Security + Practice Test Questions

1. Which of the following BEST describes ARP? Answer: C

Discovering the IP address of a device from the MAC address

Discovering the IP address of a device from the DNS name

Discovering the MAC address of a device from the IP address

Discovering the DNS name of a device from the IP address

ARP (Address Resolution Protocol) is a network protocol used to discover the MAC address of a device from its IP address. It is commonly used in Ethernet networks to map an IP address to a corresponding MAC address. By sending an ARP request, a device can determine the MAC address of another device on the same network, allowing for communication between them. Therefore, the given answer (C) accurately describes ARP.

Explanation

ARP (Address Resolution Protocol) is a network protocol used to discover the MAC address of a device from its IP address. It is commonly used in Ethernet networks to map an IP address to a corresponding MAC address. By sending an ARP request, a device can determine the MAC address of another device on the same network, allowing for communication between them. Therefore, the given answer (C) accurately describes ARP.

2. When should a technician perform penetration testing?

When the technician suspects that weak passwords exist on the network

When the technician is trying to guess passwords on a network

When the technician has permission from the owner of the network

When the technician is war driving and trying to gain access

Penetration testing involves actively assessing the security of a network by attempting to exploit vulnerabilities. It is crucial that the technician obtains permission from the owner of the network before conducting penetration testing. This ensures that the testing is done legally and ethically, without causing any harm or disruption to the network. Without proper authorization, penetration testing can be considered illegal and can lead to severe consequences. Therefore, it is important for the technician to have permission from the network owner before performing penetration testing.

Explanation

Penetration testing involves actively assessing the security of a network by attempting to exploit vulnerabilities. It is crucial that the technician obtains permission from the owner of the network before conducting penetration testing. This ensures that the testing is done legally and ethically, without causing any harm or disruption to the network. Without proper authorization, penetration testing can be considered illegal and can lead to severe consequences. Therefore, it is important for the technician to have permission from the network owner before performing penetration testing.

3. All of the following provide confidentiality protection as part of the underlying protocol EXCEPT:

SSL.

SSH.

L2TP.

IPSec

L2TP does not provide confidentiality protection as part of the underlying protocol. SSL, SSH, and IPSec all have mechanisms in place to ensure confidentiality of data being transmitted.

Explanation

L2TP does not provide confidentiality protection as part of the underlying protocol. SSL, SSH, and IPSec all have mechanisms in place to ensure confidentiality of data being transmitted.

4. How should a company test the integrity of its backup data?

By conducting another backup

By using software to recover deleted files

By restoring part of the backup

By reviewing the written procedures

To test the integrity of its backup data, a company should restore part of the backup. This involves actually retrieving and restoring a portion of the backup data to ensure that it is accessible and usable. By doing so, the company can verify that the backup process is working correctly and that the data can be successfully recovered in the event of a disaster or data loss. This method provides a practical and hands-on approach to validate the integrity of the backup data.

Explanation

To test the integrity of its backup data, a company should restore part of the backup. This involves actually retrieving and restoring a portion of the backup data to ensure that it is accessible and usable. By doing so, the company can verify that the backup process is working correctly and that the data can be successfully recovered in the event of a disaster or data loss. This method provides a practical and hands-on approach to validate the integrity of the backup data.

5. Which of following can BEST be used to determine the topology of a network and discover unknown devices?

Vulnerability scanner

NIPS

Protocol analyzer

Network mapper

A network mapper is a tool that can be used to determine the topology of a network and discover unknown devices. It scans the network, identifies devices, and maps out the connections between them. By analyzing the network infrastructure, a network mapper can provide information about the layout, structure, and relationships of devices within the network. This can help in identifying any unauthorized or unknown devices that may be connected to the network, allowing for better network security and management.

Explanation

A network mapper is a tool that can be used to determine the topology of a network and discover unknown devices. It scans the network, identifies devices, and maps out the connections between them. By analyzing the network infrastructure, a network mapper can provide information about the layout, structure, and relationships of devices within the network. This can help in identifying any unauthorized or unknown devices that may be connected to the network, allowing for better network security and management.

6. Which of the following type of attacks would allow an attacker to capture HTTP requests and send back a spoofed page?

Teardrop

TCP/IP hijacking

Phishing

Replay

TCP/IP hijacking refers to the act of intercepting and manipulating TCP/IP packets in a network communication. In this type of attack, an attacker can capture HTTP requests and send back a spoofed page by gaining unauthorized access to the TCP/IP connection between the client and the server. This allows the attacker to manipulate the data being sent and received, redirecting the client to a fraudulent website that appears legitimate. Phishing, on the other hand, involves tricking users into providing sensitive information through fraudulent websites or emails, but it does not necessarily involve capturing and manipulating HTTP requests.

Explanation

TCP/IP hijacking refers to the act of intercepting and manipulating TCP/IP packets in a network communication. In this type of attack, an attacker can capture HTTP requests and send back a spoofed page by gaining unauthorized access to the TCP/IP connection between the client and the server. This allows the attacker to manipulate the data being sent and received, redirecting the client to a fraudulent website that appears legitimate. Phishing, on the other hand, involves tricking users into providing sensitive information through fraudulent websites or emails, but it does not necessarily involve capturing and manipulating HTTP requests.

7. Which of the following allows an attacker to manipulate files by using the least significant bit(s) to secretly embed data?

Steganography

Worm

Trojan horse

Virus

Steganography is the correct answer because it is a technique that allows an attacker to hide data within other files, such as images or audio, by manipulating the least significant bits. This allows the attacker to secretly embed data without raising suspicion. Unlike worms, Trojan horses, and viruses, which are malicious software that can cause harm to a computer system, steganography focuses on hiding data rather than directly causing damage.

Explanation

Steganography is the correct answer because it is a technique that allows an attacker to hide data within other files, such as images or audio, by manipulating the least significant bits. This allows the attacker to secretly embed data without raising suspicion. Unlike worms, Trojan horses, and viruses, which are malicious software that can cause harm to a computer system, steganography focuses on hiding data rather than directly causing damage.

8. An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the server’s public IP address is now reported in a spam real-time block list. Which of the following is wrong with the server?

SMTP open relaying is enabled.

It does not have a spam filter.

The amount of sessions needs to be limited.

The public IP address is incorrect.

The server is being reported in a spam real-time block list because SMTP open relaying is enabled. SMTP open relaying allows anyone to use the server to send emails, making it a target for spammers. This can lead to the server's IP address being blacklisted by spam filters. To prevent this, the administrator should disable SMTP open relaying and implement a spam filter to block unwanted emails.

Explanation

The server is being reported in a spam real-time block list because SMTP open relaying is enabled. SMTP open relaying allows anyone to use the server to send emails, making it a target for spammers. This can lead to the server's IP address being blacklisted by spam filters. To prevent this, the administrator should disable SMTP open relaying and implement a spam filter to block unwanted emails.

9. Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points?

Rogue access points

Wardriving

Weak encryption

Session hijacking

Disabling the SSID broadcast of wireless access points is a reason why a company should do so because it helps prevent unauthorized individuals from easily identifying and connecting to the company's network. Wardriving is a technique used by hackers to search for and exploit vulnerable wireless networks, and by disabling the SSID broadcast, the company can make their network less visible and harder to find for potential attackers.

Explanation

Disabling the SSID broadcast of wireless access points is a reason why a company should do so because it helps prevent unauthorized individuals from easily identifying and connecting to the company's network. Wardriving is a technique used by hackers to search for and exploit vulnerable wireless networks, and by disabling the SSID broadcast, the company can make their network less visible and harder to find for potential attackers.

10. Which of the following is MOST efficient for encrypting large amounts of data?

Hashing algorithms

Symmetric key algorithms

Asymmetric key algorithms

ECC algorithms

Symmetric key algorithms are the most efficient for encrypting large amounts of data because they use the same key for both encryption and decryption. This means that the encryption and decryption processes are faster compared to asymmetric key algorithms, which use different keys for encryption and decryption. Additionally, symmetric key algorithms are generally faster and require less computational power, making them more suitable for encrypting large volumes of data.

Explanation

Symmetric key algorithms are the most efficient for encrypting large amounts of data because they use the same key for both encryption and decryption. This means that the encryption and decryption processes are faster compared to asymmetric key algorithms, which use different keys for encryption and decryption. Additionally, symmetric key algorithms are generally faster and require less computational power, making them more suitable for encrypting large volumes of data.