SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Level 1 firewall that looks at the head of a packet - (not content) - operates rapidly - application independent - either allow or deny packets
stateful inspection
land attack
packet filter
twisted pair
2. Twisted pair cable with speed capability of 10Mbps
NAT
content filter
application
cat3
3. Dynamic / private ports
passive
website spoofing
49 -152 - 65 -535
dual homed
4. Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)
protocol
multiple interface firewall
screened subnet
false negative
5. Multiple network defense components are placed throughout the organizations assets and the network is properly segmented
NAT
website spoofing
defense in depth
honeynet
6. IDS that relies on usage patterns and baseline operation - can ID new vulnerability - high rate of false alarms
blind
protocol
behavior based
49 -152 - 65 -535
7. A logical group of computers connected via a switch/hub that share the same network prefix in their IP address
screened subnet
cat5
subnet
10base2
8. Network configuration that permits selected outsiders access internal information systems
cat5
knowledge based
extranet
store and forward
9. One private IP address is mapped to one public IP address
land attack
switch
twisted pair
static NAT
10. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
protocol
screened subnet
firewalls
cat3
11. Man in the middle attack where the content of an intercepted message is altered before it is sent on
active
bastion host
NIPS
multiple interface firewall
12. Known as thinnet - 10mbps - limited to 185 meters
port
screened host
ARP
10base2
13. Twisted pair cable with speed capability of 1Gbps
NAT
router
spoofing attacks
cat5
14. One process on every system - use local system resources - detect attacks that NIDS misses - examine data after decrypted - can be OS specific - more expensive
NIDS
land attack
HIDS
dynamic NAT
15. Unauthenticated Windows session where an attacker can gather list of users - groups - machines - shares - user and host SID
application gateway
null session
honeypot
screened host
16. A firewall that checks all layers of a packet including content - verifying an expected response to a current communication session - also call a deep packet inspection
null session
DNS spoofing
stateful inspection
content filter
17. A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination
deny by default
store and forward
1024 - 49 -151
subnet
18. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
passive
NAT
NIDS
ping flooding
19. Acts as an organizations internal phone system
PBX (Private Branch Exchange)
port address translation
NIPS
application gateway
20. Collection on honeypots
dual homed
DMZ
honeynet
extranet
21. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
router
10Base5
firewalls
network
22. Type of IP addresses not routed on the internet: 10.x.x.x - 172.16.x.x - 192.168.x.x
defense in depth
private
active
DoS attacks
23. Attack where an attacker intercepts traffic and tricks parties at either end into believing they are communicating with each other
multi homed
proxy
man in the middle
encrypt session key
24. Take control of a session between a server and client - the users gets kicked off the session while the attacker inserts himself into the session by sending a reset request to the client
behavior based
session hijacking
DMZ
informed
25. Used to pass data from one VLAN to another
active
router
protocol
multiple interface firewall
26. A set of rules computers use to communicate with each other across a network
router
protocol
proxy
null session
27. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
dynamic NAT
NIDS
risk mitigation
allow by default
28. Head of a packet contains...
informed
spoofing
cat5
source - destination - protocol
29. A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security
repeater
passive
stateful inspection
false negative
30. Creating a illegitimate website with the intention of convincing victims that they are visiting a legitimate site - typically to collect confidential information
spoofing attacks
honeynet
ARP poisoning
website spoofing
31. Attempt to block service or reduce activity by overloading the victim machine with ping requests
ping flooding
land attack
honeynet
tcp/ip hijacking
32. Firewall that intercepts and inspects messages before delivering them - placed between trusted and untrusted networks - degrade network traffic - also know as application gateway
stateful inspection
proxy
tcp/ip hijacking
DNS spoofing
33. A sniffer mode used to capture traffic addressed to/from another machine on the network
null session
dynamic NAT
static NAT
promiscuous
34. A logical connection point allowing computers and software to communicate and exchange data
IP spoofing
honeypot
port
split horizon DNS
35. IDS response method using logging and notification
NIDS
passive
1024 - 49 -151
active
36. Man in the middle attack where the attacker captures the traffic and sends it to the original recipient without altering the intercepted data
allow by default
SYN flood
passive
behavior based
37. A group of hosts on logical network segment that communicate as if they were attached to the same broadcast domain - regardless of their physical location
VLAN
NAT
risk mitigation
tcp/ip hijacking
38. Two authoritative sources for your domain namespace with differing contents depending on whether the query is internal or external
tcp/ip hijacking
store and forward
split horizon DNS
screened host
39. Session hijacking countermeasure
risk mitigation
PBX (Private Branch Exchange)
encrypt session key
1024 - 49 -151
40. Used by ISPs - single public network IP address is shared among many hosts on a private network - also known as PAT
defense in depth
port address translation
man in the middle
fiber optic
41. Known as thicknet - 10mbps - limited to 500 meters
deny by default
10Base5
DoS attacks
firewalls
42. Variation of the SYN flood where SYN packets are spoofed to have the same source and destination IP address and port
twisted pair
application
land attack
PBX (Private Branch Exchange)
43. A flaw in TCP/IP to verify that a packet really comes from the addess indicated in the IP header leads to this attack
session hijacking
IP spoofing
router
NIDS
44. Generate random TCP sequence numbers and encrypt traffic countermeasure what attacks
cat5
zone transfer
ARP poisoning
man in the middle and replay
45. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
ping flooding
bastion host
deny by default
zone transfer
46. A ping message is broadcast to an entire network with a spoofed source IP addess of the victim computer - flooding the victim computer with responses during this attack
bastion host
smurf
NIPS
honeypot
47. A physical or logical subnetwork that houses systems accessible to a larger untrusted network - usually the Internet - also known as DMZ
subnet
firewalls
man in the middle and replay
screened subnet
48. Malicious activity not reported or detected
false negative
broadcast domain
cat5
replay
49. Forging an IP address with the address of a trusted host
defense in depth
NIPS
IP spoofing
static NAT
50. Connects devices together to form a subnet - broadcasts incoming packets to all devices
NAT
NIDS
deny by default
hub
