• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/50

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

50 Cards in this Set

  • Front
  • Back
An administrator is trying to secure a network from threats originating outside the network. Which of the following devices provides protection for the DMZ from attacks launched from the Internet?
a. Antivirus
b. Content filter
c. Firewall
d. Proxy server
c. Firewall
Which of the following should be implemented to have all workstations and servers isolated in their own broadcast domains?
a. VLANs
b. NAT
c. Access lists
d. Intranet
a. VLANs
An administrator wants to setup their network with only one public IP address. Which of the following would allow for this?
a. DMZ
b. VLAN
c. NIDS
d. NAT
d. NAT
Which of the following network tools would provide the information on what an attacker is doing to compromise a system?
a. Proxy server
b. Honeypot
c. Internet content filters
d. Firewall
b. Honeypot
An administrator wants to setup their network with only one public IP address. Which of the following would allow for this?
a. DMZ
b. VLAN
c. NIDS
d. NAT
d. NAT
An administrator wants to proactively collect information on attackers and their attempted methods of gaining access to the internal network. Which of the following would allow the administrator to do this?
a. NIPS
b. Honeypot
c. DMZ
d. NIDS
b. Honeypot
A technician wants to regulate and deny traffic to websites that contain information on hacking. Which of the following would be the BEST solution to deploy?
a. Internet content filter
b. Proxy
c. Protocol analyzer
d. NIDS
a. Internet content filter
Which of the following is a way to logically separate a network through a switch?
a. Spanning port
b. Subnetting
c. VLAN
d. NAT
c. VLAN
Which of the following is a true statement with regards to a NIDS?
a. A NIDS monitors and analyzes network traffic for possible intrusions.
b. A NIDS is installed on the proxy server.
c. A NIDS prevents certain types of traffic from entering a network.
d. A NIDS is normally installed on the email server.
a. A NIDS monitors and analyzes network traffic for possible intrusions.
Which of the following tools would be used to review network traffic for clear text passwords?
a. Port scanner
b. Protocol analyzer
c. Firewall
d. Password cracker
b. Protocol analyzer
A user has decided that they do not want an internal LAN segment to use public IP addresses. The user wants to translate them as private IP addresses to a pool of public IP addresses to identify them on the Internet. Which of the following does the user want to implement?
a. IPSec
b. NAT
c. SSH
d. SFTP
b. NAT
An administrator has been studying stateful packet inspection and wants to implement this security technique on the network. Which of the following devices could the administrator use to BEST utilize stateful packet inspection?
a. Hub
b. IDS
c. Switch
d. Firewall
d. Firewall
Which of the following is the primary purpose of a honeypot?
a. Translate addresses at the perimeter
b. To provide a decoy target on the network
c. Provide cryptography for the network
d. Work as a network proxy
b. To provide a decoy target on the network
Which of the following allows for notification when a hacking attempt is discovered?
a. NAT
b. NIDS
c. Netflow
d. Protocol analyzer
b. NIDS
If an administrator does not have a NIDS examining network traffic, which of the following could be used to identify an active attack?
a. Protocol analyzer
b. Penetration testing tool
c. Network mapper
d. Vulnerability scanner
a. Protocol analyzer
Which of the following is setup within a router?
a. ARP
b. DMZ
c. OVAL
d. DDoS
b. DMZ
An administrator wants to block users from accessing a few inappropriate websites as soon as possible. The existing firewall allows blocking by IP address. To achieve this goal the administrator will need to:
a. upgrade to a DNS based filter to achieve the desired result.
b. use the company AUP to achieve the desired result.
c. upgrade to a URL based filter to achieve the desired result.
d. upgrade to a text based filter to achieve the desired result.
c. upgrade to a URL based filter to achieve the desired result.
Which of the following describes a spanned switch port in the context of IDS traffic analysis?
a. An association of a set of destination ports with a single source port
b. An association of a set of source ports with a single destination port
c. An association of a set of source ports with multiple destination ports and an IDS sensor
d. An association of a set of destination ports with an IDS sensor
b. An association of a set of source ports with a single destination port
Which of the following should the technician recommend as a way to logically separate various internal networks from each other?
a. NIDS
b. VLAN
c. NAT
d. HIDS
b. VLAN
An organization has requested the ability to monitor all network traffic as it traverses their network. Which of the following should a technician implement?
a. Content filter
b. Protocol analyzer
c. Honeypot
d. HIDS
b. Protocol analyzer
An administrator recommends implementing whitelisting, blacklisting, closing-open relays, and strong authentication techniques to a server administrator. Which of the following threats are being addressed?
a. Adware
b. Spyware
c. Spam
d. Viruses
c. Spam
According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?
a. NIDS
b. DMZ
c. NAT
d. VLAN
d. VLAN
Which of the following creates separate logical networks?
a. NAT
b. DMZ
c. NAC
d. Subnetting
d. Subnetting
Which of the following is an area of the network infrastructure that allows a technician to place public facing systems into it without compromising the entire infrastructure?
a. VPN
b. NAT
c. VLAN
d. DMZ
d. DMZ
Which of the following is a collection of servers that is setup to attract hackers?
a. DMZ
b. Honeypot
c. Honeynet
d. VLAN
c. Honeynet
Which of the following could be used to determine which flags are set in a TCP/IP handshake?
a. FIN/RST
b. SYN/ACK
c. Protocol analyzer
d. Network mapper
c. Protocol analyzer
An administrator is selecting a device to secure an internal network segment from traffic external to the segment. Which of the following devices could be selected to provide security to the network segment?
a. NIPS
b. HIDS
c. Internet content filter
d. DMZ
a. NIPS
To facilitate compliance with the Internet use portion of the corporate acceptable use policy, an administrator implements a series of proxy servers and firewalls. The administrator further recommends installation of software based firewalls on each host on the network. Which of the following would have provided an alternative simpler solution?
a. Internet content filter
b. Hardware IDS
c. Software HIPS
d. DMZ
a. Internet content filter
Which of the following is a reason to use a Faraday cage?
a. To allow wireless usage
b. To minimize weak encryption
c. To mitigate data emanation
d. To find rogue access points
c. To mitigate data emanation
Which of the following is the MOST important thing to consider when implementing an IDS solution?
a. The cost of the device
b. Distinguishing between false negatives
c. Distinguishing between false positives
d. The personnel to interpret results
d. The personnel to interpret results
Which of the following is the FIRST step in the implementation of an IDS?
a. Decide on the type.
b. Decide on the model.
c. Purchase the equipment.
d. Document the existing network.
d. Document the existing network.
An administrator wants to set up a new web server with a static NAT. Which of the following is the BEST reason for implementing NAT?
a. Publishes the organizations internal network addressing scheme
b. Publishes the organizations external network addressing scheme
c. Hides the organizations internal network addressing scheme
d. Hides the organizations external network addressing scheme
c. Hides the organizations internal network addressing scheme
Which of the following is the BEST reason for an administrator to use port address translation (PAT) instead of NAT on a new corporate mail gateway?
a. PAT provides the mail gateway with protection on port 24.
b. PAT allows external users to access the mail gateway on random ports.
c. PAT provides the mail gateway with protection on port 25.
d. PAT allows external users to access the mail gateway on pre-selected ports.
d. PAT allows external users to access the mail gateway on pre-selected ports
Which of the following describes a static NAT?
a. A static NAT uses a one to many mapping.
b. A static NAT uses a many to one mapping.
c. A static NAT uses a many to many mapping.
d. A static NAT uses a one to one mapping.
d. A static NAT uses a one to one mapping.
Which of the following only looks at header information of network traffic?
a. Internet content filter
b. Packet filter
c. Application firewall
d. Hybrid firewall
b. Packet filter
Which of the following intrusion detection systems uses well defined models of how an attack occurs?
a. Protocol
b. Behavior
c. Signature
d. Anomaly
c. Signature
An administrator runs a tool checking SMTP, DNS, POP3, and ICMP packets on the network. This is an example of which of the following?
a. A port scanner
b. A protocol analyzer
c. A vulnerability scan
d. A penetration test
b. A protocol analyzer
All PCs in a network share a single administrator ID and password. When the administrator attempts to remotely control a users PC the attempt fails. Which of the following should the administrator check FIRST?
a. The antivirus settings on the local PC
b. The antivirus settings on the remote PC
c. The HIPS on the remote PC
d. The HIPS on the local PC
c. The HIPS on the remote PC
Common settings configured on an Internet content filtering device are database update settings, log settings and which of the following?
a. False positive threshold
b. Content rules
c. Anomaly settings
d. Performance settings
b. Content rules
When placing a NIDS onto the network, the NIC has to be placed in which of the following modes to monitor all network traffic?
a. Promiscuous
b. Full-duplex
c. Auto
d. Half-duplex
a. Promiscuous
An administrator wants to obtain a view of the type of attacks that are being targeted against the network perimeter. The recommended placement of a NIDS would be:
a. inside the proxy.
b. inside the DMZ.
c. outside the proxy.
d. outside the firewall.
e. inside the firewall.
d. outside the firewall.
A firewall differs from a NIDS in which of the following ways?
a. A firewall attempts to detect patterns and a NIDS operates on a rule list.
b. A firewall operates on a rule list and a NIDS attempts to detect patterns.
c. A firewall prevents inside attacks and a NIDS prevents outside attacks.
d. A firewall prevents outside attacks and a NIDS prevents inside attacks.
b. A firewall operates on a rule list and a NIDS attempts to detect patterns.
All of the following security applications can proactively detect workstation anomalies EXCEPT:
a. antivirus software.
b. NIDS.
c. personal software firewall.
d. HIPS.
b. NIDS
All of the following are inline devices EXCEPT:
a. NIPS.
b. firewalls.
c. HIDS.
d. routers.
c. HIDS.
A technician wants better insight into the websites that employees are visiting. Which of the following is BEST suited to accomplish this?
a. Proxy server
b. DHCP server
c. DNS server
d. Firewall
a. Proxy server
Which of the following will allow a technician to block certain HTTP traffic from company staff members?
a. VLAN
b. Content filter
c. DMZ
d. NIDS
b. Content filter
Which of the following must be used to setup a DMZ?
a. Proxy
b. NIDS
c. Honeypot
d. Router
d. Router
Which of the following is the MOST important when implementing heuristic-based NIPS?
a. Perform comprehensive heuristic-based analysis on the system.
b. Enable automatic updates to the heuristic database.
c. Ensure the network is secure when baseline is established.
d. The brand of NIPS that is being used.
c. Ensure the network is secure when baseline is established.
A technician is deciding between implementing a HIDS on the database server or implementing a NIDS. Which of the following are reasons why a NIDS may be better to implement? (Select TWO).
a. Many HIDS require frequent patches and updates.
b. Many HIDS are not able to detect network attacks.
c. Many HIDS have a negative impact on system performance.
d. Many HIDS only offer a low level of detection granularity.
e. Many HIDS are not good at detecting attacks on database servers.
b. Many HIDS are not able to detect network attacks.
c. Many HIDS have a negative impact on system performance.
Port 3535 is typically blocked for outbound traffic on a companys LAN. An end-user has recently purchased a legitimate business program that needs to make outbound calls using this port. Which of the following steps should a technician take to allow this? (Select TWO).
a. Open the port on the companys proxy server.
b. Open the port on the companys firewall.
c. Change the users subnet mask.
d. Open the port on the users personal software firewall.
e. Open the port on the VLAN
b. Open the port on the companys firewall.
d. Open the port on the users personal software firewall.