The Ultimate Fundamentals Of Networking Test!

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Terry519vx
T
Terry519vx
Community Contributor
Quizzes Created: 2 | Total Attempts: 1,883
| Attempts: 715
SettingsSettings
Please wait...
  • 1/102 Questions

    In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

    • Double Hashing
    • Keyed Hashing
    • Salting
    • Key Stretching
Please wait...
About This Quiz

The Ultimate Fundamentals of Networking Test assesses essential security concepts within network environments. It covers DMZ purposes, intrusion detection, password salting, vulnerability scanning, and risks of third-party scripts, catering to learners aiming to enhance their network security skills.

The Ultimate Fundamentals Of Networking Test! - Quiz

Quiz Preview

  • 2. 

    A hacker named Jack is trying to compromise a bank’s computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?

    • IDLE/IPID Scanning

    • Banner Grabbing

    • UDP Scanning

    • SSDP Scanning

    Correct Answer
    A. Banner Grabbing
    Explanation
    Banner grabbing is a process that would help the hacker named Jack to determine the operating system of the bank's computer system. By analyzing the banners, which are information sent by the operating system, Jack can identify the specific operating system being used. This knowledge will enable him to launch further attacks targeted towards the vulnerabilities of that operating system.

    Rate this question:

  • 3. 

    Log monitoring tools performing behavioral analysis have alerted to several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activity it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

    • NTP

    • PPP

    • TimeKeeper

    • OSPF

    Correct Answer
    A. NTP
    Explanation
    The correct answer is NTP. NTP (Network Time Protocol) is a protocol used on Linux servers to synchronize the time. In this scenario, the log monitoring tools have detected suspicious logins occurring during non-business hours. After further examination, it is discovered that the system time on the Linux server is wrong by more than twelve hours. This indicates that the NTP protocol, which is responsible for synchronizing the time on the server, has stopped working.

    Rate this question:

  • 4. 

    You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

    • Snort

    • Nmap

    • Cain & Able

    • Nessus

    Correct Answer
    A. Snort
    Explanation
    Snort would be the most likely tool to select because it is a versatile network security tool that can perform network intrusion prevention and intrusion detection. It can also function as a network sniffer, capturing and analyzing network traffic. Additionally, Snort has the capability to record network activity, making it a comprehensive tool for network security monitoring and analysis.

    Rate this question:

  • 5. 

    What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

    • Grey-box

    • White-box

    • Black-box

    • Announced

    Correct Answer
    A. Grey-box
    Explanation
    Grey-box analysis is performed when an attacker has partial knowledge of the inner-workings of the application. In this type of analysis, the attacker has some limited information about the system, such as access to the application's interface or documentation. This allows them to gain a deeper understanding of the application's behavior and vulnerabilities, which can be used to exploit and compromise the system. Grey-box analysis combines elements of both black-box (no knowledge) and white-box (full knowledge) analysis, making it a valuable technique for attackers seeking to exploit vulnerabilities in a targeted application.

    Rate this question:

  • 6. 

    Which of the following provides a security professional with most information about the system's security posture?

    • Social engineering, company site browsing, tailgating

    • Phishing, spamming, sending trojans

    • Port scanning, banner grabbing, service identification

    • Wardriving, warchalking, social engineering

    Correct Answer
    A. Port scanning, banner grabbing, service identification
    Explanation
    Port scanning, banner grabbing, and service identification provide a security professional with the most information about the system's security posture. Port scanning involves scanning a system's network ports to identify open ports and potential vulnerabilities. Banner grabbing involves collecting information from network services such as web servers to gather details about the system. Service identification involves determining the specific services running on a system, which can help identify potential vulnerabilities or misconfigurations. These techniques provide valuable information for assessing and improving the security of a system.

    Rate this question:

  • 7. 

    Which of the following is an adaptive SQL injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

    • Dynamic Testing

    • Function Testing

    • Fuzzing Testing

    • Static Testing

    Correct Answer
    A. Fuzzing Testing
    Explanation
    Fuzzing testing is an adaptive SQL injection testing technique that involves inputting large amounts of random data to identify coding errors. By observing the changes in the output, developers can discover vulnerabilities and potential security flaws in the system. This technique helps to simulate real-world scenarios and test the resilience of the system against unexpected inputs. Fuzzing testing is an effective method to identify and fix coding errors, ensuring the security and stability of the SQL application.

    Rate this question:

  • 8. 

    Darius just received a call: Unknown Caller: Hello, my name is Rashad and i'm security engineer from Microsoft Corporation. We have observed suspicious activity originating from your system and we would like to stop this threat. To do so I would ask you to install some updates on your system. Would you prefer to send me you link or an attachment within email? Darius:  Hello, please send me an email with the attachment at [email protected] Unknow Caller: Thank you for your cooperation i'm sending instruction and all files. What Darius just faced?

    • Just normal call from Microsoft Cyberdivision

    • Social Engineering Attack

    • Tailgating

    • Piggybacking

    Correct Answer
    A. Social Engineering Attack
    Explanation
    Darius just faced a social engineering attack. In this scenario, the caller claimed to be a security engineer from Microsoft Corporation and manipulated Darius into believing that there was suspicious activity on his system. The caller then requested Darius to install updates by either sending a link or an attachment within an email. This is a typical example of social engineering, where the attacker deceives the victim into taking actions that compromise their security.

    Rate this question:

  • 9. 

    The name for tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

    • Security Incident and Event Monitoring

    • Intrusion Prevention Server

    • Vulnerability Scanner

    • Network Sniffer

    Correct Answer
    A. Security Incident and Event Monitoring
    Explanation
    Security Incident and Event Monitoring (SIEM) tools are designed to receive event logs from various sources such as servers, network equipment, and applications. These tools analyze and correlate the logs to detect any security relevant issues. They can generate alarms or alerts when suspicious activities or potential security incidents are identified. SIEM tools play a crucial role in proactively monitoring and managing security events, allowing organizations to quickly respond to and mitigate potential threats.

    Rate this question:

  • 10. 

    Why is a penetration test considered to be more thorough than vulnerability scan?

    • A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.

    • Vulnerability scans only do host discovery and port scanning by default.

    • The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

    • It is not - a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.

    Correct Answer
    A. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
    Explanation
    A penetration test is considered to be more thorough than a vulnerability scan because it actively exploits vulnerabilities in the targeted infrastructure. This means that the penetration test goes beyond just identifying vulnerabilities, but also attempts to exploit them to assess the potential impact and consequences. On the other hand, a vulnerability scan typically only involves identifying vulnerabilities through host discovery and port scanning, without actively exploiting them. Additionally, penetration testing tools often have more comprehensive vulnerability databases, allowing for a more thorough assessment of the system's security.

    Rate this question:

  • 11. 

    Which command can be used to show current TCP/IP connections.

    • Netstat

    • Net use connection

    • Netsh

    • Net use

    Correct Answer
    A. Netstat
    Explanation
    Netstat is the correct answer because it is a command-line tool used to display active TCP/IP connections on a computer. It provides information about the local address, foreign address, state of the connection, and other details. By using the netstat command, users can monitor network connections, troubleshoot network issues, and identify any suspicious or unauthorized connections.

    Rate this question:

  • 12. 

    Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

    • System Hacking

    • Enumeration

    • Scanning

    • Footprinting

    Correct Answer
    A. Footprinting
    Explanation
    Peter is performing the hacking process known as "footprinting." Footprinting involves gathering information about a target system or organization through passive means, such as searching the internet for publicly available information. In this case, Peter is surfing the internet to gather information about DX Company, which falls under the footprinting process.

    Rate this question:

  • 13. 

    What is the purpose of a demilitarized zone on a network?

    • To only provide direct access to the nodes within the DMZ and protect the network behind it

    • To provide a place to put the honeypot

    • To scan all traffic coming through the DMZ to the internal network

    • To contain the network devices you wish to protect

    Correct Answer
    A. To only provide direct access to the nodes within the DMZ and protect the network behind it
    Explanation
    A demilitarized zone (DMZ) on a network serves the purpose of providing direct access to the nodes within the DMZ while also protecting the network behind it. It acts as a buffer zone between the internal network and the external network, allowing for controlled access to certain resources. By placing servers or services that need to be accessed by external entities in the DMZ, the internal network is shielded from potential threats. This setup ensures that any malicious activity originating from the DMZ does not directly impact the internal network, enhancing overall network security.

    Rate this question:

  • 14. 

    In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

    • Vulnerabilities in the application layer are greatly different from IPv4

    • Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addressed

    • Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.

    • Implementing IPv4 security in a dual-stack network offers protection from IPv6 atttacks too.

    Correct Answer
    A. Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.
    Explanation
    The major difference concerning application layer vulnerabilities in IPv6 compared to IPv4 is that vulnerabilities in the application layer are independent of the network layer. This means that the vulnerabilities and the techniques used to mitigate them are almost identical in both IPv6 and IPv4. This implies that the security measures built into IPv6 do not necessarily address application layer vulnerabilities, and implementing IPv4 security in a dual-stack network can also provide protection from IPv6 attacks.

    Rate this question:

  • 15. 

    Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company.  This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, president, or managers. The time a hacker spends performing research to locate this information about a company is known as?

    • Investigation

    • Exploration

    • Enumeration

    • Reconnassance

    Correct Answer
    A. Reconnassance
    Explanation
    The correct answer is "Reconnassance" because it refers to the process of gathering information about a target company or individual. In the context of the question, hackers spend time researching and gathering specific details about the target company, such as logos, formatting, and names of high-level executives, in order to create a phishing message that appears legitimate. This reconnaissance phase is crucial for hackers to increase the trust level of their phishing attempts and make them more convincing to the target.

    Rate this question:

  • 16. 

    Using spoofed IP address to generate port responses during a scan while using a SYN flag is a technique related to:

    • FIN

    • IDLE (side-channel)

    • SYN

    • XMAS

    Correct Answer
    A. IDLE (side-channel)
    Explanation
    The technique described in the question involves using spoofed IP addresses to generate port responses during a scan while using a SYN flag. This technique is not related to the FIN, SYN, or XMAS flags. Instead, it is related to the IDLE (side-channel) technique, which involves exploiting information leaked through side channels to gain unauthorized access or gather information about a system.

    Rate this question:

  • 17. 

    What is the process for allowing or blocking a specific port in the Windows firewall?  (For example, TCP port 22 inbound)

    • This is not possible without installing third-party software, since Windows only allows changing firewall settings for individual applications.

    • A rule matching these requirements can be created in "Windows Firewall with Advanced Security", located in the Control Panel.

    • The only way to implement a specific rule like this is to use the "netsh" program on the command-line.

    • The firewall rule must be added from within the application that is using that port.

    Correct Answer
    A. A rule matching these requirements can be created in "Windows Firewall with Advanced Security", located in the Control Panel.
    Explanation
    To allow or block a specific port in the Windows firewall, a rule can be created in "Windows Firewall with Advanced Security" which is located in the Control Panel. This rule can be configured to match the requirements of allowing or blocking a specific port, such as TCP port 22 inbound. By creating this rule, the Windows firewall can be customized to allow or block traffic on the specified port.

    Rate this question:

  • 18. 

    Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp's lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?

    • He already has admin privileges, as shown by the "501" at the end of the SID.

    • He needs to disable antivirus protection.

    • He needs to gain physical access.

    • He must perform privilege escalation.

    Correct Answer
    A. He must perform privilege escalation.
    Explanation
    Before Matthew has full administrator access, he must perform privilege escalation. Although he already has admin privileges, as indicated by the "501" at the end of the SID, this does not grant him full administrator access. Privilege escalation is the process of gaining higher levels of access or privileges than originally granted, allowing Matthew to have complete control and unrestricted access to the system.

    Rate this question:

  • 19. 

    A pen tester is configuring a windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

    • Winpsw

    • Winprom

    • Libpcap

    • Winpcap

    Correct Answer
    A. Winpcap
    Explanation
    To allow the NIC to work in promiscuous mode while setting up Wireshark on a Windows laptop, the required river and library are Winpcap. Winpcap is a packet capture library that enables applications to capture and transmit network packets. It provides low-level access to network interfaces and allows Wireshark to capture all network traffic on the network interface, including packets not addressed to the laptop itself.

    Rate this question:

  • 20. 

    PGP, SSL, and IKE are all examples of which type of cryptography?

    • Digest

    • Secret Key

    • Public Key

    • Hash Algorithm

    Correct Answer
    A. Public Key
    Explanation
    PGP, SSL, and IKE are all examples of public key cryptography. Public key cryptography uses a pair of keys, a public key and a private key, to encrypt and decrypt data. The public key is used to encrypt data, while the private key is kept secret and used to decrypt the data. PGP (Pretty Good Privacy), SSL (Secure Sockets Layer), and IKE (Internet Key Exchange) are all protocols that use public key cryptography to secure communications and authenticate parties involved.

    Rate this question:

  • 21. 

    What is the most important for a pentester before he can start any hacking activities:

    • Finding new exploits which can be used during the pentest

    • Ensuring that his activity will be authorized and he will have proper agreement with owners of targeted system

    • Creating action plan

    • Preparing a list of targeted systems

    Correct Answer
    A. Ensuring that his activity will be authorized and he will have proper agreement with owners of targeted system
    Explanation
    Before a pentester can start any hacking activities, it is crucial for them to ensure that their activity is authorized and that they have proper agreement with the owners of the targeted system. This is important for ethical and legal reasons. Unauthorized hacking can lead to legal consequences and damage relationships with clients. By obtaining proper authorization and agreement, the pentester can perform their activities within the boundaries defined by the system owners, ensuring a legal and ethical approach to the pentesting process.

    Rate this question:

  • 22. 

    These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hacker are we talking about?

    • Gray-Hat Hacker

    • Script Kiddies

    • White-Hat Hackers

    • Black-Hat Hackers

    Correct Answer
    A. Script Kiddies
    Explanation
    Script Kiddies are hackers who have limited or no training and only know how to use basic techniques or tools. They are typically inexperienced and rely on pre-written scripts or tools developed by others to carry out their hacking attempts. Unlike other types of hackers, Script Kiddies lack the technical knowledge and skills to create their own hacking tools or exploit vulnerabilities. They often engage in hacking activities for fun or to prove their skills, but their actions are generally considered to be more of a nuisance than a serious threat.

    Rate this question:

  • 23. 

    Which is the first step followed by Vulnerability Scanners for scanning a network?

    • Checking if the remote host is alive

    • TCP / UDP Port Scanning

    • Firewall detection

    • OS detection

    Correct Answer
    A. Checking if the remote host is alive
    Explanation
    Vulnerability scanners start by checking if the remote host is alive before proceeding with any other scans. This step is important because if the host is not active or accessible, further scanning will be pointless. By checking the host's availability, the vulnerability scanner ensures that it can establish a connection and communicate with the target system before continuing with more extensive network scanning activities.

    Rate this question:

  • 24. 

    A hacker gained access to database with logins and hashed passwords. To speed up cracking these passwords the best method would be:

    • Collision

    • Rainbow tables

    • Brute force

    • Decryption

    Correct Answer
    A. Rainbow tables
    Explanation
    Rainbow tables are precomputed tables that contain a large number of possible passwords and their corresponding hash values. By using rainbow tables, the hacker can quickly look up the hashed passwords from the stolen database and find their corresponding plaintext passwords without having to perform time-consuming calculations. This method is much faster than brute force, which involves systematically trying every possible password combination, or decryption, which requires breaking the encryption algorithm. Collision does not apply in this scenario as it refers to two different inputs producing the same hash output.

    Rate this question:

  • 25. 

    The following is a part of a log file taken from the machine on the network with the IP address of 192.168.0.110: Time:June 16 17:30:15 Port:20 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:17 Port:21 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:19 Port:22 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:21 Port:23 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:22 Port:25 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP Time:June 16 17:30:23 Port:80 Source:192.168.0.105 Destination:192.168.0.110 Protocol:TCP What type of activity has been logged?

    • Denial-of-Service attack targeting 192.168.0.105

    • Teardrop attack targeting 192.168.0.110

    • Port scan targeting 192.168.0.110

    • Port scan targeting 192.168.0.105

    Correct Answer
    A. Port scan targeting 192.168.0.110
    Explanation
    The log file shows a series of connections being made to different ports on the IP address 192.168.0.110. This indicates a port scan, which is an activity where an attacker systematically scans a target IP address for open ports. In this case, the source IP address is 192.168.0.105, suggesting that it is the one performing the port scan. Therefore, the correct answer is "Port scan targeting 192.168.0.110."

    Rate this question:

  • 26. 

    Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

    • Msfencode

    • Msfpayload

    • Msfcli

    • Msfd

    Correct Answer
    A. Msfencode
    Explanation
    Msfencode is a Metasploit Framework tool that can help penetration testers evade anti-virus systems. It is used to encode payloads, making them undetectable by anti-virus software. By encoding the payload, it changes the signature of the file, bypassing the anti-virus detection and allowing the penetration tester to deliver the payload without being detected. This tool is commonly used in penetration testing to assess the effectiveness of an organization's anti-virus defenses.

    Rate this question:

  • 27. 

    Max saw a guy (Mario) who looked like a janitor who was holding a lot of boxes. Max held the door open for Mario. Mario was able to access the company without identification. What kind of attack is this?

    • None of them

    • Session Hijacking

    • Phishing

    • Tailgating

    Correct Answer
    A. Tailgating
    Explanation
    Tailgating is the correct answer for this question. Tailgating refers to the act of unauthorized individuals following authorized personnel into a secure area by closely following them through a controlled access point, such as a door. In this scenario, Max held the door open for Mario, who appeared to be a janitor holding a lot of boxes. Mario was able to access the company without identification, indicating that he gained entry by taking advantage of Max's presence and not through proper authentication.

    Rate this question:

  • 28. 

    A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

    • Exclamation mark

    • Semicolon

    • Double quote

    • Single quote

    Correct Answer
    A. Single quote
    Explanation
    The tester should use a single quote as the first character to attempt breaking a valid SQL request. This is because SQL injection involves inserting malicious SQL code into input fields, and using a single quote can help the tester determine if the application is vulnerable to such attacks. By inputting a single quote, the tester can check if the application's response indicates a potential vulnerability, such as displaying error messages or returning unexpected results.

    Rate this question:

  • 29. 

    An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL's _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

    • Relational, Hierarchical

    • Strict, Abstract

    • Simple, Complex

    • Hierarchical, Relational

    Correct Answer
    A. Hierarchical, Relational
    Explanation
    LDAP uses a hierarchical database structure instead of SQL's relational structure. In a hierarchical structure, data is organized in a tree-like format with parent-child relationships, where each entry can have multiple children but only one parent. This makes it suitable for representing one-to-many relationships. On the other hand, SQL databases use a relational structure where data is organized in tables with rows and columns, allowing for many-to-one relationships. Therefore, LDAP has difficulty representing many-to-one relationships due to its hierarchical database structure.

    Rate this question:

  • 30. 

    Which of the following DoS tools is used to attack targets web applications by starvation of available sessions on the web server? The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

    • MyDoom

    • LOIC

    • R-U-Dead-Yet? (RUDY)

    • Stacheldraht

    Correct Answer
    A. R-U-Dead-Yet? (RUDY)
    Explanation
    R-U-Dead-Yet? (RUDY) is the correct answer because it is a Denial of Service (DoS) tool specifically designed to target web applications by starving the available sessions on the web server. It achieves this by keeping sessions at a halt using never-ending POST transmissions and sending an arbitrarily large content-length header value. This overwhelms the server and prevents it from serving legitimate user requests, effectively causing a denial of service.

    Rate this question:

  • 31. 

    Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, Network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy.What is the main theme of the sub-policies for Information Technologies?

    • Confidentiality, Integrity, Availability

    • Authenticity, Integrity, Non-repudiation

    • Authenticity, Confidentiality, Integrity

    • Availability, Nonrepudiation, Confidentiality

    Correct Answer
    A. Confidentiality, Integrity, Availability
    Explanation
    The main theme of the sub-policies for Information Technologies is Confidentiality, Integrity, and Availability. These three principles are fundamental in ensuring the security of a system, organization, or entity. Confidentiality ensures that sensitive information is protected from unauthorized access. Integrity ensures that data remains accurate, complete, and unaltered. Availability ensures that the system or information is accessible and usable when needed. By focusing on these three aspects, the sub-policies aim to establish a secure environment for information technologies.

    Rate this question:

  • 32. 

    Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

    • Union-based SQL injection

    • Blind SQL injection

    • Error-based SQL injection

    • NoSQL injeciton

    Correct Answer
    A. Blind SQL injection
    Explanation
    Blind SQL injection is the most likely type of SQL injection that Elliot is performing. Blind SQL injection is a technique where an attacker injects malicious SQL code into a vulnerable application, but unlike other types of SQL injection, the application does not display any error messages or visible results that would indicate the success of the injection. Instead, the attacker uses conditional timing delays, such as introducing a sleep function, to indirectly determine whether the injected queries are successful or not. This allows the attacker to gather information or exploit the application without leaving any visible traces.

    Rate this question:

  • 33. 

    Jim's company regularly performs backups of their critical servers. But the company can't afford to send backup tapes to an off-site vendor for long term storage and archiving. Instead Jim's company keeps the backup tapes in a safe in the office. Jim's company is audited each year, and the results from this year's audit show a risk because backup tapes aren't stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

    • Degauss the backup tapes and transport them in a lock box.

    • Encrypt the backup tapes and use a courier to transport them.

    • Encrypt the backup tapes and transport them in a lock box.

    • Hash the backup tapes and transport them in a lock box.

    Correct Answer
    A. Encrypt the backup tapes and transport them in a lock box.
    Explanation
    The correct answer is to encrypt the backup tapes and transport them in a lock box. Encrypting the backup tapes ensures that even if they are lost or stolen during transit, the data on them cannot be accessed without the encryption key. Transporting them in a lock box adds an additional layer of physical security, preventing unauthorized access to the tapes. This combination of encryption and physical security helps to protect the sensitive data on the backup tapes while they are in transit.

    Rate this question:

  • 34. 

    The name for tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

    • Network Sniffer

    • Intrusion Prevention Server

    • Vulnerability Scanner

    • Security Incident and Event Monitoring

    Correct Answer
    A. Security Incident and Event Monitoring
    Explanation
    Security Incident and Event Monitoring (SIEM) is the correct answer because it accurately describes the tools that receive event logs from servers, network equipment, and applications, analyze and correlate those logs, and generate alarms for security relevant issues. Network Sniffer is incorrect because it refers to a tool used to capture and analyze network traffic. Intrusion Prevention Server is incorrect because it refers to a system that actively prevents and blocks intrusion attempts. Vulnerability Scanner is incorrect because it refers to a tool used to identify security vulnerabilities in systems.

    Rate this question:

  • 35. 

    You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP.After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.What kind of attack does the above scenario depict?

    • Advanced Persistent Threats

    • Rootkit Attack

    • Botnet Attack

    • Spear Phishing Attack

    Correct Answer
    A. Botnet Attack
    Explanation
    The given scenario depicts a Botnet Attack. A botnet is a network of compromised devices that are controlled by a single entity, known as the botmaster. In this case, the internal IP addresses owned by the company are communicating with a blacklisted public IP, indicating that these internal devices have been compromised and are being used as part of a botnet. The attacker is using these compromised devices to carry out malicious activities, such as sending spam emails, launching DDoS attacks, or spreading malware.

    Rate this question:

  • 36. 

    To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

    • If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

    • If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

    • If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit

    • If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit

    Correct Answer
    A. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
    Explanation
    The correct answer is "if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit". This rule specifically allows traffic from workstations in network 10.10.10.0/24 to reach the bank web site 10.20.20.1 using the secure https protocol on port 443. It ensures that only traffic meeting all three conditions (source IP, destination IP, and port) will be permitted through the firewall, effectively restricting access to only the desired destination.

    Rate this question:

  • 37. 

    Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it's true positive or false positive. Looking at the logs he copy and paste basic details like below: source IP: 192.168.21.100 source port: 80 destination IP: 192.168.10.23 destination port: 63221 What is the most proper answer: 

    • This is most probably true positive which triggered on secure communication between client and server.

    • This is most probably false-positive because IDS is monitoring one direction traffic.

    • This is most probably false-positive, because an alert triggered on reversed traffic.

    • This is probably true negative.

    Correct Answer
    A. This is most probably false-positive, because an alert triggered on reversed traffic.
    Explanation
    The given answer suggests that the alert triggered on reversed traffic, indicating that the source and destination IP addresses and ports are opposite to what is expected in a normal communication flow. This suggests that the IDS may have detected a suspicious or abnormal behavior, leading to a false positive alert.

    Rate this question:

  • 38. 

    What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

    • Asymmetric cryptography is computationally expensive in comparison. However, it's well-suited to securely negotiate keys for use with symmetric cryptography.

    • Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

    • Symmetric encryption allows the server to securely transmit the session keys out-of-band.

    • Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

    Correct Answer
    A. Asymmetric cryptography is computationally expensive in comparison. However, it's well-suited to securely negotiate keys for use with symmetric cryptography.
    Explanation
    Supporting both types of algorithms allows for a more efficient and secure SSL/TLS connection. Asymmetric cryptography, although computationally expensive, is used to securely negotiate keys for symmetric cryptography. This means that the asymmetric algorithm is used to securely exchange a shared secret key, which is then used by the symmetric algorithm to encrypt and decrypt the actual data being transmitted. By combining both types of cryptography, the advantages of efficient symmetric encryption and secure key exchange through asymmetric encryption can be achieved. Additionally, supporting symmetric encryption allows for compatibility with less-powerful devices such as mobile phones.

    Rate this question:

  • 39. 

    Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in Javascript and can track the customers’ activity on the site. These tools are located on the servers of the marketing company. What is the main security risk associated with this scenario?

    • External scripts increase the outbound company data traffic which leads to greater financial losses

    • External scripts have direct access to the company servers and can steal the data from there

    • External script contents could be maliciously modified without the security team knowledge

    • There is no risk at all as the marketing services are trustworthy

    Correct Answer
    A. External script contents could be maliciously modified without the security team knowledge
    Explanation
    The main security risk associated with this scenario is that the external script contents could be maliciously modified without the security team's knowledge. Since the marketing tools are located on the servers of the marketing company, the web-site developers have no control over the scripts. This leaves the possibility for attackers to modify the scripts and inject malicious code, potentially leading to data breaches or other security vulnerabilities. The security team's monthly reviews may not be sufficient to detect such modifications, making it a significant risk.

    Rate this question:

  • 40. 

    Which of the following techniques are NOT relevant in preventing arp spoof attack?

    • Kernel based patches

    • Static MAC Entries

    • Arpwatch

    • Secure ARP Protocol

    Correct Answer
    A. Kernel based patches
    Explanation
    Kernel based patches are not relevant in preventing ARP spoof attacks because they are not specifically designed to address this type of attack. Kernel based patches typically focus on fixing vulnerabilities and improving the performance of the operating system's kernel, but they do not directly deal with preventing ARP spoofing. Other techniques mentioned, such as static MAC entries, arpwatch, and secure ARP protocol, are more relevant in preventing ARP spoof attacks.

    Rate this question:

  • 41. 

    The I.T. Helpdesk at XYZ Company has begun receiving several phone calls from concerned staff regarding a suspicious email they have received.  One employee has forwarded a copy of the suspicous email to you for further investigation. Your manager is asking for immediate information to determine if this is a phishing attack. The email message looks like this: From: [email protected] To: [email protected] Date: 4/10/17 2:35pm Subject:New corporate HR sign up today! Priority: High You want to quickly determine who sent this email message so you look at the envelope headers and see this information: Received from unknown (209.85.213.50) by mail.xyzcompany.com id 2BqvU15YHBK; 10 Apr 2017 14:33:50 You perform a DNS query to determine more information about 209.85.213.50 but no record is found. What web site will allow you to quickly find out more information about 209.85.213.50 including the owner of the IP address?

    • Http://www.tucowsdomains.com/whois

    • Https://whois.arin.net

    • Https://www.networksolutions.com/whois

    • Https://www.godaddy.com/whois

    Correct Answer
    A. Https://whois.arin.net
    Explanation
    The correct answer is https://whois.arin.net. This website is a reliable source for performing a WHOIS query to find information about IP addresses. By entering 209.85.213.50 into the search field, you can quickly obtain details about the owner of the IP address, which will help in determining if the email is part of a phishing attack or not.

    Rate this question:

  • 42. 

    What is the process for allowing or blocking a specific port in the Windows firewall?  (For example, TCP port 22 inbound)

    • The firewall rule must be added from within the application that is using that port.

    • This is not possible without installing third-party software, since Windows only allows changing firewall settings for individual applications.

    • The only way to implement a specific rule like this is to use the "netsh" program on the command-line.

    • A rule matching these requirements can be created in "Windows Firewall with Advanced Security", located in the Control Panel.

    Correct Answer
    A. A rule matching these requirements can be created in "Windows Firewall with Advanced Security", located in the Control Panel.
    Explanation
    To allow or block a specific port in the Windows firewall, a rule that matches the requirements can be created in "Windows Firewall with Advanced Security", which is located in the Control Panel. This means that it is possible to configure the firewall settings directly within Windows without the need for third-party software. The "netsh" program on the command-line can also be used to implement specific rules, but the correct answer focuses on the option available in the Control Panel.

    Rate this question:

  • 43. 

    What is the difference between the AES and RSA algorithms?

    • Both are asymmetric algorithms, but RSA uses 1024-bit keys

    • Both are symmetric algorithms, but AES uses 256-bit

    • RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data

    • AES is asymmetric, which is used to create a public/private key pair; RSA is symmetric, which is used to encrypt data

    Correct Answer
    A. RSA is asymmetric, which is used to create a public/private key pair; AES is symmetric, which is used to encrypt data
    Explanation
    The explanation for the given correct answer is that RSA is an asymmetric algorithm, meaning it uses a public/private key pair for encryption and decryption. On the other hand, AES is a symmetric algorithm, meaning it uses the same key for both encryption and decryption. Therefore, RSA is used for key generation and encryption/decryption of small amounts of data, while AES is used for encrypting and decrypting larger amounts of data.

    Rate this question:

  • 44. 

    During a Xmas scan what indicates a port is closed?

    • No return response

    • RST

    • ACK

    • SYN

    Correct Answer
    A. RST
    Explanation
    During a Xmas scan, a closed port is indicated by receiving a RST (Reset) response. This means that the scanned port is not open and the system is actively rejecting the connection attempt.

    Rate this question:

  • 45. 

    Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn't log out from emails or other social media accounts, and etc. After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons. Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

    • Information security awareness training

    • Warning to those who write password on a post it note and put it on his/her desk

    • Conducting a one to one discussion with the other employees about the importance of information security

    • Developing a strict information security policy

    Correct Answer
    A. Information security awareness training
    Explanation
    Vlady should conduct information security awareness training as the first step to make employees understand the importance of keeping confidential information a secret. This training will educate employees about the risks associated with sharing passwords and writing them on post-it notes, leaving computers unlocked, and not logging out from accounts. By providing this training, Vlady can raise awareness among employees about the significance of information security and help them understand the potential consequences of their actions. This will ultimately contribute to creating a more secure environment within the company.

    Rate this question:

  • 46. 

    Developers at your company are creating a web application which will be available for use by anyone on the Internet. The developers have taken the approach of implementing a Three-Tier Architecture for the web application. The developers are now asking you which network should the Presentation Tier (front-end web server) be placed in?

    • Internal network

    • DMZ network

    • Isolated vlan network

    • Mesh network

    Correct Answer
    A. DMZ network
    Explanation
    The Presentation Tier (front-end web server) should be placed in the DMZ network. The DMZ (Demilitarized Zone) network is a neutral zone between the internal network and the external network (Internet). It acts as a buffer zone, providing an additional layer of security by isolating the publicly accessible services from the internal network. Placing the front-end web server in the DMZ network allows external users to access the web application while keeping the internal network protected from potential security threats.

    Rate this question:

  • 47. 

    CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this: From: [email protected] To: [email protected] Subject:  Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message.  This proves that CompanyXYZ's email gateway doesn't prevent what?

    • Email Spoofing

    • Email Masquerading

    • Email Harvesting

    • Email Phishing

    Correct Answer
    A. Email Spoofing
    Explanation
    The fact that the employee of CompanyXYZ receives the specially formatted email message sent by the person assessing the security of the perimeter email gateway suggests that CompanyXYZ's email gateway does not prevent email spoofing. Email spoofing is a technique used by attackers to forge the header information of an email, making it appear as if it came from a different sender. In this case, the sender's email address ([email protected]) could have been easily manipulated or forged, allowing the email to pass through the gateway without detection.

    Rate this question:

  • 48. 

    You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

    • Nmap -sT -O -T0

    • Nmap -sP -p-65535 -T5

    • Nmap -A -Pn

    • Nmap -A —host-timeout 99 -T1

    Correct Answer
    A. Nmap -sT -O -T0
    Explanation
    The command "nmap -sT -O -T0" would result in a scan of common ports with the least amount of noise in order to evade IDS. The "-sT" flag specifies a TCP connect scan, which is less likely to be detected by IDS compared to other scan types. The "-O" flag enables OS detection, which can provide additional information about the target system without generating additional noise. The "-T0" flag sets the timing template to the slowest possible value, reducing the likelihood of detection by IDS.

    Rate this question:

  • 49. 

    Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics:- Verifies success or failure of an attack- Monitors System Activities- Detects attacks that a network based IDS fail to detect- Near real time detection and response- Does not require additional hardware- Lower entry cost Which type of IDS is best suited for Tremp's requirements?

    • Network based IDS

    • Gateway based IDS

    • Host based IDS

    • Open source based IDS

    Correct Answer
    A. Host based IDS
    Explanation
    A host-based IDS is best suited for Tremp's requirements because it verifies the success or failure of an attack, monitors system activities, and detects attacks that a network-based IDS may fail to detect. Additionally, a host-based IDS provides near real-time detection and response, does not require additional hardware, and has a lower entry cost compared to other types of IDSs.

    Rate this question:

Quiz Review Timeline (Updated): Mar 22, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Sep 19, 2018
    Quiz Created by
    Terry519vx

Recent Quizzes

Computer Networks and Security Exams Prep Test Computer Networks and Security Exams Prep Test
BCA 6th Sem internal exam Network Security BCA 6th Sem internal exam Network Security
Network Technologies and Tools Quiz! Network Technologies and Tools Quiz!
Network Security Exam MCQ Quiz! Network Security Exam MCQ Quiz!
Important Trivia Questions On Network Security! Important Trivia Questions On Network Security!
DFN5033 Network Security Test Dis 2017 DFN5033 Network Security Test Dis 2017
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.