SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Amplifies the signal of incoming packets before broadcasting them to the network
allow by default
ARP
10Base5
repeater
2. DMZ implementation using two firewalls with different rule sets for the DMZ and intranet
layered
switch
passive
fiber optic
3. Man in the middle attack where the attacker captures the traffic and sends it to the original recipient without altering the intercepted data
store and forward
passive
source - destination - protocol
firewalls
4. A packet filtering firewall works at this layer of the OSI model
spoofing
port
smurf
network
5. Twisted pair cable with speed capability of 10Mbps
knowledge based
land attack
cat5
cat3
6. A person or program masquerades as another by presenting false information to gain an illegitimate advantage
application
dynamic NAT
spoofing
risk mitigation
7. Ping flooding - ping of death - smurf - fraggle - SYN flood - land - teardrop - email flood
website spoofing
PBX (Private Branch Exchange)
DoS attacks
ARP
8. A variation of a smurf attack using UDP
fraggle
VLAN
1024 - 49 -151
cat5
9. A pool of public IP addresses is shared by a collection of private IP addresses
man in the middle
dynamic NAT
switch
screened subnet
10. A logical group of computers connected via a switch/hub that share the same network prefix in their IP address
subnet
extranet
repeater
protocol analyzer
11. IDS that relies on usage patterns and baseline operation - can ID new vulnerability - high rate of false alarms
behavior based
risk mitigation
DNS spoofing
multiple interface firewall
12. A ping message is broadcast to an entire network with a spoofed source IP addess of the victim computer - flooding the victim computer with responses during this attack
smurf
fraggle
informed
layered
13. Allows all traffic except traffic that is specifically denied - also known as permissive access
firewalls
cat5
allow by default
active
14. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
multi homed
allow by default
risk mitigation
ping of death
15. Packets with a forged source IP address - purpose to conceal the identity of the sender or impersonate another computing system
encrypt session key
IP spoofing
multiple interface firewall
zone transfer
16. Cable used most in networks - maximum speed 1Gbps - maximum length 100 meters - susceptible to tap
IP spoofing
proxy
DMZ
twisted pair
17. Firewall that intercepts and inspects messages before delivering them - placed between trusted and untrusted networks - degrade network traffic - also know as application gateway
proxy
NIDS network connections
screened host
store and forward
18. Connects devices together to form a subnet - packet forwarding is based on MAC addresses - works at the data link layer of the OSI
behavior based
promiscuous
switch
dual homed
19. An attacker redirects valid request to malicious sites by feeding a DNS server altered records which are retained in its cache
passive
ARP poisoning
DNS spoofing
DMZ
20. Level 1 firewall that looks at the head of a packet - (not content) - operates rapidly - application independent - either allow or deny packets
NIDS
packet filter
screened subnet
behavior based
21. One private IP address is mapped to one public IP address
proxy
static NAT
land attack
DNS spoofing
22. Creating a illegitimate website with the intention of convincing victims that they are visiting a legitimate site - typically to collect confidential information
spoofing attacks
NAT
website spoofing
1024 - 49 -151
23. A logical division of a computer network - in which all nodes can reach each other by broadcast at the data link layer - equivalent to a VLAN
smurf
broadcast domain
10Base5
DMZ
24. Monitors network traffic to identify possible attacks
spoofing
SYN flood
firewalls
NIDS
25. IPS response method - terminate process/session - block/reject and redirect network traffic
false negative
multiple interface firewall
active
defense in depth
26. An attacker redirects traffic by falsifying the IP address requested by ARP request
null session
firewalls
dynamic NAT
ARP poisoning
27. Known as thicknet - 10mbps - limited to 500 meters
twisted pair
port
NIDS
10Base5
28. Examines a entire packet and determines action based on a complex set of rules
defense in depth
extranet
application gateway
bastion host
29. Firewall with several NICs connected to different networks
multi homed
stateful inspection
active
null session
30. Connects devices together to form a subnet - broadcasts incoming packets to all devices
port address translation
ping of death
hub
screened host
31. Session hijacking countermeasure
allow by default
proxy server
protocol analyzer
encrypt session key
32. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
packet filter
store and forward
DMZ
spoofing
33. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
firewalls
NAT
tcp/ip hijacking
IP spoofing
34. A decoy system - intentionally left exposed to attract/distract attackers - logs and monitors attacker activities
IP spoofing
honeypot
land attack
defense in depth
35. Blocks all traffic from passing through the firewall except for traffic that is explicitly allowed - also known as restrictive access - best practice
man in the middle
knowledge based
deny by default
land attack
36. Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic
bastion host
informed
screened host
false positive
37. Acts as an organizations internal phone system
passive
network
PBX (Private Branch Exchange)
encrypt session key
38. Packet filtering - proxies - stateful inspection
session hijacking
website spoofing
firewalls
port address translation
39. IDS response method using logging and notification
NIPS
IP spoofing
passive
PBX (Private Branch Exchange)
40. A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination
knowledge based
store and forward
extranet
fiber optic
41. Seeks to reduce the probability and/or impact of a specific risk below an acceptable threshold
stateful inspection
risk mitigation
blind
spoofing
42. User / registered ports
null session
store and forward
1024 - 49 -151
cat3
43. One process on every system - use local system resources - detect attacks that NIDS misses - examine data after decrypted - can be OS specific - more expensive
49 -152 - 65 -535
honeynet
HIDS
replay
44. Capture and analyze network traffic - also known as packet analyzer - sniffer - network analyzer
protocol analyzer
passive
extranet
false positive
45. A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security
fraggle
port address translation
stateful inspection
smurf
46. Attack where an attacker intercepts traffic and tricks parties at either end into believing they are communicating with each other
extranet
deny by default
repeater
man in the middle
47. A firewall that checks all layers of a packet including content - verifying an expected response to a current communication session - also call a deep packet inspection
bastion host
DNS spoofing
stateful inspection
firewalls
48. A physical or logical subnetwork that houses systems accessible to a larger untrusted network - usually the Internet - also known as DMZ
screened subnet
0 - 1023
allow by default
twisted pair
49. A group of hosts on logical network segment that communicate as if they were attached to the same broadcast domain - regardless of their physical location
VLAN
active
protocol analyzer
false positive
50. When a hacker takes over a TCP session between two machines - also known as session hijacking - foiled by the use of encrypted sessions
DNS spoofing
man in the middle and replay
firewalls
tcp/ip hijacking
