Review Questions | Network+ Study Guide

1.	Which of the following is an appropriate name for the network administration account? super superuser tswilliam administrator the original name
2.	Which type of firewall checks for a current communication and the next packet needed? Access control lists Member control lists Static state lists Dynamic packet filtering Proxy
3.	Which version(s) of Windows is/are certified by the DoD? Windows NT 3.5 Windows NT 3.51 Windows NT 4 Windows 2000
4.	Which version(s) of NetWare is/are certified by the DoD? (Choose all that apply.) 2 3.12 4 4.1 4.11
5.	For security reasons, where should you store backup tapes? (Choose all that apply.) Next to the server Next to the monitor In a drawer Locked in a cabinet Sealed in an envelope Offsite
6.	Which operating system(s) has/have achieved a National Security Agency certification allowing it/them to be used in a networked B- or C-level certified environment? (Choose all that apply.) Unix NetWare Windows Linux
7.	Which group of books does the DoD publish that deal with network security? The Rainbow Series The Colored Book Series The Orange Book Series The Red Book Series The Brown Book Series
8.	Which government agency did the U.S. Department of Defense (DoD) task to handle computer security certification? EPA DOE DIS DSS NSA
9.	What is the Diffie-Hellman algorithm used to do? Encrypt data using public key cryptography Encrypt data using private key cryptography Encrypt data using symmetric cryptography Run a key manager that distributes tokens Revoke distributed security tokens
10.	What is the strongest bit-strength encryption that the U.S. government normally allows to be exported? 32-bit 40-bit 64-bit 128-bit 250-bit 256-bit
11.	Which type of security uses a file that identifies predefined IP addresses that are allowed to send data through a router? Access control lists Dynamic state list Proxy Interpreter Translator
12.	Which of the following passwords are considered weak? (Choose all that apply.) tempest4@wiND gwashington MargeS MSmith os2Cys&BtDel? wwater7D$walkEr
13.	How often should regular users be forced to reset their passwords? Never Every day Once a week Once a month Once a semester Once a fiscal quarter
14.	Which of the following are good criteria for a strong password? (Choose all that apply.) Three characters or longer Eight characters or longer Using both alphanumeric and special characters Using the license plate number of your truck Using words not found in a dictionary
15.	What is the proper action to take before you leave your workstation? You are going to get a glass of water and will return in five minutes. Power down your workstation. Log out. Unplug the monitor. Unplug the computer.
16.	Whose accounts should immediately be disabled when their employment is terminated? (Choose all that apply.) Secretaries Lab assistants Engineers Managers Security guards Network administrators
17.	What should be collected in an exit interview of a terminated employee? (Choose all that apply.) Schematics Blood sample Coffee mug Office keys Badge Pager Spouse’s photo
18.	What types of recording devices are typically allowed inside technology companies? The Furby doll Hand-held still cameras Mounted company security video cameras Dictation tape recorders Newspaper reporter tape recorders
19.	Active intrusion-detection systems have which of the following characteristics? (Choose all that apply.) Capability to scan communications in near real time Capability to record actions of attackers without raising an alarm Acting to terminate the communications of the attacker Shutting themselves down to hide from the attacker Shutting down the entire network to protect against attacks
20.	Which of the following attacks affects only Windows operating systems? PingNuke Ping of Death WinNuke Win of Death SYNNuke SYN of Death

Answers

1.	C. It’s considered a “best practice” to not use the names super, superuser, or administrator because those are default accounts. The best choice is to pick a user and give them administrative privileges. Then, delete or disable the built-in administration accounts.
2.	E. A proxy provides firewall services by keeping track of all communications sessions and fetching the next packets.
3.	A. The only version of Windows that is currently certified as a secure workstation platform is Windows NT version 3.5.
4.	C, E. Versions 4 and 4.11 are certified by the DoD as secure.
5.	D, F. The best location for backup tapes is locked in a cabinet offsite. These practices make it difficult for someone to steal the backups.
6.	A, B. Of the OSes listed, only Unix and NetWare have been certified for use in a networked environment. Windows NT 3.5 was certified, but only as a workstation environment.
7.	A. The Rainbow Series is the series of books that the DoD publishes for standards of secure networking.
8.	E. The National Security Agency (NSA) is responsible for handling computer security certification.
9.	A. Diffie-Hellman is a public key cryptography algorithm.
10.	B. At the time of the writing of this exam, a 40-bit encryption algorithm was the strongest you could export. That restriction is currently being revised.
11.	A. Access control list security uses a file (the ACL) that identifies which addresses can send data through a particular firewall or router.
12.	B, C, D. The best passwords are those that don’t use any part of a person’s name or a dictionary word. Thus, since options B, C, and D all are essentially usernames, they would be considered weak passwords.
13.	D. It has been found that, for ease of remembrance and maximum possible security, a user should be forced to change their password at least once a month (or every 30 days). Any sooner and the user will forget their new password frequently; any later and they may complain that they would just like to keep their same password all the time (as well as increase the chance an unauthorized user might guess the password).
14.	B, C, E. The best passwords are eight characters or longer; use numbers, letters, and special characters; and are words not necessarily found in a dictionary. Any word that can be found in a dictionary, is a proper name, or is another name of sentimental value is considered a bad/weak password.
15.	B. It would be inefficient to shut down your workstation or unplug the computer because it takes so long to restart it. Unplugging the monitor would still leave the computer accessible (an intruder could simply plug it back in). The only convenient way to secure the computer for that short a time is to simply log out.
16.	A, B, C, D, E, F. For security reasons, all accounts should be disabled when the employee quits or is terminated. You don’t necessarily have to delete the account, but it should be disabled so that the employee can’t use it.
17.	A, D, E, F. Any item that could be used to gain access to a company’s resources should be collected during the exit interview of an employee. Keys, badges, and important papers (like schematics) should be obtained along with any company property (intellectual or otherwise).
18.	C. For an absolutely secure installation, the only recording devices that should be on the premises are company-owned and -operated devices like security cameras.
19.	A, C. Active intrusion systems detect intrusions or possible intrusions the moment they occur and take actions to prevent the intrusion. These systems, if working correctly, should only affect the intruder.
20.	C. Although many of these attacks can affect Windows systems, only one—WinNuke—was designed specifically to attack Windows systems. It works because of a bug in the Windows TCP/IP stack.