SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
fiber optic
website spoofing
content filter
risk mitigation
2. Bastion host - dual homed firewall - multi homed firewall - screened host - screened subnet
false negative
content filter
firewall architectures
layered
3. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
DNS spoofing
behavior based
screened host
switch
4. Cable used most in networks - maximum speed 1Gbps - maximum length 100 meters - susceptible to tap
spoofing
private
twisted pair
repeater
5. Forging an IP address with the address of a trusted host
defense in depth
IP spoofing
screened subnet
content filter
6. IDS that relies on the identification of known attack signatures
smurf
knowledge based
man in the middle and replay
multiple interface firewall
7. Attack where an attacker intercepts traffic and tricks parties at either end into believing they are communicating with each other
router
false negative
fiber optic
man in the middle
8. Firewall with several NICs connected to different networks
10Base5
behavior based
multi homed
firewalls
9. An application layer gateway works at this layer of the OSI model
bastion host
false positive
application
10base2
10. Known as thinnet - 10mbps - limited to 185 meters
10base2
IP spoofing
ARP
stateful inspection
11. A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination
router
store and forward
proxy server
hub
12. A packet filtering firewall works at this layer of the OSI model
port
network
broadcast domain
cat3
13. Head of a packet contains...
false negative
fiber optic
firewalls
source - destination - protocol
14. IP spoofing attack where the attacker can monitor packets and participate in bidirectional communication
content filter
informed
dual homed
router
15. Examines a entire packet and determines action based on a complex set of rules
layered
application gateway
active
multiple interface firewall
16. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
risk mitigation
stateful inspection
dual homed
49 -152 - 65 -535
17. A server that sits between an intranet and it's Internet connection - masking all IP addresses
49 -152 - 65 -535
DMZ
zone transfer
proxy server
18. Network configuration that permits selected outsiders access internal information systems
DoS attacks
extranet
zone transfer
passive
19. A DoS attack that subverts the normal "three way handshake" of TCP/IP by sending SYN packets - but no corresponding ACK packets
NAT
SYN flood
behavior based
DMZ
20. DMZ implementation using two firewalls with different rule sets for the DMZ and intranet
stateful inspection
application gateway
layered
0 - 1023
21. Level 2 firewall often used to filter web traffic
teardrop
DMZ
proxy
IP spoofing
22. Protocol used to map an known IP address to its corresponding media access control (MAC) address
DoS attacks
application gateway
dynamic NAT
ARP
23. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
null session
router
dual homed
null session
24. An attack where an attacker captures sensitive information and sends it again later in an attempt to replicate the transaction
HIDS
replay
twisted pair
IP spoofing
25. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
IP spoofing
firewalls
dual homed
proxy
26. Session hijacking countermeasure
fiber optic
proxy server
NIDS
encrypt session key
27. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
bastion host
broadcast domain
multi homed
coaxial
28. Well known ports - allow administrative access - used for network services - considered only ports allowed to transmit traffic thru a firewall
application
NIDS network connections
0 - 1023
proxy
29. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
man in the middle and replay
network
10Base5
DMZ
30. A logical division of a computer network - in which all nodes can reach each other by broadcast at the data link layer - equivalent to a VLAN
false negative
protocol
broadcast domain
risk mitigation
31. Unauthenticated connections - creating the potential for a successful connection as an anonymous user
null session
firewalls
protocol analyzer
extranet
32. IPS response method - terminate process/session - block/reject and redirect network traffic
smurf
active
cat3
multi homed
33. Level 1 firewall that looks at the head of a packet - (not content) - operates rapidly - application independent - either allow or deny packets
hub
packet filter
man in the middle and replay
49 -152 - 65 -535
34. Variation of the SYN flood where SYN packets are spoofed to have the same source and destination IP address and port
cat5
port address translation
land attack
multi homed
35. Twisted pair cable with speed capability of 1Gbps
repeater
cat5
NIDS
replay
36. Man in the middle attack where the attacker captures the traffic and sends it to the original recipient without altering the intercepted data
deny by default
repeater
passive
application gateway
37. A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security
proxy
stateful inspection
SYN flood
website spoofing
38. Man in the middle attack where the content of an intercepted message is altered before it is sent on
cat5
IP spoofing
active
ARP poisoning
39. One device per network segment - does not use local system resources - can't examine encrypted traffic - OS independent - less expensive
bastion host
deny by default
repeater
NIDS
40. A complete transfer of all DNS zone information from one server to another
zone transfer
network
protocol
multi homed
41. Packet filtering - proxies - stateful inspection
switch
honeypot
null session
firewalls
42. A physical or logical subnetwork that houses systems accessible to a larger untrusted network - usually the Internet - also known as DMZ
encrypt session key
screened subnet
private
10Base5
43. IP - email - website - DNS - and ARP
spoofing attacks
proxy
proxy server
zone transfer
44. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
switch
multi homed
source - destination - protocol
active
45. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
cat5
static NAT
layered
ping of death
46. One private IP address is mapped to one public IP address
static NAT
proxy server
packet filter
split horizon DNS
47. Two authoritative sources for your domain namespace with differing contents depending on whether the query is internal or external
VLAN
split horizon DNS
encrypt session key
stateful inspection
48. Unauthenticated Windows session where an attacker can gather list of users - groups - machines - shares - user and host SID
screened subnet
1024 - 49 -151
null session
firewalls
49. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
fiber optic
VLAN
router
screened host
50. Evolved from IDS - monitors network traffic - detects and responds to attack on network
man in the middle and replay
private
10base2
NIPS