SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Network Security
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Firewall with several NICs connected to different networks
repeater
multi homed
coaxial
encrypt session key
2. Level 2 firewall often used to filter web traffic
port address translation
private
screened subnet
proxy
3. Man in the middle attack where the content of an intercepted message is altered before it is sent on
NIPS
smurf
active
proxy server
4. IDS that relies on the identification of known attack signatures
content filter
ARP
knowledge based
coaxial
5. Cable designed for transmission at higher speeds (100Mbps - 2Gbps) and longer distances (2km) - expensive -eliminates signal tapping
HIDS
twisted pair
fiber optic
NIDS network connections
6. Firewall that intercepts and inspects messages before delivering them - placed between trusted and untrusted networks - degrade network traffic - also know as application gateway
active
application
proxy
SYN flood
7. A feature of firewalls / routers that disguise the IP address of internal systems allowing connection to the Internet using one public address
NIPS
passive
coaxial
NAT
8. Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)
router
multiple interface firewall
encrypt session key
false negative
9. Generate random TCP sequence numbers and encrypt traffic countermeasure what attacks
broadcast domain
man in the middle and replay
10Base5
router
10. Bbenign activity reported as malicious
session hijacking
repeater
spoofing attacks
false positive
11. Attempt to block service or reduce activity by overloading the victim machine with ping requests
hub
replay
land attack
ping flooding
12. Type of IP addresses not routed on the internet: 10.x.x.x - 172.16.x.x - 192.168.x.x
knowledge based
multi homed
PBX (Private Branch Exchange)
private
13. Head of a packet contains...
ARP
source - destination - protocol
false negative
IP spoofing
14. Examines content passing through and makes a decision on the data based on a set of criteria - normal uses email filtering and web browsing
cat5
content filter
router
passive
15. Forging an IP address with the address of a trusted host
firewalls
packet filter
IP spoofing
static NAT
16. Acts as an organizations internal phone system
protocol analyzer
passive
router
PBX (Private Branch Exchange)
17. IDS that relies on usage patterns and baseline operation - can ID new vulnerability - high rate of false alarms
packet filter
bastion host
behavior based
layered
18. Blocks all traffic from passing through the firewall except for traffic that is explicitly allowed - also known as restrictive access - best practice
deny by default
active
protocol
static NAT
19. One device per network segment - does not use local system resources - can't examine encrypted traffic - OS independent - less expensive
NIDS
application
ping of death
teardrop
20. Bastion host - dual homed firewall - multi homed firewall - screened host - screened subnet
firewall architectures
static NAT
cat3
stateful inspection
21. Session hijacking countermeasure
encrypt session key
firewalls
PBX (Private Branch Exchange)
subnet
22. Known as thinnet - 10mbps - limited to 185 meters
static NAT
10base2
dual homed
NIDS
23. When a hacker takes over a TCP session between two machines - also known as session hijacking - foiled by the use of encrypted sessions
active
risk mitigation
tcp/ip hijacking
ping flooding
24. A packet filtering firewall works at this layer of the OSI model
layered
network
null session
teardrop
25. Web servers - FTP servers - DNS servers - mail servers should be located on the _____________
DMZ
broadcast domain
hub
repeater
26. Twisted pair cable with speed capability of 10Mbps
protocol
cat3
NIDS network connections
twisted pair
27. IP - email - website - DNS - and ARP
behavior based
49 -152 - 65 -535
spoofing attacks
fiber optic
28. An attacker redirects valid request to malicious sites by feeding a DNS server altered records which are retained in its cache
honeypot
risk mitigation
DNS spoofing
NIDS
29. A pool of public IP addresses is shared by a collection of private IP addresses
switch
replay
dynamic NAT
fiber optic
30. A complete transfer of all DNS zone information from one server to another
source - destination - protocol
ping flooding
zone transfer
knowledge based
31. Used to pass data from one VLAN to another
protocol
subnet
router
broadcast domain
32. DMZ implementation using two firewalls with different rule sets for the DMZ and intranet
extranet
protocol
layered
NIDS
33. A DoS attack that subverts the normal "three way handshake" of TCP/IP by sending SYN packets - but no corresponding ACK packets
NIDS
SYN flood
49 -152 - 65 -535
NAT
34. A logical group of computers connected via a switch/hub that share the same network prefix in their IP address
dynamic NAT
subnet
proxy
promiscuous
35. Multiple network defense components are placed throughout the organizations assets and the network is properly segmented
honeynet
private
defense in depth
deny by default
36. An attack where an attacker captures sensitive information and sends it again later in an attempt to replicate the transaction
replay
layered
proxy
passive
37. Man in the middle attack where the attacker captures the traffic and sends it to the original recipient without altering the intercepted data
false negative
stateful inspection
PBX (Private Branch Exchange)
passive
38. A logical division of a computer network - in which all nodes can reach each other by broadcast at the data link layer - equivalent to a VLAN
NIPS
null session
broadcast domain
NAT
39. Network configuration that permits selected outsiders access internal information systems
extranet
active
null session
deny by default
40. Promiscuous NIC to sniff passing traffic - admin NIC to send alerts to centralized management system
SYN flood
router
NIDS network connections
zone transfer
41. Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information
deny by default
router
firewalls
proxy
42. A flaw in TCP/IP to verify that a packet really comes from the addess indicated in the IP header leads to this attack
NIDS
blind
IP spoofing
replay
43. A locked down/hardened host on the public side of the firewall highly exposed to attacks (i.e. web server - email server)
firewalls
cat5
10Base5
bastion host
44. A physical or logical subnetwork that houses systems accessible to a larger untrusted network - usually the Internet - also known as DMZ
application
screened subnet
tcp/ip hijacking
allow by default
45. Crashing a computer by sending oversized packets (over 64 bytes) that it doesn't know how to handle
store and forward
behavior based
ping of death
NIDS network connections
46. Evolved from IDS - monitors network traffic - detects and responds to attack on network
1024 - 49 -151
dual homed
NIPS
port
47. IPS response method - terminate process/session - block/reject and redirect network traffic
active
false positive
website spoofing
passive
48. Take control of a session between a server and client - the users gets kicked off the session while the attacker inserts himself into the session by sending a reset request to the client
protocol
session hijacking
IP spoofing
repeater
49. Firewall with two NICs - one internal and one external facing - NAT is often used with this firewall
blind
application
store and forward
dual homed
50. Allows all traffic except traffic that is specifically denied - also known as permissive access
ARP
allow by default
extranet
promiscuous
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests