1.
What provides protection of the base network perimeter using a protection device or system
of devices?
Correct Answer
C. Boundary protection.
Explanation
Boundary protection refers to the practice of securing the base network perimeter using a protection device or system. This involves implementing measures such as firewalls, intrusion detection systems, and access control mechanisms to prevent unauthorized access and attacks from external sources. By establishing a clear boundary between the internal network and external networks, boundary protection helps to safeguard sensitive information and resources from potential threats.
2.
What severity code applies to any vulnerability that provides information that gives an
unauthorized person the means to circumvent security controls?
Correct Answer
B. Category II.
Explanation
Category II applies to any vulnerability that provides information that gives an unauthorized person the means to circumvent security controls. This means that the vulnerability could potentially allow someone to bypass security measures and gain unauthorized access to sensitive information or systems.
3.
What severity code applies to any vulnerability that provides information that potentially
could lead to a compromise?
Correct Answer
C. Category III.
Explanation
Category III applies to any vulnerability that provides information that potentially could lead to a compromise. This means that the vulnerability may expose sensitive information or allow an attacker to gain unauthorized access to a system or network. It is important to address and mitigate these vulnerabilities to prevent potential compromises and protect the confidentiality and integrity of the information.
4.
What severity code applies to any vulnerability that, when resolved, will prevent the
possibility of degraded security?
Correct Answer
D. Category IV.
Explanation
Category IV applies to any vulnerability that, when resolved, will prevent the possibility of degraded security. This means that resolving a vulnerability in this category will ensure that the security of the system is not compromised or weakened in any way.
5.
How many Integrated Network and Operation Security Centers (INOSC) does the Air Force
have?
Correct Answer
B. Two.
Explanation
The correct answer is Two. This suggests that the Air Force has two Integrated Network and Operation Security Centers (INOSC).
6.
How many hours prior to change implementation does the Integrated Network Operations
and Security Centers (INOSC) notify a base communications flight about removing unused filters?
Correct Answer
D. 72 hours.
Explanation
The INOSC notifies a base communications flight about removing unused filters 72 hours prior to change implementation. This allows the base communications flight enough time to prepare and coordinate the necessary actions for removing the filters.
7.
What is the primary intrusion/misuse tool used in the Air Force Enterprise Network (AFEN)?
Correct Answer
D. Automated security incident measurement (ASIM).
Explanation
Automated security incident measurement (ASIM) is the primary intrusion/misuse tool used in the Air Force Enterprise Network (AFEN). ASIM is a software system that monitors and analyzes network traffic to detect and respond to security incidents. It provides real-time visibility into network activity, identifies potential threats, and helps in preventing unauthorized access or misuse of the network. ASIM plays a crucial role in maintaining the security and integrity of the AFEN by continuously monitoring and analyzing network traffic for any suspicious or malicious activity.
8.
An active intrusion detection system (IDS) is normally incorporated into
Correct Answer
B. Firewalls.
Explanation
An active intrusion detection system (IDS) is normally incorporated into firewalls. Firewalls act as a barrier between a trusted internal network and an untrusted external network, monitoring and controlling incoming and outgoing network traffic. By incorporating an IDS into firewalls, it allows for real-time monitoring and detection of any suspicious or malicious activities, providing an additional layer of security to the network. Switches, routers, and servers also play important roles in network security, but they do not typically include IDS functionality.
9.
Which intrusion detection system (IDS) monitors network traffic and alerts administrators
about suspicious traffic?
Correct Answer
D. Network-based IDS.
Explanation
A network-based IDS is designed to monitor network traffic and identify any suspicious activity or anomalies. It analyzes the packets of data flowing through the network and compares them against a database of known attack patterns. When it detects any suspicious traffic, it generates alerts to notify administrators so that they can take appropriate action to mitigate the threat. Unlike a host-based IDS, which focuses on monitoring the activity on a specific host or device, a network-based IDS monitors the entire network, making it an effective tool for detecting and responding to network-level threats.
10.
Which intrusion detection system (IDS) examines servers or client computers for the
patterns of an intrusion?
Correct Answer
C. Host-based IDS.
Explanation
A host-based IDS is an intrusion detection system that examines servers or client computers for the patterns of an intrusion. It focuses on the individual host or endpoint and monitors activities and events occurring on that specific system. This type of IDS is capable of detecting unauthorized access attempts, abnormal behavior, and malicious activities on the host, allowing for timely response and mitigation of potential threats.
11.
When using an intrusion detection system (IDS), remember to
Correct Answer
D. Use a centralized management console for system management.
Explanation
Using a centralized management console for system management is recommended when using an intrusion detection system (IDS). This allows for easier and more efficient management of the IDS across the entire network. It provides a single interface to monitor and control the IDS, making it easier to detect and respond to potential intrusions. By centralizing the management, it also ensures consistency in policies and configurations across the network, reducing the risk of oversight or misconfiguration.
12.
The disadvantage of a host-based intrusion detection system (HIDS) is that it
Correct Answer
B. Consumes resources on the host it resides on and slows that device down.
Explanation
A host-based intrusion detection system (HIDS) consumes resources on the host it resides on and slows that device down. This is because the HIDS needs to continuously monitor and analyze the activities and behaviors of the host in order to detect any potential intrusions or malicious activities. This constant monitoring and analysis can put a strain on the host's resources, such as CPU and memory, leading to decreased performance and slower operation of the device.
13.
One advantage of a network-based intrusion detection system (NIDS) is that it
Correct Answer
B. Uses very few network resources
Explanation
A network-based intrusion detection system (NIDS) that uses very few network resources is advantageous because it minimizes the impact on the network's performance and bandwidth. By efficiently utilizing network resources, the NIDS can effectively monitor and analyze network traffic without causing significant disruptions or slowing down the network. This enables continuous monitoring and detection of potential intrusions without negatively impacting the network's functionality.
14.
What intrusion detection system (IDS) is not commonly used due to increasing cost of
implementation?
Correct Answer
D. Application-based IDS.
Explanation
Application-based IDS is not commonly used due to the increasing cost of implementation. This is because application-based IDS requires the deployment of sensors or agents on each individual application, which can be expensive and time-consuming. In contrast, host-based IDS focuses on monitoring the activities and behaviors of individual hosts, network-based IDS monitors network traffic, and hardware-based IDS uses specialized hardware devices to detect intrusions. Application-based IDS is less commonly used due to its higher implementation costs.
15.
Host-based intrusion detection systems (HIDS) are
Correct Answer
C. Passive and active.
Explanation
Host-based intrusion detection systems (HIDS) are considered both passive and active because they have the capability to monitor and analyze activities occurring on a specific host or system. The passive aspect involves the system's ability to passively monitor and collect data about events and behaviors on the host, such as log files, system calls, and network traffic. On the other hand, the active aspect refers to the system's ability to take actions in response to detected threats, such as sending alerts, blocking traffic, or initiating countermeasures. Therefore, HIDS can both passively observe and actively respond to potential intrusions.
16.
A logical connection point for the transmission of information packets is known as a
Correct Answer
D. Port.
Explanation
A port is a logical connection point for the transmission of information packets. It serves as an interface between the computer and external devices or networks, allowing data to be sent and received. Ports are essential for establishing communication and facilitating the exchange of information between different systems or devices.
17.
Above which layer of the open systems interconnect (OSI) model are protocols designed to
reside?
Correct Answer
D. Session.
Explanation
Protocols are designed to reside above the Session layer of the OSI model. The Session layer is responsible for establishing, managing, and terminating sessions between applications. It provides services such as session establishment, synchronization, and checkpointing. Protocols that reside above this layer handle tasks related to the presentation of data, such as data formatting, encryption, and compression. Therefore, the correct answer is Session.
18.
Which is not a common service?
Correct Answer
D. Open system interconnection (OSI).
Explanation
The Open System Interconnection (OSI) is not a common service. It is actually a conceptual framework that standardizes the functions of a communication system. It defines a set of protocols and specifications to enable different systems to communicate with each other. In contrast, FTP, DNS, and HTTP are all common services used in computer networks. FTP is used for transferring files between systems, DNS is used for translating domain names into IP addresses, and HTTP is used for transmitting web pages and other resources on the internet.
19.
Which port range constitutes well-known ports?
Correct Answer
A. 0–1023.
Explanation
The well-known ports range from 0-1023. These ports are reserved for specific services and protocols that are commonly used and recognized. They include ports for popular services like HTTP (port 80), FTP (port 21), and SSH (port 22). These ports are standardized and widely known, making them easily identifiable and accessible for network communication.
20.
Which port is used for telnet?
Correct Answer
C. 23
Explanation
Port 23 is used for telnet. Telnet is a network protocol that allows users to remotely access and control devices or computers over a network. It provides a virtual terminal connection to the remote device, allowing users to execute commands and manage the device as if they were physically present. Port 23 is specifically designated for telnet communication, enabling the establishment of a connection between the local and remote devices for remote management and control purposes.
21.
Which port is used for hypertext transfer protocol (HTTP)?
Correct Answer
D. 80
Explanation
Port 80 is used for the hypertext transfer protocol (HTTP). This is the standard port for web traffic and is used to transmit data between web servers and web browsers. When a user enters a URL in a web browser, the browser sends an HTTP request to the web server on port 80. The web server then responds with the requested web page, which is displayed in the browser.
22.
In which type of port scan does the scanner attempt to connect to all ports?
Correct Answer
B. Vanilla scan.
Explanation
A vanilla scan is a type of port scan where the scanner attempts to connect to all ports. This scan is called "vanilla" because it is a basic and straightforward approach to scanning. In a vanilla scan, the scanner sends connection requests to each port on the target system to determine which ports are open and available for communication. This type of scan is commonly used by network administrators and security professionals to assess the security of a network and identify any potential vulnerabilities.
23.
Which type of scan is also known as a half open scan?
Correct Answer
B. Synchronous (SYN) scan.
Explanation
A synchronous (SYN) scan is also known as a half open scan because it involves sending a SYN packet to the target host and waiting for a response. If the host responds with a SYN-ACK packet, it means the port is open. However, instead of completing the handshake by sending an ACK packet, the scanner sends a RST packet to reset the connection. This approach allows the scanner to determine if a port is open without fully establishing a connection, making it a half open scan.
24.
What should you do with unused ports?
Correct Answer
C. Keep ports closed.
Explanation
The correct answer is to keep ports closed. Keeping ports closed is a security best practice as it helps to prevent unauthorized access and potential attacks on a network. Open ports can be exploited by hackers to gain access to a system or network, so it is important to only open ports that are necessary for the intended use. Monitoring ports is also important, but it is not the primary action to take with unused ports. Ensuring all ports are used is not necessary and can increase the risk of security vulnerabilities.
25.
One of the responsibilities of the Air Force Network Operations Center (AFNOC) in
implementation of ports, protocols, and services (PPS) is to
Correct Answer
A. Maintain the AF PPS database.
Explanation
The AFNOC is responsible for maintaining the AF PPS database. This means that they are in charge of keeping the database up to date and ensuring that it contains accurate and relevant information about ports, protocols, and services used within the Air Force network. This is important for the overall security and functionality of the network, as it allows for proper management and control of these elements.
26.
With which layer of the open systems interconnect (OSI) model does the simple network
management protocol (SNMP) internet protocol (IP) layer coincide?
Correct Answer
B. Layer 3.
Explanation
The simple network management protocol (SNMP) operates at the network layer (Layer 3) of the OSI model. This layer is responsible for routing and forwarding data packets across different networks. SNMP uses the internet protocol (IP) to communicate and manage network devices such as routers, switches, and servers. Layer 2 is the data link layer, responsible for error-free transmission of data frames between adjacent network nodes. Layer 4 is the transport layer, responsible for end-to-end communication between hosts. Layer 5 is the session layer, responsible for establishing, managing, and terminating sessions between applications.
27.
In what layer of the open system interconnect (OSI) model is simple network management
protocol (SNMP) simply referred to as SNMP?
Correct Answer
C. Application layer.
Explanation
SNMP, which stands for Simple Network Management Protocol, is a protocol used for managing and monitoring network devices. It operates at the application layer of the OSI model. The application layer is responsible for providing network services to user applications, and SNMP fits into this category as it allows network administrators to manage and monitor network devices. The network layer deals with routing and addressing, the transport layer handles the reliable delivery of data, and the presentation layer is responsible for data formatting and encryption. Therefore, the correct layer for SNMP is the application layer.
28.
What is the default read community string of a simple network management protocol
(SNMP) agent?
Correct Answer
B. PUBLIC.
Explanation
The default read community string of a Simple Network Management Protocol (SNMP) agent is "PUBLIC." The read community string is used for read-only access to SNMP devices and allows users to retrieve information from the agent. The "PUBLIC" community string is widely known and used as the default value in many SNMP agents, but it is recommended to change it to a more secure string to prevent unauthorized access to the SNMP agent.
29.
To limit the risks associated with using simple network management protocol (SNMP)
Correct Answer
C. Disable all SNMP devices/services if not required.
Explanation
Disabling all SNMP devices/services if not required is the correct answer because it helps to limit the risks associated with using SNMP. By disabling SNMP on devices that do not require it, potential vulnerabilities and attack vectors are eliminated. This reduces the potential for unauthorized access, data breaches, and other security risks. Disabling unnecessary SNMP devices/services is a proactive measure to enhance network security and protect sensitive information.
30.
Community string passwords should be changed at least every
Correct Answer
C. 90 days.
Explanation
Community string passwords should be changed at least every 90 days. This is because community string passwords are used in Simple Network Management Protocol (SNMP) to authenticate and authorize network management systems. Regularly changing these passwords helps to ensure the security of the network by reducing the risk of unauthorized access. Changing the passwords every 90 days strikes a balance between maintaining security and minimizing the inconvenience of frequent password changes.
31.
Which tool is not used to test your simple network management protocol (SNMP) security?
Correct Answer
D. Security mapper (SMAP).
Explanation
The correct answer is Security mapper (SMAP). Security mapper (SMAP) is not used to test SNMP security. SNMPutil, SolarWinds, and WU_PingProPack are all tools that can be used to test SNMP security.
32.
Which is not a primary focus of intrusion detection and prevention systems (IDPS)?
Correct Answer
B. Reconfiguring equipment after an incident.
Explanation
Intrusion detection and prevention systems (IDPS) are primarily designed to identify possible incidents and attempt to stop them. They focus on detecting and preventing unauthorized access or malicious activities within a network or system. Reporting incidents to security administrators is also an important function of IDPS as it allows for timely response and mitigation. However, reconfiguring equipment after an incident is not a primary focus of IDPS. While it may be necessary to make changes to the system to prevent future incidents, the main goal of IDPS is to detect and prevent intrusions rather than reconfigure equipment.
33.
Which open source host-based intrusion detection system (HIDS) performs log analysis, file
integrity checking, policy monitoring, root kit detection, real-time alerting and active response?
Correct Answer
C. Open source security (OSSEC).
Explanation
Open source security (OSSEC) is the correct answer because it is an open source host-based intrusion detection system (HIDS) that performs various security functions such as log analysis, file integrity checking, policy monitoring, root kit detection, real-time alerting, and active response. Snort is a popular open source network intrusion detection system (NIDS) and does not provide all the mentioned functionalities. Intruder alert (ITA) is not a recognized open source HIDS.
34.
The vulnerabilities detected by Internet security scanner (ISS) are classified
Correct Answer
B. Sensitive
Explanation
The vulnerabilities detected by Internet security scanner (ISS) are classified as "Sensitive" because they involve potential weaknesses or flaws in a system that could be exploited by attackers. These vulnerabilities may allow unauthorized access, data breaches, or other security breaches, making them sensitive information that needs to be addressed and resolved promptly to protect the system and its data.
35.
Why should Internet security scanner (ISS) scans not be used on medical equipment?
Correct Answer
B. The increasing costs of using ISS.
Explanation
The explanation for the correct answer is that the increasing costs of using ISS is the reason why Internet security scanner (ISS) scans should not be used on medical equipment. This implies that there are other scans available that are cheaper to run, and using ISS would result in higher expenses. Therefore, it is more cost-effective to opt for alternative scanning methods.
36.
Which is not a software component of Intruder Alert (ITA)?
Correct Answer
A. User
Explanation
The user is not a software component of Intruder Alert (ITA). The user refers to the individual who interacts with the software, rather than being a component of the software itself. The other options, Agent, Manager, and Administrator, are all software components that play specific roles within the Intruder Alert system.
37.
How many agents can an Intruder Alert (ITA) manager have?
Correct Answer
A. 100
Explanation
The Intruder Alert (ITA) manager can have a maximum of 100 agents.
38.
What serves as the Intruder Alert administrator (ITA) command center?
Correct Answer
C. ITA administrator
Explanation
The ITA administrator serves as the command center for the Intruder Alert administrator. They are responsible for overseeing and managing the ITA system, including monitoring and responding to intrusion alerts, coordinating with ITA agents, and ensuring the overall security of the system. As the administrator, they have the authority and privileges to make necessary decisions and take appropriate actions to maintain the integrity and effectiveness of the Intruder Alert system.
39.
Which is considered the workhorse of the Enterprise Security Manager (ESM) system?
Correct Answer
A. ESM agent.
Explanation
The ESM agent is considered the workhorse of the Enterprise Security Manager (ESM) system because it is responsible for collecting and analyzing security event data from various sources within the network. The ESM agent continuously monitors the network, detects any security threats or anomalies, and sends this information to the ESM manager for further analysis and response. It acts as the main component that performs the essential tasks of data collection and event management in the ESM system.
40.
Network security starts with
Correct Answer
A. A mindset.
Explanation
The correct answer is "a mindset." This is because network security is not just about implementing technical measures like configuring firewalls or activating intrusion detection systems. It requires individuals to have a proactive and vigilant mindset towards identifying and addressing potential security risks. This mindset involves understanding the importance of security, staying updated with the latest threats, following best practices, and being cautious while handling sensitive information. Without this mindset, even the most advanced security technologies may not be effective in protecting a network.
41.
Integration of the capabilities of personnel, operations, and technology, and supports the
evolution to network centric warfare best describes which concept?
Correct Answer
C. Defense-in-depth.
Explanation
The concept that best describes the integration of the capabilities of personnel, operations, and technology, and supports the evolution to network centric warfare is defense-in-depth. Defense-in-depth is a strategy that involves layering multiple security measures to protect a network or system. It combines various security tools, firewalls, and information condition (INFOCON) to create a comprehensive defense system. This approach ensures that even if one layer is breached, there are multiple layers of defense to prevent further attacks and minimize the impact of any potential breach.
42.
What term is used to describe the technology for transmitting voice communications over a
data network using open-standard-base internet protocol (IP)?
Correct Answer
A. IP telepHony.
Explanation
IP telephony is the correct answer because it accurately describes the technology for transmitting voice communications over a data network using open-standard-base internet protocol (IP). IP telephony, also known as Voice over Internet Protocol (VoIP), allows for voice calls to be made over the internet rather than traditional telephone lines, making it a more cost-effective and flexible solution for communication.
43.
You can implement all of the following security features to help defend internet protocol
(IP) telephony systems from attackers except
Correct Answer
C. Consolidating your voice with your data using virtual local area networks (VLAN).
Explanation
The correct answer is consolidating your voice with your data using virtual local area networks (VLAN). This is because consolidating voice and data traffic on the same VLAN can increase the risk of attacks and compromises the security of the IP telephony system. By separating voice and data traffic using separate VLANs, it helps to enhance security by isolating and protecting the voice traffic from potential threats.
44.
At which open systems interconnect (OSI) layer does a packet filter gateway operate?
Correct Answer
B. 3
Explanation
A packet filter gateway operates at the third layer of the OSI model, which is the network layer. This layer is responsible for routing and forwarding data packets across different networks. A packet filter gateway examines the headers of incoming packets and makes decisions based on predetermined rules, such as allowing or blocking certain types of traffic. By operating at the network layer, a packet filter gateway can effectively filter and control network traffic based on IP addresses, ports, and other network-level information.
45.
Which type of firewall is typically used when speed is essential?
Correct Answer
A. Network-level.
Explanation
Network-level firewalls are typically used when speed is essential because they operate at the network layer of the OSI model. They focus on filtering and inspecting network traffic based on IP addresses, ports, and protocols, which allows them to process large amounts of data quickly. In contrast, application-level firewalls operate at the application layer and perform more in-depth analysis of network traffic, which can slow down the processing speed. Therefore, network-level firewalls are the preferred choice when speed is a priority.
46.
At which open systems interconnect (OSI) layer does an application-level firewall operate?
Correct Answer
D. 7
Explanation
An application-level firewall operates at the seventh layer of the OSI model, which is the application layer. This layer is responsible for managing communication between applications and end-users. An application-level firewall can monitor and filter network traffic based on specific application protocols, such as HTTP, FTP, or SMTP. By operating at this layer, the firewall can provide more granular control over network traffic and enforce security policies based on application-specific rules and behaviors.
47.
Which type of firewall views information as a data stream and not as a series of packets?
Correct Answer
B. Application-level.
Explanation
An application-level firewall views information as a data stream rather than a series of packets. This type of firewall operates at the application layer of the network protocol stack, allowing it to examine the content and behavior of specific applications. It can inspect and control the data being transmitted, making it more effective at detecting and preventing application-layer attacks. Network-level firewalls, on the other hand, focus on packet-level filtering and do not have the ability to analyze the content of the data stream. Corporate/enterprise and personal/small office home office (SOHO) firewalls refer to the scale or deployment context of the firewall, rather than the specific way they view information.
48.
Most firewall implementations that you will encounter will be found at the
Correct Answer
D. Integrated Network Operation and Security Center (INOSC).
Explanation
The correct answer is Integrated Network Operation and Security Center (INOSC). This is because INOSC is responsible for the management and operation of the network infrastructure, including firewalls, within an organization. It is a centralized location where network security is monitored and maintained. The other options, base-level and major command, do not specifically refer to the management of firewalls and network security.
49.
Which cannot be used to manage a McAfee Firewall Enterprise?
Correct Answer
C. Configuration center.
Explanation
The Configuration center cannot be used to manage a McAfee Firewall Enterprise. The Control center is a centralized management console that provides real-time monitoring and control of the firewall. The Admin console is used for user management and access control. The Command line interface allows for advanced configuration and troubleshooting. However, the Configuration center is not a valid option as it does not exist or have a specific purpose in managing a McAfee Firewall Enterprise.
50.
Which McAfee Firewall Enterprise management interface is the graphical software that
runs a Windows computer within your network?
Correct Answer
B. Admin console.
Explanation
The Admin console of McAfee Firewall Enterprise is the graphical software that runs on a Windows computer within your network. It provides a user-friendly interface for managing and configuring the firewall settings and policies. The Admin console allows administrators to monitor network traffic, create rules, and perform other administrative tasks to ensure the security of the network.