SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A firewall that checks all layers of a packet including content - verifying an expected response to a current communication session - also call a deep packet inspection
fiber optic
replay
stateful inspection
10Base5
2. One private IP address is mapped to one public IP address
VLAN
passive
static NAT
defense in depth
3. A packet filtering firewall works at this layer of the OSI model
VLAN
PBX (Private Branch Exchange)
network
false positive
4. An attacker redirects valid request to malicious sites by feeding a DNS server altered records which are retained in its cache
session hijacking
hub
DNS spoofing
informed
5. A physical or logical subnetwork that houses systems accessible to a larger untrusted network - usually the Internet - also known as DMZ
honeynet
application gateway
blind
screened subnet
6. Connects devices together to form a subnet - broadcasts incoming packets to all devices
10Base5
ping of death
hub
network
7. Twisted pair cable with speed capability of 1Gbps
NIDS
bastion host
teardrop
cat5
8. Network configuration that permits selected outsiders access internal information systems
extranet
passive
cat3
land attack
9. A DoS attack that subverts the normal "three way handshake" of TCP/IP by sending SYN packets - but no corresponding ACK packets
private
10Base5
SYN flood
firewall architectures
10. A person or program masquerades as another by presenting false information to gain an illegitimate advantage
man in the middle
dynamic NAT
NAT
spoofing
11. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
packet filter
dual homed
firewalls
risk mitigation
12. IP spoofing attack where the attacker can only send packets and has to guess about replies
promiscuous
NAT
coaxial
blind
13. Packet filtering - proxies - stateful inspection
ARP poisoning
router
firewalls
multi homed
14. Acts as an organizations internal phone system
man in the middle and replay
NIPS
PBX (Private Branch Exchange)
application
15. Forging an IP address with the address of a trusted host
IP spoofing
fiber optic
replay
split horizon DNS
16. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
router
broadcast domain
10Base5
false negative
17. An application layer gateway works at this layer of the OSI model
screened host
1024 - 49 -151
application
ARP poisoning
18. An attack where fragmented UDP packets with odd offset values are sent to the victim - when the OS attempts to rebuild the fragments they overwrite each other and cause confusion
subnet
cat5
teardrop
false negative
19. Two authoritative sources for your domain namespace with differing contents depending on whether the query is internal or external
twisted pair
port
split horizon DNS
replay
20. Used to pass data from one VLAN to another
risk mitigation
zone transfer
router
firewalls
21. Cable with copper core - has no physical transmission security and is easy to tap - 10mbps - maximum length 500 meters
cat3
encrypt session key
ARP poisoning
coaxial
22. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
IP spoofing
fiber optic
bastion host
broadcast domain
23. Bastion host - dual homed firewall - multi homed firewall - screened host - screened subnet
switch
proxy
ARP
firewall architectures
24. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
HIDS
ping of death
spoofing
null session
25. Unauthenticated Windows session where an attacker can gather list of users - groups - machines - shares - user and host SID
false positive
behavior based
active
null session
26. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
screened host
hub
active
behavior based
27. A logical connection point allowing computers and software to communicate and exchange data
screened subnet
port
defense in depth
coaxial
28. When a hacker takes over a TCP session between two machines - also known as session hijacking - foiled by the use of encrypted sessions
ping of death
defense in depth
router
tcp/ip hijacking
29. Level 1 firewall that looks at the head of a packet - (not content) - operates rapidly - application independent - either allow or deny packets
1024 - 49 -151
packet filter
NIDS network connections
NIPS
30. Man in the middle attack where the attacker captures the traffic and sends it to the original recipient without altering the intercepted data
passive
0 - 1023
null session
port
31. A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security
honeypot
SYN flood
stateful inspection
ARP
32. Unauthenticated connections - creating the potential for a successful connection as an anonymous user
informed
null session
layered
firewall architectures
33. A sniffer mode used to capture traffic addressed to/from another machine on the network
cat5
promiscuous
content filter
port
34. Type of IP addresses not routed on the internet: 10.x.x.x - 172.16.x.x - 192.168.x.x
deny by default
cat3
allow by default
private
35. Take control of a session between a server and client - the users gets kicked off the session while the attacker inserts himself into the session by sending a reset request to the client
dual homed
smurf
IP spoofing
session hijacking
36. Cable used most in networks - maximum speed 1Gbps - maximum length 100 meters - susceptible to tap
twisted pair
proxy server
router
network
37. Level 2 firewall often used to filter web traffic
smurf
fiber optic
VLAN
proxy
38. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
firewalls
HIDS
protocol analyzer
NIDS
39. An attack where an attacker captures sensitive information and sends it again later in an attempt to replicate the transaction
behavior based
active
replay
port
40. Used by ISPs - single public network IP address is shared among many hosts on a private network - also known as PAT
protocol analyzer
coaxial
behavior based
port address translation
41. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
dual homed
encrypt session key
allow by default
passive
42. Known as thicknet - 10mbps - limited to 500 meters
teardrop
screened host
10Base5
packet filter
43. Monitors network traffic to identify possible attacks
NIDS
land attack
session hijacking
49 -152 - 65 -535
44. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
fiber optic
DoS attacks
NIDS
spoofing attacks
45. Ping flooding - ping of death - smurf - fraggle - SYN flood - land - teardrop - email flood
IP spoofing
DoS attacks
zone transfer
source - destination - protocol
46. A logical group of computers connected via a switch/hub that share the same network prefix in their IP address
subnet
router
active
port address translation
47. Man in the middle attack where the content of an intercepted message is altered before it is sent on
ARP
DNS spoofing
active
ARP poisoning
48. Evolved from IDS - monitors network traffic - detects and responds to attack on network
NIPS
IP spoofing
null session
dynamic NAT
49. Firewall with several NICs connected to different networks
teardrop
firewalls
ARP poisoning
multi homed
50. A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination
store and forward
website spoofing
screened subnet
cat5