Comptia Security +: Network Security MCQs

Comptia Security +: Network Security MCQs

These Comptia Security +: Network Security multiple-choice questions and their answers will help you strengthen your grip on the subject of Comptia Security +: Network Security. You can prepare for an upcoming exam or job interview with these 30 Comptia Security +: Network Security MCQs.
So scroll down and start answering.

1: Firewall that communicates directly with a perimeter router and the internal network - 2 NICs - screens internal traffic

A.   Private

B.   Cat3

C.   Null session

D.   Screened host

2: Variation of the SYN flood where SYN packets are spoofed to have the same source and destination IP address and port


B.   Deny by default

C.   Land attack

D.   Man in the middle

3: A person or program masquerades as another by presenting false information to gain an illegitimate advantage

A.   Honeypot

B.   Spoofing

C.   Layered

D.   Proxy

4: Attempt to block service or reduce activity by overloading the victim machine with ping requests

A.   SYN flood

B.   Man in the middle

C.   Router

D.   Ping flooding

5: A variation of a smurf attack using UDP

A.   Fraggle

B.   Store and forward

C.   Cat3

D.   Protocol

6: Evolved from IDS - monitors network traffic - detects and responds to attack on network

A.   Broadcast domain

B.   Stateful inspection


D.   Multi homed

7: Session hijacking countermeasure

A.   0 - 1023


C.   Encrypt session key


8: One device per network segment - does not use local system resources - can't examine encrypted traffic - OS independent - less expensive

A.   Ping flooding


C.   Private

D.   ARP

9: IP spoofing attack where the attacker can monitor packets and participate in bidirectional communication

A.   Smurf

B.   Informed

C.   10base2

D.   Honeypot

10: Acts as an organizations internal phone system

A.   Multiple interface firewall

B.   PBX (Private Branch Exchange)

C.   Knowledge based

D.   Switch

11: Most common DMZ implementation using three firewall interfaces (internet - intranet - DMZ)

A.   Multiple interface firewall

B.   Blind

C.   10base2

D.   Stateful inspection

12: Level 2 firewall often used to filter web traffic

A.   Knowledge based

B.   Proxy

C.   Promiscuous

D.   Land attack

13: Examines a entire packet and determines action based on a complex set of rules

A.   10Base5

B.   Application gateway

C.   Fiber optic

D.   Passive

14: Firewall that intercepts and inspects messages before delivering them - placed between trusted and untrusted networks - degrade network traffic - also know as application gateway

A.   Proxy

B.   Informed

C.   Promiscuous

D.   IP spoofing

15: Unauthenticated connections - creating the potential for a successful connection as an anonymous user

A.   Replay

B.   Null session

C.   Blind

D.   Protocol analyzer

16: Blocks all traffic from passing through the firewall except for traffic that is explicitly allowed - also known as restrictive access - best practice

A.   Deny by default


C.   Screened subnet

D.   Private

17: A set of rules computers use to communicate with each other across a network


B.   Spoofing

C.   Protocol

D.   Encrypt session key

18: Firewall with several NICs connected to different networks

A.   Screened host

B.   Multi homed

C.   Informed

D.   Switch

19: A level 3 firewall that remembers / tracks network connections - maintains a state table - distinguish which side of a firewall a connection was initiated - higher security

A.   Smurf

B.   Firewalls

C.   Honeynet

D.   Stateful inspection

20: An attack where fragmented UDP packets with odd offset values are sent to the victim - when the OS attempts to rebuild the fragments they overwrite each other and cause confusion

A.   Switch

B.   Honeypot

C.   Cat5

D.   Teardrop

21: Malicious insiders - connections that bypass the firewall (i.e. IM) - encrypted traffic/tunneling - social engineering - physical access are missed by ___________

A.   Dynamic NAT

B.   IP spoofing

C.   Multi homed

D.   Firewalls

22: Cable with copper core - has no physical transmission security and is easy to tap - 10mbps - maximum length 500 meters

A.   IP spoofing

B.   Coaxial

C.   Knowledge based

D.   49 -152 - 65 -535

23: Ping flooding - ping of death - smurf - fraggle - SYN flood - land - teardrop - email flood

A.   DoS attacks

B.   Deny by default

C.   Informed

D.   Firewalls

24: Promiscuous NIC to sniff passing traffic - admin NIC to send alerts to centralized management system

A.   1024 - 49 -151

B.   IP spoofing

C.   Application

D.   NIDS network connections

25: Monitors network traffic to identify possible attacks

A.   10Base5

B.   Proxy


D.   False negative

26: A method - used by switches and email servers - of delivering messages which are temporarily held by an intermediary before being sent to their final destination

A.   DNS spoofing


C.   Dual homed

D.   Store and forward

27: Connects two or more subnets - determines the best path to forward packets based on packet header and forwarding table information

A.   Extranet

B.   Packet filter

C.   Router

D.   Screened subnet

28: An attack where an attacker captures sensitive information and sends it again later in an attempt to replicate the transaction

A.   Replay

B.   Land attack

C.   Man in the middle

D.   Passive

29: Examines content passing through and makes a decision on the data based on a set of criteria - normal uses email filtering and web browsing

A.   Tcp/ip hijacking


C.   Subnet

D.   Content filter

30: When a hacker takes over a TCP session between two machines - also known as session hijacking - foiled by the use of encrypted sessions

A.   Stateful inspection

B.   Tcp/ip hijacking

C.   Smurf

D.   Hub

31: ____ is data before any encryption has been performed.

A.   Plaintext

B.   Ciphertext

C.   Encriptext

D.   Cryptotext

32: ________ is one method of thwarting dos attacks by dropping all ip packets from an attacker.

A.   Black holing

B.   ICMP echo

C.   P2P redirect

D.   None of the above