SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)
dynamic NAT
multiple interface firewall
application gateway
null session
2. Amplifies the signal of incoming packets before broadcasting them to the network
repeater
10base2
SYN flood
coaxial
3. Level 2 firewall often used to filter web traffic
NIPS
DNS spoofing
VLAN
proxy
4. A sniffer mode used to capture traffic addressed to/from another machine on the network
application gateway
teardrop
promiscuous
man in the middle
5. Cable used most in networks - maximum speed 1Gbps - maximum length 100 meters - susceptible to tap
website spoofing
application
stateful inspection
twisted pair
6. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
informed
zone transfer
null session
switch
7. Malicious activity not reported or detected
encrypt session key
spoofing
allow by default
false negative
8. DMZ implementation using two firewalls with different rule sets for the DMZ and intranet
layered
DoS attacks
SYN flood
static NAT
9. Man in the middle attack where the attacker captures the traffic and sends it to the original recipient without altering the intercepted data
session hijacking
passive
fiber optic
blind
10. Two authoritative sources for your domain namespace with differing contents depending on whether the query is internal or external
coaxial
split horizon DNS
honeynet
private
11. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
ping flooding
allow by default
bastion host
stateful inspection
12. Attack where an attacker intercepts traffic and tricks parties at either end into believing they are communicating with each other
packet filter
risk mitigation
man in the middle
source - destination - protocol
13. IP spoofing attack where the attacker can only send packets and has to guess about replies
IP spoofing
protocol analyzer
blind
defense in depth
14. A variation of a smurf attack using UDP
fraggle
protocol
stateful inspection
layered
15. A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination
proxy
packet filter
store and forward
screened subnet
16. Evolved from IDS - monitors network traffic - detects and responds to attack on network
NIPS
static NAT
land attack
deny by default
17. Used to pass data from one VLAN to another
multi homed
router
land attack
firewalls
18. Man in the middle attack where the content of an intercepted message is altered before it is sent on
port address translation
active
hub
extranet
19. A group of hosts on logical network segment that communicate as if they were attached to the same broadcast domain - regardless of their physical location
ARP
replay
1024 - 49 -151
VLAN
20. Attempt to block service or reduce activity by overloading the victim machine with ping requests
ping flooding
1024 - 49 -151
protocol analyzer
website spoofing
21. Monitors network traffic to identify possible attacks
proxy
risk mitigation
bastion host
NIDS
22. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
NAT
stateful inspection
false negative
null session
23. A person or program masquerades as another by presenting false information to gain an illegitimate advantage
49 -152 - 65 -535
dual homed
spoofing
10base2
24. Capture and analyze network traffic - also known as packet analyzer - sniffer - network analyzer
NAT
firewalls
protocol analyzer
hub
25. Forging an IP address with the address of a trusted host
switch
dynamic NAT
IP spoofing
twisted pair
26. Well known ports - allow administrative access - used for network services - considered only ports allowed to transmit traffic thru a firewall
land attack
ping of death
0 - 1023
risk mitigation
27. A server that sits between an intranet and it's Internet connection - masking all IP addresses
proxy server
honeynet
promiscuous
tcp/ip hijacking
28. IPS response method - terminate process/session - block/reject and redirect network traffic
active
man in the middle
smurf
twisted pair
29. When a hacker takes over a TCP session between two machines - also known as session hijacking - foiled by the use of encrypted sessions
tcp/ip hijacking
knowledge based
stateful inspection
informed
30. Level 1 firewall that looks at the head of a packet - (not content) - operates rapidly - application independent - either allow or deny packets
router
IP spoofing
packet filter
blind
31. A flaw in TCP/IP to verify that a packet really comes from the addess indicated in the IP header leads to this attack
teardrop
PBX (Private Branch Exchange)
dynamic NAT
IP spoofing
32. A ping message is broadcast to an entire network with a spoofed source IP addess of the victim computer - flooding the victim computer with responses during this attack
null session
session hijacking
smurf
firewalls
33. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
proxy
hub
router
risk mitigation
34. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
HIDS
dual homed
encrypt session key
risk mitigation
35. IDS that relies on usage patterns and baseline operation - can ID new vulnerability - high rate of false alarms
DMZ
packet filter
behavior based
HIDS
36. IP - email - website - DNS - and ARP
teardrop
NIDS network connections
spoofing attacks
cat3
37. Examines content passing through and makes a decision on the data based on a set of criteria - normal uses email filtering and web browsing
proxy
content filter
dual homed
informed
38. IP spoofing attack where the attacker can monitor packets and participate in bidirectional communication
multi homed
promiscuous
informed
DNS spoofing
39. Firewall with several NICs connected to different networks
multi homed
proxy
null session
session hijacking
40. A logical division of a computer network - in which all nodes can reach each other by broadcast at the data link layer - equivalent to a VLAN
broadcast domain
smurf
coaxial
proxy
41. Multiple network defense components are placed throughout the organizations assets and the network is properly segmented
man in the middle and replay
defense in depth
spoofing attacks
twisted pair
42. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
VLAN
ping flooding
firewalls
honeypot
43. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
null session
fiber optic
private
passive
44. Creating a illegitimate website with the intention of convincing victims that they are visiting a legitimate site - typically to collect confidential information
website spoofing
proxy
IP spoofing
man in the middle and replay
45. An attacker redirects valid request to malicious sites by feeding a DNS server altered records which are retained in its cache
content filter
DNS spoofing
10Base5
NAT
46. A complete transfer of all DNS zone information from one server to another
coaxial
zone transfer
protocol analyzer
ARP
47. A logical connection point allowing computers and software to communicate and exchange data
fraggle
port
screened host
port address translation
48. User / registered ports
zone transfer
1024 - 49 -151
protocol analyzer
SYN flood
49. An attack where an attacker captures sensitive information and sends it again later in an attempt to replicate the transaction
bastion host
replay
PBX (Private Branch Exchange)
passive
50. A set of rules computers use to communicate with each other across a network
port
active
passive
protocol