CyberVista Network and Communication Security Questions and Answers

Question 1

A network administrator wants to implement the most current and secure standard for a new corporate wireless network. The new standard must provide robust protection against offline dictionary attacks and ensure that even if a password is compromised, past session traffic cannot be decrypted. Which of the following wireless security protocols should be implemented?

Accepted Answer

WPA3 (Wi-Fi Protected Access 3)

Answer

WPA3 is the latest wireless security standard that offers significant improvements over WPA2. It replaces the Pre-Shared Key (PSK) with Simultaneous Authentication of Equals (SAE), which provides stronger protection against offline dictionary attacks. WPA3 also mandates Perfect Forward Secrecy (PFS), ensuring that compromising a session key does not allow an attacker to decrypt previously captured traffic.

Question 2

An organization is experiencing a high volume of phishing attacks where malicious actors are spoofing the company's email domain to trick employees. To combat this, the security team decides to publish a DNS record that specifies which mail servers are authorized to send email on behalf of their domain. What email security mechanism is being described?

Accepted Answer

Sender Policy Framework (SPF)

Answer

Sender Policy Framework (SPF) is an email authentication method designed to prevent domain spoofing. It allows a domain owner to publish a TXT record in their DNS that lists the IP addresses of servers authorized to send mail for that domain. Receiving mail servers can then check this record to verify the sender's authenticity.

Question 3

Which of the following BEST describes the primary security function of Domain Name System Security Extensions (DNSSEC)?

Accepted Answer

To authenticate the origin of DNS data and verify its integrity.

Answer

The primary function of DNSSEC is to add a layer of trust to DNS by providing authentication and data integrity. It uses digital signatures to ensure that the DNS data a user receives is from the correct authoritative source and has not been tampered with in transit, thus protecting against attacks like DNS cache poisoning and spoofing.

Question 4

A company needs to establish a secure VPN connection between its headquarters and a branch office over the public internet. The security policy requires that the entire original IP packet, including the source and destination IP headers, be encrypted and encapsulated within a new packet for transit. Which IPsec mode accomplishes this?

Accepted Answer

Tunnel Mode

Answer

IPsec Tunnel Mode is designed for gateway-to-gateway connections. It encrypts the entire original IP packet (both payload and header) and encapsulates it within a new IP packet with a new IP header. This new header is used for routing over the untrusted network, effectively hiding the original source and destination.

Question 5

A network architect is designing a corporate network and wants to logically divide a single physical network into multiple, isolated broadcast domains. The goal is to improve security by containing traffic within specific departments (e.g., Finance, HR, Engineering) and reducing unnecessary network traffic. Which technology is MOST suitable for this purpose?

Accepted Answer

Virtual Local Area Networks (VLANs)

Answer

Virtual Local Area Networks (VLANs) are used to logically segment a network into different broadcast domains. This allows devices to be grouped together by function or department regardless of their physical location, improving security by isolating traffic and enhancing performance by reducing broadcast traffic.

CyberVista Test Practice Test

CyberVista Test Practice Test

CyberVista Network and Communication Security Questions and Answers