Which of the following means of wireless authentication is easily vulnerable to spoofing?
MAC Filtering
WPA - LEAP
WPA - PEAP
Enabled SSID
Which of the following implementation steps would be appropriate for a public wireless hot- spot?
Reduce power level
Disable SSID broadcast
Open system authentication
MAC filter
Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?
802.1x
Data encryption
Password strength
BGP
A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?
WPA2 CCMP
WPA
WPA with MAC filtering
WPA2 TKIP
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?
VLAN
Subnet
VPN
DMZ
Which of the following network design elements allows for many internal devices to share one public IP address?
DNAT
PAT
DNS
A company determines a need for additional protection from rogue devices plugging into physical ports around the building. Which of the following provides the highest degree of protection from unauthorized wired network access?
Intrusion Prevention Systems
MAC filtering
Flood guards
Due to hardware limitation, a technician must implement a wireless encryption algorithm that uses the RC4 protocol. Which of the following is a wireless encryption solution that the technician should implement while ensuring the STRONGEST level of security?
WPA2-AES
802.11ac
WPA-TKIP
WEP
An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?
Install a proxy server between the users' computers and the switch to filter inbound network traffic.
Block commonly used ports and forward them to higher and unused port numbers.
Configure the switch to allow only traffic from computers based upon their physical address.
Install host-based intrusion detection software to monitor incoming DHCP Discover requests.
A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO).
Deny incoming connections to the outside router interface.
Change the default HTTP port
Implement EAP-TLS to establish mutual authentication
Disable the physical switch ports
Create a server VLAN
Create an ACL to access the server
An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?
Unified Threat Management
Virtual Private Network
Single sign on
Role-based management
Which of the following would allow the organization to divide a Class C IP address range into several ranges?
Virtual LANs
NAT
Subnetting
A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface. PERMIT TCP ANY ANY 80 PERMIT TCP ANY ANY 443 Which of the following rules would accomplish this task? (Select TWO).
Change the firewall default settings so that it implements an implicit deny
Apply the current ACL to all interfaces of the firewall
Remove the current ACL
Add the following ACL at the top of the current ACL DENY TCP ANY ANY 53
Add the following ACL at the bottom of the current ACL DENY ICMP ANY ANY 53
Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53
A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?
Change the encryption from TKIP-based to CCMP-based.
Set all nearby access points to operate on the same channel.
Configure the access point to use WEP instead of WPA2.
Enable all access points to broadcast their SSIDs.
Sally, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect. Which of the following is MOST likely the reason?
The company wireless is using a MAC filter.
The company wireless has SSID broadcast disabled.
The company wireless is using WEP.
The company wireless is using WPA2.
A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services?
Bind server
Apache server
Exchange server
RADIUS server
A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches. Which of the following will BEST mitigate the risk if implemented on the switches?
Spanning tree
Access control lists
Syn flood
An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation?
Dipole
Yagi
Sector
Omni
A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log: 22, 25, 445, 1433, 3128, 3389, 6667 Which of the following protocols was used to access the server remotely?
LDAP
HTTP
RDP
HTTPS
An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?
SSID broadcast
WPA2
Antenna placement
A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees' devices are connected?
When performing the daily review of the system vulnerability scans of the network Bob, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Bob researches the assigned vulnerability identification number from the vendor website. Bob proceeds with applying the recommended solution for identified vulnerability. Which of the following is the type of vulnerability described?
Network based
IDS
Signature based
Host based
While configuring a new access layer switch, the administrator, Bob, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?
Log Analysis
VLAN Management
Network separation
Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company's network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement?
line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password
line console 0 password password line vty 0 4 password P@s5W0Rd
line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd
line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd
After entering the following information into a SOHO wireless router, a mobile device's user reports being unable to connect to the network: PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB Which of the following is preventing the device from connecting?
WPA2-PSK requires a supplicant on the mobile device.
Hardware address filtering is blocking the device.
TCP/IP Port filtering has been implemented on the SOHO router.
IP address filtering has disabled the device from connecting.
Which of the following MOST interferes with network-based detection techniques?
Mime-encoding
SSL
FTP
Anonymous email accounts
Thomas, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic?
Connect the WAP to a different switch.
Create a voice VLAN.
Create a DMZ.
Set the switch ports to 802.1q mode.
Which of the following is BEST used as a secure replacement for TELNET?
HMAC
GPG
SSH
Which of the following is a difference between TFTP and FTP?
TFTP is slower than FTP.
TFTP is more secure than FTP.
TFTP utilizes TCP and FTP uses UDP.
TFTP utilizes UDP and FTP uses TCP.
Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms?
Signature based IPS
Signature based IDS
Application based IPS
Anomaly based IDS
Alice, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?
HIPS
NIDS
HIDS
NIPS
Which of the following allows Thomas, a security technician, to provide the MOST secure wireless implementation?
Implement WPA
Disable SSID
Adjust antenna placement
Implement WEP
Thomas, the compliance manager, wants to meet regulations. Thomas would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Thomas implement to BEST achieve this goal?
A host-based intrusion prevention system
A host-based firewall
Antivirus update system
A network-based intrusion detection system
Thomas, the system administrator, wishes to monitor and limit users' access to external websites. Which of the following would BEST address this?
Block all traffic on port 80.
Implement NIDS.
Use server load balancers.
Install a proxy server.
Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure?
NAP
NAC
Thomas needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall?
TCP 23
UDP 69
TCP 22
TCP 21
Which statement is TRUE about the operation of a packet sniffer?
It can only have one interface on a management network.
They are required for firewall operation and stateful inspection.
The Ethernet card must be placed in promiscuous mode.
It must be placed on a single virtual LAN interface.
Which of the following firewall rules only denies DNS zone transfers?
deny udp any any port 53
deny ip any any
deny tcp any any port 53
deny all dns packets
Which of the following technologies can store multi-tenant data with different security requirements?
Data loss prevention
Trusted platform module
Hard drive encryption
Cloud computing
Which of the following devices would MOST likely have a DMZ interface?
Firewall
Switch
Load balancer
Proxy
Which default port number is secure?
21
22
23
25
Which should you do so that your wireless signal does not reach all the way out to the parking lot?
Disable SSID broadcasting
Turn off MAC filtering
Lower the power level
Implement WEP encryption
Admin Bob took a new WAP out of the box, plugged it in, and walked away. An attacker was able to access the WAP using an administrator account. Which would have prevented the attack?
Configure MAC filtering
Change the default password
Configure 802.1x authentication
You enter the wireless network information into your computer correctly and connect to the network. You remain connected, but you can't access any resources on the network. Which is the most likely reason?
Mac filtering is turned on
The SSID is disabled
The encryption is too strong
The WAP power level is too low
Which would allow home users to access internal company resources?
VLANs
You have two routers connected together, which then connect to two switches, which are also connected together via fiber. How would you prevent unauthorized devices from connecting to the network?
Configure only one of the routers to run DHCP
Implement port security on the switches
Enable VTP on both switches and set to the same domain
Configure each port on the switches to use the same VLAN other than the default one
Which two would you need to use together to allow telecommuting while keeping it secure?
Spam filter
VPN concentrator
Your wireless network is dropping packets and degrading service only during certain times of day. What should be your first troubleshooting step?
Increase the power level
Change to a higher gain antenna
Perform a site survey
Configure stronger encryption
You look at your router Access Control List and you see that it allows web, email, and SSH traffic. For some reason though, some users are unable to access network printing services. Which could be blocking this?
Port security
Implicit deny
Loop protection
Your company allows business partners to connect to several of your application servers located at the main office. What can the main office implement to protect the rest of the company from those business partners?
Which protocol provides secure access to log on to a remote server's console to do some maintenance?
SFTP
SCP
Which provides a more secure connection than WPA TKIP?
Disable SSID broadcast and increase power levels
Which solution would scan web traffic for malware and block it if malware is found, and could also block certain websites that are inappropriate?
UTM
ACL
How do you prevent unauthorized devices from connecting to the network via your network drops?
Mandatory Access Control
Port Security
Network Intrusion Pevention
Which subnet mask would put these 4 PC's on different broadcast domains? PC1 = 10.10.10.4 PC2 = 10.10.10.10 PC3 = 10.10.10.17 PC4 = 10.10.10.26
/24
/27
/28
/29
/30
Choose the port numbers in the proper order to match the order of these protocols: FTP, TFTP, Telnet, HTTP.
80, 21, 23, 69
21, 69, 23, 80
69, 23, 21, 80
23, 21, 80, 69
Choose the port numbers in the proper order to match the order of these protocols: HTTPS, SMTP, SNMP, SCP.
161, 22, 25, 443
443, 161, 22, 25
443, 25, 161, 22
161, 443, 161, 22
Which of the following should be considered to mitigate data theft when using CAT5 wiring?
CCTV
Environmental monitoring
Multimode fiber
EMI shielding
