FINALS_NETWO1

1. A network administrator runs a vulnerability scan and discovers that the router has UPnP enabled, Telnet on port 23 open, and the default admin password still active. Which of these poses the most immediate critical risk?

A) Default admin password
B) Telnet on port 23 open
C) UPnP enabled
D) Lack of logging

2. Which of the following defines a signature-based method of AV?

A) Monitors running programs for malicious actions in real time
B) Looks for suspicious code patterns or behaviors
C) Compares file "fingerprints" (hashes) to a database of known malware.

3. A network administrator wants to prevent an attacker from moving from a compromised smart TV to the finance department’s server. Which best practice directly addresses this?

A) Disabling unused ports on the firewall
B) Network segmentation using VLANs
C) Changing default credentials on the smart TV
D) Enabling MFA on the finance server

4. A network engineer says, "We don't need to disable unused ports because our firewall blocks all traffic by default anyway." What is the flaw in this reasoning?

A) A firewall only blocks traffic; it does not reduce the attack surface of the device itself
B) Disabling unused ports on the firewall is identical to disabling services on a server
C) Firewalls cannot block traffic on ports below 1024
D) Unused ports automatically encrypt traffic, which the firewall cannot inspect

5. Which statement best explains why behavioral-based antivirus can detect a zero-day virus that signature-based antivirus cannot?

A) Behavioral AV compares file hashes to a cloud database updated every hour.
B) Behavioral AV requires firewall rules to be disabled temporarily
C) Behavioral AV monitors running programs for suspicious actions, not just known patterns.
D) Behavioral AV decrypts all network traffic before scanning.

6. Which statement accurately distinguishes between symmetric and asymmetric encryption?

A) Symmetric requires a digital certificate; asymmetric does not
B) Symmetric is used only for data in transit; asymmetric is used only for data at rest
C) Symmetric uses one key and is faster; asymmetric uses two keys and is slower.
D) Symmetric uses two keys and is faster; asymmetric uses one key and is slower.

7. A security analyst reviews firewall logs and sees repeated outbound connection attempts from a workstation to an unknown IP address on port 4444, all of which were blocked. No malware signature was detected. What is the most accurate interpretation?

A) The antivirus failed because it did not block port 4444
B) The firewall failed because it allowed the initial infection
C) The firewall successfully prevented data exfiltration despite a possible infection
D) Encryption was bypassed because port 4444 is unencrypted

8. Which of the following best explains why the Principle of Least Privilege (PoLP) limits the damage of a compromised account?

A) It prevents all outgoing traffic from the compromised device
B) It ensures the firewall blocks known malicious IP addresses
C) It restricts the compromised account to only the access necessary for its role.
D) It automatically enables encryption on all files the account touches

9. A company uses WPA3 encryption for Wi-Fi and HTTPS for all web traffic. An attacker captures network packets from the coffee shop next door. Which statement is true?

A) Encryption at rest (BitLocker) would prevent the attacker from capturing packets
B) The attacker can read all emails because WPA3 only protects the Wi-Fi password
C) The firewall would have blocked the packet capture attempt
D) The attacker cannot read the content of HTTPS traffic but can see which websites were visited.

10. Which combination of security layers would most effectively stop a zero-day ransomware attack that arrives via an encrypted HTTPS connection?

A) Firewall allowing all outbound traffic + signature-based antivirus + offline backups
B) Firewall allowing port 443 + behavioral antivirus + disk encryption
C) Firewall blocking port 80 + heuristic antivirus + MFA
D) Firewall blocking port 443 + signature-based antivirus

11. Which of the following defines a heuristic-based method of AV?

A) Looks for suspicious code patterns or behaviors
B) Monitors running programs for malicious actions in real time
C) Compares file "fingerprints" (hashes) to a database of known malware.

12. An IT administrator wants to protect against a scenario where a compromised employee laptop is used to attack other devices on the same network. Which two best practices together most directly mitigate this?

A) Antivirus (signature-based) + disabling unused ports
B) Default credential change + logging and monitoring
C) VPN for remote access + offline backups
D) Network segmentation + Principle of Least Privilege

13. Which of the following is a limitation that symmetric and asymmetric encryption share?

A) Both can be broken by heuristic analysis
B) Neither protects against data theft at the endpoint if malware captures the decryption key
C) Both require the sender and receiver to share the same key in advance
D) Neither can be used for data in transit

14. Which statement correctly compares the role of a hardware firewall versus a software firewall?

A) A hardware firewall cannot block ports; a software firewall can.
B) A hardware firewall uses symmetric encryption; a software firewall uses asymmetric encryption.
C) A hardware firewall typically sits at the network perimeter; a software firewall protects an individual computer.
D) A hardware firewall protects only one device; a software firewall protects an entire network.

15. A company has implemented disk encryption (BitLocker) on all laptops. An employee’s laptop is stolen while locked. Which statement best describes the protection provided?

A) The data remains unreadable without the decryption key, even if the hard drive is removed
B) The thief cannot access any files because the firewall blocks remote connections.
C) The thief can bypass encryption by reinstalling the operating system
D) Antivirus will delete the encrypted files to prevent data theft

16. Which of the following defines a behavioral-based method of AV?

A) Compares file "fingerprints" (hashes) to a database of known malware.
B) Looks for suspicious code patterns or behaviors
C) Monitors running programs for malicious actions in real time

17. A firewall blocks traffic based on predefined rules. Which scenario best demonstrates a limitation of a traditional stateful firewall?

A) It logs repeated failed login attempts but takes no action.
B) It blocks an incoming connection from an unknown IP address on port 22.
C) It blocks outgoing traffic on port 4444, stopping a virus from exfiltrating data.
D) It allows email traffic on port 25 but cannot inspect the attachment for malware.

18. A small business has a firewall, antivirus, and full-disk encryption. An employee falls for a phishing email and enters their password into a fake login page. The attacker uses that password to log into the company VPN remotely. Which layer failed or was missing?

A) Firewall (allowed VPN traffic)
B) Encryption (did not protect the password)
C) Antivirus (did not scan the email attachment)
D) Multi-factor authentication (missing)

19. A user receives an email with a malicious link. They click it, and malware installs. The malware attempts to connect to a command-and-control server on port 443 (HTTPS). The firewall allows the connection. Later, the malware steals documents from the local drive. Which layer most clearly failed or was absent?

A) Encryption (disk encryption would have prevented theft)
B) Network segmentation (local drive theft is unrelated to network isolation)
C) Firewall (it should have blocked port 443)
D) Behavioral antivirus (it did not stop the outbound connection or theft)

20. An organization wants to recover from a ransomware attack without paying the ransom. Which backup strategy is most effective against ransomware that also encrypts network-attached backups?

A) External hard drive always connected to the file server
B) Backups stored on a separate VLAN with read-only access
C) Offline backups following the 3-2-1 rule
D) Cloud backups with automatic sync every hour

21. A small office has one router with default credentials, one flat Wi-Fi network, and no backups. An attacker compromises a smart speaker on the guest network. Which statement describes the likely outcome without any best practices applied?

A) Encryption on the file server will prevent the attacker from reading any stolen data
B) The firewall will automatically block the smart speaker’s outbound traffic
C) The attacker can use the smart speaker to scan and attack employee laptops on the same network
D) The smart speaker cannot reach the file server because IoT devices are isolated by default

22. A security team finds that a zero-day exploit successfully executed on a workstation. The firewall did not block the initial infection because the traffic used port 443. What is the most likely reason the attack succeeded despite the firewall?

A) The firewall only filters inbound traffic, not outbound
B) The firewall does not inspect the payload of encrypted allowed traffic by default
C) The firewall was configured to block all HTTPS traffic
D) The antivirus deleted the firewall rules

Created with That Quiz — the math test generation site with resources for other subject areas.