SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Level 2 firewall often used to filter web traffic
proxy
DMZ
repeater
informed
2. Forging an IP address with the address of a trusted host
IP spoofing
ARP
broadcast domain
session hijacking
3. Blocks all traffic from passing through the firewall except for traffic that is explicitly allowed - also known as restrictive access - best practice
router
deny by default
cat3
spoofing attacks
4. A flaw in TCP/IP to verify that a packet really comes from the addess indicated in the IP header leads to this attack
spoofing attacks
IP spoofing
zone transfer
defense in depth
5. A variation of a smurf attack using UDP
fraggle
multiple interface firewall
firewalls
ping of death
6. One process on every system - use local system resources - detect attacks that NIDS misses - examine data after decrypted - can be OS specific - more expensive
router
port
informed
HIDS
7. A logical division of a computer network - in which all nodes can reach each other by broadcast at the data link layer - equivalent to a VLAN
dual homed
man in the middle
broadcast domain
informed
8. Type of IP addresses not routed on the internet: 10.x.x.x - 172.16.x.x - 192.168.x.x
content filter
broadcast domain
encrypt session key
private
9. Known as thicknet - 10mbps - limited to 500 meters
layered
split horizon DNS
ping flooding
10Base5
10. When a hacker takes over a TCP session between two machines - also known as session hijacking - foiled by the use of encrypted sessions
stateful inspection
false positive
network
tcp/ip hijacking
11. Promiscuous NIC to sniff passing traffic - admin NIC to send alerts to centralized management system
NAT
NIDS network connections
null session
ping of death
12. Head of a packet contains...
1024 - 49 -151
informed
false negative
source - destination - protocol
13. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
fraggle
ping of death
DoS attacks
protocol
14. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
dual homed
fraggle
10Base5
spoofing attacks
15. IP spoofing attack where the attacker can only send packets and has to guess about replies
port
router
blind
ping of death
16. Ping flooding - ping of death - smurf - fraggle - SYN flood - land - teardrop - email flood
SYN flood
source - destination - protocol
replay
DoS attacks
17. Monitors network traffic to identify possible attacks
store and forward
content filter
NIDS
fraggle
18. Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)
multiple interface firewall
layered
subnet
informed
19. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
replay
spoofing
proxy
switch
20. A decoy system - intentionally left exposed to attract/distract attackers - logs and monitors attacker activities
source - destination - protocol
honeypot
DNS spoofing
null session
21. Malicious activity not reported or detected
HIDS
split horizon DNS
protocol
false negative
22. A complete transfer of all DNS zone information from one server to another
firewalls
multiple interface firewall
zone transfer
router
23. Packet filtering - proxies - stateful inspection
screened host
fiber optic
firewalls
broadcast domain
24. Amplifies the signal of incoming packets before broadcasting them to the network
active
repeater
DNS spoofing
NIDS
25. An attack where an attacker captures sensitive information and sends it again later in an attempt to replicate the transaction
HIDS
active
replay
defense in depth
26. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
man in the middle and replay
screened host
port
informed
27. A packet filtering firewall works at this layer of the OSI model
DMZ
network
knowledge based
stateful inspection
28. A sniffer mode used to capture traffic addressed to/from another machine on the network
IP spoofing
promiscuous
DoS attacks
application
29. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
source - destination - protocol
ARP poisoning
active
router
30. Take control of a session between a server and client - the users gets kicked off the session while the attacker inserts himself into the session by sending a reset request to the client
session hijacking
hub
proxy server
encrypt session key
31. Twisted pair cable with speed capability of 1Gbps
private
NIDS network connections
dynamic NAT
cat5
32. Bbenign activity reported as malicious
deny by default
twisted pair
IP spoofing
false positive
33. Variation of the SYN flood where SYN packets are spoofed to have the same source and destination IP address and port
source - destination - protocol
land attack
VLAN
firewalls
34. Unauthenticated connections - creating the potential for a successful connection as an anonymous user
store and forward
DMZ
multi homed
null session
35. Connects devices together to form a subnet - broadcasts incoming packets to all devices
hub
passive
informed
PBX (Private Branch Exchange)
36. A group of hosts on logical network segment that communicate as if they were attached to the same broadcast domain - regardless of their physical location
IP spoofing
smurf
VLAN
layered
37. A physical or logical subnetwork that houses systems accessible to a larger untrusted network - usually the Internet - also known as DMZ
DMZ
deny by default
screened subnet
multi homed
38. IP spoofing attack where the attacker can monitor packets and participate in bidirectional communication
VLAN
HIDS
informed
spoofing
39. A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination
store and forward
risk mitigation
proxy
screened host
40. A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security
firewalls
multiple interface firewall
stateful inspection
informed
41. Capture and analyze network traffic - also known as packet analyzer - sniffer - network analyzer
protocol analyzer
port
NIPS
firewalls
42. Man in the middle attack where the content of an intercepted message is altered before it is sent on
ping flooding
active
source - destination - protocol
multi homed
43. Used to pass data from one VLAN to another
man in the middle and replay
cat5
router
split horizon DNS
44. Man in the middle attack where the attacker captures the traffic and sends it to the original recipient without altering the intercepted data
application gateway
honeypot
passive
VLAN
45. A firewall that checks all layers of a packet including content - verifying an expected response to a current communication session - also call a deep packet inspection
router
router
dual homed
stateful inspection
46. Evolved from IDS - monitors network traffic - detects and responds to attack on network
NIPS
port
knowledge based
stateful inspection
47. An attacker redirects traffic by falsifying the IP address requested by ARP request
ARP poisoning
ARP
man in the middle and replay
man in the middle
48. Network configuration that permits selected outsiders access internal information systems
behavior based
hub
active
extranet
49. Dynamic / private ports
firewalls
active
49 -152 - 65 -535
allow by default
50. One device per network segment - does not use local system resources - can't examine encrypted traffic - OS independent - less expensive
router
NIPS
NIDS
10Base5
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests
