MemoCard lernen mit System

0300
While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN
access.

Which of the following attack mechanisms can the attacker utilize to bypass the identified network security?

Xmas attack
Pharming
MAC spoofing
ARP poisoning

0307
A consultant has been tasked to assess a client's network. The client reports frequent network outages. Upon
viewing the spanning tree configuration, the consultant notices that an old and slow performing edge switch on
the network has been elected to be the root bridge.

Which of the following explains this scenario?

The switch has the fastest uplink port
The switch has the lowest MAC address
The switch also serves as the DHCP server
The switch has spanning tree loop protection enabled

0993
A security administrator is adding a NAC requirement for all VPN users to ensure the connecting devices are
compliant with company policy. Which of the following items provides the HIGHEST assurance to meet this
requirement?

Implement a permanent agent.
Use an agentless implementation.
Install antivirus software.
Implement PKI.

0193
A network administrator wants to ensure that users do not connect any unauthorized devices to the company
network. Each desk needs to connect a VoIP phone and computer.

Which of the following is the BEST way to accomplish this?

Make users sign an Acceptable Use Agreement
Enable and configure port channels
Configure the phones on one VLAN, and computers on another
Enforce authentication for network devices

0727
An organization has air gapped a critical system.

Which of the following BEST describes the type of attacks that are prevented by this security measure?

Attacks that involve physical intrusion or theft
Attacks exploiting USB drives and removable media
Attacks that spy on leaked emanations or signals
Attacks from another local network segment

0651
A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC
system in the datacenter presents several challenges, as the application vendor is no longer in business.

Which of the following secure network architecture concepts would BEST protect the other company servers if the
legacy server were to be exploited?

Air gap
VLAN
Virtualization
Extranet

0449
A network administrator needs to allocate a new network for the R&D1 group. The network must not be accessible
from the Internet regardless of the network firewall or other external misconfigurations. Which of the following
settings should the network administrator implement to accomplish this?

Use NAT on the R&D network
Enable protected ports on the switch
Configure the OS default TTL to 1
Implement a router ACL

0258
An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker
then user a function of the sniffer to push those packets back onto the network again, adding another $20 to the
gift card. This can be done many times.

Which of the following describes this type of attack?

Cross-site scripting attack
Smurf attack
Replay attack
Buffer overflow attack
Integer overflow attack

1014
A technician is auditing network security by connecting a laptop to open hardwired jacks within the facility to
verify they cannot connect. Which of the following is being tested?

S/MIME
Port security
Secure IMAP
Layer 3 routing

0690
Which of the following enables sniffing attacks against a switched network?

ARP poisoning
SYN flooding
IGMP snooping
IP spoofing

0172
A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is
expected to accommodate at most 14 physical hosts.
Which of the following subnets would BEST meet the requirements?

192.168.0.16/28
192.168.1.50 255.255.25.240
192.168.0.16 255.25.255.248
192.168.2.32/27

0893
While reviewing the wireless router, the systems administrator of a small business determines someone is
spoofing the MAC address of an authorized device. Given the table below:

Host IP Mac

pc1 192.168.1.20 00 1e 1b 43 21 b2

pc2 192.168.1.20 31 1c 3c 13 25 c4

pc3 192.168.1.20 20 a2 22 45 11 d2

unknown 192.168.1.20 12 44 b2 ff a1 22

Which of the following should be the administrator’s NEXT step to detect if there is a rogue system without
impacting availability?

Physically check each system.
Deny Internet access to the “UNKNOWN” hostname.
Apply MAC filtering.
Conduct a ping sweep.

0277
Which of the following BEST describes an attack where communications between two parties are intercepted and
forwarded to each party with neither party being aware of the interception and potential modification to the
communications?

Transitive access
Spear phishing
Man-in-the-middle
URL hijacking

0342
Which of the following is the appropriate network structure used to protect servers and services that must be
provided to external clients without completely eliminating access for internal users?

NAC
DMZ
VLAN
Subnet

0637
A company is planning to build an internal website that allows for access to outside contractors and partners. A
majority of the content will only be to internal employees with the option to share.

Which of the following concepts is MOST appropriate?

Proxy
Extranet
DMZ
VPN

0945
Which of the following types of attack is being used when an attacker responds by sending the MAC address of the
attacking machine to resolve the MAC to IP address of a valid server?

Evil twin
Session hijacking
IP spoofing
ARP poisoning

0398
A vice president at a manufacturing organization is concerned about desktops being connected to the network.
Employees need to log onto the desktop’s local account to verify that a product is being created within
specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to
accomplish this?

Create a separate VLAN for the desktops.
Put the desktops in the DMZ.
Join the desktops to an ad-hoc network.
Air gap the desktops.

0144
A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before
the real system does, and he tricks the workstation into communicating with him. Which of the following BEST
describes what occurred?

The hacker used a pass-the-hash attack.
The hacker exploited importer key management.
The hacker used a race condition.
The hacker exploited a weak switch configuration.

0877
A network administrator at a large organization is reviewing methods to improve the security of the wired LAN.
Any security improvement must be centrally managed and allow corporate-owned devices to have access to the
intranet but limit others to Internet access only. Which of the following should the administrator recommend?

MAC address filtering with ACLs on the router
PAM for users account management
SSO to authenticate corporate users
802.1X utilizing the current PKI infrastructure

0914
After segmenting the network, the network manager wants to control the traffic between the segments. Which of
the following should the manager use to control the network traffic?

A VLAN
An ACL
A DMZ
A VPN

0949
A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which
of the following should a security administrator implement to ensure the system cannot be reached from the
Internet?

Air gap
VLAN
Firewall
NAT

0140
A security administrator is configuring a new network segment, which contains devices that will be accessed by
external users, such as web and FTP server. Which of the following represents the MOST secure way to configure
the new network segment?

The segment should be placed in the existing internal VLAN to allow internal traffic only.
The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic.
The segment should be placed on an intranet, and the firewall rules should be configured to allow external traffic.
The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.

0587
Students at a residence hall are reporting Internet connectivity issues. The university's network administrator
configured the residence hall's network to provide public IP addresses to all connected devices, but many student
devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence
hall's network is correctly configured and contacts the security administrator for help. Which of the following
configurations should the security administrator suggest for implementation?

Router ACLs
Flood guard
DHCP snooping
BPDU guard

0120
Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as
well as the impact on functionality at the same time?

Installing a software-based IPS on all devices
Enabling full disk encryption
Implementing a unique user PIN access function
Isolating the systems using VLANs

0453
An analyst receives an alert from the SIEM showing an IP address that does not belong to the assigned network
can be seen sending packets to the wrong gateway. Which of the following network devices is misconfigured and
which of the following should be done to remediate the issue?

Router; place the correct subnet on the interface
Switch; modify the access port to trunk port
Firewall; implement an ACL on the interface
Proxy; add the correct transparent interface

0062
A company is developing a new secure technology and requires computers being used for development to be
isolated. Which of the following should be implemented to provide the MOST secure environment?

A perimeter firewall and IDS
A bastion host
A honeypot residing in a DMZ
An air gapped computer network
An ad hoc network with NAT

0498
An external attacker can modify the ARP cache of an internal computer. Which of the following types of attacks is
described?

Spoofing
DNS poisoning
Client-side attack
Replay

0721
A network technician is designing a network for a small company. The network technician needs to implement an
email server and web server that will be accessed by both internal employees and external customers. Which of
the following would BEST secure the internal network and allow access to the needed servers?

Implementing a DMZ segment for the server.
Implementing a sandbox to contain the servers.
Implementing a site-to-site VPN for server access.
Implementing NAT addressing for the servers.

0648
Which of the following differentiates ARP poisoning from a MAC spoofing attack?

ARP poisoning overflows a switch's CAM table.
MAC spoofing can be performed across multiple routers.
ARP poisoning uses unsolicited ARP replies.
MAC spoofing uses DHCPOFFER/DHCPACK packets.

0327
A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are
concerned about their existing data network interfering with the VoIP phone system. The core switches in the
existing data network are almost fully saturated.

Which of the following options will provide the best performance and availability for both the VoIP traffic, as well
as the traffic on the existing data network?

Physically separate the VoIP phones from the data network
Implement flood guards on the data network
Put the VoIP network into a different VLAN than the existing data network
Upgrade the edge switches from 10/100/1000 to improve network speed

0948

A security analyst has received several reports of an issue on an internal web application. Users state they are
having to provide their credentials twice to log in. The analyst checks with the application team and notes this is
not an expected behavior. After looking at several logs, the analyst decides to run some commands on the
gateway and obtains the following output:

internet adr physical address type

192.168.1.1 ff ec ab 00 aa 78 dynamic

192.168.1.5 ff 00 5e 48 00 fb dynamic

192.168.1.8 00 0c 29 1a e7 fa dynamic

192.168.1.10 fc 41 5e 48 00 ff dynamic

224.215.54.47 ff 00 5e 48 00 fb dynamic

Which of the following BEST describes the attack the company is experiencing?

MAC flooding
URL redirection
ARP poisoning
DNS hijacking

0204
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During
the troubleshooting process, the network administrator notices that the web gateway proxy on the local network
has signed all of the certificates on the local machine.

Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

Replay
Transitive access
Spoofing
Man-in-the-middle

0200
A security engineer is faced with competing requirements from the networking group and database
administrators. The database administrators would like ten application servers on the same subnet for ease of
administration, whereas the networking group would like to segment all applications from one another.

Which of the following should the security administrator do to rectify this issue?

Recommend classifying each application into like security groups and segmenting the groups from one another
Recommend segmenting each application, as it is the most secure approach
Recommend that only applications with minimal security features should be segmented to protect them
Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability

0582
A network administrator is creating a new network for an office. For security purposes, each department should
have its resources isolated from every other department, but be able to communicate back to central servers.
Which of the following architecture concepts would BEST accomplish this?

Network segmentation
Air gapped network
Load balanced network
Network address translation

Flashcard Info

CompTIA Securtiy+ Set10 A_3_1_Secure_Network_Design