Quiz CompTIA Security+

Explanation:
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple
devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to
conserve IP addresses.
Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP
address to the home network's router. When Computer X logs on the Internet, the router assigns the client
a port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique
address. If Computer Z logs on the Internet at the same time, the router assigns it the same local IP
address with a different port number. Although both computers are sharing the same public IP address and
accessing the Internet at the same time, the router knows exactly which computer to send specific packets
to because each computer has a unique internal address.
Incorrect Answers:
B: NAP is a Microsoft technology for controlling network access of a computer host based on system
health of the host.
C: Destination network address translation (DNAT) is a technique for transparently changing the
destination IP address of an end route packet and performing the inverse function for any replies. Any
router situated between two endpoints can perform this transformation of the packet. DNAT is commonly
used to publish a service located in a private network on a publicly accessible IP address. This use of
DNAT is also called port forwarding. DNAT does not allow for many internal devices to share one public IP
address.
D: NAC is an approach to computer network security that attempts to unify endpoint security technology
(such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication
and network security enforcement.
References:
http://searchnetworking.techtarget.com/definition/Port-Address-Translation-PAT
http://en.wikipedia.org/wiki/Network_Access_Protection
http://en.wikipedia.org/wiki/Network_address_translation#DNAT
http://en.wikipedia.org/wiki/Network_Access_Control

Explanation:
Firewalls, routers, and even switches can use ACLs as a method of security management. An access
control list has a deny ip any any implicitly at the end of any access control list. ACLs deny by default
and allow by exception.
Incorrect Answers:
B: Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by
analyzing protocol activity.
C: A load balancer is used to distribute network traffic load across several network links or network
devices.
D: A URL filter is used to block URLs (websites) to prevent users accessing the website.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 10, 24
http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
http://en.wikipedia.org/wiki/Intrusion_prevention_system
http://www.provision.ro/threat-management/web-application-security/url-filtering#pagei-1|pagep-1|

Explanation:
PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port
number assignment. The log information shows the IP address, not the port number, making it impossible
to pin point the exact source.
Incorrect Answers:
A: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-
focused attacks, such as bandwidth-based DoS attacks. This will not have any bearing on the security
administrator at ABC Company finding the root of the attack.
B: UTC is the abbreviation for Coordinated Universal Time, which is the primary time standard by which
the world regulates clocks and time. The time in the log is not the issue in this case.
C: Whether the external party uses a firewall or not, will not have any bearing on the security administrator
at ABC Company finding the root of the attack.
References:
http://www.webopedia.com/TERM/P/PAT.html
http://en.wikipedia.org/wiki/Intrusion_prevention_system
http://en.wikipedia.org/wiki/Coordinated_Universal_Time

Explanation:
Ip tables are a user-space application program that allows a system administrator to configure the tables
provided by the Linux kernel firewall and the chains and rules it stores.
Incorrect Answers:
A: A sniffer is a tool used in the process of monitoring the data that is transmitted across a network.
B, D: A router is connected to two or more data lines from different networks, whereas a network switch is
connected to data lines from one single network. These may include a firewall, but not by default.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 342
http://en.wikipedia.org/wiki/Iptables
http://en.wikipedia.org/wiki/Router_(computing)

Explanation:
Stateful inspections occur at all levels of the network.
Incorrect Answers:
A: Packet-filtering firewalls operate at the Network layer (Layer 3) and the Transport layer (Layer 4) of the
Open Systems Interconnect (OSI) model.
C: The proxy function can occur at either the application level or the circuit level.
D: Application Firewalls operate at the Application layer (Layer7) of the OSI model.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 98-100
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 6

Explanation:
The basic purpose of a firewall is to isolate one network from another.
Incorrect Answers:
A: The terms protocol analyzer and packet sniffer are interchangeable. They refer to the tools used in the
process of monitoring the data that is transmitted across a network.
B: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-
focused attacks, such as bandwidth-based DoS attacks.
D: Web proxies are used to forward HTTP requests.
E: Layer 2 switching uses the media access control address (MAC address) from the host's network
interface cards (NICs) to decide where to forward frames. Layer 2 switching is hardware based, which
means switches use application-specific integrated circuit (ASICs) to build and maintain filter tables (also
known as MAC address tables or CAM tables).
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 342
http://en.wikipedia.org/wiki/Intrusion_prevention_system
http://en.wikipedia.org/wiki/LAN_switching
http://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers

Explanation:
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple
devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to
conserve IP addresses.
Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP
address to the home network's router. When Computer X logs on the Internet, the router assigns the client
a port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique
address. If Computer Z logs on the Internet at the same time, the router assigns it the same local IP
address with a different port number. Although both computers are sharing the same public IP address and
accessing the Internet at the same time, the router knows exactly which computer to send specific packets
to because each computer has a unique internal address.
Incorrect Answers:
A: Destination network address translation (DNAT) is a technique for transparently changing the
destination IP address of an end route packet and performing the inverse function for any replies. Any
router situated between two endpoints can perform this transformation of the packet. DNAT is commonly
used to publish a service located in a private network on a publicly accessible IP address. This use of
DNAT is also called port forwarding. DNAT does not allow for many internal devices to share one public IP
address.
C: DNS (Domain Name System) is a service used to translate hostnames or URLs to IP addresses. DNS
does not allow for many internal devices to share one public IP address.
D: A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an
organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose
of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external
network node only has direct access to equipment in the DMZ, rather than any other part of the network. A
DMZ does not allow for many internal devices to share one public IP address.
References:
http://searchnetworking.techtarget.com/definition/Port-Address-Translation-PAT
http://en.wikipedia.org/wiki/Network_address_translation#DNAT
http://en.wikipedia.org/wiki/Domain_Name_System
http://en.wikipedia.org/wiki/DMZ_(computing)

Explanation:
Disabling unused switch ports is a simple method many network administrators use to help secure their
network from unauthorized access.
All ports not in use should be disabled. Otherwise, they present an open door for an attacker to enter.
Incorrect Answers:
A: Disabling unnecessary accounts would only block those specific accounts.
B: A security baseline is a standardized minimal level of security that all systems in an organization must
comply with. Printing it would not secure the switch from physical access.
C: The purpose of an access list is to identify specifically who can enter a facility.
References:
http://orbit-computer-solutions.com/How-To-Configure-Switch-Security.php
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 60
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 207

Explanation:
Load balancing refers to shifting a load from one device to another. A load balancer can be implemented
as a software or hardware solution, and it is usually associated with a device—a router, a firewall, NAT
appliance, and so on. In its most common implementation, a load balancer splits the traffic intended for a
website into individual requests that are then rotated to redundant servers as they become available.
Incorrect Answers:
A: The terms protocol analyzing and packet sniffing are interchangeable. They refer to the process of
monitoring the data that is transmitted across a network.
C: A VPN concentrator is a hardware device used to create remote access VPNs. The concentrator
creates encrypted tunnel sessions between hosts, and many use two-factor authentication for additional
security.
D: One of the newest buzzwords is web security gateway, which can be thought of as a proxy server
(performing proxy and caching functions) with web protection software built in. Depending on the vendor,
the "web protection” can range from a standard virus scanner on incoming packets to monitoring outgoing
user traffic for red flags as well.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 103, 104, 118

Explanation:
A proxy is a device that acts on behalf of other(s). In the interest of security, all internal user interaction
with the Internet should be controlled through a proxy server. The proxy server should automatically block
known malicious sites. The proxy server should cache often-accessed sites to improve performance.
Incorrect Answers:
A: A network-based IDS (NIDS) approach to IDS attaches the system to a point in the network where it can
monitor and report on all network traffic.
B: This would block all web traffic, as port 80 is used for World Wide Web.
C: In its most common implementation, a load balancer splits the traffic intended for a website into
individual requests that are then rotated to redundant servers as they become available.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 98, 103, 111