SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
stateful inspection
tcp/ip hijacking
NAT
land attack
2. Malicious activity not reported or detected
network
false negative
IP spoofing
ARP
3. Cable with copper core - has no physical transmission security and is easy to tap - 10mbps - maximum length 500 meters
coaxial
firewall architectures
defense in depth
screened host
4. Generate random TCP sequence numbers and encrypt traffic countermeasure what attacks
active
null session
screened host
man in the middle and replay
5. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
coaxial
private
passive
risk mitigation
6. Type of IP addresses not routed on the internet: 10.x.x.x - 172.16.x.x - 192.168.x.x
private
honeynet
dynamic NAT
content filter
7. A physical or logical subnetwork that houses systems accessible to a larger untrusted network - usually the Internet - also known as DMZ
screened subnet
null session
stateful inspection
10Base5
8. A person or program masquerades as another by presenting false information to gain an illegitimate advantage
spoofing
IP spoofing
dynamic NAT
protocol analyzer
9. Firewall with several NICs connected to different networks
packet filter
firewalls
multi homed
null session
10. IP spoofing attack where the attacker can monitor packets and participate in bidirectional communication
DNS spoofing
10base2
passive
informed
11. Multiple network defense components are placed throughout the organizations assets and the network is properly segmented
defense in depth
website spoofing
content filter
passive
12. A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination
DMZ
store and forward
man in the middle and replay
router
13. Known as thinnet - 10mbps - limited to 185 meters
replay
honeynet
10base2
spoofing attacks
14. A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security
stateful inspection
honeypot
deny by default
passive
15. IP - email - website - DNS - and ARP
DoS attacks
spoofing attacks
network
private
16. IDS that relies on usage patterns and baseline operation - can ID new vulnerability - high rate of false alarms
proxy server
false positive
10base2
behavior based
17. A packet filtering firewall works at this layer of the OSI model
packet filter
network
IP spoofing
promiscuous
18. Dynamic / private ports
coaxial
49 -152 - 65 -535
active
split horizon DNS
19. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
multi homed
ping of death
proxy server
spoofing
20. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
blind
switch
screened subnet
port address translation
21. Packets with a forged source IP address - purpose to conceal the identity of the sender or impersonate another computing system
IP spoofing
smurf
layered
VLAN
22. Bastion host - dual homed firewall - multi homed firewall - screened host - screened subnet
proxy
active
firewall architectures
screened host
23. Connects devices together to form a subnet - broadcasts incoming packets to all devices
null session
hub
cat3
honeypot
24. One device per network segment - does not use local system resources - can't examine encrypted traffic - OS independent - less expensive
extranet
switch
NIDS
allow by default
25. Blocks all traffic from passing through the firewall except for traffic that is explicitly allowed - also known as restrictive access - best practice
port
deny by default
man in the middle
null session
26. Attack where an attacker intercepts traffic and tricks parties at either end into believing they are communicating with each other
man in the middle
ARP poisoning
router
proxy server
27. Man in the middle attack where the content of an intercepted message is altered before it is sent on
screened host
active
man in the middle
protocol analyzer
28. Creating a illegitimate website with the intention of convincing victims that they are visiting a legitimate site - typically to collect confidential information
website spoofing
NAT
NIDS
informed
29. Acts as an organizations internal phone system
SYN flood
packet filter
PBX (Private Branch Exchange)
cat3
30. Two authoritative sources for your domain namespace with differing contents depending on whether the query is internal or external
zone transfer
split horizon DNS
stateful inspection
proxy
31. A decoy system - intentionally left exposed to attract/distract attackers - logs and monitors attacker activities
website spoofing
ping of death
dynamic NAT
honeypot
32. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
screened host
fraggle
IP spoofing
VLAN
33. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
VLAN
encrypt session key
router
proxy
34. A sniffer mode used to capture traffic addressed to/from another machine on the network
hub
49 -152 - 65 -535
null session
promiscuous
35. An attack where an attacker captures sensitive information and sends it again later in an attempt to replicate the transaction
behavior based
protocol
replay
screened host
36. DMZ implementation using two firewalls with different rule sets for the DMZ and intranet
bastion host
split horizon DNS
twisted pair
layered
37. IPS response method - terminate process/session - block/reject and redirect network traffic
active
subnet
false positive
behavior based
38. Evolved from IDS - monitors network traffic - detects and responds to attack on network
NIPS
subnet
DoS attacks
false positive
39. Firewall that intercepts and inspects messages before delivering them - placed between trusted and untrusted networks - degrade network traffic - also know as application gateway
IP spoofing
proxy
DNS spoofing
NAT
40. Session hijacking countermeasure
screened host
encrypt session key
coaxial
proxy
41. Examines a entire packet and determines action based on a complex set of rules
ARP
10base2
switch
application gateway
42. Head of a packet contains...
NIDS
source - destination - protocol
firewalls
session hijacking
43. Allows all traffic except traffic that is specifically denied - also known as permissive access
allow by default
NIDS
port address translation
false negative
44. Monitors network traffic to identify possible attacks
firewalls
NIDS
stateful inspection
tcp/ip hijacking
45. Unauthenticated Windows session where an attacker can gather list of users - groups - machines - shares - user and host SID
layered
static NAT
null session
fraggle
46. A ping message is broadcast to an entire network with a spoofed source IP addess of the victim computer - flooding the victim computer with responses during this attack
proxy
teardrop
HIDS
smurf
47. A complete transfer of all DNS zone information from one server to another
ping of death
website spoofing
cat3
zone transfer
48. An attack where fragmented UDP packets with odd offset values are sent to the victim - when the OS attempts to rebuild the fragments they overwrite each other and cause confusion
DNS spoofing
replay
twisted pair
teardrop
49. Attempt to block service or reduce activity by overloading the victim machine with ping requests
NIDS
ping flooding
layered
PBX (Private Branch Exchange)
50. A pool of public IP addresses is shared by a collection of private IP addresses
DoS attacks
HIDS
dynamic NAT
blind