CompTIA Network+ N10-008 CH18 - Course Quiz
This flashcard set focuses on network access control and governance. It explains how a Network Access Policy outlines who can connect, the methods of access, and the resources available to them, ensuring security and proper usage of the network.
The ___________ defines who may access the Network, how they may access the Network, and what they can access?
Network Access Policy
Service-Level Agreement (SLA)
Multi-Source Agreement (MSA)
Statement of Work (SoW)
Network Access Policy
Key Terms
The ___________ defines who may access the Network, how they may access the Network, and what they can access?
Network Access Policy
Service-Level Agreement (SLA)
Multi-Source Agreement (MSA)
Statement of Work (SoW)
Network Access Policy
The main method by which a first responder secures an area is by having their presence at the scene?
True
False
True
Which secondary location is a complete duplicate of the Primary Site?
local
physical
hot
cold
hot
International export controls restrict the export of some kinds of hardware and software along with more obvious things like weapons to specific countries?
True
False
True
With ____________ deployment, employees are presented with a Whitelist of preapproved applications that they may install on a corporate device?
Corporate-Owned, Personally Enabled (COPE)
Corporate-Owned, Business Only (COBO)
Personally-Owned, Personally Enabled (POPE)
Chose Your Own Device (CYOD)
Corporate-Owned, Personally Enabled (COPE)
Which tool is an Open-Source tool for Penetration Testing pretty much every aspect of Wireless Networks?
Kali Linux
Aircrack-ng
Armitage
OpenVAS
Aircrack-ng
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
The ___________ defines who may access the Network, how they may access the Network, and what they can access? Network Access Policy | Network Access Policy |
The main method by which a first responder secures an area is by having their presence at the scene? True | True |
Which secondary location is a complete duplicate of the Primary Site? local | hot |
International export controls restrict the export of some kinds of hardware and software along with more obvious things like weapons to specific countries? True | True |
With ____________ deployment, employees are presented with a Whitelist of preapproved applications that they may install on a corporate device? Corporate-Owned, Personally Enabled (COPE) | Corporate-Owned, Personally Enabled (COPE) |
Which tool is an Open-Source tool for Penetration Testing pretty much every aspect of Wireless Networks? Kali Linux | Aircrack-ng |
The __________________ factor indicates the length of time a device is expected to last in operation? mean time between failures (MTBF) | mean time to failure (MTTF) Explanation: Mean Time between Failures (MTBF) - Applies to hardware components, manufacturer’s best guess regarding how much time will past between major failures of the component. Mean Time to Repair (MTTR) - The amount of time it takes to fix a system after it fails. |
Network access policies may be embedded into policies such as VPN Policy, Password Policy, Encryption Policy, and many others? True | True |
Which two tools dominate the Vulnerability Testing arena? Aircrack-ng and Metasploit | Nessus and OpenVAS |
If the disaster requires actions offsite from the primary infrastructure, it is under the jurisdiction of ________________? business continuity | business continuity |
Business continuity handles everything related to recovery infrastructure from a disaster except incidents that require moving part of the organization’s business offsite? True | False |
If an incident can no longer be contained, causing significant damage or danger to the immediate infrastructure, it is covered under __________? change management | disaster recovery |
Anything that negatively affects an organization, that hurts or comprimises its people, systems, or ability to function as an entity, is a ___________________? vulnerability | incident |
It doesn’t always happen this way, but its best for everyone involved if there’s a smooth ______________ procedure to ensure new members of an organization get everything they need to settle in efficently and a careful ___________________ procedure to reverse these when they leave the organization? offboarding, onboarding | onboarding, offboarding |
Which term is used for all the customized settings for a Router, Switch, Load Balancer, Intrusion Detection/Prevent System (IDS/IPS), Firewall, or other Network Device? computer forensics | configuration data |
Every asset has some weakness that makes it potentially susceptible to a threat? True | True |
Which is a legal document that prohibits the signer from disclosing any company secrets learned as part of his or her job? Multi-Source Agreement (MSA) | Nondisclosure Agreement (NDA) |
A proper assessment of a backup plan records how much data might be lost and how long it would take to restore? True | True |
Which document defines the duties parties commit to perform for each other and a time frame for the commitment? Memorandum of Understanding (MOU) | Memorandum of Understanding (MOU) |
With a _________________ site, everything of note is stored in the cloud, including servers, client machine images, applications, and data? physical | cloud |
Most restored systems have the same amount of lost data based on when the last backup took place? True | True |
By following good patch management procedures, you can roll back or downgrade by removing a patch? True | True |
Disaster recovery starts with a plan and includes ____________? change management | data backups |
Firmware updates enable programming updates that make network devices more efficient, more secure, and more robust? True | True |
Which tool is a Port Scanner? OpenVAS | Nmap |
End users are probably the primary source of security problems for any organization? True | True |
An organization offering _ options provides employees Free chocie within a catalog of Mobile Devices? Choose Your Own Device (CYOD) | Choose Your Own Device (CYOD) |
Business continuity planning deals with the concept of backing up sites? True | True |
Which document is arguable the most famous of all security policies as this is the one document that pretty much everyone who works anywhere is required to read, and in many cases sign, before they can start work? forensics report | Acceptable Use Policy (AUP) |
Which secondary location will generally take more than a few days to bring online? local | cold |
______, from Tenable Network Security, is arguably the First truly comprehensive Vulnerability Testing tool that has been around for almost two decades? | Nessus |
A ___ is a document between a customer and a service provider that defines the scope, quality, and terms of the service to be provided? | Service-Level Agreement (SLA) |
The ___ policy defines what is and what is not acceptable to do on an organization's computers? | Acceptable Use |
Instead of adding access to the customer database for every sales representative's account, a __ approach would establish a sales-representative role, associate each representative's account with the role, and assign all of the necessary privileges to the role? | role based access |
A ___ is in essence a legal contract between a vendor and a customer? | Statement of Work (SoW) |
The _ factor indicates the length of time a device is expected to last in operation? | Mean Time to Failure (MTTF) Explanation: Mean Time between Failures (MTBF) - Applies to hardware components, manufacturer's best guess regarding how much time will past between major failures of the component. Mean Time to Repair (MTTR) - The amount of time it takes to fix a system after it fails. |
____ simply means identifying people who can take over certain positions (usually on a temporary basis) in case the people holding those critical positions are incapacitated or lost in an incident? | Succession Planning |
A sets an upper limit to how much lost data the organization can tolerate if it must restore from a backup, effectively dictating how frequently backups must be taken? | Recovery Point Objective (RPO) |
Incidents that take place within the organization that can be stopped, contained, and remediated without outside resources are handled by planning? | incident response |
The process of creating change in your infrastructure in an organized, controlled, safe way is called _? | Change Management |
A __ is an event that disables or destroyes substantial amounts of infrastructure? | disaster |
Briefly describe the purpose of a Memorandum of Understanding (MOU)? | A document agreement that defines the duties between 2 parties conducting occasional business where a legal contract wouldn't be appropriate. |
Describe the two aggressive and powerful comprehensive Vulnerability testers that dominate the field, Nessus and OpenVAS? | Nessus - the first truly comprehensive Vulnerability testing tool from Tenable Network Security and is Free to Home Users and requries a Subscription for commercial use. |
Briefly identify three items that should be included when documenting change? | Network (Configurations) - Such as Server, Router configurations and so on. |
How do organizations use Business Continuity Planning (BCP)? | To detail risks to critical systems, cost to replace or repair such systems, and how to make those replacements or repairs happen in a timely fashion. |
Describe Aircrack-ng? | An Open Source tool for Pentesting pretty much every aspect of Wireless Networks. |
Distinguish between a Warm Site and a Hot Site included in a Business Continuity Plan? | Warm Site starts with the same components as a Cold Site, but adds Computers loaded with software and functioning servers, a complete hardware infrastructure. Warm Site lacks current data and may not have functioning Internet/Network Links. Bringing this site up to speed may start with activating your Network Links and loading recent backups, may take a day or two to bring online. Hot Site has everything a Warm Site does, but also includes very recent backups. It might need just a little data restored but in many cases a Hot Site is a complete duplicate of the primary site. A Proper Hot Site should only take a few hours to bring online. |
What is Kali Linux? | Specialized Linux Distro with the best, most recent and powerful Tools for Security Professionals, Pentesters and Ethical Hackers. |
Identify and elaborate on the important steps that take place in almost every scenario of a Network Patch environment? | Research - It's important to research the Patch to verify that it is going to do what you need it to do and that people who have already installed the patch aren't having problems. Test - Always a good idea to test patches on a test system when possible. Configuration Backups - Backing up configurations is critical, especially when backing up firmware in the event something bad happens, this will allow you to recover quicker. |
Briefly describe the premise on which IT Security is based? | That somewhere, at some time, something will attack some part of your Network. The attack may take as many forms as your paranoia allows. |
Briefly list the five items that should be included in a good change request? | Type of Change Configuration Procedures Rollback Process Potential Impact Notification |
Describe Metasploit? | Unique, open source tool that enables the Pentester to use a massive library of attacks as well as tweak those attacks for unique pentetrations. It's the goto tool for Pentesting. |
Briefly identify the two levels at which changes tend to originate? | Strategic-Level Changes - Initiated by management and major in scope. Infrastructure-Level Changes - Typically initiated by a department by making a request to the change management team. |