Which of the following are terms for an area of an enterprise network, separated by firewalls, which contains servers that must be accessible both from the Internet and from the internal network? (Choose all that apply.)
Intranet
DMZ
EGP
Stateless network
Perimeter network
Screened subnet
Which of the following authentication protocols do Windows networks use for Active Directory Domain Services (AD DS) authentication of internal clients?
RADIUS
WPA2
Kerberos
EAP-TLS
Which of the following are examples of multifactor authentication? (Choose all that apply.)
A system that uses an external RADIUS server for authentication
A system that requires two passwords for authentication
A system that requires a smartcard and a PIN for authentication
A system that requires a password and a retinal scan for authentication
Which of the following protocols can you use to authenticate Windows remote access users with smartcards?
EAP
MS-CHAPv2
CHAP
PAP
Which of the following statements best defines multifactor user authentication?
Verification of a user's identity on all of a network's resources using a single sign-on
Verification of a user's identity using two or more types of credentials
Verification of a user's identity on two devices at once
Verification of a user's membership in two or more security groups
Which of the following services are methods of tracking a user's activities on a network? (Choose all that apply.)
Authentication
Authorization
Accounting
Auditing
When a user supplies a password to log on to a server, which of the following actions is the user performing?
Authentication
Authorization
Accounting
Auditing
When a user swipes a finger across a fingerprint scanner to log on to a laptop computer, which of the following actions is the user performing?
Authentication
Authorization
Accounting
Auditing
Which of the following security protocols can authenticate users without transmitting their passwords over the network?
Kerberos
802.1X
TKIP
LDAP
Which of the following statements about authentication auditing are not true?
Auditing can disclose attempts to compromise passwords.
Auditing can detect authentications that occur after hours.
Auditing can identify the guess patterns used by password cracking software.
Auditing can record unsuccessful as well as successful authentications.
When a user swipes a smartcard through a reader to log on to a laptop computer, which of the following actions is the user performing?
Authentication
Authorization
Accounting
Auditing
Combining elements like something you know, something you have, and something you are to provide access to a secured network resource is a definition of which of the following types of authentication?
Multifactor
Multisegment
Multimetric
Multifiltered
Which of the following terms describes a system that prevents computers from logging on to a network unless they have the latest updates and antimalware software installed?
NAC
LDAP
RADIUS
TKIP-RC4
Which of the following describes the primary difference between Single Sign-On (SSO) and same sign-on?
SSO enables users to access different resources with one set of credentials, whereas same sign-on requires users to have multiple credential sets.
SSO credentials consist of one username and one password, whereas same sign-on credentials consist of one username and multiple passwords.
SSO requires the user to supply credentials only once, whereas with same sign-on, the user must supply the credentials repeatedly.
SSO requires multifactor authentication, such as a password and a smartcard, whereas same sign-on requires only a password for authentication.
Which of the following is the best description of biometrics?
Something you know
Something you have
Something you are
Something you do
Which of the following authentication factors is an example of something you have?
A fingerprint
A smartcard
A password
A finger gesture
Which of the following statements best describes the primary scenario for the use of TACACS+?
TACACS+ was designed to provide authentication, authorization, and accounting services for wireless networks.
TACACS+ was designed to provide authentication, authorization, and accounting services for the Active Directory service.
TACACS+ was designed to provide authentication, authorization, and accounting services for remote dial-up users.
TACACS+ was designed to provide authentication, authorization, and accounting services for network routers and switches.
The new door lock on your company's datacenter door requires you to supply both a PIN and a thumbprint scan. Which of the following types of authentication factors does the lock use? (Choose all that apply.)
Something you have
Something you know
Something you are
Something you do
Your new smartphone enables you to configure the lock screen with a picture of your husband, on which you draw eyes, nose, and a mouth with your finger to unlock the phone. This is an example of which of the following authentication factors?
Something you have
Something you know
Something you are
Something you do
Which of the following authentication factors is an example of something you do?
A fingerprint
A smartcard
A password
A finger gesture
Which of the following authentication factors is an example of something you know?
A fingerprint
A smartcard
A password
A finger gesture
Which of the following authentication factors is an example of something you are?
A fingerprint
A smartcard
A password
A finger gesture
Which of the following is an implementation of Network Access Control (NAC)?
RADIUS
802.1X
LDAP
TACACS+
Which of the following is not one of the roles involved in an 802.1X transaction?
Supplicant
Authentication server
Authorizing agent
Authenticator
In an 802.1X transaction, what is the function of the supplicant?
The supplicant is the service that issues certificates to clients attempting to connect to the network.
The supplicant is the service that verifies the credentials of the client attempting to access the network.
The supplicant is the network device to which the client is attempting to connect.
The supplicant is the client user or computer attempting to connect to the network.
In an 802.1X transaction, what is the function of the authenticator?
The authenticator is the service that issues certificates to clients attempting to connect to the network.
The authenticator is the service that verifies the credentials of the client attempting to access the network.
The authenticator is the network device to which the client is attempting to connect.
The authenticator is the client user or computer attempting to connect to the network.
An 802.1X transaction involves three roles: the supplicant, the authenticator, and the authentication server. Of the three, which role typically takes the form of a RADIUS implementation?
The supplicant
The authenticator
The authentication server
None of the above
Which of the following are standards that define combined Authentication, Authorization, and Accounting (AAA) services? (Choose all that apply.)
802.1X
RADIUS
TACACS+
LDAP
Which of the following standards was originally designed to provide Authentication, Authorization, and Accounting (AAA) services for dial-up network connections?
RADIUS
TACACS+
Kerberos
LDAP
Which of the following statements about RADIUS and TACACS+ are correct?
By default, RADIUS uses UDP, and TACACS+ uses TCP.
By default, RADIUS uses TCP, and TACACS+ uses UDP.
By default, both RADIUS and TACACS+ use TCP.
By default, both RADIUS and TACACS+ use UDP.
Which of the following standards provides Authentication, Authorization, and Accounting (AAA) services for network routers and switches?
RADIUS
TACACS+
Kerberos
LDAP
Which of the following terms refers to the process of determining whether a user is a member of a group that provides access to a particular network resource?
Authentication
Accounting
Authorization
Access control
Which of the following terms refers to the process of confirming a user's identity by checking specific credentials?
Authentication
Accounting
Authorization
Access control
Which of the following terms refers to the process by which a system tracks a user's network activity?
Authentication
Accounting
Authorization
Access control
Which of the following statements are true about a public key infrastructure? (Choose all that apply.)
Data encrypted with a user's public key can be decrypted with the user's public key.
Data encrypted with a user's public key can be decrypted with the user's private key.
Data encrypted with a user's private key can be decrypted with the user's private key.
Data encrypted with a user's private key can be decrypted with the user's public key.
Which of the following technologies can maintain an account database that multiple remote access servers can employ to authenticate remote users?
RADIUS
IDS
NGFW
NAS
Which element of the Confidentiality-Integrity-Availability (CIA) triad prevents unauthorized modification of protected data?
Confidentiality
Integrity
Availability
None of the above
Which of the following is an example of local authentication?
A system that uses an external RADIUS server for authentication
A system that uses the Kerberos protocol for authentication
A system that authenticates users without network communication
A system that requires a password and a retinal scan for authentication
In some cases, network administrators create computers that function as enticing targets for attackers but that do not provide access to any legitimately sensitive services or information. Which of the following is the term used to describe this technique?
DMZ
Honeypot
Root guard
Spoofing
Honeypots and honeynets belong to which of the following categories of devices?
Mitigation techniques
Network attacks
Switch port protection types
Firewall filters
Which of the following best describes the process of penetration testing?
Administrators create computers or networks that are alluring targets for intruders.
Administrators attempt to access the network from outside using hacker tools.
An organization hires an outside consultant to evaluate the security conditions on the network.
An organization hires an outside consultant who attempts to compromise the network's security measures.
Which of the following types of servers are typically found in a screened subnet? (Choose all that apply.)
Domain controllers
DHCP servers
Email servers
Web servers
Which of the following statements best describes the difference between an exploit and a vulnerability?
An exploit is a potential weakness in software, and a vulnerability is a potential weakness in hardware.
A vulnerability is a potential weakness in a system, and an exploit is a hardware or software element that is designed to take advantage of a vulnerability.
An exploit is a potential weakness in a system, and a vulnerability is a hardware or software element that is designed to take advantage of a vulnerability.
A vulnerability is a potential weakness in software, and an exploit is a potential weakness in hardware.
Which of the following abbreviations describes a product that combines real-time monitoring of security events and automated analysis of the event information gathered?
SIEM
SNMP
SEIM
SEM/SIM
A technician in the IT department at your company was terminated today and had to be escorted from the building. Your supervisor has instructed you to disable all of the technician's accounts, change all network device passwords to which the technician had access, and have the datacenter doors rekeyed. Which of the following terms best describes your supervisor's concern in asking you to do these things?
Social engineering
Internal threats
Logic bombs
War driving
External threats
Which of the following is the best description of a software product with a zero-day vulnerability?
A product with a vulnerability that has just been addressed by a newly-released fix
A product with a vulnerability that has been addressed by a fix, which nearly all users have applied
A vulnerability in a newly-released product for which no fix has yet been developed
A vulnerability in a product which no attackers have yet discovered or exploited
Ralph is evaluating software products for potential deployment on his company's network. Which of the following types of searches can Ralph use to identify security issues that have been discovered in specific products?
CIA
CVE
SKU
SIEM
Alice's company regularly hires a large number of operators for their phone center. The operators require access to a customer database and an order entry system. Because this is a high-turnover position, Alice has streamlined the on-boarding process by creating a security group with the appropriate permissions needed to access the necessary software. This way, she can simply add each new user to the group, rather than assigning the permissions individually. This is an example of which of the following security concepts?
Least privilege
Zero trust
Role-based access control
Defense in depth
When starting her new position as a network administrator, Alice was given two user accounts. One account is intended for standard user activities, and another has the additional permissions needed for Alice to perform administrative tasks. This is an example of which of the following security concepts?
Zero-day
Multifactor authentication
Least privilege
Defense in depth
Which of the following is a practice that a zero trust architecture is designed to protect against?
Zero-day vulnerabilities
External threats
Deauthentication
Lateral movement
Which of the following is not one of the mechanisms often used to implement a defense in depth strategy?
Screened subnets
Network segmentation enforcement
Honeypots
Access control vestibules
Social engineering
Separation of duties
As part of her company's new risk management initiative, Alice has been assigned the task of performing a threat assessment for the firm's data resources. For each potential threat she discovers, which of the following elements should Alice estimate? (Choose all that apply.)
Severity
Mitigation
Likelihood
Posture
Alice has been assigned the task of examining her department's order entry procedure, to determine whether it meets established cost, quality, and timeliness goals. Which of the following is the best term for this examination?
Vendor assessment
Process assessment
Business assessment
Risk assessment
A user calls the help desk, complaining that he cannot access any of the data on his computer. A message has also appeared on his screen stating that his data has been encrypted and that it will only be decrypted after he pays $768 in digital currency to an unknown address. Which of the following types of attack has the user experienced?
War driving
Ransomware
Denial-of-Service
ARP poisoning
Which of the following attack types typically involves modifying network packets while they are in transit? (Choose all that apply.)
Spoofing
Denial-of-Service
On-path
Logic bomb
Which of the following types of attack involves the modification of a legitimate software product?
Social engineering
War driving
Logic bomb
Evil twin
Which of the following steps can help to prevent war driving attacks from compromising your wireless network? (Choose all that apply.)
Configure your access point to use a longer SSID.
Configure your access point not to broadcast its SSID.
Configure your clients and access point to use WPA2 security.
Configure your clients and access point to use WEP security.
On the fence outside your home, you happen to notice a small sticker that has the Service Set Identifier (SSID) of your wireless network written on it, along with the name of the security protocol your network is using. To which of the following attacks have you been made a victim?
War driving
War chalking
War tagging
War signing
Which of the following is the name for an attack in which an intruder uses a Bluetooth connection to steal information from a wireless device, such as a smart phone?
Bluedogging
Bluesnarfing
Bluesmurfing
Bluejacking
Which of the following types of Denial-of-Service (DoS) attack does not involve flooding a server with traffic?
Amplified
Reflective
Distributed
Permanent
Which of the following statements best describes the difference between distributed and reflective Denial-of-Service (DoS) attacks?
A distributed DoS attack uses other computers to flood a target server with traffic, whereas a reflective DoS attack causes a server to flood itself with loopback messages.
A distributed DoS attack uses malware-infected computers to flood a target, whereas a reflective DoS attack takes advantage of other servers’ native functions to make them flood a target.
A reflective DoS attack uses malware-infected computers to flood a target, whereas a distributed DoS attack takes advantage of other servers’ native functions to make them flood a target.
A distributed DoS attack floods multiple target computers with traffic, whereas a reflective DoS attack only floods a single target.
Which of the following terms refers to a Denial-of-Service (DoS) attack that places more of a burden on the target server than just the flood of incoming traffic?
Amplified
Reflective
Distributed
Permanent
Which of the following types of attacks require no additional hardware or software components? (Choose all that apply.)
Brute-force
Social engineering
Denial-of-Service
Phishing
Which of the following attack types are specifically targeted at wireless network clients? (Choose all that apply.)
Logic bomb
Deauthentication
Evil twin
ARP poisoning
Which of the following is an effective method for preventing sensitive data from being compromised through social engineering?
Implement a program of user education and corporate policies.
Install an antivirus software product on all user workstations.
Install a firewall between the internal network and the Internet.
Use Internet Protocol Security (IPSec) to encrypt all network traffic.
Which of the following terms refer to Denial-of-Service (DoS) attacks that use other computers to flood a target server with traffic? (Choose all that apply.)
Amplified
Reflective
Distributed
Permanent
In which of the following ways is VLAN hopping a potential threat?
VLAN hopping enables an attacker to scramble a switch's patch panel connections.
VLAN hopping enables an attacker to rename the default VLAN on a switch.
VLAN hopping enables an attacker to access different VLANs using 802.1q spoofing.
VLAN hopping enables an attacker to change the native VLAN on a switch.
Which of the following tools are needed by an individual performing a war driving attack? (Choose all that apply.)
A stolen credit card number
A wireless-equipped computer or other device
A screwdriver
An automobile or other vehicle
A telephone
Which of the following types of attacks can be used to enable an intruder to access a wireless network despite the protection provided by MAC filtering?
Spoofing
Brute-force
DNS poisoning
War driving
Which of the following terms refers to a type of Denial-of-Service (DoS) attack that uses multiple computers to bombard a target server with traffic?
Amplified
Reflective
Distributed
Permanent
Which of the following terms refers to a type of Denial-of-Service (DoS) attack that bombards a target server with traffic that requires a large amount of processing?
Amplified
Reflective
Distributed
Permanent
Which of the following types of attacks are rarely seen anymore because of changes in device design that were specifically designed to prevent them? (Choose all that apply.)
VLAN hopping
Logic bomb
Phishing
Smurf
Which of the following terms refers to a Denial-of-Service (DoS) attack in which an attacker breaks into a company's datacenter and smashes its servers with a sledgehammer?
Amplified
Reflective
Distributed
Permanent
Which of the following terms refers to a Denial-of-Service (DoS) attack that involves zombies?
Amplified
Reflective
Distributed
Permanent
Which of the following types of attacks can cause a user's attempts to connect to an Internet website to be diverted to an attacker's website instead?
Evil twin
ARP poisoning
Spoofing
DNS poisoning
Which of the following functions can be interfered with by a DNS poisoning attack?
IP address resolution
Name resolution
Password protection
Network switching
In testing the new application he has designed, Ralph has discovered that it contains a weakness that could enable an attacker to gain full administrative access. Which of the following is another term for this weakness?
Exploit
Mitigation
Vulnerability
Honeypot
A senior IT administrator at your company was terminated two weeks ago. Today, Friday, you arrived at the office and found that all of the hosts in the web server farm had had their data deleted. There are no unauthorized entries to the datacenter recorded, but you suspect the terminated administrator is responsible for deleting the data. Which of the following attack types might the administrator have directed at the web server farm?
Social engineering
ARP poisoning
Evil twin
Logic bomb
Which of the following attack types can be facilitated by ARP poisoning? (Choose all that apply.)
Evil twin
On-path
Session hijacking
Social engineering
Which of the following statements best describes a type of replay attack?
An intruder reenters a resource previously compromised by another intruder.
An intruder retransmits captured authentication packets to gain access to a secured resource.
An intruder uses the same technique that provided access to other resources to penetrate a new resource.
An intruder accesses a resource that was accidentally left unsecured by an authorized user.
Ed receives an email through his personal account, warning him that his checking account has been locked due to excessive activity. To confirm that the activity is fraudulent, the email instructs Ed to click the enclosed hyperlink, log on to his account, and review the list of charges. Ed clicks the link and is taken to a web page that appears to be that of his bank. He then supplies his username and password to log on. Which of the following types of attacks is Ed likely to be experiencing?
Social engineering
Phishing
Logic bomb
Spoofing
Which of the following attack types are specifically directed at wireless networks? (Choose all that apply.)
Evil twin
Phishing
Deauthentication
War driving
Which of the following are not considered to be Denial-of-Service (DoS) attacks? (Choose all that apply.)
An intruder breaks into a company's datacenter and smashes their web servers with a sledgehammer.
An attacker uses the ping command with the -t parameter to send a continuous stream of large Internet Control Message Protocol (ICMP) packets to a specific server.
An attacker captures the packets transmitted to and from a domain controller to obtain encrypted passwords.
An attacker connects a rogue access point to a company's wireless network, using their Service Set Identifier (SSID) in the hope of attracting their users.
In the hacker subculture, which of the following statements best describes a zombie?
A computer that is remotely controllable because it has been infected by malware
A computer that is no longer functioning because it is the target of a Denial-of-Service (DoS) attack
A user that has fallen victim to a phishing attack
A program that attackers use to penetrate passwords using brute-force attacks
Which of the following statements best describes a ransomware attack?
A website is rendered inaccessible by a Denial-of-Service (DoS) attack until its owner agrees to pay a fee.
A user's access to a specific resource, such as a bank's website, is blocked until the user pays a fee.
A message appears on a user's screen, stating that system is locked and will only be released on payment of a fee.
An application is supplied with limited usability until the user pays a license fee.
Which of the following types of attacks requires no computer equipment?
Denial-of-Service
Social engineering
Brute-force
Dictionary
Phishing
Which of the following best describes a brute-force attack?
An attacker breaking down the door of a datacenter
An attacker cracking a password by trying thousands of guesses
An attacker using zombie computers to flood a server with traffic
An attacker deploying an unauthorized access point on a wireless network
An intruder has deployed a rogue access point on your company's wireless network and is using it to access traffic generated by users who have accidentally connected to it. Which of the following is the name for this type of attack?
Evil twin
War driving
Social networking
Spoofing
A person identifying herself as Trixie from IT telephones a user called Alice and tells her that there is a problem with her network user account that could cause all her data to be lost. To resolve the problem, Trixie says that she must log on using Alice's account and configure an important setting. All she needs to do this is Alice's account password. This call is, of course, an illicit attempt to learn Alice's password. Which of the following terms describes the type of attack that is currently occurring?
On-path
Spoofing
Social engineering
Evil twin
Regularly applying operating system updates and patches to network computers is an important mitigation procedure for which of the following security problems?
Denial-of-Service attacks
Malware
Social engineering
Port security
Which of the following is not a form of social engineering?
Piggybacking
Tailgating
Shoulder surfing
Evil twin
Phishing
Which of the following standards defines a framework for the authentication process, but does not specify the actual authentication mechanism?
WPA
EAP
TKIP
TLS
EAP and 802.1X are components that help to provide which of the following areas of wireless network security?
Authentication
Authorization
Encryption
Accounting
Which of the following Extended Authentication Protocol (EAP) variants utilize tunneling to provide security for the authentication process? (Choose all that apply.)
PEAP
EAP-FAST
EAP-TLS
EAP-PSK
A wireless network is configured to allow clients to authenticate only when the signal strength of their connections exceeds a specified level. Which of the following terms best describes this configuration?
Local authentication
Port security
Geofencing
Motion detection
Which of the following best describes a wireless network that uses geofencing as a security mechanism?
A wireless network that allows clients to authenticate only when the signal strength of their connections exceeds a specified level
A wireless network that requires users to log on to a wired system before they can authenticate on a wireless device
A wireless network that requires users to have an Active Directory account located within the local site
A wireless network that requires users to type in the local Service Set Identifier (SSID) before they can authenticate
Which of the following elements associates a public and private key pair to the identity of a specific person or computer?
Exploit
Signature
Certificate
Resource record
In addition to EAP-TLS, which of the following are also Extensible Authentication Protocol (EAP) variants that use the Transport Layer Security (TLS) protocol? (Choose all that apply.)
PEAP
EAP-PWD
EAP-MD5
EAP-FAST
Which of the following can be described as wireless network hardening techniques? (Choose all that apply.)
Encryption
Authentication
MAC filtering
Social engineering
Antenna placement
Despite having imposed password policies on his network, compelling users to change their passwords frequently, create passwords of a specific length, and use complex passwords, Ralph has had several reports of account penetrations. The victims of the incidents had all apparently shared a “tip” suggesting that users cycle through the names of their children, nephews, nieces, and other relatives when forced to create new passwords, changing letters to numbers as needed. Which of the following actions can Ralph take to remedy the situation without creating a larger problem?
Distribute a list of common passwords that are insecure, such as those based on names, birth dates, etc.
Modify the password policies to force users to change passwords more frequently
Assign the users long passwords consisting of random-generated characters and change them often
Change the password history policy to a value greater than the number of children in any user's family
Which of the following devices are likely to have default credentials configured into them that attackers might know? (Choose all that apply.)
Wireless access points
Windows servers
Switches
Routers
One of the basic principles of network device hardening is to use secure protocols. Which of the following suggestions comply with this principle? (Choose all that apply.)
Use SSH instead of Telnet.
Use WEP instead of WPA2.
Use TKIP instead of AES.
Use HTTPS instead of HTTP.
On which of the following types of devices should you consider disabling unused ports as a security precaution? (Choose all that apply.)
Hubs
Servers
Switches
Wireless Access Points
For which of the following reasons is disabling the Service Set Identifier (SSID) broadcast of a wireless network to prevent unauthorized access a relatively weak method of device hardening?
Attackers have ways of connecting to the network without the SSID.
Attackers can capture packets transmitted over the network and read the SSID from them.
Every access point's SSID is printed on a label on the back of the device.
Attackers have software that can easily guess a network's SSID
Which of the following cannot be considered to be a server hardening policy?
Disabling unnecessary services
Disabling unused TCP and UDP ports
Upgrading firmware
Creating privileged user accounts
Which of the following are valid reasons not to disable unused switch ports? (Choose all that apply.)
The datacenter is secured from unauthorized access.
The unused ports are not patched in to wall jacks.
The unused ports are left open to facilitate the on-boarding of new users.
The switch is configured to use a MAC-based access control list.
Which of the following Windows password policies includes a provision to prevent users from specifying common passwords?
Maximum password age
Enforce password history
Minimum password length
Passwords must meet complexity requirements
Which of the following is not a method for hardening a Wireless Access Point (WAP)?
Upgrading firmware
Changing default credentials
Generating new Pre-Shared Keys
Deauthentication
Creating a policy instructing users to avoid passwords that use commonly shared information, such as birth dates and the names of children and pets, is an example of which of the following?
Mitigation techniques
Multifactor authentication
Network hardening
Access control
Which of the following are the default administrative user accounts found in Windows and Linux operating systems? (Choose all that apply.)
Administrator
root
admin
Control
Which of the following are network segmentation methods that can prevent intruders from gaining full access to a network? (Choose all that apply.)
ACL
VLAN
NAC
DMZ
Which of the following types of mitigation techniques is not applicable to servers?
Role separation
Applying ACLs
File integrity monitoring
DHCP snooping
Which of the following services are provided by Access Control Lists (ACLs)?
Authentication
Authorization
Accounting
Auditing
Which of the following terms describes the threat mitigation technique of deploying individual applications and services on virtual servers so that no more than one is endangered at any one time, rather than deploying multiple applications on a single server?
Geofencing
Network segmentation
Role separation
VLAN hopping
Role separation is a threat mitigation technique that is applied to which of the following types of network components?
Switches
Servers
Routers
Wireless Access Points (WAPs)
A server's firewall is configured using a default policy that does not allow any users remote access to the server unless an administrator creates a rule granting them access. Which of the following terms describes this default policy?
Explicit allow
Explicit deny
Implicit allow
Implicit deny
Dynamic ARP Inspection (DAI) is a feature in some network switches that prevents on-path (man-in-the-middle) attacks facilitated by Address Resolution Protocol (ARP) poisoning, the deliberate insertion of fraudulent information into the ARP cache. A switch with DAI inspects incoming ARP packets and rejects those that contain incorrect pairs of IP and Media Access Control (MAC) addresses. Which of the following is the means by which the switch compiles a table of the correct ARP information for comparison with the incoming packets?
DHCP snooping
Secure SNMP
DNS name resolution
NDP
Which of the following statements about DHCP snooping is not true?
DHCP snooping detects rogue DHCP servers.
DHCP snooping is implemented in network switches.
DHCP snooping drops DHCP messages arriving over the incorrect port.
DHCP snooping prevents DNS cache poisoning.
At which layer of the Open Systems Interconnection (OSI) reference model does Dynamic Host Configuration Protocol (DHCP) snooping operate?
Data link
Network
Transport
Application
Which of the following types of attacks on a network switch can a flood guard help to prevent?
DNS poisoning
War driving
MAC flooding
Evil twin
Which of the following protocols is a root guard designed to affect?
EAP
STP
LDAP
ARP
Which of the following mitigation techniques helps organizations maintain compliance to standards such as HIPAA and FISMA?
File integrity monitoring
Role separation
Deauthentication
Tamper detection
Router Advertisement guard
Which of the following functions cannot be implemented using digital signatures?
Integrity
Nonrepudiation
Segmentation
Authentication
When Ralph digitally signs and encrypts a document with his private key, Alice can decrypt the document only by using Ralph's public key. As long as the private key is accepted to be secure, which of the following statements are true? (Choose all that apply.)
Ralph cannot deny having created the document.
No one has altered the document since Ralph sent it.
No one but Ralph can have created the document.
No one but Alice can decrypt and read the document.
When Alice encrypts a document with Ralph's public key, Ralph can decrypt the document only by using his private key. As long as the private key is accepted to be secure, which of the following statements are true? (Choose all that apply.)
Alice cannot deny having created the document.
No one has opened the document since Alice sent it.
No one but Alice can have created the document.
No one but Ralph can decrypt and read the document.
Which of the following types of patches is most typically applied to a hardware device?
Firmware updates
Driver updates
Feature changes
Vulnerability patches
Which of the following software releases is a fix designed to address one specific issue?
A patch
An update
An upgrade
A service pack
Unlike individual users, who usually have their operating system patches downloaded and installed automatically, corporate IT departments typically evaluate new patches before deploying them. Which of the following is not a common step in this evaluation process?
Testing
Researching
Rolling back
Backing up
Which of the following terms refers to the process of uninstalling a recently released patch to resume using the previous version?
Backslide
Downgrade
Reset
Rollback
How does Media Access Control (MAC) address filtering increase the security of a Wireless Local Area Network (WLAN)?
By preventing access points from broadcasting their presence
By allowing traffic sent to or from specific MAC addresses through the Internet firewall
By substituting registered MAC addresses for unregistered ones in network packets
By permitting only devices with specified MAC addresses to connect to an access point
By isolating specific wireless clients from the rest of the network
Which of the following is the best description of geofencing?
Something you have
Something you know
Something you do
Somewhere you are
MAC filtering is an access control method used by which of the following types of hardware devices?
Wireless Access Point
RADIUS server
Domain controller
Smartcards
Which of the following technologies utilize Access Control Lists (ACLs) to limit access to network resources? (Choose all that apply.)
NTFS
LDAP
WAP
Kerberos
Alice is a consultant working in your office, who has been given the Secure Set Identifier (SSID) and the passphrase for the company's main wireless network, but she is unable to connect with her laptop. Which of the following security measures might be preventing her from connecting?
MAC filtering
Disabling SSID broadcast
Geofencing
Using WPA2
Guest network isolation
On a wireless network, which of the following best describes an example of a captive portal?
A switch port used to connect to other switches
A web page with which a user must interact before being granted access to a wireless network
A series of two doors through which people must pass before they can enter a secured space
A web page stating that the user's computer has been locked and will only be unlocked after payment of a fee
A user attempting to connect to a WiFi hotspot in a coffee shop is taken to a web page that requires her to accept an End User License Agreement (EULA) before access to the network is granted. Which of the following is the term for such an arrangement?
Captive portal
Ransomware
Port security
Root guard
Which of the following is another term for a switching technique called port isolation?
Frame relay
Private VLAN
Site-to-site VPN
Screened subnet
The Internet of Things (IoT) encompasses a huge number of device types ranging from personal electronics to household appliances to medical equipment to industrial machinery. Many of these devices deal with sensitive information, and many perform critically important tasks. The field of IoT security is still in its infancy; there is no all-encompassing standard defining IoT protection protocols. IoT devices have vastly different security requirements and also vastly different functional capabilities, making it difficult to create a blanket protection mechanism for all of them. Which of the following are potentially viable methods for securing all IoT devices against attack? (Choose all that apply.)
Network segmentation
Network Access Control (NAC)
Security gateways
Firewalls
Which of the following statements about a switch's default VLAN are true? (Choose all that apply.)
Administrators must create a default VLAN when configuring a new switch.
The default VLAN on a switch cannot be deleted.
The default VLAN on most switches is designated as VLAN 0.
The default VLAN on a switch cannot be renamed.
Control plane policing (CPP or CoPP) is a feature on some routers and switches that limits the rate of traffic on the device's processor, to prevent Denial-of-Service (DoS) and reconnaissance attacks, using which of the following technologies?
IPSec
802.1X
RA Guard
QoS
VLAN hopping
Which of the following technologies enables Virtual Private Network (VPN) clients to connect directly to each other, as well as to the VPN server at the home site?
VPN concentrator
DMVPN
SIP trunk
MPLS
Clientless VPN
Which of the following Virtual Private Network (VPN) protocols is generally considered to be obsolete?
IPSec
L2TP
PPTP
SSL/TLS
Which of the following Virtual Private Network (VPN) protocols does not provide encryption within the tunnel?
PPTP
IPSec
L2TP
SSL
Which of the following elements must be identical in both the client and server computers to establish a remote Wide Area Network (WAN) connection? (Choose all that apply.)
The WAN type
The data link layer protocol
The authentication method
The operating system
Which of the following is not a protocol that is typically used to secure communication between web servers and web browsers?
SSL
TLS
SSH
DTLS
Which of the following types of Virtual Private Network (VPN) connection is the best solution for allowing clients limited access to your corporate network?
Host-to-site
Site-to-site
Host-to-host
Extranet
Which of the following protocols is not used for remote control of computers?
RDP
TFTP
SSH
Telnet
Which of the following services is provided by the Remote Desktop Protocol (RDP)?
Thin client computing
Clientless virtual private networking
Encrypted tunneling
Unauthenticated file transfers
Which of the following types of Virtual Private Network (VPN) connection is the best solution for connecting a branch office to a corporate headquarters?
Host-to-site
Site-to-site
Host-to-host
Extranet
Ralph is a network administrator for a firm that is allowing employees to telecommute for the first time, and he is responsible for designing a remote access solution that will enable users to access network resources, such as company email and databases, securely. All of the remote users have been issued smartcards and will be connecting using Virtual Private Network (VPN) connections on company-supplied laptop computers running Windows 10 and equipped with card readers. The users will be logging on to the company network using their standard Active Directory Domain Services accounts, so it is important for Ralph to design a solution that provides the maximum protection for their passwords, both inside and outside the office. Which of the following authentication protocols should Ralph configure the remote access servers and the laptop computers to use?
Microsoft Challenge Handshake Authentication Protocol (MSCHAPv2)
Which of the following remote access protocols provides users with full graphical control over a Windows computer? (Choose all that apply.)
SSH
RDP
VNC
Telnet
Ralph has come upon the term virtual desktop, and he is not exactly sure what it means. After performing some Internet searches, he finds multiple definitions. Which of the following is not one of the technologies that uses the term virtual desktop?
A three-dimensional realization of a computer display created using a virtual reality hardware device
A computer display with a virtual operating system desktop that is larger than can be displayed on a monitor
A cloud-based Windows 10 deployment that enables users to access their desktops using any remote device
A hardware device that projects a computer desktop on a screen, rather than displaying it on a monitor
Which of the following types of traffic are carried by the Remote Desktop Protocol (RDP)? (Choose all that apply.)
Keystrokes
Mouse movements
Display information
Application data
Which of the following types of traffic are transmitted by Virtual Network Computing (VNC)? (Choose all that apply.)
Keystrokes
Mouse movements
Display information
Application data
Which of the following types of traffic are carried by Telnet? (Choose all that apply.)
Keystrokes
Mouse movements
Display information
Application data
Which of the following describes the primary function of a Remote Desktop Gateway?
Provides multiple users with Remote Desktop client access to one workstation
Provides a single Remote Desktop client with simultaneous access to multiple workstations
Enables remote users outside the network to access network workstations
Enables remote users to access workstations without the need for a Remote Desktop client.
Which of the following statements about in-band management and out-of-band management are true? (Choose all that apply.)
Out-of-band management tools do not provide access to the remote system's BIOS or UEFI firmware.
Out-of-band management tools enable you to reinstall the operating system on a remote computer.
Telnet, Secure Shell (SSH), and Virtual Network Computing (VNC) are in-band management tools.
To perform out-of-band management on a device, it must have an IP address.
Which of the following statements best defines out-of-band management?
Out-of-band management is a method for accessing network devices from a remote location.
Out-of-band management is a method for accessing network devices using a direct cable connection.
Out-of-band management is a method for accessing network devices using a connection to the system other than the production network to which the device is connected.
Out-of-band management is a method for accessing network devices using any tool that operates over the production network to which the device is connected.
What four components are required for a computer to establish a remote Transmission Control Protocol/Internet Protocol (TCP/IP) connection?
Common protocols
Remote Access Service (RAS)
A physical layer connection
TCP/IP configuration
Point-to-Point Tunneling Protocol (PPTP)
Host and remote software
Which of the following statements explains why web browsing over a client-to-site Virtual Private Network (VPN) connection is usually so much slower than browsing locally?
The browser application is running on the VPN server.
The browser is using the remote network's Internet connection.
The VPN tunnel restricts the amount of bandwidth available.
VPN encryption is processor intensive.
In a site-to-site Virtual Private Network (VPN) connection, which of the following combinations of endpoint devices would most likely be involved?
Two workstations
A workstation and a server
A workstation and a VPN concentrator
Two VPN concentrators
In a client-to-site Virtual Private Network (VPN) connection, which of the following combinations of endpoint devices would most likely be involved?
Two workstations
A workstation and a server
A workstation and a VPN concentrator
Two VPN concentrators
Which of the following are the two most common types of Transport Layer Security/Secure Sockets Layer (TLS/SSL) Virtual Private Network (VPN) connections? (Choose all that apply.)
TLS/SSL client
TLS/SSL portal
TLS/SSL tunnel
TLS/SSL gateway
In a host-to-host Virtual Private Network (VPN) connection, which of the following combinations of endpoint devices would most likely be involved?
Two workstations
A workstation and a server
A workstation and a VPN concentrator
Two VPN concentrators
Many managed switches and routers include a console port for administrative access, to which you can connect a laptop and run a terminal program to access the device's interface. Which of the following is the best term for this type of access to the device?
Out-of-band
In-band
Client-to-site
BYOD
Which of the following statements about running a site-to-site Virtual Private Network (VPN) connection to join two distant Local Area Networks (LANs) together, rather than using a Wide Area Network (WAN) connection, are generally true? (Choose all that apply.)
The VPN is cheaper.
The VPN is slower.
The VPN is less secure.
The VPN is harder to maintain.
Which of the following are examples of out-of-band device management? (Choose all that apply.)
Logging on remotely from a network workstation
Plugging a laptop into a console port
Establishing a point-to-point modem connection
Connecting dedicated ports on each device to a separate switch
Which of the following is not an advantage of the Virtual Network Computing (VNC) terminal emulation product over its competitors?
VNC is free.
VNC runs on many operating systems.
VNC runs faster than the competition.
VNC can run through a web browser.
Which of the following was the first Transmission Control Protocol/Internet Protocol (TCP/IP) terminal emulation program?
Telnet
SSH
Windows Terminal Services
Virtual Network Computing
Which of the following techniques do Virtual Private Networks (VPNs) use to secure the data that they transmit over the Internet? (Choose all that apply.)
Tunneling
Socketing
Message integrity
Authentication
Virtual Private Networks (VPNs) use tunneling, which is the process of encapsulating a data packet within another packet for transmission over a network connection, typically using the Internet. The system encrypts the entire encapsulated data packet for protection. Split tunneling is a variation of this method that provides which of the following advantages? (Choose all that apply.)
Conservation of VPN bandwidth
Access to local network devices while connected to the VPN
Additional data integrity protection
Faster data transmission through multiplexing
SSH was created to be an improvement on the Telnet terminal emulation program. In which of the following ways is it an improvement?
SSH is faster than Telnet.
SSH provides graphical terminal emulation.
SSH encrypts passwords and data.
SSH is less expensive than Telnet.
Remote Desktop Protocol (RDP) was created for use with which of the following terminal emulation programs?
Windows Terminal Services
Virtual Network Computing (VNC)
Citrix WinFrame
Telnet
Your company has two users who want to telecommute from home. They do not have any hardware or software configured or installed. They need to transfer files to the corporate network over a secure link. Your company has a Virtual Private Network (VPN) concentrator that uses Layer 2 Tunneling Protocol (L2TP) and Internet Protocol Security (IPSec). The users want to implement the fastest available service. Both of the users’ homes are within 10,000 feet of a central office. Which of the following solutions address this scenario? (Choose all that apply.)
Each user should install a modem and VPN client software, and configure it to dial through a local Internet Service Provider (ISP) to connect to the company server using L2TP and IPSec.
Each user should establish a Digital Subscriber Line (DSL) connection by either ordering a new line or using the existing line. Each user then needs to install VPN client software and configure it to connect to the company server using L2TP and IPsec.
Each user should establish a cable television (CATV) connection with a local broadband ISP. Each user then needs to install VPN client software and configure it to connect to the company server using L2TP and IPSec.
Each user should install an Integrated Services Digital Network (ISDN) line in his or her house. Each user then needs to install VPN client software and configure it to dial through a local ISP to connect to the company server using L2TP and IPsec.
Which of the following is a PPP authentication protocol that enables users to authenticate using smartcards, badge readers, and fingerprint scanners, as well as usernames and passwords?
PPTP
PAP
CHAP
EAP
A laptop that is equipped with a fingerprint scanner that authenticates the user is using which of the following types of technology?
Pattern recognition
Hand geometry
Biometrics
Tamper detection
An IT department receives a shipment of 20 new computers, and Alice has been assigned the task of preparing them for deployment to end users. The first thing she does is affix a metal tag with a bar code on it to each computer. Which of the following terms best describes the function of this procedure?
Asset tracking
Tamper detection
Device hardening
Port security
Which of the following types of physical security is most likely to detect an insider threat?
Smartcards
Motion detection
Video surveillance
Biometrics
Which of the following physical security mechanisms can either “fail close” or “fail open”?
Motion detectors
Video cameras
Honeypots
Door locks
Smart lockers are storage devices that can provide users with access to supplies, deliveries, and other items using various security mechanisms. Which of the following are technologies that smart lockers can use to authenticate users and provide secure access to their contents?
NFC
RFID
Bluetooth
Biometrics
PIN
All of the above
Which of the following are common types of cameras used for video surveillance of secured network installations? (Choose all that apply.)
IP
LDAP
CCTV
NAC
Which of the following types of attack can best be prevented by implementing a program of employee education and training?
Social engineering
War driving
Logic bomb
Evil twin
Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail open?
The door remains in its current state in the event of an emergency.
The door locks in the event of an emergency.
The door unlocks in the event of an emergency.
The door continues to function using battery power in the event of an emergency.
A high security installation that requires entrants to submit to a retinal scan before the door unlocks is using which of the following types of technology?
Pattern recognition
Hand geometry
Biometrics
Tamper detection
Which of the following are means of preventing unauthorized individuals from entering a sensitive location, such as a datacenter? (Choose all that apply.)
Biometric scans
Identification badges
Key fobs
Motion detection
Which of the following security measures can monitor the specific activities of authorized individuals within sensitive areas?
Video surveillance
Identification badges
Key fobs
Motion detection
Locking cabinets
Which of the following physical security devices can use passive RFIDs to enable an authorized user to enter a secured area? (Choose all that apply.)
Key fob
Keycard lock
Proximity card
Cypher lock
Smart locker
Some key fobs used for authenticated entrance to a secured area have a keypad that requires the user to enter a PIN before the device is activated. Which of the following authentication factors is this device using? (Choose all that apply.)
Something you do
Something you have
Something you are
Something you know
Which of the following physical security devices can enable an authorized user to enter a secured area without any physical contact with the device? (Choose all that apply.)
Key fob
Keycard lock
Proximity card
Cypher lock
Video surveillance of sensitive areas, such as datacenters, can aid in the detection of which of the following types of attacks? (Choose all that apply.)
Social engineering
Evil twin
Brute-force
Insider threats
Which of the following statements is true when a biometric authentication procedure results in a false positive?
A user who should be authorized is denied access.
A user who should not be authorized is denied access.
A user who should be authorized is granted access.
A user who should not be authorized is granted access.
In the datacenter of a company involved with sensitive government data, all servers have crimped metal tags holding the cases closed. All of the hardware racks are locked in clear-fronted cabinets. All cable runs are installed in transparent conduits. These are all examples of which of the following physical security measures?
Tamper detection
Asset tracking
Geofencing
Port security
A secured government building that scans the faces of incoming people and compares them to a database of authorized entrants is using which of the following types of technology?
Pattern recognition
Hand geometry
Biometrics
Tamper detection
Which of the following is not a means of preventing physical security breaches to a network datacenter?
Badges
Locks
Key fobs
Tailgaters
Identification badges, key fobs, and access control vestibules all fall into which of the following categories of security devices?
Physical security
Data security
Asset tracking
Port security
Which of the following are not means of detecting intruders in a network datacenter? (Choose all that apply.)
Motion detection
Video surveillance
Biometrics
Smartcards
Which of the following statements describes what it means when the automated lock on the door to a datacenter is configured to fail closed?
The door remains in its current state in the event of an emergency.
The door locks in the event of an emergency.
The door unlocks in the event of an emergency.
The door continues to function using battery power in the event of an emergency.
After an incident in which your company's datacenter was penetrated by an intruder, the management has installed a double doorway at the entrance to the datacenter. The two doors have a small vestibule in between them, and one door must be closed before the other one can open. Which of the following terms describes this arrangement?
Server closet
Mantrap
Controlled entrance
Honeypot
Ralph's company has purchased new computers to replace some of the older workstations currently in use. Ralph has been assigned the task of preparing the old computers for disposal. They will be sold to a local secondhand dealer. For the dealer to accept the computers, they must have a functional operating system. Company policy also dictates that the computers be permanently wiped of all applications and data before disposal. Which of the following tasks will Ralph have to perform before the computers are sold? (Choose all that apply.)
Reinstall the operating system
Uninstall all applications
Delete all data files
Run a disk wipe utility
Perform a factory reset
Which of the following is not one of the functions provided by TACACS+?