CompTIA Securtiy+ Set10 A_3_1_Secure_Network_Design
While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN
Which of the following attack mechanisms can the attacker utilize to bypass the identified network security?
A consultant has been tasked to assess a client's network. The client reports frequent network outages. Upon
viewing the spanning tree configuration, the consultant notices that an old and slow performing edge switch on
the network has been elected to be the root bridge.
Which of the following explains this scenario?
A security administrator is adding a NAC requirement for all VPN users to ensure the connecting devices are
compliant with company policy. Which of the following items provides the HIGHEST assurance to meet this
A network administrator wants to ensure that users do not connect any unauthorized devices to the company
network. Each desk needs to connect a VoIP phone and computer.
Which of the following is the BEST way to accomplish this?
An organization has air gapped a critical system.
Which of the following BEST describes the type of attacks that are prevented by this security measure?
A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC
system in the datacenter presents several challenges, as the application vendor is no longer in business.
Which of the following secure network architecture concepts would BEST protect the other company servers if the
legacy server were to be exploited?
A network administrator needs to allocate a new network for the R&D1 group. The network must not be accessible
from the Internet regardless of the network firewall or other external misconfigurations. Which of the following
settings should the network administrator implement to accomplish this?
An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker
then user a function of the sniffer to push those packets back onto the network again, adding another $20 to the
gift card. This can be done many times.
Which of the following describes this type of attack?
A technician is auditing network security by connecting a laptop to open hardwired jacks within the facility to
verify they cannot connect. Which of the following is being tested?
Which of the following enables sniffing attacks against a switched network?
A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is
expected to accommodate at most 14 physical hosts.
Which of the following subnets would BEST meet the requirements?
While reviewing the wireless router, the systems administrator of a small business determines someone is
spoofing the MAC address of an authorized device. Given the table below:
Host IP Mac
pc1 192.168.1.20 00 1e 1b 43 21 b2
pc2 192.168.1.20 31 1c 3c 13 25 c4
pc3 192.168.1.20 20 a2 22 45 11 d2
unknown 192.168.1.20 12 44 b2 ff a1 22
Which of the following should be the administrator’s NEXT step to detect if there is a rogue system without
Which of the following BEST describes an attack where communications between two parties are intercepted and
forwarded to each party with neither party being aware of the interception and potential modification to the
Which of the following is the appropriate network structure used to protect servers and services that must be
provided to external clients without completely eliminating access for internal users?
A company is planning to build an internal website that allows for access to outside contractors and partners. A
majority of the content will only be to internal employees with the option to share.
Which of the following concepts is MOST appropriate?
Which of the following types of attack is being used when an attacker responds by sending the MAC address of the
attacking machine to resolve the MAC to IP address of a valid server?
A vice president at a manufacturing organization is concerned about desktops being connected to the network.
Employees need to log onto the desktop’s local account to verify that a product is being created within
specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to
A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before
the real system does, and he tricks the workstation into communicating with him. Which of the following BEST
describes what occurred?
A network administrator at a large organization is reviewing methods to improve the security of the wired LAN.
Any security improvement must be centrally managed and allow corporate-owned devices to have access to the
intranet but limit others to Internet access only. Which of the following should the administrator recommend?
After segmenting the network, the network manager wants to control the traffic between the segments. Which of
the following should the manager use to control the network traffic?
A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which
of the following should a security administrator implement to ensure the system cannot be reached from the
A security administrator is configuring a new network segment, which contains devices that will be accessed by
external users, such as web and FTP server. Which of the following represents the MOST secure way to configure
the new network segment?
Students at a residence hall are reporting Internet connectivity issues. The university's network administrator
configured the residence hall's network to provide public IP addresses to all connected devices, but many student
devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence
hall's network is correctly configured and contacts the security administrator for help. Which of the following
configurations should the security administrator suggest for implementation?
Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as
well as the impact on functionality at the same time?
An analyst receives an alert from the SIEM showing an IP address that does not belong to the assigned network
can be seen sending packets to the wrong gateway. Which of the following network devices is misconfigured and
which of the following should be done to remediate the issue?
A company is developing a new secure technology and requires computers being used for development to be
isolated. Which of the following should be implemented to provide the MOST secure environment?
An external attacker can modify the ARP cache of an internal computer. Which of the following types of attacks is
A network technician is designing a network for a small company. The network technician needs to implement an
email server and web server that will be accessed by both internal employees and external customers. Which of
the following would BEST secure the internal network and allow access to the needed servers?
Which of the following differentiates ARP poisoning from a MAC spoofing attack?
A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are
concerned about their existing data network interfering with the VoIP phone system. The core switches in the
existing data network are almost fully saturated.
Which of the following options will provide the best performance and availability for both the VoIP traffic, as well
as the traffic on the existing data network?
A security analyst has received several reports of an issue on an internal web application. Users state they are
having to provide their credentials twice to log in. The analyst checks with the application team and notes this is
not an expected behavior. After looking at several logs, the analyst decides to run some commands on the
gateway and obtains the following output:
internet adr physical address type
192.168.1.1 ff ec ab 00 aa 78 dynamic
192.168.1.5 ff 00 5e 48 00 fb dynamic
192.168.1.8 00 0c 29 1a e7 fa dynamic
192.168.1.10 fc 41 5e 48 00 ff dynamic
184.108.40.206 ff 00 5e 48 00 fb dynamic
Which of the following BEST describes the attack the company is experiencing?
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During
the troubleshooting process, the network administrator notices that the web gateway proxy on the local network
has signed all of the certificates on the local machine.
Which of the following describes the type of attack the proxy has been legitimately programmed to perform?
A security engineer is faced with competing requirements from the networking group and database
administrators. The database administrators would like ten application servers on the same subnet for ease of
administration, whereas the networking group would like to segment all applications from one another.
Which of the following should the security administrator do to rectify this issue?
A network administrator is creating a new network for an office. For security purposes, each department should
have its resources isolated from every other department, but be able to communicate back to central servers.
Which of the following architecture concepts would BEST accomplish this?