SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
subnet
application gateway
port
risk mitigation
2. Bbenign activity reported as malicious
stateful inspection
ARP poisoning
false positive
subnet
3. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
protocol analyzer
protocol
bastion host
honeypot
4. Level 1 firewall that looks at the head of a packet - (not content) - operates rapidly - application independent - either allow or deny packets
packet filter
broadcast domain
protocol
session hijacking
5. A set of rules computers use to communicate with each other across a network
packet filter
protocol
split horizon DNS
cat5
6. Connects devices together to form a subnet - broadcasts incoming packets to all devices
1024 - 49 -151
NIPS
hub
honeynet
7. Unauthenticated Windows session where an attacker can gather list of users - groups - machines - shares - user and host SID
router
promiscuous
null session
DNS spoofing
8. Head of a packet contains...
IP spoofing
blind
twisted pair
source - destination - protocol
9. A sniffer mode used to capture traffic addressed to/from another machine on the network
port
router
IP spoofing
promiscuous
10. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
dual homed
49 -152 - 65 -535
passive
spoofing
11. Unauthenticated connections - creating the potential for a successful connection as an anonymous user
honeypot
proxy
deny by default
null session
12. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
man in the middle and replay
defense in depth
router
static NAT
13. Malicious activity not reported or detected
DoS attacks
tcp/ip hijacking
content filter
false negative
14. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
screened host
VLAN
honeynet
teardrop
15. An attack where fragmented UDP packets with odd offset values are sent to the victim - when the OS attempts to rebuild the fragments they overwrite each other and cause confusion
honeynet
teardrop
ping of death
fraggle
16. IP - email - website - DNS - and ARP
spoofing attacks
false positive
subnet
spoofing
17. Variation of the SYN flood where SYN packets are spoofed to have the same source and destination IP address and port
dual homed
land attack
router
firewalls
18. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
multiple interface firewall
private
ping of death
passive
19. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
VLAN
firewalls
informed
behavior based
20. An attacker redirects valid request to malicious sites by feeding a DNS server altered records which are retained in its cache
DNS spoofing
false negative
protocol analyzer
HIDS
21. A DoS attack that subverts the normal "three way handshake" of TCP/IP by sending SYN packets - but no corresponding ACK packets
10Base5
blind
SYN flood
protocol
22. Collection on honeypots
honeynet
spoofing
ping flooding
twisted pair
23. An attacker redirects traffic by falsifying the IP address requested by ARP request
ARP poisoning
man in the middle
proxy
extranet
24. Allows all traffic except traffic that is specifically denied - also known as permissive access
false positive
screened subnet
passive
allow by default
25. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
knowledge based
smurf
DMZ
DoS attacks
26. A person or program masquerades as another by presenting false information to gain an illegitimate advantage
spoofing
proxy server
smurf
extranet
27. IDS that relies on usage patterns and baseline operation - can ID new vulnerability - high rate of false alarms
behavior based
DoS attacks
land attack
protocol
28. Forging an IP address with the address of a trusted host
IP spoofing
dual homed
multi homed
broadcast domain
29. Cable with copper core - has no physical transmission security and is easy to tap - 10mbps - maximum length 500 meters
coaxial
NIDS network connections
allow by default
IP spoofing
30. Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)
multiple interface firewall
honeypot
risk mitigation
multi homed
31. Firewall that intercepts and inspects messages before delivering them - placed between trusted and untrusted networks - degrade network traffic - also know as application gateway
knowledge based
proxy
NIPS
cat5
32. Evolved from IDS - monitors network traffic - detects and responds to attack on network
NIPS
active
zone transfer
extranet
33. Monitors network traffic to identify possible attacks
dynamic NAT
NIDS
NIDS network connections
store and forward
34. Bastion host - dual homed firewall - multi homed firewall - screened host - screened subnet
firewall architectures
content filter
coaxial
repeater
35. A logical division of a computer network - in which all nodes can reach each other by broadcast at the data link layer - equivalent to a VLAN
10Base5
passive
broadcast domain
source - destination - protocol
36. Generate random TCP sequence numbers and encrypt traffic countermeasure what attacks
ping of death
twisted pair
man in the middle and replay
spoofing attacks
37. Known as thinnet - 10mbps - limited to 185 meters
ARP
informed
NIDS
10base2
38. Acts as an organizations internal phone system
fraggle
honeypot
multiple interface firewall
PBX (Private Branch Exchange)
39. A decoy system - intentionally left exposed to attract/distract attackers - logs and monitors attacker activities
port address translation
honeynet
cat3
honeypot
40. Level 2 firewall often used to filter web traffic
proxy
NIPS
deny by default
active
41. Examines content passing through and makes a decision on the data based on a set of criteria - normal uses email filtering and web browsing
cat5
content filter
active
repeater
42. Session hijacking countermeasure
active
encrypt session key
IP spoofing
defense in depth
43. A pool of public IP addresses is shared by a collection of private IP addresses
proxy server
dynamic NAT
NIPS
false positive
44. Attack where an attacker intercepts traffic and tricks parties at either end into believing they are communicating with each other
ARP
man in the middle
PBX (Private Branch Exchange)
knowledge based
45. Man in the middle attack where the content of an intercepted message is altered before it is sent on
multi homed
IP spoofing
SYN flood
active
46. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
IP spoofing
zone transfer
firewalls
NAT
47. Firewall with several NICs connected to different networks
0 - 1023
ping of death
stateful inspection
multi homed
48. An application layer gateway works at this layer of the OSI model
website spoofing
land attack
application
0 - 1023
49. Examines a entire packet and determines action based on a complex set of rules
null session
router
application gateway
firewall architectures
50. IP spoofing attack where the attacker can only send packets and has to guess about replies
blind
0 - 1023
null session
layered