Introduction to Network Security Practice Questions
Course Introduction
Introduction to Network Security provides students with a foundational understanding of the principles and practices essential to protecting computer networks from threats and vulnerabilities. The course covers key concepts such as authentication, encryption, firewalls, intrusion detection systems, and security policies. Students will explore various types of cyberattacks and learn strategies to mitigate risks in wired and wireless networks. Through a combination of theoretical frameworks and hands-on activities, this course equips learners with the practical skills necessary to identify, analyze, and respond to common network security challenges in contemporary digital environments.
Recommended Textbook
CompTIA Security+ Guide to Network Security Fundamentals 5th Edition by Mark Ciampa
Available Study Resources on Quizplus
15 Chapters
750 Verified Questions
750 Flashcards
Source URL: https://quizplus.com/study-set/3831 Page 2
Chapter 1: Introduction to Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76425
Sample Questions
Q1) The demand for certified IT professionals who know how to secure networks and computers is at an all-time low.
A)True
B)False
Answer: False
Q2) An example of a(n) ____________________ that information security must deal with is a software defect in an operating system that allows an unauthorized user to gain access to a computer without the user's knowledge or permission. Match the following terms to the appropriate definitions.
a.asset
b.cyberterrorism
c.hactivist
d.exploit kit
e.computer spy
Answer: vulnerability
Q3) A security administrator has both technical knowledge and managerial skills. A)True
B)False
Answer: True
To view all questions and flashcards with answers, click on the resource link above.
Page 3
Chapter 2: Malware and Social Engineering Attacks
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76418
Sample Questions
Q1) What is a backdoor and what is it used for?
Answer: A backdoor gives access to a computer, program, or service that circumvents any normal security protections. Backdoors that are installed on a computer allow th attacker to return at a later time and bypass security settings.
Q2) A virus that infects an executable program file is known as?
A)macro virus
B)program virus
C)companion virus
D)boot sector virus
Answer: B
Q3) What are botnets?
Answer: Botnets are collections of thousands or even hundreds of thousands of zombie computers are gathered into a logical computer network under the control of an attacker, or bot herder.
Q4) Due to the prevalence of text filters for filtering spam, how have spammers modified their attacks?
Answer: Spammers have turned to image spam, which uses graphical images of text in order to circumvent text-based filters.
To view all questions and flashcards with answers, click on the resource link above.
4
Chapter 3: Application and Networking-Based Attacks
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76417
Sample Questions
Q1) Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
A)True
B)False
Answer: True
Q2) An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer
A)Address Resolution Protocol (ARP)
B)ARP Poisoning
C)Buffer overflow attack
D)Command injection
E)Cross-site scripting (XSS)
F)DNS poisoning
G)Flash cookie
H)Ping flood
I) Session token
J) Smurf attack
Answer: C
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Host, Application, and Data Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76416
Sample Questions
Q1) DLP agent sensors are unable to read inside compressed files and binary files.
A)True
B)False
Q2) What type of filtering utilizes a an analysis of the content of spam messages in comparison to neutral / non-spam messages in order to make intelligent decisions as to what should be considered spam?
A)Blacklist filtering
B)Whitelist filtering
C)Bayesian filtering
D)Extension filtering
Q3) ____________________ security is the physical security that specifically involves protecting the hardware of the host system, particularly portable laptops, netbooks, and tablet computers that can easily be stolen.
Q4) What are the five steps that can be used to ensure the security of an OS?
Q5) What can be a time consuming drawback to the use of traditional ID badges? How can this issue be avoided?
Q6) Explain how tailgate sensors work.
Q7) Describe a mantrap.
Q8) What are the three states of data that DLP typically examines?
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Basic Cryptography
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76415
Sample Questions
Q1) Which of the following is not one of the functions of a digital signature?
A)Verification of the sender
B)Prevention of the sender from disowning the message
C)Prove the integrity of the message
D)Protect the public key
Q2) A Hardware Security Module (HSM) is essentially a chip on the motherboard of the computer that provides cryptographic services.
A)True
B)False
Q3) Steganography hides the existence of data within images by dividing and hiding portions of a file within the image.
A)True
B)False
Q4) If using the MD5 hashing algorithm, what is the length to which each message is padded?
A)32 bits
B)64 bits
C)128 bits
D)512 bits
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Advanced Cryptography
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76414
Sample Questions
Q1) Why is IPsec considered to be a transparent security protocol?
A)IPsec packets can be viewed by anyone
B)IPsec is designed to not require modifications of programs, or additional training, or additional client setup
C)IPsec's design and packet header contents are open sourced technologies
D)IPsec uses the Transparent Encryption (TE) algorithm
Q2) Select below the secure alternative to the telnet protocol:
A)HTTPS
B)TLS
C)IPsec
D)SSH
Q3) List and describe the entities for which IPsec is transparent.
Q4) Because of the limitations of a hierarchical trust model, what type of trust model is used for CAs on the Internet?
A)third-party trust
B)related trust
C)managed trust
D)distributed trust
Q5) List the three PKI trust models that use a CA.
Q6) List three general duties of a CA.
Page 8
To view all questions and flashcards with answers, click on the resource link above.
Chapter 7: Network Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76413
Sample Questions
Q1) What type of monitoring compares network traffic, activities, transactions, or behavior against a database of known attack patterns?
A)Application
B)Protocol
C)Packet
D)Signature
Q2) The standard TCP/IP protocol uses IP addresses which are how many bytes in length?
A)4
B)8
C)16
D)32
Q3) When a private network uses a single public IP address, and each outgoing TCP packet uses a different port to allow for proper translation, what networking technology is in use?
A)PAT
B)PNAT
C)NAPT
D)NAT
Q4) Discuss the two advantages that NAT provides.
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Administering a Secure Network
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76412
Sample Questions
Q1) Which layer of the OSI model contains TCP protocol, which is used for establishing connections and reliable data transport between devices?
A)Application Layer
B)Presentation Layer
C)Network Layer
D)Transport Layer
Q2) The deployment of this technology below can be used as a defense against DoS and DDoS SYN flood attacks:
A)flood guard
B)protocol guard
C)link guard
D)frame guard
Q3) Broadcast storms can be prevented by using loop prevention technology. Which item below can be used to help prevent loops?
A)Virtual trunking protocol
B)Dijkstra's algorithm
C)802.11x
D)802.1d
Q4) What are the four fields contained within an ICMP message?
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Wireless Network Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76411
Sample Questions
Q1) Identify and describe two types of wireless probes.
Q2) Explain why it is important to be able to control the power level at which the WLAN transmits.
Q3) The second generation of WPA security from the Wi-Fi Alliance that addresses authentication and encryption on WLANs and is currently the most secure model for Wi-Fi security.
A)Bluejacking
B)Bluesnarfing
C)Initialization vector (IV)
D)Near field communication (NFC)
E)Preshared key (PSK)
F)RF Jamming
G)War driving
H)Wi-Fi Protected Setup (WPS)
I)Wi-Fi Protected Access 2 (WPA 2)
J)Wired Equivalent Privacy (WEP)
Q4) Describe a piconet.
Q5) If the EAP authentication is successful, a success packet is sent to the
Page 11
Q6) What are the four types of packets used by EAP?
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Mobile Device Security
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76424
Sample Questions
Q1) An ultrabook is an example of what type of a portable computer?
A)Laptop
B)Netbook
C)Subnotebook
D)Tablet
Q2) The Google Android mobile operating system is a proprietary system, for use on only approved devices.
A)True
B)False
Q3) Maintaining an accurate record of company-owned mobile devices
A)Asset tracking
B)Geo-fencing
C)Geo-tagging
D)Location services
E)Lock screen
F)Mobile application management (MAM)
G)Off-boarding
H)On-boarding
I)Remote wiping
J) Secure digital (SD)
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Access Control Fundamentals
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76423
Sample Questions
Q1) The capability to look up information by name under the X.500 standard is known as a(n) ____________________-pages service.
Q2) Describe the two key elements of the MAC model.
Q3) During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
A)accounting request
B)access request
C)verification request
D)authentication request
Q4) ____________________ is granting or denying approval to use specific resources.
a.Account expiration
b.Discretionary access control (DAC)
c.Extended TACACS (XTACACS)
d.Job rotation
e.LDAP injection attack
Q5) Describe how Kerberos works.
Q6) List two of the most common types of authentication and AA servers.
Q7) Describe LDAP injection attacks.
13
To view all questions and flashcards with answers, click on the resource link above.
Chapter 12: Authentication and Account Management
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76422
Sample Questions
Q1) What type of one-time password (OTP) changes after a set time period?
A)HMAC-Based one-time password (HOTP)
B)Period-based one-time password (POTP)
C)Time-based one-time password (TOTP)
D)Interval-based one-time password (IOTP)
Q2) Using a rainbow table to crack a password requires three steps: Creation of the table, comparing the table to known hash values, and decrypting the password.
A)True
B)False
Q3) ____________________ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
Q4) A(n) ____________________ attack begins with the attacker creating encrypted versions of common dictionary words, and then comparing them against those in a stolen password file.
Q5) List and describe two of the common password setting objects.
Q6) In most systems, a user logging in would be asked to ____________________ herself.
Q7) Explain why the LAN Manager (LM) hash is vulnerable.
Q8) Discuss the weaknesses of OpenID.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Business Continuity
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76421
Sample Questions
Q1) ____________________ is data about data.
Q2) Duplicate image backups are considered a primary key to uncovering evidence because they create exact replicas of the crime scene.
A)True
B)False
Q3) The process of identifying exposure to threats, creating preventive and recovery procedures, and then testing them to determine if they are sufficient, is known as:
A)Business continuity planning and testing
B)Disaster planning
C)Business management planning and testing
D)Enterprise disaster planning
Q4) Explain how to best capture volatile data.
Q5) A metallic enclosure that prevents the entry or escape of an electromagnetic field is known as a:
A)bollard
B)mantrap
C)Faraday cage
D)Newton cage
Q6) What are the steps in damage control?
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: Risk Mitigation
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76420
Sample Questions
Q1) What concept below is at the very heart of information security?
A)threat
B)mitigation
C)risk
D)management
Q2) What are the typical classification designations of government documents?
Q3) Which roles should be represented on the security policy development team?
Q4) An event that does not appear to be a risk but actually turns out to be one.
A)Acceptable use policy (AUP)
B)Change management
C)False negative
D)False positive
E)Operational risk control type
F)Privacy policy
G)Technical risk control type
H)Peer-to peer network
I)Single Loss Expectancy (SLE)
J)Incident management
Q5) Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 15: Vulnerability Assessment and Third Party Integration
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/76419
Sample Questions
Q1) In a __________ test, the tester has no prior knowledge of the network infrastructure that is being tested.
Q2) When using a black box test, many testers use ____________________ tricks to learn about the network infrastructure from inside employees.
Q3) A healthy security posture results from a sound and workable strategy toward managing risks.
A)True
B)False
Q4) A port scanner can be used to search a system for port vulnerabilities. The RADMIN port scanner is an example of this type of software.
A)True
B)False
Q5) What term below describes a prearranged purchase or sale agreement between a government agency and a business?
A)Service Level Agreement (SLA)
B)Memorandum of Understanding (MOU)
C)Blanket Purchase Agreement (BPA)
D)Interconnection Security Agreement (ISA)
To view all questions and flashcards with answers, click on the resource link above. Page 17