SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Variation of the SYN flood where SYN packets are spoofed to have the same source and destination IP address and port
DoS attacks
NIDS
land attack
49 -152 - 65 -535
2. Attack where an attacker intercepts traffic and tricks parties at either end into believing they are communicating with each other
man in the middle
replay
DoS attacks
dynamic NAT
3. Attempt to block service or reduce activity by overloading the victim machine with ping requests
ping flooding
IP spoofing
ping of death
twisted pair
4. An attacker redirects valid request to malicious sites by feeding a DNS server altered records which are retained in its cache
proxy
spoofing attacks
DMZ
DNS spoofing
5. An attacker redirects traffic by falsifying the IP address requested by ARP request
private
null session
ARP poisoning
multiple interface firewall
6. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
IP spoofing
subnet
ping of death
router
7. A firewall that checks all layers of a packet including content - verifying an expected response to a current communication session - also call a deep packet inspection
HIDS
stateful inspection
NIDS
honeynet
8. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
extranet
ping of death
dual homed
dynamic NAT
9. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
repeater
NIDS
defense in depth
screened host
10. IP spoofing attack where the attacker can monitor packets and participate in bidirectional communication
NIDS
proxy server
informed
active
11. Malicious activity not reported or detected
PBX (Private Branch Exchange)
VLAN
packet filter
false negative
12. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
proxy
proxy server
DMZ
10Base5
13. A complete transfer of all DNS zone information from one server to another
layered
zone transfer
website spoofing
private
14. A person or program masquerades as another by presenting false information to gain an illegitimate advantage
ping flooding
protocol
zone transfer
spoofing
15. A set of rules computers use to communicate with each other across a network
smurf
knowledge based
protocol
port address translation
16. Amplifies the signal of incoming packets before broadcasting them to the network
IP spoofing
coaxial
repeater
passive
17. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
deny by default
NIDS
firewalls
replay
18. Protocol used to map an known IP address to its corresponding media access control (MAC) address
promiscuous
PBX (Private Branch Exchange)
behavior based
ARP
19. A logical division of a computer network - in which all nodes can reach each other by broadcast at the data link layer - equivalent to a VLAN
bastion host
10base2
broadcast domain
application gateway
20. Level 1 firewall that looks at the head of a packet - (not content) - operates rapidly - application independent - either allow or deny packets
fraggle
packet filter
man in the middle
split horizon DNS
21. IDS that relies on the identification of known attack signatures
multiple interface firewall
port address translation
coaxial
knowledge based
22. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
bastion host
PBX (Private Branch Exchange)
NIDS network connections
cat5
23. IDS that relies on usage patterns and baseline operation - can ID new vulnerability - high rate of false alarms
VLAN
0 - 1023
behavior based
cat5
24. A flaw in TCP/IP to verify that a packet really comes from the addess indicated in the IP header leads to this attack
IP spoofing
bastion host
blind
promiscuous
25. Examines a entire packet and determines action based on a complex set of rules
application gateway
application
smurf
knowledge based
26. A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security
stateful inspection
private
multi homed
risk mitigation
27. A packet filtering firewall works at this layer of the OSI model
false negative
network
ARP poisoning
proxy server
28. Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)
passive
deny by default
honeypot
multiple interface firewall
29. A logical connection point allowing computers and software to communicate and exchange data
promiscuous
hub
multi homed
port
30. Forging an IP address with the address of a trusted host
router
IP spoofing
1024 - 49 -151
null session
31. Collection on honeypots
promiscuous
49 -152 - 65 -535
passive
honeynet
32. Twisted pair cable with speed capability of 1Gbps
proxy
10Base5
cat5
DoS attacks
33. Acts as an organizations internal phone system
protocol
proxy
PBX (Private Branch Exchange)
repeater
34. A ping message is broadcast to an entire network with a spoofed source IP addess of the victim computer - flooding the victim computer with responses during this attack
screened subnet
ARP
smurf
content filter
35. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
HIDS
static NAT
fiber optic
source - destination - protocol
36. A pool of public IP addresses is shared by a collection of private IP addresses
dynamic NAT
bastion host
blind
PBX (Private Branch Exchange)
37. A variation of a smurf attack using UDP
content filter
false negative
defense in depth
fraggle
38. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
dual homed
land attack
risk mitigation
port
39. A decoy system - intentionally left exposed to attract/distract attackers - logs and monitors attacker activities
IP spoofing
HIDS
honeypot
DMZ
40. Packets with a forged source IP address - purpose to conceal the identity of the sender or impersonate another computing system
private
spoofing attacks
IP spoofing
cat5
41. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
application
switch
coaxial
private
42. User / registered ports
1024 - 49 -151
protocol
teardrop
multi homed
43. Two authoritative sources for your domain namespace with differing contents depending on whether the query is internal or external
proxy
honeypot
private
split horizon DNS
44. A sniffer mode used to capture traffic addressed to/from another machine on the network
teardrop
active
promiscuous
NIDS
45. IDS response method using logging and notification
null session
coaxial
passive
static NAT
46. Multiple network defense components are placed throughout the organizations assets and the network is properly segmented
blind
encrypt session key
allow by default
defense in depth
47. Blocks all traffic from passing through the firewall except for traffic that is explicitly allowed - also known as restrictive access - best practice
land attack
deny by default
proxy
multiple interface firewall
48. Head of a packet contains...
packet filter
teardrop
10Base5
source - destination - protocol
49. Dynamic / private ports
49 -152 - 65 -535
bastion host
multi homed
stateful inspection
50. An attack where an attacker captures sensitive information and sends it again later in an attempt to replicate the transaction
split horizon DNS
stateful inspection
replay
tcp/ip hijacking