The Stuxnet worm was designed to ____________>

disrupt computer-controlled industrial operations

In a restrictive firewall policy, what is the starting point for developing a rule base?

block all traffic except specified types

allow all traffic except specified types

What advantages does IPv6 have over IPv4 (Choose all that apply)

IPv6 uses a 128-bit address space

IPv6 uses DHCP for its configuration settings

IPv6 uses a 128-bit address space

Which of the following is a method of hiding internal host IP addresses? (Choose all that apply)

Network Address Translation (NAT)

configuring the computer to insert a fake source IP address into outgoing messages

setting up software firewalls on all internal hosts

The Class A address of 127.0.0.1 is used for which of the following?

testing the local TCP/IP software implementation

broadcasting to all hosts on a subnet

testing the local TCP/IP software implementation

Why is UDP considered unreliable?

The header does not contain a checksum

The data is transmitted in clear text

Routers typically drop a large number of UDP packets

How do routers handle packets that are too large to pass through because of frame size limitations?

Routers break packets into smaller pieces called fragments.

Routers drop packets that are too large.

Routers bounce packets back to the sender to be resized.

Routers adjust their MTUs to accommodate the oversized packet.

Routers break packets into smaller pieces called fragments.

A DNS server translates ________________ to _______________.

encrypted IP addresses, clear text

Why is fragmentation considered a security risk?

Fragments numbered 1 or higher are passed through filters

Fragments numbered 0 contain port information

Fragments numbered 1 or higher are passed through filters

Fragmented packets cannot be assembled

Fragmentation is frequently used

Network Security Trivia Quiz Questions! Trivia

Approved & Edited by ProProfs Editorial Team

At ProProfs Quizzes, our dedicated in-house team of experts takes pride in their work. With a sharp eye for detail, they meticulously review each quiz. This ensures that every quiz, taken by over 100 million users, meets our standards of accuracy, clarity, and engagement.

Learn about Our Editorial Process

| Written by MrsQ

MrsQ

Community Contributor

Quizzes Created: 5 | Total Attempts: 2,798

Questions: 58 | Attempts: 1,094 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Questions and Answers

1.

Most network threats originate from which of the following?
- A.
  
  Inside the company
- B.
  
  Script kiddies
- C.
  
  Back doors
- D.
  
  Industrial spies
Correct Answer
A. Inside the company

Explanation
The correct answer is "inside the company." This means that most network threats come from individuals within the organization itself. This could include employees, contractors, or anyone with authorized access to the company's network. These insiders may intentionally or unintentionally cause harm to the network by engaging in malicious activities, such as unauthorized access, data theft, or introducing malware. Insider threats are a significant concern for organizations, and implementing proper security measures and monitoring systems is essential to mitigate these risks.

Rate this question:
2.

What are some of the reasons for network attacks?
- A.
  
  Industrial espionage
- B.
  
  Revenge
- C.
  
  Financial gain
- D.
  
  All of the above
Correct Answer
D. All of the above

Explanation
The correct answer is "all of the above" because network attacks can occur for various reasons, including industrial espionage, revenge, and financial gain. Industrial espionage involves stealing valuable information or trade secrets from competing organizations. Revenge attacks are motivated by personal vendettas or grievances against individuals or organizations. Financial gain is a common motive for network attacks, as hackers may seek to steal sensitive financial information or engage in ransomware attacks to extort money. Therefore, all of these reasons can contribute to network attacks.

Rate this question:
3.

The capability to prevent one participant in an electronic transaction from denying that it performed an action is called ____________.
- A.
  
  Plausible deniability
- B.
  
  Integrity
- C.
  
  Nonrepudiation
- D.
  
  Undeniability
Correct Answer
C. Nonrepudiation

Explanation
Nonrepudiation refers to the ability to prevent a participant in an electronic transaction from denying that they performed a certain action. It ensures that the actions and transactions carried out by a participant cannot be denied or disputed later on. This capability is crucial in maintaining trust and accountability in electronic transactions, as it provides evidence and proof of the actions performed by the participants involved.

Rate this question:
4.

Servers with outside access to the public should be located on __________. (Choose all that apply)
- A.
  
  Their own subnet
- B.
  
  A DMZ
- C.
  
  An internal LAN
- D.
  
  A network perimeter
Correct Answer(s)
A. Their own subnet
B. A DMZ

Explanation
Servers with outside access to the public should be located on their own subnet and a DMZ. By placing these servers on their own subnet, they can be isolated from the rest of the network, providing an extra layer of security. Placing them in a DMZ (Demilitarized Zone) further enhances their security by creating a separate network segment that acts as a buffer between the internal LAN and the public internet. This allows for controlled access to the servers while minimizing the risk of unauthorized access to the internal network.

Rate this question:
5.

Packet filters can block or allow transmission of packets based on which of the following criteria? (Choose all that apply)
- A.
  
  Port number
- B.
  
  Open ports
- C.
  
  Time of access attempts
- D.
  
  IP address
Correct Answer(s)
A. Port number
C. Time of access attempts
D. IP address

Explanation
Packet filters can block or allow transmission of packets based on the port number, time of access attempts, and IP address. The port number is used to identify specific applications or services running on a device, and packet filters can block or allow packets based on the port number being used. The time of access attempts refers to the specific time when a connection attempt is made, and packet filters can block or allow packets based on the time of access. The IP address is a unique identifier assigned to each device on a network, and packet filters can block or allow packets based on the source or destination IP address.

Rate this question:
6.

An attacker who causes harm to systems in support of some principle is categorized as which of the following?
- A.
  
  Cracker
- B.
  
  Hacker
- C.
  
  Industrial spy
- D.
  
  Cyberterrorist
Correct Answer
D. Cyberterrorist

Explanation
A cyberterrorist is an attacker who causes harm to systems in support of some principle. Unlike a cracker or hacker who may exploit vulnerabilities for personal gain or curiosity, a cyberterrorist's motivation is driven by political, ideological, or religious reasons. Their goal is to create fear, disrupt critical infrastructure, or cause harm to individuals or organizations to advance their agenda.

Rate this question:
7.

An IP address combined with a TCP/IP port number is called which of the following?
- A.
  
  Network address
- B.
  
  Socket
- C.
  
  Script
- D.
  
  Port ID
Correct Answer
B. Socket

Explanation
An IP address combined with a TCP/IP port number is called a socket. A socket is a unique combination of an IP address and a port number that allows communication between different devices on a network. It acts as an endpoint for sending and receiving data over a network. Sockets are essential for establishing network connections and enabling the exchange of information between devices.

Rate this question:
8.

Firewall enforcement of policies is handled primarily through setting up packet-filtering rules, a set of which is contained in the _____________.
- A.
  
  Routing table
- B.
  
  Rule base
- C.
  
  Access control list
- D.
  
  Packet filter
Correct Answer
C. Access control list

Explanation
Firewall enforcement of policies is primarily done through setting up packet-filtering rules. These rules are contained in an access control list (ACL), which is a set of rules that determines what traffic is allowed or denied based on specific criteria such as source and destination IP addresses, ports, and protocols. The ACL acts as a filter, allowing or blocking packets based on the defined rules, thus enforcing the firewall policies.

Rate this question:
9.

Name four goals of network security
10.

An uninterruptible power supply is a component of _____________ security.
- A.
  
  Virtual
- B.
  
  Auditing
- C.
  
  Physical
- D.
  
  Password
Correct Answer
C. Physical

Explanation
An uninterruptible power supply (UPS) is a device that provides emergency power to a load when the input power source fails. It acts as a backup power source, ensuring that critical systems and equipment remain operational during power outages or fluctuations. Therefore, a UPS is a component of physical security, as it helps protect against power disruptions that could potentially compromise the security and functionality of physical infrastructure and systems.

Rate this question:
11.

The Stuxnet worm was designed to ____________>
- A.
  
  Shut down Internet DNS servers
- B.
  
  Disrupt computer-controlled industrial operations
- C.
  
  Steal financial information
- D.
  
  Be used by script kiddies
Correct Answer
B. Disrupt computer-controlled industrial operations

Explanation
The correct answer is "disrupt computer-controlled industrial operations". This is because Stuxnet was a highly sophisticated computer worm that specifically targeted and disrupted the operations of industrial control systems, particularly those used in nuclear facilities. It was not designed to shut down Internet DNS servers, steal financial information, or be used by script kiddies.

Rate this question:
12.

A packet filtering device evaluates data in the payload and compares it with a predefined set of rules.
- A.
  
  True
- B.
  
  False
Correct Answer
B. False

Explanation
A packet filtering device does not evaluate data in the payload and compare it with a predefined set of rules. Instead, it examines the header information of each packet and makes filtering decisions based on criteria such as source and destination IP addresses, port numbers, and protocol types. So, the statement is false.

Rate this question:
13.

Which of the following malware is designed to replicate itself?
- A.
  
  Worm
- B.
  
  Virus
- C.
  
  Trojan horse
- D.
  
  SYN flood
Correct Answer(s)
A. Worm
B. Virus

Explanation
Both worms and viruses are designed to replicate themselves. Worms are standalone malicious programs that can spread across networks and computers without needing a host file or program. They typically exploit vulnerabilities in network protocols to self-replicate and spread. Viruses, on the other hand, are malicious code that attaches itself to a host file or program and replicates when the host file or program is executed. Both worms and viruses can cause significant damage by spreading rapidly and infecting multiple systems. Trojan horse and SYN flood, on the other hand, do not replicate themselves like worms and viruses do.

Rate this question:
14.

In a restrictive firewall policy, what is the starting point for developing a rule base?
- A.
  
  Allow all traffic
- B.
  
  Block all traffic except specified types
- C.
  
  Allow all traffic except specified types
- D.
  
  Block all traffic
Correct Answer
D. Block all traffic

Explanation
In a restrictive firewall policy, the starting point for developing a rule base is to initially block all traffic. This approach ensures that all incoming and outgoing traffic is denied by default, providing a higher level of security. By blocking all traffic, the administrator can then selectively allow only the specified types of traffic that are necessary for the network's operations, reducing the attack surface and minimizing potential vulnerabilities.

Rate this question:
15.

In an IDPS, specific indications of a possible attack are called _____________.
- A.
  
  Signatures
- B.
  
  Signals
- C.
  
  True positives
- D.
  
  Alerts
Correct Answer
A. Signatures

Explanation
In an IDPS, specific indications of a possible attack are called "signatures". Signatures are patterns or characteristics that are associated with known attacks or malicious activities. These signatures are used by the IDPS to detect and identify potential threats or attacks. By comparing network traffic or system behavior against a database of signatures, the IDPS can generate alerts or take appropriate actions to mitigate the attack.

Rate this question:
16.

What advantages does IPv6 have over IPv4 (Choose all that apply)
- A.
  
  IPv6 uses DHCP for its configuration settings
- B.
  
  IPv6 uses a 128-bit address space
- C.
  
  IPv4 cannot support IPsec
- D.
  
  IPv6 incorporates IPsec
Correct Answer(s)
B. IPv6 uses a 128-bit address space
D. IPv6 incorporates IPsec

Explanation
IPv6 has a 128-bit address space, which provides a significantly larger number of unique addresses compared to the 32-bit address space of IPv4. This allows for the allocation of more IP addresses and eliminates the issue of address exhaustion. Additionally, IPv6 incorporates IPsec, which provides built-in security features for authentication and encryption of network traffic. This enhances the overall security of IPv6 compared to IPv4, which does not have native support for IPsec.

Rate this question:
17.

A Class C address has a first octet decimal range of ____________ to ____________.
- A.
  
  172, 191
- B.
  
  191, 224
- C.
  
  192, 239
- D.
  
  192, 223
Correct Answer
D. 192, 223

Explanation
A Class C address has a first octet decimal range of 192 to 223.

Rate this question:
18.

Which of the following is a method of hiding internal host IP addresses? (Choose all that apply)
- A.
  
  Network Address Translation (NAT)
- B.
  
  Configuring the computer to insert a fake source IP address into outgoing messages
- C.
  
  Proxy servers
- D.
  
  Setting up software firewalls on all internal hosts
Correct Answer(s)
A. Network Address Translation (NAT)
C. Proxy servers

Explanation
Network Address Translation (NAT) is a method of hiding internal host IP addresses by translating them into a single public IP address. This allows multiple devices on a private network to share a single public IP address when communicating with external networks. Proxy servers also serve as a method of hiding internal host IP addresses by acting as an intermediary between the client and the server, masking the client's IP address. By using either NAT or proxy servers, organizations can enhance security and privacy by keeping internal IP addresses hidden from external networks.

Rate this question:
19.

The Class A address of 127.0.0.1 is used for which of the following?
- A.
  
  Broadcasting to all hosts on a subnet
- B.
  
  Testing the local TCP/IP software implementation
- C.
  
  Experimentation
- D.
  
  Testing the local NIC
Correct Answer
B. Testing the local TCP/IP software implementation

Explanation
The Class A address of 127.0.0.1, also known as the loopback address, is used for testing the local TCP/IP software implementation. This address allows a device to send network packets to itself, allowing for testing and troubleshooting of network protocols and software without the need for external network connectivity. It is commonly used by developers and network administrators to ensure that the TCP/IP stack on a device is functioning correctly.

Rate this question:
20.

Why is UDP considered unreliable?
- A.
  
  The header does not contain a checksum
- B.
  
  The data is transmitted in clear text
- C.
  
  It is connectionless
- D.
  
  Routers typically drop a large number of UDP packets
Correct Answer
C. It is connectionless

Explanation
UDP is considered unreliable because it is connectionless. Unlike TCP, which establishes a connection between sender and receiver before transmitting data, UDP simply sends data packets without any prior setup. This lack of connection means that UDP does not guarantee delivery or ensure that packets arrive in order. It also does not provide error checking or retransmission of lost packets. Therefore, UDP is often used for applications that prioritize speed and efficiency over reliability, such as streaming media or online gaming.

Rate this question:
21.

In CIDR notation, the IP address and subnet mask 191.9.205.22 255.255.192.0 are written as __________________.
- A.
  
  191.9.205.22/19
- B.
  
  191.9.205.22/18
- C.
  
  191.9.205.22/17
- D.
  
  191.9.205.22/16
Correct Answer
B. 191.9.205.22/18

Explanation
The given IP address and subnet mask in CIDR notation represent a network with a subnet mask of 255.255.192.0. This subnet mask has 18 bits set to 1, which means it has a prefix length of /18. Therefore, the correct representation of the IP address and subnet mask in CIDR notation is 191.9.205.22/18.

Rate this question:
22.

How do routers handle packets that are too large to pass through because of frame size limitations?
- A.
  
  Routers drop packets that are too large.
- B.
  
  Routers bounce packets back to the sender to be resized.
- C.
  
  Routers adjust their MTUs to accommodate the oversized packet.
- D.
  
  Routers break packets into smaller pieces called fragments.
Correct Answer
D. Routers break packets into smaller pieces called fragments.

Explanation
Routers break packets into smaller pieces called fragments to handle packets that are too large to pass through because of frame size limitations. This allows the router to transmit the packet in smaller chunks that can fit within the frame size limitations.

Rate this question:
23.

Which of the following is an IPv6 Protocol? (Choose all that apply)
- A.
  
  Multicast Listening Detection
- B.
  
  IGMPv6
- C.
  
  Multicast Listener Discovery
- D.
  
  Neighbor Discovery
Correct Answer(s)
C. Multicast Listener Discovery
D. Neighbor Discovery

Explanation
Multicast Listener Discovery and Neighbor Discovery are both IPv6 protocols. Multicast Listener Discovery is used by IPv6 hosts to discover and join multicast groups on a network, while Neighbor Discovery is used for address resolution and neighbor discovery functions in IPv6 networks.

Rate this question:
24.

A DNS server translates ________________ to _______________.
- A.
  
  Encrypted IP addresses, clear text
- B.
  
  IP addresses, MAC addresses
- C.
  
  FQDNs, IP addresses
- D.
  
  Static addresses, DHCP
Correct Answer
C. FQDNs, IP addresses

Explanation
A DNS server translates Fully Qualified Domain Names (FQDNs) to IP addresses. FQDNs are the complete domain names that include the top-level domain (TLD), domain name, and subdomain. IP addresses are unique numerical identifiers assigned to devices connected to a network. The DNS server acts as a directory that maps FQDNs to their corresponding IP addresses, allowing users to access websites and other resources using domain names instead of remembering the specific IP addresses associated with them.

Rate this question:
25.

Why is fragmentation considered a security risk?
- A.
  
  Fragments numbered 0 contain port information
- B.
  
  Fragments numbered 1 or higher are passed through filters
- C.
  
  Fragmented packets cannot be assembled
- D.
  
  Fragmentation is frequently used
Correct Answer
B. Fragments numbered 1 or higher are passed through filters

Explanation
Fragmentation is considered a security risk because fragments numbered 1 or higher are passed through filters. This means that the filtering mechanisms in place to detect and prevent malicious content or attacks may not be able to analyze the entire packet if it is fragmented. This can potentially allow attackers to bypass security measures and exploit vulnerabilities in the network. Therefore, fragmentation poses a risk to the overall security of the system.

Rate this question:
26.

Which of the following is used for one-to-many communication, in which a single host can send packets to a group of recipients?
- A.
  
  Multicast
- B.
  
  Unicast
- C.
  
  Anycast
- D.
  
  Netcast
Correct Answer
A. Multicast

Explanation
Multicast is used for one-to-many communication, where a single host can send packets to a group of recipients. Unlike unicast, where packets are sent to a specific recipient, multicast allows for efficient communication to multiple recipients simultaneously. Anycast is used for one-to-nearest communication, where packets are sent to the nearest available recipient. Netcast is not a commonly used term in networking.

Rate this question:
27.

The number of TCP segments that can be sent before an acknowledgement must be received is determined by the ______________.
- A.
  
  Sequence number
- B.
  
  Sliding window size
- C.
  
  Transmission rate
- D.
  
  Port number in use for the session
Correct Answer
B. Sliding window size

Explanation
The sliding window size determines the number of TCP segments that can be sent before an acknowledgement must be received. The sliding window is a mechanism used for flow control in TCP, allowing the sender to transmit multiple segments without waiting for each individual acknowledgement. The size of the sliding window determines the maximum number of unacknowledged segments that can be sent at a time. Once the window is full, the sender must wait for acknowledgements before sending more segments. Therefore, the sliding window size directly affects the number of TCP segments that can be sent before an acknowledgement is required.

Rate this question:
28.

When one host wants to initiate a TCP session with another host, it sends a packet with the _______ flag set.
- A.
  
  SYN
- B.
  
  ACK
- C.
  
  RST
- D.
  
  FIN
Correct Answer
A. SYN

Explanation
When one host wants to initiate a TCP session with another host, it sends a packet with the SYN flag set. The SYN flag is used in the TCP three-way handshake process to establish a connection between two hosts. The sending host sets the SYN flag to indicate that it wants to synchronize sequence numbers with the receiving host. The receiving host will then respond with a packet containing the SYN-ACK flags set, indicating that it acknowledges the synchronization request and is ready to establish the connection.

Rate this question:
29.

An ICMPv6 header is indicated by a Next Header Value of ____________.
- A.
  
  60
- B.
  
  54
- C.
  
  58
- D.
  
  22
Correct Answer
C. 58

Explanation
An ICMPv6 header is indicated by a Next Header Value of 58. ICMPv6 (Internet Control Message Protocol version 6) is a network protocol used for diagnostic and error reporting purposes in IPv6 networks. The Next Header field in the IPv6 header specifies the type of the next header following the IPv6 header. In this case, a value of 58 indicates that the next header is an ICMPv6 header.

Rate this question:
30.

Compressing the IPv6 address 1080:0:0:0:8:800:200C:417A results in which of the following?
- A.
  
  1080::8:8:::2::C:417A
- B.
  
  1080::8:800:200C:417A
- C.
  
  1080::8:8::::20:C:417A
- D.
  
  :1080::8:800:200C:417A
Correct Answer
B. 1080::8:800:200C:417A
31.

Security devices on a network process digital information, such as text files and Web pages, in the same way. However, which of the following pieces of information might they handle differently?
- A.
  
  Protocols
- B.
  
  TCP/IP Headers
- C.
  
  Attack signatures
- D.
  
  Port numbers
Correct Answer
B. TCP/IP Headers

Explanation
This is the answer that makes sense to me anyways.

Rate this question:
32.

In which of the following situations can CVE improve the coordination of intrusion information on a network?
- A.
  
  Attack signatures can be compared to lists of known attack signatures on the CVE Web site.
- B.
  
  Attack signatures can be compared to current network topology.
- C.
  
  Installing application patches can thwart a reported attack.
- D.
  
  Current network vulnerabilites can be used to generate application patches.
Correct Answer
A. Attack signatures can be compared to lists of known attack signatures on the CVE Web site.

Explanation
CVE (Common Vulnerabilities and Exposures) is a system that provides a standardized way to identify and categorize security vulnerabilities. By comparing attack signatures to lists of known attack signatures on the CVE Web site, organizations can identify if any of the attacks they are experiencing have been previously identified and categorized. This helps improve the coordination of intrusion information on a network by allowing organizations to quickly identify and respond to known attacks, potentially mitigating their impact and preventing further damage.

Rate this question:
33.

Which of the following can be included in a network traffic signature? (Choose all that apply.)
- A.
  
  Logon attempts
- B.
  
  Message digest
- C.
  
  TCP options
- D.
  
  Ethernet interface number
Correct Answer(s)
A. Logon attempts
C. TCP options

Explanation
A network traffic signature is a unique pattern or characteristic that can be used to identify specific types of network traffic. Logon attempts can be included in a network traffic signature as they can provide information about attempted unauthorized access to a network. TCP options can also be included as they provide additional information about the TCP connection, such as the maximum segment size or window scaling factor. However, message digest and Ethernet interface number are not typically included in a network traffic signature as they do not provide specific information about the type or behavior of the network traffic.

Rate this question:
34.

What is the name of an error-checking procedure that uses a formula to calculate a numeric value?
- A.
  
  Check string
- B.
  
  One-way hash
- C.
  
  Hexadecimal code
- D.
  
  Checksum
Correct Answer
D. Checksum

Explanation
A checksum is an error-checking procedure that uses a formula to calculate a numeric value. This value is then compared to a checksum value that is transmitted or stored along with the data. If the calculated checksum value matches the transmitted or stored checksum value, it suggests that the data is intact and error-free. This method is commonly used in data transmission and storage to ensure data integrity.

Rate this question:
35.

How do attackers use fragmentation to circumvent network defenses? (Choose all that apply.)
- A.
  
  Fragments are crafted to be too large or too small
- B.
  
  The initial packet is missing
- C.
  
  The fragments arrive too slowly
- D.
  
  The final fragment sent is less than 400 bytes long.
Correct Answer(s)
A. Fragments are crafted to be too large or too small
B. The initial packet is missing
C. The fragments arrive too slowly

Explanation
Attackers can use fragmentation to circumvent network defenses by crafting fragments that are either too large or too small. By doing so, they can exploit vulnerabilities in the network's fragmentation reassembly process, causing it to either discard or incorrectly reassemble the fragments. This can lead to the network defenses being bypassed and the attacker gaining unauthorized access. Additionally, attackers may intentionally remove the initial packet, which can disrupt the normal flow of data and potentially evade detection. Slowing down the arrival of fragments can also make it more difficult for network defenses to detect and respond to the attack.

Rate this question:
36.

Which of the following packets should never have a data payload?
- A.
  
  One with the SYN/ACK flags set
- B.
  
  One with the ACK flag set
- C.
  
  One with the SYN flag set
- D.
  
  One with the ACK/PSH flags set
Correct Answer
C. One with the SYN flag set

Explanation
A packet with the SYN flag set is used in the TCP three-way handshake to establish a connection between two devices. This packet is sent by the initiating device to the receiving device to request a connection. Since this packet is solely used for the purpose of initiating a connection and does not contain any actual data, it should never have a data payload.

Rate this question:
37.

Which of the following is not required for a single-packet attack? (Choose all that apply.)
- A.
  
  A source IP address
- B.
  
  A destination IP address
- C.
  
  An ICMP echo request
- D.
  
  An established connection
Correct Answer
D. An established connection

Explanation
A single-packet attack refers to a type of network attack where only one packet is sent to the target system. In this case, an established connection is not required because the attack is executed using a single packet, without the need for a pre-existing connection. The attacker can send the packet directly to the target system without any prior communication or connection establishment. The other options, such as a source IP address, a destination IP address, and an ICMP echo request, are typically required for network communication and are relevant in the context of a single-packet attack.

Rate this question:
38.

Which of the following is an example of a multiple packet attack?
- A.
  
  A fragment
- B.
  
  An ICMP flood
- C.
  
  A false Internet time stamp
- D.
  
  A packet with SYN/FIN/ACK flags set
Correct Answer
B. An ICMP flood

Explanation
An ICMP flood is an example of a multiple packet attack. ICMP (Internet Control Message Protocol) flood involves sending a large number of ICMP packets to a target network or device, overwhelming its resources and causing it to become unresponsive or crash. This type of attack is often used to disrupt network connectivity or launch a denial-of-service (DoS) attack. By flooding the target with ICMP packets, the attacker can consume its bandwidth and processing power, making it difficult for legitimate traffic to pass through.

Rate this question:
39.

What is the purpose of the 4-byte acknowledgement in a TCP header?
- A.
  
  It acknowledges receipt of the previous packet in the sequence.
- B.
  
  It acknowledges that a connection has been made.
- C.
  
  It verifies that the source and destination IP addresses are correct.
- D.
  
  It acknowledges the ID number the packet is using.
Correct Answer
A. It acknowledges receipt of the previous packet in the sequence.

Explanation
The purpose of the 4-byte acknowledgement in a TCP header is to acknowledge the receipt of the previous packet in the sequence. This acknowledgement is important in ensuring reliable and ordered delivery of data packets. By acknowledging the receipt of each packet, the sender can keep track of which packets have been successfully received by the receiver and retransmit any lost or corrupted packets if necessary. This helps to maintain the integrity and accuracy of the data transmission process.

Rate this question:
40.

Which of the following is the correct order in which TCP flags appear during the initiation of a normal connection?
- A.
  
  SYN, ACK, FIN, RST
- B.
  
  SYN, PSH, ACK, RST
- C.
  
  SYN, SYN/ACK, ACK
- D.
  
  SYN, PSH, ACK, FIN
Correct Answer
C. SYN, SYN/ACK, ACK

Explanation
During the initiation of a normal TCP connection, the first step is for the client to send a SYN (synchronize) packet to the server. The server then responds with a SYN/ACK (synchronize/acknowledge) packet, indicating that it received the SYN packet and is willing to establish a connection. Finally, the client sends an ACK (acknowledge) packet to confirm the receipt of the SYN/ACK packet and complete the three-way handshake. Therefore, the correct order of TCP flags during the initiation of a normal connection is SYN, SYN/ACK, ACK.

Rate this question:
41.

Which protocol uses one port number to establish a connection and a different port number to transfer data?
- A.
  
  TCP/IP
- B.
  
  FTP
- C.
  
  HTTP
- D.
  
  ICMP
Correct Answer
B. FTP

Explanation
FTP (File Transfer Protocol) uses one port number (port 21) to establish a connection between the client and server, and a different port number (port 20) to transfer the actual data. This is known as the "active mode" of FTP, where the client initiates the data connection to the server. The use of separate port numbers allows for better control and organization of the data transfer process.

Rate this question:
42.

Which of the following is an example of a reconnaissance traffic signature?
- A.
  
  Trojan program
- B.
  
  Ping sweep
- C.
  
  Denial of service
- D.
  
  Ping of Death
Correct Answer
B. Ping sweep

Explanation
A reconnaissance traffic signature refers to a type of network activity that is used to gather information about a target system or network. A ping sweep is an example of reconnaissance traffic signature as it involves sending a series of ICMP echo requests to multiple IP addresses to determine which ones are active and responsive. This allows an attacker to create a map of the network and identify potential targets for further exploitation.

Rate this question:
43.

Which program keeps track of services and ports made available through Remote Procedure Calls?
- A.
  
  Network Information System
- B.
  
  Network File System
- C.
  
  Network File Sharing
- D.
  
  Portmapper
Correct Answer
D. Portmapper

Explanation
The portmapper program keeps track of services and ports made available through Remote Procedure Calls (RPC). It acts as a mediator between the client and server, mapping the service request to the appropriate port number. By maintaining this information, the portmapper enables clients to easily locate and connect to the desired services on a remote system.

Rate this question:
44.

To avoid attacks that use advanced evasion techniques, such as path obfuscation, CGI scripts, and packet injection, you must do which of the following?
- A.
  
  Watch your log files closely
- B.
  
  Install additional IDPS sensors
- C.
  
  Keep your anti-adware software updated
- D.
  
  Keep your IDPS signature files updated.
Correct Answer(s)
A. Watch your log files closely
D. Keep your IDPS signature files updated.

Explanation
To avoid attacks that use advanced evasion techniques, it is important to watch your log files closely. By monitoring the log files, you can identify any suspicious activities or patterns that may indicate an attack. Additionally, keeping your IDPS (Intrusion Detection and Prevention System) signature files updated is crucial. These signature files contain information about known attack patterns, allowing the IDPS to detect and prevent such attacks. Regularly updating these files ensures that your IDPS can effectively identify and block new and emerging threats.

Rate this question:
45.

Which of the following features distinguishes IPv6 from IPv4?
- A.
  
  IPv6 fragmentation occurs on IPv6-compliant routers
- B.
  
  IPv4 is unfragmentable
- C.
  
  IPv6 fragmentation occurs only at the source node
- D.
  
  IPv6 maximum fragment size is larger than its IPv6 counterpart
Correct Answer
C. IPv6 fragmentation occurs only at the source node

Explanation
IPv6 fragmentation occurs only at the source node, which means that if a packet is too large to be transmitted across a network, it is the responsibility of the source node to fragment it into smaller packets before sending them. In IPv4, fragmentation can occur at any router along the path of the packet. Additionally, IPv6 has a larger maximum fragment size compared to IPv4, allowing for more efficient transmission of larger packets.

Rate this question:
46.

Which of the following is used as a cryptographic primitive? (Choose all that apply.)
- A.
  
  Pseudorandom number generators
- B.
  
  Hashing functions
- C.
  
  Feistel networks
- D.
  
  Side channels
Correct Answer(s)
A. Pseudorandom number generators
B. Hashing functions
C. Feistel networks

Explanation
Pseudorandom number generators, hashing functions, and Feistel networks are all used as cryptographic primitives. Pseudorandom number generators are used to generate random-like numbers for encryption algorithms. Hashing functions are used to transform data into a fixed-size string of characters, commonly used for data integrity verification. Feistel networks are used in block cipher designs to provide confusion and diffusion properties. Side channels, on the other hand, are not cryptographic primitives but rather unintended channels that leak information about the secret key.

Rate this question:
47.

What is the block size in the AES implementation of Rijndael?
- A.
  
  128 or 256 bits
- B.
  
  128, 192, or 256 bits
- C.
  
  Variable
- D.
  
  128 bits
Correct Answer
B. 128, 192, or 256 bits

Explanation
The block size in the AES implementation of Rijndael can be either 128, 192, or 256 bits. This means that the data being encrypted is divided into blocks of either 128, 192, or 256 bits in size before being processed by the AES algorithm. The flexibility in block size allows for different levels of security and performance depending on the specific requirements of the application.

Rate this question:
48.

Which of the following issues public and private key pairs?
- A.
  
  Certificate publisher
- B.
  
  Certification authority
- C.
  
  Certificate revocation list
- D.
  
  Certificate store
Correct Answer
B. Certification authority

Explanation
A certification authority is responsible for issuing and managing public and private key pairs. They verify the identity of individuals or organizations requesting certificates and then generate the corresponding key pairs. These key pairs are used for encryption and digital signatures, ensuring secure communication and authentication in various systems and applications. The certification authority plays a crucial role in establishing trust and maintaining the security of digital certificates.

Rate this question:
49.

Which of the following is used to check whether a certificate is still valid?
- A.
  
  Certificate revocation list
- B.
  
  Certification authority
- C.
  
  Certificate publisher
- D.
  
  Registration authority
Correct Answer
A. Certificate revocation list

Explanation
A certificate revocation list (CRL) is used to check whether a certificate is still valid. It is a list maintained by a certification authority (CA) that contains the serial numbers of certificates that have been revoked or are no longer trusted. When a certificate is revoked, it means that it is no longer considered valid and should not be trusted for authentication or encryption purposes. By checking the CRL, users can verify the status of a certificate and ensure its validity before relying on it for secure communication.

Rate this question:
50.

Which of the following is a symmetric algorithm that is not considered safe for encryption use?
- A.
  
  AES
- B.
  
  Diffie-Hellman
- C.
  
  DES
- D.
  
  RSA
Correct Answer
C. DES

Explanation
DES (Data Encryption Standard) is a symmetric algorithm that is not considered safe for encryption use due to its short key length of 56 bits, which can be easily brute-forced in modern computing environments. It has been replaced by more secure algorithms like AES (Advanced Encryption Standard). Diffie-Hellman is a key exchange algorithm, RSA is an asymmetric encryption algorithm, and AES is a symmetric encryption algorithm that is considered safe for encryption use.

Rate this question:

Network Security Trivia Quiz Questions! Trivia

Most network threats originate from which of the following?

What are some of the reasons for network attacks?

The capability to prevent one participant in an electronic transaction from denying that it performed an action is called ____________.

Servers with outside access to the public should be located on __________. (Choose all that apply)

Packet filters can block or allow transmission of packets based on which of the following criteria? (Choose all that apply)

An attacker who causes harm to systems in support of some principle is categorized as which of the following?

An IP address combined with a TCP/IP port number is called which of the following?

Firewall enforcement of policies is handled primarily through setting up packet-filtering rules, a set of which is contained in the _____________.

Name four goals of network security

An uninterruptible power supply is a component of _____________ security.

The Stuxnet worm was designed to ____________>

A packet filtering device evaluates data in the payload and compares it with a predefined set of rules.

Which of the following malware is designed to replicate itself?

In a restrictive firewall policy, what is the starting point for developing a rule base?

In an IDPS, specific indications of a possible attack are called _____________.

What advantages does IPv6 have over IPv4 (Choose all that apply)

A Class C address has a first octet decimal range of ____________ to ____________.

Which of the following is a method of hiding internal host IP addresses? (Choose all that apply)

The Class A address of 127.0.0.1 is used for which of the following?

Why is UDP considered unreliable?

In CIDR notation, the IP address and subnet mask 191.9.205.22 255.255.192.0 are written as __________________.

How do routers handle packets that are too large to pass through because of frame size limitations?

Which of the following is an IPv6 Protocol? (Choose all that apply)

A DNS server translates ________________ to _______________.

Why is fragmentation considered a security risk?

Which of the following is used for one-to-many communication, in which a single host can send packets to a group of recipients?

The number of TCP segments that can be sent before an acknowledgement must be received is determined by the ______________.

When one host wants to initiate a TCP session with another host, it sends a packet with the _______ flag set.

An ICMPv6 header is indicated by a Next Header Value of ____________.

Compressing the IPv6 address 1080:0:0:0:8:800:200C:417A results in which of the following?

Security devices on a network process digital information, such as text files and Web pages, in the same way. However, which of the following pieces of information might they handle differently?

In which of the following situations can CVE improve the coordination of intrusion information on a network?

Which of the following can be included in a network traffic signature? (Choose all that apply.)

What is the name of an error-checking procedure that uses a formula to calculate a numeric value?

How do attackers use fragmentation to circumvent network defenses? (Choose all that apply.)

Which of the following packets should never have a data payload?

Which of the following is not required for a single-packet attack? (Choose all that apply.)

Which of the following is an example of a multiple packet attack?

What is the purpose of the 4-byte acknowledgement in a TCP header?

Which of the following is the correct order in which TCP flags appear during the initiation of a normal connection?

Which protocol uses one port number to establish a connection and a different port number to transfer data?

Which of the following is an example of a reconnaissance traffic signature?

Which program keeps track of services and ports made available through Remote Procedure Calls?

To avoid attacks that use advanced evasion techniques, such as path obfuscation, CGI scripts, and packet injection, you must do which of the following?

Which of the following features distinguishes IPv6 from IPv4?

Which of the following is used as a cryptographic primitive? (Choose all that apply.)

What is the block size in the AES implementation of Rijndael?

Which of the following issues public and private key pairs?

Which of the following is used to check whether a certificate is still valid?

Which of the following is a symmetric algorithm that is not considered safe for encryption use?

A Class C address has a first octet decimal range of to .

A DNS server translates __ to _.