Вы находитесь на странице: 1из 18


Stephanie is an IT systems support specialist. Stephanie works for an energy company in

Houston that provides natural gas to homes in Texas. Stephanie has been tasked by her
manager, the network administrator, to help implement a new VoIP phone system for
the company. She and two other IT employees work on the new phone system for over a
month and are finally able to get the system installed and working.
After a month of using the VoIP system, users are reporting that their phone call quality
is very bad. After doing some research, Stephanie finds that some of the sales team is
using video conferencing but they are not experiencing any problems. The salesmen say
that the quality of the video conferences is not important. What should Stephanie
implement on the network devices so the VoIP calls have better quality?

A. She needs to use system metrics on all the network routers.

B. Stephanie needs to implement packet prioritization.
C. She should enable packet fragmentation so the voice packets can get to their
destination as quickly as possible.
D. If Stephanie implements packet filtering, the voice traffic will sound better.



Bob is an IT security professional attending certification classes in Orlando. Bob is

hoping to increase his marketability by obtaining at least four security certifications. In
the current class he is attending, Bob is presented with a lab project he must complete
within two weeks. In this project, Bob must build a honeynet from scratch but the
entire system must be contained on one computer. He must use only one computer to
simulate network devices, operating systems, and so forth. What type of honeynet
must Bob build for this project?
For this project, Bob needs to build a Gen 100 honeynet.
Bob has been tasked with creating a virtual honeynet.
He needs to build a Gen I honeynet.
Bob should build an underground honeynet.
Thomas, a security analyst for the Pentagon, is currently working from home after some
minor elective surgery. He is able to VPN into the Pentagons network, after
authenticating multiple times and passing through a quarantine server that checks for
up-to-date virus definitions, Windows updates, and other customized checks. After
working from home for a couple of weeks, Thomas tries to logon to the VPN again to get
on to the network and it says he has too many concurrent connections to connect.
He calls his supervisor and he is told the quarantine server checks how many
connections the incoming computers have, and if they have too many, they are not
allowed access. He then decides to try and figure out how many connections his
computer is currently running. What tool can Thomas use to find this out?
The Nbtstat command would show him how many open connections there are on his
Task Manager can be used to see the open network connections on his computer.
Thomas can use the Netstat command to see how many open connections his computer
Thomas should use the Finger command.






Scott is a network technician working on many different IT certifications. Scott works at

a large company that manufactures car parts. At his company, Scott works for the
network administrator who oversees the entire network. The network administrator has
setup two Apache servers to host an Intranet for the company. The network
administrator wants Scott to monitor the log files created by these Apache servers.
Where should Scott look on the Apache servers to find the default location of the log
If he looks in the /var/usr/apache/w3svc/logs folder, he will find the files he needs.
He needs to search in the /bin/usr/apache/logs folder.
Scott should look in /var/log/httpd/access_log .
Scott should look in the /temp/apache/logs fodler.
Joseph is an IT consultant who works for corporations and governments. He is currently
working for the city of Denver, Colorado. He has been given full permission by those in
charge to perform any and all tests necessary. He plans on shutting down the citys
network after hours using a number of BGP routers and zombies he has taken control of
over the last few months. What type of attack is Joseph planning to carry out?
Joseph is planning on carrying out a DRDoS attack.
By using BGP routers and zombies, he is going to carry out a Smurf attack.
He is going to use a DDoS attack to test the citys network.
He is planning on carrying out a DoS attack on the network.
Liza is an IT technician working for a manufacturing company in Detroit. She has been
tasked with by the companys network administrator to help him setup and implement
VPN tunnels to some remote offices. Before she helps her boss, Liza wants to read up on
VPN technologies and methods so she can become more familiar with the technology.
She was told by the network administrator that they will most likely be implementing
IPSec VPN tunnels to connect the offices. At what layer of the OSI model do these IPSec
tunnels function on?
They work on the network layer of the OSI model.
IPSec tunnels function on the data link layer.
IPSec tunnels can work on either the application or physical layers.
These tunnels function on the session layer.

Robert is studying for his ENSA exam that he will be taking in a couple of weeks. He has
extensive knowledge of each module necessary to pass the test except the areas on
hardening routers. He is particularly lacking in knowledge on the protocols used by
routers and how secure and/or insecure those protocols are. What networking protocol
language used by routers should Robert focus on since it is very insecure?
A. To be able to pass his ENSA exam completely, Robert needs to study the SLIP protocol.
B. Although routers utilize different protocols, Robert need only study the ATM protocol
since that is the only one actually used by routers even though it is insecure.
C. Robert needs to study the RIP protocol since it is utilized by routers and is insecure.

D. The ARP protocol, used by routers, is what Robert needs to focus on in studying for his
upcoming exam.







Hunter is an IT technician that has been appointed to his companys network

vulnerability assessment team. He is the only IT employee on the team. The other team
members include employees from Accounting, Management, Shipping, and Marketing.
Hunter is very proud of being appointed to this team in the hopes that it will improve his
chances of a promotion if they do a good job. Hunter and the team members are having
their first meeting to discuss how they will proceed. What should be their first step in
creating the network vulnerability assessment plan?
Their first step should be the acquisition of required documents, reviewing of laws, and
outlining a list of vulnerabilities that require testing.
The assessment teams first step should be to make a hypothesis of what their final
findings will be.
Their first step should be to create an initial Executive report to show the management
The teams first step should be to analyze any data they have currently gathered from the
company or from interviews.
Ursula is an IT support specialist working for a large restaurant supply company in New
York City. Ursula is responsible for all 100 workstation computers and 12 servers. She
also helps the network administrator with basic network issues and the companys
wireless network. The wireless network which was installed over a year ago is running
802.11a and connects all laptop users to the LAN using basic encryption.
After Ursula and the network administrator install a new VoIP system with some of the
VoIP phones working over wireless, the voice quality on those phones over wireless
becomes very poor. Users report that phone conversations are choppy, there is latency,
and sometimes the calls drop off completely. What can Ursula and the network
administrator utilize to get better quality for the VoIP phones over a wireless
For support of VoIP traffic, 802.11g must be used.
They should change the 802.11a wireless structure to 802.11b.
802.11e should be used since it supports Quality of Service (QoS).
Ursula and the network administrator need to use 802.11i.
Larry is a systems administrator working for a US federal agency in San Francisco. He is
responsible for the entire agencys servers, day-to-day help desk, and ensuring all
computers are up to date with patches. He also must administer two Red Hat servers
that serve as the agencys web hosting servers. He is not as familiar with Red Hat as he is
with Windows systems. What tool provided by Red Hat can Larry use to update the Red
Hat servers?
He needs to utilize the WSUS tool provided by Red Hat.
He should use Netstat to update the web servers.
To update these servers, Larry should use the up2date tool.
Larry should use SCE to update the agencys Red Hat servers.
Ron is a network administrator working for a large software development company in
Los Angeles. The company has recently fallen on hard times financially because of a

downturn in the economy. Because of this, the company is trying to cut costs wherever
possible. One of these areas in particular for Ron is network cabling. Before the cuts, Ron
would hire a cabling contractor to do any work but now he must do the work himself.
The companys management team re-organizes a number of departments by moving
them around the office. This forces Ron to run more Cat6 cable from the server room to
the new spaces where employees have been moved. He measures these new cable runs
and they end up being between 350 to 400 feet long. The network consists of three
Windows servers, fifty workstations running Windows XP, and a number of networked
To save more money, Ron is using Cat5 ends since he already had a number of them in
stock. Ron connects the new cable runs to 100 Mbps ports on two different switches.
After connecting the employees computers to these new cable runs, the users complain
their network connections appear to be dropping and/or not working at all. Why are
these users experiencing problems?
A. These particular users are having problems because Cat6 is not mean to be run for more
than 10 feet.
B. They are having issues because their Ethernet cable runs are too long.
C. They are experiencing problems because Ron used Cat5 ends with Cat6 cable.
D. The users are seeing issues because their network cables are plugged into different




Neville is the network administrator for his company. He is in the middle of a huge
security restructuring project which entails a security overhaul of the entire companys
network. After weeks of work, he is now moving the companys email transport server
into a new logical DMZ he has created.
This DMZ has a firewall that separates it from the internal network. He has setup the
server in the DMZ to only talk to the main email server in the internal network over
SMTP. What port must Neville open on the firewall to allow this traffic to pass?
Neville should open port 21 to allow the traffic through.
Neville must open port 443.
He needs to open port 25.
To allow the SMTP traffic to pass through, he needs to open port 53.
Coleman works as a network administrator for his company which is based out of
Atlanta. He has recently installed a number of network devices in different remote offices
and now needs to configure a way to access them remotely over secure channels.
He decides to use an SSH program to make the connections. He tries to connect to the
network devices but he cannot. What port does he need to open on the company firewalls
to allow him remote access over SSH?
Coleman needs to open port 22 on the firewalls.
He needs to open port 21.
Coleman should open port 443.
To allow SSH though the firewalls, he should open port 53.







Frank is an IT administrator for Lehman associates, a large law firm based out of Los
Angeles. He is worried about the security of his companys network so he decides to
install programs such as Wireshark at all ingresses of the network. He looks through the
logs one day at the Wireshark logs recorded from the companys T1 interface and notices
a number of packets originating from an odd source. He sees traffic coming from a
source being recorded as 1080:0:FF:0:8:800:200C:4171 and uses port 21 traffic. What
does this source address signify?
This address means that the source is using an IPv6 address and is spoofed and signifies
an IPv4 address of
This source address signifies that the originator is using 802dot1x to try and penetrate
into Franks network.
This means that the source is using IPv8.
This source address is IPv6 and translates as
Javier is a network administrator working for a small oil and gas company based out of
Tulsa Oklahoma. Javier is the only IT employee working for the company since they are
not very big yet. Javier is currently working on patching all computers in the network
which consist of 30 Windows XP workstations.
Javier needs to install some specific patches during work hours because they are minor
ones but he does not want any of the users to see the installation process. What
command switch should Javier use to make the patches install in the background
without any user interaction?
Javier needs to use the /q command switch to make the patches run silently.
To make the patches run silently, he needs to run them with the /y command switch.
Javier should run the patches with the /z switch.
He needs to use the /n switch.
Bill is an IT intern working part time at a state agency in Nebraska while he attends
college. Bill is in his Junior year of college taking classes for his major in Information
Systems and Operations Management. Bill is currently taking a Network Theory class
where the fundamentals of networking are taught.
Bills professor is teaching the class about IEEE 802 and the standards it covers. Bills
teacher asks him what layer(s) of the OSI model IEEE 802 can be mapped to; what
should Bill give as the answer?
He should answer with that IEEE 802 is mapped to the Physical and Application layers.
Bill should answer that IEEE 802 is mapped to the Application and Network layers.
He should tell the professor that IEEE 802 is mapped to the Presentation and Session
layers of the OSI model.
He should say that IEEE 802 is mapped to the Data Link and Physical layers of the OSI
Joshua is a network administrator working for the city of Denver. He is responsible for
the entire networks health and over 20 IT employees. Joshua has recently been charged
with connecting the citys Metropolitan Area Network (MAN) with the individual Local

Area Networks (LAN) managed in each city office.

Since this is a huge project and Joshua is not exactly sure how these connections will be
made, he will need to rely on publicly-available documentation and standards regarding
the subject. What IEEE standard should Joshua refer to when connecting the MAN and

He should refer to 802.1.

The IEEE 809.1 standard would cover these connections between the MAN and LANs.
Joshua should refer to the 802.9 standard.
801.1 covers connecting two or more networks using intermediary network devices.
You are a network security analyst for Smithson Brothers Incorporated, an investment
firm in New York City. You are responsible for scanning the companys network on a
daily basis to find any suspicious items and possible avenues of attack. You use Tripwire
on all important servers and machines to alert you if any system files are modified. You
receive notice from one of the accounting servers that numerous registry entries have
just been added. These entries were reported as:
FWDone = "{0x00000001}"
MyID = "{0x00000003}"
RList = "{HEXadecimal value0x00000002}"
After doing some research, you find that these registry entries are indicative of a
WALEDAC virus infection. You also find that this virus searches through local files
attempting to retrieve email addresses in order to spread further. What can you do on
this and other computers to keep the WALEDAC virus from finding other email
addresses on local computers to send out to?

A. You can block all incoming and outgoing traffic on TCP port 12005.
B. To prevent the WALEDAC virus from searching local computers, you should disable all
local file indexing.
C. On all computers running Windows, you should enable Data Execution Prevention for
all files with a .wla extension.
D. You should prevent searches on all local RAM disks for computers.

Terrance is a network administrator working for Getterson Incorporated, an

aerodynamics company with offices all over the United States. On top of being the
network administrator, Terrance also writes code and creates software applications for
the company. The company hires an external IT auditing company every year.
After learning from one of the IT auditors that his code was susceptible to attack,
Terrance decided to rewrite some of his code to look like the following. What is
Terrance preventing by changing the code?

A. This code would stop a query string manipulation attack.

B. Terrance is attempting to prevent a SQL injection attack.
C. He is trying to prevent an XSS attack.
D. Terrance is preventing a cookie poisoning attack by changing the code.





Michael is the network administrator for his company. The company he works for has
50 workstations and 15 servers. He and another IT employee implemented a Voice
over IP solution six months ago and they have not had any problems with the system
since its inception. One Monday morning, the companys firewall completely crashes
so the manufacturer sends out a new replacement that same day.
After some minor configuration of the firewall, Michael is able to get the new firewall
in place and working. After a day or two, he starts receiving complaints from users that
incoming and outgoing phone calls on the VoIP phones are choppy and sometimes the
calls completely drop. He uses a TCP/IP traffic sniffer and notices that the firewall is
dropping or losing voice packets. What can Michael do on the firewall to help prevent
packet loss such as this?
He should increase the buffer size on the firewall to help prevent packet loss.
To prevent packet loss of voice traffic, Michael should allow all incoming and outgoing
DNS traffic.
UDP traffic on the firewall should be denied to ensure all VoIP packets arrive without
packet loss.
Michael needs to decrease the buffer size on the firewall.
Wayne, the facilities manager for CMF plastics, is creating the disaster recovery plans
for his company. CMF makes plastic containers which involves the use of many
different chemicals and compounds to produce. Two of the most hazardous materials
used in the production are potassium and magnesium. In the disaster recovery plan
that Wayne is producing, which class of fire should he accounted for in an incident?
He needs to prepare for a class 2 fire incident.
Since the company deals with hazardous materials, Wayne must prepare for a class E
Wayne needs to account for a possible class 1 fire.
He should account for a class D fire.


Xavier is a network administrator working for a government agency in Wisconsin. He

oversees the network for this agency which has ten offices spread throughout the state.
Each office has its own firewall that provides protection for the offices by providing
IDS, IPS, and antivirus functions. All the remote offices have VPN tunnels through
their firewall that point back to the main agency office in Madison, Wisconsin.
These tunnels allow for connectivity of the remote offices for email, database access,
and intranet access. Xavier receives a call from one of his users in a remote office
stating that she cannot send or receive email. Then he receives calls from all the other
remote offices stating they cannot get email either. He checks his email server and it
appears to be functioning ok. Xavier then gets an alert email sent from his main
firewall in Madison that its system resources were at 99 percent. He uses a packet
sniffer to capture mirrored traffic bound for the external interface of the firewall. He
sees UDP packets that are too large for routers and switches to handle.



He also sees confusing offset values in the second and later fragments that appear to be
confusing the network devices when they try to break up the large packets. His primary
firewall appears to be pegging at 100% of its resources as well as a number of other
network devices inside that office. Xavier ends all active sessions on the outside of the
firewall and everything appears to go back to normal. What can Xavier do to prevent
his networks resources from being overwhelmed like that again?
Xavier can enable high availability on his firewall to have a backup firewall pickup if its
resources go beyond a certain level.
He could place a bastion host in his DMZ to capture all large UDP packet traffic.
Xavier should turn off all RIP traffic on his firewall and internal network devices.
He would be able to stop this from happening again if he enabled OSPF on his firewall.
Fred is a network technician working for Johnson Services, a temporary employment
agency in Boston. Johnson Services has three remote offices in New England and the
headquarters in Boston where Fred works. The company relies on a number of
customized applications to perform daily tasks and unfortunately these applications
require the users to be local administrators.
Because of this, Freds supervisor wants to implement tighter security measures in
other areas to compensate for the inherent risks in making those users local admins.
Freds boss wants a solution that will be placed on all computers throughout the
company and monitored by Fred. This solution will gather information on all network
traffic to and from the local computers without actually affecting the traffic. What type
of solution does Freds boss want to implement?
He wants to implement a HIPS solution.
Freds boss wants to implement a HIDS solution.
He wants Fred to monitor a NIPS system.
This would be a NIDS implementation.



Thomas is a network technician who works on small company networks in his spare
time for extra money. On weekends, Thomas is currently working for a small medical
billing company setting up their network from scratch. He has built 10 workstations
and a server for them to use. Now he suggests the company implement some security
to protect their data.
The companys owner decides they do not have enough money to purchase a hardware
firewall. Thomas comes up with a less expensive solution of using a workstation with
two network cards. One network card is connected directly to the Internet and the
other to the internal network. All traffic is filtered through the computer for security.
What type of security measure is Thomas implementing as a less expensive solution to
a firewall?
As a less expensive solution, Thomas is using a NAT router to filter Internet traffic.
For security, Thomas is using a proxy DNS server.
He is utilizing a bastion router for security.
Thomas is using a dual homed host to screen Internet traffic.
Kyle is an IT technician working for Paulson Brothers, a large architectural firm in
Kansas City. The companys office has around 25 workstations and 4 servers. The
servers run applications but mostly store very important and confidential data. For this
reason, Kyle must backup the servers data daily to ensure nothing is ever lost.
Also, the power in the companys office is not always reliable so Kyle needs to make
sure the servers do not go down or are without power for too long of a period. Kyle
decides to purchase an Uninterruptible Power Supply (UPS) that has a pair of inverters
and converters that charge the battery and gives power when needed. What type of
UPS has Kyle purchased?

A. To ensure the servers are not without power for too long, Kyle has purchased a LineInteractive UPS.
B. This would be considered a Ferroresonant Standby UPS.
C. He has decided to buy a Standby UPS.
D. This type of UPS is referred to as a True Online UPS.
Stephanie is a network administrator that works for Nelson and Associates, an
investment firm in Miami. She has received reports from one of her users that is seeing
very slow network response time. She checks the port settings, signal strength for the
network cable, and makes sure the cable does not have any breaks or shorts in it from
the computer to the switch. She still cannot find anything wrong with the computer.
The computer is a Windows 2003 member server. Stephanie decides to install
Microsofts Network Monitor to see if that will show what the issue is. Where can
Stephanie find the Network Monitor program to install it?
A. Stephanie should go to Start, Run, and type in msconfig.
B. Stephanie cannot use Network monitor on this computer since it is a server.
C. Stephanie can go to Control Panel, Add/Remove Programs, Add/Remove Windows
Components, Management and Monitoring Tools.

D. She can go to Start, Run, and type in the command: NetMonInstall.exe.





Sarah is an IT security consultant currently working under contract for a large state
agency in New York. She has been given permission to perform any tests necessary
against the agencys network. The agencys network has come under many DoS attacks
in recent months, so the agencys IT team has tried to take precautions to prevent any
future DoS attacks.
To test this, Sarah attempts to gain unauthorized access or even overload one of the
agencys Cisco routers that are at IP address She first creates a telnet
session over port 23 to the router. She uses a random username and tries to input a
very large password to see if that freezes up the router. This seems to have no affect on
the router yet. What other command could Sarah use to attempt to freeze up the
The command: finger -l 9999 -m would force the router to freeze.
Ping -l 254 would make the router freeze.
If Sarah used the command: ping -r 999 -t, she could freeze up the
router and then attempt to gain access.
She could use the command: ping -l 56550 -t.
Malone is finishing up his incident handling plan for IT before giving it to his boss for
review. He is outlining the incident response methodology and the steps that are
involved. Which step should Malone list as the last step in the incident response
Recovery would be the correct choice for the last step in the incident response
Malone should list a follow-up as the last step in the methodology.
He should assign eradication to the last step.
Containment should be listed on Malones plan for incident response.
Heather is a network administrator working at a local public college in her home town.
Heather makes sure that all campus computers can communicate with the internal
network and she troubleshoots any network issues as they arise. She has setup IPSec
tunnels between the main campus and a campus in Springfield. She has also setup an
IPSec tunnel between Springfield and Haworth where the college has another campus.
She has used OSPF on the firewalls so the traffic over the IPSec tunnels can pick the
best possible route. She is trying to connect to a server at Haworth from the main
campus but is not able to do so. She tests some connections and the main campus can
contact the Springfield campus and the Springfield campus can contact the Haworth
campus. Where on the firewalls can Heather look to see what is going on with the
traffic between the firewalls?

A. Heather can look in the routing tables on the firewall to see if OSPF is carrying the
traffic across the firewalls properly.
B. She needs to search through the IOS OSPF table to see how traffic is passing.
C. She should look in the ARP table of the firewall to see if traffic is passing through the

IPSec tunnels correctly.

D. She can perform a pcap OSPF lookup to see why she cannot connect to the firewall at
the Haworth campus.






Simon is the network administrator for Chesters Shipping, a large shipping company
based out of Atlanta. Simon had all his systems administrators implement hardware
and software firewalls last year to help ensure network security. On top of these, they
implemented IDS/IPS systems throughout the network to check for and stop any bad
traffic that may attempt to enter the network.
Although Simon and his administrators believed they were secure, a hacker group was
able to get into the network and modify files hosted on the companys websites. After
searching through firewall and server logs, no one could find how the attackers were
able to get in. He decides that the entire network needs to be monitored for critical and
essential file changes. This monitoring tool needs to alert administrators whenever a
critical file is changed in any way. What utility could Simon and his systems
administrators implement on the companys network to accomplish this?
SnortSam would be the best utility to implement since it keeps track of critical files as
well as files it is told to monitor.
Simon and his systems administrators need to use Loki to monitor specified files on
the companys network.
Simon could use Tripwire to notify administrators whenever a critical file is changed.
They can implement Strataguard on the network which monitors critical system and
registry files.
Alexis is a systems administrator working for a large bank in Oklahoma City. He is
currently working on how to update all 1000 of the banks computers with patches,
security updates, and firmware updates. The bank has around 600 windows computers
and 400 Red Hat computers which primarily serve as the bank teller consoles.
He has created a plan and deployed all the patches to the Windows computers and now
she is working on updating the Red Hat computers. What command should Alexis run
on the network to update the Red Hat computers, download the security package, force
the package installation, and update all currently installed packages?
To accomplish all these tasks, she will need to run the up2data -u command.
Alexis should run the up2date --d -f -u command.
She needs to run WSUS --d -f -u command.
Alexis needs to type in the sysupdate --d command.
James is a network administrator working at a student loan company in Minnesota.
This company processes over 20,000 student loans a year from colleges all over the
state. Most communication between the company, schools, and lenders is carried out
through email. Because of privacy laws that are in the process of being implemented,

James wants to get ahead of the game and become compliant before any sort of
auditing occurs.


Much of the email communication used at his company contains sensitive information
such as social security numbers. For this reason, James wants to utilize email
encryption agency-wide. The only problem for James is that his department only has a
couple of servers, and they are utilized to their full capacity. Since a server-based PKI is
not an option for him, he is looking for a low/no cost solution to encrypt email. What
should James use?
James should utilize the free OTP software package.
James could use PGP as a free option for encrypting the companys email.
If James uses the free RSA email program he could encrypt all the email.
3DES would be the best free software solution to use for email encryption.
Timothy is the lead helpdesk technician working for his company, an interior design
firm in Florida. He has been working with the network administrator and IT directory
of his company to implement a Voice Over IP solution to replace the companys old
analog PBX system. Along with the VoIP system, the company brought digital PRI
phone line to replace the older analog lines.
Over a long weekend, Timothy and the other IT employees of his company change out
the old phone system with the new VoIP system. On Monday, they find that the fax
machines are not working. What type of device do they need to convert the analog
signals from the fax machine to digital to go out the new digital phone lines?

A. To convert analog to digital signals, an SIP device would be needed.

B. They will need an ATA device to convert the analog signal from the fax machine to
C. A NetBUI device will be needed to convert analog to digital signals and vice versa.
D. Analog fax machines will need a RARP device to convert the signals to digital.

Frank is a network technician working for a medium-sized law firm in Memphis. Frank
and two other IT employees take care of all the technical needs for the firm. The firms
partners have asked that a secure wireless network be implemented in the office so
employees can move about freely without being tied to a network cable.
While Frank and his colleagues are familiar with wired Ethernet technologies, 802.3,
they are not familiar with how to setup wireless in a business environment. What IEEE
standard should Frank and the other IT employees follow to become familiar with


802.7 covers wireless standards.

They should follow the 802.11 standard.
The IEEE standard covering wireless is 802.9.
Frank and the other IT employees should read up on the 802.1 standard.
Meredith is a network security specialist working for a medium-sized publishing
company in Kansas City. Meredith has been tasked by her boss to add more security
measures to the companys network. She does some online research and attends a
couple of IT security seminars and believes she has a good plan for securing the

She has decided on creating a honeypot environment inside the network that will
provide in-depth attack information such as keystrokes, information about the
attackers source computer, and method of attack. Even though this type of honeypot is
more complex and time consuming to set up, Meredith believes the information gained
will be worth the time. What type of honeypot has Meredith decided to setup?

She is going to setup a passive honeypot.

Meredith has decided to implement a low-interaction honeypot.
This type of honeypot would be considered a high-interaction honeypot.
Meredith is implementing a forward-facing honeypot.
Timothy is an IT security analyst working on contract for the Department of Defense
on a six month contract. He was hired on to ensure that the DoDs connections to all its
partner organizations and external companies are secure. He performs scans against
the IPs owned by the DoD and sees a number of hosts listening on IPSEC ports.
Timothy now uses a tool to obtain the IKE Aggressive Mode pre-shared keys of those
VPN servers. What tool has Timothy used to accomplish this?

A. Timothy is using the Ikeprobe tool to obtain the IKE Aggressive Mode pre-shared keys
from the VPN servers.
B. He is using the Probescan isakmp tool.
C. He can make use of the Nmap isakmp tool to obtain the IKE Aggressive Mode preshared keys from VPN servers.
D. By making use of Ipsecscan tool, he can obtain the pre-shared keys from the VPN


Susan is a network technician who is going back to school to earn her Bachelors degree
in Information Technology. She is having to re-learn the fundamentals of networking
through textbooks; much of which she has already learned through work experience.
Her class is currently on the chapter studying the IEEE standards that cover
networking. They start with older standards such as Token ring which is covered under
802.5 standards and move onto Ethernet. What IEEE standard covers Ethernet
This would be the 801.9 IEEE standard.
802.1 is the standard covering Ethernet.
802.3 is the IEEE standard that covers Ethernet.
The IEEE standard covering Ethernet is 802.6.
Lance is an IT consultant working on contract for Sherman Brothers, a shipping
company in San Francisco. Using a laptop, Lance scans the companys network with
Nmap and finds a number of interesting ports he might try to exploit. Lance can see
that a number of hosts appear to be listening on TCP port 1723. What service is
listening on these ports?

A. The Nmap scan results have shown Lance that TACACS is running on these hosts.
B. ISAKMP runs on TCP port 1723.
C. Hosts running IPSEC listen on TCP port 1723.

D. From this Nmap scan, Lance can see that PPTP is running on these hosts.

Jacob is an IT network support technician working for a federal agency in Washington

DC. The agency Jacob works for stores and transmits vast amounts of sensitive
government data that cannot be compromised. Jacob and many other IT staff
members have secured virtually every aspect of the agency by using physical security to
harden all operating systems.
To further secure the data being passed by the agency, Jacob has implemented
Encapsulating Security Payload (ESP) to encrypt IP traffic. Jacob wants to encrypt the
IP traffic by inserting the ESP header in the IP datagram before the transport layer
protocol header. What mode of ESP does Jacob need to use to encrypt the IP traffic?





Jacob must use ESP in pass-through mode.

Jacob should utilize ESP in tunnel mode.
He needs to use transport mode ESP to encrypt the traffic.
In order to insert the ESP header before the transport layer, he should use ESP in
gateway mode.
Lyle is the IT director for a medium-sized food service supply company in Nebraska.
Lyles company employs over 300 workers, half of which use computers. He recently
came back from a security training seminar on logical security. He now wants to ensure
his company is as secure as possible. Lyle has many network nodes and workstation
nodes across the network. He does not have much time for implementing a networkwide solution.
He is primarily concerned about preventing the external attacks on the network by using
a solution that can drop packets if they are found to be malicious. Lyle also wants this
solution to be easy to implement and be network-wide. What type of solution would be
best for Lyle?
He should choose a HIPS solution.
Lyle would be best suited if he chose a NIPS implementation.
A NEPT implementation would be the best choice.
To better serve the security needs of his company, Lyle should use a HIDS system.
You are the CIO for Liquid Associates, an investment firm based out of Paris. You are
responsible for network functions and logical security throughout the entire corporation.
Your company has over 250 servers running Windows Server, 5000 workstations
running Windows Vista, and 200 mobile users working from laptops on Windows XP.

Last week, 10 of your companys laptops were stolen from salesmen while at a conference
in Barcelona. These laptops contained proprietary company information. While doing
damage assessment, a news story leaks about the stolen laptops and also that sensitive
information from those computers was posted to a blog online. What built-in Windows
feature could you have implemented to protect the sensitive information on these
A. You should have used 3DES which is built into Windows.

B. You should have utilized the built-in feature of Distributed File System (DFS) to protect
the sensitive information on the laptops.
C. You could have implemented Encrypted File System (EFS) to encrypt the sensitive files
on the laptops.
D. If you would have implemented Pretty Good Privacy (PGP) which is built into Windows,
the sensitive information on the laptops would not have leaked out.

Frederick is an IT security consultant working for Innovative Security which is an IT

auditing company in Houston. He has just been hired on to audit the network of a large
law firm in downtown Houston. He starts his work by performing some initial passive
scans and social engineering. He then uses Angry IP to scan for live hosts on the firms
After finding some live IP addresses, he attempts some firewalking techniques to bypass
the firewall using ICMP but the firewall blocks this traffic. Frederick decides to use
HPING2 to hopefully bypass the firewall this time.
He types in the following command:
C:\Hping2>hping2 -a -S -p 81
What is Frederick trying to accomplish by using HPING2?

A. Frederick is attempting to send spoofed SYN packets to the target via a trusted third
party to port 81.
B. He is using HPING2 to send FIN packets to over port 81.
C. By using this command for HPING2, Frederick is attempting to connect to the host at through an SSH shell.
D. This HPING2 command that Frederick is using will attempt to connect to the
host over HTTP by tunneling through port 81.


Blake is an IT contractor who has been hired on by an ISP to test all their network
equipments security. From an outside IP address, Blake performs a traceroute to find
where the company firewall is at.
Blake then uses a tool that changes the TTL value for packets to be one more than the
hop count of the firewall. This tool scans the firewall ports and whenever he gets the
message TTL exceeded error he knows that port on the firewall is open. What tool
Blake uses to accomplish this?

A. Hping2 changes the TTL value for packets to be one more than the hop count of the
B. To accomplish these results, Blake must have utilized the tool Snarf.
C. Blake uses Firewalk tool to accomplish this.
D. Blake used Httrack to see which ports on the firewall were open.


Karen is a network security consultant that owns her own company. She has been hired
by a state government agency in Nebraska to perform a security audit and make

recommendations. Karen performs her audit over a span of three weeks and finds a
number of areas the agency needs to improve in.



There is no web filtering currently taking place in a specific area; agency employees can
browse to any website whether they are unsuitable for work or not. She decides to install
a proxy server for the company to help filter appropriate and inappropriate web content.
At what OSI layer will the proxy server work on?
It will filter traffic on the application layer.
The proxy server will function on the session layer.
It will function on the physical layer.
Since the proxy server is going to filter traffic, it will work on the network layer.
Jonathan is an IT administrator who oversees a small marketing firm with 25
workstations and 5 servers. Most of the workstations are at the end of their warranty so
Jonathan has purchased computers to replace them. He also wants to donate the
computers to a school to help them out and for his company to be able to take a tax
write-off. All the computers have propriety data on them that cannot be left on them
when they are donated.
Jonathan does not want to leave any residual data on the donated computers in case the
companys data is found and used for financial gain. What operations can Jonathan carry
out on the PCs before donating to ensure the data cannot be recovered?

A. He should do a format /complete on the C: drive of the computer to ensure that none of
the data can be recovered.
B. Jonathan needs to install a Linux-based operation system on the computers which would
completely erase all data.
C. Jonathan should use a program that will write zeroes to the hard drive to fill it up.
D. He can move the hard drives jumpers from Master Select to Wipe for 10 minutes which
will completely erase all data contained on the hard drive.



Blake is a network security analyst for his company. Blake is auditing the recent work of
the systems and network administrators after installing a virtual server environment.
According to the companys security policy, all access to any network resources must use
Windows Active Directory Authentication. Blake looks at a Linux server that was recently
installed to run these virtual servers and learns that it is not using Windows
Authentication. What should Blake tell the administrators that they need to do on this
server to force Windows Authentication?
Blake should instruct them to edit the PAM file to enforce Windows Authentication.
Blake should tell the administrators to edit the shadow file.
He needs to have the administrators remove the /var/bin/localauth.conf file.
To enforce Windows authentication, he should tell them to edit the ADLIN file
Patrick is an IT administrator working for an airline company based out of Atlanta.
Because of the recent economy, the company was forced to lay off its two web developers.
Luckily, Patrick knows how to create and develop web pages since he does that in his
spare time to earn extra money.

He has developed a logon page using Java on one of the companys websites with the
following code. To ensure the logon procedure is safe, Patrick runs the code through a
security analyzer but it fails. What vulnerability or issue is the code susceptible to?

A. This Java code is susceptible to a directory transversal attack.

B. This Java code is vulnerable to SQL slamming.
C. This code is susceptible to a SQL injection attack.
D. The code is vulnerable to query string manipulation


Miles is working on one of his network routers that has been showing signs of a future
failure. The router has been dropping packets randomly off and on for two weeks now.
Miles logs onto his router using Telnet and types in his username and password.
Miles then tries to execute some commands but they will not work even though they
normally do. He receives an error saying that he is not logged into the correct mode for
using those commands. What mode should Miles log into to execute these commands?



Miles should go into router ROOT mode.

He needs to log into privileged EXEC mode.
Miles needs to log into user EXEC mode.
He should log into admin PRIVILEGE mode.
George is an IT security consultant who has been hired on by an ISP that has recently
been plagued by numerous DoS attacks. The ISP did not have the internal resources to
prevent future attacks, so they hired George for his expertise. He looks through the
companys firewall logs and can see from the patterns that the attackers were using the
reflected DoS attacks. What measures can George take to help prevent future reflective
DoS attacks against the ISPs network?

A. George should have the ISP block port 179 on their firewall to stop these DoS attacks.
B. He should have them configure their network equipment to recognize SYN source IP
addresses that never complete their connections.

C. He should configure the ISPs firewall so that it blocks FIN packets that are sent to the
broadcast address of the companys internal IP range.
D. He needs to tell the ISP to block all UDP traffic coming in on port 1001 to prevent future
reflective DoS attacks against their network.


Johnnie is a network technician that works for Felden Books, a publishing company in
New York City. He is responsible for troubleshooting any minor network issues that arise
for company employees. If a network problem becomes too large or complex, he hands
the issue off to the network administrator. All workstations on the network receive IP
addresses automatically from a DHCP server named SVR10.
All workstations also are running Windows XP. He receives a call from Susan in
Accounting about a problem with her computer. He takes a look and something appears
to be wrong with the network card or IP address on her computer. He calls the network
administrator and he tells Johnnie to have the computer get a new IP address from the
DHCP server. What command can Johnnie use to get a new IP address?


He should type in IFCONFIG /NEW.

Johnnie should use the IPCONFIG /FLUSHDNS command.
Johnnie can type in IPCONFIG /RELEASE and then IPCONFIG /RENEW.
If Johnnie types in the IPCONFIG /START command, the computer will get a new IP