SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Connects devices together to form a subnet - broadcasts incoming packets to all devices
NIDS network connections
0 - 1023
hub
NIPS
2. Amplifies the signal of incoming packets before broadcasting them to the network
knowledge based
repeater
broadcast domain
proxy server
3. Ping flooding - ping of death - smurf - fraggle - SYN flood - land - teardrop - email flood
packet filter
DoS attacks
cat3
session hijacking
4. Collection on honeypots
honeynet
honeypot
1024 - 49 -151
behavior based
5. User / registered ports
spoofing attacks
1024 - 49 -151
behavior based
honeynet
6. Variation of the SYN flood where SYN packets are spoofed to have the same source and destination IP address and port
IP spoofing
1024 - 49 -151
PBX (Private Branch Exchange)
land attack
7. Twisted pair cable with speed capability of 10Mbps
cat3
blind
store and forward
proxy
8. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
passive
promiscuous
router
switch
9. Well known ports - allow administrative access - used for network services - considered only ports allowed to transmit traffic thru a firewall
multiple interface firewall
defense in depth
port address translation
0 - 1023
10. Protocol used to map an known IP address to its corresponding media access control (MAC) address
active
ARP
10Base5
protocol
11. A variation of a smurf attack using UDP
deny by default
null session
VLAN
fraggle
12. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
active
teardrop
bastion host
stateful inspection
13. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
risk mitigation
dual homed
multiple interface firewall
null session
14. Generate random TCP sequence numbers and encrypt traffic countermeasure what attacks
packet filter
man in the middle and replay
risk mitigation
DMZ
15. Type of IP addresses not routed on the internet: 10.x.x.x - 172.16.x.x - 192.168.x.x
firewalls
10Base5
knowledge based
private
16. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
passive
ping of death
multiple interface firewall
NIDS network connections
17. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
application
coaxial
NIDS
screened host
18. Used by ISPs - single public network IP address is shared among many hosts on a private network - also known as PAT
firewall architectures
false positive
port address translation
firewalls
19. A pool of public IP addresses is shared by a collection of private IP addresses
replay
dynamic NAT
informed
fiber optic
20. DMZ implementation using two firewalls with different rule sets for the DMZ and intranet
screened subnet
null session
layered
firewalls
21. A flaw in TCP/IP to verify that a packet really comes from the addess indicated in the IP header leads to this attack
tcp/ip hijacking
stateful inspection
static NAT
IP spoofing
22. Used to pass data from one VLAN to another
teardrop
router
honeynet
packet filter
23. Blocks all traffic from passing through the firewall except for traffic that is explicitly allowed - also known as restrictive access - best practice
split horizon DNS
false negative
deny by default
hub
24. Creating a illegitimate website with the intention of convincing victims that they are visiting a legitimate site - typically to collect confidential information
split horizon DNS
cat3
active
website spoofing
25. Malicious activity not reported or detected
ARP poisoning
VLAN
IP spoofing
false negative
26. A group of hosts on logical network segment that communicate as if they were attached to the same broadcast domain - regardless of their physical location
VLAN
multi homed
honeynet
content filter
27. An attack where fragmented UDP packets with odd offset values are sent to the victim - when the OS attempts to rebuild the fragments they overwrite each other and cause confusion
NIDS network connections
fraggle
teardrop
false negative
28. Session hijacking countermeasure
encrypt session key
proxy
broadcast domain
DNS spoofing
29. Multiple network defense components are placed throughout the organizations assets and the network is properly segmented
passive
passive
defense in depth
protocol analyzer
30. Cable used most in networks - maximum speed 1Gbps - maximum length 100 meters - susceptible to tap
null session
DNS spoofing
screened host
twisted pair
31. One private IP address is mapped to one public IP address
allow by default
static NAT
PBX (Private Branch Exchange)
port
32. Examines a entire packet and determines action based on a complex set of rules
knowledge based
application gateway
risk mitigation
ping of death
33. A physical or logical subnetwork that houses systems accessible to a larger untrusted network - usually the Internet - also known as DMZ
ping flooding
screened subnet
twisted pair
risk mitigation
34. Unauthenticated Windows session where an attacker can gather list of users - groups - machines - shares - user and host SID
null session
land attack
PBX (Private Branch Exchange)
hub
35. A sniffer mode used to capture traffic addressed to/from another machine on the network
fiber optic
application
promiscuous
firewalls
36. Firewall that intercepts and inspects messages before delivering them - placed between trusted and untrusted networks - degrade network traffic - also know as application gateway
VLAN
coaxial
proxy
allow by default
37. Firewall with several NICs connected to different networks
man in the middle
multi homed
spoofing attacks
port address translation
38. A ping message is broadcast to an entire network with a spoofed source IP addess of the victim computer - flooding the victim computer with responses during this attack
VLAN
smurf
NIPS
protocol analyzer
39. One process on every system - use local system resources - detect attacks that NIDS misses - examine data after decrypted - can be OS specific - more expensive
active
spoofing
private
HIDS
40. Packets with a forged source IP address - purpose to conceal the identity of the sender or impersonate another computing system
spoofing
ARP
session hijacking
IP spoofing
41. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
packet filter
NAT
DMZ
1024 - 49 -151
42. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
risk mitigation
NIDS network connections
ARP
bastion host
43. A logical group of computers connected via a switch/hub that share the same network prefix in their IP address
static NAT
subnet
DoS attacks
encrypt session key
44. Acts as an organizations internal phone system
false negative
NIDS network connections
dual homed
PBX (Private Branch Exchange)
45. IPS response method - terminate process/session - block/reject and redirect network traffic
honeypot
active
ping flooding
switch
46. IP - email - website - DNS - and ARP
spoofing attacks
NIPS
active
cat3
47. Network configuration that permits selected outsiders access internal information systems
extranet
passive
10Base5
promiscuous
48. IDS response method using logging and notification
IP spoofing
proxy
packet filter
passive
49. A complete transfer of all DNS zone information from one server to another
zone transfer
teardrop
DoS attacks
cat3
50. Packet filtering - proxies - stateful inspection
firewalls
multi homed
port address translation
PBX (Private Branch Exchange)