1.Stephanie is an IT systems support specialist. Stephanie works for an energy company in Houston that provides natural gas to homes in Texas. Stephanie has been tasked by her manager, the network administrator, to help implement a new VoIP phone system for the company. She and two other IT employees work on the new phone system for over a month and are finally able to get the system installed and working. After a month of using the VoIP system, users are reporting that their phone call quality is very bad. After doing some research, Stephanie finds that some of the sales team is using video conferencing but they are not experiencing any problems. The salesmen say that the quality of the video conferences is not important. What should Stephanie implement on the network devices so the VoIP calls have better quality? A. She needs to use system metrics on all the network routers. B. Stephanie needs to implement packet prioritization. C. She should enable packet fragmentation so the voice packets can get to their destination as quickly as possible. D. If Stephanie implements packet filtering, the voice traffic will sound better. 2. A. B. C. D. 3. A. B. C. D. Bob is an IT security professional attending certification classes in Orlando. Bob is hoping to increase his marketability by obtaining at least four security certifications. In the current class he is attending, Bob is presented with a lab project he must complete within two weeks. In this project, Bob must build a honeynet from scratch but the entire system must be contained on one computer. He must use only one computer to simulate network devices, operating systems, and so forth. What type of honeynet must Bob build for this project? For this project, Bob needs to build a Gen 100 honeynet. Bob has been tasked with creating a virtual honeynet. He needs to build a Gen I honeynet. Bob should build an underground honeynet. Thomas, a security analyst for the Pentagon, is currently working from home after some minor elective surgery. He is able to VPN into the Pentagon’s network, after authenticating multiple times and passing through a quarantine server that checks for up-to-date virus definitions, Windows updates, and other customized checks. After working from home for a couple of weeks, Thomas tries to logon to the VPN again to get on to the network and it says he has too many concurrent connections to connect. He calls his supervisor and he is told the quarantine server checks how many connections the incoming computers have, and if they have too many, they are not allowed access. He then decides to try and figure out how many connections his computer is currently running. What tool can Thomas use to find this out? The Nbtstat command would show him how many open connections there are on his computer. Task Manager can be used to see the open network connections on his computer. Thomas can use the Netstat command to see how many open connections his computer has. Thomas should use the Finger command. 4. He needs to search in the /bin/usr/apache/logs folder. She has been tasked with by the company’s network administrator to help him setup and implement VPN tunnels to some remote offices. 6. D. B. IPSec tunnels can work on either the application or physical layers. He is currently working for the city of Denver. What type of attack is Joseph planning to carry out? Joseph is planning on carrying out a DRDoS attack. B. He has been given full permission by those in charge to perform any and all tests necessary. D. The network administrator wants Scott to monitor the log files created by these Apache servers. Robert needs to study the RIP protocol since it is utilized by routers and is insecure. Robert needs to study the SLIP protocol. He is planning on carrying out a DoS attack on the network. . C. Colorado. D. B. Joseph is an IT consultant who works for corporations and governments. he is going to carry out a Smurf attack. Before she helps her boss. The ARP protocol. C. She was told by the network administrator that they will most likely be implementing IPSec VPN tunnels to connect the offices. He is particularly lacking in knowledge on the protocols used by routers and how secure and/or insecure those protocols are. A. A. Although routers utilize different protocols. 5. He plans on shutting down the city’s network after hours using a number of BGP routers and zombies he has taken control of over the last few months. Scott works at a large company that manufactures car parts. C. At his company. At what layer of the OSI model do these IPSec tunnels function on? They work on the network layer of the OSI model. D. What networking protocol language used by routers should Robert focus on since it is very insecure? A. C. he will find the files he needs. used by routers. These tunnels function on the session layer. Scott is a network technician working on many different IT certifications. Scott should look in the /temp/apache/logs fodler. He has extensive knowledge of each module necessary to pass the test except the areas on hardening routers. Robert need only study the ATM protocol since that is the only one actually used by routers even though it is insecure. Where should Scott look on the Apache servers to find the default location of the log files? If he looks in the /var/usr/apache/w3svc/logs folder. Scott should look in /var/log/httpd/access_log . To be able to pass his ENSA exam completely. The network administrator has setup two Apache servers to host an Intranet for the company. IPSec tunnels function on the data link layer. He is going to use a DDoS attack to test the city’s network. is what Robert needs to focus on in studying for his upcoming exam. By using BGP routers and zombies. Scott works for the network administrator who oversees the entire network. 7. Liza is an IT technician working for a manufacturing company in Detroit. A. Robert is studying for his ENSA exam that he will be taking in a couple of weeks. Liza wants to read up on VPN technologies and methods so she can become more familiar with the technology. B. Users report that phone conversations are choppy. The team’s first step should be to analyze any data they have currently gathered from the company or from interviews.11g must be used. Hunter and the team members are having their first meeting to discuss how they will proceed. A. The wireless network which was installed over a year ago is running 802. there is latency. 802. day-to-day help desk. What should be their first step in creating the network vulnerability assessment plan? Their first step should be the acquisition of required documents. Ron is a network administrator working for a large software development company in Los Angeles. He is responsible for the entire agency’s servers. and Marketing. She also helps the network administrator with basic network issues and the company’s wireless network. Hunter is an IT technician that has been appointed to his company’s network vulnerability assessment team.8. C. 11. A. He is not as familiar with Red Hat as he is with Windows systems.11e should be used since it supports Quality of Service (QoS). B. C. 10. The other team members include employees from Accounting. The company has recently fallen on hard times financially because of a . He is the only IT employee on the team. reviewing of laws. D. Ursula is an IT support specialist working for a large restaurant supply company in New York City. Larry should use SCE to update the agency’s Red Hat servers. Hunter is very proud of being appointed to this team in the hopes that it will improve his chances of a promotion if they do a good job. 802. D. They should change the 802. 9.11b. and sometimes the calls drop off completely. The assessment team’s first step should be to make a hypothesis of what their final findings will be.11a wireless structure to 802. After Ursula and the network administrator install a new VoIP system with some of the VoIP phones working over wireless. Larry should use the up2date tool. the voice quality on those phones over wireless becomes very poor. What tool provided by Red Hat can Larry use to update the Red Hat servers? He needs to utilize the WSUS tool provided by Red Hat. To update these servers. He also must administer two Red Hat servers that serve as the agency’s web hosting servers. What can Ursula and the network administrator utilize to get better quality for the VoIP phones over a wireless connection? For support of VoIP traffic. Larry is a systems administrator working for a US federal agency in San Francisco. He should use Netstat to update the web servers. Ursula and the network administrator need to use 802.11i. Management. Ursula is responsible for all 100 workstation computers and 12 servers. B.11a and connects all laptop users to the LAN using basic encryption. and outlining a list of vulnerabilities that require testing. Their first step should be to create an initial Executive report to show the management team. B. A. C. D. and ensuring all computers are up to date with patches. Shipping. To allow SSH though the firewalls. . D. This DMZ has a firewall that separates it from the internal network. Ron would hire a cabling contractor to do any work but now he must do the work himself. These particular users are having problems because Cat6 is not mean to be run for more than 10 feet. To allow the SMTP traffic to pass through. and a number of networked printers. he needs to open port 53. He needs to open port 25. 12. C. One of these areas in particular for Ron is network cabling. He needs to open port 21. What port must Neville open on the firewall to allow this traffic to pass? Neville should open port 21 to allow the traffic through. Neville must open port 443. After connecting the employees’ computers to these new cable runs. He has recently installed a number of network devices in different remote offices and now needs to configure a way to access them remotely over secure channels.downturn in the economy. he is now moving the company’s email transport server into a new logical DMZ he has created. C. C. 13. fifty workstations running Windows XP. A. he should open port 53. Coleman works as a network administrator for his company which is based out of Atlanta. He measures these new cable runs and they end up being between 350 to 400 feet long. The network consists of three Windows servers. Because of this. He is in the middle of a huge security restructuring project which entails a security overhaul of the entire company’s network. This forces Ron to run more Cat6 cable from the server room to the new spaces where employees have been moved. B. Coleman should open port 443. Before the cuts. After weeks of work. The users are seeing issues because their network cables are plugged into different switches. the company is trying to cut costs wherever possible. Neville is the network administrator for his company. the users complain their network connections appear to be dropping and/or not working at all. Ron is using Cat5 ends since he already had a number of them in stock. They are having issues because their Ethernet cable runs are too long. He tries to connect to the network devices but he cannot. B. A. Ron connects the new cable runs to 100 Mbps ports on two different switches. B. The company’s management team re-organizes a number of departments by moving them around the office. Why are these users experiencing problems? A. To save more money. What port does he need to open on the company firewalls to allow him remote access over SSH? Coleman needs to open port 22 on the firewalls. They are experiencing problems because Ron used Cat5 ends with Cat6 cable. D. D. He has setup the server in the DMZ to only talk to the main email server in the internal network over SMTP. He decides to use an SSH program to make the connections. He should say that IEEE 802 is mapped to the Data Link and Physical layers of the OSI model. Bill is an IT intern working part time at a state agency in Nebraska while he attends college. To make the patches run silently. 15.1. he needs to run them with the /y command switch. Javier should run the patches with the /z switch.1. He is worried about the security of his company’s network so he decides to install programs such as Wireshark at all ingresses of the network. He is responsible for the entire network’s health and over 20 IT employees. A. Javier is the only IT employee working for the company since they are not very big yet. 17. Javier needs to install some specific patches during work hours because they are minor ones but he does not want any of the users to see the installation process. Javier is a network administrator working for a small oil and gas company based out of Tulsa Oklahoma. He should tell the professor that IEEE 802 is mapped to the Presentation and Session layers of the OSI model. Bill should answer that IEEE 802 is mapped to the Application and Network layers.68. C. Frank is an IT administrator for Lehman associates. This source address signifies that the originator is using 802dot1x to try and penetrate into Frank’s network. D. what should Bill give as the answer? He should answer with that IEEE 802 is mapped to the Physical and Application layers. 16.14.0. D. D. This source address is IPv6 and translates as 13. C. What command switch should Javier use to make the patches install in the background without any user interaction? Javier needs to use the /q command switch to make the patches run silently. B. Joshua has recently been charged with connecting the city’s Metropolitan Area Network (MAN) with the individual Local . Javier is currently working on patching all computers in the network which consist of 30 Windows XP workstations. B. A. He needs to use the /n switch. Bill is in his Junior year of college taking classes for his major in Information Systems and Operations Management. C. What does this source address signify? This address means that the source is using an IPv6 address and is spoofed and signifies an IPv4 address of 127. Bill is currently taking a Network Theory class where the fundamentals of networking are taught. Joshua is a network administrator working for the city of Denver. Bill’s teacher asks him what layer(s) of the OSI model IEEE 802 can be mapped to. Bill’s professor is teaching the class about IEEE 802 and the standards it covers. a large law firm based out of Los Angeles. He sees traffic coming from a source being recorded as 1080:0:FF:0:8:800:200C:4171 and uses port 21 traffic. He looks through the logs one day at the Wireshark logs recorded from the company’s T1 interface and notices a number of packets originating from an odd source. This means that the source is using IPv8. A.3.0. B. you find that these registry entries are indicative of a WALEDAC virus infection. On top of being the network administrator. an investment firm in New York City. Since this is a huge project and Joshua is not exactly sure how these connections will be made.1 standard would cover these connections between the MAN and LANs. you should enable Data Execution Prevention for all files with a . D. B. You are a network security analyst for Smithson Brothers Incorporated.9 standard. The IEEE 809. On all computers running Windows. What IEEE standard should Joshua refer to when connecting the MAN and LANs? A. You also find that this virus searches through local files attempting to retrieve email addresses in order to spread further. You can block all incoming and outgoing traffic on TCP port 12005. he will need to rely on publicly-available documentation and standards regarding the subject. Terrance also writes code and creates software applications for the company. You are responsible for scanning the company’s network on a daily basis to find any suspicious items and possible avenues of attack.wla extension. 19.1. These entries were reported as: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion FWDone = "{0x00000001}" MyID = "{0x00000003}" RList = "{HEXadecimal value0x00000002}" After doing some research. After learning from one of the IT auditors that his code was susceptible to attack. C. 18. He should refer to 802. To prevent the WALEDAC virus from searching local computers. What is Terrance preventing by changing the code? . You receive notice from one of the accounting servers that numerous registry entries have just been added. D. You use Tripwire on all important servers and machines to alert you if any system files are modified. you should disable all local file indexing. an aerodynamics company with offices all over the United States. Terrance is a network administrator working for Getterson Incorporated. Joshua should refer to the 802.Area Networks (LAN) managed in each city office. You should prevent searches on all local RAM disks for computers.1 covers connecting two or more networks using intermediary network devices. What can you do on this and other computers to keep the WALEDAC virus from finding other email addresses on local computers to send out to? A. B. The company hires an external IT auditing company every year. Terrance decided to rewrite some of his code to look like the following. 801. C. C. One Monday morning. is creating the disaster recovery plans for his company. the company’s firewall completely crashes so the manufacturer sends out a new replacement that same day. In the disaster recovery plan that Wayne is producing. Michael is the network administrator for his company. He should account for a class D fire. A. Terrance is attempting to prevent a SQL injection attack. The company he works for has 50 workstations and 15 servers. Two of the most hazardous materials used in the production are potassium and magnesium. C. What can Michael do on the firewall to help prevent packet loss such as this? He should increase the buffer size on the firewall to help prevent packet loss. D. the facilities manager for CMF plastics. A. B. To prevent packet loss of voice traffic. D. Since the company deals with hazardous materials.A. UDP traffic on the firewall should be denied to ensure all VoIP packets arrive without packet loss. he starts receiving complaints from users that incoming and outgoing phone calls on the VoIP phones are choppy and sometimes the calls completely drop. He uses a TCP/IP traffic sniffer and notices that the firewall is dropping or losing voice packets. Wayne. He and another IT employee implemented a Voice over IP solution six months ago and they have not had any problems with the system since its inception. B. 21. After some minor configuration of the firewall. Michael is able to get the new firewall in place and working. B. D. which class of fire should he accounted for in an incident? He needs to prepare for a class 2 fire incident. This code would stop a query string manipulation attack. Terrance is preventing a cookie poisoning attack by changing the code. Michael should allow all incoming and outgoing DNS traffic. After a day or two. Michael needs to decrease the buffer size on the firewall. CMF makes plastic containers which involves the use of many different chemicals and compounds to produce. Wayne must prepare for a class E fire. Wayne needs to account for a possible class 1 fire. 20. He is trying to prevent an XSS attack. . C. D. B. He wants Fred to monitor a NIPS system. These tunnels allow for connectivity of the remote offices for email. database access. Fred’s boss wants a solution that will be placed on all computers throughout the company and monitored by Fred. What type of solution does Fred’s boss want to implement? He wants to implement a HIPS solution. He could place a bastion host in his DMZ to capture all large UDP packet traffic. C. Fred is a network technician working for Johnson Services. Because of this. . He also sees confusing offset values in the second and later fragments that appear to be confusing the network devices when they try to break up the large packets. Xavier is a network administrator working for a government agency in Wisconsin. He checks his email server and it appears to be functioning ok. He oversees the network for this agency which has ten offices spread throughout the state. a temporary employment agency in Boston. His primary firewall appears to be pegging at 100% of its resources as well as a number of other network devices inside that office. He would be able to stop this from happening again if he enabled OSPF on his firewall. Xavier should turn off all RIP traffic on his firewall and internal network devices. Wisconsin. C. A. Xavier receives a call from one of his users in a remote office stating that she cannot send or receive email. Xavier ends all active sessions on the outside of the firewall and everything appears to go back to normal. 23. All the remote offices have VPN tunnels through their firewall that point back to the main agency office in Madison. A. This solution will gather information on all network traffic to and from the local computers without actually affecting the traffic. B. and intranet access. The company relies on a number of customized applications to perform daily tasks and unfortunately these applications require the users to be local administrators. This would be a NIDS implementation.22. What can Xavier do to prevent his network’s resources from being overwhelmed like that again? Xavier can enable high availability on his firewall to have a backup firewall pickup if its resources go beyond a certain level. Johnson Services has three remote offices in New England and the headquarters in Boston where Fred works. Then he receives calls from all the other remote offices stating they cannot get email either. Fred’s boss wants to implement a HIDS solution. He sees UDP packets that are too large for routers and switches to handle. Fred’s supervisor wants to implement tighter security measures in other areas to compensate for the inherent risks in making those users local admins. D. and antivirus functions. IPS. Xavier then gets an alert email sent from his main firewall in Madison that its system resources were at 99 percent. He uses a packet sniffer to capture mirrored traffic bound for the external interface of the firewall. Each office has its own firewall that provides protection for the offices by providing IDS. Stephanie is a network administrator that works for Nelson and Associates. All traffic is filtered through the computer for security. This would be considered a Ferroresonant Standby UPS. C. To ensure the servers are not without power for too long. A. The computer is a Windows 2003 member server. Add/Remove Windows Components. Now he suggests the company implement some security to protect their data. One network card is connected directly to the Internet and the other to the internal network. The company’s owner decides they do not have enough money to purchase a hardware firewall. This type of UPS is referred to as a True Online UPS. B. D. Thomas is a network technician who works on small company networks in his spare time for extra money. Where can Stephanie find the Network Monitor program to install it? A. an investment firm in Miami. Stephanie cannot use Network monitor on this computer since it is a server. C. He has decided to buy a Standby UPS. Also. Thomas comes up with a less expensive solution of using a workstation with two network cards. Stephanie should go to Start. The company’s office has around 25 workstations and 4 servers. Management and Monitoring Tools. On weekends. She checks the port settings. Thomas is using a NAT router to filter Internet traffic. Thomas is currently working for a small medical billing company setting up their network from scratch. The servers run applications but mostly store very important and confidential data. C. Add/Remove Programs. 26. He is utilizing a bastion router for security. For security. Kyle has purchased a LineInteractive UPS. Kyle is an IT technician working for Paulson Brothers. Stephanie can go to Control Panel. B. and makes sure the cable does not have any breaks or shorts in it from the computer to the switch. She has received reports from one of her users that is seeing very slow network response time. Stephanie decides to install Microsoft’s Network Monitor to see if that will show what the issue is. He has built 10 workstations and a server for them to use. . Kyle decides to purchase an Uninterruptible Power Supply (UPS) that has a pair of inverters and converters that charge the battery and gives power when needed. B. Run. What type of security measure is Thomas implementing as a less expensive solution to a firewall? As a less expensive solution. What type of UPS has Kyle purchased? A. D. For this reason. She still cannot find anything wrong with the computer. the power in the company’s office is not always reliable so Kyle needs to make sure the servers do not go down or are without power for too long of a period. 25. Thomas is using a proxy DNS server. and type in msconfig. signal strength for the network cable.24. Thomas is using a dual homed host to screen Internet traffic. a large architectural firm in Kansas City. Kyle must backup the servers’ data daily to ensure nothing is ever lost. She has setup IPSec tunnels between the main campus and a campus in Springfield. C. If Sarah used the command: ping -r 999 192.97 would make the router freeze.168.97. Heather is a network administrator working at a local public college in her home town. Sarah is an IT security consultant currently working under contract for a large state agency in New York. Run. Ping -l 254 192. Sarah attempts to gain unauthorized access or even overload one of the agency’s Cisco routers that are at IP address 192.254. 28. C. She first creates a telnet session over port 23 to the router.168.254. B. Malone is finishing up his incident handling plan for IT before giving it to his boss for review. This seems to have no affect on the router yet. To test this. She can go to Start. The agency’s network has come under many DoS attacks in recent months. A. She needs to search through the IOS OSPF table to see how traffic is passing. Where on the firewalls can Heather look to see what is going on with the traffic between the firewalls? A. B. She could use the command: ping -l 56550 192. She is trying to connect to a server at Haworth from the main campus but is not able to do so.168. She should look in the ARP table of the firewall to see if traffic is passing through the . Which step should Malone list as the last step in the incident response methodology? Recovery would be the correct choice for the last step in the incident response methodology. D. and type in the command: NetMonInstall. 27. She uses a random username and tries to input a very large password to see if that freezes up the router.168. She has used OSPF on the firewalls so the traffic over the IPSec tunnels can pick the best possible route. Heather makes sure that all campus computers can communicate with the internal network and she troubleshoots any network issues as they arise. C. What other command could Sarah use to attempt to freeze up the router? The command: finger -l 9999 192. 29.D.254. He should assign eradication to the last step. Malone should list a follow-up as the last step in the methodology. She has also setup an IPSec tunnel between Springfield and Haworth where the college has another campus.97 -t. B. She tests some connections and the main campus can contact the Springfield campus and the Springfield campus can contact the Haworth campus.97 -m would force the router to freeze.168. Heather can look in the routing tables on the firewall to see if OSPF is carrying the traffic across the firewalls properly. so the agency’s IT team has tried to take precautions to prevent any future DoS attacks. He is outlining the incident response methodology and the steps that are involved. D.254.254. she could freeze up the router and then attempt to gain access. A.97 -t. Containment should be listed on Malone’s plan for incident response.exe. She has been given permission to perform any tests necessary against the agency’s network. 32. Simon had all his systems administrators implement hardware and software firewalls last year to help ensure network security. D. After searching through firewall and server logs. She needs to run WSUS --d -f -u command. Most communication between the company. and update all currently installed packages? To accomplish all these tasks. A. C. On top of these. download the security package. .IPSec tunnels correctly. A. they implemented IDS/IPS systems throughout the network to check for and stop any bad traffic that may attempt to enter the network. and firmware updates. a hacker group was able to get into the network and modify files hosted on the company’s websites. She can perform a pcap OSPF lookup to see why she cannot connect to the firewall at the Haworth campus. The bank has around 600 windows computers and 400 Red Hat computers which primarily serve as the bank teller consoles. she will need to run the up2data -u command. This company processes over 20. 31. He is currently working on how to update all 1000 of the bank’s computers with patches. and lenders is carried out through email. security updates. a large shipping company based out of Atlanta. D. Alexis is a systems administrator working for a large bank in Oklahoma City. Alexis needs to type in the sysupdate --d command. no one could find how the attackers were able to get in. B. What utility could Simon and his systems administrators implement on the company’s network to accomplish this? SnortSam would be the best utility to implement since it keeps track of critical files as well as files it is told to monitor. James is a network administrator working at a student loan company in Minnesota. B. This monitoring tool needs to alert administrators whenever a critical file is changed in any way. He decides that the entire network needs to be monitored for critical and essential file changes.000 student loans a year from colleges all over the state. Simon is the network administrator for Chester’s Shipping. Because of privacy laws that are in the process of being implemented. They can implement Strataguard on the network which monitors critical system and registry files. Simon and his systems administrators need to use Loki to monitor specified files on the company’s network. What command should Alexis run on the network to update the Red Hat computers. C. Alexis should run the up2date --d -f -u command. force the package installation. D. 30. He has created a plan and deployed all the patches to the Windows computers and now she is working on updating the Red Hat computers. Although Simon and his administrators believed they were secure. Simon could use Tripwire to notify administrators whenever a critical file is changed. schools. What type of device do they need to convert the analog signals from the fax machine to digital to go out the new digital phone lines? A. he is looking for a low/no cost solution to encrypt email. C. 34. James wants to utilize email encryption agency-wide. Along with the VoIP system. A. they are not familiar with how to setup wireless in a business environment.3. C. B. The only problem for James is that his department only has a couple of servers. B. an interior design firm in Florida. 33. James could use PGP as a free option for encrypting the company’s email.James wants to get ahead of the game and become compliant before any sort of auditing occurs. The firm’s partners have asked that a secure wireless network be implemented in the office so employees can move about freely without being tied to a network cable. D. The IEEE standard covering wireless is 802. Meredith is a network security specialist working for a medium-sized publishing company in Kansas City. C. Timothy and the other IT employees of his company change out the old phone system with the new VoIP system. Meredith has been tasked by her boss to add more security measures to the company’s network. She does some online research and attends a couple of IT security seminars and believes she has a good plan for securing the . While Frank and his colleagues are familiar with wired Ethernet technologies. He has been working with the network administrator and IT directory of his company to implement a Voice Over IP solution to replace the company’s old analog PBX system. Over a long weekend.7 covers wireless standards. D. On Monday. 3DES would be the best free software solution to use for email encryption. To convert analog to digital signals. the company brought digital PRI phone line to replace the older analog lines. 802. 802. they find that the fax machines are not working. What IEEE standard should Frank and the other IT employees follow to become familiar with wireless? A. an SIP device would be needed. Frank and the other IT employees should read up on the 802. B.1 standard. Much of the email communication used at his company contains sensitive information such as social security numbers. If James uses the free RSA email program he could encrypt all the email. They should follow the 802.11 standard. and they are utilized to their full capacity. D. Analog fax machines will need a RARP device to convert the signals to digital. For this reason. 35. Frank and two other IT employees take care of all the technical needs for the firm. Since a server-based PKI is not an option for him.9. What should James use? James should utilize the free OTP software package. A NetBUI device will be needed to convert analog to digital signals and vice versa. They will need an ATA device to convert the analog signal from the fax machine to digital. Frank is a network technician working for a medium-sized law firm in Memphis. Timothy is the lead helpdesk technician working for his company. he can obtain the pre-shared keys from the VPN servers.6. The Nmap scan results have shown Lance that TACACS is running on these hosts. 802. This type of honeypot would be considered a high-interaction honeypot. 38. Meredith has decided to implement a low-interaction honeypot. B.3 is the IEEE standard that covers Ethernet. Timothy now uses a tool to obtain the IKE Aggressive Mode pre-shared keys of those VPN servers. She is going to setup a passive honeypot. much of which she has already learned through work experience. What tool has Timothy used to accomplish this? A. He performs scans against the IP’s owned by the DoD and sees a number of hosts listening on IPSEC ports. Lance can see that a number of hosts appear to be listening on TCP port 1723. A. 802. Timothy is an IT security analyst working on contract for the Department of Defense on a six month contract. D. Hosts running IPSEC listen on TCP port 1723. C.1 is the standard covering Ethernet. a shipping company in San Francisco. 36. and method of attack. C. Lance scans the company’s network with Nmap and finds a number of interesting ports he might try to exploit. What service is listening on these ports? A. He was hired on to ensure that the DoD’s connections to all its partner organizations and external companies are secure. 37. Timothy is using the Ikeprobe tool to obtain the IKE Aggressive Mode pre-shared keys from the VPN servers. Susan is a network technician who is going back to school to earn her Bachelor’s degree in Information Technology. He can make use of the Nmap –isakmp tool to obtain the IKE Aggressive Mode preshared keys from VPN servers. What type of honeypot has Meredith decided to setup? A. What IEEE standard covers Ethernet cabling? This would be the 801. C. Meredith is implementing a forward-facing honeypot. . B. Her class is currently on the chapter studying the IEEE standards that cover networking. Even though this type of honeypot is more complex and time consuming to set up. The IEEE standard covering Ethernet is 802. D. B. ISAKMP runs on TCP port 1723. Using a laptop. Lance is an IT consultant working on contract for Sherman Brothers. He is using the Probescan –isakmp tool.9 IEEE standard. They start with older standards such as Token ring which is covered under 802.5 standards and move onto Ethernet. D. information about the attacker’s source computer. She is having to re-learn the fundamentals of networking through textbooks. She has decided on creating a honeypot environment inside the network that will provide in-depth attack information such as keystrokes. By making use of Ipsecscan tool. Meredith believes the information gained will be worth the time. C.network. B. To further secure the data being passed by the agency. He is primarily concerned about preventing the external attacks on the network by using a solution that can drop packets if they are found to be malicious. A. You are the CIO for Liquid Associates. D. In order to insert the ESP header before the transport layer. C. a news story leaks about the stolen laptops and also that sensitive information from those computers was posted to a blog online. Lyle should use a HIDS system. Jacob wants to encrypt the IP traffic by inserting the ESP header in the IP datagram before the transport layer protocol header. He does not have much time for implementing a networkwide solution. Lyle has many network nodes and workstation nodes across the network.D. D. The agency Jacob works for stores and transmits vast amounts of sensitive government data that cannot be compromised. Jacob is an IT network support technician working for a federal agency in Washington DC. he should use ESP in gateway mode. From this Nmap scan. Your company has over 250 servers running Windows Server. C. He needs to use transport mode ESP to encrypt the traffic. Jacob should utilize ESP in tunnel mode. 5000 workstations running Windows Vista. What type of solution would be best for Lyle? He should choose a HIPS solution. Lyle also wants this solution to be easy to implement and be network-wide. What mode of ESP does Jacob need to use to encrypt the IP traffic? A. B. What built-in Windows feature could you have implemented to protect the sensitive information on these laptops? A. . 39. Jacob must use ESP in pass-through mode. He recently came back from a security training seminar on logical security. and 200 mobile users working from laptops on Windows XP. Jacob and many other IT staff members have secured virtually every aspect of the agency by using physical security to harden all operating systems. A NEPT implementation would be the best choice. Lyle’s company employs over 300 workers. You should have used 3DES which is built into Windows. half of which use computers. You are responsible for network functions and logical security throughout the entire corporation. These laptops contained proprietary company information. Lyle is the IT director for a medium-sized food service supply company in Nebraska. To better serve the security needs of his company. While doing damage assessment. 41. an investment firm based out of Paris. 40. Last week. Jacob has implemented Encapsulating Security Payload (ESP) to encrypt IP traffic. 10 of your company’s laptops were stolen from salesmen while at a conference in Barcelona. He now wants to ensure his company is as secure as possible. Lance can see that PPTP is running on these hosts. B. Lyle would be best suited if he chose a NIPS implementation. Blake performs a traceroute to find where the company firewall is at. Frederick is attempting to connect to the host at 10. Frederick is attempting to send spoofed SYN packets to the target via a trusted third party to port 81.0.0. C. Frederick is an IT security consultant working for Innovative Security which is an IT auditing company in Houston.24 over port 81. What tool Blake uses to accomplish this? A. B. This HPING2 command that Frederick is using will attempt to connect to the 10. Karen is a network security consultant that owns her own company.1.0. Blake is an IT contractor who has been hired on by an ISP to test all their network equipment’s security. D. Hping2 changes the TTL value for packets to be one more than the hop count of the firewall. C. After finding some live IP addresses. Frederick decides to use HPING2 to hopefully bypass the firewall this time.1. the sensitive information on the laptops would not have leaked out. 43. B. He then uses Angry IP to scan for live hosts on the firm’s network. 42. he attempts some firewalking techniques to bypass the firewall using ICMP but the firewall blocks this traffic. Blake must have utilized the tool Snarf.0. He types in the following command: C:\Hping2>hping2 -a 10. To accomplish these results. D. By using this command for HPING2. From an outside IP address. Blake uses Firewalk tool to accomplish this.24 host over HTTP by tunneling through port 81.24 through an SSH shell.B.24 What is Frederick trying to accomplish by using HPING2? A. She has been hired by a state government agency in Nebraska to perform a security audit and make .1. Blake then uses a tool that changes the TTL value for packets to be one more than the hop count of the firewall. He has just been hired on to audit the network of a large law firm in downtown Houston. You could have implemented Encrypted File System (EFS) to encrypt the sensitive files on the laptops. He starts his work by performing some initial passive scans and social engineering. He is using HPING2 to send FIN packets to 10. Blake used Httrack to see which ports on the firewall were open.150 -S -p 81 10.0. If you would have implemented Pretty Good Privacy (PGP) which is built into Windows. You should have utilized the built-in feature of Distributed File System (DFS) to protect the sensitive information on the laptops. D. This tool scans the firewall ports and whenever he gets the message “TTL exceeded error” he knows that port on the firewall is open. C. 44.1.1. At what OSI layer will the proxy server work on? It will filter traffic on the application layer. Since the proxy server is going to filter traffic. Jonathan does not want to leave any residual data on the donated computers in case the company’s data is found and used for financial gain. . There is no web filtering currently taking place in a specific area. Jonathan should use a program that will write zeroes to the hard drive to fill it up. it will work on the network layer. the company was forced to lay off its two web developers. 46. Blake should tell the administrators to edit the shadow file. D. B. It will function on the physical layer. He should do a format /complete on the C: drive of the computer to ensure that none of the data can be recovered. He also wants to donate the computers to a school to help them out and for his company to be able to take a tax write-off.conf file. D. 47. Patrick knows how to create and develop web pages since he does that in his spare time to earn extra money.recommendations. all access to any network resources must use Windows Active Directory Authentication. 45. A. All the computers have propriety data on them that cannot be left on them when they are donated. Most of the workstations are at the end of their warranty so Jonathan has purchased computers to replace them. She decides to install a proxy server for the company to help filter appropriate and inappropriate web content. According to the company’s security policy. C. What should Blake tell the administrators that they need to do on this server to force Windows Authentication? Blake should instruct them to edit the PAM file to enforce Windows Authentication. To enforce Windows authentication. He can move the hard drives’ jumpers from Master Select to Wipe for 10 minutes which will completely erase all data contained on the hard drive. Luckily. Jonathan is an IT administrator who oversees a small marketing firm with 25 workstations and 5 servers. C. B. Blake is auditing the recent work of the systems and network administrators after installing a virtual server environment. agency employees can browse to any website whether they are unsuitable for work or not. Because of the recent economy. Blake is a network security analyst for his company. A. D. B. The proxy server will function on the session layer. Blake looks at a Linux server that was recently installed to run these virtual servers and learns that it is not using Windows Authentication. Jonathan needs to install a Linux-based operation system on the computers which would completely erase all data. he should tell them to edit the ADLIN file Patrick is an IT administrator working for an airline company based out of Atlanta. He needs to have the administrators remove the /var/bin/localauth. What operations can Jonathan carry out on the PC’s before donating to ensure the data cannot be recovered? A. C. Karen performs her audit over a span of three weeks and finds a number of areas the agency needs to improve in. The code is vulnerable to query string manipulation 48. 49. George should have the ISP block port 179 on their firewall to stop these DoS attacks. This code is susceptible to a SQL injection attack. Miles then tries to execute some commands but they will not work even though they normally do. so they hired George for his expertise. What vulnerability or issue is the code susceptible to? A. Miles should go into router ROOT mode. D. The router has been dropping packets randomly off and on for two weeks now. The ISP did not have the internal resources to prevent future attacks. C.He has developed a logon page using Java on one of the company’s websites with the following code. To ensure the logon procedure is safe. He looks through the company’s firewall logs and can see from the patterns that the attackers were using the reflected DoS attacks. B. He should log into admin PRIVILEGE mode. B. C. Miles needs to log into user EXEC mode. B. He needs to log into privileged EXEC mode. This Java code is susceptible to a directory transversal attack. . Miles is working on one of his network routers that has been showing signs of a future failure. What measures can George take to help prevent future reflective DoS attacks against the ISP’s network? A. He should have them configure their network equipment to recognize SYN source IP addresses that never complete their connections. D. Patrick runs the code through a security analyzer but it fails. This Java code is vulnerable to SQL slamming. He receives an error saying that he is not logged into the correct mode for using those commands. George is an IT security consultant who has been hired on by an ISP that has recently been plagued by numerous DoS attacks. Miles logs onto his router using Telnet and types in his username and password. What mode should Miles log into to execute these commands? A. D. Johnnie should use the IPCONFIG /FLUSHDNS command. the computer will get a new IP address. He receives a call from Susan in Accounting about a problem with her computer. If Johnnie types in the IPCONFIG /START command. Johnnie can type in IPCONFIG /RELEASE and then IPCONFIG /RENEW. He needs to tell the ISP to block all UDP traffic coming in on port 1001 to prevent future reflective DoS attacks against their network. C. All workstations also are running Windows XP. B. He should configure the ISP’s firewall so that it blocks FIN packets that are sent to the broadcast address of the company’s internal IP range. He is responsible for troubleshooting any minor network issues that arise for company employees. he hands the issue off to the network administrator. . What command can Johnnie use to get a new IP address? A. Johnnie is a network technician that works for Felden Books. If a network problem becomes too large or complex. He calls the network administrator and he tells Johnnie to have the computer get a new IP address from the DHCP server. D. He takes a look and something appears to be wrong with the network card or IP address on her computer.C. 50. He should type in IFCONFIG /NEW. All workstations on the network receive IP addresses automatically from a DHCP server named SVR10. a publishing company in New York City.