1. Which four (4) factors does a stateless firewall look at to determine if a packet should be allowed pass?
the source IP address
the destination port
the service or protocol used
the destination IP address
2. Can a single firewall conduct both a stateless and stateful inspection?
Yes, the stateless inspection is conducted first and then a stateful inspection is done.
3. True or False: An Intrusion Prevention System (IPS) is generally a passive device that listens to network traffic and alerts an administrator when a potential problem is detected?
False
4. Network Address Translation (NAT) typically conducts which of the following translations?
A private network IP address to a public network IP address and vice versa.
5. Which type of NAT routing allows one-to-one mapping between local and global addresses?
Static
6. Which network layer do IP addresses belong to?
The Network Layer
7. Which address assures a packet is delivered to a computer on a different network segment from the sender?
The IP Address
8. A network device that is capable of sending and receiving data at the same time is referred to as which of the following?
Full duplex
9. True or False: Collision avoidance protocols are critical to the smooth operation of modern networks.
False
10. Comparing bridges with switches, which are three (3) characteristics specific to a bridge?
End-user devices share bandwidth on each port.
Half-duplex transmission.
Virtual LANs are not possible.
11. True or False: Switches solved the problem of network loops and improved performance of multicast/broadcast traffic.
False
12. If a network server has four (4) network interface cards, how many MAC addresses will be associated with that server?
4
13. True or False: When you connect your laptop to a new network, a new IP address must be assigned, either automatically or manually.
True
15. What does the Address Resolution Protocol (ARP) do when it needs to send a message to a location that is outside its broadcast domain?
ARP sends the message to the MAC address of the default gateway.
Routing tables are maintained by which of the following devices?
On any network connected device.
16. What is the purpose of a default gateway?
It forwards messages coming from, or going to, external networks.
17. If a message is being sent to a computer that is identified in the computer’s routing table, what type of connection would be established?
Direct
18. What is meant by “stateless” packet inspection?
It is a packet-by-packet inspection with no awareness of previous packets.
19. True or False: An Intrusion Detection System (IDS) is generally a passive device that listens to network traffic and alerts an administrator when a potential problem is detected?
True
20. True or False: The primary difference between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) is that an IDS is designed as a passive system that listens and alerts while an IPS is an active system that is designed to take action when a problem is detected?
True
21. Which intrusion system does not add any delay to network traffic?
Intrusion Prevention System (IPS).
22. How does using Network Address Translation (NAT) provide an additional layer of security to your network?
By hiding the real IP addresses of all the devices on your private network and exposing only a single public IP address.
23. Which type of NAT routing maps unregistered IP addresses to a single registered IP address allowing thousands of users to be connected to the Internet using only a single global IP address?
Overload
24. Which network layer do MAC addresses belong to?
The Data Link Layer.
25. Which address assures a packet is delivered to a computer on the same network segment as the sender?
The MAC address.
26. A network device that cannot send and receive data at the same time is referred to as which of the following?
Half duplex
27. When a NIC reads a packet header and sees the destination address is not its own address, what does it do with the packet?
It discards the packet.
28. Comparing bridges with switches, which are three (3) characteristics specific to a switch?
Full-duplex transmission.
Virtual LANs are possible.
Each port is dedicated to a single device; bandwidth is not shared.
29. True or False: Switches can connect two geographically dispersed networks.
False
30. A network interface card’s MAC address is also known by which two (2) of the following ? (Select 2)
The physical address.
The burn address.
31. What is the main function of the Address Resolution Protocol (ARP)?
To translate a MAC address to an IP address and vice versa.
32. What does a router do when it needs to send a packet to an address that is not in its routing table?
It forwards the packet to the default gateway.
33. What happens to messages sent from a computer that has no gateway address specified?
Messages sent to other computers on the same subnet will be delivered but those destined to computers on other networks will not be delivered.
34. Which three (3) are types of routes found in a routing table?
Direct
Dynamic
Default
35. The binary (base 2) number “0101” is how much in decimal (base 10)?
5
36. The IP address range goes from 0.0.0.0 to 255.255.255.255 and is known as the “four octets”. Why are these 4 numbers called octets?
The number 255 in decimal takes up 8 digits in binary.
37. How many octets are used to define the network portion of the IP address in a Class C network?
3
38. True or False: A routable protocol is a protocol whose packets may leave your network, pass through your router, and be delivered to a remote network.
True
39. True or False: The destination address is defined in the packet header but the source address is in the packet footer.
False
40. Which network mask belongs to a Class A network?
255.0.0.0
41. IPv6 changes the IP address from a 32 bit address used in IPv4 to a 128 bit address. This results in which of the following?
Many billions of times as many possible IP addresses.
42. Which IPv4 addressing schema would you use to send a message to select group systems on the network?
Multicast
43. True or False: Utilities such as TFTP, DNS and SNMP utilize the UDP transport protocol.
True
43. True or False: The UDP transport protocol is faster than the TCP transport protocol.
True
44. Which four (4) of these are characteristic of the UDP transport protocol?
Unreliable
Unordered data; duplicates possible
Connectionless
No flow control
45. What is the primary function of DNS?
To translate domain names to IP addresses and vice versa.
46. How does a new endpoint know the address of the DHCP server?
The endpoint sends a DHCP Discover broadcast request to all endpoints on the local network.
47. Which Syslog layer contains the actual message contents?
Syslog Content
48. True or False: Setting the correct Syslog Severity Level on systems helps keep the Syslog server from being flooded by the millions of messages that could be generated by these systems.
True
49. True or False: The Syslog message typically includes the severity level, facility code, originator process ID, a time stamp, and the hostname or IP address of the originator device.
True
50. Why is port mirroring used?
To provide a stream of all data entering or leaving a specific port for debugging or analysis work.
51. What is the main difference between a Next Generation Firewall (NGFW) and a traditional firewall?
NGFW use sessions.
52. True or False: Unlike traditional stateful firewalls, next-generation firewalls drill into traffic to identify the applications traversing the network.
True
53 What are the two (2) primary methods used by Intrusion Prevention Systems (IPS) to discover an exploit?
Statistical anomaly-based detection.
Signature-based detection.
54. If your nontechnical manager told you that you must configure your traditional second-generation firewalls to block all users on your network from posting messages on Facebook from their office computers, how would you carry out this request?
You would have to block any IP addresses used by Facebook.
55. Which condition should apply in order to achieve effective clustering and failover among your firewalls?
All of the above.
56. How would you express 15 in binary (base 2)?
01111
57. How many octets are used to define the network portion of the IP address in a Class A network?
1
58. The device used to separate the network portion of an IP address from the host portion is called what?
The subnet mask.
59. The IP header contains a time-to-live (TTL) value. How is this value expressed?
The number of Layer 3 devices (hubs, routers, etc.) the packet is allowed to pass through before it is dropped.
60. Which is the host portion of this IP address 192.168.52.3/24?
3
61. Which network mask belongs to a Class C network?
255.255.255.0
62. Which IPv4 addressing schema would you use to send a message to all systems on the network?
Broadcast
63. Which three (3) of the following are legitimate IPv6 addressing schemas?
Unicast
Multicast
Anycast
64. True or False: Utilities such as TFTP, DNS and SNMP utilize the TCP transport protocol.
False
65. Which two (2) of these fields are included in a UDP header?
Destination Port
Source Port
66. Which four (4) of these are characteristic of the TCP transport protocol?
Flow control
Reliable
Ordered data; duplicate detection
Connection-oriented
67. How does an endpoint know the address of the DNS server?
ss
68. What is the primary function of DHCP?
To automatically assign IP addresses to systems.
69. Which Syslog layer handles the routing and storage of a Syslog message?
Syslog Application
70. Which of the following flow data are gathered by utilities such as NetFlow?
All of the above.
71. When a network interface card in operating in promiscuous mode, what action does it take?
The NIC sends all packets to the CPU for processing instead of only those packets indicated for its MAC address.
72. If a packet is allowed to pass through a NGFW based upon the established firewall rules and a new session is established, how does the NGFW treat the next packet it encounters from the same session?
Subsequent packets of the same session are automatically allowed.
73. If your nontechnical manager told you that you must configure your next generation firewalls (NGFW) to block all users on your network from posting messages on Facebook from their office computers, what would be the consequence of carrying out his order?
No serious consequence, application-level inspection and blocking can be configured.
74. Monitoring network traffic and comparing it against an established baseline for normal use is an example of which form of intrusion detection?
Signature-based detection
75. Which are three (3) characteristics of a highly available system?
Redundancy
Monitoring
Failover
76. True or False: If all of your organization’s data is centralized in a small number of data centers, than focusing security on perimiter defense is adequate to assure your data is safe.
False
77. Which two (2) of the following data source types are considered structured data?
Distributed databases
Data warehouses
78. Data that has not been organized into a specialized repository, but does have associated information, such as metadata that makes it more amenable to processing than raw data, is an example of which data model type?
Semi-structured data
79. How are the tables in a relational database linked together?
Through the use of primary and foreign keys.
80. In the video Securing the Crown Jewels, the “Identification and Baseline” phase contains which three (3) of the following items?
Discovery & Classification
Vulnerability Assessment
Entitlements Reporting
81. In the video Leveraging Security Industry Best Practices, which US Government agency is a co-publisher of the Database Security Requirements Guide (SRG)?
Department of Defense (DoD)
82. For added security, a firewall is often placed between which of these?
The database and the hardened data repository.
83. True or False: In a vulnerability assessment test, a new commercial database installed on a new instance of a major operating system should pass 80-90% of the vulnerability tests out-of-the-box unless there is a major flaw or breach.
False
84. Which of these hosting environments requires the enterprise to manage the largest number of different data sources?
On Premises
85. While data security is an ongoing process, what is the correct order to consider these steps?
Discover, Harden, Monitor & Protect, Repeat
86. In setting up policy rules for data monitoring, what is the purpose of “exclude” rules?
To exclude certain applications or safe activities from being logged.
87. True or False: Data monitoring products such as IBM Guardium can send access alerts to syslog for manual intervention by a security analyst but must be connected to addition applications if automated interventions are desired.
False
88. To created auditable reports of data access using the IBM Guardium product, the administrator would do which of the following?
Use the Audit Process Builder feature to automate the reporting process.
89. True or False: The IBM Guardium monitoring applications is capable of monitoring activities in non-relational databases such as Hadoop, Cognos, and Spark.
True
90. At a minimum, which 3 entities should be captured in any event log?
When the activity took place.
What activity took place.
Who or what committed the activity.
91. True of False: In the IBM Guardium data monitoring tool, the number of failed login attempts that would trigger an alert are always counted since the last successful login.
False
92. Which activity should be considered suspicious and might indicate inappropriate activity is being attempted?
Attempts are made to access data using nonstandard tools, such as MS Excel or MS Access, rather than through the application the data belongs to.
93. Which two (2) activities should be considered suspicious and warrant further investigation?
Use of an Application ID from a hostname that is different from what has been specified by the application owner.
Use of an Application ID from an IP that is different from what has been specified by the application owner.
Distributed databases, data warehouses, big data, and File shares are all classified as what?
Data source types
94. Hadoop, MongoDB, and BigTable are all examples of which data source type?
Big data databases
95. Data that has been organized into a formatted repository, typically a database, so its elements can be made addressable, is an example of which data model type?
Structured data
96. Which of the following is the primary difference between a flat file database and a relational database?
All the data in a flat file database is stored in a single table.
97. In the video Securing the Crown Jewels, the “Real-Time Monitor & Protection” phase contains which three (3) of the following items?
Activity Monitoring
Blocking & Quarantine
Dynamic Data Masking
98.In the video Leveraging Security Industry Best Practices, where would you turn to look for help on establishing security benchmarks for your database?
Center for Internet Security (CIS).
Most of the time, how do users access data?
Through an application.
99. True or False: In a vulnerability assessment test, it is not uncommon to fail more than 50% of the tests before the operating system and database are hardened.
True
100. What distinguishes structured data from unstructured data?
Structured data is data organized into a formatted repository, making it easily addressable, whereas unstructured data lacks any form of organization.
101. While data security is an ongoing process, what is the correct order to consider these steps?
Identification & Baseline,Real-time Monitor & Protection, Raise the Bar
102. To automatically terminate a session if an attempt is made to access data in a sensitive table, such as Social Security (SSN) ID numbers, you would set up which type of rule?
An Access rule.
103. True or False: Data monitoring products such as IBM Guarduim are fully capable of blocking access to sensitive data based upon access parameters configured in policy rules.
True
104. In which two (2) ways can security events collected by a data monitoring tool be logged to a security incident and event management (SIEM) system?
Configure the monitoring system to write to the SIEM systems syslog file.
Configure bidirectional communication between the monitoring and SIEM systems, if available.
105. True or False: Data monitoring tools such as IBM Guardium are designed to monitor activities within a database, but external products, such as a privileged identity management (PIM) tool would be required to monitor changes to the data monitoring tool itself, such as the addition of new users or the alteration of existing user accounts.
False
106. True or False: In the IBM Guardium data monitoring tool, it is possible to create a report that shows not only how many SQL unauthorized access attempts were made by an individual, but also exactly which SQL statements were disallowed.
True
107. Which activity should be considered suspicious and might indicate inappropriate activity is being attempted?
Attempts are made to SELECT lists of usernames and passwords by a non-administrator account.
108. Which two (2) activities should be considered suspicious and warrant further investigation?
The data monitoring logging system was manually shut down.
There were attempts to purge event logs.
109. Which operating system is susceptible to OS Command Injection attacks?
All operating systems are susceptible.
110. What is a possible impact of running commands thought OS shell interpreters such as sh, bash, cmd.exe and powershell.exe?
It makes it easier for a hacker to inject additional commands or arguments.
120. True or False: Safe coding practice avoides using OS commands when it can be avoided.
True
121. True or False: Safe coding practice always runs commands through a shell interpreter.
False
122. True or False: Safe coding practice uses library functions when running OS commands.
True
123. True or False: Safe coding practice uses blacklists and avoids the use of whitelists.
False
124. A hacker tailoring his actions based on the database errors the application displays is an example of which type of SQL Injection attack?
Error-based
125. True or False: Use of prepared statements is an effective mitigation against SQL Injection attacks because it seperates the query structure from the query parameters.
True
126. True or False: Native database errors should be hidden from the user to prevent hackers from gaining insight into the internal structure of your application.
True
127. True or False: The use of object-relational mapping (ORM) libraries is a dangerous practice that can help hackers conduct successful SQL Injection attacks.
False
128. What happens in a file inclusion attack?
An attacker uploads a file to a web application without proper validation.
129. How can you view a complete list of an application’s pages and subpages that OWASP ZAP indexed during a scan?
Expand Sites in the Tree window.
130. You and a team of developers are creating an application and collaborating on the project using a GitHub repository. You edited the code for one of the project’s files and committed your change. What should you do next?
Issue a pull request.
131. You just used Snyk to scan several GitHub repositories. One of the repositories is named itsarepo, and you’re especially interested in the results from scanning a file in that repository named buggycode.py. Where in Snyk could you find a detailed breakdown of this file’s vulnerabilities such as “Container is running without privilege escalation control”?
Projects > itsarepo > buggycode.yaml > Issues
132. Which vulnerability is being exploited in an OS Command Injection attack?
Poor user input sanitation and unsafe execution of OS commands.
133. What is a simple but effective way to protect against DLL hijacking?
Always use explicit paths to the commands or library applications.
134. True or False: Safe coding practice runs code with the least possible privilege.
True
135. True or False: Safe coding practice always specifies relative paths when running applications or using shared libraries.
False
136. True or False: Safe coding practice does not let user input reach an OS command unchanged.
True
137. A hacker exfiltrating data by injecting an HTTPrequest command is an example of which type of SQL Injection attack?
Out of Band
138. Protecting against SQL Injection attacks by sanitizing user input can be accomplished by which two (2) of the following techniques?
Use of whitelists.
Use of mapping tables.
139. True or False: Limiting database user permissions is an ineffective strategy in preventing SQL Injection attacks since the injected code will run directly against the database regardless of the permission levels that have been set.
False
140. Which of the following will help reduce the SQL Injection attack surface?
Use of stored procedures.
141. When developing an application, using NoSQL instead of MySQL will have what effect on the applications susceptibility to SQL Injection attacks?
It will reduce, but not eliminate, the injection attack surface.
142. You work at a software development company. The development team incorporates security checks throughout software development, and all their code passes them. But you want extra assurance that the applications that they develop can withstand real-world cyberattacks. You want to simulate real hacking techniques to identify any remaining vulnerabilities. What cyberdefense method should you use?
Penetration testing
143. How can you view a complete list of all vulnerabilities that OWASP ZAP detected while scanning an application?
Click the Alerts tab in the Information window.
144. You find a public GitHub repository for an application and would like to use and modify the application’s code for your own project. However, you need to do so without impacting the current repository. What should you do?
Access the repository’s web page, and then click Fork.
145. You’re the project manager for a development team working on code in a GitHub repository. You use Snyk to scan the repository for vulnerabilities. Snyk identifies only one vulnerability, “Container has no CPU limit”, and marks the vulnerability as low severity. The fix for this issue is currently in development, but you don’t know when it will be ready. What should you do next on the file’s Overview page?
Click Ignore, click Ignore temporarily, select the Until fix is available checkbox, and then click Save.
Other Links:
See other websites for quiz:
Check on QUIZLET