SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
allow by default
smurf
fiber optic
subnet
2. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
screened host
1024 - 49 -151
PBX (Private Branch Exchange)
NAT
3. Packets with a forged source IP address - purpose to conceal the identity of the sender or impersonate another computing system
IP spoofing
teardrop
PBX (Private Branch Exchange)
screened subnet
4. A firewall that checks all layers of a packet including content - verifying an expected response to a current communication session - also call a deep packet inspection
stateful inspection
packet filter
content filter
application gateway
5. Collection on honeypots
split horizon DNS
active
honeynet
multi homed
6. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
protocol analyzer
content filter
DMZ
dual homed
7. Creating a illegitimate website with the intention of convincing victims that they are visiting a legitimate site - typically to collect confidential information
IP spoofing
website spoofing
screened host
multi homed
8. Used by ISPs - single public network IP address is shared among many hosts on a private network - also known as PAT
port address translation
honeypot
deny by default
repeater
9. Generate random TCP sequence numbers and encrypt traffic countermeasure what attacks
man in the middle
VLAN
man in the middle and replay
cat5
10. Multiple network defense components are placed throughout the organizations assets and the network is properly segmented
defense in depth
10base2
network
NAT
11. Examines a entire packet and determines action based on a complex set of rules
VLAN
dual homed
application gateway
knowledge based
12. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
risk mitigation
subnet
PBX (Private Branch Exchange)
DMZ
13. Known as thicknet - 10mbps - limited to 500 meters
dual homed
ARP poisoning
10Base5
dynamic NAT
14. An attack where an attacker captures sensitive information and sends it again later in an attempt to replicate the transaction
replay
null session
port
deny by default
15. Two authoritative sources for your domain namespace with differing contents depending on whether the query is internal or external
split horizon DNS
router
stateful inspection
website spoofing
16. Head of a packet contains...
source - destination - protocol
DoS attacks
website spoofing
ping of death
17. Session hijacking countermeasure
false negative
encrypt session key
active
IP spoofing
18. IP - email - website - DNS - and ARP
spoofing attacks
passive
protocol
man in the middle
19. A server that sits between an intranet and it's Internet connection - masking all IP addresses
proxy server
false positive
packet filter
behavior based
20. Unauthenticated connections - creating the potential for a successful connection as an anonymous user
active
source - destination - protocol
repeater
null session
21. IDS that relies on usage patterns and baseline operation - can ID new vulnerability - high rate of false alarms
protocol analyzer
behavior based
static NAT
man in the middle
22. Cable with copper core - has no physical transmission security and is easy to tap - 10mbps - maximum length 500 meters
false positive
coaxial
application
NIDS
23. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
dual homed
proxy
active
switch
24. Take control of a session between a server and client - the users gets kicked off the session while the attacker inserts himself into the session by sending a reset request to the client
ping flooding
proxy
repeater
session hijacking
25. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
twisted pair
firewalls
packet filter
protocol
26. An attacker redirects valid request to malicious sites by feeding a DNS server altered records which are retained in its cache
behavior based
DNS spoofing
allow by default
source - destination - protocol
27. Promiscuous NIC to sniff passing traffic - admin NIC to send alerts to centralized management system
NIDS network connections
honeypot
null session
49 -152 - 65 -535
28. Monitors network traffic to identify possible attacks
private
fraggle
NIDS
twisted pair
29. An attacker redirects traffic by falsifying the IP address requested by ARP request
deny by default
cat5
DNS spoofing
ARP poisoning
30. A pool of public IP addresses is shared by a collection of private IP addresses
dual homed
twisted pair
dynamic NAT
tcp/ip hijacking
31. Forging an IP address with the address of a trusted host
IP spoofing
NIPS
firewalls
screened subnet
32. IDS response method using logging and notification
passive
null session
private
10base2
33. A physical or logical subnetwork that houses systems accessible to a larger untrusted network - usually the Internet - also known as DMZ
cat5
application
screened subnet
proxy
34. Examines content passing through and makes a decision on the data based on a set of criteria - normal uses email filtering and web browsing
null session
PBX (Private Branch Exchange)
man in the middle and replay
content filter
35. A DoS attack that subverts the normal "three way handshake" of TCP/IP by sending SYN packets - but no corresponding ACK packets
extranet
source - destination - protocol
SYN flood
active
36. A decoy system - intentionally left exposed to attract/distract attackers - logs and monitors attacker activities
application gateway
ping of death
honeypot
risk mitigation
37. Used to pass data from one VLAN to another
router
passive
content filter
spoofing attacks
38. Attempt to block service or reduce activity by overloading the victim machine with ping requests
IP spoofing
ping flooding
fiber optic
spoofing
39. A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination
VLAN
passive
deny by default
store and forward
40. IP spoofing attack where the attacker can monitor packets and participate in bidirectional communication
firewalls
informed
stateful inspection
packet filter
41. A logical connection point allowing computers and software to communicate and exchange data
private
port
DMZ
ARP poisoning
42. A logical group of computers connected via a switch/hub that share the same network prefix in their IP address
NIDS network connections
subnet
cat5
honeypot
43. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
man in the middle
active
stateful inspection
screened host
44. Man in the middle attack where the content of an intercepted message is altered before it is sent on
active
switch
defense in depth
dual homed
45. One process on every system - use local system resources - detect attacks that NIDS misses - examine data after decrypted - can be OS specific - more expensive
promiscuous
HIDS
store and forward
firewall architectures
46. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
coaxial
PBX (Private Branch Exchange)
store and forward
DMZ
47. Firewall with several NICs connected to different networks
protocol analyzer
knowledge based
multi homed
bastion host
48. A flaw in TCP/IP to verify that a packet really comes from the addess indicated in the IP header leads to this attack
NAT
application
defense in depth
IP spoofing
49. Capture and analyze network traffic - also known as packet analyzer - sniffer - network analyzer
stateful inspection
zone transfer
10Base5
protocol analyzer
50. Known as thinnet - 10mbps - limited to 185 meters
zone transfer
smurf
10base2
DMZ