##SET NAME Security+ (Infrastructure) ##QUESTION ID 1 ##QUESTION TEXT On a Unix computer, which of the following umask parameters grants the read, write and execute permissions to the owner of a newly created file and grants no permissions on a newly created file to any other users? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS 007 (correct)077 700 770 ##EXPLANATION TEXT On a Unix computer, the umask parameter 077 grants the read, write and execute permissions to the owner of a newly created file and grants no permissions on a newly created file to any other users. With respect to values in a umask parameter, a 0 grants all access and a 7 denies all access to newly created files. The first value in a umask parameter represents the owner of a file, the second value represents group permissions and the third value represents world permissions. The umask parameter 007 gives owner and group the read, write and execute permissions and denies world access to newly created files. The 700 umask parameter denies the file owner any access to a newly created file and grants group and world full access permissions to the newly created file. The 770 umask parameter denies a file owner and group access to a newly created file and grants world full access to the newly created file. ##QUESTION ID 2 ##QUESTION TEXT Which of the following VPN solutions uses ASIC hardware to ensure that VPN traffic uses only a certain amount of resources? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS Hardware-based VPN Firewall-based VPN (correct)Router-based VPN Software-based VPN ##EXPLANATION TEXT Routers use application-specific integrated circuit (ASIC) hardware, which enables a router to control the amount of resources used by certain services, such as virtual private networks (VPNs). A router-based VPN can be insecure because a router is vulnerable to spoofing by hackers. A hardware-based VPN is a black box VPN connection point that can be placed either inside or outside a network firewall. A firewall-based VPN is a VPN connection point that is integrated into a firewall product. A software-based VPN is a VPN connection point solution that can be installed on an operation system. Hardware-based VPNs, firewall-based VPNs and software-based VPNs do not typically use ASIC hardware. ##QUESTION ID 3 ##QUESTION TEXT Which of the following is used to create an encrypted remote terminal connection with a Unix computer? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS FTP SCP (correct)SSH Telnet ##EXPLANATION TEXT Secure Shell (SSH) is used to create an encrypted remote terminal connection with a Unix computer. File Transfer Protocol (FTP) is used to transfer files on a TCP/IP network. FTP transmits data in clear text. Secure copy (SCP) enables users to transfer files over a secure connection. Telnet is a protocol that enables a user to establish terminal connections with Unix computers. Telnet transmits data in clear text. ##QUESTION ID 4 ##QUESTION TEXT Which of the following is RAID 5? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS Disk duplexing Disk mirroring Disk striping (correct)Disk striping with parity ##EXPLANATION TEXT Redundant Array of Independent Disks (RAID) is a technology that enables an array of hard disks to work together as if it were a single hard disk. RAID 5 is referred to as disk striping with parity. RAID 5 stores files in disk stripes, which are small blocks of data that are simultaneously stored on the disks in a RAID 5 array. A parity stripe is stored on each disk in a RAID 5 array, and any disk in a RAID 5 array can be reconstructed from the parity stripes on the other hard disks in the array. RAID typically provides high availability of data. Disk mirroring and disk duplexing are classified as RAID 1. In disk mirroring, two hard disks are connected to a single hard disk controller, and a complete copy of each file is stored on each hard disk in a mirror set. Disk duplexing is similar to disk mirroring; however, in disk duplexing, each hard disk is connected to a different hard disk controller. ##QUESTION ID 5 ##QUESTION TEXT Which of the following is a public IP address? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS 10.12.220.125 172.18.240.10 (correct)186.17.130.19 192.168.193.84 ##EXPLANATION TEXT The Internet Protocol (IP) address 186.17.130.19 is a public address. A public address is one that is valid on the public Internet. In contrast, IP addresses specified as private can be used on private networks, but will not be routed over the Internet. IP addresses in the ranges 10.0.0.0 through 10.255.255.255, 172.16.0.0 through 172.31.255.255 and 192.168.0.0 through 192.168.255.255 are designated as private IP addresses. Network address translation (NAT) is used to translate private addresses used on a private network into public addresses that are valid on the Internet. When NAT is used, a single external address can be used to mask the addresses on the internal network. ##QUESTION ID 6 ##QUESTION TEXT Which of the following is RAID 0? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS Disk duplexing Disk mirroring (correct)Disk striping Disk striping with parity ##EXPLANATION TEXT Redundant Array of Independent Disks (RAID) 0 is disk striping. RAID 0 provides no fault tolerance. RAID enables a group, or array, of hard disks to act as a single hard disk. RAID 0 stores files in stripes, which are small blocks of data that are written across the disks in an array. Parts of a large file might be stored on every disk in a RAID 0 array. RAID 5 is referred to as disk striping with parity. RAID 5 stores files in disk stripes, which are small blocks of data that are simultaneously stored on the disks in a RAID 5 array. A parity stripe is stored on each disk in a RAID 5 array, and any disk in a RAID 5 array can be reconstructed from the parity stripes on the other hard disks in the array. RAID typically provides high availability of data. Disk mirroring and disk duplexing are classified as RAID 1. In disk mirroring, two hard disks are connected to a single hard disk controller, and a complete copy of each file is stored on each hard disk in a mirror set. Disk duplexing is similar to disk mirroring; however, in disk duplexing, each hard disk is connected to a different hard disk controller ##QUESTION ID 7 ##QUESTION TEXT Which of the following types of IDS events will security personnel typically examine most often? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS file snooping events hacker attack events port scan events (correct)suspicious events ##EXPLANATION TEXT Security personnel will typically examine suspicious Intrusion Detection System (IDS) events, which are events that resemble hacker attacks but are not actually hacker attacks. For example, changing Windows Registry keys might be innocuous but interpreted by an IDS as a hacker attack. File snooping events and port scan events are examples of hacker reconnaissance events that can be detected by an IDS. Hacker attacks include such malious activities as Ping of Death and SYN attacks. Security personnel will not typically examine hacker reconnaissance or hacker attacks more ofter than suspicious IDS events. ##QUESTION ID 8 ##QUESTION TEXT Which of the following DNS TLDs is typically used by treaty organizations? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS .com .gov (correct).int .mil ##EXPLANATION TEXT The .int Domain Name Service (DNS) top-level domain (TLD) is typically used by international treaty organizations. The .gov DNS TLD is reserved for United states governmental organizations. The .com DNS TLD is typically used by commercial entities. The .mil DNS TLD is used by the United States military. DNS enables users to gain access to resources on a TCP/IP network by using domain names rather than IP addresses. DNS operates on well-known port 53. Port 53 should be open on network equipment, such as firewalls, to enable users to gain access to DNS resources on a TCP/IP network. ##QUESTION ID 9 ##QUESTION TEXT Which of the following Unix ACLs grants the read, write and execute permissions to the owner of a file and grants only read access to group and world users? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)-rwxr--r-- -r--rwxr-- drwxr--r-- dr--rwxr-- ##EXPLANATION TEXT The Unix access control list (ACL) -rwxr--r-- grants the read, write and execute permissions to the owner of a file and grants only read access to group and world users. The first - character indicates that the ACL is for a file. The rwx indicates that the owner of the file has read, write and excute permissions. The first r-- grants the owner's group only read access on the file, and the second r-- grants world users only read access to the file. The ACL -r--rwxr-- grants the owner of a file and world users only read access to the file and the owner's group read, write and execute permissions on the file. The ACL drwxr--r-- and the ACL dr--rwxr-- are ACLs for a directory, as indicated by the leading d in each of these ACLs. ##QUESTION ID 10 ##QUESTION TEXT A Web server is on a DMZ segment. The Web server only serves HTTP pages, and there are no other computers on the DMZ segment. Which of the following ports should be opened on the Internet side of the DMZ firewall? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS 20 (correct)80 110 443 ##EXPLANATION TEXT Only port 80 should be opened on the Internet side of the demilitarized zone (DMZ) firewall. The firewall will allow only HTTP traffic to enter the DMZ; all other port traffic will be prevented from entering the DMZ. Port 20 is used by File Transfer Protocol (FTP) to send data. Port 110 is used by Post Office Protocol (POP), and port 443 is used by Secure Sockets Layer (SSL). The Web server on the DMZ only serves Web pages, so only HTTP services should be activated on the Web server. All other services on the Web server should be deactivated, which will strengthen security on the Web server. ##QUESTION ID 11 ##QUESTION TEXT Which of the following is a WAN technology that provides a fully digital connection in increments of 64 Kbps and uses B and D channels to communicate over existing telephone lines? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS DSL Frame Relay (correct)ISDN T1 ##EXPLANATION TEXT Integrated Services Digital Network (ISDN) is a fully digital connection that is provided in increments of 64 kilobits per second (Kbps) and uses B and D channels to communicate over existing telephone lines. Digital Subscriber Line (DSL) is a fully digital connection that has a maximum upstream transmission rate of 1 megabit per second (Mbps) and a maximum downstream transmission rate of 32 Mbps. Similar to ISDN, DSL uses existing telephone lines. Frame Relay is a WAN technology that provides connectivity through a shared Frame Relay transmission network. A T1 leased line is a dedicated private connection between two locations that provides a maximum theoretical data transmission rate of 1.544 Mbps. ##QUESTION ID 12 ##QUESTION TEXT Which type of IDS searches through log files on network computers for evidence of hacker attacks? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS HIDS (correct)LFM NIDS SIV ##EXPLANATION TEXT A log file monitor (LFM) Intrusion Detection System (IDS) is a passive security measure that reads log files on network computers in an effort to discover evidence of hacker attacks. LFMs are considered passive because they can only be used to establish that an attack occurred after the fact. A Host Intrusion detection System (HIDS) monitors a single host on a network for hacker attacks. A Network Intrusion Detection system (NIDS) monitors multiple hosts on a network for hacker attacks. A System Integrity Verifier (SIV) examines critical system files for modifications. Modified system files might indicate that a computer has been attacked by a hacker. ##QUESTION ID 13 ##QUESTION TEXT A server is on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. Which of the following ports should be opened on the Internet side of the DMZ firewall? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)20 80 110 443 ##EXPLANATION TEXT FTP uses ports 20 and 21 by default, so port 20 should be opened on the Internet side of the demilitarized zone (DMZ) firewall to enable the server to provide FTP services. The firewall will then allow FTP traffic through, but no other port traffic will be allowed to enter the DMZ. Only necessary ports should be opened on the Internet side of a DMZ firewall in order to limit hackers' abilities to access the internal network. Port 80 is used by Hypertext Transfer Protocol (HTTP) to transfer Web pages. Port 110 is used by the Post Office Protocol (POP), and port 443 is used by Secure Sockets Layer (SSL) ##QUESTION ID 14 ##QUESTION TEXT Which of the following is a group of updates that is designed to be applied to a Microsoft operation system? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS AD IIS RIP (correct)SP ##EXPLANATION TEXT A Service Pack (SP) is a group of updates that is designed to be applied to a Microsoft operating system. An SP should be applied to an operating system only after the SP has been thoroughly tested. Applying an untested SP to a computer can cause problems because the SP might contain bugs. Active Directory (AD) is a directory service designed by Microsoft for Windows 2000 and Windows XP networks. Internet Information Services (IIS) is a Web server that is provided with Microsoft operating systems. Routing Information Protocol (RIP) is a routing protocol designed to facilitate the transmission of data between network segments. ##QUESTION ID 15 ##QUESTION TEXT Which of the following is a central connection device on an Ethernet network that is configured in a star topology? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)a hub a bridge a MAU a router ##EXPLANATION TEXT A hub is a central connection device on an Ethernet network that is configured in a star topology. A bridge divides a single network into two separate collision domains in order to control traffic. A Multistation Access Unit (MAU) is a central connection device on a Token Ring network. A router is a device that connects subnets together and transmits data between the subnets. Routers can be configured for security purposes to restrict network traffic to a particular network. ##QUESTION ID 16 ##QUESTION TEXT Which of the following is a Bluetooth class that supports a maximum transmission range of 100 meters? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)1 2 3 4 ##EXPLANATION TEXT Bluetooth class 1 support a maximum data transmission of 100 meters and power usage of 100 milliwatts. Bluethooth class 2 supports a maximum data transmission range of 10 meters and power usage from 1 to 2.5 milliwatts. Bluetooth class 3 supports a data transmission range from 0.1 to 10 meters and a power usage of 1 miliwatt. There is no Bluetooth class 4. ##QUESTION ID 17 ##QUESTION TEXT What Unix tools can be used to determine which network ports are open and listening? Select two choices. ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-multi ##ANSWERS (correct)Isof (correct)netstat ping ps ##EXPLANATION TEXT The netstat and Isof Unix tools can be used to determine which network ports are open and listening. The Isof tool can be used to determine which processes are keeping ports open. The ping tool can be used to determine whether a computer on a network is communicating. The ps tool can be used to determine which processes are running on a Unix computer. These tools can be incorporated into a rootkit, which is a package of files and programs that a hacker can load onto a Unix computer to help the hacker gain access to that computer in the future. ##QUESTION ID 18 ##QUESTION TEXT Which of the following LAN topologies uses CSMA/CD? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS 802.11b (correct)Ethernet FDDI Token Ring ##EXPLANATION TEXT Ethernet is a local area network topology that uses Carrier Sense Multiple Access with Collison Detection (CSMA/CD). 802.11b is a wireless network topology that uses Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). Fiber Distributed Data Interface (FDDI) and Token Ring are ring topologies that are token passing, and not CSMA/CD. ##QUESTION ID 19 ##QUESTION TEXT Which of the following is a network connection construct that is used to transport encapsulated network transmissions? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)a tunnel a packet a pulse a wave ##EXPLANATION TEXT A tunnel is a network connection construct that is used to transport encapsulated network transmissions. A tunnel can also be used to enscapsulate transmissions from one type of network transmission protocol inside another type of network transmission protocol. A packet is a single block of data that is transmitted on a network. A pulse of light is used to transmit data on a fiber-optic network. A radio wave is used to transmit data on some types of wireless networks. ##QUESTION ID 20 ##QUESTION TEXT Which of the following is a passive measure that can be used to prevent hacker attacks? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)event logging firewall reconfiguration connection termination process termination ##EXPLANATION TEXT Event logging is a passive measure that can be used to prevent hacker attacks. Event logging is considered a passive measure because it does not create obstacles to attacks. Administrators can, however, review log files after an attack to determine the source of an attach and the means used to attack. The information obtained from log files can be used to implement active prevention measures. Log files can also be used as legal evidence in prosecuting attackers, so log files should be protected and measures should be taken to ensure their integrity. Connection termination, firewall reconfiguration and process termination are active measures for the prevention of hacker attacks; these methods establish obstacles intended to foreclose, or at least limit, the possibility of attack. ##QUESTION ID 21 ##QUESTION TEXT Which of the following is a public network? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS an intranet an extranet (correct)the Internet a VPN ##EXPLANATION TEXT The Internet is a public network. Anyone can use an Internet Service Provider (ISP) to connect to the Internet. An intranet is a private network that uses Web technologies to create network connections. Businesses might use intranets to connect the departments in their organizations. An extranet is a secure network connection through the Internet that is designed for business-to-business communications. A virtual private network (VPN) connection is a secure, tunneled connection through a public nework. Remote employees often use VPN connections to connect to company networks. ##QUESTION ID 22 ##QUESTION TEXT Which of the following technologies operate at a maximum data transfer rate of 1 Mbps? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS Ethernet 802.11b (correct)Bluetooth WiFi ##EXPLANATION TEXT Bluetooth operates at a maximum data transfer rate of 1 megabit per second (Mbps). Bluetooth is typically integrated into handheld devices, laptop computers and personal data assistants (PDAs). Ethernet networks operate at 10 Mbps, Fast Ethernet networks operate at 100 Mbps, and Gigabit Ethernet networks operate at 1 gigabit per second (Gbps). WiFi, which is sometimes referred to as 802.11b, operates at 11 Mbps. ##QUESTION ID 23 ##QUESTION TEXT Which of the following devices is designed to transmit traffic that is not specifically denied between networks in the most efficient possible manner? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS a hub (correct)a router a firewall a repeater ##EXPLANATION TEXT A router is a device that is designed to transmit all data that is not specifically denied between networks in the most efficient manner possible. A firewall is a mechanism that is designed to deny transmission of data that is not specifically allowed. For example, a firewall can be configured to ensure that messages on a TCP/IP subnet stay local to the subnet. Additionally, a firewall can be used to restrict access to a private network fropm the Internet. A hub and a repeater are central network connection devices that are designed to transmit data between computers on the same subnet. Hubs and repeaters are not used to transmit data between subnets. ##QUESTION ID 24 ##QUESTION TEXT Which of the following is a protocol designed and developed by a consortium of major companies to support the automation and safety of processing payment information on the internet? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS PSTN (correct)SET VRML VLAN ##EXPLANATION TEXT Secure Electronic Transaction (SET) is a protocol designed and developed by a consortium of major companies, such as Microsoft and Visa, to support the automation and safety of processing payment information on the Internet. The Public Switched Telephone Network (PSTN) is the standard telephone network used by landline telephone users. Virtual Reality Markup Language (VRML) was designed to enable the display of three-dimensional environments. A virtual local area network (VLAN) is a subdivision of the computers that are connected to a switch. A VLAN can be implemented to divide a network segment into smaller segments to reduce the number of broadcasts on the network. ##QUESTION ID 25 ##QUESTION TEXT which of the following DNS TLDs is typically used by businesses? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct).com .gov .int .mil ##EXPLANATION TEXT The .com Domain Name Service (DNS) top-level domain (TLD) is typically used by businesses. The .gov DNS TLD is typically used by United States government organizations. The .int TLD is typically used by international treaty organizations, such as the North Atlantic Treaty Organization (NATO) and the United Nations (UN). The .mil TLD is used by the United States military entities, such as the United States Army and the United States Marine Corps. ##QUESTION ID 26 ##QUESTION TEXT What commands can be used on a Windows 98 computer to view IP configurations? Select two choices ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-multi ##ANSWERS (correct)ipconfig netstat ps (correct)winipcfg ##EXPLANATION TEXT Either the ipconfig command or the winipcfg command can be used on a Windows 98 computer to view Internet Protocol (IP) settings, such as IP address, subnet mask and default gateway. The netstat command can be used to determine which network ports are open and listening. The ps command cana be used on Unix and Linus computers to determine which processes are running. ##QUESTION ID 27 ##QUESTION TEXT Which of the following is a type of network architecture that is typically based on SONET ring topology? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS AD (correct)MAN NDS VLAN ##EXPLANATION TEXT A metropolitan area network (MAN) is a type of network that is typically based on a SONET ring topology. Mans are used to connect businesses in a metropolitan area or to connect businesses to a wide area network (WAN). Active Directory (AD) is a directory service provided on Windows 2000 and windows XP networks. Novell Directory Service (NDS) is a directory service developed by Novell for its Net ##QUESTION ID 28 ##QUESTION TEXT Which of the following is an embedded firewall? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)a firewall that is intergrated into a router a firewall installed on a server operating system a black box device a component that is added to a hardware firewall ##EXPLANATION TEXT A metropolitan area network (MAN) is a type of network that is typically based on a SONET ring topology. Mans are used to connect businesses in a metropolitan area or to connect businesses to a wide area network (WAN). Active Directory (AD) is a directory service provided on Windows 2000 and Windows XP networks. Novell Directory Service (NDS) is a directory service developed by its NetWare operating system. A virtual local area network (VLAN) is a subgroup of computers connected to a switch. A VLAN can be implemented to reduce the volume of broadcasts on a network segment. ##QUESTION ID 29 ##QUESTION TEXT Which of the following is a copper network medium that is designed to support gigabit data transmission rates? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS CAT5 UTP (correct)CAT7 UTP fiber-optic cable WLAN ##EXPLANATION TEXT Category 7 unshielded twisted pair (CAT7 UTP) is a copper network medium that is designed to support gigabit data transmission rates. Category 5 (CAT5) UPT is a copper network medium that is designed to support up to 100 megabits per second (Mbps) data transmission rates. Fiber-optic cable is a glass or plastic cable that transmits light pulses. Fiber-optic cable is immune to electromagnetic interference (EMI); however, it typically costs more than UTP cable. A wireless local area network (WLAN) is a network topology that uses radio waves as the data transmission medium. Radio waves are vulnerable to EMI, environmental conditions and hacker attacks. ##QUESTION ID 30 ##QUESTION TEXT Which of the following transmits encrypted authentication information over a secure communications channel? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS FTP HTTP (correct)SSH Telnet ##EXPLANATION TEXT Secure Shell (SSH) transmits both authentication information and data securely during terminal connections with Unix computers. File Transfer Protocol (FTP) and Telnet transfer authentication information in clear text. Hypertext Transfer Protocol (HTTP) transfers data in clear text, and HTTP does not require authentication information. ##QUESTION ID 31 ##QUESTION TEXT Which of the following represent active measures taken to protect against hacker attacks? Select two choices ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-multi ##ANSWERS (correct)connection termination (correct)deception logging notification ##EXPLANATION TEXT Deception and connection termination represent active measures taken to protect against hacker attacks. A honeypot is a deception measure that is set up on a network to lure attackers to attack and to deceive attackers into attacking specific areas that present limited liability to the network. Connection termination automatically breaks connections that meet criteria indicative of an attack and blocks subsequent connection attempts to the compromised point of access. Logging and notification are examples of passive responses to hacker attacks. ##QUESTION ID 32 ##QUESTION TEXT Which of the following is a PBX technology? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)Centrex CERN CHAP HTCPCP ##EXPLANATION TEXT Centrex is a Private Branch Exchange (PBX) technology. PBX provides a company with a connection to the telephone network through a private switch. Typically, a PBX switch is located on a compnay's premises. A Centrex PBX switch, however, is located at the telephone company. One advantage of Centrex technology is that telephone company personnel, rather than company personnel, manage the PBX switch. CERN is a European organization that helped to create the protocols that enable computers to communicate on the Internet. Challenge Handshake authentication Protocol (CHAP) is a remote access authentication protocol. Hypertext Coffee Pot Control Protocol (HTCPCP) is a humorous recommendation for a protocol that can operate over TCP/IP to control a user's coffee pot ##QUESTION ID 33 ##QUESTION TEXT Which of the following is RAID 1 implemented with a single hard disk controller? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS disk duplexing (correct)disk mirroring disk striping disk striping with parity ##EXPLANATION TEXT Redundant Array of Independent Disks (RAID) 1 implemented with a single hard disk controller is referred to as disk mirroring. With disk mirroring, two hard disks are connected to the same hard disk controller, and a complete copy of each file is stored on each hard disk. disk duplexing is also a RAID 1 implementation. However, with disk duplexing, each hard disk is connected to a separate hard disk controller. The use of separate hard disk controllers provides increaed fault tolerance. Disk striping is RAID 0. Files on a RAID 0 array are stored in stripes, which are small data blocks. Parts of a large fiale might be stored on every disk in a RAID 0 array. RAID 5 is disk striping with parity. One stripe stored on a RAID 5 array is a parity stripe. The data stored on any one disk in a RAID 5 array can be reconstructed from the parity stripes stored on the other disks in the array. ##QUESTION ID 34 ##QUESTION TEXT Wich of the following protocols allows the transfer of files over a secure connection? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS FTP (correct)SCP SSH Telnet ##EXPLANATION TEXT Secure Copy (SCP) is used on Unix networks to transfer files osver a secure connection. File Transfer Protocol (FTP) is used to transfer files in clear text. FTP also transfers authentication information in clear text. Secure Shell (SSH) enables users to establish secure terminal connections with Unix computers. Telnet enables users to establish clear text terminal connections with Unix computers. Telnet also transmits auathentication information in clear text. ##QUESTION ID 35 ##QUESTION TEXT Which type of IDS is designed to notify administrators when critical system files ona computer are altered? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS NIDS HIDS (correct)SIV LFM ##EXPLANATION TEXT A System Integrity Verifier (SIV) is an Intrusion Detection system (IDS) designed to alert network administrators when critical system files have been altered. An IDS is designed to monitor network traffic on single or multiple computers to determine whether hackers are trying to infiltrate a network. an IDS is not designed to detect other types of security problems, such as digital pests or security bugs in installed software on network computers. a Network Intrusion Detection system INIDS) is designed to monitor multiple computers on a network for hacker intrusion. a Host Intrusion Detection system (HIDS) is designed to detect hacker intrusions on a single network computer. A Log File Monitor (LFM) scans the logs generated by network computers, searchinf for patterns that indicate hacker attacks. ##QUESTION ID 36 ##QUESTION TEXT Which of the following is a Bluetooth security mode that is refered to as promiscuous mode? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)SM1 SM2 SM3 SM4 ##EXPLANATION TEXT Bluetooth security mode 1 (SM1) is referred to as promiscuous mode. Because a Bluetooth device in SM1 will allow any other bluetooth device to initiate a session, these devices are vulnerable to hacker attacks. In SM2, a Bluetooth device enforces security after a connection is accepted, which opens an SM2 Bluetooth device to man in the middle attacks. In SM3, a Bluetooth device transmits all connections in an authentication and encryption wrapper. Bluetooth does not support SM4. ##QUESTION ID 37 ##QUESTION TEXT what is the manimum data transmission rate of Bluetooth? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)1Mbps 10Mbps 11Mbps 100Mbps ##EXPLANATION TEXT Bluetooth is a wireless communication technology that operates at a maximum data transmission rate of 1 megabit per second (Mbps). Bluetooth is currently being integrated into handheld devices, laptop computers and personal data assistants (PDAs). 10BaseX Ethernet networks operate at 10 Mbps. WiFi, which is sometimes referred to as 802.11b, operattes at 11 Mbps. WiFi operates in the 2.4 gigahertz (GHz) frequency range, which means that some modem wireless telephones can interfere with wifi communications. 100baseXEthernet networks operate at 100 Mbps. ##QUESTION ID 38 ##QUESTION TEXT What is a production honeypot? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS A technology that reads log files to detrermine whether a network is undergoing a hacker attack. A technology that monitors a host on a network to determine whter a host has been attacked by a hacker. A computer system that is designed to study hacker attacks. (correct)A computer system that is designed to divert hackers from network resources. ##EXPLANATION TEXT A production honeypot is a computer system that is designed to divert hackers from network resources. A production honeypot is typically configured to gather information about hackers so they can be tracked and apprehended. A research honeypot is designed to enable researchers to study the methods that hackers use to infiltrate a computer network or computer system. Information gathered from research honeypots is typically used to help create stronger network security measures. A Log File Monitor (LFM) is an Intrusion detection system (IDS) technology that reads log files to determine whether a network is undergoing a hacker attack. a Host Intrusion Detection system (HIDS) is an IDS technology that monitors a host on a network to determine whether that host has been attacked by a hacker. ##QUESTION ID 39 ##QUESTION TEXT what command can be used on a windows 2000 computer to view IP configurations? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)ipconfig netstat ping winipcfg ##EXPLANATION TEXT The ipconfig command can be used on a windows 2000 computer to view Internet Protocol (IP) settings, such as IP address, subnet mask and default gateway. The netstat utility cana be used to determine which network ports are open and listening. The ping utility can be used to determine whether a computer on a network is communicating. The winipcfg command can be used on a Windows 98 computer ot view IP settings. ##QUESTION ID 40 ##QUESTION TEXT Which of the following UID numbers represents root on a Unix computer? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)0 10 100 1000 ##EXPLANATION TEXT The User Identification (UID) number 0 represents root on a Unix computer. A new user account should never be assigned UID 0 on a Unix computer, typically, users should be assigned UIDs above 100. also, Uids should not be duplicated on a Unix computer. ##QUESTION ID 41 ##QUESTION TEXT Which of the following should be used to encapsulate IPX packets for transport over a TCP/IP network? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS authentication authorization encryption (correct)tunneling ##EXPLANATION TEXT Tunneling should be used to encapsulate Internetwork Packet Exchange (IPX) packets for tansport over a Transmission Control Protocol/Internet Protocol (TCP/IP) network. Tunneling can also be used to ensapsulate packets for secure transport over the Internet. A connection that uses tunneling for transporting encrypted packets is typically referred to as a virtual private network (VPN). Authentication is used to restrict network access to recognized users. Authorization is used to restrict access to network resources to certain groups and individual authenticated users. encryption is used to protect the confidentiality of files. ##QUESTION ID 42 ##QUESTION TEXT Which of the following is a software firewall? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS a firewall that is integrated into a router (correct)a firewall that operates on a server operating sysytem an appliance firewall an application firewall ##EXPLANATION TEXT A software firewall operates on a server operating system, such as windows NT 4.0 or Unix. A firewall that is integrated into a router is an embedded firewall. An appliance firewall is a black box hardware firewall. An application firewall filters traffic at the application layer of the Open systems Interconnection (OSI) model. ##QUESTION ID 43 ##QUESTION TEXT Which of the following types of firewalls is also referred to as an appliance firewall? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS application embedded (correct)hardware software ##EXPLANATION TEXT A hardware firewall is also referred to as an appliance firewall. Appliance firewalls are often designed as stand-alone black box solutions that can be plugged in to a network and operated with minimal configuration and maintenance. An application firewall is typically integrated into another type of firewall to filter traffic that is traveling at the application layer of the Open systems Interconnection (OSI) model. An embedded firewall is typically implemented as a component of a hardware device, such as a swithch or a router. A software firewall is a program that runs within an operating systen, such as Linux, Unix or windows 2000. Firewalls can be used to create demilitarized zones (DMZs). a DMZ is a network segment placed between an internal network and a public network, such as the Internet. Typically, either one or two firewalls are used to create a DMZ. a DMZ with a firewall on each end is typically more secure than a single-firewall DMZ. However, a DMZ implemented with one firewall connected to a public network, a private network and a DMZ segment is cheaper to implement than a DMZ implemented with two firewalls. ##QUESTION ID 44 ##QUESTION TEXT Which of the following is a private IP address? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)10.12.220.125 170.18240.10 186.17.130.19 191.168.193.84 ##EXPLANATION TEXT The Internet Protocol (IP) address 10.12.220.125 is a private addresss. IP addresses in the ranges 10.0.0.0 through 10.255.255.255, 172.16.0.0 through 172.31.255.255, and 192.168.0.0 through 192.168.255.255 are reserved for private IP addresses. Private, or internal, addresses are valid on private networks, but no on the public Internet. the IP addresses 170.18.240.10, 186.17.130.19 and 191.168.193.84 are public IP addresses. a public, or external, IP address is one that is valid on the public Internet. ##QUESTION ID 45 ##QUESTION TEXT Which of the following active responses to a hacker attack is a honeypot? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS (correct)deception network configuration termination of a connection termination of a process ##EXPLANATION TEXT A honeypot is a deception method of active response to a hacker attacker. In a deception response, a hacker is led to believe that he or she has infiltrated a network while information is being gathered about the attack. A honeypot is a computer on a network that is configured to lure hacker attacks so that the attacks can be studied and the intruder can be caught. reconfiguration of a network can be used to close potential avenues of attack. Termination of a process or connection that a hacker is currently using might also counteract a hacker attack. ##QUESTION ID 46 ##QUESTION TEXT On a Windows 2000 computer which of the following permissions enables the user to take ownership of files in a folder ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS Add (correct)Full Control List Read ##EXPLANATION TEXT On a Windows 2000 computer , the Full Control permission enables a user to take ownership of files in a folder. A user who has been assigned the Full Control permission for a folder can also set permissions on the folder. A user who has been assigned the Read permission for a folder can execute programs stored in the folder. ##QUESTION ID 47 ##QUESTION TEXT Which of the following network mediums should be selected to protect network transmissions from EMI ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS CAT5 UTP CAT7 UTP (correct)fiber-optic cable radio waves ##EXPLANATION TEXT Fiber-optic cable transmits data as light pulses, which are immune to electromagnetic interference(EMI). Category % unshielded twisted pair (CAT5 UTP) is a standard copper network transmission cable that is designed to support 10 megabits per second (Mbps) and 100 Mbps transmissions. Both CAT5 UTP and CAT& UTP are unshielded, making them vulnerable to EMI. Wireless network topologies, such as 802.11b, use radio waves as the network medium. Radio waves are unshielded and,therefore, also vulnerable to EMI. ##QUESTION ID 48 ##QUESTION TEXT Which of the following networks transfers at a maximum rate of 100 Mbps? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS Bluetooth (correct)Fast Ethernet Gigabit Ethernet Wi-Fi ##EXPLANATION TEXT Fast Ethernet networks operate at 100 megabits per second (Mbps). Gigabit ethernet networks operate at 1 gigabit per second (Gbps). Bluetooth operates at a maximum data transfer rate of 1 Mbps. Handheld devices, laptop computers and personal data assists (PDAs) are some devices that incorporate bluetooth. wifi operates at 11 Mbps. wiFi is sometimes referred to as 802.11b. ##QUESTION ID 49 ##QUESTION TEXT On a network which of the following is typically monitored by a HIDS ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS violations of policy all HTTP traffic (correct)failed login attempts all FTP traffic ##EXPLANATION TEXT A Host Intrusion Detection System (HIDS) is designed to detect hacker attacks on a single computer system. A Network Intrusion Detection System (NIDS) is designed to detect hacker attacks on an entire network. Violations policy, monitoring of all HTTP traffic and monitoring of all FTP traffic are examples of the types of information an NIDS is designed to monitor. ##QUESTION ID 50 ##QUESTION TEXT When should you install a software patch on a production server? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS immediately after the patch is released before the patch has been tested when the patch is in beta format (correct)after the patch has been tested ##EXPLANATION TEXT A patch should be installed on a server after the patch has been tested on a non production server and by the cumputing community. Apatch should not be installed immediately after it is released or when it is in beta format because a patch that is not thoroughly tested might cantian bugs that could be deployed before it has been tested on a test server ; patches should not be tested on a test server: patches should not be tested on production servers. ##QUESTION ID 51 ##QUESTION TEXT Which of the following is a systemthat provides a company with telephone extensions for employees ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS PAN (correct)PBX PCI POP ##EXPLANATION TEXT A Private Branch Exchange (PBX) provides a company with a connect to the public switched telephone network (PSTN) and provides extensions for employees. A PBX is a programmable telephone switch that is typically located on a company's premises. A PBX can usually be remotely adminstered. To protect a PBX from hacker attacks, remote PBX adminstration should require user names and paswords, and the telephone number used to remotely administer a PBX should be unlisted. A personal area network (PAN), which is sometimes referred to as a wireless PAN (WPAN), is a short-distance wireless network designed to support wireless devices, such as PDAs, PC with wireless adapters and wireless printers. Peripheral Component interconnect (PCI) is a computer bus architecture that enables system boards to accept PCI expansion cards. Post Office Protocol (POP) enables e-mail clients to retrive e-email message from e-mail servers . ##QUESTION ID 52 ##QUESTION TEXT You administer a network with a DMZ segment. There is only one server on the segment, and the server provides web pages transferred in clear text through SSL connections. There are no more servers on the DMZ segment. Which of the ports should you open on the internet side of the DMZ firewall? ##QUESTION TYPE - 4-basic, 5-basic, 4-multi, 5-multi, t-f 4-basic ##ANSWERS 20 21 110 (correct)443 ##EXPLANATION TEXT You should open ports 80 and 443 on the internet side of the demilitarized zone (DMZ) side of the firewall. Opening port 80 will allow clear text Hypertext Transfer Protocol (HTTP) traffic through the firewall, and opening port 443 will allow Secure Sockets Layers (SSL) traffic through the firewall. ALL other port traffic form outside the internal netwiord will be prevented from entering the DMZ. File Trans Protocol (FTP) provides services on port 20 and 21, Post Office Protocol (POP) uses port 110.