed” response

• Anyone can request transfers of the DNS mapping data

• Uses plaintext communication which allows for eavesdropping, interception, and modification

You are setting up a small home network. You want all devices to communicate with each other. You assign IPv4 addresses between 192.168.0.1 and 192.168.0.6 to the devices. What processes must still be configured so that these nodes can communicate with the Internet?

Both network address translation (NAT) and port address translation (PAT) must be enabled to allow private network addresses to be translated to a random external port and public IP address

Zero-day exploits are new and previously unknown attacks for which no current specific defenses exist

True

A backdoor acts like a device driver, positioning itself between the kernel (the core program of an operating system) and the hardware

False

A bank's online infrastructure has been under attack by hackers. In addition to standard security methods, the bank's IT security manager has requested website code to be examined and modified, where necessary, to address possible arbitrary code execution. What will the code modifications prevent?

Buffer overflows

A breach is any attempt to get past a network's defenses

False, has to be successful

A buffer overflow is an attack against poor programming techniques and a lack of quality control

True

A chief financial officer's (CFO's) business account has been leaked onto the Internet, including the CFO's username, password, and financial data. The firm's security manager scanned the CFO's computer for viruses, which was clean. However, the manager is still convinced that the CFO's computer is somehow compromised, allowing whatever is typed to be disclosed. The manager recalls that six weeks ago, the CFO's assistant was caught illicitly accessing secure financial files and was subsequently dismissed. What is the likely problem?

Hardware keystroke logger

A company's IT security engineer has noticed several employees periodically checking their social media accounts. One such platform allows chat, which can include sharing links, photos, and videos. When the engineer casually observes one user about to click a link to view a video, she stops the worker. Afterward, she approaches the chief information officer (CIO) and advises that all social media accounts be blocked, and that only online training videos authorized by the company be allowed to be viewed. What threat is the IT security engineer concerned about?

Social engineering?

A company's cybersecurity trainer is recording a Lunch and Learn video for new employees. The trainer discusses the dangers of spam. Besides being annoying, what other problem could spam cause?

DoS attack (flooding)

A fallback attack is defined as an attack that a hacker might try after an unsuccessful breach attempt against a target

True

A major social networking site has been hacked. The usernames, passwords, and security questions of more than 500 million users were compromised. The company disclosed the breach to all users, advising them to immediately change their passwords and security questions. The vulnerability that lead to the breach has been discovered and patched. However, the security engineer suspects there is still a problem left unaddressed. What is the most likely problem?

A malicious person has installed ransomware on a company user's computer. The ransomware message states that the malicious software will be removed if the user pays a certain amount of money digitally. What is a typical form of payment?

Cryptocurrency

A mid-sized company's IT security engineer is attempting to make it more difficult for the company's wireless network to be compromised. She is using techniques such as random challenge-response dialogue for authentication, timestamps on authentication exchanges, and one-time pad or session-based encryption. What form of wireless attack is she defending against?

Replay attacks

A wrapper is a specialized tool used by hackers to build Trojan horses

True

Agents, bots, and zombies are part of which type of attack?

Distributed denial of service (DDoS) attack

An IT infrastructure manager is reviewing his company's computer assets, particularly the mean time to failure (MTTF) of the PC and server hard drives. The manufacturer of the hard drives typically used in the company states that the MTTF is approximately 11 years. Because servers and some high-priority workstations must operate continuously except for brief periods of maintenance, how many hours, on average, can these hard drives be expected to operate before failure?

~96,423

An advanced persistent threat (APT) quietly resides on a target machine until activated

True

Banner grabbing is the activity of probing services running behind an open port to obtain information

True

Cross-site scripting (XSS) grants a hacker access to a back-end database

False

Cryptocurrency is electronic currency for which the existence of the currency is a mathematical formula stored on the systems of the participants and has a value that fluctuates

True

Eavesdropping occurs over wireless connections, not wired connections

False, both

Fragmentation attacks involve an abuse of the fragmentation offset feature of IP packets

True

Hackers can deposit software keystroke loggers onto a victim's system through a worm or a Trojan horse

True

Hardware failures are a primary cause of unexpected downtime

True

In terms of an attack, scanning is the activity of using various tools to confirm information learned during reconnaissance and to discover new details

True

In terms of hacking, a deterrent is any tool or technique that makes hacking your network less attractive than hacking another network

True

In theory, a hacker with a small but powerful directional antenna could access a wireless network from more than one mile away. In a real-world situation, what is the more likely range involved?

Less than 1,000 feet

In which form of social engineering does the malicious person physically go through trash cans and other refuse looking for valuable information about a network such as IP addresses, usernames, and passwords?

Dumpster driving

Insertion attacks involve the introduction of unauthorized content or devices into an otherwise secured infrastructure

True

Peer pressure is a form of motivation for some hackers

True

Ransomware is defined as unwanted and unrequested email

False

Recreational hackers are criminals whose sole career objective is to compromise IT infrastructures

False

Several times this week, the IT infrastructure chief of a small company has suspected that wireless communications sessions have been intercepted. After investigating, he believes some form of insertion attack is happening. He is considering encrypted communications and preconfigured network access as a defense. What type of insertion attack is suspected?

Rogue device insertion

Spoofing tricks a user or a host into believing a communication originated from somewhere other than its real source

True

The IT security officer for a large company has spent the past year upgrading security for the corporate network. Employees working from home have personal firewalls running on their computers. They use a virtual private network (VPN) to connect to the corporate network. The corporate network utilizes the latest devices and techniques, including an intrusion detection system/intrusion prevention system (IDS/IPS), anti-malware protection, and firewalls. What security threat most likely still needs to be addressed?

An internal threat, such as a disgruntled employee or contractor

The imitation of source email, Internet Protocol (IP), or Media Access Control (MAC) addresses is
part of which type of attack?

Spoofing

Which deployment of a web server uses network address translation (NAT) mapping and is considered the poorest security choice?

Reverse proxy

Which form of attack is described as throttling the bandwidth consumption on an Internet link at a specific interval as a method of transmitting small communication streams such as user credentials?

Timing covert channels

Which fragmentation attack results in full or partial overwriting of datagram components?

Overlap

Which of the following is a feature of NTFS that allows complete additional files to successfully hide beneath any normal file object and be almost undetectable?

Alternate data streams (ADS)

Which type of hacker is a criminal whose career objective is to compromise IT infrastructures?

Professional hackers

A WAN is a network limited by geographic boundaries

False

A brouter performs the functions of both a bridge and a router

True

A demilitarized zone (DMZ) is a boundary network that hosts resource servers for the public Internet

True

A first-year student in a computer networking class is studying different addressing types and attempting to identify them. Which of the following does she determine is a Media Access Control (MAC) address?

Physical address: 00-0A-95-9D67-16

A gateway is a device that connects two networks that use dissimilar protocols for communication

True

A network switch avoids collisions by reviewing the Media Access Control (MAC) address to determine where each data packet is meant to go

True