Module III Certification Quiz Part 2

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Vtgamer
V
Vtgamer
Community Contributor
Quizzes Created: 5 | Total Attempts: 3,931
| Attempts: 137
SettingsSettings
Please wait...
  • 1/62 Questions

      Which of the following logs shows when the workstation was last shutdown?

    • Security
    • System
    • Application
    • DHCP
Please wait...
Module III Certification Quiz Part 2 - Quiz
About This Quiz

SCOO certifiaction quiz for security plus test test and test some more

Quiz Preview

  • 2. 

      Password cracking tools are available worldwide over the Internet. Which one of the following items is a password cracking tool?

    • John the Ripper

    • Nessus

    • AirSnort

    • Wireshark

    Correct Answer
    A. John the Ripper
    Explanation
    John the Ripper is a well-known password cracking tool that is available worldwide over the Internet. It is used by security professionals and hackers to test the strength of passwords by attempting to crack them. Nessus is a vulnerability scanning tool, AirSnort is a wireless LAN tool, and Wireshark is a network protocol analyzer. However, only John the Ripper is specifically designed for password cracking.

    Rate this question:

  • 3. 

      A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take?

    • Determine the business impact

    • Notify management

    • Contact law enforcement officials

    • Contain the problem

    Correct Answer
    A. Contain the problem
    Explanation
    The first action to take when an unauthorized user has accessed the network is to contain the problem. This means isolating the affected systems or network segments to prevent further unauthorized access or damage. By containing the problem, the administrator can limit the potential impact and prevent the unauthorized user from causing further harm. Once the problem is contained, further actions such as determining the business impact, notifying management, and contacting law enforcement officials can be taken to address the situation effectively.

    Rate this question:

  • 4. 

      For the following items, which one is a collection of servers setup to attract hackers?

    • VLAN

    • Honeynet

    • DMZ

    • Honeypot

    Correct Answer
    A. Honeynet
    Explanation
    A honeynet is a collection of servers that are intentionally set up to attract hackers. It is designed to gather information about their tactics, techniques, and motives. By luring hackers into the honeynet, organizations can study their behavior, identify vulnerabilities, and develop strategies to enhance their cybersecurity defenses. Unlike a honeypot, which is a single decoy system, a honeynet consists of multiple interconnected systems that mimic a real network environment. This allows for a more comprehensive analysis of hacker activities and provides valuable insights for improving overall network security.

    Rate this question:

  • 5. 

      An organization needs to monitor all network traffic as it traverses their network. Which item should be used by the technician?

    • Honeypot

    • Protocol analyzer

    • HIDS

    • Content filter

    Correct Answer
    A. Protocol analyzer
    Explanation
    A protocol analyzer is a tool that captures and analyzes network traffic, allowing the organization to monitor all data packets as they traverse the network. This tool helps in identifying and troubleshooting network issues, detecting security threats, and monitoring network performance. It provides detailed information about the protocols, source and destination IP addresses, ports, and other relevant data. Therefore, a protocol analyzer is the most suitable item for the organization to monitor all network traffic effectively.

    Rate this question:

  • 6. 

      After analyzing for vulnerabilities and applying a security patch, which non-intrusive action should be taken to verify that the vulnerability was truly removed?

    • Apply a security patch from the vendor

    • Repeat the vulnerability scan

    • Update the antivirus definition file

    • Perform a penetration test

    Correct Answer
    A. Repeat the vulnerability scan
    Explanation
    After applying a security patch to address vulnerabilities, the next step should be to repeat the vulnerability scan. This is necessary to verify whether the patch was successful in removing the identified vulnerabilities. By conducting another vulnerability scan, any remaining vulnerabilities can be identified and addressed, ensuring that the system is secure.

    Rate this question:

  • 7. 

      A technician is auditing the security posture of an organization. An audit shows that many of the users have the ability to access the company’s accounting information. Which of the following should the technician recommend to address this problem?

    • Implementing a host based intrusion prevention system

    • Changing file level audit settings

    • Changing the user rights and security groups

    • Implementing a host based instruction detection system

    Correct Answer
    A. Changing the user rights and security groups
    Explanation
    The technician should recommend changing the user rights and security groups to address the problem of many users having access to the company's accounting information. By adjusting the user rights and security groups, the technician can restrict access to only those individuals who need it for their job roles, thus reducing the risk of unauthorized access and potential misuse of sensitive financial data. This solution focuses on controlling user privileges and ensuring that only authorized personnel have access to critical information.

    Rate this question:

  • 8. 

      Which of the following is a reason to use a vulnerability scanner?

    • To assist with PKI implementation

    • To assist with protocol analyzing

    • To identify remove access policies

    • To identify open ports on a system

    Correct Answer
    A. To identify open ports on a system
    Explanation
    A vulnerability scanner is used to identify open ports on a system. Open ports can be potential entry points for attackers to exploit and gain unauthorized access to a system. By scanning for open ports, organizations can identify any vulnerabilities and take necessary actions to secure their systems. This helps in preventing unauthorized access and protecting sensitive information from being compromised.

    Rate this question:

  • 9. 

      Which of the following assessment tools would be MOST appropriate for determining if a password was being sent across the network in clear text?

    • Protocol analyzer

    • Password cracker

    • Vulnerability scanner

    • Port scanner

    Correct Answer
    A. Protocol analyzer
    Explanation
    A protocol analyzer is the most appropriate assessment tool for determining if a password is being sent across the network in clear text. A protocol analyzer allows the user to capture and analyze network traffic, including the contents of packets being sent over the network. By examining the captured packets, it is possible to identify if a password is being transmitted without encryption, which would indicate that it is being sent in clear text. Password cracker tools are used to guess or crack passwords, vulnerability scanners are used to identify security vulnerabilities, and port scanners are used to identify open ports on a network.

    Rate this question:

  • 10. 

      You are a network technician of your company. You have just detected an intrusion on your company’s network from the Internet. What should be checked FIRST?

    • The performance logs

    • The firewall logs

    • The DNS logs

    • The access logs

    Correct Answer
    A. The firewall logs
    Explanation
    The correct answer is to check the firewall logs first. Firewall logs provide information about network traffic, including any attempts to access the network from the Internet. By analyzing the firewall logs, the network technician can identify the source of the intrusion, the type of attack, and any potential vulnerabilities that were exploited. This information is crucial for taking appropriate measures to mitigate the intrusion and strengthen the network's security.

    Rate this question:

  • 11. 

      A network administrator believes that PCs on the internal network may be acting as zombies participating in external DDoS attacks. Which item will most effectively confirm the administrator’s suspicions?

    • AV server logs

    • Firewall logs

    • HIDS logs

    • Proxy logs

    Correct Answer
    A. Firewall logs
    Explanation
    Firewall logs would be the most effective item to confirm the administrator's suspicions. Firewall logs can provide information about the incoming and outgoing network traffic, including IP addresses and ports. By analyzing the firewall logs, the administrator can identify any suspicious or unauthorized connections from the internal network to external servers, which could indicate the presence of zombies participating in DDoS attacks. Additionally, the logs can provide insights into the type and volume of traffic, helping the administrator to further investigate and mitigate the issue.

    Rate this question:

  • 12. 

      Tom is a network administrator for his company. He suspects that files are being copied to a remote location during off hours. The file server does not have logging enabled. Which logs will be the BEST place to look for information?

    • Antivirus logs

    • DNS logs

    • Intrusion detection logs

    • Firewall logs

    Correct Answer
    A. Firewall logs
    Explanation
    Firewall logs are the best place to look for information in this scenario because they record all incoming and outgoing network traffic, including any attempts to access remote locations. By analyzing the firewall logs, Tom can identify any suspicious or unauthorized connections to remote locations during off hours, which would indicate the copying of files. The other options, such as antivirus logs, DNS logs, and intrusion detection logs, may provide some information, but they are less likely to capture the specific activity of file copying to a remote location.

    Rate this question:

  • 13. 

      Which of the following types of removable media is write-once and appropriate for archiving security logs?

    • CD-R

    • USB drive

    • Tape

    • Hard disk

    Correct Answer
    A. CD-R
    Explanation
    CD-R (Compact Disc-Recordable) is a type of removable media that can only be written to once. It is a suitable option for archiving security logs because once the logs are written onto the CD-R, they cannot be altered or modified, ensuring the integrity and security of the data. CD-Rs are also relatively inexpensive and have a long lifespan, making them a reliable choice for long-term storage and archiving purposes.

    Rate this question:

  • 14. 

      The NIC should be placed in which mode to monitor all network traffic while placing a NIDS onto the network?

    • Half-duplex

    • Full-duplex

    • Auto

    • Promiscuous

    Correct Answer
    A. Promiscuous
    Explanation
    The NIC should be placed in promiscuous mode to monitor all network traffic while placing a NIDS onto the network. In promiscuous mode, the NIC captures all network traffic, including packets not intended for the specific device. This allows the NIDS to analyze and detect any suspicious or malicious activity on the network, even if it is not directly targeted at the device where the NIDS is installed.

    Rate this question:

  • 15. 

      After implementing auditing on a file, which log will show unauthorized usage attempts?

    • Application

    • Security

    • System

    • Performance

    Correct Answer
    A. Security
    Explanation
    After implementing auditing on a file, the Security log will show unauthorized usage attempts. The Security log is specifically designed to record security-related events, such as unauthorized access attempts, failed logins, and other security breaches. By enabling auditing on a file, any unauthorized attempts to access or modify the file will be recorded in the Security log, providing a valuable source of information for investigating and preventing security incidents.

    Rate this question:

  • 16. 

      Which tool can best monitor changes to the approved system baseline?

    • Enterprise key management software

    • Enterprise antivirus software

    • Enterprise performance monitoring software

    • Enterprise resource planning software

    Correct Answer
    A. Enterprise performance monitoring software
    Explanation
    Enterprise performance monitoring software is the best tool to monitor changes to the approved system baseline because it is specifically designed to track and analyze the performance of an organization's systems and applications. This software can detect any changes or deviations from the baseline and provide real-time monitoring and alerts to ensure that the system is operating within the approved parameters. It can also provide detailed reports and analysis to help identify any performance issues or potential security breaches.

    Rate this question:

  • 17. 

      John works as a network administrator for his company. He uses a tool to check SMTP, DNS, AND POP3 and ICMP packets on the network. This is an example of which of the following?

    • A vulnerability scan

    • A penetration test

    • A port scanner

    • A protocol analyzer

    Correct Answer
    A. A protocol analyzer
    Explanation
    The given scenario describes John using a tool to check various types of network packets, such as SMTP, DNS, POP3, and ICMP. This indicates that John is using a protocol analyzer. A protocol analyzer is a tool used to capture, analyze, and interpret network traffic, allowing network administrators to troubleshoot network issues and monitor network performance. It helps in identifying and diagnosing problems related to specific protocols, such as SMTP, DNS, POP3, and ICMP, which are mentioned in the scenario. Therefore, the correct answer is a protocol analyzer.

    Rate this question:

  • 18. 

      Which practice is the best to secure log files?

    • Deny administrators all access to log files to prevent write failures

    • Copy or save the logs to a remote log server

    • Change security settings to avoid corruption

    • Log all failed and successful login attempts

    Correct Answer
    A. Copy or save the logs to a remote log server
    Explanation
    Copying or saving the logs to a remote log server is the best practice to secure log files. By doing so, the log files are stored in a separate location, reducing the risk of tampering or unauthorized access. It also allows for centralized monitoring and analysis of the logs, making it easier to detect and respond to security incidents. Denying administrators all access to log files may prevent write failures, but it also hinders the ability to investigate and troubleshoot issues. Changing security settings to avoid corruption is important, but it does not necessarily secure the log files. Logging all failed and successful login attempts is a good practice, but it alone does not fully secure the log files.

    Rate this question:

  • 19. 

      Network traffic is data in a network. Which tool can be used to review network traffic for clear text passwords?

    • Firewall

    • Password cracker

    • Port scanner

    • Protocol analyzer

    Correct Answer
    A. Protocol analyzer
    Explanation
    A protocol analyzer is a tool that can be used to review network traffic for clear text passwords. It captures and analyzes the data packets that are being transmitted over a network, allowing the user to inspect the contents of these packets. By using a protocol analyzer, one can identify any clear text passwords that are being sent across the network, which can help in identifying potential security vulnerabilities and taking appropriate measures to secure the network.

    Rate this question:

  • 20. 

      For the following items, which one is a collection of servers set up to attrack hackers?

    • DMZ

    • Honeynet

    • Honeypot

    • VLAN

    Correct Answer
    A. Honeynet
    Explanation
    A honeynet is a collection of servers set up with the intention of attracting hackers. It is designed to mimic a real network and contains valuable or enticing information to lure hackers. The purpose of a honeynet is to study and analyze hacker behavior, techniques, and vulnerabilities, in order to enhance network security and develop effective countermeasures. Honeypots, on the other hand, are individual systems or services within a network that are used to attract and trap hackers, while DMZ (Demilitarized Zone) and VLAN (Virtual Local Area Network) are network security architectures that separate and isolate certain parts of a network.

    Rate this question:

  • 21. 

      Which description is true about penetration testing?

    • Simulating an actual attack on a network

    • Establishing a security baseline

    • Detecting active intrusions

    • Hacking into a network for malicious reasons

    Correct Answer
    A. Simulating an actual attack on a network
    Explanation
    Penetration testing involves simulating an actual attack on a network to identify vulnerabilities and weaknesses. It is a proactive approach to assess the security of a system by attempting to exploit its vulnerabilities in a controlled environment. This helps organizations identify potential entry points that could be exploited by malicious actors and allows them to strengthen their security measures accordingly. Penetration testing is an essential practice to ensure the overall security and integrity of a network.

    Rate this question:

  • 22. 

      Which of the following should be done if an audit fails in an information system?

    • Stop generating audit records

    • Overwrite the oldest audit records

    • Log off the user

    • Send an alert to the appropriate personnel

    Correct Answer
    A. Send an alert to the appropriate personnel
    Explanation
    When an audit fails in an information system, it is important to notify the appropriate personnel. Sending an alert allows the necessary individuals to be informed about the failure, enabling them to take appropriate action. This could involve investigating the cause of the failure, implementing necessary security measures, or addressing any potential vulnerabilities in the system. It is crucial to promptly notify the appropriate personnel so that they can respond effectively and mitigate any potential risks or threats to the system's security.

    Rate this question:

  • 23. 

      Which of the following is a protocol analyzer?

    • Nessus

    • Cain _Abel

    • WireShark

    • John the Ripper

    Correct Answer
    A. WireShark
    Explanation
    WireShark is a protocol analyzer. It is a network analysis tool that allows users to capture and analyze network traffic in real-time. It helps in troubleshooting network issues, analyzing network protocols, and detecting security vulnerabilities. It can decode various protocols and display their details, making it a valuable tool for network administrators and security professionals.

    Rate this question:

  • 24. 

      One type of port scan can determine which ports are in a listening state on the network, and can then perform a two-way handshake. Which type of port scan can perform this set of actions?

    • TCP connect scan

    • TCP (Transmission Control Protocol) SYN (Synchronize) scan

    • TCP null scan

    • TCP fin scan

    Correct Answer
    A. TCP (Transmission Control Protocol) SYN (Synchronize) scan
    Explanation
    A TCP (Transmission Control Protocol) SYN (Synchronize) scan can determine which ports are in a listening state on the network and can perform a two-way handshake. In this type of scan, the scanner sends a SYN packet to the target host's port. If the port is open and listening, the target host responds with a SYN-ACK packet. The scanner then sends an ACK packet to complete the handshake. If the port is closed, the target host responds with a RST packet. This scan is stealthy and commonly used for reconnaissance purposes as it does not complete the full three-way handshake.

    Rate this question:

  • 25. 

      In computer security, an access control list (ACL) is a list of permissions attached to an object. Which log will reveal activities about ACL?

    • Performance

    • Firewall

    • Mobile device

    • Transaction

    Correct Answer
    A. Firewall
    Explanation
    A firewall is a security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It is designed to prevent unauthorized access to or from a private network. As access control lists (ACLs) are a fundamental component of network security, a firewall log will reveal activities related to ACLs. This log will provide information about any attempts to access or modify permissions associated with objects, helping to identify potential security breaches or unauthorized actions.

    Rate this question:

  • 26. 

      Which one of the following options is a vulnerability assessment tool?

    • Nessus

    • AirSnort

    • John the Ripper

    • Cain _Abel

    Correct Answer
    A. Nessus
    Explanation
    Nessus is a vulnerability assessment tool used to identify vulnerabilities and misconfigurations in computer systems and networks. It scans for known vulnerabilities and provides detailed reports on the findings, allowing organizations to prioritize and address potential security risks. AirSnort is a tool used for wireless network auditing, John the Ripper is a password cracking tool, and Cain & Abel is a password recovery tool. Therefore, Nessus is the correct answer as it specifically focuses on vulnerability assessment.

    Rate this question:

  • 27. 

      A honeypot is used to:

    • Allow administrators a chance to observe an attack

    • Trap attackers in a false network

    • Provide an unauthorized u ser with a place to safely work

    • Give an unauthorized user time to complete an attack

    Correct Answer
    A. Allow administrators a chance to observe an attack
    Explanation
    A honeypot is a security mechanism that is used to attract and deceive attackers. It is designed to mimic a real system or network and lure attackers into interacting with it. By doing so, it allows administrators to observe and study the attack techniques and methods used by attackers. This helps in gaining valuable insights into their tactics and improving overall security measures.

    Rate this question:

  • 28. 

      A protocol analyzer will most likely detect which security related anomalies?

    • Many malformed or fragmented packets

    • Passive sniffing of local network traffic

    • Disabled network interface on a server

    • Decryption of encrypted network traffic

    Correct Answer
    A. Many malformed or fragmented packets
    Explanation
    A protocol analyzer is a tool used to analyze network traffic and monitor the communication between devices. It captures and examines packets of data to identify any anomalies or issues in the network. Malformed or fragmented packets can indicate potential security vulnerabilities or attacks, such as packet injection or buffer overflow. Therefore, a protocol analyzer is most likely to detect many malformed or fragmented packets as they can be indicators of security-related anomalies.

    Rate this question:

  • 29. 

      Which of the following steps is MOST often overlooked during the auditing process?

    • Auditing every system event

    • Reviewing event logs regularly

    • Deciding what events to audit

    • Enabling auditing on the system

    Correct Answer
    A. Reviewing event logs regularly
    Explanation
    Reviewing event logs regularly is the step that is most often overlooked during the auditing process. Event logs contain important information about system events and can help identify any suspicious or unauthorized activities. Regularly reviewing these logs allows auditors to detect any anomalies or potential security breaches. Neglecting this step can lead to missed opportunities to identify and address security issues, making it a critical oversight in the auditing process.

    Rate this question:

  • 30. 

      An outside auditor has been contracted to determine whether weak passwords are being used on the network. In order to achieve this goal, the auditor is running a password cracker against the master password file. Which of the following is this an example of?

    • Vulnerability assessment

    • Fingerprinting

    • Malware scan

    • Baselining

    Correct Answer
    A. Vulnerability assessment
    Explanation
    This scenario is an example of a vulnerability assessment because the outside auditor is specifically checking for weak passwords on the network. A vulnerability assessment is the process of identifying and evaluating potential vulnerabilities in a system or network to determine the level of risk. In this case, the auditor is using a password cracker to test the strength of the passwords in the master password file, which is a common method used in vulnerability assessments to identify potential weaknesses in password security.

    Rate this question:

  • 31. 

      Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS) are methods of security management for computers and networks. A HIDS is installed to monitor which of the following?

    • Temporary Internet files

    • CPU performance

    • NIC performance

    • System files

    Correct Answer
    A. System files
    Explanation
    A HIDS (Host Intrusion Detection System) is installed to monitor system files. System files are critical components of a computer's operating system and contain important configuration and security information. By monitoring system files, a HIDS can detect any unauthorized changes or modifications that could indicate a potential intrusion or security breach. This allows the system administrator to take appropriate action to prevent further damage or compromise to the system.

    Rate this question:

  • 32. 

      Which of the following is the MOST effective way for an administrator to determine what security holes reside on the network?

    • Run a port scan

    • Run a sniffer

    • Perform a vulnerability assessment

    • Install and monitor an IDS

    Correct Answer
    A. Perform a vulnerability assessment
    Explanation
    Performing a vulnerability assessment is the most effective way for an administrator to determine what security holes reside on the network. A vulnerability assessment involves systematically scanning the network and its systems to identify any potential weaknesses or vulnerabilities that could be exploited by attackers. This assessment helps in identifying security flaws, misconfigurations, and outdated software versions that could be potential entry points for attackers. By conducting a vulnerability assessment, administrators can prioritize and address these vulnerabilities to strengthen the network's security posture.

    Rate this question:

  • 33. 

      An Auditing system is necessary to detect intrusions on what part of the system?

    • The files

    • The system’s memory

    • None of the above

    • The operating system

    Correct Answer
    A. The files
    Explanation
    An auditing system is necessary to detect intrusions on the files. This is because files contain important data and information that can be targeted by intruders. By monitoring and auditing the files, any unauthorized access or modifications can be detected and appropriate actions can be taken to prevent further damage or breaches in the system's security.

    Rate this question:

  • 34. 

      Choose the network mapping tool (scanner) which uses ICMP (Internet Control Message Protocol)

    • A ping scanner

    • A share scanner

    • A port scanner

    • A map scanner

    Correct Answer
    A. A ping scanner
    Explanation
    A ping scanner is the correct answer because it uses ICMP (Internet Control Message Protocol) to send a ping request to a target IP address and receives a response. This allows the scanner to determine if the target IP address is reachable and estimate the round-trip time for the ping request. By analyzing the responses, the ping scanner can provide information about the network connectivity and identify potential issues or vulnerabilities.

    Rate this question:

  • 35. 

      While monitoring application activity and modification, which system should be used?

    • NIDS

    • RADIUS

    • HIDS

    • OVAL

    Correct Answer
    A. HIDS
    Explanation
    HIDS, or Host-based Intrusion Detection System, should be used while monitoring application activity and modification. HIDS is a security solution that is installed on individual hosts or servers to monitor and analyze their activity for any signs of intrusion or unauthorized modifications. It is specifically designed to detect and respond to threats at the host level, providing real-time monitoring and alerting capabilities. By using HIDS, organizations can effectively detect and mitigate any suspicious or malicious activities happening within their applications, ensuring the security and integrity of their systems.

    Rate this question:

  • 36. 

      Malware, a portmanteau (blending of the two words) malicious and software, is software designed to infiltrate or damage a computer system without the owner’s informed consent. A network technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which item can help determine the amount of CPU cycles being consumed?

    • Use a protocol analyzer to find the cause of the traffic

    • Check msconfig Start options to see what is running during startup

    • Install malware scanning software

    • Run performance monitor to evaluate the CPU usage

    Correct Answer
    A. Run performance monitor to evaluate the CPU usage
    Explanation
    Running performance monitor can help determine the amount of CPU cycles being consumed. Performance monitor is a tool that allows users to monitor and analyze the performance of their computer system, including CPU usage. By running performance monitor, the network technician can track the CPU usage and identify any abnormal spikes or high usage that may indicate the presence of malware consuming CPU cycles and slowing down the system. This will help in diagnosing and addressing the issue.

    Rate this question:

  • 37. 

      Which description is true about the external security testing?

    • Conducted from outside the organization’s security perimeter

    • Conducted from outside the building that hosts the organization’s servers

    • Conducted from outside the perimeter switch but inside the order router

    • Conducted from outside the perimeter switch but inside the firewall

    Correct Answer
    A. Conducted from outside the organization’s security perimeter
    Explanation
    External security testing is conducted from outside the organization's security perimeter. This means that the testing is done by individuals or teams who are not part of the organization and do not have access to the internal network or systems. By conducting the testing from outside the security perimeter, it allows for a more realistic simulation of potential external threats and vulnerabilities that the organization may face. This type of testing helps to identify weaknesses in the organization's external defenses and allows for the implementation of appropriate security measures to protect against external threats.

    Rate this question:

  • 38. 

      For the following items, which is a protocol analyzer?

    • John the Ripper

    • Nessus

    • Cain _Abel

    • WireShark

    Correct Answer
    A. WireShark
    Explanation
    WireShark is a protocol analyzer. It is a widely used network analysis tool that allows users to capture and analyze network traffic. It helps in troubleshooting network issues, detecting network vulnerabilities, and analyzing network protocols.

    Rate this question:

  • 39. 

      Which method could identify when unauthorized access has occurred?

    • Implement session termination mechanism

    • Implement two-factor authentication

    • Implement session lock mechanism

    • Implement previous logon notification

    Correct Answer
    A. Implement previous logon notification
    Explanation
    Implementing previous logon notification can help identify when unauthorized access has occurred. This method notifies the user whenever there is a login attempt made from a different device or location than the previous logon. By receiving these notifications, the user can quickly identify if someone else is trying to access their account without authorization. This can help prevent unauthorized access and allow the user to take necessary actions to protect their account.

    Rate this question:

  • 40. 

      Choose the figure which represents the number of ports in the TCP/IP (Transmission Control Protocol/Internet Protocol) which are vulnerable to being scanned, attacked, and exploited.

    • 32 ports

    • 16,777,216 ports

    • 65,535 ports

    • 1,024 ports

    Correct Answer
    A. 65,535 ports
    Explanation
    The correct answer is 65,535 ports. This is because TCP/IP uses a 16-bit field to represent the port number, which allows for a maximum of 65,535 ports. These ports are used for various purposes, such as communication between different applications and services on a network. However, not all of these ports are vulnerable to scanning, attacks, and exploitation. It depends on the specific configuration and security measures in place.

    Rate this question:

  • 41. 

      Which tool can help the technician to find all open ports on the network?

    • Router ACL

    • Protocol analyzer

    • Performance monitor

    • Network scanner

    Correct Answer
    A. Network scanner
    Explanation
    A network scanner is a tool that can help a technician find all open ports on a network. It scans the network and identifies all active devices and the ports they have open. By using a network scanner, the technician can quickly identify any potential vulnerabilities or security risks on the network. This tool is commonly used for network troubleshooting, security audits, and monitoring network performance.

    Rate this question:

  • 42. 

      Network utilization is the ratio of current network traffic to the maximum traffic that the port can handle. Which of the following can most effectively determine whether network utilization is abnormal?

    • Application log

    • Systems monitor

    • Security log

    • Performance baseline

    Correct Answer
    A. Performance baseline
    Explanation
    A performance baseline is the most effective way to determine abnormal network utilization because it provides a reference point for normal network traffic levels. By comparing current network traffic to the baseline, any significant deviation can be identified as abnormal utilization. Application logs, system monitors, and security logs may provide some insights into network activity, but they do not provide a comprehensive and objective measure of network utilization.

    Rate this question:

  • 43. 

      Malicious port scanning is a method of attack to determine which of the following?

    • The fingerprint of the operating system

    • Computer name

    • The physical cabling topology of a network

    • User IDs and passwords

    Correct Answer
    A. The fingerprint of the operating system
    Explanation
    Malicious port scanning is a technique used by attackers to identify the operating system running on a target computer or network. By scanning the open ports on a system, attackers can gather information about the services and protocols being used, which can help them determine the operating system in use. This information is valuable for attackers as it allows them to exploit vulnerabilities specific to that operating system.

    Rate this question:

  • 44. 

      Which of the following is not identified within the penetration testing scope of work?

    • A complete list of all network vulnerabilities

    • Handling of information collected by the penetration testing team

    • A list of acceptable testing techniques and tools to be utilized

    • IP addresses of machines from which penetration testing will be executed

    Correct Answer
    A. A complete list of all network vulnerabilities
    Explanation
    The penetration testing scope of work typically includes identifying vulnerabilities in a network. However, it does not involve creating a complete list of all network vulnerabilities. This is because new vulnerabilities can constantly emerge, and it is not feasible to create a comprehensive list. Instead, the focus is on identifying and addressing the vulnerabilities that are currently present in the network.

    Rate this question:

  • 45. 

      One of the below is a description for a password cracker, which one is it?

    • A program that can locate and read a password file

    • A program that provides software registration passwords or keys

    • A program that performs comparative analysis

    • A program that obtains privileged access to the system

    Correct Answer
    A. A program that performs comparative analysis
    Explanation
    The correct answer is "A program that performs comparative analysis". This description suggests that a password cracker is a program that compares different combinations of characters or algorithms to determine the correct password. It does not specifically mention obtaining privileged access or reading password files, which are other possible functions of a password cracker.

    Rate this question:

  • 46. 

      An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. When an IDS is configured to match a specific traffic pattern, then which of the following is this referring to?

    • Signature-based

    • Anomaly-based

    • Heuristic-based

    • Behavior-based

    Correct Answer
    A. Signature-based
    Explanation
    A signature-based intrusion detection system (IDS) refers to a system that detects unwanted attempts at accessing, manipulating, and disabling computer systems by matching specific traffic patterns with known signatures or patterns of known attacks. It relies on a database of predefined signatures to identify malicious activity.

    Rate this question:

  • 47. 

      Which of the following would be MOST useful in determining which internal user was the source of an attack that compromised another computer in its network?

    • The attacking computer’s audit logs

    • The target computer’s audit logs

    • The firewall’s logs

    • The domain controller’s logs

    Correct Answer
    A. The target computer’s audit logs
    Explanation
    The target computer's audit logs would be the most useful in determining which internal user was the source of an attack that compromised another computer in its network. The audit logs on the target computer would contain information about the actions and activities performed on that specific computer, including any unauthorized access or suspicious activities. By analyzing these logs, it would be possible to track the actions of the attacker and identify the internal user responsible for the attack.

    Rate this question:

  • 48. 

      This type of attack specifically aims to enumerate the TCP and UPD application ports that are open on a host. Essentially, the attack consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed further for weakness. Which of the following BEST describes the attack that is occurring?

    • DNS spoofing

    • Port scanning

    • PING sweep

    • ARP poisoning

    Correct Answer
    A. Port scanning
    Explanation
    Port scanning is the best description for the attack that is occurring. Port scanning involves sending messages to each port on a host to determine which ports are open and can be probed further for weaknesses. This attack aims to enumerate the TCP and UDP application ports that are open on a host. DNS spoofing, PING sweep, and ARP poisoning are different types of attacks and not applicable to the given scenario.

    Rate this question:

  • 49. 

      IDS is short for Intrusion Detection Systems. Which option is the MOST basic type of IDS?

    • Signature

    • Statistical

    • Behavioral

    • Anomaly

    Correct Answer
    A. Signature
    Explanation
    Signature-based IDS is the most basic type of IDS. This type of IDS identifies known patterns or signatures of known attacks or malicious activities. It compares network traffic or system behavior against a database of predefined signatures to detect any matches. When a match is found, it triggers an alert or takes action to prevent the attack. Signature-based IDS is effective in detecting known attacks but may struggle with detecting new or unknown threats.

    Rate this question:

Quiz Review Timeline (Updated): Mar 15, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 15, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Feb 19, 2010
    Quiz Created by
    Vtgamer
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.