• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

118 Cards in this Set

  • Front
  • Back

What does the acronym HIDS denote?

host-based intrusion detection system

What is the purpose of NAC?

Network Access Control (NAC) ensures that the computer on the network meets an organization's security policies.

What does the acronym POP denote?

Post Office Protocol

Which port numbers are used by NetBIOS?

ports 137-139

Which wireless mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients?

isolation mode

Which two modes does IP Security (IPSec) provide to ensure confidentiality?

tunnel mode and transport mode

Which application or services uses TCP/UDP port 3389?

Remote Desktop Protocol (RDP)

What are the two modes of WPA and WPA2?

Personal (also called Preshared Key or WPA-PSK / WPA2-PSK) and Enterprise

Which protocol does the Enterprise mode of WPA and WPA2 use for authentication?

Extensible Authentication Protocol (EAP)

Which security control is lost when using cloud computing?

physical control of the data

What is the purpose of content inspection?

to search for malicious code or behavior

Which information do routers use to forward packets to their destinations?

the network address and subnet mask

What is Lightweight Extensible Authentication Protocol (LEAP)?

a proprietary wireless LAN authentication method developed by Cisco Systems

What are the non-overlapping channels for 802.11g/n?

Channels 1, 6, and 11

Which term is used when the amount of work that a computer has to do is divided between two or more computers so that more work is performed in the same amount of time?

load balancing

Which type of IDS or IPS uses an initial database of known attack types but dynamically alters their signatures base on learned behavior?


What is Fibre Channel?

a high-speed network technology (commonly running at 2-, 4-, 8- and 16-gigabit per second rates) that connects computer data storage

What is the default PPTP port?

TCP port 1723

What is another term used for layered security?

defense in depth

Which firewall port should you enable to allow SMTP traffic to flow through the firewall?

port 25

What are flood guards?

devices that protect against Denial of Service (DoS) attacks

What is the main difference between virtualization and cloud computing?

the location and ownership of the physical components

Should virtual servers have the same information security requirements as physical servers?


What are the three main protocols that can be used for wireless networks?

Wired Equivalent Privacy (WEP), WiFi Protected Access version 1 (WPAv1), WPA version 2 (WPAv2)

What is the default L2TP port?

UDP port 1701

Which port number does DNS use?

port 53

Which protocol is used by network devices to transmit error messages?

Internet Control Message Protocol (ICMP)

Which security standard is an enhanced version of Secure Sockets Layer (SSL)?

Transport Layer Security (TLS)

Which port number does LDAP use when communications are NOT secured using SSL/TLS?

port 389

What is a VPN concentrator?

a device that creates a virtual private network (VPN)

What is Wireshark?

a protocol analyzer or packet sniffer

What does the acronym IPSec denote?

Internet Protocol Security

What are four common service models of cloud computing?

Infrastructure as a service (IaaS), Monitoring as a service (MaaS), Platform as a service (PaaS), Software as a service (SaaS)

Which type of system identifies suspicious patterns that may indicate a network or system attack?

intrusion detection system (IDS)

At which OSI layer does IP Security (IPSec) operate?

the Network layer (Layer 3)

Which port is used for LDAP authentication?

port 389

Which category of IDS might increase logging activities, disable a service, or close a port as a response to a detected security breach?

active detection

Which type of attack can turn a switch into a hub?

MAC flooding

What portion(s) of the IP packet are encrypted in IPSec transport mode?

the payload

Which term is used to describe a product that provides network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting?

unified threat management (UTM)

Which implementation of the File Transfer Protocol (FTP) provides the least security?

Trivial File Transfer Protocol (TFTP)

What does the acronym SMTP denote?

Simple Mail Transfer Protocol

Is a DHCP server normally placed inside a DMZ?


Which IPSec mode is used to create a VPN between two gateways?

Which IPSec mode is used to create a VPN between two gateways?

Which port number does SSH use?

port 22

Between which two OSI layers does Secure Sockets Layer (SSL) operate?

between the OSI Transport and Application layers (Layer 4 to Layer 7)

What is the purpose of a spam filter?

to identify and block unwanted messages

Which type of IDS detects attacks on individual devices?

host intrusion detection system (HIDS)

Which type of IDS detects malicious packets on a network?

network intrusion detection system (NIDS)

What is the purpose of Software as a Service (SaaS) in cloud computing?

It ensures on-demand, online access to an application suite without the need for local installation.

What portion(s) of the IP packet are encrypted in IPSec tunnel mode?

both the header and the payload

What are the four types of cloud computing based on management type?

public, private, hybrid, and community

Which port number is used by SSL, FTPS, and HTTPS?

TCP port 443

What is an Internet Protocol (IP)-based storage networking standard for linking data storage facilities?

Internet Small Computer System Interface (iSCSI)

Which intrusion detection system (IDS) watches for intrusions that match a known identity?

signature-based IDS

Which term refers to voice communication over a network?

telephony or Voice over IP (VoIP)

What is a Web security gateway?

a device that filters Web content

What do you use to control traffic from the Internet to the LAN (local area network) by controlling the packets that are allowed to enter the LAN?

a firewall

What does the acronym NIDS denote?

network-based intrusion detection system

In a secure network, what should be the default permission position?

implicit deny

Which port number does HTTP use?

port 80

Which services are usually provided by all-in-one security devices?

URL filtering, content inspection, and malware inspection

Which port number does SNMP use?

UDP port 161

What is a proxy server?

a server that caches and filters content

Which port number is used by Microsoft SQL Server?

TCP port 1433

Which firewall port should you enable to allow POP3 traffic to flow through the firewall?

TCP port 110

Which port should you block at your network firewall to prevent Telnet access?

port 23

What is the purpose of load balancing?

to distribute the workload across multiple devices

What is the default automated key-management protocol for IPSec?

Internet Key Exchange (IKE)

What is the term for an unauthorized access that a network-based intrusion detection system (NIDS) fails to detect?

missed detection or false negative

Which tool should you use to retrieve the contents of a GET request: a protocol analyzer or port scanner?

a protocol analyzer

What is the purpose of MAC filtering?

to restrict the clients that can access a wireless network

Which port number is used by SMB?

TCP port 445

Which port number does DHCP use?

port 67

What is a good solution if you need to separate two departments into separate networks?

VLAN segregation

Which IPSec mode is used mostly in host-to-host communications?

transport mode

Which port number is used by SSH, SCP, and SFTP?

port 22

Which two ports does FTP use?

ports 20 and 21

Which Layer 3 device allows different logical networks to communicate?


What is the primary security advantage of using NAT?

Network Address Translation (NAT) hides internal IP addresses from the public network

Which type of connectivity provides a remote user the ability to safely connect to his or her corporate network while maintaining data confidentiality and integrity?

a virtual private network (VPN)

Which wireless protocol provides the best security: WEP, WAP, WPA, or WPA2?

Wi-Fi Protected Access IIversion 2 (WPA2) with CCMP

Which technology enables a LAN to use one set of IP addresses for internal traffic and a second set of addresses for external traffic, while hiding internal addresses or address space?

Network Address Translation (NAT)

How many TCP/UDP ports are vulnerable to malicious attacks?


Does each VLAN create its own collision domain or its own broadcast domain?

broadcast domain

What are the non-overlapping channels for 802.11b?

Channels 1, 6, 11, and 14

Which security protocol is the standard encryption protocol for use with the WPA2 standard?

Counter Mode Cipher Block Chaining Message Authentication Code Protocol (often abbreviated CCMP)

Which port number is used by TFTP?

UDP port 69

What is the most secure implementation of File Transfer Protocol (FTP)?

Secure File Transfer Protocol (SFTP)

Which TCP port number does Secure Sockets Layer (SSL) use?

port 443

Which technique is used to prevent network bridging?

network separation

What is the most common type of system used to detect intrusions into a computer network?

network intrusion detection system (NIDS)

What are the two major types of intrusion detection systems (IDS)?

network IDS (NIDS) and host IDS (HIDS)

What does VLAN segregation accomplish?

It protects each individual segment by isolating the segments.

Which servers are susceptible to the same type of attacks as their hosts, including denial-of-service attacks, detection attacks, and escape attacks?

virtual servers

What should you do to ensure that a wireless access point signal does not extend beyond its needed range?

Reduce the power levels.

What is a trusted OS?

An operating system that provides support for multilevel security

Which firewall port should you enable to allow IMAP4 traffic to flow through the firewall?

TCP port 143

If the user is NOT prompted for credentials when connected to a Network Access Control (NAC) server, what is the user's computer missing?

the authentication agent

What is the term for an authorized access that a network-based intrusion detection system (NIDS) incorrectly detects as an attack?

false positive

What does the acronym IDS denote?

intrusion detection system

What does the acronym FCoE denote?

Fibre Channel over Ethernet

What is Protected Extensible Authentication Protocol (PEAP)?

a protocol that encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel

What is the name of the area that connects to a firewall and offers services to untrusted networks?

demilitarized zone (DMZ)

What is the purpose of Platform as a Service (PaaS) in cloud computing?

It provides not only a virtualized deployment platform but also a value-added solution stack and an application development platform.

Which devices can limit the effectiveness of sniffing attacks: switches or routers?


Which port number does NTP use?

port 123

Which security protocol is best used for connection-oriented systems such as an intranet?

Secure Sockets Layer/Transport Layer Security (SSL/TLS)

According to CompTIA, why should you disable the SSID broadcast of your wireless router?

to improve your network's security

What is the term for a device that acts as a concentrator for a wireless LAN?

wireless access point (WAP)

Which port number does NNTP use?

TCP port 119

Which two security protocols does IP Security (IPSec) use?

Authentication Header (AH) and Encapsulating Security Payload (ESP)

What is the default rule found in a firewall's access control list (ACL)?

Deny All

Which security protocol was designed as an interim solution to replace WEP without requiring the replacement of legacy hardware?

Temporal Key Integrity Protocol (TKIP)

Which port number does LDAP use for communications encrypted using SSL/TLS?

port 636

What is the purpose of Infrastructure as a Service (IaaS) in cloud computing?

It provides computer and server infrastructure, typically through a virtualization environment.

Which protocol will provide loop protection?

spanning tree protocol

What is the main difference between an IDS and an IPS?

An IDS detects intrusions. An IPS prevents intrusions.