Pen used to do a practice exam.

Domain 2 Quiz

Domain 2 Quiz

  1. Decide where things go.
    Network security components
  2. The content management group is considering the use of DNS Round Robin technology. What benefit could this provide?
    1. Load balancing
    2. Transparent proxying
    3. Anti-spoofing
    4. Certificate sharing
  3. Gina has been asked by her manager to set up wireless connectivity for the new software development team. They will be working in a small remote facility. What would be the best choice? Pick two.
    1. Fat
    2. Thin
    3. Controller-based
    4. Standalone
  4. Users are reporting that they can't access the financial department's secure web page. The following command output is observed. What is wrong? 
    $ netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4       0      0 10.138.0.3:22          184.16.205.240:50966   ESTABLISHED
tcp4       0      0 127.0.0.1:9000         127.0.0.1:37632        TIME_WAIT
tcp4       0      0 127.0.0.1:11628        127.0.0.1:9000         TIME_WAIT
tcp4       0      0 127.0.0.1:12042        127.0.0.1:9000         TIME_WAIT
tcp4       0      0 10.138.0.3:80          130.15.4.209:46944     TIME_WAIT
tcp4       0      0 10.138.0.3:80          46.229.168.70:15234    TIME_WAIT
tcp4       0      0 10.138.0.3:80          173.187.65.22:50598    ESTABLISHED
tcp4       0      0 10.138.0.3:80          212.3.84.1:55989       ESTABLISHED
tcp4       0      0 10.138.0.3:80          212.3.84.1:55987       ESTABLISHED
tcp4       0      0 10.138.0.3:80          212.3.84.1:55988       TIME_WAIT
tcp4       0      0 10.138.0.3:80          212.3.84.1:55986       TIME_WAIT
tcp4       0      0 *:80                   *.*                    LISTEN
tcp4       0      0 127.0.0.1:9000         *.*                    LISTEN
tcp4       0      0 *:22                   *.*                    LISTEN
tcp4       0      0 127.0.0.1:25           *.*                    LISTEN
udp4       0      0 127.0.0.1:123          *.*                    
udp4       0      0 10.138.0.3:123         *.*                    
udp4       0      0 *:123                  *.*                    
udp4       0      0 *:514                  *.*
    1. The web server is down
    2. The server is up but its web service isn't running
    3. The certificate is expired
    4. The certificate has been revoked
    5. HTTPS isn't enabled
    6. A firewall is blocking connections
  5. You observe this data. 
    11:43:57.293662 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 1, length 64
11:43:57.294143 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 1, length 64
11:43:58.294308 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 2, length 64
11:43:58.294730 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 2, length 64
11:43:59.322328 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 3, length 64
11:43:59.322645 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 3, length 6
    Which tool or defensive measure was involved? Select two.
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  6. You observe this data. 
    www.google.com (172.217.6.4) 56(84) bytes of data.
64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=1 ttl=116 time=26.9 ms
64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=2 ttl=116 time=28.2 ms
64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=3 ttl=116 time=27.2 ms
64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=4 ttl=116 time=27.2 ms
64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=5 ttl=116 time=28.5 ms

--- www.google.com statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 26.976/27.673/28.568/0.621 ms
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  7. You observe this data. 
    enp9s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2601:249:4300:cb:a62:66ff:fe2c:ab1c  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::a62:66ff:fe2c:ab1c  prefixlen 64  scopeid 0x20<link>
        ether 08:62:66:2c:ab:1c  txqueuelen 1000  (Ethernet)
        RX packets 16332198  bytes 4799272313 (4.7 GB)
        RX errors 0  dropped 3  overruns 0  frame 0
        TX packets 27220877  bytes 32805346549 (32.8 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  8. You observe this data. 
    Host is up (0.00031s latency).
rDNS record for 192.168.1.40: hplj4250n.kc9rg.org
Not shown: 993 closed ports
PORT      STATE SERVICE    VERSION
80/tcp    open  http       Virata-EmWeb 6.2.1 (HP LaserJet http config)
280/tcp   open  http       Virata-EmWeb 6.2.1 (HP LaserJet http config)
443/tcp   open  ssl/https?
515/tcp   open  printer
7627/tcp  open  http       HP-ChaiSOE 1.0 (HP LaserJet http config)
9100/tcp  open  jetdirect?
14000/tcp open  tcpwrapped
MAC Address: 00:12:79:DF:81:B1 (Hewlett Packard)
Device type: printer
Running: HP embedded
OS details: HP LaserJet 4250 (JetDirect) printer
Network Distance: 1 hop
Service Info: Host: 192.168.1.40; Device: printer
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  9. You observe this data. 
    192.168.1.4 at dc:a6:32:36:a9:4e [ether] on enp9s0
192.168.1.218 at b8:27:eb:1f:f6:87 [ether] on enp9s0
192.168.1.20 at b8:27:eb:03:6b:37 [ether] on enp9s0
192.168.1.205 at b8:27:eb:f9:ea:4d [ether] on enp9s0
192.168.1.7 at b8:27:eb:95:25:5b [ether] on enp9s0
192.168.1.40 at 00:12:79:df:81:b1 [ether] on enp9s0
192.168.1.254 at 38:94:ed:fa:48:88 [ether] on enp9s0
192.168.1.42 at 00:1c:50:ac:72:1e [ether] on enp9s0
192.168.1.3 at dc:a6:32:36:a9:4e [ether] on enp9s0
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  10. You observe this data. 
    Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp        0      0 www.http               ec2-54-251-14-39.http  SYN_RCVD
tcp        0      0 www.http               97-127-152-158.c.http  SYN_RCVD
tcp        0     72 www.ssh                c-67-162-124-176.57046 ESTABLISHED
tcp        0      0 www.ssh                c-67-162-124-176.56956 TIME_WAIT
tcp        0      0 www.57694              metadata.google..http  ESTABLISHED
tcp        0      0 localhost.9000         localhost.45172        TIME_WAIT
tcp        0      0 www.https              cpe-184-153-88-7.45718 ESTABLISHED
tcp        0      0 www.https              ec2-54-90-33-176.40684 ESTABLISHED
tcp        0      0 www.https              petalbot-114-119.32762 TIME_WAIT
tcp        0      0 www.https              static.kpn.net.49168   ESTABLISHED
tcp        0      0 www.https              static.kpn.net.49169   ESTABLISHED
tcp        0      0 www.https              185-97-201-166.n.1480  ESTABLISHED
tcp        0      0 www.https              185-97-201-166.n.1478  ESTABLISHED
tcp        0      0 www.https              185-97-201-166.n.1476  ESTABLISHED
tcp        0      0 www.https              crawl-66-249-79-.52368 TIME_WAIT
tcp        0      0 www.https              crawl-66-249-79-.35610 TIME_WAIT
tcp        0      0 www.http               crawl-66-249-68-.58406 TIME_WAIT
tcp        0      0 www.https              84.93.94.244.56895     ESTABLISHED
tcp        0      0 www.https              ip-99-203-20-246.19011 ESTABLISHED
tcp        0      0 www.https              pool-96-252-105-.51616 TIME_WAIT
tcp        0     63 www.https              CPE589630c056fc-.59897 FIN_WAIT_1
tcp        0      0 www.http               200.46.45.114.50849    CLOSED
tcp        0      0 www.http               201.130.137.117..44167 CLOSED
tcp        0      0 *.https                *.*                    LISTEN
tcp        0      0 *.http                 *.*                    LISTEN
tcp        0      0 localhost.9000         *.*                    LISTEN
tcp        0      0 *.ssh                  *.*                    LISTEN
tcp6       0      0 *.ssh                  *.*                    LISTEN
tcp        0      0 localhost.smtp         *.*                    LISTEN
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  11. You observe this command output. 
    Server:         192.168.1.3
Address:        192.168.1.3#53

** server can't find www.faasdfjh.com: NXDOMAIN
    What is wrong?
    1. DNS cache poisoning has happened
    2. Your workstation cannot contact the nameserver
    3. The domain faasdfjh.com does not exist
    4. There is no host named www.faasdfjh.com
  12. You observe this command output. 
    ;; connection timed out; no servers could be reached
    What is wrong?
    1. DNS cache poisoning has happened
    2. Your workstation cannot contact the nameserver
    3. The domain does not exist
    4. There is no host with the requested name
  13. You observe this data. 
    [**] [122:1:0] (Web) Directory Traversal [**] [Priority: 2] 07/05-12:15:41.483293 192.168.3.7 -> 192.168.1.1:80 PROTO:255 TTL:0 TOS:0x0 ID:3253 IpLen:20 DgmLen:1501
    Which tool or defensive measure was involved?
    1. NIDS
    2. NIPS
    3. HIDS
    4. HIPS
  14. You observe this data. 
    An unapproved executable attempted to run and was prevented.
The action was stopped and logged.
Location: c:\Program Files\Chromium Browser\Chrome.exe
    User: Elon
   Cause: Policy setting for unapproved software
    Which tool or defensive measure was involved?
    1. File integrity check
    2. Antivirus
    3. Blacklisting
    4. Whitelisting
    5. DLP
    6. DEP
  15. Julie, a network engineer, has been informed by management that they want to deploy network security technology that uses OSI layers 4 through 7 to authenticate, authorize, and audit Internet activity. To reduce the load on help desk personnel, this must require little to no browser or other application reconfiguration. What should she recommend?
    1. SIEM
    2. 802.1x
    3. Transparent proxy
    4. Load balancer
  16. Jenny, a network engineer, has been tasked with auditing network traffic to determine if any sensitive data is being transmitted in cleartext form. What tool could she use?
    1. Protocol analyzer
    2. Pen testing toolkit
    3. Compliance scanner
    4. Nmap
  17. James, a programmer, is looking at the logs of his WAP in his home. He notices an unknown device that has been accessing it. What countermeasure should he use?
    1. 802.1x
    2. NAC and certificates
    3. MAC filtering
    4. Faraday cage
    5. RADIUS and EAP
  18. Which of these are appropriate defenses for a mobile device? Select three.
    1. Remote wipe
    2. Cable lock
    3. FM-200
    4. Biometrics
    5. GPS tracking
    6. Transparent proxy
  19. George's manager needs to give a presentation to the board of directors, telling them about the most critical threat to the organization. What should George make sure is highlighted?
    1. Asset management
    2. Insider threat
    3. Social media
    4. Baseline deviations
    5. Performance
    6. Unauthorized software
  20. Tony, a network engineer, has been tasked by his manager with monitoring the more sensitive internal networks, to spot and block attacks. What should Tony use?
    1. SIEM
    2. HIDS
    3. HIPS
    4. NIDS
    5. NIPS

To the answers

To the Cybersecurity Page