Security Chapter 6 pt 1

Which of the following best describes the purpose of using subnets?
subnets divide an IP network address into multiple network addresses
Which of the following is not a reason to use subnets on a network?
combine different media type on to the same subnet
Which of the following IPV6 addresses is equivalent to the IPV4 loopback address of 127.0.0.1?
: :1
Which of the following IP addresses best describes an IPv6 address?
128- bit address
Eight hexadecimal quartets
Which of the following correctly describe the most common format for expressing IPv6 addresses?
Hexadecimal numbers
32 numbers, grouped using colons
Which of the following are valid IPv6 addresses?
141:0:0:15:0:0:1
6384:1319:7700:7631:446A:5511:8940:2552
Which of the following is a valid IPv6 address?
FECO ::AB:9007
Routers operate at what level of the Open System Interconnect model ?
Network Layer
You decided to use a subnet mask of 255.255.192.0 on the 172.17.0.0 network to create four separate subnets. Which network IDs will be assigned to these subnets in this configuration?
172.17.128.0.0
172.17.0.0
You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration. What should you do?
Implement version 3 of SNMP
You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. Which protocol should you implement?
DNS
Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery?
ICMP
You are configuring a network firewall to allow SMTP outbound email traffic and POP3 inbound email traffic. Which of the following TCP/IP ports should you open on the firewall?
25
110
Which port number is only used by SNMP
161
Which of the following ports does FTP use to establish sessions and manage traffic?
20, 21
Using the Netstat command you notice the remote system has made a connection to your Windows Server 2008 system using TCP/IP port 21. Which of the following actions is the remote system most likely to be performing?
Downloading a file
To increase security on your company’s internal network the admin has disabled as many ports as possible. Now however though you can browse the internet you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
443
Which of the following network services or protocols uses TCP/IP port 22?
SSH
1. SNMP
2. SSH
3. TFTP
4. SCP
5. Telnet
6.HTTPS
7. HTTP
8. FTP
9. SMTP
10. POP3
1. 161 TCP and UDP
2. 22 TCP and UDP
3. 69 UDP
4. 22TCP and UDP
5. 23 TCP
6. 443 TCP and UDP
7. 80 TCP
8. 20 TCP
9. 25 TCP
10. 110 TCP
Which of the two following lists accurately describes TCP and UDP ?
UDP: connectionless, unreliable, unsequenced,low overheard

TCP: connection-oriented, reliable, sequenced, high overhead

You are an app developer creating apps for a wide variety of customers. In which two of the following situations would you select a connectionless protocol?
A gaming company wants to create a networked version of its latest game. Communication speed and reducing packet overhead are more important than error-free delivery

A company connects two networks through an expensive WAN link. The communication media is reliable but very expensive. They want to minimize connection times

You want to maintain tight security on your internal network so you can restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS which port should you enable?
53
Your company’s network provides HTTP HTTPS and SSH access to remote employees. Which ports must be opened on the firewall to allow this traffic to pass?
80, 443, 22
Your network recently experienced a series of attacks aimed at the Telnet FTP services. You have rewritten the security policy to abolish the unsecured services and now you must secure the network using your firewall routers. Which ports must be closed to prevent traffic directed to these two services ?
23,21
Which of the following is the main difference between a DoS attack and a DDoS attack?
The DDoS attack uses zombie computers
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?
DDoS
You suspect that an Xmas attack is occurring on the system. Which of the following could result if you do not stop the attack?
The system will be unavailable to respond to legitimate requests

The threat agent will obtain info about open ports on the system

You need to enumerate the devices on your network and display the configuration details of the network. Which of the following should you use?
nmap
An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing?
browsing the organization’s website
Which type of active scans turns off all flags in a TCP header?
Null
Which of the following Denial of Service (DOS) attacks uses ICMP packets and will only be successful if the victim has less bandwidth then the attacker?
Ping flood
In which of the following Denial of Service (DOS) attacks does the victim’s system rebuild invalid UDP packets causing them to crash or reboot?
Teardrop
A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver address, which is the address of the server. This is an example of what type of attack?
Land Attack
Which of the following is a form of denial of service attack that subverts the TCP three-way handshake process by attempting to open numerous sessions on a victim server but intentionally failing to complete the session by not sending the final required packet?
SYN flood
Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?
Smurf
A SYN attack or a SYN flood exploits or alters which element of the TCP three-way handshake?
ACK
When a SYN is flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address the attack is now called what ?
Land attack
A smurf attack requires all but which of the following elements to be implemented?
padded cell
Which of the following best describes the ping of death?
An ICMP packet that is larger than 65,536 bytes
Which of the following is the best countermeasure against man-in-the-middle attacks?
IPSec
What is modified in the most common form of spoofing on a typical IP packet
source address
Which type of denial of service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?
DNS poisoning
Which of the following describes a man-in-the-middle attack?
a false server intercepts communications from a client by impersonating an intended server
Capturing packets as they travel from one host to another with the intent of altering contents of the packets is a form of which security concern?
man-in-the-middle attack
When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets in the communication stream what type of attack has occurred?
Hijacking
What is the goal of TCP/IP hijacking attack?
Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access
Which of the following is not a protection against session hijacking?
DHCP reservations
Which of the following is the most effective protection against IP packet spoofing on a private network?
Ingress and egress filters
While using the internet you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, the browser displays a completely different website. When you use the IP address of the web server the correct site is displayed. What type of attack has likely occurred?
DNS poisoning
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
ARP poisoning