Certified Network Defender Certification Test! Trivia Questions Quiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Cfernandez212
C
Cfernandez212
Community Contributor
Quizzes Created: 1 | Total Attempts: 2,504
Questions: 127 | Attempts: 2,504

SettingsSettingsSettings
Certified Network Defender Certification Test! Trivia Questions Quiz - Quiz

Below is a Certified Network Defender Certification Test! it is designed for those about to sit for the certification exam as it helps them review all the things they have learnt in class so far, are you feeling up to the task or want to see how much work you need to input into your revision, how about you take up the quiz!


Questions and Answers
  • 1. 

    Management decides to implement a risk management system to reduce and maintain the organization’s risk at an acceptable level. Which of the following is the correct order in the risk management phase?

    • A.

      Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review

    • B.

      Risk Treatment, Risk Monitoring & Review, Risk Identification, Risk Assessment

    • C.

      Risk Assessment, Risk Treatment, Risk Monitoring & Review, Risk Identification

    • D.

      Risk Identification, Risk Assessment, Risk Monitoring & Review, Risk Treatment

    Correct Answer
    A. Risk Identification, Risk Assessment, Risk Treatment, Risk Monitoring & Review
    Explanation
    The correct order in the risk management phase is as follows: first, the organization needs to identify the risks it faces. Then, it should assess the identified risks to determine their potential impact and likelihood. After that, the organization can proceed with treating the identified risks by implementing appropriate strategies to mitigate or transfer the risks. Finally, the organization should continuously monitor and review the effectiveness of the risk management system to ensure that it remains relevant and effective in reducing and maintaining the organization's risk at an acceptable level.

    Rate this question:

  • 2. 

    John has implemented _________ in the network to restrict the limit of public IP addresses in his organization and to enhance the firewall filtering technique.

    • A.

      DMZ

    • B.

      Proxies

    • C.

      VPN

    • D.

      NAT

    Correct Answer
    D. NAT
    Explanation
    John has implemented NAT (Network Address Translation) in the network to restrict the limit of public IP addresses in his organization and to enhance the firewall filtering technique. NAT allows the organization to use private IP addresses internally and translate them to a single public IP address when communicating with external networks. This helps conserve public IP addresses and adds an extra layer of security by hiding the internal IP addresses from external sources.

    Rate this question:

  • 3. 

    What command is used to terminate certain processes in an Ubuntu system?

    • A.

      #grep Kill [Target Process}

    • B.

      #kill -9 [PID]

    • C.

      #ps ax Kill

    • D.

      # netstat Kill [Target Process]

    Correct Answer
    C. #ps ax Kill
  • 4. 

    Consider a scenario consisting of a tree network. The root Node N is connected to two man nodes N1 and N2. N1 is connected to N11 and N12. N2 is connected to N21 and N22. What will happen if any one of the main nodes fail?

    • A.

      Failure of the main node affects all other child nodes at the same level irrespective of the main node.

    • B.

      Does not cause any disturbance to the child nodes or its tranmission

    • C.

      Failure of the main node will affect all related child nodes connected to the main node

    • D.

      Affects the root node only

    Correct Answer
    C. Failure of the main node will affect all related child nodes connected to the main node
    Explanation
    If any one of the main nodes in the tree network fails, it will affect all related child nodes connected to that main node. This means that if N1 or N2 fails, it will also affect N11, N12, N21, and N22. The failure of the main node will disrupt the communication and transmission between the root node and its child nodes connected to that main node.

    Rate this question:

  • 5. 

    Stephanie is currently setting up email security so all company data is secured when passed through email. Stephanie first sets up encryption to make sure that a specific user's email is protected. Next, she needs to ensure that the incoming and the outgoing mail has not been modified or altered using digital signatures. What is Stephanie working on?

    • A.

      Confidentiality 

    • B.

      Availability

    • C.

      Data Integrity

    • D.

      Usability 

    Correct Answer
    C. Data Integrity
    Explanation
    Stephanie is working on ensuring the integrity of the data that is passed through email. This means she wants to make sure that the incoming and outgoing mail has not been modified or altered during transmission. By setting up digital signatures, Stephanie can verify the authenticity and integrity of the email content, ensuring that it has not been tampered with. This is important for maintaining the trustworthiness and reliability of the company's data.

    Rate this question:

  • 6. 

    An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

    • A.

      Install a CCTV with cameras pointing to the entrance doors and the street

    • B.

      Use fences in the entrance doors

    • C.

      Use lights in all the entrance doors and along the company's perimeter

    • D.

      Use an IDS in the entrance doors and install some of them near the corners

    Correct Answer
    A. Install a CCTV with cameras pointing to the entrance doors and the street
    Explanation
    Installing a CCTV with cameras pointing to the entrance doors and the street is the best option to monitor the physical perimeter and entrance doors 24 hours. This option allows for continuous surveillance and provides visual evidence in case of any security incidents. It also covers both the entrance doors and the street, ensuring comprehensive monitoring of the surroundings. Using fences or lights may provide some level of security, but they do not offer the same level of monitoring and evidence collection as a CCTV system. Installing an IDS near the corners may help detect intrusions, but it does not provide visual surveillance of the entire area.

    Rate this question:

  • 7. 

    Eric is receiving complaints from employees that their systems are very slow and experiencing odd issues including restarting automatically and frequent system hangs. Upon investigating, he is convinced the systems are infected with a virus that forces systems to shut down automatically after period of time. What type of security incident are the employees a victim of?

    • A.

      Scans and probes

    • B.

      Malicious Code

    • C.

      Denial of service

    • D.

      Distributed denial of service

    Correct Answer
    B. Malicious Code
    Explanation
    The employees are victims of a malicious code security incident. This is indicated by the symptoms described, such as slow systems, automatic restarts, and frequent system hangs, which are all common effects of malware infections. The fact that the virus is forcing the systems to shut down automatically after a period of time further supports the conclusion that this is a malicious code incident.

    Rate this question:

  • 8. 

    ------------ is a group of broadband wireless communications standards for Metropolitan Area Networks (MANs)

    • A.

      802.15.4

    • B.

      802.15

    • C.

      802.12

    • D.

      802.16

    Correct Answer
    D. 802.16
    Explanation
    802.16 is the correct answer because it is a group of broadband wireless communications standards specifically designed for Metropolitan Area Networks (MANs). This standard provides high-speed internet access and supports a wide range of applications such as voice over IP, video streaming, and data transfer. It operates in the frequency range of 10-66 GHz and offers a larger coverage area compared to other standards like 802.15.4 or 802.15, which are more suitable for short-range wireless communication. Similarly, 802.12 is not relevant as it is a standard for demand priority access method for Ethernet networks.

    Rate this question:

  • 9. 

    The network admin decides to assign a class B IP address to a host in the network. Identify which of the following addresses fall within a class B IP address range.

    • A.

      255.255.255.0

    • B.

      18.12.4.1

    • C.

      172.168.12.4

    • D.

      169.254.254.254

    Correct Answer
    C. 172.168.12.4
    Explanation
    The given IP address 172.168.12.4 falls within the class B IP address range. In class B, the first two octets represent the network portion and the last two octets represent the host portion. The range of class B IP addresses is from 128.0.0.0 to 191.255.255.255. Therefore, the IP address 172.168.12.4 is within this range and is a valid class B IP address.

    Rate this question:

  • 10. 

    Rick has implemented several firewalls and IDS systems across his enterprise network. What should he do to effectively correlate all incidents that pass through these security controls?

    • A.

      Use firewalls in Network Address Transition (NAT) mode

    • B.

      Implement IPsec

    • C.

      Implement Simple Network Management Protocol (SNMP)

    • D.

      Use Network Time Protocol (NTP)

    Correct Answer
    D. Use Network Time Protocol (NTP)
    Explanation
    To effectively correlate all incidents that pass through the firewalls and IDS systems, Rick should use Network Time Protocol (NTP). NTP is a protocol used to synchronize the clocks of network devices, ensuring accurate timekeeping. By synchronizing the clocks on all the security controls, Rick can accurately correlate the incidents based on the timestamps. This will help him identify patterns, detect any coordinated attacks, and analyze the sequence of events across the network. Using NTP will provide a consistent and reliable time reference for incident correlation.

    Rate this question:

  • 11. 

    Management asked their network administrator to suggest an appropriate backup medium for their backup plan that best suits their organization's need. Which of the following factors will the administrator consider when deciding on the appropriate backup medium?

    • A.

      Capability

    • B.

      Accountability

    • C.

      Extensibility 

    • D.

      Reliability 

    Correct Answer(s)
    A. Capability
    C. Extensibility 
    D. Reliability 
    Explanation
    The network administrator will consider capability, extensibility, and reliability when deciding on the appropriate backup medium for the organization's needs. Capability refers to the ability of the backup medium to effectively store and restore data. Extensibility refers to the scalability of the backup medium, allowing it to accommodate future growth and increasing data storage requirements. Reliability is crucial as it ensures that the backup medium can consistently and accurately backup and restore data without errors or failures.

    Rate this question:

  • 12. 

    Which of the following network monitoring techniques requires extra monitoring software or hardware?

    • A.

      Non-router based

    • B.

      Switch based 

    • C.

      Hub based 

    • D.

      Router based

    Correct Answer
    A. Non-router based
    Explanation
    Non-router based network monitoring techniques require extra monitoring software or hardware because routers are already equipped with built-in monitoring capabilities. Non-router based techniques, such as using a separate monitoring device or software, are necessary to monitor network traffic, analyze data, and identify any issues or anomalies in the network. This additional software or hardware is required to capture and analyze network packets, monitor bandwidth usage, and detect any security threats or performance issues.

    Rate this question:

  • 13. 

    Steven's company has recently grown from 5 employees to over 50. Every workstation has a public IP address and navigated to the Internet with little to no protection. Steven wants to use a firewall. He also wants IP addresses to be private addresses, to prevent public Internet devices direct access to them. What should Steven implement on the firewall to ensure this happens?

    • A.

      Steven should use a Demilitarized Zone (DMZ)

    • B.

      Steven should use Open Shortest Path First (OSPF)

    • C.

      Steven should use IPsec

    • D.

      Steven should enabled Network Address Translation(NAT)

    Correct Answer
    D. Steven should enabled Network Address Translation(NAT)
    Explanation
    Steven should enable Network Address Translation (NAT) on the firewall to ensure that the IP addresses used within the company are private addresses and not accessible directly from public Internet devices. NAT allows the firewall to translate the public IP addresses of the workstations to private IP addresses when communicating with the Internet, providing an additional layer of security by hiding the internal network structure from external sources.

    Rate this question:

  • 14. 

    What is the name of the authority that verifies the certificate authority in digital certificates?

    • A.

      Directory management system

    • B.

      Certificate authority 

    • C.

      Registration authority 

    • D.

      Certificate Management system

    Correct Answer
    D. Certificate Management system
    Explanation
    The Certificate Management system is responsible for verifying the certificate authority in digital certificates. This system ensures that the certificate authority is trustworthy and meets the necessary security standards. It manages the entire lifecycle of digital certificates, including issuing, revoking, and renewing certificates. The Certificate Management system plays a crucial role in maintaining the integrity and authenticity of digital certificates.

    Rate this question:

  • 15. 

    Will is working as a Network Administrator. Management wants to maintain a backup of all the company data as soon as it starts operations. They decided to use a RAID backup storage technology for their data backup plan. To implement the RAID data backup storage, Will sets up a pair of RAID disks so that all the data written to one disk is copied automatically to the other disk as well. This maintains an additional copy of the data. Which RAID level is used here?

    • A.

      RAID 3

    • B.

      RAID 1

    • C.

      RAID 5

    • D.

      RAID 0

    Correct Answer
    B. RAID 1
    Explanation
    In this scenario, Will sets up a pair of RAID disks where all the data written to one disk is automatically copied to the other disk. This configuration is known as RAID 1, also known as disk mirroring. RAID 1 provides redundancy by maintaining an additional copy of the data on a separate disk, ensuring data availability in case of disk failure.

    Rate this question:

  • 16. 

    You are monitoring your network traffic with the Wireshark utility and noticed that your network is experiencing a large amount of traffic from a certain region. You suspect a DoS incident on the network. What will be your first reaction as a first responder?

    • A.

      Avoid Fear, Uncertainty and Doubt

    • B.

      Communicate the incident 

    • C.

      Make an initial assessment 

    • D.

      Disable Virus Protection

    Correct Answer
    A. Avoid Fear, Uncertainty and Doubt
    Explanation
    As a first responder, your first reaction should be to avoid fear, uncertainty, and doubt. This means staying calm and composed in order to effectively handle the situation. By avoiding fear, uncertainty, and doubt, you can maintain a clear mindset and make rational decisions. This will help you respond to the DoS incident in a focused and efficient manner, rather than getting overwhelmed or making hasty decisions. Communication, making an initial assessment, and disabling virus protection may be important steps to take, but they should be done after avoiding fear, uncertainty, and doubt.

    Rate this question:

  • 17. 

    If a network is at risk from unskilled individuals, what type of threat is this?

    • A.

      External Threats

    • B.

      Structured Threats

    • C.

      Unstructured Threats

    • D.

      Internal Threats

    Correct Answer
    C. Unstructured Threats
    Explanation
    Unstructured threats refer to threats posed by unskilled individuals who may not have specific knowledge or expertise in hacking or attacking computer networks. These individuals may engage in activities that can unintentionally or unknowingly compromise the security of a network, such as clicking on malicious links or downloading infected files. Therefore, if a network is at risk from unskilled individuals, it can be categorized as an unstructured threat.

    Rate this question:

  • 18. 

    According to the company’s security policy, all access to any network resources must use Windows Active Directory Authentication. A Linux server was recently installed to run virtual servers and it is not using Windows Authentication. What needs to happen to force this server to use Windows Authentication?

    • A.

      Edit the ADLIN file.

    • B.

      Edit the shadow file.

    • C.

      Remove the /var/bin/localauth.conf file.

    • D.

      Edit the PAM file to enforce Windows Authentication

    Correct Answer
    D. Edit the PAM file to enforce Windows Authentication
    Explanation
    To force the Linux server to use Windows Authentication, the PAM (Pluggable Authentication Modules) file needs to be edited. PAM is a system that provides a flexible and modular framework for authentication in Linux systems. By editing the PAM file, the necessary configuration can be made to enforce Windows Authentication, aligning with the company's security policy.

    Rate this question:

  • 19. 

    Kelly is taking backups of the organization’s data. Currently, he is taking backups of only those files which are created or modified after the last backup. What type of backup is Kelly using?

    • A.

      Full backup

    • B.

      Incremental backup

    • C.

      Differential Backup

    • D.

      Normal Backup

    Correct Answer
    B. Incremental backup
    Explanation
    Kelly is using an incremental backup. This type of backup only includes files that have been created or modified since the last backup. It does not include all files in the organization's data, like a full backup would. Incremental backups are efficient because they only backup changes made since the previous backup, reducing the time and storage required for the backup process.

    Rate this question:

  • 20. 

    John is a network administrator and is monitoring his network traffic with the help of Wireshark. He suspects that someone from outside is making a TCP OS fingerprinting attempt on his organization's network. Which of the following Wireshark filter(s) will he use to locate the TCP OS fingerprinting attempt?

    • A.

      Tcp.flags==0x2b

    • B.

      Tcp.flags=0x00

    • C.

      Tcp.options.mss_val<1460

    • D.

      Tcp.options.wscale_val==20

    Correct Answer(s)
    A. Tcp.flags==0x2b
    B. Tcp.flags=0x00
    C. Tcp.options.mss_val<1460
    Explanation
    John will use the Wireshark filters "tcp.flags==0x2b", "tcp.flags=0x00", and "tcp.options.mss_val

    Rate this question:

  • 21. 

    A company has the right to monitor the activities of their employees on different information systems according to the _________ policy.

    • A.

      Information system

    • B.

      User access control

    • C.

      Internet usage

    • D.

      Confidential data

    Correct Answer
    B. User access control
    Explanation
    A company has the right to monitor the activities of their employees on different information systems according to the user access control policy. User access control refers to the process of managing and controlling user privileges and permissions within an information system. By monitoring the activities of employees, the company can ensure that they are accessing and using the information system in a secure and appropriate manner. This helps to prevent unauthorized access, protect sensitive information, and maintain the overall security of the system.

    Rate this question:

  • 22. 

    Liza was told by her network administrator that they will be implementing IPsec VPN tunnels to connect the branch locations to the main office. What layer of the OSI model do IPsec tunnels function on?

    • A.

      The data link layer

    • B.

      The session layer

    • C.

      The network layer

    • D.

      The application and physical layers

    Correct Answer
    C. The network layer
    Explanation
    IPsec VPN tunnels function on the network layer of the OSI model. The network layer is responsible for routing and forwarding data packets between different networks. IPsec, which stands for Internet Protocol Security, provides security services such as encryption and authentication at the network layer. By implementing IPsec VPN tunnels, Liza's network administrator aims to secure the communication between the branch locations and the main office at the network layer.

    Rate this question:

  • 23. 

    Malone is finishing up his incident handling plan for IT before giving it to his boss for review. He is outlining the incident response methodology and the steps that are involved. What is the last step he should list?

    • A.

      Assign eradication.

    • B.

      Recovery

    • C.

      Containment

    • D.

      A follow-up.

    Correct Answer
    D. A follow-up.
    Explanation
    The last step that Malone should list in his incident handling plan is a follow-up. This step is important to ensure that the incident has been fully resolved and to evaluate the effectiveness of the incident response process. A follow-up may involve conducting a post-incident review, documenting lessons learned, updating procedures, and communicating with relevant stakeholders.

    Rate this question:

  • 24. 

    Which VPN QoS model guarantees the traffic from one customer edge (CE) to another?

    • A.

      Pipe Model

    • B.

      AAA model

    • C.

      Hub-and-Spoke VPN model

    • D.

      Hose model

    Correct Answer
    A. Pipe Model
    Explanation
    The Pipe Model is the correct answer because it guarantees the traffic from one customer edge (CE) to another. In this model, the VPN provider ensures that the traffic flows through a dedicated and secure "pipe" from one CE device to another, without interference or congestion from other traffic. This model is ideal for organizations that require high levels of reliability and performance for their VPN connections.

    Rate this question:

  • 25. 

    James was inspecting ARP packets in his organization’s network traffic with the help of Wireshark. He is checking the volume of traffic containing ARP requests as well as the source IP address from which they are originating. Which type of attack is James analyzing?

    • A.

      ARP Sweep

    • B.

      ARP misconfiguration 

    • C.

      ARP spoofing

    • D.

      ARP Poisioning 

    Correct Answer
    A. ARP Sweep
    Explanation
    James is analyzing an ARP sweep attack. An ARP sweep is a type of network reconnaissance attack where an attacker sends a large number of ARP requests to map out the IP addresses and MAC addresses of devices on a network. By inspecting the volume of traffic containing ARP requests and the source IP addresses, James can identify if there is an ARP sweep attack happening on his organization's network.

    Rate this question:

  • 26. 

    Alex is administrating the firewall in the organization's network. What command will he use to check the ports applications open?

    • A.

      Netstat -an

    • B.

      Netstat -o

    • C.

      Netstat -a 

    • D.

      Netstat -ao

    Correct Answer
    A. Netstat -an
    Explanation
    Alex will use the command "netstat -an" to check the ports applications open. The "netstat" command is used to display active network connections, listening ports, and routing tables. The "-a" option shows all active connections and listening ports, while the "-n" option displays the addresses and port numbers in numerical form. Therefore, "netstat -an" will provide Alex with a comprehensive list of all open ports and their associated applications in the organization's network.

    Rate this question:

  • 27. 

    The risk assessment team in Southern California has estimated that the probability of an incident that has potential to impact almost 80% of the bank’s business is very high. How should this risk be categorized in the risk matrix?

    • A.

      High

    • B.

      Medium

    • C.

      Extreme

    • D.

      Low

    Correct Answer
    C. Extreme
    Explanation
    The risk should be categorized as "Extreme" in the risk matrix because the probability of an incident that could impact 80% of the bank's business is very high. This indicates a significant potential impact on the bank's operations and suggests that immediate action should be taken to mitigate the risk.

    Rate this question:

  • 28. 

    Identify the minimum number of drives required to setup RAID level 5.

    • A.

      Multiple

    • B.

      3

    • C.

      4

    • D.

      2

    Correct Answer
    B. 3
    Explanation
    RAID level 5 requires a minimum of three drives to be set up. In RAID 5, data is striped across multiple drives with parity information distributed across all drives. This provides fault tolerance as if one drive fails, the data can be reconstructed using the parity information on the remaining drives. Therefore, at least three drives are needed to ensure redundancy and data protection in RAID level 5.

    Rate this question:

  • 29. 

    Timothy works as a network administrator in a multinational organization. He decides to implement a dedicated network for sharing storage resources. He uses a _________ as it seperates the storage units from the servers and the user network.

    • A.

      SAN

    • B.

      SCSA

    • C.

      NAS

    • D.

      SAS

    Correct Answer
    A. SAN
    Explanation
    Timothy decides to implement a dedicated network for sharing storage resources. He uses a SAN (Storage Area Network) as it separates the storage units from the servers and the user network. SANs are widely used in organizations to provide high-speed, reliable, and centralized storage solutions. By implementing a SAN, Timothy can efficiently manage and allocate storage resources, improve data access and availability, and ensure better performance and scalability for the organization's storage infrastructure.

    Rate this question:

  • 30. 

    A local bank wants to protect their card holder data. The bank should comply with the __________ standard to ensure the security of card holder data.

    • A.

      HIPAA

    • B.

      ISEC

    • C.

      PCI DSS

    • D.

      SOAX

    Correct Answer
    C. PCI DSS
    Explanation
    The correct answer is PCI DSS. PCI DSS stands for Payment Card Industry Data Security Standard. It is a set of security standards that all organizations that handle cardholder information must comply with in order to ensure the security of cardholder data. This standard helps to prevent data breaches and protect sensitive information such as credit card numbers, ensuring that the bank can safeguard their customers' data effectively.

    Rate this question:

  • 31. 

    Sam wants to implement a network-based IDS in the network. Sam finds out the one IDS solution which works is based on patterns matching. Which type of network-based IDS is Sam implementing?

    • A.

      Behavior-based IDS

    • B.

      Anomaly-based IDS

    • C.

      Stateful protocol analysis

    • D.

      Signature-based IDS

    Correct Answer
    D. Signature-based IDS
    Explanation
    Sam is implementing a signature-based IDS. This type of IDS works by comparing network traffic patterns against a database of known attack signatures. It identifies malicious activity by matching the patterns of network packets with the signatures in its database. This approach is effective in detecting well-known attacks, but it may struggle with new or unknown threats.

    Rate this question:

  • 32. 

    John wants to implement a firewall service that works at the session layer of the OSI model. The firewall must also have the ability to hide the private network information. Which type of firewall service is John thinking of implementing?

    • A.

      Application level gateway

    • B.

      Stateful Multilayer Inspection

    • C.

      Circuit level gateway

    • D.

      Packet Filtering 

    Correct Answer
    C. Circuit level gateway
    Explanation
    John is thinking of implementing a Circuit level gateway firewall service. This type of firewall operates at the session layer of the OSI model and has the ability to hide the private network information. It works by creating a circuit between the internal and external networks, allowing only authorized connections to pass through. It does not inspect the content of the packets like an Application level gateway or Stateful Multilayer Inspection firewall, but instead focuses on controlling the flow of traffic based on the session information. Packet Filtering firewall, on the other hand, operates at the network layer and does not provide the ability to hide private network information.

    Rate this question:

  • 33. 

    You are an IT security consultant working on a contract for a large manufacturing company to audit their entire network. After performing all the tests and building your report, you present a number of recommendations to the company and what they should implement to become more secure. One recommendation is to install a network-based device that notifies IT employees whenever malicious or questionable traffic is found. From your talks with the company, you know that they do not want a device that actually drops traffic completely, they only want notification. What type of device are you suggesting?

    • A.

      The best solution to cover the needs of this company would be a HIDS device.

    • B.

      A NIDS device would work best for the company

    • C.

      You are suggesting a NIPS device

    • D.

      A HIPS device would best suite this company

    Correct Answer
    B. A NIDS device would work best for the company
    Explanation
    A NIDS (Network Intrusion Detection System) device would work best for the company. This device monitors network traffic and detects any malicious or questionable activity. It does not drop or block the traffic, but instead sends notifications to the IT employees when such activity is found. This aligns with the company's requirement of only wanting notification without dropping traffic completely. A NIDS device would allow the company to proactively identify and respond to potential security threats on their network.

    Rate this question:

  • 34. 

    Management wants to calculate the risk factor for their organization. Kevin, a network administrator in the organization knows how to calculate the risk factor. Certain parameters are required before calculating risk factor. What are they? (Select all that apply) Risk factor = …………. X …………… X ………..

    • A.

      Vulnerability

    • B.

      Impact

    • C.

      Attack

    • D.

      Threat

    Correct Answer(s)
    A. Vulnerability
    B. Impact
    D. Threat
    Explanation
    The risk factor for an organization is calculated by multiplying certain parameters together. These parameters include vulnerability, impact, and threat. By considering the vulnerability of the organization's systems, the potential impact of a security breach, and the likelihood of an attack or threat occurring, management can determine the overall risk factor.

    Rate this question:

  • 35. 

    Lyle is the IT director for a medium-sized food service supply company in Nebraska. Lyle’s company employs over 300 workers, half of which use computers. He recently came back from a security training seminar on logical security. He now wants to ensure his company is as secure as possible. Lyle has many network nodes and workstation nodes across the network. He does not have much time for implementing a network-wide solution. He is primarily concerned about preventing any external attacks on the network by using a solution that can drop packets if they are found to be malicious. Lyle also wants this solution to be easy to implement and be network-wide. What type of solution would be best for Lyle?

    • A.

      A NEPT implementation would be the best choice.

    • B.

      To better serve the security needs of his company, Lyle should use a HIDS system.

    • C.

      Lyle would be best suited if he chose a NIPS implementation

    • D.

      He should choose a HIPS solution, as this is best suited to his needs.

    Correct Answer
    C. Lyle would be best suited if he chose a NIPS implementation
    Explanation
    The best solution for Lyle would be a NIPS (Network Intrusion Prevention System) implementation. This type of solution can effectively prevent external attacks on the network by dropping malicious packets. It is easy to implement and can provide network-wide security. Given Lyle's concerns and requirements, a NIPS implementation would be the most suitable choice for him.

    Rate this question:

  • 36. 

    Sam, a network administrator is using Wireshark to monitor the network traffic of the organization. He wants to detect TCP packets with no flag set to check for a specific attack attempt. Which filter will he use to view the traffic?

    • A.

      Tcp.flags==0x000

    • B.

      Tcp.flags==0000x

    • C.

      Tcp.flags==000x0

    • D.

      Tcp.flags==x0000

    Correct Answer
    A. Tcp.flags==0x000
    Explanation
    Sam, the network administrator, wants to detect TCP packets with no flag set to check for a specific attack attempt. To do this, he will use the filter "tcp.flags==0x000". This filter will display only the TCP packets that have all flags set to 0, indicating that no flag is set. This will help Sam identify any potential attack attempts that do not have any flags set.

    Rate this question:

  • 37. 

    Frank installed Wireshark at all ingress points in the network. Looking at the logs he notices an odd packet source. The odd source has an address of 1080:0:FF:0:8:800:200C:4171 and is using port 21. What does this source address signify?

    • A.

      This address means that the source is using an IPv6 address and is spoofed and signifies an IPv4 address of 127.0.0.1.

    • B.

      This source address is IPv6 and translates as 13.1.68.3

    • C.

      This source address signifies that the originator is using 802dot1x to try and penetrate into Frank’s network

    • D.

      This means that the source is using IPv4

    Correct Answer
    D. This means that the source is using IPv4
  • 38. 

    The IR team and the network administrator have successfully handled a malware incident on the network. The team is now preparing countermeasure guideline to avoid a future occurrence of the malware incident. Which of the following countermeasure(s) should be added to deal with future malware incidents? (Select all that apply)

    • A.

      Complying with the company’s security policies

    • B.

      Implementing strong authentication schemes

    • C.

      Implementing a strong password policy

    • D.

      Install antivirus software

    Correct Answer
    D. Install antivirus software
    Explanation
    The team should add installing antivirus software as a countermeasure to deal with future malware incidents. Antivirus software can help detect and remove malware from the network, providing an additional layer of protection against potential threats. By regularly updating and scanning the network with antivirus software, the team can minimize the risk of future malware incidents.

    Rate this question:

  • 39. 

    Assume that you are a network administrator and the company has asked you to draft an Acceptable Use Policy (AUP) for employees. Under which category of an information security policy does AUP fall into?

    • A.

      System Specific Security Policy (SSSP)

    • B.

      Incident Response Policy (IRP)

    • C.

      Enterprise Information Security Policy (EISP)

    • D.

      Issue Specific Security Policy (ISSP)

    Correct Answer
    A. System Specific Security Policy (SSSP)
    Explanation
    The Acceptable Use Policy (AUP) is a set of rules and guidelines that define the acceptable and appropriate use of company resources, systems, and networks by employees. It outlines the responsibilities and expectations for employees regarding the use of technology and information assets. Since the AUP is specific to the company's systems and networks, it falls under the category of System Specific Security Policy (SSSP). This policy focuses on the security measures and guidelines for a particular system or network within an organization.

    Rate this question:

  • 40. 

    The bank where you work has 600 windows computers and 400 Red Hat computers which primarily serve as bank teller consoles. You have created a plan and deployed all the patches to the Windows computers and you are now working on updating the Red Hat computers. What command should you run on the network to update the Red Hat computers, download the security package, force the package installation, and update all currently installed packages?

    • A.

      You should run the up2date -d -f -u command

    • B.

      You should run the up2data -u command

    • C.

      You should run the WSUS --d -f -u command.

    • D.

      You should type the sysupdate --d command

    Correct Answer
    A. You should run the up2date -d -f -u command
  • 41. 

    Smith is an IT technician that has been appointed to his company’s network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network vulnerability assessment plan?

    • A.

      Their first step is to analyze the data they have currently gathered from the company or interviews.

    • B.

      Their first step is to make a hypothesis of what their final findings will be.

    • C.

      Their first step is to create an initial Executive report to show the management team.

    • D.

      Their first step is the acquisition of required documents, reviewing of security policies and compliance. 

    Correct Answer
    D. Their first step is the acquisition of required documents, reviewing of security policies and compliance. 
    Explanation
    The first step the team should take to create the network vulnerability assessment plan is to acquire the necessary documents, review security policies, and ensure compliance. This step is crucial as it lays the foundation for the assessment by providing the team with the necessary information and guidelines to identify vulnerabilities in the network. Analyzing gathered data, making hypotheses, or creating an executive report can only be done effectively after acquiring the required documents and understanding the existing security measures in place.

    Rate this question:

  • 42. 

    Management wants to bring their organization into compliance with the ISO standard for information security risk management. Which ISO standard will management decide to implement?

    • A.

      ISO/IEC 27004

    • B.

      ISO/IEC 27002

    • C.

      ISO/IEC 27006

    • D.

      ISO/IEC 27005

    Correct Answer
    D. ISO/IEC 27005
    Explanation
    Management will decide to implement ISO/IEC 27005 because it is the ISO standard specifically focused on information security risk management. ISO/IEC 27004 is a standard for information security management measurement, ISO/IEC 27002 is a standard for information security controls, and ISO/IEC 27006 is a standard for the certification of information security management systems.

    Rate this question:

  • 43. 

    As a network administrator, you have implemented WPA2 encryption in your corporate wireless network. The WPA2’s ____________integrity check mechanism provides security against a replay attack

    • A.

      CRC-32

    • B.

      CRC-MAC

    • C.

      CBC-MAC

    • D.

      CBC-32

    Correct Answer
    C. CBC-MAC
    Explanation
    The correct answer is CBC-MAC. CBC-MAC (Cipher Block Chaining Message Authentication Code) is an integrity check mechanism used in WPA2 encryption. It provides security against replay attacks by ensuring that the data has not been modified during transmission. CBC-MAC uses a symmetric encryption algorithm to generate a fixed-size authentication tag which is appended to the message. This tag is then used to verify the integrity of the message upon receipt. CRC-32, CRC-MAC, and CBC-32 are not integrity check mechanisms used in WPA2 encryption.

    Rate this question:

  • 44. 

    John wants to implement a packet filtering firewall in his organization's network. What TCP/IP layer does a packet filtering firewall work on?

    • A.

      Application layer

    • B.

      Network Interface layer

    • C.

      TCP layer

    • D.

      IP layer

    Correct Answer
    D. IP layer
    Explanation
    A packet filtering firewall works on the IP layer. The IP layer is responsible for addressing and routing packets across different networks. By filtering packets based on their IP addresses, a packet filtering firewall can control the flow of traffic in and out of a network, allowing or blocking specific packets based on predefined rules. This helps in protecting the network from unauthorized access and potential threats.

    Rate this question:

  • 45. 

    Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company’s website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?

    • A.

      Snort is the best tool for their situation

    • B.

      They can implement Wireshark

    • C.

      They could use Tripwire

    • D.

      They need to use Nessus

    Correct Answer
    C. They could use Tripwire
    Explanation
    Simon and his administrators can implement Tripwire to accomplish their goal of monitoring the network for critical and essential file changes. Tripwire is a file integrity monitoring tool that detects any unauthorized changes made to files on a system. By implementing Tripwire, the administrators will be alerted whenever a critical file is altered, allowing them to take immediate action and prevent any further unauthorized access or modifications to the network.

    Rate this question:

  • 46. 

    Assume that you are working as a network administrator in the head office of a bank. One day a bank employee informed you that she is unable to log in to her system. At the same time, you get a call from another network administrator informing you that there is a problem connecting to the main server. How will you prioritize these two incidents?

    • A.

      Based on approval from management

    • B.

      Based on a first come first served basis

    • C.

      Based on a potential technical effect of the incident

    • D.

      Based on the type of response needed for the incident

    Correct Answer
    C. Based on a potential technical effect of the incident
    Explanation
    The correct answer is based on a potential technical effect of the incident. In this scenario, prioritizing incidents based on the potential technical effect allows the network administrator to address the most critical issue first. The inability to log in to a system may indicate a localized issue affecting only one employee, while a problem connecting to the main server could potentially impact multiple users or even the entire network. By addressing the main server issue first, the network administrator can ensure that the system is up and running for all users before addressing individual login issues.

    Rate this question:

  • 47. 

    Nancy is working as a network administrator for a small company. Management wants to implement a RAID storage for their organization. They want to use the appropriate RAID level for their backup plan that will satisfy the following requirements: 1. It has a parity check to store all the information about the data in multiple drives 2. Help reconstruct the data during downtime. 3. Process the data at a good speed. 4. Should not be expensive. The management team asks Nancy to research and suggest the appropriate RAID level that best suits their requirements. What RAID level will she suggest?

    • A.

      RAID 0

    • B.

      RAID 10

    • C.

      RAID 3

    • D.

      RAID 1

    Correct Answer
    C. RAID 3
    Explanation
    RAID 3 is the appropriate RAID level that Nancy will suggest. RAID 3 uses parity check to store information about the data in multiple drives, helping in data reconstruction during downtime. It also offers good data processing speed. Additionally, RAID 3 is cost-effective as it requires only one dedicated drive for storing parity information.

    Rate this question:

  • 48. 

    Which OSI layer does a Network Interface Card (NIC) work on?

    • A.

      Physical layer

    • B.

      Presentation layer

    • C.

      Network layer

    • D.

      Session layer

    Correct Answer
    A. Physical layer
    Explanation
    A Network Interface Card (NIC) works on the Physical layer of the OSI model. This layer is responsible for the physical transmission of data over the network, including the physical connections, electrical signals, and encoding/decoding of data. The NIC handles tasks such as converting data into electrical signals, transmitting and receiving data packets, and managing the physical connection to the network medium.

    Rate this question:

  • 49. 

    Harry has sued the company claiming they made his personal information public on a social networking site in the United States. The company denies the allegations and consulted a/an _______ for legal advice to defend them against this allegation.

    • A.

      PR Specialist

    • B.

      Attorney 

    • C.

      Incident Handler

    • D.

      Evidence Manager

    Correct Answer
    B. Attorney 
    Explanation
    The company has been accused of making Harry's personal information public, and they deny these allegations. In order to defend themselves legally, they consulted an attorney for legal advice. Attorneys are trained legal professionals who can provide guidance and representation in legal matters, making them the appropriate choice for the company to seek advice from in this situation.

    Rate this question:

  • 50. 

    Brendan wants to implement a hardware based RAID system in his network. He is thinking of choosing a suitable RAM type for the architectural setup in the system. The type he is interested in provides access times of up to 20 ns. Which type of RAM will he select for his RAID system?

    • A.

      NVRAM

    • B.

      SDRAM

    • C.

      NAND flash memory

    • D.

      SRAM

    Correct Answer
    D. SRAM
    Explanation
    Brendan will select SRAM for his RAID system. SRAM stands for Static Random Access Memory, which is a type of RAM that retains data as long as power is supplied to the system. It provides faster access times compared to other types of RAM, such as SDRAM or NVRAM. With access times of up to 20 ns, SRAM is a suitable choice for a hardware-based RAID system, as it allows for quick and efficient data retrieval and storage. NAND flash memory and NVRAM are not as suitable for this purpose, as they have slower access times.

    Rate this question:

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.