Network Security Checkpoint Exam – Endpoint Security (ESec) Module 1 – 6 Group Exam Answers (Module Group Exam 1)
1. The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email?
- It is a DDoS attack.
- It is an impersonation attack.
- It is a hoax.
- It is a piggy-back attack.
2. What type of attack targets an SQL database using the input field of a user?
- XML injection
- buffer overflow
- Cross-site scripting
- SQL injection
3. A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server to crash. What is the type of attack the cyber criminal launches?
- SQL injection
- packet Injection
- man-in-the-middle
- DoS
4. What three best practices can help defend against social engineering attacks? (Choose three.)
- Resist the urge to click on enticing web links.
- Add more security guards.
- Deploy well-designed firewall appliances.
- Educate employees regarding policies.
- Enable a policy that states that the IT department should supply information over the phone only to managers.
- Do not provide password resets in a chat window.
5. Match the type of cyberattackers to the description.
6. What is the first line of defense to protect a device from improper access control?
- end user license agreement (EULA)
- encryption
- passwords
- shredding
7. A security service company is conducting an audit in several risk areas within a major corporate client. What attack or data loss vector term would be used to describe providing access to corporate data by gaining access to stolen or weak passwords?
- an internal threat
- hard copy
- improper access control
- unencrypted devices
8. A social media site is describing a security breach in a sensitive branch of a national bank. In the post, it refers to a vulnerability. What statement describes that term?
- The likelihood that a particular threat will exploit a vulnerability of an asset and result in an undesirable consequence.
- A weakness in a system or its design that could be exploited by a threat.
- The actions that are taken to protect assets by mitigating a threat or reducing risk.
- The potential damage to the organization that is caused by the threat.
9. Which three IPv4 header fields have no equivalent in an IPv6 header? (Choose three.)
- TTL
- fragment offset
- version
- identification
- protocol
- flag
10. What kind of ICMP message can be used by threat actors to create a man-in-the-middle attack?
- ICMP redirects
- ICMP unreachable
- ICMP echo request
- ICMP mask reply
11. Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header?
- version
- header checksum
- protocol
- destination IPv4 address
12. Which type of network attack involves randomly opening many Telnet requests to a router and results in a valid network administrator not being able to access the device?
- man-in-the-middle
- spoofing
- SYN flooding
- DNS poisoning
13. Match the attack to the definition.
14. How do cybercriminals make use of a malicious iFrame?
- The attacker embeds malicious content in business appropriate files.
- The iFrame allows the browser to load a web page from another source.
- The attacker redirects traffic to an incorrect DNS server.
- The iFrame allows multiple DNS subdomains to be used.
15. Which risk management plan involves discontinuing an activity that creates a risk?
- risk retention
- risk avoidance
- risk sharing
- risk reduction
16. Which security measure is best used to limit the success of a reconnaissance attack from within a campus area network?
- Implement encryption for sensitive traffic.
- Implement restrictions on the use of ICMP echo-reply messages.
- Implement access lists on the border router.
- Implement a firewall at the edge of the network.
17. What are the two methods that a wireless NIC can use to discover an AP? (Choose two.)
- sending a multicast frame
- initiating a three-way handshake
- receiving a broadcast beacon frame
- sending an ARP request broadcast
- transmitting a probe request
18. A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?
- the company username and password through Active Directory service
- a user passphrase
- a username and password configured on the AP
- a key that matches the key on the AP
19. Which combination of WLAN authentication and encryption is recommended as a best practice for home users?
- WEP and RC4
- WPA and PSK
- WPA2 and AES
- EAP and AES
- WEP and TKIP
20. A user calls the help desk complaining that the password to access the wireless network has changed without warning. The user is allowed to change the password, but an hour later, the same thing occurs. What might be happening in this situation?
- rogue access point
- user laptop
- user error
- password policy
- weak password
21. Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?
- An administrator can assign interfaces to zones, regardless of whether the zone has been configured.
- An administrator can assign an interface to multiple security zones.
- By default, traffic is allowed to flow between a zone member interface and any interface that is not a zone member.
- By default, traffic is allowed to flow among interfaces that are members of the same zone.
22. What is an IPS signature?
- It is a security script that is used to detect unknown threats.
- It is the timestamp that is applied to logged security events and alarms.
- It is a set of rules used to detect typical intrusive activity.
- It is the authorization that is required to implement a security policy.
23. Which statement describes a VPN?
- VPNs use open source virtualization software to create the tunnel through the Internet.
- VPNs use dedicated physical connections to transfer data between remote users.
- VPNs use logical connections to create public networks through the Internet.
- VPNs use virtual connections to create a private network through a public network.
24. What is a function of SNMP?
- provides statistical analysis on packets flowing through a Cisco router or multilayer switch
- synchronizes the time across all devices on the network
- captures packets entering and exiting the network interface card
- provides a message format for communication between network device managers and agents
25. What does the term vulnerability mean?
- a weakness that makes a target susceptible to an attack
- a potential threat that a hacker creates
- a known target or victim machine
- a computer that contains sensitive information
- a method of attack to exploit a target
26. A disgruntled employee is using Wireshark to discover administrative Telnet usernames and passwords. What type of network attack does this describe?
- port redirection
- trust exploitation
- denial of service
- reconnaissance
27. What is a vulnerability that allows criminals to inject scripts into web pages viewed by users?
- XML injection
- Cross-site scripting
- buffer overflow
- SQL injection
28. What is a characteristic of the WLAN passive discover mode?
- The beaconing feature on the AP is disabled.
- The client must know the name of the SSID to begin the discover process.
- The AP periodically sends beacon frames containing the SSID.
- The client begins the discover process by sending a probe request.
29. What are two drawbacks to using HIPS? (Choose two.)
- If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic.
- HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks.
- With HIPS, the success or failure of an attack cannot be readily determined.
- With HIPS, the network administrator must verify support for all the different operating systems used in the network.
- HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network.