ThatQuiz Test Library Take this test now
FINALS_NETWO1
Contributed by: BSJS
  • 1. A network administrator runs a vulnerability scan and discovers that the router has UPnP enabled, Telnet on port 23 open, and the default admin password still active. Which of these poses the most immediate critical risk?
A) Default admin password
B) Telnet on port 23 open
C) UPnP enabled
D) Lack of logging
  • 2. Which of the following defines a signature-based method of AV?
A) Monitors running programs for malicious actions in real time
B) Compares file "fingerprints" (hashes) to a database of known malware.
C) Looks for suspicious code patterns or behaviors
  • 3. A network administrator wants to prevent an attacker from moving from a compromised smart TV to the finance department’s server. Which best practice directly addresses this?
A) Enabling MFA on the finance server
B) Network segmentation using VLANs
C) Changing default credentials on the smart TV
D) Disabling unused ports on the firewall
  • 4. A network engineer says, "We don't need to disable unused ports because our firewall blocks all traffic by default anyway." What is the flaw in this reasoning?
A) A firewall only blocks traffic; it does not reduce the attack surface of the device itself
B) Disabling unused ports on the firewall is identical to disabling services on a server
C) Firewalls cannot block traffic on ports below 1024
D) Unused ports automatically encrypt traffic, which the firewall cannot inspect
  • 5. Which statement best explains why behavioral-based antivirus can detect a zero-day virus that signature-based antivirus cannot?
A) Behavioral AV compares file hashes to a cloud database updated every hour.
B) Behavioral AV monitors running programs for suspicious actions, not just known patterns.
C) Behavioral AV decrypts all network traffic before scanning.
D) Behavioral AV requires firewall rules to be disabled temporarily
  • 6. Which statement accurately distinguishes between symmetric and asymmetric encryption?
A) Symmetric requires a digital certificate; asymmetric does not
B) Symmetric is used only for data in transit; asymmetric is used only for data at rest
C) Symmetric uses one key and is faster; asymmetric uses two keys and is slower.
D) Symmetric uses two keys and is faster; asymmetric uses one key and is slower.
  • 7. A security analyst reviews firewall logs and sees repeated outbound connection attempts from a workstation to an unknown IP address on port 4444, all of which were blocked. No malware signature was detected. What is the most accurate interpretation?
A) The firewall failed because it allowed the initial infection
B) The firewall successfully prevented data exfiltration despite a possible infection
C) Encryption was bypassed because port 4444 is unencrypted
D) The antivirus failed because it did not block port 4444
  • 8. Which of the following best explains why the Principle of Least Privilege (PoLP) limits the damage of a compromised account?
A) It restricts the compromised account to only the access necessary for its role.
B) It ensures the firewall blocks known malicious IP addresses
C) It prevents all outgoing traffic from the compromised device
D) It automatically enables encryption on all files the account touches
  • 9. A company uses WPA3 encryption for Wi-Fi and HTTPS for all web traffic. An attacker captures network packets from the coffee shop next door. Which statement is true?
A) The attacker cannot read the content of HTTPS traffic but can see which websites were visited.
B) Encryption at rest (BitLocker) would prevent the attacker from capturing packets
C) The attacker can read all emails because WPA3 only protects the Wi-Fi password
D) The firewall would have blocked the packet capture attempt
  • 10. Which combination of security layers would most effectively stop a zero-day ransomware attack that arrives via an encrypted HTTPS connection?
A) Firewall blocking port 443 + signature-based antivirus
B) Firewall allowing port 443 + behavioral antivirus + disk encryption
C) Firewall allowing all outbound traffic + signature-based antivirus + offline backups
D) Firewall blocking port 80 + heuristic antivirus + MFA
  • 11. Which of the following defines a heuristic-based method of AV?
A) Looks for suspicious code patterns or behaviors
B) Monitors running programs for malicious actions in real time
C) Compares file "fingerprints" (hashes) to a database of known malware.
  • 12. An IT administrator wants to protect against a scenario where a compromised employee laptop is used to attack other devices on the same network. Which two best practices together most directly mitigate this?
A) Network segmentation + Principle of Least Privilege
B) Default credential change + logging and monitoring
C) VPN for remote access + offline backups
D) Antivirus (signature-based) + disabling unused ports
  • 13. Which of the following is a limitation that symmetric and asymmetric encryption share?
A) Neither protects against data theft at the endpoint if malware captures the decryption key
B) Neither can be used for data in transit
C) Both can be broken by heuristic analysis
D) Both require the sender and receiver to share the same key in advance
  • 14. Which statement correctly compares the role of a hardware firewall versus a software firewall?
A) A hardware firewall cannot block ports; a software firewall can.
B) A hardware firewall typically sits at the network perimeter; a software firewall protects an individual computer.
C) A hardware firewall protects only one device; a software firewall protects an entire network.
D) A hardware firewall uses symmetric encryption; a software firewall uses asymmetric encryption.
  • 15. A company has implemented disk encryption (BitLocker) on all laptops. An employee’s laptop is stolen while locked. Which statement best describes the protection provided?
A) The thief cannot access any files because the firewall blocks remote connections.
B) The data remains unreadable without the decryption key, even if the hard drive is removed
C) Antivirus will delete the encrypted files to prevent data theft
D) The thief can bypass encryption by reinstalling the operating system
  • 16. Which of the following defines a behavioral-based method of AV?
A) Compares file "fingerprints" (hashes) to a database of known malware.
B) Looks for suspicious code patterns or behaviors
C) Monitors running programs for malicious actions in real time
  • 17. A firewall blocks traffic based on predefined rules. Which scenario best demonstrates a limitation of a traditional stateful firewall?
A) It allows email traffic on port 25 but cannot inspect the attachment for malware.
B) It blocks outgoing traffic on port 4444, stopping a virus from exfiltrating data.
C) It logs repeated failed login attempts but takes no action.
D) It blocks an incoming connection from an unknown IP address on port 22.
  • 18. A small business has a firewall, antivirus, and full-disk encryption. An employee falls for a phishing email and enters their password into a fake login page. The attacker uses that password to log into the company VPN remotely. Which layer failed or was missing?
A) Antivirus (did not scan the email attachment)
B) Firewall (allowed VPN traffic)
C) Encryption (did not protect the password)
D) Multi-factor authentication (missing)
  • 19. A user receives an email with a malicious link. They click it, and malware installs. The malware attempts to connect to a command-and-control server on port 443 (HTTPS). The firewall allows the connection. Later, the malware steals documents from the local drive. Which layer most clearly failed or was absent?
A) Behavioral antivirus (it did not stop the outbound connection or theft)
B) Encryption (disk encryption would have prevented theft)
C) Network segmentation (local drive theft is unrelated to network isolation)
D) Firewall (it should have blocked port 443)
  • 20. An organization wants to recover from a ransomware attack without paying the ransom. Which backup strategy is most effective against ransomware that also encrypts network-attached backups?
A) Cloud backups with automatic sync every hour
B) Backups stored on a separate VLAN with read-only access
C) Offline backups following the 3-2-1 rule
D) External hard drive always connected to the file server
  • 21. A small office has one router with default credentials, one flat Wi-Fi network, and no backups. An attacker compromises a smart speaker on the guest network. Which statement describes the likely outcome without any best practices applied?
A) Encryption on the file server will prevent the attacker from reading any stolen data
B) The attacker can use the smart speaker to scan and attack employee laptops on the same network
C) The smart speaker cannot reach the file server because IoT devices are isolated by default
D) The firewall will automatically block the smart speaker’s outbound traffic
  • 22. A security team finds that a zero-day exploit successfully executed on a workstation. The firewall did not block the initial infection because the traffic used port 443. What is the most likely reason the attack succeeded despite the firewall?
A) The antivirus deleted the firewall rules
B) The firewall only filters inbound traffic, not outbound
C) The firewall was configured to block all HTTPS traffic
D) The firewall does not inspect the payload of encrypted allowed traffic by default
Created with That Quiz — the math test generation site with resources for other subject areas.