SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A sniffer mode used to capture traffic addressed to/from another machine on the network
stateful inspection
subnet
promiscuous
dual homed
2. Type of IP addresses not routed on the internet: 10.x.x.x - 172.16.x.x - 192.168.x.x
private
knowledge based
stateful inspection
protocol analyzer
3. An application layer gateway works at this layer of the OSI model
proxy
subnet
application
repeater
4. Packet filtering - proxies - stateful inspection
firewalls
multi homed
spoofing attacks
source - destination - protocol
5. Known as thinnet - 10mbps - limited to 185 meters
website spoofing
10base2
bastion host
tcp/ip hijacking
6. Used to pass data from one VLAN to another
NIDS
spoofing
router
protocol analyzer
7. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
switch
bastion host
coaxial
zone transfer
8. An attack where fragmented UDP packets with odd offset values are sent to the victim - when the OS attempts to rebuild the fragments they overwrite each other and cause confusion
null session
multi homed
teardrop
layered
9. A ping message is broadcast to an entire network with a spoofed source IP addess of the victim computer - flooding the victim computer with responses during this attack
twisted pair
smurf
static NAT
proxy
10. Connects devices together to form a subnet - broadcasts incoming packets to all devices
honeynet
49 -152 - 65 -535
hub
spoofing
11. Generate random TCP sequence numbers and encrypt traffic countermeasure what attacks
port address translation
application
man in the middle and replay
NAT
12. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
risk mitigation
screened host
session hijacking
deny by default
13. A pool of public IP addresses is shared by a collection of private IP addresses
firewalls
knowledge based
protocol analyzer
dynamic NAT
14. Variation of the SYN flood where SYN packets are spoofed to have the same source and destination IP address and port
subnet
NIDS
passive
land attack
15. Capture and analyze network traffic - also known as packet analyzer - sniffer - network analyzer
1024 - 49 -151
IP spoofing
protocol analyzer
DNS spoofing
16. Attempt to block service or reduce activity by overloading the victim machine with ping requests
protocol analyzer
ping flooding
behavior based
encrypt session key
17. Dynamic / private ports
switch
allow by default
49 -152 - 65 -535
PBX (Private Branch Exchange)
18. Well known ports - allow administrative access - used for network services - considered only ports allowed to transmit traffic thru a firewall
false positive
proxy server
0 - 1023
49 -152 - 65 -535
19. Unauthenticated connections - creating the potential for a successful connection as an anonymous user
man in the middle and replay
null session
promiscuous
network
20. Creating a illegitimate website with the intention of convincing victims that they are visiting a legitimate site - typically to collect confidential information
switch
stateful inspection
false negative
website spoofing
21. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
active
spoofing attacks
VLAN
NAT
22. Known as thicknet - 10mbps - limited to 500 meters
10Base5
dynamic NAT
ping flooding
store and forward
23. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
multiple interface firewall
repeater
risk mitigation
network
24. An attacker redirects traffic by falsifying the IP address requested by ARP request
ARP poisoning
firewall architectures
split horizon DNS
router
25. A logical connection point allowing computers and software to communicate and exchange data
protocol analyzer
port
packet filter
session hijacking
26. Twisted pair cable with speed capability of 10Mbps
split horizon DNS
cat5
stateful inspection
cat3
27. A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security
spoofing attacks
man in the middle
stateful inspection
NIDS
28. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
informed
honeynet
protocol
ping of death
29. IPS response method - terminate process/session - block/reject and redirect network traffic
router
active
cat5
allow by default
30. Firewall that intercepts and inspects messages before delivering them - placed between trusted and untrusted networks - degrade network traffic - also know as application gateway
man in the middle
proxy
multi homed
active
31. Protocol used to map an known IP address to its corresponding media access control (MAC) address
honeynet
ARP
10base2
spoofing
32. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
firewalls
router
0 - 1023
10base2
33. IP - email - website - DNS - and ARP
packet filter
man in the middle and replay
ARP
spoofing attacks
34. A logical division of a computer network - in which all nodes can reach each other by broadcast at the data link layer - equivalent to a VLAN
router
broadcast domain
deny by default
NIDS network connections
35. A group of hosts on logical network segment that communicate as if they were attached to the same broadcast domain - regardless of their physical location
VLAN
broadcast domain
false negative
stateful inspection
36. User / registered ports
SYN flood
DoS attacks
1024 - 49 -151
cat3
37. IDS that relies on the identification of known attack signatures
knowledge based
session hijacking
ping flooding
ARP
38. Forging an IP address with the address of a trusted host
bastion host
HIDS
IP spoofing
VLAN
39. Bbenign activity reported as malicious
coaxial
false positive
layered
VLAN
40. A decoy system - intentionally left exposed to attract/distract attackers - logs and monitors attacker activities
private
honeypot
screened host
NIDS
41. IDS that relies on usage patterns and baseline operation - can ID new vulnerability - high rate of false alarms
hub
behavior based
switch
proxy server
42. A server that sits between an intranet and it's Internet connection - masking all IP addresses
DMZ
proxy server
application
10base2
43. A logical group of computers connected via a switch/hub that share the same network prefix in their IP address
passive
cat3
broadcast domain
subnet
44. A variation of a smurf attack using UDP
DMZ
router
fraggle
switch
45. Malicious activity not reported or detected
replay
honeynet
false negative
10Base5
46. Session hijacking countermeasure
ARP poisoning
hub
10Base5
encrypt session key
47. Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)
replay
multiple interface firewall
spoofing attacks
stateful inspection
48. Twisted pair cable with speed capability of 1Gbps
cat5
NAT
cat3
49 -152 - 65 -535
49. One device per network segment - does not use local system resources - can't examine encrypted traffic - OS independent - less expensive
passive
IP spoofing
NIDS
DNS spoofing
50. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
ping flooding
session hijacking
IP spoofing
fiber optic