AP Cybersecurity MCQ Practice Unit 3

UNIT 3: Securing Networks

Topic 3.1: Network Vulnerabilities and Attacks

A user's web browser is unexpectedly redirected to a malicious website even though they typed the correct URL for their bank. The malicious site, which looks identical to the real one, captures the user's login credentials. This attack was most likely caused by:

AA smurf attack on the user's router.

BAn evil twin access point in the user's home.

CDNS poisoning of a queried server.

DMAC flooding on the local network switch.

A security analyst notices that a network switch has suddenly started broadcasting all traffic to every port, degrading network performance. Investigation reveals a device sending thousands of Ethernet frames with fake source MAC addresses. What attack is being performed?

AARP poisoning

BDNS poisoning

CMAC flooding

DA smurf attack

An adversary sits between a user and a web server, intercepting and altering all communication between them. Neither the user nor the server is aware of the adversary's presence. This type of attack is best described as:

AA distributed denial of service attack

BAn on-path attack

CA credential stuffing attack

DA social engineering attack

A company's web server suddenly becomes unresponsive due to an overwhelming flood of ICMP echo requests from thousands of different computers. This is a classic example of which type of attack?

AA distributed denial of service (DDoS) attack

BMAC spoofing

CCredential harvesting

DEavesdropping

An adversary finds an open, active network port in a conference room. They plug in a small, unauthorized wireless access point. What is the primary risk created by this rogue access point?

AIt forces connected devices to download malware.

BIt poisons the ARP cache of the default gateway.

CIt causes a denial of service on the existing Wi-Fi.

DIt allows a bypass of the external firewall.

In an ARP poisoning attack, what is the adversary's primary goal?

ATo overwhelm a switch with MAC addresses.

BTo shut down the network's DNS server.

CTo redirect traffic by forging MAC-to-IP bindings.

DTo discover the location of wireless access points.

A risk assessment identifies that a company's guest Wi-Fi network is using the outdated and insecure WEP encryption protocol. What is the most significant vulnerability this creates?

AAdversaries can easily crack the encryption key.

BThe access point is forced to broadcast its SSID.

CThe Wi-Fi signal will not extend very far.

DThe guest network becomes vulnerable to smurf attacks.

Credential harvesting is the primary goal of which of the following network attacks?

AA jamming attack

BA smurf attack

CA DNS poisoning attack

DA MAC flooding attack

Topic 3.2: Protecting Networks: Managerial Controls and Wireless Security

A company's cybersecurity policy states that all wireless networks must use WPA3 encryption and that users must authenticate using their corporate credentials. This is an example of what type of security control?

ACorrective

BPhysical

CTechnical

DManagerial

A network administrator configures the office Wi-Fi access points to reduce their signal strength. What is the most likely security-related reason for this change?

ATo reduce the electricity consumption of the points.

BTo prevent the signal from being accessible outside.

CTo make the network compatible with older devices.

DTo increase the speed of the wireless network.

A VPN policy prohibits 'split tunneling.' This means that when an employee is connected to the corporate VPN from home, they are prevented from:

AAccessing both internal and public networks simultaneously.

BConnecting to the VPN during normal business hours.

CUsing more than one device on their home network.

DInstalling any new software on their corporate laptop.

Which of the following wireless encryption protocols is considered the most secure and should be used for all new network deployments?

AWPA3

BWEP

CWPS

DWPA

A technician configures a switch to only allow a device with a specific MAC address to connect to a particular physical port. This security feature is known as:

APort security

BCreating a screened subnet

CDisabling beacon frames

DStateful packet inspection

A network administrator decides to stop broadcasting the network's name to make it harder for casual passersby to find. This action is known as:

AEnabling MAC filtering

BConfiguring a firewall

CDisabling the SSID beacon frame

DImplementing WPA3 encryption

A switch security policy might require that all unused physical ports on a switch be administratively disabled. What is the primary purpose of this rule?

ATo save electricity on the switch.

BTo make the switch lighter for wall mounting.

CTo improve the data speed on active ports.

DTo prevent unauthorized network connections.

A user is required to enter their username and password and then tap an approval on a smartphone app to connect to the corporate Wi-Fi. This is an example of implementing which security control on a wireless network?

ADisabling the SSID broadcast

BMAC filtering

CEAP with multi-factor authentication

DStrong encryption using AES

Topic 3.3: Protecting Networks: Segmentation

An organization places its public-facing web server on a separate network segment that is isolated from the main internal corporate network by firewalls. This special segment is known as a(n):

AEncrypted tunnel

BHoneypot

CVirtual Local Area Network (VLAN)

DDemilitarized Zone (DMZ)

What is the primary security benefit of network segmentation?

AIt contains breaches to a single segment.

BIt makes devices immune to physical tampering.

CIt increases the speed of internet access.

DIt eliminates the need for perimeter firewalls.

A network administrator uses a managed switch to logically divide devices into two groups: 'Accounting' and 'Engineering.' Although the devices are all plugged into the same physical switch, devices in the Accounting group cannot communicate directly with devices in the Engineering group. This is an implementation of:

AA physical air gap

BA Virtual Local Area Network (VLAN)

CSubnetting

DA screened subnet

How does network segmentation help in applying different security policies?

AIt encrypts all traffic between all segments by default.

BIt allows for applying stricter controls to sensitive segments.

CIt forces all segments to use the same security level.

DIt replaces the need for policies with automated controls.

A switch is configured with port security to limit the number of MAC addresses that can be learned on a single port to one. What attack does this directly mitigate?

ASmurf attack

BJamming

CMAC flooding

DDNS poisoning

An adversary compromises a web server located in a company's DMZ. Because the network is properly segmented, what is the firewall between the DMZ and the internal network designed to prevent?

AThe attacker from accessing the internet.

BThe attacker from launching a DDoS attack.

CThe attacker from defacing the website.

DThe attacker from pivoting to the internal network.

A company's network is not segmented. A single ransomware worm infects one workstation and rapidly spreads to encrypt files on every server and workstation in the company. How would network segmentation have minimized the damage?

ABy making the encryption impossible to crack.

BBy preventing the initial workstation infection.

CBy automatically deleting the ransomware.

DBy containing the worm to a single segment.

A network administrator divides a large IP address range into several smaller, more manageable ranges, with each smaller range assigned to a different department. This process of dividing a network based on IP addressing is known as:

AMAC flooding

BSubnetting

CVLAN hopping

DDNS poisoning

Topic 3.4: Protecting Networks: Firewalls

A firewall is configured with the following two rules in order: 1. DENY TCP traffic from ANY source to destination 10.0.1.10 on port 22. 2. ALLOW TCP traffic from ANY source to ANY destination. A user attempts to connect via SSH (port 22) to the server at 10.0.1.10. What will be the result?

AThe firewall will ask for user authentication.

BThe connection will be denied due to Rule 1.

CThe connection will be allowed due to Rule 2.

DThe result is unpredictable due to a rule conflict.

A firewall that filters traffic based only on source/destination IP addresses and ports, without considering whether a packet is part of an existing connection, is known as a:

AStateless firewall

BNext-generation firewall (NGFW)

CApplication-layer firewall

DStateful firewall

A stateful firewall offers an improvement over a stateless firewall primarily because it:

AIs significantly faster at processing packets.

BTracks the state of active network connections.

CCan filter traffic based on the application.

DCan only be deployed as a hardware appliance.

Where is the most critical place to install a firewall in a corporate network?

AOnly between different VLANs on a switch.

BBetween each workstation and its switch.

CAt the boundary to the public internet.

DOnly on the primary domain controller.

A firewall ACL contains a rule at the very end that denies all traffic that has not been explicitly allowed by a preceding rule. This is known as a(n):

AAny-any-allow rule

BImplicit deny rule

CStateful inspection rule

DPort security rule

An administrator wants to allow external users to access the company's secure web server. Which firewall rule would be most appropriate to allow this traffic?

AALLOW outbound TCP from ANY to ANY on port 443.

BALLOW inbound TCP from ANY to server IP on port 443.

CDENY inbound UDP from ANY to server IP on port 53.

DALLOW inbound TCP from ANY to server IP on port 80.

A company has segmented its network into a Research VLAN and a Sales VLAN. To control the flow of traffic between these two VLANs, where should a firewall or ACL be placed?

AOn the router connecting the two VLANs.

BOn every computer in the Research VLAN.

CAt the main internet gateway for the company.

DOn every computer in the Sales VLAN.

A next-generation firewall (NGFW) can identify and block traffic based on the specific application being used (e.g., blocking a specific social media app while allowing general web browsing). This capability is known as:

AMAC filtering

BDeep packet inspection

CIP address filtering

DStateful inspection

Topic 3.5: Detecting Network Attacks

A security tool is placed on a network to monitor traffic. It compares the traffic against a database of known malicious patterns and signatures. When a match is found, it generates an alert. This tool is a:

ANIPS using anomaly-based detection.

BSIEM using behavioral analysis.

CNIDS using signature-based detection.

DFirewall using stateful inspection.

A network monitoring system is configured to establish a baseline of normal network traffic over several weeks. After the baseline is established, the system alerts administrators whenever it detects a significant deviation from this normal pattern. This is an example of:

ALog analysis

BAnomaly-based detection

CSignature-based detection

DA honeypot

What is a primary disadvantage of a signature-based detection system?

AIt is ineffective against new, zero-day attacks.

BIt generates a high number of false positives.

CIt cannot be updated once it is installed.

DIt consumes more bandwidth than anomaly systems.

A Security Information and Event Management (SIEM) system provides the most value to a security team by:

APreventing all malware from entering the network.

BAggregating and correlating logs from many sources.

CAutomatically patching all vulnerable systems.

DEncrypting all sensitive data across the network.

An administrator is analyzing network traffic logs and notices a sudden, massive spike in ICMP requests directed at the network's broadcast address. This is a strong indicator of what type of attack?

AAn evil twin attack

BARP poisoning

CDNS poisoning

DA smurf attack

A security analyst reviews firewall logs and sees thousands of connection attempts from a single external IP address to a wide range of ports on a server in a short period. This activity is characteristic of a:

AOn-path attack

BPort scan

CMAC flooding attack

DPhishing attack

Alert fatigue occurs when:

AAn attacker successfully bypasses a detection system.

BA detection system fails to alert on a real attack.

CA system's signature database becomes outdated.

DAnalysts become desensitized due to false positives.

A Network Intrusion Prevention System (NIPS) differs from a Network Intrusion Detection System (NIDS) because a NIPS can:

AOnly use anomaly-based detection.

BOnly be deployed as host software.

COnly monitor network traffic passively.

DActively block a detected attack.