A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network?
A. Put the VoIP network into a different VLAN than the existing data network. B. Upgrade the edge switches from 10/100/1000 to improve network speed C. Physically separate the VoIP phones from the data network D. Implement flood guards on the data network
Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis-configurations or faults?
A. VLAN B. Protocol security C. Port security D. VSAN
Correct Answer: D Section: Application, Data and Host Security
A storage area network (SAN) is a secondary network that offers storage isolation by consolidating storage devices such as hard drives, drive arrays, optical jukeboxes, and tape
libraries. Virtualization can be used to further enhance the security of a SAN by using switches to create a VSAN. These switches act as routers controlling and filtering traffic into and
out of the VSAN while allowing unrestricted traffic within the VSAN.
A: A Virtual area network (VLAN) is segmented network in which switches are used to perform the segmentation. The switches also perform routing functions, controlling and filtering
traffic between VLANS.
B, C: Protocol and Port security is provided by firewalls. Firewalls control or filter traffic between systems based on protocols and the ports used by those protocols. Firewalls could be
used to isolate the SAN but it is unlikely to isolate mis-configurations or faults.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 89-91
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 5-6, 31
A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches. Which of the following will BEST mitigate the risk if implemented on the switches?
A. Spanning tree B. Flood guards C. Access control lists D. Syn flood
Correct Answer: A Section: Threats and Vulnerabilities
Spanning Tree is designed to eliminate network ‘loops’ from incorrect cabling between switches. Imagine two switches named switch 1 and switch 2 with two network cables connecting the switches. This would cause a network loop. A network loop between two switches can cause a ‘broadcast storm’ where a broadcast packet is sent out of all ports on switch 1 which includes two links to switch 2. The broadcast packet is then sent out of all ports on switch 2 which includes links back to switch 1. The broadcast packet will be sent out of all ports on switch 1 again which includes two links to switch 2 and so on thus flooding the network with broadcast traffic. The Spanning-Tree Protocol (STP) was created to overcome the problems of transparent bridging in redundant networks. The purpose of STP is to avoid and eliminate loops in the network by negotiating a loop-free path through a root bridge. This is done by determining where there are loops in the network and blocking links that are redundant. Spanning-Tree Protocol executes an algorithm called the Spanning-Tree Algorithm (STA). In order to find redundant links, STA will choose a reference point called a Root Bridge, and then determines all the available paths to that reference point. If it finds a redundant path, it chooses for the best path to forward and for all other redundant paths to block. This effectively severs the redundant links within the network. All switches participating in STP gather information on other switches in the network through an exchange of data messages. These messages are referred to as Bridge Protocol Data Units (BPDUs). The exchange of BPDUs in a switched environment will result in the election of a root switch for the stable spanning-tree network topology, election of designated switch for every switched segment, and the removal of loops in the switched network by placing redundant switch ports in a backup state.
B: Flood guards are used to prevent network flooding attacks such as DoS, SYN floods, ping floods etc. However, this question states that a security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches. Spanning tree is a more appropriate answer is this scenario.
C: Access control lists would not prevent a DoS style attack caused by staff incorrectly cabling network connections between switches. Switch traffic is not allowed or disallowed using Access control lists.
D: A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. It is not used to prevent a DoS style attack caused by staff incorrectly cabling network connections between switches.
A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?
A. The request needs to be sent to the incident management team. B. The request needs to be approved through the incident management process. C. The request needs to be approved through the change management process. D. The request needs to be sent to the change management team.
Correct Answer: C Section: Compliance and Operational Security
Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. Thus the actual switch configuration should first be subject to the change management approval.
A: Incident management refers to the steps followed WHEN events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The
scenario want to know what must be done prior to the incident.
B: Incident management refers to the process that has to be followed WHEN an event occurred not prior to the event.
D: Immediately prior to the actual switch configuration the request should be approved through the change management process.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 10
Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?
A. True negatives B. True positives C. False positives D. False negatives
Correct Answer: C Section: Compliance and Operational Security
False positives are essentially events that are mistakenly flagged and are not really events to be concerned about.
A: True negatives would be non-events.
B: True positives would be real alerts and alarms.
D: With a false negative, you are not alerted to a situation when you should be alerted – The opposite of false negatives.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 28
Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which of the following protocols would he need to configure on each device?
A. SMTP B. SNMPv3 C. IPSec D. SNMP
Correct Answer: B Section: Network Security
Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.
A: SMTP is the email-forwarding protocol used on the Internet and intranets.
C: IPSec provides for encryption security using symmetric cryptography. This means communication partners use shared secret keys to encrypt and decrypt traffic over the IPSec VPN
D: You can use SNMP to interact with several network devices to acquire status information, performance data, statistics, and configuration details via a management console.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 40, 42, 50
A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?
A. Implement a virtual firewall B. Install HIPS on each VM C. Virtual switches with VLANs D. Develop a patch management guide
Correct Answer: C Section: Network Security
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments.
A: A virtual firewall (VF)is a network firewall service or appliance running entirely within a virtualized environment and which provides the usual packet filtering and monitoring provided
via a physical network firewall.
B: HIPS watch the audit trails and log files of a host system.
D: Patch management is the formal process of ensuring that updates and patches are properly tested and applied to production systems.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 12, 23, 246
Which of the following devices is MOST likely being used when processing the following?
1 PERMIT IP ANY ANY EQ 80
2 DENY IP ANY ANY
A. Firewall B. NIPS C. Load balancer D. URL filter
Correct Answer: A Section: Network Security
Firewalls, routers, and even switches can use ACLs as a method of security management. An access control list has a deny ip any any implicitly at the end of any access control list.
ACLs deny by default and allow by exception.
B: Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity.
C: A load balancer is used to distribute network traffic load across several network links or network devices.
D: A URL filter is used to block URLs (websites) to prevent users accessing the website.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 10, 24