ThatQuiz Test Library Take this test now
networking
Contributed by: Cloudnine
  • 1. A user receives an email with a malicious link. They click it, and malware installs. The malware attempts to connect to a command-and-control server on port 443 (HTTPS). The firewall allows the connection. Later, the malware steals documents from the local drive. Which layer most clearly failed or was absent?
A) Encryption (disk encryption would have prevented theft)
B) Firewall (it should have blocked port 443)
C) Network segmentation (local drive theft is unrelated to network isolation)
D) Behavioral antivirus (it did not stop the outbound connection or theft)
  • 2. Which of the following defines a behavioral-based method of AV?
A) Monitors running programs for malicious actions in real time
B) Compares file "fingerprints" (hashes) to a database of known malware.
C) Looks for suspicious code patterns or behaviors
  • 3. A small office has one router with default credentials, one flat Wi-Fi network, and no backups. An attacker compromises a smart speaker on the guest network. Which statement describes the likely outcome without any best practices applied?
A) The firewall will automatically block the smart speaker’s outbound traffic
B) Encryption on the file server will prevent the attacker from reading any stolen data
C) The smart speaker cannot reach the file server because IoT devices are isolated by default
D) The attacker can use the smart speaker to scan and attack employee laptops on the same network
  • 4. A firewall blocks traffic based on predefined rules. Which scenario best demonstrates a limitation of a traditional stateful firewall?
A) It logs repeated failed login attempts but takes no action.
B) It allows email traffic on port 25 but cannot inspect the attachment for malware.
C) It blocks outgoing traffic on port 4444, stopping a virus from exfiltrating data.
D) It blocks an incoming connection from an unknown IP address on port 22.
  • 5. A company uses WPA3 encryption for Wi-Fi and HTTPS for all web traffic. An attacker captures network packets from the coffee shop next door. Which statement is true?
A) The firewall would have blocked the packet capture attempt
B) Encryption at rest (BitLocker) would prevent the attacker from capturing packets
C) The attacker cannot read the content of HTTPS traffic but can see which websites were visited.
D) The attacker can read all emails because WPA3 only protects the Wi-Fi password
  • 6. Which statement accurately distinguishes between symmetric and asymmetric encryption?
A) Symmetric is used only for data in transit; asymmetric is used only for data at rest
B) Symmetric uses one key and is faster; asymmetric uses two keys and is slower.
C) Symmetric requires a digital certificate; asymmetric does not
D) Symmetric uses two keys and is faster; asymmetric uses one key and is slower
  • 7. A security team finds that a zero-day exploit successfully executed on a workstation. The firewall did not block the initial infection because the traffic used port 443. What is the most likely reason the attack succeeded despite the firewall?
A) The firewall does not inspect the payload of encrypted allowed traffic by default
B) The firewall only filters inbound traffic, not outbound
C) The firewall was configured to block all HTTPS traffic
D) The antivirus deleted the firewall rules
  • 8. A small business has a firewall, antivirus, and full-disk encryption. An employee falls for a phishing email and enters their password into a fake login page. The attacker uses that password to log into the company VPN remotely. Which layer failed or was missing?
A) Multi-factor authentication (missing)
B) Antivirus (did not scan the email attachment)
C) Encryption (did not protect the password)
D) Firewall (allowed VPN traffic)
  • 9. An organization wants to recover from a ransomware attack without paying the ransom. Which backup strategy is most effective against ransomware that also encrypts network-attached backups?
A) External hard drive always connected to the file server
B) Cloud backups with automatic sync every hour
C) Backups stored on a separate VLAN with read-only access
D) Offline backups following the 3-2-1 rule
  • 10. An IT administrator wants to protect against a scenario where a compromised employee laptop is used to attack other devices on the same network. Which two best practices together most directly mitigate this?
A) Network segmentation + Principle of Least Privilege
B) VPN for remote access + offline backups
C) Antivirus (signature-based) + disabling unused ports
D) Default credential change + logging and monitoring
  • 11. Which of the following best explains why the Principle of Least Privilege (PoLP) limits the damage of a compromised account?
A) It automatically enables encryption on all files the account touches
B) It prevents all outgoing traffic from the compromised device
C) It ensures the firewall blocks known malicious IP addresses
D) It restricts the compromised account to only the access necessary for its role.
  • 12. A network administrator wants to prevent an attacker from moving from a compromised smart TV to the finance department’s server. Which best practice directly addresses this?
A) Disabling unused ports on the firewall
B) Network segmentation using VLANs
C) Changing default credentials on the smart TV
D) Enabling MFA on the finance server
  • 13. Which of the following defines a heuristic-based method of AV?
A) Monitors running programs for malicious actions in real time
B) Looks for suspicious code patterns or behaviors
C) Compares file "fingerprints" (hashes) to a database of known malware.
D) Looks for suspicious code patterns or behaviors
  • 14. Which combination of security layers would most effectively stop a zero-day ransomware attack that arrives via an encrypted HTTPS connection?
A) Firewall blocking port 80 + heuristic antivirus + MFA
B) Firewall blocking port 443 + signature-based antivirus
C) Firewall allowing all outbound traffic + signature-based antivirus + offline backups
D) Firewall allowing port 443 + behavioral antivirus + disk encryption
  • 15. A network engineer says, "We don't need to disable unused ports because our firewall blocks all traffic by default anyway." What is the flaw in this reasoning?
A) A firewall only blocks traffic; it does not reduce the attack surface of the device itself
B) Unused ports automatically encrypt traffic, which the firewall cannot inspect
C) Disabling unused ports on the firewall is identical to disabling services on a server
D) Firewalls cannot block traffic on ports below 1024
  • 16. A network administrator runs a vulnerability scan and discovers that the router has UPnP enabled, Telnet on port 23 open, and the default admin password still active. Which of these poses the most immediate critical risk?
A) Default admin password
B) Telnet on port 23 open
C) UPnP enabled
D) Lack of logging
  • 17. Which of the following is a limitation that symmetric and asymmetric encryption share?
A) Neither can be used for data in transit
B) Both require the sender and receiver to share the same key in advance
C) Both can be broken by heuristic analysis
D) Neither protects against data theft at the endpoint if malware captures the decryption key
  • 18. Which statement correctly compares the role of a hardware firewall versus a software firewall?
A) A hardware firewall uses symmetric encryption; a software firewall uses asymmetric encryption.
B) A hardware firewall protects only one device; a software firewall protects an entire network.
C) A hardware firewall cannot block ports; a software firewall can.
D) A hardware firewall typically sits at the network perimeter; a software firewall protects an individual computer.
  • 19. Which of the following defines a signature-based method of AV?
A) Monitors running programs for malicious actions in real time
B) Compares file "fingerprints" (hashes) to a database of known malware.
C) Looks for suspicious code patterns or behaviors
  • 20. A security analyst reviews firewall logs and sees repeated outbound connection attempts from a workstation to an unknown IP address on port 4444, all of which were blocked. No malware signature was detected. What is the most accurate interpretation?
A) The antivirus failed because it did not block port 4444.
B) The firewall successfully prevented data exfiltration despite a possible infection
C) Encryption was bypassed because port 4444 is
D) The firewall failed because it allowed the initial infection
  • 21. A company has implemented disk encryption (BitLocker) on all laptops. An employee’s laptop is stolen while locked. Which statement best describes the protection provided?
A) Antivirus will delete the encrypted files to prevent data theft
B) The thief cannot access any files because the firewall blocks remote connections.
C) The thief can bypass encryption by reinstalling the operating system
D) The data remains unreadable without the decryption key, even if the hard drive is removed
  • 22. Which statement best explains why behavioral-based antivirus can detect a zero-day virus that signature-based antivirus cannot?
A) Behavioral AV compares file hashes to a cloud database updated every hour.
B) Behavioral AV requires firewall rules to be disabled temporarily
C) Behavioral AV decrypts all network traffic before scanning.
D) Behavioral AV monitors running programs for suspicious actions, not just known patterns.
Created with That Quiz — the site for test creation and grading in math and other subjects.