1.
(201) What severity code applies to any vulnerability that provides information that gives an
unauthorized person the means to circumvent security controls?
Correct Answer
B. II
Explanation
Severity code II applies to any vulnerability that provides information that gives an unauthorized person the means to circumvent security controls. This means that the vulnerability is considered to have a high impact and can potentially lead to unauthorized access or compromise of sensitive information.
2.
(201) What severity code applies to any vulnerability that provides information that potentially
could lead to a compromise?
Correct Answer
C. III
Explanation
Severity code III applies to any vulnerability that provides information that potentially could lead to a compromise. This means that the vulnerability has the potential to expose sensitive information or provide attackers with the necessary information to exploit the system. It is considered a moderate level of severity, indicating that it should be addressed and mitigated to prevent any potential compromise.
3.
(201) What severity code applies to any vulnerability that, when resolved, will prevent the
possibility of degraded security?
Correct Answer
D. IV
Explanation
Severity code IV applies to any vulnerability that, when resolved, will prevent the possibility of degraded security. This means that resolving the vulnerability will completely eliminate the risk or threat to the security of the system or network. Severity code IV indicates the highest level of severity, as it represents vulnerabilities that have the potential to cause significant harm or compromise the security of the system if left unaddressed.
4.
(201) The integrated network operations and security centers (INOSC) has several responsibilities
except
Correct Answer
D. Install patches or perform any upgrades provided by AF Enterprise Network.
Explanation
The integrated network operations and security centers (INOSC) have several responsibilities, including maintaining sole administrative privileges on the firewall, standardizing, configuring, backing up, and otherwise maintaining the firewall, and maintaining a single naming/configuration standard for boundary devices. However, the INOSC is not responsible for installing patches or performing any upgrades provided by AF Enterprise Network.
5.
(202) Active intrusion detection system (IDS) blocks network traffic when it detects an intrusion.
Normally, active IDSs are incorporated into
Correct Answer
B. Firewalls.
Explanation
Active intrusion detection systems (IDS) are designed to actively block network traffic when they detect an intrusion. These systems are typically incorporated into firewalls, which act as a barrier between a trusted internal network and an untrusted external network. Firewalls are responsible for monitoring and controlling incoming and outgoing network traffic based on predetermined security rules. By incorporating active IDS into firewalls, organizations can enhance their network security by automatically blocking any suspicious or malicious traffic that may indicate an intrusion attempt. Therefore, firewalls are the most suitable option for housing active IDS.
6.
(202) Which intrusion detection system (IDS) examines traffic for suspicious patterns?
Correct Answer
D. Network-based IDS.
Explanation
A network-based intrusion detection system (IDS) examines traffic for suspicious patterns. It monitors network traffic and analyzes it to identify any signs of unauthorized access or malicious activity. Unlike host-based IDS, which focuses on individual hosts, a network-based IDS looks at the entire network and can detect attacks that may involve multiple hosts. Passive IDS, on the other hand, simply observes network traffic without actively taking action. Active IDS combines monitoring with active response mechanisms. Therefore, the correct answer is network-based IDS.
7.
(202) Which intrusion detection system (IDS) examines servers or client computers for the patterns
of an intrusion?
Correct Answer
C. Host-based IDS.
Explanation
A host-based IDS is an intrusion detection system that examines servers or client computers for patterns of an intrusion. It focuses on the individual host or endpoint and monitors the activities and behaviors occurring within that system. This type of IDS is installed directly on the host machine and can detect unauthorized access attempts, malware infections, unusual network traffic, and other signs of intrusion. It is effective in protecting individual hosts and providing detailed information about potential security breaches.
8.
(202) When using an intrusion detection system (IDS), remember to
Correct Answer
C. Use a centralized management console for system management.
Explanation
Using a centralized management console for system management is important when using an intrusion detection system (IDS) because it allows for easier and more efficient management of the IDS. With a centralized management console, administrators can monitor and configure the IDS from a single location, making it easier to track and respond to potential threats. Additionally, a centralized management console allows for better coordination and collaboration among security teams, ensuring that any detected intrusions are addressed promptly and effectively.
9.
(203) The disadvantage of a host-based intrusion detection system (HIDS) is that it
Correct Answer
B. Consumes resources on the host it resides on and slows that device down.
Explanation
A host-based intrusion detection system (HIDS) consumes resources on the host it resides on and slows that device down. This means that the HIDS uses processing power, memory, and other system resources, which can impact the overall performance of the host. As a result, the host may experience slower response times and decreased efficiency.
10.
(203) The disadvantage of a network-based intrusion detection system (NIDS) is that it
Correct Answer
A. Cannot analyze encrypted packets because it has no method for decrypting the data.
Explanation
A network-based intrusion detection system (NIDS) is designed to monitor network traffic and detect any suspicious or malicious activity. However, one disadvantage of a NIDS is that it cannot analyze encrypted packets because it lacks the capability to decrypt the data. Encryption is a security measure that protects data by converting it into a format that is unreadable without the appropriate decryption key. Therefore, when packets are encrypted, the NIDS is unable to examine the contents of the data, making it ineffective in detecting any potential threats or attacks within those packets.
11.
(203) Which intrusion detection system (IDS) uses software sensors?
Correct Answer
C. Host-based IDS.
Explanation
A host-based intrusion detection system (IDS) uses software sensors to monitor and analyze activities happening on a single host or computer system. It focuses on detecting suspicious behavior or unauthorized activities that may occur within the host's operating system, applications, or files. This type of IDS is installed directly on the host and can provide detailed information about the activities happening on that specific host, making it an effective tool for detecting and responding to intrusions at the host level.
12.
(203) Which intrusion detection system (IDS) monitors packets for protocol anomalies and known
virus signatures?
Correct Answer
D. Network-based IDS.
Explanation
A network-based IDS is an intrusion detection system that monitors packets for protocol anomalies and known virus signatures. Unlike a host-based IDS, which monitors activities on a specific host, a network-based IDS analyzes network traffic to identify potential threats. It can detect abnormal behavior, such as unusual network traffic patterns or suspicious packets, and compare them against a database of known virus signatures to identify and alert on potential threats. Therefore, a network-based IDS is the correct answer for this question.
13.
(204) Which port range constitutes well-known ports?
Correct Answer
A. 0–1023.
Explanation
Well-known ports are the port numbers that are commonly used by protocols and services. These ports range from 0 to 1023. These ports are assigned by the Internet Assigned Numbers Authority (IANA) and are reserved for specific purposes. They include ports for commonly used protocols such as HTTP (port 80), FTP (port 21), and SSH (port 22). The other port ranges mentioned in the options are not considered well-known ports.
14.
(204) Port scanning
Correct Answer
C. Notes which ports responded to the scan.
Explanation
Port scanning is the process of systematically scanning a computer's ports to determine which ones are open and responsive. It involves sending requests to connect to various ports and noting the ones that respond to the scan. This activity is not necessarily malicious in nature and can be conducted for legitimate purposes such as network security testing or troubleshooting.
15.
(204) In which type of port scan does the scanner connect to the same port on more than one
Correct Answer
B. Sweep.
Explanation
A sweep port scan is a type of port scan where the scanner connects to the same port on multiple IP addresses. This scan is used to gather information about a range of IP addresses and the services running on them. Unlike a strobe port scan, which scans a single IP address, a sweep port scan allows the scanner to quickly scan a large number of IP addresses for open ports. A stealth port scan is designed to be undetectable, while a vanilla port scan is a basic and straightforward scan without any advanced techniques.
16.
(204) Above which layer of the open systems integration (OSI) model are protocols designed to
reside?
Correct Answer
D. Session.
Explanation
Protocols designed to reside above the session layer of the OSI model are responsible for managing the communication sessions between applications. The session layer is responsible for establishing, maintaining, and terminating connections between applications. It provides services such as session establishment, data synchronization, and session recovery. Therefore, protocols designed to reside above this layer would be responsible for managing these session-related tasks and ensuring efficient and reliable communication between applications.
17.
(204) Which organization has the responsibility of developing Air Force Ports, Protocols and
Services (AF PPS) policies and procedures?
Correct Answer
A. Air Force Network Integration Center (AFNIC).
Explanation
The correct answer is Air Force Network Integration Center (AFNIC). This organization is responsible for developing Air Force Ports, Protocols, and Services (AF PPS) policies and procedures. They are in charge of integrating and managing the Air Force network and ensuring its security and functionality.
18.
(204) Which organization has direct operational control of Air Force Ports, Protocols and Services
(AF PPS)?
Correct Answer
B. Air Force Network Operations Center (AFNOSC).
Explanation
The correct answer is Air Force Network Operations Center (AFNOSC). This organization has direct operational control of Air Force Ports, Protocols, and Services (AF PPS). AFNOSC is responsible for managing and maintaining the Air Force network infrastructure, including the ports, protocols, and services used by the Air Force. They ensure the network is secure, reliable, and accessible for Air Force operations.
19.
(205) What is the default read community string of a simple network management protocol
(SNMP) agent?
Correct Answer
B. Public.
Explanation
The default read community string of a Simple Network Management Protocol (SNMP) agent is "Public." This community string is used to authenticate and control access to the SNMP agent for read-only operations. It allows users to retrieve information from the agent, such as network statistics and device configurations. However, it is recommended to change the default community string to a more secure and unique one to prevent unauthorized access to the SNMP agent.
20.
(205) To limit the risks associated with using simple network management protocol (SNMP),
Correct Answer
C. Disable all SNMP devices/services if not required.
Explanation
The correct answer is to disable all SNMP devices/services if not required. This is because by disabling SNMP devices/services that are not needed, the risks associated with using SNMP can be minimized. This reduces the potential attack surface and limits the potential for unauthorized access or exploitation of SNMP vulnerabilities.
21.
(205) Which tool is not used to test your simple network management protocol (SNMP) security?
Correct Answer
D. Security mapper (SMAP).
Explanation
Security mapper (SMAP) is not used to test SNMP security. SMAP is a tool used for network mapping and vulnerability scanning, but it does not specifically focus on testing SNMP security. WU_PingProPack, SolarWinds, and SNMPutil are all tools commonly used for testing and monitoring SNMP security.
22.
(206) Which open source network-based intrusion detection system performs packet logging and
real-time traffic analysis as well as protocol analysis, content searching/matching, and active
blocking or passive detecting of a variety of attacks and probes?
Correct Answer
A. Snort.
Explanation
Snort is the correct answer because it is an open source network-based intrusion detection system that performs various functions such as packet logging, real-time traffic analysis, protocol analysis, content searching/matching, and active blocking or passive detecting of attacks and probes. Snort is widely used in the cybersecurity industry for its effectiveness in detecting and preventing network-based threats.
23.
(206) Which network-based security tool is a hardware and software system that sits on AF
networks “listening” for “suspicious activity” that is characteristic of intruder techniques?
Correct Answer
B. Automatic Security Incident Measurement (ASIM).
24.
(206) Which security tool is designed to manage sensitive data and enforce security policies
across a full range of client/server platforms?
Correct Answer
C. Enterprise Security Manager (ESM).
Explanation
Enterprise Security Manager (ESM) is the correct answer because it is a security tool specifically designed to manage sensitive data and enforce security policies across a full range of client/server platforms. Snort is an intrusion detection system, ASIM is a tool for measuring security incidents, and ISS is a vulnerability scanner, none of which are designed for managing sensitive data and enforcing security policies.
25.
(207) Integration of the capabilities of personnel, operations, and technology, and the evolution to
network centric warfare best describes what concept?
Correct Answer
D. Defense in depth.
Explanation
The concept described in the question is the integration of personnel, operations, and technology, and the evolution to network centric warfare. This concept is best known as defense in depth. Defense in depth refers to the strategy of implementing multiple layers of security measures to protect a system or network. It involves a combination of physical, technical, and administrative controls to ensure the overall security and resilience of the system.
26.
(207) Restricting what traffic travels in and out of the network best describes what concept?
Correct Answer
A. Firewalls.
Explanation
The concept being described in the question is the restriction of traffic in and out of the network, which is best achieved through the use of firewalls. Firewalls act as a barrier between a trusted internal network and an untrusted external network, controlling the flow of traffic based on predetermined security rules. By filtering and monitoring network traffic, firewalls help to prevent unauthorized access and protect against potential threats and attacks.
27.
You can implement all of the following security features to help define our internet protocol
(IP) telephony systems from attackers except
Correct Answer
A. Consolidating your voice with your data using virtual local area networks (VLAN).
Explanation
The correct answer is consolidating your voice with your data using virtual local area networks (VLAN). This is because VLANs are used to separate and prioritize network traffic, but they do not provide any specific security features to protect against attackers. The other options, such as enabling access control lists (ACL), deploying protection from DHCP spoofing, and enabling port security access, are all security features that can help protect IP telephony systems from attackers.
28.
(208) The use of two or more network interface cards (NIC) best describes which type of
firewall?
Correct Answer
C. Corporate/enterprise.
Explanation
The use of two or more network interface cards (NIC) is commonly found in corporate/enterprise firewalls. This configuration allows for increased network throughput and redundancy. By having multiple NICs, the firewall can handle high volumes of network traffic and distribute the load across the interfaces. This is especially important in large organizations where there is a high demand for network services and the need for reliable and efficient network security measures.
29.
(208) Which type of firewall is typically used when speed is essential?
Correct Answer
A. Network-level.
Explanation
Network-level firewalls are typically used when speed is essential because they operate at the network layer of the OSI model, allowing them to quickly filter and process large amounts of network traffic. These firewalls are designed to examine the source and destination IP addresses, ports, and protocols of network packets, making decisions based on this information. This allows for efficient and fast filtering of network traffic, making network-level firewalls suitable for high-speed environments where speed is a priority.
30.
(208) Which type of firewall views information as a data stream and not as a series of packets?
Correct Answer
B. Application-Level.
Explanation
An application-level firewall views information as a data stream rather than a series of packets. It operates at the application layer of the network protocol stack, allowing or blocking traffic based on the specific application or service being used. This type of firewall can inspect and filter traffic based on the content and context of the data stream, providing more granular control and better protection against application-layer attacks. Network-level firewalls, on the other hand, focus on the packet level and make decisions based on source and destination IP addresses, ports, and protocols.
31.
(208) What was the previous name for what is now called the McAfee Firewall Enterprise?
Correct Answer
A. Sidewinder.
Explanation
The previous name for what is now called the McAfee Firewall Enterprise was Sidewinder.
32.
(208) Most firewall implementations that you will encounter will be found at the
Correct Answer
A. Integrated network operation security centers (INOSC).
Explanation
The correct answer is Integrated network operation security centers (INOSC). This is because most firewall implementations are typically found at INOSCs, which are responsible for managing and securing the network operations of an organization. INOSCs are centralized locations where network security professionals monitor, analyze, and respond to network threats and incidents. They play a crucial role in protecting the organization's network infrastructure and ensuring the confidentiality, integrity, and availability of its data and resources.
33.
(209) Which McAfee Firewall Enterprise management interface is the graphical software that
runs a Windows computer within your network?
Correct Answer
B. Admin console.
Explanation
The McAfee Firewall Enterprise management interface that runs on a Windows computer within your network is called the Admin console. This graphical software allows you to manage and configure the firewall settings and policies. The Admin console provides a user-friendly interface for administrators to monitor and control the firewall's operations effectively.
34.
(209) Which firewall management interface menu option views the association between MAC
addresses on the firewall and its corresponding internet protocol (IP) address?
Correct Answer
A. Address Resolution Protocol (ARP).
Explanation
The correct answer is Address Resolution Protocol (ARP). ARP is a protocol used to map an IP address to a physical (MAC) address on a local network. In the context of a firewall, the management interface menu option that views the association between MAC addresses and IP addresses would likely be related to ARP. This option would allow administrators to see the mapping between the two addresses, which is important for network troubleshooting and security management.
35.
(209) What is the default firewall shutdown option?
Correct Answer
C. Reboot to operational kernel.
Explanation
The default firewall shutdown option is to reboot to the operational kernel. This means that when the firewall is shut down, it will automatically reboot and start up using the operational kernel. This option allows for a smooth transition and ensures that the firewall is ready to operate again after the shutdown.
36.
(209) Which firewall shutdown option is useful if you need to connect directly to the firewall to
access the basic input/output system (BIOS)?
Correct Answer
A. Halt system.
Explanation
The correct answer is Halt system. This option is useful if you need to connect directly to the firewall to access the basic input/output system (BIOS). By halting the system, you can access the BIOS settings and make any necessary changes or configurations. This option effectively shuts down the firewall, allowing you to connect to it and access the BIOS.
37.
(209) A firewall burb can best be defined as
Correct Answer
C. A set of one or more interfaces.
Explanation
A firewall burb can best be defined as a set of one or more interfaces. This means that a firewall burb represents the network interfaces that are connected to the firewall. These interfaces can be physical or virtual and are used to control the flow of network traffic, allowing or blocking certain connections based on predefined security policies. The term "burb" is derived from the word "suburb" and is used metaphorically to describe the different areas or zones within a network that the firewall interfaces are connected to.
38.
(209) Use the high availability shared cluster addresses dialog box to do all the following except
Correct Answer
D. Isolate the cluster address from the domain name server (DNS) and default routes.
Explanation
The high availability shared cluster addresses dialog box allows you to configure the shared cluster addresses, specify or send and receive heartbeats, and handle the fastest network traffic on your appliance. However, it does not provide the option to isolate the cluster address from the domain name server (DNS) and default routes.
39.
(209) What does a firewall support that improves system performance by lessening the load
placed on the system kernel?
Correct Answer
D. Fast Path sessions.
Explanation
Fast Path sessions support improves system performance by lessening the load placed on the system kernel. Firewalls with Fast Path sessions are able to offload certain tasks from the system kernel, allowing it to focus on more critical functions. This can result in improved overall system performance and efficiency.
40.
(210) Which Berkeley Internet Name Domain (BIND) server is responsible for zone transfers?
Correct Answer
A. Named.
Explanation
The correct answer is "Named." Named is the Berkeley Internet Name Domain (BIND) server that is responsible for zone transfers. Zone transfers are the process of replicating DNS information from one server to another.
41.
(210) For which Berkeley Internet Name Domain (BIND) server type can there be as many
servers as needed in a domain?
Correct Answer
D. Slave/Secondary.
Explanation
For the Berkeley Internet Name Domain (BIND) server type, there can be as many Slave/Secondary servers as needed in a domain. This server type is responsible for replicating and synchronizing data from the Master/Primary server, allowing for redundancy and load balancing in the domain.
42.
(210) In regards to Berkeley Internet Name Domain (BIND) system files, items stored in the
domain name server (DNS) database best describes
Correct Answer
A. Resource records
Explanation
Resource records are items stored in the domain name server (DNS) database. They contain information about a specific domain name, such as its IP address, mail server, or other DNS-related data. Resource records are essential for the functioning of the DNS system as they allow the translation of domain names into IP addresses and vice versa, enabling the proper routing of internet traffic.
43.
(210) Which Berkeley Internet Name Domain (BIND) system file provide reverse mapping?
Correct Answer
B. Pointer (PTR) records.
Explanation
The correct answer is "Pointer (PTR) records." In the Berkeley Internet Name Domain (BIND) system, the PTR records are used for reverse mapping. These records map IP addresses to domain names, allowing reverse lookups to be performed. This is useful in situations where you have an IP address and need to determine the corresponding domain name.
44.
(210) Which flexible command line can be used to gather information from domain name servers
(DNS)?
Correct Answer
D. Dig.
Explanation
Dig is a flexible command line tool that can be used to gather information from domain name servers (DNS). It is commonly used for querying DNS records, performing DNS lookups, and troubleshooting DNS issues. Dig provides detailed information about DNS responses, including the authoritative name servers, TTL values, and DNSSEC validation status. It allows users to specify the DNS server they want to query and supports various query types, such as A, MX, NS, and TXT records. Overall, Dig is a powerful tool for gathering DNS information and is widely used by network administrators and DNS operators.
45.
(210) Which server is the only one that should have changes to domain name server (DNS) data?
Correct Answer
C. Master/Primary.
Explanation
The correct answer is Master/Primary. The Master/Primary server is the only server that should have changes to domain name server (DNS) data. This server is responsible for managing and making updates to the DNS records and distributing them to the Slave/Secondary servers. The Slave/Secondary servers, on the other hand, are designed to replicate the DNS data from the Master/Primary server and serve as backups in case the Master/Primary server becomes unavailable. The Cache-Only server is not involved in making changes to DNS data, it only caches and resolves DNS queries.
46.
(210) What term is used for a domain name server (DNS) architecture when one or more name
servers reside behind a firewall, and contain an “inside” hostname and IP address?
Correct Answer
A. Split.
Explanation
Split is the correct answer because in a split DNS architecture, there are two sets of DNS servers - one set is located inside the firewall and is used for internal network users, while the other set is located outside the firewall and is used for external network users. The inside DNS servers contain the "inside" hostname and IP address, while the outside DNS servers contain the public hostname and IP address. This allows for better security and control over DNS resolution for both internal and external users.
47.
(211) Which access control list (ACL) restricts packets into or out of a given layer 3 interface?
Correct Answer
B. Router Access Control List (RACL).
Explanation
A Router Access Control List (RACL) is used to restrict packets into or out of a given layer 3 interface. It allows the router to filter traffic based on various criteria such as source/destination IP address, protocol, port number, etc. This helps in controlling network traffic and securing the network by allowing or denying specific types of traffic.
48.
(212) Who approves or disapproves IS (including software and services) connections to the Air
Force Global Information Grid (AF-GIG) and accepts any risk created by the approved
connections?
Correct Answer
A. Air Force Network Operations commander (AFNetOps/CC).
Explanation
The Air Force Network Operations commander (AFNetOps/CC) approves or disapproves IS connections to the Air Force Global Information Grid (AF-GIG) and accepts any risk created by the approved connections.
49.
(212) Who reports all backdoors and unauthorized connections to Air Force networks discovered
during the course of operations?
Correct Answer
B. Air Force Information Warfare Center/Information Operations Directorate (AFIWC/IO).
Explanation
The Air Force Information Warfare Center/Information Operations Directorate (AFIWC/IO) is responsible for reporting all backdoors and unauthorized connections to Air Force networks that are discovered during operations. They are specifically tasked with monitoring and protecting the Air Force's information systems and networks, and ensuring their security. This includes identifying any potential threats or vulnerabilities and reporting them to the appropriate authorities for further action.
50.
(213) Which is not a category of software package available today used that is used to detect and
monitor network activity?
Correct Answer
D. Firewalls
Explanation
Firewalls are not a category of software package used to detect and monitor network activity. Firewalls are designed to control the incoming and outgoing network traffic based on predetermined security rules. They act as a barrier between internal and external networks to prevent unauthorized access and protect the network from potential threats. However, they do not specifically focus on detecting and monitoring network activity like intrusion detection, packet-capture, and filters/triggers do.