Pen used to do a practice exam.

Domain 2 Quiz

Domain 2 Quiz

  1. Decide where things go.
    Network security components
  2. The content management group is considering the use of DNS Round Robin technology. What benefit could this provide?
    1. Load balancing
    2. Transparent proxying
    3. Anti-spoofing
    4. Certificate sharing
  3. Gina has been asked by her manager to set up wireless connectivity for the new software development team. They will be working in a small remote facility. What would be the best choice? Pick two.
    1. Fat
    2. Thin
    3. Controller-based
    4. Standalone
  4. Users are reporting that they can't access the financial department's secure web page. The following command output is observed. What is wrong?
    $ netstat -an
    Active Internet connections (including servers)
    Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
    tcp4       0      0 10.138.0.3:22          184.16.205.240:50966   ESTABLISHED
    tcp4       0      0 127.0.0.1:9000         127.0.0.1:37632        TIME_WAIT
    tcp4       0      0 127.0.0.1:11628        127.0.0.1:9000         TIME_WAIT
    tcp4       0      0 127.0.0.1:12042        127.0.0.1:9000         TIME_WAIT
    tcp4       0      0 10.138.0.3:80          130.15.4.209:46944     TIME_WAIT
    tcp4       0      0 10.138.0.3:80          46.229.168.70:15234    TIME_WAIT
    tcp4       0      0 10.138.0.3:80          173.187.65.22:50598    ESTABLISHED
    tcp4       0      0 10.138.0.3:80          212.3.84.1:55989       ESTABLISHED
    tcp4       0      0 10.138.0.3:80          212.3.84.1:55987       ESTABLISHED
    tcp4       0      0 10.138.0.3:80          212.3.84.1:55988       TIME_WAIT
    tcp4       0      0 10.138.0.3:80          212.3.84.1:55986       TIME_WAIT
    tcp4       0      0 *:80                   *.*                    LISTEN
    tcp4       0      0 127.0.0.1:9000         *.*                    LISTEN
    tcp4       0      0 *:22                   *.*                    LISTEN
    tcp4       0      0 127.0.0.1:25           *.*                    LISTEN
    udp4       0      0 127.0.0.1:123          *.*                    
    udp4       0      0 10.138.0.3:123         *.*                    
    udp4       0      0 *:123                  *.*                    
    udp4       0      0 *:514                  *.*                    
    
    1. The web server is down
    2. The server is up but its web service isn't running
    3. The certificate is expired
    4. The certificate has been revoked
    5. HTTPS isn't enabled
    6. A firewall is blocking connections
  5. You observe this data.
    11:43:57.293662 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 1, length 64
    11:43:57.294143 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 1, length 64
    11:43:58.294308 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 2, length 64
    11:43:58.294730 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 2, length 64
    11:43:59.322328 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 3, length 64
    11:43:59.322645 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 3, length 6 
    Which tool or defensive measure was involved? Select two.
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  6. You observe this data.
    www.google.com (172.217.6.4) 56(84) bytes of data.
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=1 ttl=116 time=26.9 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=2 ttl=116 time=28.2 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=3 ttl=116 time=27.2 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=4 ttl=116 time=27.2 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=5 ttl=116 time=28.5 ms
    
    --- www.google.com statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4005ms
    rtt min/avg/max/mdev = 26.976/27.673/28.568/0.621 ms 
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  7. You observe this data.
    enp9s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
            inet6 2601:249:4300:cb:a62:66ff:fe2c:ab1c  prefixlen 64  scopeid 0x0<global>
            inet6 fe80::a62:66ff:fe2c:ab1c  prefixlen 64  scopeid 0x20<link>
            ether 08:62:66:2c:ab:1c  txqueuelen 1000  (Ethernet)
            RX packets 16332198  bytes 4799272313 (4.7 GB)
            RX errors 0  dropped 3  overruns 0  frame 0
            TX packets 27220877  bytes 32805346549 (32.8 GB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  8. You observe this data.
    Host is up (0.00031s latency).
    rDNS record for 192.168.1.40: hplj4250n.kc9rg.org
    Not shown: 993 closed ports
    PORT      STATE SERVICE    VERSION
    80/tcp    open  http       Virata-EmWeb 6.2.1 (HP LaserJet http config)
    280/tcp   open  http       Virata-EmWeb 6.2.1 (HP LaserJet http config)
    443/tcp   open  ssl/https?
    515/tcp   open  printer
    7627/tcp  open  http       HP-ChaiSOE 1.0 (HP LaserJet http config)
    9100/tcp  open  jetdirect?
    14000/tcp open  tcpwrapped
    MAC Address: 00:12:79:DF:81:B1 (Hewlett Packard)
    Device type: printer
    Running: HP embedded
    OS details: HP LaserJet 4250 (JetDirect) printer
    Network Distance: 1 hop
    Service Info: Host: 192.168.1.40; Device: printer 
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  9. You observe this data.
    192.168.1.4 at dc:a6:32:36:a9:4e [ether] on enp9s0
    192.168.1.218 at b8:27:eb:1f:f6:87 [ether] on enp9s0
    192.168.1.20 at b8:27:eb:03:6b:37 [ether] on enp9s0
    192.168.1.205 at b8:27:eb:f9:ea:4d [ether] on enp9s0
    192.168.1.7 at b8:27:eb:95:25:5b [ether] on enp9s0
    192.168.1.40 at 00:12:79:df:81:b1 [ether] on enp9s0
    192.168.1.254 at 38:94:ed:fa:48:88 [ether] on enp9s0
    192.168.1.42 at 00:1c:50:ac:72:1e [ether] on enp9s0
    192.168.1.3 at dc:a6:32:36:a9:4e [ether] on enp9s0 
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  10. You observe this data.
    Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
    tcp        0      0 www.http               ec2-54-251-14-39.http  SYN_RCVD
    tcp        0      0 www.http               97-127-152-158.c.http  SYN_RCVD
    tcp        0     72 www.ssh                c-67-162-124-176.57046 ESTABLISHED
    tcp        0      0 www.ssh                c-67-162-124-176.56956 TIME_WAIT
    tcp        0      0 www.57694              metadata.google..http  ESTABLISHED
    tcp        0      0 localhost.9000         localhost.45172        TIME_WAIT
    tcp        0      0 www.https              cpe-184-153-88-7.45718 ESTABLISHED
    tcp        0      0 www.https              ec2-54-90-33-176.40684 ESTABLISHED
    tcp        0      0 www.https              petalbot-114-119.32762 TIME_WAIT
    tcp        0      0 www.https              static.kpn.net.49168   ESTABLISHED
    tcp        0      0 www.https              static.kpn.net.49169   ESTABLISHED
    tcp        0      0 www.https              185-97-201-166.n.1480  ESTABLISHED
    tcp        0      0 www.https              185-97-201-166.n.1478  ESTABLISHED
    tcp        0      0 www.https              185-97-201-166.n.1476  ESTABLISHED
    tcp        0      0 www.https              crawl-66-249-79-.52368 TIME_WAIT
    tcp        0      0 www.https              crawl-66-249-79-.35610 TIME_WAIT
    tcp        0      0 www.http               crawl-66-249-68-.58406 TIME_WAIT
    tcp        0      0 www.https              84.93.94.244.56895     ESTABLISHED
    tcp        0      0 www.https              ip-99-203-20-246.19011 ESTABLISHED
    tcp        0      0 www.https              pool-96-252-105-.51616 TIME_WAIT
    tcp        0     63 www.https              CPE589630c056fc-.59897 FIN_WAIT_1
    tcp        0      0 www.http               200.46.45.114.50849    CLOSED
    tcp        0      0 www.http               201.130.137.117..44167 CLOSED
    tcp        0      0 *.https                *.*                    LISTEN
    tcp        0      0 *.http                 *.*                    LISTEN
    tcp        0      0 localhost.9000         *.*                    LISTEN
    tcp        0      0 *.ssh                  *.*                    LISTEN
    tcp6       0      0 *.ssh                  *.*                    LISTEN
    tcp        0      0 localhost.smtp         *.*                    LISTEN 
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  11. You observe this command output.
    Server:         192.168.1.3
    Address:        192.168.1.3#53
    
    ** server can't find www.faasdfjh.com: NXDOMAIN 
    What is wrong?
    1. DNS cache poisoning has happened
    2. Your workstation cannot contact the nameserver
    3. The domain faasdfjh.com does not exist
    4. There is no host named www.faasdfjh.com
  12. You observe this command output.
    ;; connection timed out; no servers could be reached 
    What is wrong?
    1. DNS cache poisoning has happened
    2. Your workstation cannot contact the nameserver
    3. The domain does not exist
    4. There is no host with the requested name
  13. You observe this data.
    [**] [122:1:0] (Web) Directory Traversal [**] [Priority: 2] 07/05-12:15:41.483293 192.168.3.7 -> 192.168.1.1:80 PROTO:255 TTL:0 TOS:0x0 ID:3253 IpLen:20 DgmLen:1501
    
    Which tool or defensive measure was involved?
    1. NIDS
    2. NIPS
    3. HIDS
    4. HIPS
  14. You observe this data.
    An unapproved executable attempted to run and was prevented.
    The action was stopped and logged.
    Location: c:\Program Files\Chromium Browser\Chrome.exe
        User: Elon
       Cause: Policy setting for unapproved software 
    Which tool or defensive measure was involved?
    1. File integrity check
    2. Antivirus
    3. Blacklisting
    4. Whitelisting
    5. DLP
    6. DEP
  15. Julie, a network engineer, has been informed by management that they want to deploy network security technology that uses OSI layers 4 through 7 to authenticate, authorize, and audit Internet activity. To reduce the load on help desk personnel, this must require little to no browser or other application reconfiguration. What should she recommend?
    1. SIEM
    2. 802.1x
    3. Transparent proxy
    4. Load balancer
  16. Jenny, a network engineer, has been tasked with auditing network traffic to determine if any sensitive data is being transmitted in cleartext form. What tool could she use?
    1. Protocol analyzer
    2. Pen testing toolkit
    3. Compliance scanner
    4. Nmap
  17. James, a programmer, is looking at the logs of his WAP in his home. He notices an unknown device that has been accessing it. What countermeasure should he use?
    1. 802.1x
    2. NAC and certificates
    3. MAC filtering
    4. Faraday cage
    5. RADIUS and EAP
  18. Which of these are appropriate defenses for a mobile device? Select three.
    1. Remote wipe
    2. Cable lock
    3. FM-200
    4. Biometrics
    5. GPS tracking
    6. Transparent proxy
  19. George's manager needs to give a presentation to the board of directors, telling them about the most critical threat to the organization. What should George make sure is highlighted?
    1. Asset management
    2. Insider threat
    3. Social media
    4. Baseline deviations
    5. Performance
    6. Unauthorized software
  20. Tony, a network engineer, has been tasked by his manager with monitoring the more sensitive internal networks, to spot and block attacks. What should Tony use?
    1. SIEM
    2. HIDS
    3. HIPS
    4. NIDS
    5. NIPS

To the answers

To the Cybersecurity Page