Time limit: 0
Quiz-summary
0 of 83 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
Information
Network Defense (NetDef) Course Final Test Online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 83 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- Answered
- Review
-
Question 1 of 83
1. Question
1 pointsWhat is a characteristic of a layered defense-in-depth security approach?Correct
Incorrect
Hint
When a layered defense-in-depth security approach is used, layers of security are placed through the organization-at the edge, within the network, and on endpoints. The layers work together to create the security architecture. In this environment, a failure of one safeguard does not affect the effectiveness of other safeguards. -
Question 2 of 83
2. Question
1 pointsWhat device would be used as the third line of defense in a defense-in-depth approach?Correct
Incorrect
Hint
In a defense-in-depth approach, the edge router would form the first line of defense. The firewall would be the second line of defense followed by the internal router making up the third line of defense. -
Question 3 of 83
3. Question
1 pointsMatch the Security Onion tool with the description.Correct
Incorrect
Hint
Place the options in the following order:network-based intrusion detection system Snort packet capture application Wireshark host-based intrusion detection system OSSEC high-level cybersecurity analysis console Sguil -
Question 4 of 83
4. Question
1 pointsWhich wireless standard made AES and CCM mandatory?Correct
Incorrect
Hint
Wireless security depends on several industry standards and has progressed from WEP to WPA and finally WPA2. -
Question 5 of 83
5. Question
1 pointsIn a comparison of biometric systems, what is the crossover error rate?Correct
Incorrect
Hint
In comparing biometric systems, there are several important factors to consider including accuracy, speed or throughput rate, and acceptability to users. -
Question 6 of 83
6. Question
1 pointsWhat are two recommended steps to protect and secure a wireless network? (Choose two.)Correct
Incorrect
Hint
Two best practices for securing wireless networks are to encrypt the wireless traffic with WPA2 encryption and to keep the wireless router firmware updated. This prevents data from being readable by an attacker and fixes any known bugs and vulnerabilities in the router. -
Question 7 of 83
7. Question
1 pointsWhat is a feature of virtual LANs (VLANs)?Correct
Incorrect
Hint
Virtual LANs (VLANs) provide a logical segmentation by creating multiple broadcast domains on the same network switch. VLANs provide higher utilization of switch ports because a port could be associated to the necessary broadcast domain, and multiple broadcast domains can reside on the same switch. Network devices in one VLAN cannot communicate with devices in a different VLAN without the implementation of inter-VLAN routing. -
Question 8 of 83
8. Question
1 pointsWhat is an example of privilege escalation attack?Correct
Incorrect
Hint
With the privilege escalation exploit, vulnerabilities in servers or access control systems are exploited to grant an unauthorized user, or software process, higher levels of privilege than either should have. After the higher privilege is granted, the threat actor can access sensitive information or take control of a system. -
Question 9 of 83
9. Question
1 pointsWhat is the principle behind the nondiscretionary access control model?Correct
Incorrect
Hint
The nondiscretionary access control model used the roles and responsibilities of the user as the basis for access decisions. -
Question 10 of 83
10. Question
1 pointsWhich two features are included by both TACACS+ and RADIUS protocols? (Choose two.)Correct
Incorrect
Hint
Both TACACS+ and RADIUS support password encryption (TACACS+ encrypts all communication) and use Layer 4 protocol (TACACS+ uses TCP and RADIUS uses UDP). TACACS+ supports separation of authentication and authorization processes, while RADIUS combines authentication and authorization as one process. RADIUS supports remote access technology, such as 802.1x and SIP; TACACS+ does not. -
Question 11 of 83
11. Question
1 pointsRefer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?Correct
Incorrect
Hint
Because the new deny ACE is a host address that falls within the existing 172.16.0.0 network that is permitted, the router rejects the command and displays an error message. For the new deny ACE to take effect, it must be manually configured by the administrator with a sequence number that is less than 10. -
Question 12 of 83
12. Question
1 pointsWhich command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?Correct
Incorrect
Hint
For the purpose of applying an access list to a particular interface, the ipv6 traffic-filter IPv6 command is equivalent to the access-group IPv4 command. The direction in which the traffic is examined (in or out) is also required. -
Question 13 of 83
13. Question
1 pointsIn which configuration would an outbound ACL placement be preferred over an inbound ACL placement?Correct
Incorrect
Hint
An outbound ACL should be utilized when the same ACL filtering rules will be applied to packets coming from more than one inbound interface before exiting a single outbound interface. The outbound ACL will be applied on the single outbound interface. -
Question 14 of 83
14. Question
1 pointsWhat are two differences between stateful and stateless firewalls? (Choose two.)Correct
Incorrect
Hint
There are many differences between a stateless and stateful firewall. Stateless firewalls:- are susceptible to IP spoofing
- do not reliably filter fragmented packets
- use complex ACLs, which can be difficult to implement and maintain
- cannot dynamically filter certain services
- examine each packet individually rather than in the context of the state of a connection
- are often used as a primary means of defense by filtering unwanted, unnecessary, or undesirable traffic
- strengthen packet filtering by providing more stringent control over security
- improve performance over packet filters or proxy servers
- defend against spoofing and DoS attacks by determining whether packets belong to an existing connection or are from an unauthorized source
- provide more log information than a packet filtering firewall
-
Question 15 of 83
15. Question
1 pointsWhich statement describes a typical security policy for a DMZ firewall configuration?Correct
Incorrect
Hint
With a three interface firewall design that has internal, external, and DMZ connections, typical configurations include the following: Traffic originating from DMZ destined for the internal network is normally blocked. Traffic originating from the DMZ destined for external networks is typically permitted based on what services are being used in the DMZ. Traffic originating from the internal network destined from the DMZ is normally inspected and allowed to return. Traffic originating from external networks (the public network) is typically allowed in the DMZ only for specific services. -
Question 16 of 83
16. Question
1 pointsWhich type of firewall makes use of a proxy server to connect to remote servers on behalf of clients?Correct
Incorrect
Hint
An application gateway firewall, also called a proxy firewall, filters information at Layers 3, 4, 5, and 7 of the OSI model. It uses a proxy server to connect to remote servers on behalf of clients. Remote servers will see only a connection from the proxy server, not from the individual clients. -
Question 17 of 83
17. Question
1 pointsWhat is the result in the self zone if a router is the source or destination of traffic?Correct
Incorrect
Hint
All traffic is permitted in the self zone if the traffic originates from, or is destined for, the router. -
Question 18 of 83
18. Question
1 pointsDesigning a ZPF requires several steps. Which step involves dictating the number of devices between most-secure and least-secure zones and determining redundant devices?Correct
Incorrect
Hint
Designing ZPFs involves several steps: Step 1 . Determine the zones – The administrator focuses on the separation of the network into zones. Zones establish the security borders of a network. Step 2 . Establish policies between zones – For each pair of “source-destination” zones, define the sessions that clients in the source zones can request from servers in destination zones. Step 3 . Design the physical infrastructure – After the zones have been identified, and the traffic requirements between them documented, the administrator must design the physical infrastructure. This includes dictating the number of devices between most-secure and least-secure zones and determining redundant devices. Step 4 . Identify subsets within zones and merge traffic requirements – For each firewall device in the design, the administrator must identify zone subsets that are connected to its interfaces and merge the traffic requirements for those zones. -
Question 19 of 83
19. Question
1 pointsWhich statement describes Cisco IOS Zone-Based Policy Firewall operation?Correct
Incorrect
Hint
The pass action allows traffic only in one direction. Interfaces automatically become members of the self zone. Interfaces are assigned to zones in interface configuration mode, but most configuration takes place in global configuration mode and associated submodes. Interfaces can belong to only one zone at any time. -
Question 20 of 83
20. Question
1 pointsWhich cloud security domain describes controls related to securing the data itself?Correct
Incorrect
Hint
The Security Guidance for Critical Areas of Focus in Cloud Computing v4 document developed by the Cloud Security Alliance (CSA) covers 14 domains of cloud security. Some of these domains are:- Infrastructure Security – describes cloud-specific aspects of infrastructure security and the foundation for operating securely in the cloud.
- Data Security and Encryption – describes those controls related to securing the data itself, of which encryption is one of the most important.
- Application Security – provides guidance on how to securely build and deploy applications in cloud computing environments, specifically for PaaS and IaaS.
- Security as a Service – covers the continually evolving security services delivered from the cloud.
-
Question 21 of 83
21. Question
1 pointsWhich two advantages in security controls are provided by software-defined networks (SDN) over traditional network security solutions? (Choose two.)Correct
Incorrect
Hint
Software-defined networks (SDN) enable new types of security controls and provide an overall gain for network security including:- easy network isolation without the constraints of physical hardware
- SDN firewalls (security groups in cloud computing) apply to assets based on more flexible criteria than hardware firewalls
-
Question 22 of 83
22. Question
1 pointsWhat is the function of SDKs in application development?Correct
Incorrect
Hint
SDKs, or Software Development Kits, provide a repository of useful code to make application development faster and cheaper. -
Question 23 of 83
23. Question
1 pointsA company is using a public cloud provider to host its software development and distribution processes. What two cloud resources is the company solely responsible for in the shared security responsibility model? (Choose two.)Correct
Incorrect
Hint
Hosting software development and distribution processes is an example of the PaaS model. In the shared security responsibility model, the cloud customer is responsible for data and endpoints security. -
Question 24 of 83
24. Question
1 pointsA company implements a security policy that ensures that a file sent from the headquarters office to the branch office can only be opened with a predetermined code. This code is changed every day. Which two algorithms can be used to achieve this task? (Choose two.)Correct
Incorrect
Hint
The task to ensure that only authorized personnel can open a file is data confidentiality, which can be implemented with encryption. AES and 3DES are two encryption algorithms. HMAC can be used for ensuring origin authentication. MD5 and SHA-1 can be used to ensure data integrity. -
Question 25 of 83
25. Question
1 pointsWhat are two methods to maintain certificate revocation status? (Choose two.)Correct
Incorrect
Hint
A digital certificate might need to be revoked if its key is compromised or it is no longer needed. The certificate revocation list (CRL) and Online Certificate Status Protocol (OCSP), are two common methods to check a certificate revocation status. -
Question 26 of 83
26. Question
1 pointsBefore data is sent out for analysis, which technique can be used to replace sensitive data in nonproduction environments to protect the underlying information?Correct
Incorrect
Hint
Technologies exist to confuse attackers by changing data and using techniques to hide the original data. -
Question 27 of 83
27. Question
1 pointsWhich technology would be used to create the server logs generated by network devices and reviewed by an entry level network person who works the night shift at a data center?Correct
Incorrect
Hint
Syslog is a daemon or service run on a server that accepts messages sent by network devices. These logs are frequently examined to detect inconsistencies and issues within the network. -
Question 28 of 83
28. Question
1 pointsWhich two application layer protocols manage the exchange of messages between a client with a web browser and a remote web server? (Choose two.)Correct
Incorrect
Hint
Hypertext Transfer Protocol (HTTP) and HTTP Secure (HTTPS) are two application layer protocols that manage the content requests from clients and the responses from the web server. HTML (Hypertext Mark-up Language) is the encoding language that describes the content and display features of a web page. DNS is for domain name to IP address resolution. DHCP manages and provides dynamic IP configurations to clients. -
Question 29 of 83
29. Question
1 pointsHow can IMAP be a security threat to a company?Correct
Incorrect
Hint
IMAP, SMTP, and POP3 are email protocols. SMTP is used to send data from a host to a server or to send data between servers. IMAP and POP3 are used to download email messages and can be responsible for bringing malware to the receiving host. -
Question 30 of 83
30. Question
1 pointsRefer to the exhibit. Which technology generated the event log?Correct
Incorrect
Hint
The source of the output is Netflow. -
Question 31 of 83
31. Question
1 pointsWhich two tools have a GUI interface and can be used to view and analyze full packet captures? (Choose two.)Correct
Incorrect
Hint
The Network Analysis Module of the Cisco Prime Infrastructure system and Wireshark have GUI interfaces and can display full packet captures. The tcpdump tool is a command-line packet analyzer. -
Question 32 of 83
32. Question
1 pointsWhich information can be provided by the Cisco NetFlow utility?Correct
Incorrect
Hint
NetFlow efficiently provides an important set of services for IP applications including network traffic accounting, usage-based network billing, network planning, security, denial of service monitoring capabilities, and network monitoring. NetFlow provides valuable information about network users and applications, peak usage times, and traffic routing. -
Question 33 of 83
33. Question
1 pointsA network administrator is reviewing server alerts because of reports of network slowness. The administrator confirms that an alert was an actual security incident. What is the security alert classification of this type of scenario?Correct
Incorrect
Hint
True Positive: The alert has been verified to be an actual security incident. False Positive: The alert does not indicate an actual security incident. Benign activity that results in a false positive is sometimes referred to as a benign trigger. True Negative: No security incident has occurred. The activity is benign. False Negative: An undetected incident has occurred. -
Question 34 of 83
34. Question
1 pointsA network administrator is trying to download a valid file from an internal server. However, the process triggers an alert on a NMS tool. What condition describes this alert?Correct
Incorrect
Hint
Alerts can be classified as follows: True Positive: The alert has been verified to be an actual security incident. False Positive: The alert does not indicate an actual security incident. Benign activity that results in a false positive is sometimes referred to as a benign trigger. An alternative situation is that an alert was not generated. The absence of an alert can be classified as: True Negative: No security incident has occurred. The activity is benign. False Negative: An undetected incident has occurred. -
Question 35 of 83
35. Question
1 pointsWhat is indicated by a Snort signature ID that is below 3464?Correct
Incorrect
Hint
Snort is an open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) developed by Sourcefire. It has the ability to perform real time traffic analysis and packet logging on Internet Protocol (IP) networks and can also be used to detect probes or attacks. -
Question 36 of 83
36. Question
1 pointsA network administrator is setting up a web server for a small advertising office and is concerned with data availability. The administrator wishes to implement disk fault tolerance using the minimum number of disks required. Which RAID level should the administrator choose?Correct
Incorrect
Hint
Both RAID 0 and RAID 1 require at least 2 disks. However, RAID 0 does not provide fault tolerance. The minimum numbers of disks for RAID 5 and RAID 6 are 3 and 4 respectively. -
Question 37 of 83
37. Question
1 pointsWhich three security services are provided by digital signatures? (Choose three.)Correct
Incorrect
-
Question 38 of 83
38. Question
1 pointsA company is deploying a customer service web application on AWS. A network administrator is installing and configuring a VM instance. Which three actions should the administrator take to protect the VM? (Choose three.)Correct
Incorrect
-
Question 39 of 83
39. Question
1 pointsWhat is the purpose of mobile device management (MDM) software?Correct
Incorrect
-
Question 40 of 83
40. Question
1 pointsWhich protocol would be used to provide security for employees that access systems remotely from home?Correct
Incorrect
-
Question 41 of 83
41. Question
1 pointsA company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?Correct
Incorrect
-
Question 42 of 83
42. Question
1 pointsTo facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface?Correct
Incorrect
-
Question 43 of 83
43. Question
1 pointsWhich two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.)Correct
Incorrect
-
Question 44 of 83
44. Question
1 pointsWhen implementing components into an enterprise network, what is the purpose of a firewall?Correct
Incorrect
-
Question 45 of 83
45. Question
1 pointsWhich ICMP message type should be stopped inbound?Correct
Incorrect
-
Question 46 of 83
46. Question
1 pointsWhen ACLs are configured to block IP address spoofing and DoS flood attacks, which ICMP message should be allowed both inbound and outbound?Correct
Incorrect
-
Question 47 of 83
47. Question
1 pointsWhat are two elements that form the PRI value in a syslog message? (Choose two.)Correct
Incorrect
-
Question 48 of 83
48. Question
1 pointsWhich two options are network security monitoring approaches that use advanced analytic techniques to analyze network telemetry data? (Choose two.)Correct
Incorrect
-
Question 49 of 83
49. Question
1 pointsWhat is a characteristic of a probabilistic analysis in an alert evaluation?Correct
Incorrect
-
Question 50 of 83
50. Question
1 pointsMatch the security policy with the description.Correct
Incorrect
-
Question 51 of 83
51. Question
1 pointsWhat are two physical security precautions that a business can take to protect its computers and systems? (Choose two.)Correct
Incorrect
-
Question 52 of 83
52. Question
1 pointsWhich hashing technology requires keys to be exchanged?Correct
Incorrect
-
Question 53 of 83
53. Question
1 pointsThe IT department is tasked to implement a system that controls what a user can and cannot do on the corporate network. Which process should be implemented to meet the requirement?Correct
Incorrect
-
Question 54 of 83
54. Question
1 pointsWhich two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.)Correct
Incorrect
-
Question 55 of 83
55. Question
1 pointsWhat is the function of the pass action on a Cisco IOS Zone-Based Policy Firewall?Correct
Incorrect
-
Question 56 of 83
56. Question
1 pointsWhich statement describes the threat to a public cloud due to a poor cloud security architecture strategy?Correct
Incorrect
-
Question 57 of 83
57. Question
1 pointsA company is developing a security policy for secure communication. In the exchange of critical messages between a headquarters office and a branch office, a hash value should only be recalculated with a predetermined code, thus ensuring the validity of data source. Which aspect of secure communications is addressed?Correct
Incorrect
-
Question 58 of 83
58. Question
1 pointsWhich Windows log contains information about installations of software, including Windows updates?Correct
Incorrect
-
Question 59 of 83
59. Question
1 pointsFor network systems, which management system addresses the inventory and control of hardware and software configurations?Correct
Incorrect
-
Question 60 of 83
60. Question
1 pointsWhat are two uses of an access control list? (Choose two.)Correct
Incorrect
-
Question 61 of 83
61. Question
1 pointsWhen implementing a ZPF, what is the default security setting when forwarding traffic between two interfaces in the same zone?Correct
Incorrect
-
Question 62 of 83
62. Question
1 pointsYou have been asked to implement a data integrity program to protect data files that need to be electronically downloaded by the sales staff. You have decided to use the strongest hashing algorithm available on your systems. Which hash algorithm would you select?Correct
Incorrect
-
Question 63 of 83
63. Question
1 pointsWhat is the purpose of a digital certificate?Correct
Incorrect
-
Question 64 of 83
64. Question
1 pointsWhich network logs contain information that a security analyst can use to determine if packets received from the web are in response to legitimate requests or are part of an exploit?Correct
Incorrect
-
Question 65 of 83
65. Question
1 pointsWhy can ACLs give a false sense of security if overly relied upon as a network security technology?Correct
Incorrect
-
Question 66 of 83
66. Question
1 pointsWhy must a network administrator consider more security features in addition to firewalls to achieve the best possible network security?Correct
Incorrect
-
Question 67 of 83
67. Question
1 pointsWhat is one of the first actions performed on Internet-connected smart devices before being put into service?Correct
Incorrect
-
Question 68 of 83
68. Question
1 pointsWhat is an example of transaction data recorded by a network security monitoring tool?Correct
Incorrect
-
Question 69 of 83
69. Question
1 pointsWhich two statements describe the effects of the access control list wildcard mask 0.0.0.31? (Choose two.)Correct
Incorrect
-
Question 70 of 83
70. Question
1 pointsA cybersecurity analyst is going to verify security alerts using the Security Onion. Which tool should the analyst visit first?Correct
Incorrect
-
Question 71 of 83
71. Question
1 pointsWhich term describes the ability of a web server to keep a log of the users who access the server, as well as the length of time they use it?Correct
Incorrect
-
Question 72 of 83
72. Question
1 pointsAn investigator finds a USB drive at a crime scene and wants to present it as evidence in court. The investigator takes the USB drive and creates a forensic image of it and takes a hash of both the original USB device and the image that was created. What is the investigator attempting to prove about the USB drive when the evidence is submitted in court?Correct
Incorrect
-
Question 73 of 83
73. Question
1 pointsRefer to the exhibit. A security analyst is reviewing an alert message generated by Snort. What does the number 2100498 in the message indicate?Correct
Incorrect
-
Question 74 of 83
74. Question
1 pointsWhat does it indicate if the timestamp in the HEADER section of a syslog message is preceded by a period or asterisk symbol?Correct
Incorrect
-
Question 75 of 83
75. Question
1 pointsA SOHO office is using a public cloud provider to host their website. The IT technician is choosing an approach to protect transaction data between the website and visitors from the internet. Which type of encryption key management method should the technician choose?Correct
Incorrect
-
Question 76 of 83
76. Question
1 pointsWhat are two benefits offered by a zone-based policy firewall on a Cisco router? (Choose two.)Correct
Incorrect
-
Question 77 of 83
77. Question
1 pointsWhy could network Syslog servers be a target for threat actors?Correct
Incorrect
-
Question 78 of 83
78. Question
1 pointsWhat effect does the use of hashing have on stored passwords?Correct
Incorrect
-
Question 79 of 83
79. Question
1 pointsWhat is used by an application layer gateway to connect to remote servers on behalf of clients?Correct
Incorrect
-
Question 80 of 83
80. Question
1 pointsWhich component of the zero trust security model focuses on secure access when an API, a microservice, or a container is accessing a database within an application?Correct
Incorrect
-
Question 81 of 83
81. Question
1 pointsMatch the security concept to the description.Correct
Incorrect
-
Question 82 of 83
82. Question
1 pointsPlace the steps for configuring zone-based policy (ZPF) firewalls in order from first to last.Correct
Incorrect
-
Question 83 of 83
83. Question
1 pointsIn a hierarchical CA topology, where can a subordinate CA obtain a certificate for itself?Correct
Incorrect