SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. DMZ implementation using two firewalls with different rule sets for the DMZ and intranet
allow by default
layered
replay
DMZ
2. Bastion host - dual homed firewall - multi homed firewall - screened host - screened subnet
firewall architectures
layered
passive
behavior based
3. Level 1 firewall that looks at the head of a packet - (not content) - operates rapidly - application independent - either allow or deny packets
honeypot
packet filter
source - destination - protocol
ARP poisoning
4. Allows all traffic except traffic that is specifically denied - also known as permissive access
DoS attacks
defense in depth
allow by default
deny by default
5. An attacker redirects valid request to malicious sites by feeding a DNS server altered records which are retained in its cache
blind
0 - 1023
1024 - 49 -151
DNS spoofing
6. A pool of public IP addresses is shared by a collection of private IP addresses
0 - 1023
DoS attacks
dynamic NAT
port address translation
7. An attack where fragmented UDP packets with odd offset values are sent to the victim - when the OS attempts to rebuild the fragments they overwrite each other and cause confusion
teardrop
broadcast domain
tcp/ip hijacking
spoofing attacks
8. Generate random TCP sequence numbers and encrypt traffic countermeasure what attacks
defense in depth
coaxial
10Base5
man in the middle and replay
9. Forging an IP address with the address of a trusted host
IP spoofing
proxy
firewalls
HIDS
10. Promiscuous NIC to sniff passing traffic - admin NIC to send alerts to centralized management system
IP spoofing
application gateway
source - destination - protocol
NIDS network connections
11. A logical division of a computer network - in which all nodes can reach each other by broadcast at the data link layer - equivalent to a VLAN
network
broadcast domain
firewalls
fiber optic
12. Twisted pair cable with speed capability of 1Gbps
smurf
router
cat5
multiple interface firewall
13. A packet filtering firewall works at this layer of the OSI model
router
PBX (Private Branch Exchange)
IP spoofing
network
14. A set of rules computers use to communicate with each other across a network
null session
protocol
DoS attacks
dual homed
15. A complete transfer of all DNS zone information from one server to another
private
zone transfer
man in the middle and replay
NIDS
16. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
man in the middle
fiber optic
NAT
private
17. An attack where an attacker captures sensitive information and sends it again later in an attempt to replicate the transaction
0 - 1023
broadcast domain
replay
firewalls
18. Known as thinnet - 10mbps - limited to 185 meters
10base2
repeater
false positive
source - destination - protocol
19. Network configuration that permits selected outsiders access internal information systems
spoofing attacks
cat5
extranet
ping of death
20. An application layer gateway works at this layer of the OSI model
cat5
protocol analyzer
honeypot
application
21. Evolved from IDS - monitors network traffic - detects and responds to attack on network
replay
zone transfer
NIPS
1024 - 49 -151
22. Session hijacking countermeasure
zone transfer
hub
encrypt session key
10base2
23. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
switch
firewalls
dynamic NAT
NIDS network connections
24. Creating a illegitimate website with the intention of convincing victims that they are visiting a legitimate site - typically to collect confidential information
stateful inspection
website spoofing
firewalls
teardrop
25. User / registered ports
ping of death
tcp/ip hijacking
router
1024 - 49 -151
26. Level 2 firewall often used to filter web traffic
proxy
encrypt session key
broadcast domain
ping flooding
27. A logical group of computers connected via a switch/hub that share the same network prefix in their IP address
subnet
switch
source - destination - protocol
active
28. Capture and analyze network traffic - also known as packet analyzer - sniffer - network analyzer
10Base5
risk mitigation
protocol analyzer
spoofing
29. Unauthenticated connections - creating the potential for a successful connection as an anonymous user
tcp/ip hijacking
null session
replay
spoofing attacks
30. Connects devices together to form a subnet - broadcasts incoming packets to all devices
NAT
hub
fiber optic
knowledge based
31. Used by ISPs - single public network IP address is shared among many hosts on a private network - also known as PAT
router
IP spoofing
port address translation
firewalls
32. Cable with copper core - has no physical transmission security and is easy to tap - 10mbps - maximum length 500 meters
screened subnet
knowledge based
fiber optic
coaxial
33. One private IP address is mapped to one public IP address
application gateway
defense in depth
static NAT
passive
34. IPS response method - terminate process/session - block/reject and redirect network traffic
passive
active
switch
man in the middle and replay
35. Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)
replay
multiple interface firewall
active
IP spoofing
36. Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________
ARP
SYN flood
ARP poisoning
firewalls
37. A firewall that checks all layers of a packet including content - verifying an expected response to a current communication session - also call a deep packet inspection
land attack
application
split horizon DNS
stateful inspection
38. A logical connection point allowing computers and software to communicate and exchange data
honeypot
port
hub
bastion host
39. IP - email - website - DNS - and ARP
encrypt session key
null session
knowledge based
spoofing attacks
40. A DoS attack that subverts the normal "three way handshake" of TCP/IP by sending SYN packets - but no corresponding ACK packets
passive
fraggle
SYN flood
behavior based
41. Monitors network traffic to identify possible attacks
NIDS
ARP
dual homed
knowledge based
42. A variation of a smurf attack using UDP
informed
fraggle
stateful inspection
tcp/ip hijacking
43. IDS that relies on the identification of known attack signatures
knowledge based
10Base5
deny by default
defense in depth
44. A physical or logical subnetwork that houses systems accessible to a larger untrusted network - usually the Internet - also known as DMZ
encrypt session key
screened subnet
deny by default
active
45. Bbenign activity reported as malicious
port address translation
IP spoofing
DMZ
false positive
46. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
spoofing
twisted pair
false negative
DMZ
47. Head of a packet contains...
false positive
smurf
layered
source - destination - protocol
48. Acts as an organizations internal phone system
49 -152 - 65 -535
hub
PBX (Private Branch Exchange)
coaxial
49. An attacker redirects traffic by falsifying the IP address requested by ARP request
10Base5
ARP poisoning
IP spoofing
49 -152 - 65 -535
50. Collection on honeypots
cat5
static NAT
IP spoofing
honeynet
