SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Examines content passing through and makes a decision on the data based on a set of criteria - normal uses email filtering and web browsing
content filter
VLAN
stateful inspection
blind
2. Amplifies the signal of incoming packets before broadcasting them to the network
stateful inspection
application gateway
teardrop
repeater
3. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
static NAT
ping of death
firewalls
split horizon DNS
4. A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security
multi homed
stateful inspection
SYN flood
port address translation
5. Man in the middle attack where the content of an intercepted message is altered before it is sent on
false negative
ping flooding
knowledge based
active
6. User / registered ports
VLAN
port address translation
1024 - 49 -151
spoofing
7. IPS response method - terminate process/session - block/reject and redirect network traffic
repeater
IP spoofing
10Base5
active
8. One process on every system - use local system resources - detect attacks that NIDS misses - examine data after decrypted - can be OS specific - more expensive
zone transfer
spoofing
ping flooding
HIDS
9. Connects devices together to form a subnet - broadcasts incoming packets to all devices
fiber optic
honeynet
hub
SYN flood
10. Used to pass data from one VLAN to another
store and forward
router
proxy
proxy
11. Network configuration that permits selected outsiders access internal information systems
PBX (Private Branch Exchange)
blind
spoofing
extranet
12. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
fiber optic
proxy server
subnet
null session
13. Creating a illegitimate website with the intention of convincing victims that they are visiting a legitimate site - typically to collect confidential information
HIDS
website spoofing
switch
twisted pair
14. Head of a packet contains...
deny by default
proxy
spoofing
source - destination - protocol
15. One device per network segment - does not use local system resources - can't examine encrypted traffic - OS independent - less expensive
NIDS
10Base5
subnet
VLAN
16. Well known ports - allow administrative access - used for network services - considered only ports allowed to transmit traffic thru a firewall
dynamic NAT
0 - 1023
proxy
firewall architectures
17. Malicious activity not reported or detected
null session
10Base5
land attack
false negative
18. Twisted pair cable with speed capability of 1Gbps
informed
VLAN
active
cat5
19. A person or program masquerades as another by presenting false information to gain an illegitimate advantage
firewalls
NIDS network connections
twisted pair
spoofing
20. A variation of a smurf attack using UDP
tcp/ip hijacking
fraggle
passive
blind
21. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
router
IP spoofing
false negative
teardrop
22. Packet filtering - proxies - stateful inspection
dynamic NAT
firewalls
protocol
SYN flood
23. A server that sits between an intranet and it's Internet connection - masking all IP addresses
firewalls
NIPS
proxy server
stateful inspection
24. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
encrypt session key
firewall architectures
bastion host
DNS spoofing
25. Twisted pair cable with speed capability of 10Mbps
cat3
active
proxy
port
26. IP - email - website - DNS - and ARP
risk mitigation
spoofing attacks
ARP poisoning
promiscuous
27. Bastion host - dual homed firewall - multi homed firewall - screened host - screened subnet
firewall architectures
subnet
fraggle
application gateway
28. A group of hosts on logical network segment that communicate as if they were attached to the same broadcast domain - regardless of their physical location
layered
VLAN
defense in depth
twisted pair
29. Take control of a session between a server and client - the users gets kicked off the session while the attacker inserts himself into the session by sending a reset request to the client
replay
session hijacking
store and forward
man in the middle
30. Allows all traffic except traffic that is specifically denied - also known as permissive access
allow by default
layered
protocol
false negative
31. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
dual homed
active
extranet
spoofing attacks
32. Cable used most in networks - maximum speed 1Gbps - maximum length 100 meters - susceptible to tap
ARP poisoning
twisted pair
fraggle
blind
33. Blocks all traffic from passing through the firewall except for traffic that is explicitly allowed - also known as restrictive access - best practice
router
packet filter
null session
deny by default
34. A packet filtering firewall works at this layer of the OSI model
network
deny by default
source - destination - protocol
false negative
35. When a hacker takes over a TCP session between two machines - also known as session hijacking - foiled by the use of encrypted sessions
cat3
tcp/ip hijacking
application gateway
firewalls
36. Promiscuous NIC to sniff passing traffic - admin NIC to send alerts to centralized management system
NIDS network connections
IP spoofing
active
HIDS
37. A decoy system - intentionally left exposed to attract/distract attackers - logs and monitors attacker activities
honeypot
bastion host
application gateway
firewall architectures
38. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
active
firewall architectures
packet filter
screened host
39. Unauthenticated connections - creating the potential for a successful connection as an anonymous user
stateful inspection
null session
static NAT
active
40. Collection on honeypots
honeynet
defense in depth
informed
stateful inspection
41. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
10Base5
cat3
DMZ
HIDS
42. IDS that relies on the identification of known attack signatures
dual homed
knowledge based
broadcast domain
10Base5
43. An attacker redirects traffic by falsifying the IP address requested by ARP request
PBX (Private Branch Exchange)
passive
man in the middle and replay
ARP poisoning
44. Known as thicknet - 10mbps - limited to 500 meters
proxy
ping of death
10Base5
port
45. Multiple network defense components are placed throughout the organizations assets and the network is properly segmented
passive
null session
hub
defense in depth
46. Session hijacking countermeasure
dynamic NAT
10base2
passive
encrypt session key
47. A complete transfer of all DNS zone information from one server to another
deny by default
ping flooding
zone transfer
informed
48. Attempt to block service or reduce activity by overloading the victim machine with ping requests
packet filter
man in the middle
ping flooding
blind
49. Monitors network traffic to identify possible attacks
passive
layered
NIDS
multiple interface firewall
50. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
packet filter
firewalls
subnet
port address translation