SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Network configuration that permits selected outsiders access internal information systems
proxy server
store and forward
port
extranet
2. Twisted pair cable with speed capability of 10Mbps
tcp/ip hijacking
risk mitigation
0 - 1023
cat3
3. Dynamic / private ports
DoS attacks
router
49 -152 - 65 -535
knowledge based
4. One device per network segment - does not use local system resources - can't examine encrypted traffic - OS independent - less expensive
website spoofing
man in the middle
NIDS
cat5
5. Firewall with several NICs connected to different networks
repeater
VLAN
multi homed
false positive
6. Amplifies the signal of incoming packets before broadcasting them to the network
repeater
1024 - 49 -151
extranet
subnet
7. A logical connection point allowing computers and software to communicate and exchange data
cat3
port
NIDS
fiber optic
8. A sniffer mode used to capture traffic addressed to/from another machine on the network
firewalls
layered
repeater
promiscuous
9. One process on every system - use local system resources - detect attacks that NIDS misses - examine data after decrypted - can be OS specific - more expensive
HIDS
man in the middle and replay
spoofing attacks
NIDS network connections
10. A variation of a smurf attack using UDP
fraggle
store and forward
zone transfer
protocol
11. A group of hosts on logical network segment that communicate as if they were attached to the same broadcast domain - regardless of their physical location
replay
promiscuous
VLAN
broadcast domain
12. A DoS attack that subverts the normal "three way handshake" of TCP/IP by sending SYN packets - but no corresponding ACK packets
promiscuous
replay
SYN flood
dual homed
13. Used by ISPs - single public network IP address is shared among many hosts on a private network - also known as PAT
port address translation
bastion host
layered
application gateway
14. A ping message is broadcast to an entire network with a spoofed source IP addess of the victim computer - flooding the victim computer with responses during this attack
SYN flood
cat3
smurf
extranet
15. Level 2 firewall often used to filter web traffic
IP spoofing
passive
port
proxy
16. Multiple network defense components are placed throughout the organizations assets and the network is properly segmented
fiber optic
defense in depth
DoS attacks
extranet
17. A complete transfer of all DNS zone information from one server to another
ping flooding
zone transfer
packet filter
10Base5
18. Cable used most in networks - maximum speed 1Gbps - maximum length 100 meters - susceptible to tap
application gateway
firewalls
twisted pair
dual homed
19. Unauthenticated connections - creating the potential for a successful connection as an anonymous user
protocol
null session
10Base5
10base2
20. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
ping of death
passive
screened host
active
21. Head of a packet contains...
repeater
source - destination - protocol
proxy
static NAT
22. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
dual homed
cat5
1024 - 49 -151
honeynet
23. Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)
multiple interface firewall
VLAN
DoS attacks
NIDS network connections
24. Examines a entire packet and determines action based on a complex set of rules
coaxial
application gateway
false negative
website spoofing
25. Variation of the SYN flood where SYN packets are spoofed to have the same source and destination IP address and port
null session
land attack
port address translation
packet filter
26. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
allow by default
spoofing attacks
bastion host
firewalls
27. A person or program masquerades as another by presenting false information to gain an illegitimate advantage
switch
spoofing
man in the middle and replay
hub
28. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
firewalls
risk mitigation
10base2
VLAN
29. IDS response method using logging and notification
passive
VLAN
cat5
PBX (Private Branch Exchange)
30. IP - email - website - DNS - and ARP
spoofing attacks
IP spoofing
port
network
31. Man in the middle attack where the attacker captures the traffic and sends it to the original recipient without altering the intercepted data
spoofing
cat5
passive
honeypot
32. Capture and analyze network traffic - also known as packet analyzer - sniffer - network analyzer
broadcast domain
protocol analyzer
risk mitigation
land attack
33. A decoy system - intentionally left exposed to attract/distract attackers - logs and monitors attacker activities
man in the middle
spoofing attacks
honeypot
cat3
34. Allows all traffic except traffic that is specifically denied - also known as permissive access
49 -152 - 65 -535
10Base5
allow by default
router
35. IP spoofing attack where the attacker can only send packets and has to guess about replies
ping of death
blind
firewalls
10Base5
36. Blocks all traffic from passing through the firewall except for traffic that is explicitly allowed - also known as restrictive access - best practice
deny by default
man in the middle
IP spoofing
honeypot
37. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
man in the middle
router
bastion host
cat3
38. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
port
false negative
repeater
DMZ
39. IDS that relies on usage patterns and baseline operation - can ID new vulnerability - high rate of false alarms
behavior based
PBX (Private Branch Exchange)
proxy
10base2
40. Evolved from IDS - monitors network traffic - detects and responds to attack on network
promiscuous
zone transfer
firewalls
NIPS
41. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
fiber optic
proxy
protocol
dual homed
42. Examines content passing through and makes a decision on the data based on a set of criteria - normal uses email filtering and web browsing
tcp/ip hijacking
content filter
multi homed
stateful inspection
43. Monitors network traffic to identify possible attacks
teardrop
firewall architectures
NIDS
DMZ
44. IDS that relies on the identification of known attack signatures
blind
switch
knowledge based
website spoofing
45. Known as thinnet - 10mbps - limited to 185 meters
passive
router
tcp/ip hijacking
10base2
46. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
honeynet
router
NIPS
store and forward
47. Man in the middle attack where the content of an intercepted message is altered before it is sent on
promiscuous
active
honeypot
cat5
48. Acts as an organizations internal phone system
PBX (Private Branch Exchange)
port
allow by default
stateful inspection
49. A flaw in TCP/IP to verify that a packet really comes from the addess indicated in the IP header leads to this attack
IP spoofing
stateful inspection
session hijacking
PBX (Private Branch Exchange)
50. Session hijacking countermeasure
extranet
application
encrypt session key
IP spoofing