SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
allow by default
HIDS
fiber optic
active
2. Malicious activity not reported or detected
false negative
network
passive
firewalls
3. An attacker redirects traffic by falsifying the IP address requested by ARP request
ARP poisoning
network
dual homed
HIDS
4. A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security
dynamic NAT
stateful inspection
application
zone transfer
5. A variation of a smurf attack using UDP
man in the middle
PBX (Private Branch Exchange)
fraggle
screened host
6. Attempt to block service or reduce activity by overloading the victim machine with ping requests
false positive
ping flooding
10base2
firewalls
7. Protocol used to map an known IP address to its corresponding media access control (MAC) address
1024 - 49 -151
informed
smurf
ARP
8. A ping message is broadcast to an entire network with a spoofed source IP addess of the victim computer - flooding the victim computer with responses during this attack
smurf
IP spoofing
DoS attacks
router
9. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
stateful inspection
multiple interface firewall
screened host
router
10. Examines a entire packet and determines action based on a complex set of rules
application gateway
allow by default
content filter
fraggle
11. Attack where an attacker intercepts traffic and tricks parties at either end into believing they are communicating with each other
ping of death
NAT
application gateway
man in the middle
12. Connects devices together to form a subnet - broadcasts incoming packets to all devices
DMZ
active
hub
port
13. A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination
store and forward
NIDS
port address translation
SYN flood
14. Generate random TCP sequence numbers and encrypt traffic countermeasure what attacks
man in the middle and replay
extranet
ARP poisoning
smurf
15. Cable used most in networks - maximum speed 1Gbps - maximum length 100 meters - susceptible to tap
blind
twisted pair
null session
10Base5
16. Unauthenticated connections - creating the potential for a successful connection as an anonymous user
49 -152 - 65 -535
network
null session
DoS attacks
17. Network configuration that permits selected outsiders access internal information systems
0 - 1023
extranet
port
ARP
18. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
bastion host
proxy
IP spoofing
static NAT
19. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
switch
spoofing attacks
1024 - 49 -151
ARP
20. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
proxy server
man in the middle
fiber optic
NAT
21. A packet filtering firewall works at this layer of the OSI model
fiber optic
network
zone transfer
10Base5
22. Known as thinnet - 10mbps - limited to 185 meters
ping of death
application
10base2
1024 - 49 -151
23. Bbenign activity reported as malicious
hub
NIDS
false positive
broadcast domain
24. An application layer gateway works at this layer of the OSI model
dual homed
application
proxy
content filter
25. Used to pass data from one VLAN to another
49 -152 - 65 -535
1024 - 49 -151
promiscuous
router
26. Blocks all traffic from passing through the firewall except for traffic that is explicitly allowed - also known as restrictive access - best practice
deny by default
stateful inspection
network
encrypt session key
27. A sniffer mode used to capture traffic addressed to/from another machine on the network
risk mitigation
deny by default
promiscuous
smurf
28. Packets with a forged source IP address - purpose to conceal the identity of the sender or impersonate another computing system
packet filter
screened host
IP spoofing
static NAT
29. IP - email - website - DNS - and ARP
DoS attacks
dual homed
man in the middle and replay
spoofing attacks
30. Ping flooding - ping of death - smurf - fraggle - SYN flood - land - teardrop - email flood
multi homed
deny by default
hub
DoS attacks
31. An attack where fragmented UDP packets with odd offset values are sent to the victim - when the OS attempts to rebuild the fragments they overwrite each other and cause confusion
NAT
session hijacking
honeypot
teardrop
32. Examines content passing through and makes a decision on the data based on a set of criteria - normal uses email filtering and web browsing
firewalls
content filter
cat5
IP spoofing
33. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
cat5
router
session hijacking
cat3
34. A complete transfer of all DNS zone information from one server to another
false positive
NIDS network connections
website spoofing
zone transfer
35. Evolved from IDS - monitors network traffic - detects and responds to attack on network
honeypot
NIPS
VLAN
application gateway
36. One private IP address is mapped to one public IP address
static NAT
hub
DoS attacks
firewalls
37. A group of hosts on logical network segment that communicate as if they were attached to the same broadcast domain - regardless of their physical location
NIDS
SYN flood
VLAN
passive
38. A set of rules computers use to communicate with each other across a network
null session
protocol
false positive
packet filter
39. Head of a packet contains...
spoofing
private
static NAT
source - destination - protocol
40. One device per network segment - does not use local system resources - can't examine encrypted traffic - OS independent - less expensive
multiple interface firewall
NIDS
defense in depth
honeypot
41. A flaw in TCP/IP to verify that a packet really comes from the addess indicated in the IP header leads to this attack
protocol analyzer
NIDS network connections
multiple interface firewall
IP spoofing
42. IDS that relies on the identification of known attack signatures
port address translation
knowledge based
repeater
ARP
43. Level 1 firewall that looks at the head of a packet - (not content) - operates rapidly - application independent - either allow or deny packets
DoS attacks
active
packet filter
stateful inspection
44. Promiscuous NIC to sniff passing traffic - admin NIC to send alerts to centralized management system
risk mitigation
honeynet
NIDS network connections
promiscuous
45. Two authoritative sources for your domain namespace with differing contents depending on whether the query is internal or external
cat3
layered
cat5
split horizon DNS
46. Used by ISPs - single public network IP address is shared among many hosts on a private network - also known as PAT
port address translation
null session
store and forward
49 -152 - 65 -535
47. Session hijacking countermeasure
encrypt session key
fiber optic
application
IP spoofing
48. Cable with copper core - has no physical transmission security and is easy to tap - 10mbps - maximum length 500 meters
passive
multiple interface firewall
coaxial
protocol
49. Twisted pair cable with speed capability of 10Mbps
replay
cat3
49 -152 - 65 -535
1024 - 49 -151
50. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
DMZ
null session
replay
active