SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A set of rules computers use to communicate with each other across a network
protocol
active
land attack
layered
2. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
IP spoofing
application gateway
risk mitigation
bastion host
3. Variation of the SYN flood where SYN packets are spoofed to have the same source and destination IP address and port
land attack
packet filter
fraggle
allow by default
4. An application layer gateway works at this layer of the OSI model
application
DMZ
ping flooding
defense in depth
5. Level 1 firewall that looks at the head of a packet - (not content) - operates rapidly - application independent - either allow or deny packets
bastion host
active
IP spoofing
packet filter
6. Take control of a session between a server and client - the users gets kicked off the session while the attacker inserts himself into the session by sending a reset request to the client
twisted pair
session hijacking
website spoofing
fraggle
7. A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination
NIDS network connections
multi homed
static NAT
store and forward
8. An attacker redirects traffic by falsifying the IP address requested by ARP request
ARP poisoning
cat3
land attack
49 -152 - 65 -535
9. Bbenign activity reported as malicious
application gateway
DMZ
proxy server
false positive
10. Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)
screened subnet
behavior based
multiple interface firewall
NIDS
11. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
deny by default
behavior based
null session
firewalls
12. Network configuration that permits selected outsiders access internal information systems
extranet
ping flooding
store and forward
1024 - 49 -151
13. Malicious activity not reported or detected
HIDS
router
false negative
10Base5
14. DMZ implementation using two firewalls with different rule sets for the DMZ and intranet
passive
layered
fraggle
ping of death
15. Firewall with several NICs connected to different networks
router
network
multi homed
IP spoofing
16. Firewall that intercepts and inspects messages before delivering them - placed between trusted and untrusted networks - degrade network traffic - also know as application gateway
proxy
application
risk mitigation
honeypot
17. A flaw in TCP/IP to verify that a packet really comes from the addess indicated in the IP header leads to this attack
DoS attacks
blind
IP spoofing
DNS spoofing
18. An attacker redirects valid request to malicious sites by feeding a DNS server altered records which are retained in its cache
DNS spoofing
hub
man in the middle and replay
application gateway
19. A pool of public IP addresses is shared by a collection of private IP addresses
PBX (Private Branch Exchange)
dynamic NAT
twisted pair
static NAT
20. IP - email - website - DNS - and ARP
promiscuous
spoofing attacks
passive
0 - 1023
21. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
spoofing
screened host
teardrop
website spoofing
22. Monitors network traffic to identify possible attacks
defense in depth
session hijacking
promiscuous
NIDS
23. Forging an IP address with the address of a trusted host
risk mitigation
NAT
cat5
IP spoofing
24. Two authoritative sources for your domain namespace with differing contents depending on whether the query is internal or external
split horizon DNS
firewalls
protocol
49 -152 - 65 -535
25. Level 2 firewall often used to filter web traffic
active
NAT
cat3
proxy
26. IPS response method - terminate process/session - block/reject and redirect network traffic
SYN flood
null session
proxy server
active
27. Twisted pair cable with speed capability of 1Gbps
content filter
subnet
active
cat5
28. Known as thicknet - 10mbps - limited to 500 meters
firewall architectures
false negative
false positive
10Base5
29. Packet filtering - proxies - stateful inspection
ARP
switch
ARP poisoning
firewalls
30. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
stateful inspection
fiber optic
1024 - 49 -151
10Base5
31. An attack where fragmented UDP packets with odd offset values are sent to the victim - when the OS attempts to rebuild the fragments they overwrite each other and cause confusion
promiscuous
twisted pair
NIDS network connections
teardrop
32. A complete transfer of all DNS zone information from one server to another
NIDS
IP spoofing
zone transfer
deny by default
33. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
DMZ
multiple interface firewall
IP spoofing
spoofing
34. Amplifies the signal of incoming packets before broadcasting them to the network
port
repeater
NIDS
cat5
35. Session hijacking countermeasure
encrypt session key
source - destination - protocol
IP spoofing
49 -152 - 65 -535
36. Ping flooding - ping of death - smurf - fraggle - SYN flood - land - teardrop - email flood
coaxial
null session
promiscuous
DoS attacks
37. One private IP address is mapped to one public IP address
store and forward
VLAN
static NAT
deny by default
38. Used to pass data from one VLAN to another
router
IP spoofing
fraggle
proxy server
39. Type of IP addresses not routed on the internet: 10.x.x.x - 172.16.x.x - 192.168.x.x
active
protocol analyzer
subnet
private
40. A server that sits between an intranet and it's Internet connection - masking all IP addresses
false positive
proxy server
cat3
10base2
41. Allows all traffic except traffic that is specifically denied - also known as permissive access
defense in depth
proxy
store and forward
allow by default
42. Packets with a forged source IP address - purpose to conceal the identity of the sender or impersonate another computing system
smurf
active
replay
IP spoofing
43. When a hacker takes over a TCP session between two machines - also known as session hijacking - foiled by the use of encrypted sessions
packet filter
tcp/ip hijacking
stateful inspection
ping of death
44. Multiple network defense components are placed throughout the organizations assets and the network is properly segmented
SYN flood
defense in depth
proxy server
router
45. Collection on honeypots
DMZ
proxy
false positive
honeynet
46. Promiscuous NIC to sniff passing traffic - admin NIC to send alerts to centralized management system
NIDS network connections
bastion host
49 -152 - 65 -535
website spoofing
47. Head of a packet contains...
source - destination - protocol
content filter
switch
dual homed
48. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
proxy server
dual homed
knowledge based
DNS spoofing
49. IDS response method using logging and notification
passive
land attack
DNS spoofing
proxy
50. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
firewalls
private
router
content filter