22 Chapter 1 Introduction to Network Security

Review Questions

1.Which of the following is an example of a policy weakness? (Choose all that apply.)

A.Absence of a proxy server

B.No trusted networks

C.Misconfigured network equipment

D.No disaster recovery plan

E.Technical support personnel continually changing

2.What are the three typical weaknesses in any network implementation? (Choose all that apply.)

A.Policy weakness

B.Technology weakness

C.Hardware weakness

D.Configuration weakness

E.Software weakness

3.Which of the following are examples of TCP/IP weaknesses? (Choose all that apply.)

A.Trojan horse

B.HTML attack

C.Session replaying

D.Application-layer attack

E.SNMP

F.SMTP

4.Which Cisco IOS feature would you use to protect a TCP server from TCP SYN-flooding attacks?

A.Rerouting

B.TCP Intercept

C.Access control lists

D.Encryption

5.Which of the following can be used to counter an unauthorized access attempt? (Choose all that apply.)

A.Encrypted data

B.Cisco Lock-and-Key

C.Access control lists

D.PAP

E.CHAP

F.IKE

G.TACACS+

6.What security issues face organizations today? (Choose all that apply.)

A.Security is not just a technology problem.

B.Too many employees need remote access.

C.Service providers don’t provide the support and security they promise.

D.Vast quantities of security technologies exist.

E.Adopting the latest security methods can be costly.

F.Many organizations lack a single network-wide security policy.

7.Which of the following threats is an example of snooping and network sniffing?

A.Repudiation

B.Masquerade threats

C.Eavesdropping

D.DoS

8.You are creating your security policy. Which of the following would you consider policy weaknesses? (Choose all that apply.)

A.Improper change control

B.IP spoofing

C.Masquerade attack

D.Misconfigured network equipment

E.Consistent security policy

F.Absence of a disaster recovery plan

24 Chapter 1 Introduction to Network Security

9.In a masquerade attack, what does an attacker steal when pretending to come from a trusted host?

A.Account identification

B.User group

C.IP address

D.CHAP password

10.Which statements about the creation of a security policy are true? (Choose all that apply.)

A.It helps you determine the return on your investment in the network.

B.It provides a process with which to audit existing network security.

C.It defines how to track down and prosecute policy offenders.

D.It defines which behavior is and is not allowed.

E.It helps determine which vendor security equipment or software is better than others.

F.It allows your network to be completely secure and safe from all attacks.

11.Which of the following would be considered configuration weaknesses? (Choose all that apply.)

A.Old software

B.Unsecured user accounts

C.Misconfigured Internet services

D.No monitoring or auditing

12.Which of the following are examples of policy weaknesses? (Choose all that apply.)

A.Organization politics

B.Misconfigured Internet services

C.Improper change control

D.No monitoring or auditing of logs

E.System accounts with easily guessed passwords

13.What are the technology weaknesses that can affect an organization? (Choose all that apply.)

A.Software weakness

B.TCP/IP weakness

C.Operating system weakness

D.Network equipment weakness

14.What policies should be in place before any network equipment is configured and installed? (Choose all that apply.)

A.Passwords

B.Politics

C.Firewalls

D.Authentication

15.Using the default settings when installing network equipment is listed as what type of weakness?

A.Technology weakness

B.Configuration weakness

C.Policy weakness

D.Software weakness

16.Lack of business continuity is listed as what type of weakness?

A.Technology weakness

B.Configuration weakness

C.Policy weakness

D.Software weakness

17.Operating system security problems are listed as what type of weakness?

A.Technology weakness

B.Configuration weakness

C.Policy weakness

D.Software weakness

18.Lax security administration is listed as what type of weakness?

A.Technology weakness

B.Configuration weakness

C.Policy weakness

D.Software weakness

19.Software and hardware installation and changes are listed as what type of weakness?

A.Technology weakness

B.Configuration weakness

C.Policy weakness

D.Software weakness

20.Not having a disaster recovery plan is listed as what type of weakness?

A.Technology weakness

B.Configuration weakness

C.Policy weakness

D.Software weakness