Network Security Past Papers PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document contains past paper questions on network security, including multiple choice questions and some short questions. The questions cover various concepts, like network topologies, network protocols, and security measures.
Full Transcript
تجميع الدفاع عن الشبكات المحتويات إضغط على أي محتوى للذهاب إليه مباشرة التقييمات الذاتية – الدفاع عن الشبكات2.........................
تجميع الدفاع عن الشبكات المحتويات إضغط على أي محتوى للذهاب إليه مباشرة التقييمات الذاتية – الدفاع عن الشبكات2...................................................................... التقييمات الدورية – الدفاع عن الشبكات 18.................................................................. األسئلة الغير مكررة من بنك األسئلة – الدفاع عن الشبكات 30........................................... التقييمات الذاتية – الدفاع عن الشبكات التقييم الذاتي األول 1. IP addresses that start with ______ are used for testing purposes a) 127 b) 10 c) 168 d) 192 2. Many layers are there is the OSI networking model? a) 4 b) 5 c) 6 d) 7 3. Network Address Translation is when? a) A router encrypts all traffic entering the network b) A router remove all unwanted data c) A router replaces the public IP address in outgoing packets with the gateway’s private IP address so they can be routed through the internal network d) A router replaces the private IP address in outgoing packets with the gateway’s public IP address so they can be routed through the internet 4. Which layer groups data into frames? a) Physical layer b) Data link layer c) Network layer d) Transport layer 5. Which layer is closest to the user? a) Physical layer b) Data link layer c) Presentation layer d) Application layer 6. Which layer performs data formatting and translation like data compression/decompression? a) Transport layer b) Session layer c) Presentation layer d) Application layer 7. Which layers handles unstructured raw bits? a) Physical Layer b) Data-link layer c) Network layer d) Transport layer 8. Which of the following IP spoofing defense techniques examines the IP headers of incoming traffic and tries to determine if the source IP matches authorized sources of communication? a) Egress filtering b) Ingress filtering c) Network address translation d) Frame inspection 9. Which of the following activities is used by attackers to find open doors and services running on the network? a) Exploitation b) Port Scanning c) Brute Forcing d) Cracking 10. Which of the following differentiates viruses from worms? a) Viruses exploit network vulnerabilities to spread b) Worms inject themselves into other running processes c) Worms lock machines and asks the user for a ransom d) Worms exploit network vulnerabilities to spread 11. Which of the following if often a result of programming mistakes? a) Weak firewalls b) Cleartext traffic c) Open ports d) Buffer overflow vulnerabilities 12. Which of the following is an attack on the the availability of computing resources by overloading device limitations? a) Denial-of-Service b) IP Spoofing c) Man-in-the-Middle d) Buffer Overflow 13. Which of the following is false (not true) regarding subnet masks? a) They are used for subnetting, which divides the network into sub networks b) A subnet mask can be extended to the node portion of the IP c) A subnet mask takes a maximum value of 512 d) Each number in the subnet mask is transformed to binary to determine the exact number of subnets and nodes 14. Which of the following is security solution that monitors suspicious activities on the network? a) Firewalls b) Proxy Servers c) IDS d) Application servers 15. Which of the following is used by firewalls to analyze complete traffic flows? a) Packet filtering b) Stateful packet inspection c) Routing d) Access Control Lists 16. Which of the following malware detection approaches runs the malware in a sandbox and monitors its behavior? a) Static analysis b) Signature-based detection c) Behavior-based detection d) Misuse analysis 17. Which of the following protocol suites offer protection against session hijacking? a) SSL/TLS b) TCP/IP c) HTTP d) DNS 18. Which protocol transforms hostnames to IP addresses? a) Domain Name Service (DNS) b) File Transfer Protocol (FTP) c) Secure Socket Layer (SSL) d) Transmission Control Protocol (TCP) 19. Which security principle means an action cannot be denied later on it by whoever performed it? a) Least Privileged b) Integrity c) Availability d) Non-repudiation 20. What are IP addresses used for? a) To identify computer users b) To identify computers on a network c) To identify programs on a computer d) To identify computer locations in a building التقييم الذاتي الثاني 21. The CIA triad stands for? a) Confidentiality, Integrity, Appearance b) Confidentiality, Information, Availability c) Confidentiality, Integrity, Availability d) Consequence, Integrity, Availability 22. Which design principle works based on the idea that if the security mechanism makes things harder to use, people will find a way around them? a) Attack surface reduction b) Open design c) Fail safe d) Psychological Acceptability 23. Which of the following assumes the attacker has a pair of plaintext messages with their corresponding ciphertext, ones which were not chosen by the attacker? a) Brute-force b) Birthday Attacks c) Chosen-Plaintext Attacks d) Known-Plaintext Attacks 24. Which of the following attacks does the attacker try every key combination to break the encryption? a) Brute-force b) Frequency analysis c) Rainbow tables d) Social engineering 25. Which of the following attacks involves analyzing the cipher text to determine if patterns exist? a) Brute force attacks b) Steganalysis c) Frequency Analysis d) Rainbow tables 26. Which of the following attacks relies on collision where two inputs produce the same output? a) Rainbow tables b) Birthday attacks c) Frequency analysis d) Differential analysis 27. Which of the following classical encryption operations substitutes a character or byte with another character or byte? a) Substitution b) Transposition c) Transposition d) Transposition 28. Transposition a) Transposition b) Hashing c) Encryption d) Backups and replication 29. Which of the following cryptography methods is used to prove the identity of the message sender? a) Hashing b) Symmetric encryption c) Digital Signatures d) Digital certificates 30. Which of the following cryptography methods is used to prove the owner of a public key? a) Digital certificates b) Digital signatures c) Asymmetric encryption d) Hashing 31. Which of the following design principles aims to ensure resiliency against design or implementation failure so that minimum damage is incurred in the event of the failure? a) Seperation of duties b) Defense-in-depth c) Fail-Safe d) Open design 32. Which of the following design principles favors simpler designs so that fewer vulnerabilities are introduced? a) Economy of Mechanism b) Fail safe c) Complete Mediation d) Least Common Mechanism 33. Which of the following encyption schemes uses different keys for encryption and decryption? a) Private-Key encryption b) Public-key encryption c) Symmetric encryption d) Hashing 34. Which of the following is a breach of Availability? a) Preventing legitimate users from accessing computing resources b) The unauthorized disclosure of information c) Message modification while in transit d) Modifying the source of the message 35. Which of the following is a breach of confidentiality? a) Message source modification b) Message modification while in transit c) The blocking of legitimate use of resources d) The unauthorized disclosure of information 36. Which of the following is a security principle that eliminates total compromise due to the breach of a single control? a) Least privileged b) Open Designs c) Defense-in-depth d) Security through obscurity 37. Which of the following is study of how differences in input affect the output? a) Differential Analysis b) Known-plaintext c) Rainbow tables d) Brute force 38. Which of the following is the science of hiding messages in other messages? a) Steganography b) Cryptography c) Cryptanalysis d) Differential analysis 39. Which of the following principles refer to the users' control over their own data? a) Confidentiality b) Availability c) Privacy d) Integrity 40. Which of the following security principles requires more than one person to complete a task or job ? a) Defense in depth b) Seperation of duties c) Open design d) Fail safe التقييم الذاتي الثالث 41. Blocking 3rd party cookies is a hardening step for what? a) Registry hardening b) Browser hardening c) Windows services hardening d) User account hardening 42. which of the following IEEE 802.1X steps does the server send an EAP request to the authenticator which is then forwarded to the supplicant? a) Initialization phase b) Initiation phase c) Authentication phase d) Negotiation phase 43. In which of the following IEEE 802.1X steps does the supplicant authenticate themselves using the authentication method specified in EAP request? a) Initialization phase b) Initiation phase c) Negotiation phase d) Authentication phase 44. The most basic firewall operation is? a) Detect intruders b) Filter incoming and outgoing packets c) Defend against DoS attacks d) Balance the load on internal server 45. Which of the following NAC approaches does not require additional software to be installed on user devices? a) Agent NACs b) Agentless NAC c) Pre-admission NAC d) Post-admission NAC 46. Which of the following NAC components is a device that receives and responds to requests to join the network? a) The supplicant b) The authenticator c) The Authentication Server d) The firewall 47. Which of the following allows users to visit any site except those included in a specific type of list? a) Rainbow tables b) Grey listing c) Whitelisting d) Blacklisting 48. Which of the following is a database that stores settings and configurations on Windows machines? a) Windows Services b) Windows powershell c) Windows registry d) Windows policy template 49. Which of the following is considered the most basic type of firewall? a) Stateful packet inspection firewalls b) Application gateways c) Packet filtering firewalls d) Hybrid firewalls 50. Which of the following standards are used for NAC? a) IEEE 802.1X b) ISO 27001 c) X.509 d) PCI DSS 51. Which of the following terms describes an area set between an internal firewall and a perimeter firewall? a) Demilitarized zones b) Militarized zones c) Safe zones d) Protected zones 52. Which of the following terms describes an early warning system? a) OS hardening b) Root acounts c) Least privileged accounts d) Canary in the mine 53. Which of the following types of accounts often has the highest privileges? a) User accounts b) Administrator accounts c) Root accounts d) Both root and administrator are correct 54. Which of the following types of firewall implementations uses a combination of firewalls? a) Dual-homed firewalls b) Router-based firewalls c) Screened-hosts d) Host-based firewalls 55. Which of the following types of firewalls inspects previous packets from the same flow? a) Stateful packet inspection b) Circuit-level firewalls c) Packet filtering d) Application gateways 56. Which of the following involves properly configuring each machine and server on the network to have optimal (not maximum) security settings? a) OS hardening b) OS patching c) OS installation d) OS deployment التقييم الذاتي الرابع 57. At minimum, how many interfaces does a single firewall need to create a DMZ? a) There is no such thing as single firewall DMZs b) 1 c) 2 d) 3 58. At the end of which of the following Kerberos steps does the client obtain the Ticket Granting Ticket (TGT)? a) Client Authentication to the AS b) Client Service Authentication c) Client Service Request d) Server Authentication to the AS 59. Authentication is not a component of VPNs a) صواب a) خطأ 60. Caching is performed by proxies for which of the following reasons? a) Enhance security b) Filter content c) Enhance performance d) Enhance readability 61. In Kerberos Client Authentication step, tThe client sends their password to the AS a) صواب b) خطأ 62. Kerberos requires all hosts to have their time synchronized or the process will not work a) صواب b) خطأ 63. Of the following, which is considered the least secure? a) IPSec b) L2TP c) PPTP d) All of them are equally secure 64. Which of the following Kerberos entities manages client authentication and the distribution of cryptographic keys ? a) Client b) Key Distribution Center c) Service Server d) The Application Server 65. Which of the following is false when discussing DMZs? a) Although a dual firewall DMZ is the most common as it provides the most protection, single firewall DMZ also exist b) Dual firewall DMZ use a perimeter firewall (aka front-end firewall) and an internal firewall (back-end firewall) to create the DMZ. c) There is no such thing as a single firewall DMZ d) Dual firewall DMZs are considered more secure than single firewall DMZs 66. Which of the following is false when disussing VPNs? a) VPNs use encryption to create a virtual tunnel between two remote sites b) When using VPNs, data is first encrypted, encapsulated or wrapped, and attached to new routing headers c) VPNs usually require specialized hardware to implement d) VPNs do not require specialized hardware 67. Which of the following keys is the end-result of the Kerberos process? a) KC b) KC-TGS c) KC-S d) KS 68. Which of the following protocols in IPSec performs encryption? a) Authentication Headers (AH) b) Encapsulating Security Payloads (ESP) c) Internet Security Association and Key Management Protocol (ISAKMP) d) They all perform encryption 69. Which of the following protocols provides the support for HTTPS? a) IPSec b) L2TP c) PPTP d) SSL/TLS 70. Which of the following types of proxies evaluates requests and forwards them to the appropriate service? a) Gateway or tunneling proxy b) Forwarding Proxy c) Open Proxy d) Transparent Open Proxy 71. Which type of DMZ uses two packet inspection firewalls? a) Science DMZs b) Weak-screened DMZs c) Strong-screened DMZ d) Single-firewall DMZs التقييم الذاتي الخامس 72. How many total steps are needed to create a secure IPSec tunnel? a) 3 b) 4 c) 5 d) 6 73. In which IKE Phase 1 modes does the sender send all the requirements to create a Security Association in one go? a) Main Mode b) Transport Mode c) Authentication Mode d) Aggressive Mode 74. In which layer does IPSec operate in? a) Layer 2 b) Layer 3 c) Layer 5 d) Layer 7 75. In which of the following phases does the server send the client their digital certificate? a) The Negotiation Phased b) The Client ChangeCipherSpec Phase c) The Server ChangeCipherSpec Phase d) The Application Phase 76. What happens when an IPSec tunnel is terminated? a) All keys are kept to make future tunnels easier to build b) All keys are destroyed c) Some of the keys are destroyed but all of them d) Only the initiator destorys their keys 77. What is the purpose of Perfect Forward Secrecy? a) To make sure compromised keys do not compromise future communication b) To reduce the number of keys needed for secure communication c) To protect the sender from the receiver d) To protect the receiver from the sender 78. Which of the follow does a URL include? a) The protocol being used b) The host that contains the resource c) The name of the resource d) All options are correct 79. Which of the following is a type of user agent? a) Web server b) Web Browser c) Network router d) Proxy Server 80. Which of the following is the second phase of the SSL/TLS handshake? a) The Client ChangeCipherSpec Phase b) The Negotiation Phase c) The Server ChangeCipherSpec Phase d) The Application Phase 81. Which of the following port numbers is used when using HTTPS? a) Port 80 b) Port 21 c) Port 443 d) Port 8080 82. Which of the following protocols is used by HTTPS to provide secure communication? a) IPSec b) SSL/TLS c) Kerberos d) DNS 83. Which of the following statements are true regarding AH and ESP? a) AH performs encryption in addition to providing integrity through hashing b) ESP performs encryption in addition to providing integrity through hashing c) In AH tunnel mode, only the payload is hashed d) In ESP transport mode, the hashing has more coverage than in AH التقييم الذاتي السادس 84. How many levels of security does Syslog contain? a) 5 b) 6 c) 7 d) 8 85. Which of the following SIEM components is in charge of storage? a) The data collector b) The ingest and indexing point aggregator c) The search component d) The auditing component 86. Which of the following approaches monitors how programs use system resources and sends out alerts if any software performs abnormally? a) Executable Profiling b) Resource Profile c) Threshold Profiling d) User/Group work Profiling 87. Which of the following is a main difference between SIEMs and Syslogs? a) SIEMs collects and stores long when syslog only analyzes them b) Syslog collect logs about system-level activities while SIEMs collects logs about network- level activities c) SIEMs are more sophisticated in event correlation and threat detection while Syslogs are more trivial in threat detection d) SIEMs can be seen as maintanence tools while Syslogs are seen as full-blowed security products 88. Which of the following is an IDPS component that collects data and passes it to the Analyzer ? a) An Alert b) An Operator c) An Event d) A Sensor 89. Which of the following is not a mode which Snort operates in? a) Sniffer Mode b) Packet Logger Mode c) Promiscuous Mode d) Network Intrusion Detection System Mode 90. Which of the following is not an anomaly-detection approach? a) Threshold Monitoring b) User/Group Work Profiling c) Preemptive Blocking d) Executable Profiling 91. Which of the following is true regarding Intrusion Detection and Prevention Systems? a) It takes on a passive role b) It only alerts the administrators but does not interfere with traffic c) It both detects and can actively interfere with traffic d) It can only be deployed at the network-level 92. Which of the following is true regarding SIEM solutions? a) SIEMs collect and analyze logs b) SIEMs combine Security Information Management (SIM) and Security Event Management (SEM) c) SIEMs provide insights on events that may be of interest d) All choices are correct 93. Which of the following severity level that indicate that the system is operating as expected? a) Warning messages b) Error messages c) Informational messages d) Debug messages التقييم الذاتي السابع 94. From which of the following can Wireshark NOT collect traffic? a) Ethernet connections b) Bluetooth c) Other unrelated networks d) Wi-fi 95. Pcap files are short of packet capture files and is a file that contains packets captured from a sniffing session and stored in a file for later analysis a) صواب b) خطأ 96. What mode needs to be enabled to capture traffic that belong to other machines on the network? a) Promiscuous mode b) Easy mode c) Collect mode d) Gather mode 97. Which of the following Wireshark features make it easy to follow packets that belong to certain protocols? a) Conversations b) Follow protocol streams c) Promiscuous mode d) Transport mode 98. Which of the following are decoy files or database records that act as canaries in the mine? a) Honeynets b) Honeytokens c) Pure honeypots d) Low-interaction honeypots 99. Which of the following categories of honeypots are essentially production environments but with fake data? a) Pure honeypots b) Low-interaction honeypots c) Medium-interaction honeypots d) High-interaction honeypots 100. Which of the following describes anti-foresnics? a) A forensic process that is done in reverse order b) A forensic process that is performed before the attack happens c) Actions taken by attackers to hide their presence d) Actions taken by attackers to make their presence known 101. Which of the following describes honeypots? a) A machine made as secure as possible to deter attackers b) A machine made vulnerable to attract attackers c) An isolated machine without any network connectivity d) A machine that is placed close to sensitive or critical servers to support their application 102. Which of the following should be avoided when using honeypots? a) Using fake data b) Making things not too obvious c) Simulating fake network traffic on the honeynet d) Making the honeypot too obvious 103. Which of the following statements are incorrect concerning Wireshark? a) It is used by both attackers and defenders b) It is open-sourced c) It is known as a packet sniffer d) It can be used as a stand-alone security solution 104. Wireshark can only see header information but not the contents of the packets a) صواب b) خطأ التقييم الذاتي الثامن 105. Choose Your Own Device is when the company allows the employee to bring in whatever device that choose without any restrictions a) صواب b) خطأ 106. Code development requires a strategy for code management to avoid bad and vulnerable code a) صواب b) خطأ 107. Company Owned and Provided Equipment is the cheapest option of the BYOD alternatives a) صواب b) خطأ 108. Employee accounts that belong to employees that left the company should be kept active incase they are needed a) صواب b) خطأ 109. Password policies should contain a clause that specifies the password retention period, which is how long previous passwords are stored so that users do not reuse them a) صواب b) خطأ 110. Policies are step-by-step instructions on how things should be done a) صواب b) خطأ 111. Policies should be enforced with penalties that are placed on users that violate them a) صواب b) خطأ 112. The main purpose of incident response is to determine who is behind the attack a) صواب b) خطأ 113. The purpose of business continuity planning is to minimize the recovery time needed for systems to come back online in case of disasters and failures a) صواب b) خطأ 114. To be flexible, companies should apply changes as soon as they are needed without a specific process set in place a) صواب b) خطأ 115. To promote productivity and business activities, users should be allowed to install their own software a) صواب b) خطأ التقييم الذاتي التاسع 116. It is rarely the case where policies and procedures need to be updated a) صواب b) خطأ 117. Data should be classified according to their sensitivity where the highest classification of data, which signifies the most sensitive data, is confidential data a) صواب b) خطأ 118. Restoration procedures are the steps needed to successfully back-up data a) صواب b) خطأ 119. Differently categorized data require different methods of disposal a) صواب b) خطأ 120. VPN access is one of the rare cases where accounts can be created without a process as they do not poses any risk a) صواب b) خطأ التقييمات الدورية – الدفاع عن الشبكات التقييم الدوري االول 1. What is the topmost layer is the OSI Model? a) The application layer b) The physical layer c) The session layer d) The presentation layer 2. How many network classes are there? a) 3 b) 4 c) 5 d) 6 3. Which of the following attack changes the source IP so that the message appears to have been sent by someone else? a) Dos Attack b) Session Hijacking c) IP Spoofing d) Malware attack 4. The SYN Flood attack is a type of what? a) Non-repudiation attack b) DoS attack c) Confidentiality Attack d) Privacy Attack 5. The three avenues which can be targetted by attackers are data, network connection points, and what? a) People b) Policies c) Procedures d) Cables 6. Buffer overflows are often a result of what? a) Misconfigured firewalls b) Misconfigured IDS c) Misconfigured DNS d) Programming mistakes 7. Version 4 IP address have how many numbers seperated by dots? a) 4 b) 3 c) 5 d) 2 8. In Layer 2 (Data Link Layer), the bits are grouped into what data structure? a) Packets b) Frames c) Links d) Bytes 9. Each number in an IPv4 address has a values between 0 and what? a) 128 b) 255 c) 256 d) 512 10. What is command ping used for? a) It gives us information about our connection to a network or the internet b) It displays information about intermediary hops the packet went through before reaching the destination. c) This command tells us what connections our computer currently has d) Sends a test packet (echo packet) to a machine to see if it is reachable. 11. The first few bytes of a network packet is known as what? a) Trailor b) Payload c) Header d) Frame 12. Messages that are unscrambled and can be read are known as? a) Cipthertext b) Plaintext c) Hash Digest d) Encrypted text 13. Which of the following is true in regards to Pyschological Acceptability? a) Promotes usability and transparency b) Makes systems harder to use so that they are harder to break c) Promotes complex systems d) Focuses on keeping the design of the system secret 14. Asymmetric Encryption is also known as..... a) Private-key encryption b) Hashing c) Substitution Ciphers d) Public-key encryption 15. The encryption scheme that shuffles around the elements of a message is known as? a) Substitution b) One-time Pad c) Transposition d) Hashing 16. Security through Obscurity is achieving security by doing what? a) Making the design of the system publicly accessible b) Keeping the design and the implementation of the system secret c) The inner-working of the system is publicly known d) The implementation of the system is common knowledge 17. Which of the following best describes Rainbow Tables? a) Used to analyze the frequency of characters in a cipher text b) Uses a pre-calculated table of hashes to break hashing algorithms c) A table containing the colors supported by a system d) Brute forces encryption algorithms by trying out each and every key 18. What is the IP address of the loopback address? a) 127.0.0.1 b) 255.255.255.0 c) 192.168.0.0 d) 10.10.10.0 19. The purpose of the Domain Name Service (DNS) is to? a) Protect the network from intruders b) Translate hostnames to IP addresses c) Block malicious traffic d) Create sub-networks 20. Which of the following devices detects intrustions? a) IDS b) Firewall c) Proxy d) Least Privileges 21. What is the use of port numbers in networking? a) To specify the process or service running on the destination machine b) To specify the user the message is intended for c) To specify the computer on the network d) To specify the building where the network is hosted 22. How many layers are there is the OSI Networking model? a) 5 b) 6 c) 7 d) 8 23. Digital signature execution algorithm include: a) Encrypt data using public key. b) Generate a public/private key pair. c) Verify the authenticity of a message. d) Compress files 24.............is type of attack that use different possible key until the encryption is broken. a) Birthday attacks b) Brute Force Attacks c) Known-Plaintext Attacks d) Non of the above 25. What does Seperation of Duties refer to? a) Users are given the least amount if privileges b) Multiple security layers are set in place c) Different users should perform different tasks d) The system should revert back to a stable state after a failure 26. What does collision-free mean when discussing hash functions? a) No two different inputs to the same hash algorithm should generate the same hash digest b) Inputs to the hash algorithm are fixed-length c) The same key for different hash algorithms should produce the same hash digest d) The same input should always produce different hash digests 27. Which of the following is true regarding Number Generators? a) They are truly random b) They are generated from natural phenomenas c) They are random enough but not truly random d) f done correctly, can be easily predicted from previously generated sequences التقييم الدوري الثاني 28. Which of the following standards are for port-based access control? a) ISO 27001 b) X.509 c) 802.1X d) PCI DSS 29. The following policy addresses whether or not employees are allowed to bring in their personal devices to work a) Password policy b) Desktop configuration policy c) Email policy d) BYOD 30. Which of the following is true regarding application gateways? a) They don't require too much resources b) They do not offer user authentication c) They operate at the session layer d) They are vulnerable to flooding attacks 31. The PNAC standard has three main parts and they are the authenticator, the authentication server, and.......? a) The Supplicant b) The authentication algorithm c) The authentication policy d) The authenticator rules 32. What can Role-based and Mandatory Access Controls help ensure? a) That intruders cannot hack the network b) That malicious network traffic is properly analyzed c) That user accounts are setup with the least amounts of privileges necessary for user to do their jobs d) That managers can easily track what employees are doing 33. Why does optimal security not usually mean maximum security? a) Maximum security is often less usable which goes against the Physiological Acceptance principle b) Actually, optimal security is always the maximum security c) Because maximum security is expensive d) Because maximum security is hard to implement 34. Canaries in the mine refer to... a) Nothing related to cybersecurity b) Systems that actively fight back when intruders are attacking the network c) Early warning systems that alert us of wrongdoings d) Firewalls 35. When dealing with user accounts, the following is often advised a) Using the default account as is b) Removing default accounts or at least stripping them from privileges c) Removing all default user accounts but keeping default administrator accounts intact with all their privileges d) Vendor default accounts are already secure and should not be touched 36. Which of the following is false regarding Procedures? a) They are step-by-step guides b) They support policies c) They are optional d) They complicate how things work 37. Which of the following terms describes a region placed between an external firewall and an internal firewall? a) Militarized Zone b) Demilitarized Zone c) Safe space d) Honeynet 38. Which of the following is false when it comes to policies? a) They are only used by system administrators b) They must be clear c) They must be enforceable d) Can include both user and administrator policies 39. Which of the following is true regarding Firewalls? a) They can only be installed at the network level b) They can be installed at both the network-level and the host-level c) Firewalls are standalone devices and cannot be installed as a software d) Firewalls are only software and there are no standalone firewall appliances 40. Which layer do application gateways operate in? a) Layer 3 b) Layer 4 c) Layer 6 d) Layer 7 41. Which of the following types of firewalls begins by authenticating the users before allowing packets to flow between the client and the server? a) Circuit-level Firewall b) Application gateway c) Stateful-Packet Inspection Firewall d) Packet Filtering Firewall 42. Passwords should be periodically changed in case they were compromised a) صواب b) خطأ 43. Employee departure procedures should include everything execpt the following a) Disabling logon credentials b) Keeping logon credentials active c) Searching employee harddrives d) Returning physical keys and access cards 44. Which of the following approaches is considered more restrictive? a) Blacklisting b) Allowing all communication to go through c) Whitelisting d) None of the above 45. What are stateful packet filtering firewalls known for doing? a) Stopping all types of attacks b) Detecting intrusions c) Filtering traffic based on just the destination d) Inspecting previous packets from the same flow 46. When setting password policies, account lockout refers ) لكن رأي انه غير منطقيD (الجواب بالنظام a) How long a password stays valid b) How many times a year a password should be changed c) The number of incorrect attempts allowed by the system d) How long an account remains locked after surpassing the number of allowed password attempts 47. Which of the following should never be included in password policies? a) The minimum length of a password b) The expiration period of a password c) That passwords can be shared d) That passwords should not be written down and left in the clear 48. Which of the following is true regarding packet filtering firewalls? a) They perform the most basic firewall functions b) They are the most complex type of firewalls c) They have no weaknesses d) They usually offer user authentication 49. Organizations should have a ready-made procedure for how to handle employee departure a) صواب b) خطا 50. Which of the following terms is used as a general term that refers to a device that acts as a single point of contact between the network and the internet? a) Intrusion Detection System b) Intrusion Prevention System c) Application Server d) Bastion Host 51. Which of the following are software firewalls? a) Dual-homed firewalls b) Router-based Firewalls c) Host-based Firewalls d) Screened hosts التقييم الدوري الثالث 52. Phase two of IPSec's IKE relies on the SA created in Phase one a) صواب b) خطا 53. Which of the following is often placed in a DMZ? a) Database servers b) Payroll application servers c) Web servers d) Accounting application servers 54. Which of the following is the first step of creating an IPSec tunnel? a) Identifying traffic that initiates the IPSec process b) Phase one of IKE c) Data Transfer d) Terminating the tunnel 55. Access Control Lists is the only method to initiate IPSec a) صواب b) خطا 56. Which of the following authentication methods are supported by EAP? a) Passwords b) Challenge-Response c) Public-key infrastructure certificates d) All options are correct 57. Which of the following is not common usage of proxy servers? a) Load balancing b) Detecting intrusions c) Content-filtering d) Caching 58. IPSec supports two modes of operation, tunnel mode and transport mode a) صواب b) خطا 59. Which of the following HTTP status code categories represent server error? a) 2XX b) 3XX c) 4XX d) 5XX 60. Which layer does L2TP operate in? a) Layer 3 b) Layer 2 c) Layer 4 d) Layer 7 61. Which of the following is true regarding HTTPS? a) The server must have a digital certificate signed by a trusted 3rd party b) HTTPS is the insecure version of HTTP c) The client must have a digital certificate signed by a trusted 3rd party d) IP addresses and port numbers are always encrypted when using HTTPS 62. Which of the following statements are true regarding IPSec protocols? a) AH supports both encryption-only and authentication-only configurations b) AH applies encryption in addition to the use of hashing c) ESP applies encryption in addition to the use of hashing d) Using ESP by itself is more secure than using ESP with AH 63. PPTP is less secure than L2TP and IPSec but uses less resources a) صواب b) خطا 64. Which of the following technologies creates secure tunnel between two sites? a) Domain name service b) SSL/TLS c) IPSec d) Both SSL/TLS and IPSec 65. Which of the following IKE phase 1 modes does the initiator sends everything needed to create an SA all in one go? a) Main mode b) Aggressive mode c) Tunnel mode d) Transport mode 66. Which OSI layer does IPSec operate in? a) Layer 3 b) Layer 2 c) Layer 5 d) Layer 7 67. Which of the following is true regarding HTTP a) It is a stateful protocol b) It is a stateless protocol c) Session information must be stored for HTTP to work d) HTTP is encrypted by default 68. Which of the following is a networking device that acts as a middleman between users requesting a resource and the application providing it? a) Application server b) E-mail Server c) Packet-filtering firewall d) Proxy server 69. Which of the following describes Perfect Forward Secrecy? a) A system that uses encryption keys long term to make sure they can always be decrypted b) A system that keeps decryption keys but delete encryption keys c) A system that appends the key to the message d) A system that frequently changes the keys used for encryption to ensure the security of sessions even if past keys were compromised 70. Authentication is optional when creating a VPN tunnel a) صواب b) خطا 71. Which of the following protocols is behind HTTPS? a) IPSec b) SSL/TLS c) Kerberos d) L2TP 72. Which of the following HTTP methods are considered safe methods? a) POST b) PUT c) GET d) PATCH 73. Which of the following describes a Security Association? a) A certificate obtained by security professionals o prove they are proficient in security tools b) A verbal agreement between employees and management to follow security policies c) secure tunnel between two servers d) An agreement between two entities on the security mechanisms to use during a secure interaction 74. Which of the following protocols is included in the IPSec suites? a) Authentication Headers (AH) b) Encapsulating Security Payloads (ESP) c) Both AH and ESP d) Neither AH nor ESP 75. Which of the following types of proxies reveals either the identity of the proxy server, the user using it, or both? a) Open-proxy b) Forwarding proxy c) Gateway proxy d) Reverse proxy 76. Which of the following describes a Nonce? a) A number that is stored and used with every decryption operation b) A number that is only used once and then discarded c) A number that is used once by the sender but repetitively by the receiver d) A number that is used once by the receiver but repetitively by the sender 77. Which of the following is true regarding dual firewall DMZs? a) They use two firewalls, one perimeter and one internal b) They use a single firewall c) The least secure type of DMZ as it can be easily bypassed d) It is the cheapest option to implement 78. Which of the following authentication methods uses a central Authentication Service? a) Passwords b) Challenge-response c) Kerberos d) None of the options are correct التقييم الدوري الرابع 79. Snort can be set up to automatically modify firewall rules based on monitored traffic a) صواب b) خطا 80. Resource monitoring is when program behavior is monitored to determine intrusions a) صواب b) خطا 81. Which of the following is true regarding Intrustion Detection Systems a) An Intrusion Detection and Prevention System does not interfere with traffic b) An Intrusion Detection System does not interfere with traffic c) An Intrusion Detection System interferes with traffic d) An Intrusion Detection System takes an active role in network defense (as opposed to a passive role 82. Which of the following is a main difference between SIEM and Syslog? a) Syslog can also collect information from security software such as IDPSs b) Syslog can take an active role in threat removal c) Syslog commonly maintain a database of threats d) Syslog is seen mostly as maintanence tools with security capabilities while SIEMs are seen as security solutions 83. Which of the following is not considered as an anomly-detection approach? a) Preemptive Blocking b) Threshold Monitoring c) Resource Profiling d) Executable Profiling 84. Which of the following tools collects and analyzes logs from multiple network devices? a) Firewalls b) IDPS c) SIEM d) Proxies 85. Which of the following describes malicious traffic being classified as legitimate? a) False positives b) True positives c) False negatives d) True negative 86. Which of the following SIEM components is often responsible for storage? a) Data collector b) Search component c) Visualization component d) Ingest and indexing point aggregator component 87. Which of the following describes legitimate users being blocked or detected as malicious? a) False negatives b) True negatives c) False positives d) True positive 88. Executable monitoring creates a user profile for each user/group to specify normal user behavior a) صواب b) خطا التقييم الدوري الخامس 89. Which of the following settings should be enabled in Wireshark to sniff all accessible traffic from the entire network? a) Filters b) Promiscuous mode c) Streams d) Conversations 90. Which of the following should be avoided when implementing honeypots? a) Using real data on honeypots b) Isolating the honeypot/honeynet from the production network c) Simulating realistic services d) Modifying default configurations on software installed on honeypots 91. Which of the following follows the same concept as honeypots but at a much smaller scale such as files and database records? a) Honeynets b) High-interaction honeypots c) Honeytokens d) Pure honeypots 92. Which of the following is true regarding Honeypots? a) They are made secure and hard to break b) They are made vulnerable and is easy to breach c) Users commonly access honeypots d) Traffic to honeypots are rarely suspicious 93. TCPDump can be run without root privileges a) صواب b) خطأ 94. Which of the following Wireshark features isolates traffic between two endpoints? a) Follow stream b) Conversations c) Promiscuous mode d) Sniffing 95. Which of the following types of honeypots only simulate the most commonly used services? a) High-interaction honeypots b) Honeynets c) Pure honeypots d) Low-interaction honeypots األسئلة الغير مكررة من بنك األسئلة – الدفاع عن الشبكات 1. User awareness is not as important as strong security solutions and should not be commonly performed a) صواب b) خطأ 2. The method of media disposal depends on the sensitivity of the data stored on it a) صواب b) خطأ 3. Which of the following is security solution that is used to control and enforce the BYOD policy? a) SIEM solutions b) MDM solutions c) Syslog d) IDPS 4. Which of the following data classication indicates the highest level of sensitivity? a) Secret b) Condential c) Sensitive but unclassied d) Unclassied 5. Which of the following procedures tests if backups can be successfully retrieved? a) Backup procedures b) Restoration procedures c) Disposal procedures d) Access procedures 6. An asset inventory should include a) Hardware b) Software c) Network devices d) All options are correct 7. Devices found infected should be isolated from the network a) صواب b) خطأ 8. Which procedure is not true for VPN Access Procedures: a) The user is authorized for remote access b) Agreed to VPN usage policy c) User access VPN from inside the organization d) Risk Assessment must be conducted