Network Support and Security: My Knowledge Check Answers

How to find: Press “Ctrl + F” in the browser and fill in whatever wording is in the question to find that question/answer. If the question is not here, find it in Questions Bank.

NOTE: If you have the new question on this test, please comment Question and Multiple-Choice list in form below this article. We will update answers for you in the shortest time. Thank you! We truly value your contribution to the website.

Network Support and Security: My Knowledge Check Answers

1. Employees in an organization report that they cannot access the customer database on the main server. Further investigation reveals that the database file is now encrypted. Shortly afterward, the organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?

  • ransomware
  • man-in-the-middle attack
  • trojan horse
  • doS attack

Explanation: In a ransomware attack, the attacker compromises the victum computer and encrypts the hard drive so that data can no longer be accessed by the user. The attacker then demands payment from the user to decrypt the drive.

2. Which troubleshooting method involves swapping a device suspected of having issues with a known good device to see if the problem is solved?

  • substitution
  • educated guess
  • divide-and-conquer
  • comparison

Explanation: With the substitution troubleshooting method, a know suitable device is used to replace a suspected bad device. If this fixes the problem, then the problem was with the removed device. If the issue remains, the cause resides someplace else, and the troubleshooting continues.

3. What is the level of need for data integrity in an e-commerce organization?

  • low
  • mid
  • high
  • critical

Explanation: The importance of data integrity varies based on how an organization uses the data:

  • Critical level of need: Data integrity might be a matter of life or death in a healthcare organization. For example, prescription information must be accurate. Therefore, all data is continuously validated, tested, and verified.
  • High need: In an e-commerce or analytics-based organization, transactions and customer accounts must be accurate. All data is validated and verified at frequent intervals.
  • Mid-level of need: Online sales and search engines collect data that has been publicly posted. Little verification is performed, and data is not completely trustworthy.
  • Low level of need: Blogs, forums, and personal pages on social media are powered by public opinion and open contribution. Data may not be verified at all, and there is a low level of trust in the content.

4. Which Cisco IOS command is used to determine the path of IP packets through the network?

  • traceroute
  • telnet
  • show ip route
  • ping

Explanation: Traceroute is a command-line tool for tracing an IP packet’s path across routed networks.

5. Which statement describes an advanced persistent threat (APT)?

  • an attack by threat actors performing unauthorized network probing and port scanning on the targeted network
  • an attack that modifies the operating system through malware and creates a backdoor on the infected system
  • an attack that takes advantage of algorithms in a piece of legitimate software to generate unintended behaviors
  • a continuous attack that uses elaborated espionage tactics involving multiple threat actors and sophisticated malware to gain access to the targeted network

Explanation: An advanced persistent threat (APT) is a continuous attack that uses elaborate espionage tactics involving multiple actors and sophisticated malware to gain access to the targeted network.

6. Which is an example of a behavioral characteristic?

  • ear features
  • voice
  • DNA
  • face

Explanation: There are two types of biometric identifiers:

  • Physical characteristics: fingerprints, DNA, face, hands, retina, or ear features.
  • Behavioral characteristics: behavior patterns such as gestures, voice, gait, or typing rhythm.

7. What security benefit is provided by SSH?

  • protection from threat actors deciphering remote access session data
  • protection from viruses and malware for endpoints
  • protection from malicious data reaching servers and clients
  • protection from DoS attacks against routers and Layer 3 switches

Explanation: Internet Protocol Security (IPsec) protects sensitive data and secures VPNs. IPsec tunneling encrypts all data sent between tunnel endpoints. IPsec also can be used to authenticate data originating from an authorized sender.

8. What non-technical method could a cybercriminal use to gather sensitive information from an organization?

  • social engineering
  • pharming
  • man-in-the-middle
  • ransomware

Explanation: Social engineering is a very effective way to get personal or sensitive corpoate information from an employee. Cybercriminals may try to get to know an employee and then use trust or familiarity to gather the needed information.

9. What is an example of a targeted, closed-ended question?

  • What operating system is installed on your computer, Windows, Linux, or macOS?
  • What types of error messages did you see when you experienced the issue?
  • What steps did you take to attempt to solve the issue before reporting it?
  • What can you tell me about how you discovered this issue?

Explanation: A closed-ended question can be answered with a simple factual answer. In this case, the computer’s operating system is a factual answer that can only have a few possible answers.

10. Which two platforms use the ifconfig command to verify interface IP configuration? (Choose two.)

  • Linux
  • mac OS
  • Windows
  • Cisco

Explanation: The ifconfig command can be used with both Linux and MAC OS to display interface IP configuration information.

11. What is the benefit of using a stateful firewall in a network?

  • It can prevent application layer attacks because it examines the actual contents of the HTTP connection.
  • It analyzes traffic at OSI Layer 4 and Layer 5.
  • It filters IP traffic between bridged interfaces at OSI layer 7.
  • It strengthens packet filtering by providing more stringent control over security.

Explanation: There are several benefits to using a stateful firewall in a network:

  • Stateful firewalls are often used as a primary means of defense by filtering unwanted, unnecessary, or undesirable traffic.
  • Stateful firewalls strengthen packet filtering by providing more stringent control over security.
  • Stateful firewalls improve performance over packet filters or proxy servers.
  • Stateful firewalls defend against spoofing and DoS attacks by determining whether packets belong to an existing connection or are from an unauthorized source.
  • Stateful firewalls provide more log information than packet-filtering firewalls.

12. A penetration test carried out by an organization identified a backdoor on the network. What action should the organization take to find out if their systems have been compromised?

  • Look for unauthorized accounts.
  • Look for usernames that do not have passwords.
  • Scan the systems for viruses.
  • Look for policy changes in Event Viewer.

Explanation: If a penetration test is successful, the corporation should check to locate vulnerabilities in the network and also check to see if there are new unauthorized accounts.

13. After a problem is defined, what is the next step in the seven-step troubleshooting process?

  • gather information
  • analyze information
  • propose hypothesis
  • eliminate possible causes

Explanation: The seven-step troubleshooting process starts with defining the problem; then, the next step is to gather information, followed by analyzing the data. The process proceeds with eliminating possible causes, proposing a hypothesis, testing the hypothesis, and ending with solving the problem and documenting the solution.

14. Which statement describes the principle of availability in the CIA information security triad?

  • Cryptographic encryption algorithms such as AES may be required to encrypt and decrypt data.
  • Data must be protected from unauthorized alteration.
  • Only authorized individuals, entities, or processes can access sensitive information.
  • Redundant services, gateways, and links must be implemented.

Explanation: According to the CIA information security triad, the principle of availability means that authorized users must have uninterrupted access to important resources and data. It requires implementing redundant services, gateways, and links.

15. A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server to crash. What is the type of attack the cyber criminal launches?

  • packet Injection
  • SQL injection
  • DoS
  • man-in-the-middle

Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

16. What is the main reason to establish an initial network performance baseline?

  • to determine normal traffic volume and behavior on the network
  • to eliminate bottlenecks and congestion affecting performance
  • to limit the number of devices attached to the network
  • to reduce the need to monitor traffic after making network changes

Explanation: One of the main reasons to establish an initial network performance baseline is to identify the average traffic volume and conditions on the network. Network baselines compare performance before and after network changes and identify abnormal traffic types or volumes.

17. Which authentication method uses AES for encryption?

  • WEP
  • WPA
  • WPA2
  • WPA3-Enterprise

Explanation: WPA2 is the current industry standard for securing wireless networks and uses the Advanced Encryption Standard (AES) for encryption.

18. An administrator wishes to create a security policy document for end-users to protect against known unsafe websites and to warn the user about the dangers and handling of suspicious emails. What type of malware attack is being prevented?

  • Phishing
  • Adware protection
  • Trusted/untrusted sources verification
  • DDoS

Explanation: Phishing is a type of malware attack where threat actors use unsafe websites and suspicious emails to entice users to give away personal information.

19. Netbus belongs to which malware type?

  • backdoor
  • logic bomb
  • keylogger
  • grayware

Explanation: Netbus is a backdoor program used by cybercriminals to gain unauthorized access to a system by bypassing the standard authentication procedures. A logic bomb is a malicious program that waits for a trigger, such as a specified date or database entry, to set off the malicious code. Keyboard logging refers to recording or logging every key struck on a computer’s keyboard. Grayware is any unwanted application that behaves in an annoying or undesirable manner. It may not carry any recognizable malware, but it may still pose a risk to the user by tracking your location or delivering unwanted advertising.

20. Refer to the exhibit. The image shows a firewall filtering network traffic based on information at highlighted OSI model Layers. Which type of firewall is represented?

Network Support and Security Course Final Exam Q23

  • Next Generation
  • Application Gateway
  • Stateful
  • Packet filtering (stateless)

Explanation: Packet filtering firewalls are usually part of a router firewall, which permits or denies traffic based on Layer 3 and 4 information. Stateless firewalls use a simple policy table look-up that filters traffic based on specific criteria.

21. All employees in an organization receive an email stating that their account password will expire immediately and that they should reset their password within five minutes. Which of the following statements best describes this email?

  • It is an impersonation attack.
  • It is a piggyback attack.
  • It is a hoax.
  • It is a DDoS attack.

Explanation: A hoax is an act intended to deceive or trick someone. This type of email can cause unnecessary disruption, extra work, and fear.

22. A user reports that the computer occasionally loses connectivity to the wireless network. The technician checks the configuration on the user’s computer and then replaces the wireless access point with a known good one. What structured troubleshooting method is the technician using to solve the problem?

  • Comparison
  • Bottom-up
  • Divide-and-Conquer
  • Substitution

Explanation: The technician replaces a suspected bad piece of equipment with a known-good one. This represents the Substitution method of troubleshooting.

23. What information can a technician obtain by running the tracert command on a Windows PC?

  • layer 3 hops a packet crosses as it travels to a destination
  • the verification of Layer 2 connectivity between the PC and a destination
  • the available routes in the PC routing table to reach a destination
  • the available bandwidth between the PC and a destination

Explanation: The tracert command in Windows can help a technician locate Layer 3 problems by returning a list of hops a packet takes as it is routed through a network. This helps verify Layer 3 connectivity and identify the point along the path where a problem can be found if there is no end-to-end connectivity.

24. A network technician troubleshoots a user’s PC problem and launches the Task Manager to gather more information. What information can the technician gather from the Task Manager output?

  • the processes currently running on the PC
  • the devices configured on the PC
  • the errors that have occurred on the PC
  • the drivers installed on the PC

Explanation: The Task Manager tool can assist in troubleshooting issues on a Windows PC by displaying the applications and processes that are currently running.

25. Which cybersecurity solution should an organization implement to support employees who travel and use public Wi-Fi networks to access corporate information?

  • Firewall
  • Site-to-site VPN
  • Remote access VPN
  • Intrusion detection application

Explanation: There are several measures that organizations and users need to implement to defend against wireless and mobile device attacks, including:

  • Take advantage of basic wireless security features such as authentication and encryption by changing the default configuration settings.
  • Restrict access point placement by placing these devices outside the firewall or within a demilitarized zone — a perimeter network that protects an organization’s LAN from untrusted devices.
  • Use WLAN tools such as NetStumbler to detect rogue access points or unauthorized workstations.
  • Develop a policy for secure guest access to an organization’s Wi-Fi network.
  • Employees in an organization should use a remote access VPN for WLAN access when on public Wi-Fi networks.

26. Employees in an organization report that the network access is slow. Further investigation reveals that one employee downloaded a third-party scanning program for the printer. What type of malware may have been introduced?

  • trojan horse
  • spam
  • worm
  • phishing

Explanation: Worms are malicious code that replicates by independently exploiting vulnerabilities in networks. Worms usually slow down networks. Whereas a virus requires a host program to run, worms can run by themselves. Other than the initial infection, worms no longer require user participation. After a worm affects a host, it is able to spread very quickly over the network. Worms share similar patterns. They all have an enabling vulnerability, a way to propagate themselves, and they all contain a payload.

27. By having narrow viewing angles, an ATM mitigates what kind of attacks?

  • dumpster diving
  • shoulder surfing
  • quid pro quo
  • identity fraud

Explanation: Shoulder surfing is a simple attack that involves observing or looking over a shoulder of a target to gain valuable information such as PINs, access codes, or credit card details. As a result, ATM screens are only visible at certain angles. These types of safeguards make shoulder surfing much more difficult

28. What is the limitation of using a stateful firewall in a network?

  • Difficult to defend against dynamic port negotiation.
  • No defense against spoofing and DoS attacks.
  • Weak packet filtering.
  • Less information is provided in the logs compared to a packet-filtering firewall.

Explanation: The limitations of a stateful firewall are:

  • No Application Layer inspection
  • Limited tracking of stateless protocols
  • Difficult to defend against dynamic port negotiation
  • No authentication support

29. What are the two characteristics of a site-to-site VPN? (Choose two.)

  • Clients have no awareness of the VPN.
  • A VPN gateway device is needed at both ends of the tunnel.
  • The client initiates the VPN connection.
  • The VPN is established between the client PC and a VPN gateway.
  • Traffic between clients and the VPN gateway is automatically encrypted.

Explanation: A site-to-site VPN is created between two VPN gateways to establish a secure tunnel. The VPN traffic is only encrypted between the two gateway devices and not between the client and the gateway. The client host will have no knowledge that a VPN is being used.

30. Which question enables the technician to determine the scope of a network issue reported by a user?

  • Are other users in your area experiencing the same issue?
  • Are you seeing any error messages when the problem occurs?
  • Is the problem one that you have experienced before?
  • Have you added any new applications recently?

Explanation: It is important to determine how many users are affected to find the scope of a problem. This helps the technician determine if the problem is isolated to one computer, office, floor, or network.

31. Which LAN authentication method is recommended for home or small office networks?

  • WPA Personal
  • WPA Enterprise
  • WPA2 Personal
  • WPA2 Enterprise

Explanation: WPA2 Personal is recommended for home or small office networks. Wireless clients authenticate with the wireless router using a pre-shared password.

32. Which is an example of a physical characteristic?

  • ear features
  • gestures
  • voice
  • gait

Explanation: There are two types of biometric identifiers:

  • Physical characteristics: fingerprints, DNA, face, hands, retina, or ear features.
  • Behavioral characteristics: behavior patterns such as gestures, voice, gait, or typing rhythm.

33. Which three solutions are examples of logical access control? (Choose three.)

  • firewall
  • access control list
  • biometrics
  • fence
  • laptop lock
  • swipe card

Explanation: Some examples of logical access controls are encryption, smart cards, passwords, biometrics, access control lists, protocols, firewalls, routers, intrusion detection systems, and clipping levels. Some examples of physical access controls are guards, fences, motion detectors, laptop locks, locked doors, swipe cards, guard dogs, video cameras, mantrap-style entry systems, and alarms.

34. What is a nontechnical method that a cybercriminal would use to gather sensitive information from an organization?

  • man-in-the-middle
  • ransomeware
  • social engineering
  • pharming

Explanation: A cybersecurity specialist needs to be familiar with the characteristics of the different types of malware and attacks that threaten an organization.

35. Which protocol is used by network management systems to collect data from network devices?

  • SNMP
  • SMTP
  • RDP
  • TFTP

Explanation: Many network management systems use SNMP to collect data from networking devices. SMTP is used to send emails between email servers. RDP is the protocol used to access desktop computers remotely. TFTP is an insecure protocol used to transfer files between devices.

36. Which authentication method in WPA3 improves the onboarding process for IoT devices to join wireless network?

  • DPP
  • WPS
  • CCMP
  • EAP

Explanation: Although WPA2 included Wi-Fi Protected Setup (WPS) to quickly onboard devices without configuring them first, WPS is vulnerable to various attacks and not recommended. In WPA3, the Device Provisioning Protocol (DDP) addresses this need, providing an easy way for headless IoT devices to connect to the wireless network. Each IoT device has a hardcoded public key typically stamped on the outside of the device or the packaging as a QR code. The network administrator scans the QR code and quickly onboards the device.

37. Which statement describes a TCP Wrappers host-based firewall?

  • It is a firewall that uses a profile-based approach to firewall functionality.
  • It is an application that allows Linux system administrators to configure network access rules that are part of the Linux kernel Netfilter modules.
  • It is a firewall application that uses a simple virtual machine in the Linux kernel.
  • It is a rule-based access control and logging system for Linux.

Explanation: TCP Wrappers host-based firewall is a rule-based access control and logging system for Linux. Packet filtering is based on IP addresses and network services.

38. What information could be determined from a network baseline?

  • the areas in the network that are under utilized
  • the layout of the components in the network
  • the operational status of network device interfaces
  • the number of hops between source and destination devices

Explanation: A baseline is created to establish a regular network or system performance to determine the state of a network under normal conditions. It can identify areas in the network that are underutilized.

39. Which Apple security feature ensures that only authentic, digitally-signed software that an Apple-notarized software developer has created is permitted to be installed?

  • XProtect
  • MRT
  • Gatekeeper
  • Security-focused hardware

Explanation: Gatekeeper, an Apple macOS security feature, ensures that only authentic, digitally-signed software that an Apple-notarized software developer has created can be installed.

40. Which security principle applies to the first dimension of the cybersecurity cube of the CIA triad?

  • Accountability
  • Availability
  • Policy
  • Technology

Explanation: The first dimension of the cybersecurity cube identifies the goals to protect cyberspace. The foundational principles of confidentiality, integrity and data availability provide a focus that enables the cybersecurity expert to prioritize actions when protecting any networked system.

41. The awareness and identification of vulnerabilities is a critical function of a cybersecurity specialist. Which of the following resources can they use to identify specific details about vulnerabilities?

  • ISO/IEC 27000 model
  • NIST/NICE framework
  • CVE national database
  • Infragard

Explanation: The United States Computer Emergency Readiness Team (US-CERT) and the U.S. Department of Homeland Security sponsor a dictionary of common vulnerabilities and exposures (CVE).

Each CVE entry contains a standard identifier number, a brief description of the security vulnerability and any important references to related vulnerability reports. The CVE list is maintained by a not-for-profit, the MITRE Corporation, on its public website.

42. What do you call an impersonation attack that takes advantage of a trusted relationship between two systems?

  • man-in-the-middle
  • spoofing
  • sniffing
  • spamming

Explanation: In spoofing attacks, hackers can disguise their devices by using a valid address from the network and therefore bypass authentication processes. MAC addresses and IP addresses can be spoofed and can also be used to spoof ARP relationships.

43. Which two wireless network standards operate in both the 2.4 and 5 GHz frequency spectrums? (Choose two.)

  • 802.11a
  • 802.11g
  • 802.11n
  • 802.11ac
  • 802.11ax

Explanation: The 802.11 wireless standards 802.11n and 802.11ax can operate in both the 2.4 and 5GHz frequency spectrums. The 802.11a and 802.11ac standards only operate in the 5GHz spectrum, and 802.11g only operates in the 2.4GHz spectrum.

44. Which router IOS command displays the equivalent system information as many different show commands and is useful for troubleshooting a router?

  • show tech-support
  • show version
  • show running-config
  • show cdp neighbors detail

Explanation: The show tech-support command automatically runs more than 40 show commands and can produce a very large amount of output that is useful for technicians troubleshooting a router.

45. Which command will provide information that is useful for mapping a network?

  • show CDP neighbors
  • show ip interfaces brief
  • show running-config
  • show inventory

Explanation: If CDP is enabled on devices, the show CDP neighbors command can help map the network by providing information about neighbors such as the hostname of the neighbor, the port from which the neighbor is reached, the port on the neighbor device that it is gone through, the device type of the neighbor, and the hardware platform of the neighbor.

46. What does a rootkit modify?

  • Operating system
  • Programs
  • Screen savers
  • Notepad
  • Microsoft Word

Explanation: A rootkit commonly modifies an operating system to create a backdoor to bypass normal authentication mechanisms.

47. Which type of firewalls will inspect and filter network traffic based on OSI model Layer 3 and 4 information?

  • packet filtering
  • stateful firewall
  • application gateway firewall
  • next generation firewall

Explanation: Packet filtering firewalls are usually part of a router firewall, which permits or denies traffic based on Layer 3 and 4 information. Stateless firewalls use a simple policy table look-up that filters traffic based on specific criteria.

48. What is the purpose of using the Windows BitLocker To Go tool?

  • to encrypt removable drives
  • to reformat removable drives
  • to manage partitions on removable drives
  • to manage safely inserting and removing of removable drives

Explanation: BitLocker to Go is a tool that encrypts removable drives.

49. The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email?

  • It is a hoax.
  • It is an impersonation attack.
  • It is a piggy-back attack.
  • It is a DDoS attack.

Explanation: Social engineering uses several different tactics to gain information from victims.

50. Which three security services are part of the concept of administrative access controls?

  • confidentiality, integrity, and availability
  • technology, policy and practices, and people
  • authentication, authorization, and accounting
  • data in transit, data at rest, and data in process

Explanation: Administrative access controls involve three security services: authentication, authorization, and accounting (AAA).

51. A technician receives a trouble ticket from a user reporting that a website is no longer accessible. What two questions would the technician ask to narrow down the potential problem? (Choose two.)

  • Could you access this web site previously from this device?
  • Can you access other web sites from this computer browser?
  • What model computer are you using to access this site?
  • What operating system is installed on your computer?
  • Do you remember your password to this web site?

Explanation: To narrow down the problem, the technician asks if the computer was previously able to access the website and if other websites are accessible. If the answer is yes to both questions, the technician has narrowed the issue to problems with the single website on this day.

52. What is one of the safeguards according to the third dimension of the cybersecurity cube?

  • accountability
  • confidentiality
  • integrity
  • technology

Explanation: The third dimension of the cybersecurity cube defines the pillars on which we need to base our cybersecurity defenses to protect data and infrastructure in the digital realm. These are technology , policy, and practices , and improving people’s education, training, and awareness.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x