- (Topic 2)
You work as a Network Administrator for XYZ CORP. The company has a small TCP/IP- based network environment. The network contains a Cisco Catalyst 6000 family switch. A few sales people come to your outer office and use your local network to access the Internet, as well as to demonstrate their products. What will you do to prevent your network from being accessed by any outside computers?

1. A. Configure port security.
2. B. Configure a firewall for IP blocking on the network.
3. C. Configure a firewall for MAC address blocking on the network.
4. D. Configure a port scanner.

Correct Answer: A
According to the question, you are required to prevent outside computers from accessing your network. You should therefore configure the switch's port access based on the MAC address, which can be done by configuring port security. Port security is a feature of Cisco Catalyst series switches. Port security is used to block input based on the media access control (MAC) address to an Ethernet, Fast Ethernet, or Gigabit Ethernet port. It denies the port access to a workstation when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port. Internet or other outside networks. Answer D is incorrect. A port scanner is a software tool that is designed to search a network host for open ports. This tool is often used by administrators to check the security of their networks. It is also used by hackers to compromise the network and systems.

- (Topic 4)
You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement? (Choose two)

1. A. Using WPA encryption
2. B. MAC filtering the router
3. C. Not broadcasting SSID
4. D. Using WEP encryption

Correct Answer: AD

With either encryption method (WEP or WPA) you can give the password to customers who need it, and even change it frequently (daily if you like). So this won't be an inconvenience for customers.

- (Topic 2)
Which of the following is an example of penetration testing?

1. A. Configuring firewall to block unauthorized traffic
2. B. Implementing HIDS on a computer
3. C. Simulating an actual attack on a network
4. D. Implementing NIDS on a network

Correct Answer: C

Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution. The intent of a penetration testing is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered. It is a component of a full security of penetration testing.

- (Topic 1)
You are concerned about an attacker being able to get into your network. You want to make sure that you are informed of any network activity that is outside normal parameters. What is the best way to do this?

1. A. Utilize protocol analyzers.
2. B. User performance monitors.
3. C. Implement signature based antivirus.
4. D. Implement an anomaly based IDS.

Correct Answer: D

An anomaly based Intrusion Detection System will monitor the network for any activity that is outside normal parameters (i.e. an anomaly) and inform you of it. Answer C is incorrect. Antivirus software, while important, won't help detect the activities of intruders. Answer B is incorrect. Performance monitors are used to measure normal network activity and look for problems such as bottlenecks. Answer A is incorrect. A protocol analyzer does detect if a given protocol is moving over a particular network segment.

- (Topic 1)
You are the Network Administrator for a software development company. Your company creates various utilities and tools. You have noticed that some of the files your company creates are getting deleted from systems. When one is deleted, it seems to be deleted from all the computers on your network. Where would you first look to try and diagnose this problem?

1. A. Antivirus log
2. B. IDS log
3. C. System log
4. D. Firewall log

Correct Answer: A

Check the antivirus log and see if it is detecting your file as a virus and deleting it. All antivirus programs have a certain rate of false positives. Since the file is being deleted from all computers, it seems likely that your antivirus has mistakenly identified that file as a virus. Answer D is incorrect. The firewall log can help you identify traffic entering or leaving your network, but won't help with files being deleted. Answer B is incorrect. An IDS log would help you identify possible attacks, but this scenario is unlikely to be from an external attack. Answer C is incorrect. Your system log can only tell you what is happening on that individual computer.