When an organization uses two firewalls to protect their network, the space between the firewalls is known as what?
- DMZ
Which of the following are authentication factors? (Select all correct answers.)
- Password
- Token generator
- Fingerprint
Which type of attack uses common TCP/IP protocols and software to target a network and learn information?
- Scanning attacks
Which of the following statements regarding encryption are true? (Select all correct answers.)
- Asymmetric encryption algorithms use a public key for encryption and a private key for decryption.
- VPNs are a common use of encrypting data in transit.
Why is security training and education so important?
- Attackers are always coming up with new variations of exploits
- It's one of the best tools for improving information security
What type of VPN is being used in the following scenarios?
- Site-to-site VPN - Users in your network can securely and directly connect to headquarters using the internet to utilize applications.
- Remote Access VPN - Traveling sales reps need to have secure communications with headquarters but often have to use unsecure local wireless connections
For each of the following scenarios, identify the name of the specific threat being described (spyware, shoulder surfing, eavesdropping, etc.).
- Dumpster diving - An attacker sifts through your trash to discover account information.
- Keystroke logger - An attacker installs software to record everything you type in an effort to steal your passwords.
- RAT - You download and install a game. Hidden in the game is software that gives an attacker remote access to your computer.
- Eavesdropping - An attacker uses a protocol analyzer to intercept and read network traffic.
- DDoS - An attacker overwhelms your web server with repeated requests from multiple compromised computers.
- Phishing - A phony e-mail from your bank alerts you that your account has been compromised and gives you a link to visit to verify your credentials.
Match the wireless technology to the statement that describes it.
- 802.11ah HaLow - Up to 18 Mbps at 100 meters or more. Intended for smart home applications.
- 5G - 1 to 10 Gbps with low latency. Intended for high-speed access by smartphones and mobile computing devices.
- 802.11ad WiGig - 7 Gbps at 10 meters. Intended for cable replacement.
- BLE - 1.5 Mbps up to 100 meters. Intended for small devices running on coin cell batteries.
The goal of threat mitigation is to:
- Reduce risk
The IDS determines an attack has occurred at your organization. Security is notified right away. After assessing the situation, management would like to implement a solution that can stop the attack once it is detected. What type of solution should you suggest?
- IPS
What is the goal of SDN?
- Allow network engineers to respond quickly to changing network conditions
What is the goal of the Internet of Things?
- Make everything smart so that objects can connect to the Internet to report data, be monitored, or be remotely controlled
Which of the following are NOT true of hackers?
- Hackers are always an expert in their field
Determine the best authentication solution for the following scenarios.
- Kerberos - An organization running Windows Server needs a highly compatible authentication system.
- TACACS - An organization using Cisco network devices needs to authenticate remote and wireless workers.
- RADIUS - Remote users need to access the network via VPN. There are also wireless users that need to be authenticated.
- CHAP - Users need an encrypted login over a dial-up connection.
Malware is software that infects a user's computer system without that user's permission. What types of malware are being described below?
- Spyware - Keeps track of a user's behaviors such as browser activity and download history.
- Trojan Horse - Appears credible but can install other forms of malware.
- RAT (Remote Access Trojan) - Allows attackers to manipulate and control a computer, often to attack networks.
- Keylogger - Every keystroke a user makes is recorded and transmitted to an attacker.
Match the common security threat with its description.
- A technological or human flaw - Weaknesses
- A weakness exploited by an attacker - Vulnerabilities
- An actor who exploits a vulnerability - Threat actor
- An unsecured network - Threat
Match the type of firewall to the statement that best describes it.
- Stateful inspection - Only passes traffic that fits the context of a session
- UTM - Combines packet and content filtering with anti-virus and anti-spam
- Packet filter - Filters traffic based on header information, such as MAC address, IP address, and port number
- Personal firewall - Inspects traffic entering and leaving a device that is connected to the network
- Proxy server -
Unsecured networks can subject a user to many types of attacks, from eavesdropping on transmitted data to stealing information. What is the best way to mitigate these attacks?
- Use VPN connections and encrypted websites
You receive an email asking for donations to help rescue efforts following a recent earthquake. The email provides a link to where you can donate money. This may be what type of social engineering attack?
- Phishing attack
Which of the following components should be part of your security plan? (Select all correct answers.)
- Mitigations to be performed at network access points
- Plan for reacting to security events
- Access levels for resources and job positions
- Physical security controls
Why is it a good idea to have employees bring their own laptops or tablets? Choose all that apply.
- They are familiar with them and therefore more productive.
- It saves the company money from not having to purchase new machines.
:
Your organization starts receiving massive amounts of SPAM through its email server. What type of solution should you consider implementing?
- Blacklist
.jpg)
