Name:
Class:
Date:
Copyright Cengage Learning. Powered by Cognero.
Page 1
1. A security policy should clearly state the desired rules, even if they cannot be enforced.
a.
True
b.
False
ANSWER:
False
POINTS:
1
REFERENCES:
Developing a Network Security Policy
QUESTION TYPE:
True / False
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
2. You don’t need to physically secure your servers as long as you use a good strong password for your
accounts.
a.
True
b.
False
ANSWER:
False
POINTS:
1
REFERENCES:
Securing Physical Access to the Network
QUESTION TYPE:
True / False
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
3. A honeypot is configured to entice attackers and allows administrators to get information about the attack
techniques being used.
a.
True
b.
False
ANSWER:
True
POINTS:
1
REFERENCES:
Using Intrusion Detection and Prevention Systems
QUESTION TYPE:
True / False
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
4. A rootkit is a self-replicating program that masks itself as a useful program but is actually a type of malware.
a.
True
b.
False
ANSWER:
False
POINTS:
1
REFERENCES:
Other Forms of Malware
QUESTION TYPE:
True / False
Name:
Class:
Date:
Name:
Class:
Date:
Copyright Cengage Learning. Powered by Cognero.
Page 3
a.
encryption
b.
authentication
c.
malware protection
d.
security devices
ANSWER:
a
POINTS:
1
REFERENCES:
Securing Access to Network Data
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
9. Which Windows domain-based protocol provides mutual authentication between devices?
a.
Kerberos
b.
TACACS+
c.
EAP
d.
RADIUS
ANSWER:
a
POINTS:
1
REFERENCES:
Setting Up Authentication and Authorization
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
10. If the minimum password length on a Windows system is set to zero, what does that mean?
a.
The user never has to change the password.
b.
The user can use a blank password.
c.
The user has to change the password every day.
d.
The user account is disabled.
ANSWER:
b
POINTS:
1
REFERENCES:
Setting Up Authentication and Authorization
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
11. Which protocol works by establishing an association between two communicating devices and can use a
preshared key for authentication?
a.
EFS
Name:
Class:
Date:
Copyright Cengage Learning. Powered by Cognero.
Page 4
b.
Kerberos
c.
IPsec
d.
SMB
ANSWER:
c
POINTS:
1
REFERENCES:
Securing Data with Encryption
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
12. Which form of authentication involves the exchange of a password-like key that must be entered on both
devices?
a.
Kerberos authentication
b.
digital certificate
c.
GNU privacy guard
d.
preshared key
ANSWER:
d
POINTS:
1
REFERENCES:
Securing Data with Encryption
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
13. Which standard feature on NTFS-formatted disks encrypts individual files and uses a certificate matching
the user account of the user who encrypted the file?
a.
IPsec
b.
BitLocker
c.
GPG
d.
EFS
ANSWER:
d
POINTS:
1
REFERENCES:
Securing Data with Encryption
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
14. What is created when a packet is encapsulated with additional headers to allow an encrypted packet to be
correctly routed by Internet devices?
a.
frame
Name:
Class:
Date:
Copyright Cengage Learning. Powered by Cognero.
Page 5
b.
EFS
c.
tunnel
d.
access point
ANSWER:
c
POINTS:
1
REFERENCES:
Securing Communication with Virtual Private Networks
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
15. Which VPN implementation typically needs no additional firewall configuration to be allowed access
through the firewall?
a.
SSTP
b.
IPSec
c.
PPTP
d.
L2TP
ANSWER:
a
POINTS:
1
REFERENCES:
Securing Communication with Virtual Private Networks
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
16. What process, available on most routers, will help improve security by replacing the internal IP address of
the transmitting device with a public IP address?
a.
IPSec
b.
NAT
c.
EFS
d.
VPN
ANSWER:
b
POINTS:
1
REFERENCES:
Protecting Networks with Firewalls
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
17. What can firewalls do to help ensure that a packet is denied if it’s not part of an ongoing legitimate
conversation?
a.
intrusion detection
Name:
Class:
Date:
Copyright Cengage Learning. Powered by Cognero.
Page 6
b.
MAC filtering
c.
content filter
d.
stateful packet inspection
ANSWER:
d
POINTS:
1
REFERENCES:
Protecting Networks with Firewalls
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
18. You have purchased a network-based IDS. You have been tasked with deploying the device in a location
where the entire network can be protected. Where should you deploy it?
a.
datacenter
b.
intermediate distribution frame
c.
demilitarized zone
d.
internal LAN
ANSWER:
c
POINTS:
1
REFERENCES:
Using Intrusion Detection and Prevention Systems
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
19. What type of device should you install as a decoy to lure potential attackers?
a.
honeypot
b.
Trojan
c.
IPS
d.
HIDS
ANSWER:
a
POINTS:
1
REFERENCES:
Using Intrusion Detection and Prevention Systems
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
20. What is a type of malware that is so difficult to detect and remove that most experts agree that it is better to
backup your critical data and reinstall the OS?
a.
rootkit
b.
Trojan
Name:
Class:
Date:
Copyright Cengage Learning. Powered by Cognero.
Page 7
c.
hoax virus
d.
spyware
ANSWER:
a
POINTS:
1
REFERENCES:
Other Forms of Malware
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
21. Which of the following is a type of malware that isn’t self-replicating and is usually installed by the user
without his knowledge. It’s primary goal is to invade your privacy by monitoring your system and reporting
your activities to advertisers and spammers.
a.
rootkit
b.
Trojan
c.
hoax virus
d.
spyware
ANSWER:
d
POINTS:
1
REFERENCES:
Spyware and Spam
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
22. You have been asked to determine what services are accessible on your network so you can close those that
are not necessary. What tool should you use?
a.
port scanner
b.
protocol finder
c.
ping scanner
d.
trace route
ANSWER:
a
POINTS:
1
REFERENCES:
Discovering Network Resources
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
23. Which of the following is a type of denial-of-service attack that involves flooding the network with
broadcast messages that contain a spoofed source address of an intended victim?
a.
packet storm
Name:
Class:
Date:
Copyright Cengage Learning. Powered by Cognero.
Page 8
b.
broadcast flood
c.
smurf attack
d.
half-open SYN attack
ANSWER:
c
POINTS:
1
REFERENCES:
Disabling Network Resources
QUESTION TYPE:
Multiple Choice
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
24. Which of the following is a credential category used in multifactor authentication? (Choose all that apply.)
a.
authority
b.
knowledge
c.
rank
d.
possession
e.
inherence
ANSWER:
b, d, e
POINTS:
1
REFERENCES:
Setting Up Authentication and Authorization
QUESTION TYPE:
Multiple Response
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 3:07 PM
25. Which of the following can be used to secure data on disk drives? (Choose all that apply.)
a.
EFS
b.
VPN
c.
IPSec
d.
BitLocker
e.
TrueCrypt
ANSWER:
a, d, e
POINTS:
1
REFERENCES:
Securing Data with Encryption
QUESTION TYPE:
Multiple Response
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 3:07 PM
26. Which of the following are true about WPA3? (Choose all that apply.)
a.
strongest wireless encryption standard
Name:
Class:
Date:
Copyright Cengage Learning. Powered by Cognero.
Page 9
b.
uses TKIP
c.
requires PMF
d.
backward compatible
e.
has only the Enterprise variation
ANSWER:
a, c, d
POINTS:
1
REFERENCES:
Securing Wireless Networks
QUESTION TYPE:
Multiple Response
HAS VARIABLES:
False
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
8/1/2019 4:55 PM
27. How the network resources are to be used should be clearly defined in a (an) ____________ policy.
ANSWER:
acceptable use
POINTS:
1
REFERENCES:
Determining Elements of a Network Security Policy
QUESTION TYPE:
Completion
HAS VARIABLES:
False
STUDENT ENTRY MODE:
Basic
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
28. A common guideline about network security is that if there’s ____________ access to the equipment, there‘s
no security.
ANSWER:
physical
POINTS:
1
REFERENCES:
Securing Physical Access to the Network
QUESTION TYPE:
Completion
HAS VARIABLES:
False
STUDENT ENTRY MODE:
Basic
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
29. ____________ authentication requires the identities of both parties involved in a communication session to
be verified.
ANSWER:
Mutual
POINTS:
1
REFERENCES:
Setting Up Authentication and Authorization
QUESTION TYPE:
Completion
HAS VARIABLES:
False
STUDENT ENTRY MODE:
Basic
DATE CREATED:
7/19/2019 2:36 PM
Name:
Class:
Date:
Name:
Class:
Date:
Copyright Cengage Learning. Powered by Cognero.
Page 11
verified by a certification authority
ANSWER:
a
POINTS:
1
33. spreads by replicating itself into programs or documents
ANSWER:
b
POINTS:
1
34. monopolizes network services or network bandwidth
ANSWER:
c
POINTS:
1
35. inspects packets as they go into and out of the network
ANSWER:
d
POINTS:
1
36. a series of letters, numbers, and special characters, much like a password, that both communicating devices
use to authenticate each other’s identity
ANSWER:
e
POINTS:
1
37. malware that’s activated when a particular event occurs
ANSWER:
f
POINTS:
1
38. a self-contained, self-replicating program
ANSWER:
g
POINTS:
1
39. packets are denied on context as well as packet properties
ANSWER:
h
POINTS:
1
40. used to discover breaches in security
ANSWER:
i
POINTS:
1
41. permits access to computer, bypasses normal authentication
ANSWER:
j
POINTS:
1
42. What is a network security policy?
ANSWER:
A network security policy defines the rules that apply to all users accessing the network. It
includes how they are given access, what they can do once they have access, and what will
happen if they don’t follow the rules.
Name:
Class:
Date:
Name:
Class:
Date:
secure.
46. How will advances in biometric authentication affect security?
ANSWER:
As biometric authentication becomes more reliable and less expensive, using MFA will be
more common. Passwords are often considered a weak link in security systems because users
can write them down or tell other people, so biometric methods combined with some type of
smart card are likely to replace passwords in the future.
POINTS:
1
REFERENCES:
Setting Up Authentication and Authorization
QUESTION TYPE:
Subjective Short Answer
HAS VARIABLES:
False
STUDENT ENTRY MODE:
Basic
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
47. What is the difference between an IDS and IPS?
ANSWER:
An intrusion detection system (IDS) monitors network traffic for malicious packets or traffic
patterns and reports identified security breaches to a management station. A variation on an
IDS is an intrusion prevention system (IPS), which can take countermeasures if an attack is
in progress. These countermeasures include reconfiguring a firewall to prevent suspicious
packets from entering the network, resetting the connection between source and destination
devices, or even disabling the link between inside and outside networks.
POINTS:
1
REFERENCES:
Using Intrusion Detection and Prevention Systems
QUESTION TYPE:
Subjective Short Answer
HAS VARIABLES:
False
STUDENT ENTRY MODE:
Basic
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
48. What is the difference between a virus and a worm?
ANSWER:
Both a virus and a worm are self-replicating programs, but a virus attaches itself to another
program whereas a worm is a self-contained program, and unlike a virus, doesn’t require
another file to spread to other computers.
POINTS:
1
REFERENCES:
Protecting a Network from Malware
QUESTION TYPE:
Subjective Short Answer
HAS VARIABLES:
False
STUDENT ENTRY MODE:
Basic
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
49. What is a penetration tester?
ANSWER:
A penetration tester is a person who is skilled in the art of breaking into a network to find
where the network is vulnerable for the purposes of advising a company on how to be more
Name:
Class:
Date:
Copyright Cengage Learning. Powered by Cognero.
Page 14
POINTS:
1
REFERENCES:
Using an Attacker’s Tools to Stop Network Attacks
QUESTION TYPE:
Subjective Short Answer
HAS VARIABLES:
False
STUDENT ENTRY MODE:
Basic
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM
50. Describe the purpose of a protocol analyzer and how an attacker could use one to compromise your
network.
ANSWER:
Protocol analyzers can capture packets, including the data contained in them. They can be
used to discover available resources on a network and even capture authentication
information such as user names and passwords that are not encrypted.
POINTS:
1
REFERENCES:
Discovering Network Resources
QUESTION TYPE:
Subjective Short Answer
HAS VARIABLES:
False
STUDENT ENTRY MODE:
Basic
DATE CREATED:
7/19/2019 2:36 PM
DATE MODIFIED:
7/19/2019 2:36 PM