Network+ N10-008 – 4.0 Network Security

Explanation: When a client computer establishes a VPN connection, it gets assigned an IP address from the internal corporate network, making it effectively a part of the internal corporate network.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 507 in PDF)

Explanation: As specified in the provided text, the NIST CSF outlines a cyclical process of Identify, Protect, Detect, Respond, and Recover for handling network threats and maintaining network security.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 472 in PDF)

Explanation: Unlike a traditional trust model, where everything within the network perimeter is trusted and everything outside isn’t, the Zero Trust model logicizes that no trust should be given to any factor whether inside or outside the perimeter. Instead, every user, device or request must be authenticated and authorized before access is granted, and this is regardless of their location.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 458 in PDF)

Explanation: The text highlights the importance of employee training, arguing that employees, through effective training, can identify potential security risks and sometimes mitigate them without additional help. This is due to their everyday presence and interaction with the physical security of the organization.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 519 in PDF)

Explanation: The principle of Least Privilege is a security concept whereby a user is granted the minimum levels of access necessary to perform his or her job functions. This helps limit internal and external threats and the potential for a data leak.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 457 in PDF)

Explanation: ’Tailgating’ refers to a social engineering tactic where an intruder gains physical access to a building by entering so close behind an authorized user that no security measure (like a key or a card) is needed. Sometimes, the authorized user might even hold the door for them, mistaking them for a fellow employee.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 487 in PDF)

Explanation: MAC filtering does involve an administrative burden as the MAC addresses to be whitelisted will need to be entered. It does not eliminate this task.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 499 in PDF)

Explanation: Single sign-on (SSO) assists the user logon by allowing the user to authenticate to the first application and then reusing the credentials for other applications. The user no longer has to enter the same username and password for each application they access.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 466 in PDF)

Explanation: According to the text, clientless VPN solutions are those which do not require the installation of a client. Instead, they allow the web browser on the device requiring connectivity back to the corporate network to act as the VPN client, with the VPN appliance acting as a reverse proxy to various resources internal to the organization.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 509 in PDF)

Explanation: An Amplified DoS attack involves making a small request to the third-party server which results in a larger response to the victim. This creates a stronger disruption to the server’s functions.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 475 in PDF)

Explanation: Fixed cameras are ideal for recording surveillance activities as they are more reliable to be pointing at the incident area when needed. PTZ cameras, although often deployed for the wrong reasons, are useful for intervention situations as they allow for 360-degree movement and zooming in on a specific area.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 515 in PDF)

Explanation: Identification badges serve as a proof of access and act as a part of the physical security protocol in organizations. In addition to serving as identification, they help regulate who can access specific areas of an organization. If an employee is in an unrecognized area and their ID badge is not on display, other security measures can be taken.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 520 in PDF)

Explanation: According to the provided passage, a significant concern when implementing IoT devices in an organization is that they often do not receive frequent updates for security patches. This is because hardware vendors often integrate off-the-shelf components that don’t get frequent updates, leaving the IoT devices exploitable.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 504 in PDF)

Explanation: A rogue access point is an unauthorized access point installed on a network that can open up the organization to potential data loss or infiltration by an attacker due to a lack of proper security settings.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 482 in PDF)

Explanation: The 802.1X protocol commonly uses RADIUS as the authentication server as mentioned in the text. This process is used to verify the credentials and control access to the network.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 469 in PDF)

Explanation: In a vulnerability assessment, the first tactic is to identify the open services using a port scanning tool according to the passage.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 471 in PDF)

Explanation: Ransomware is a type of malicious software (malware) that restricts access to a computer system that it infects in some way, and demands that the user pay a ransom to the operators of the malware to remove the restriction.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 482 in PDF)

Explanation: 802.11h is the protocol that uses Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS) to adjust for the optimal power and frequency of the client. This helps to control the power levels of the wireless signal and the frequency, ensuring optimal coverage while also not permitting the signal to reach areas it shouldn’t.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 500 in PDF)

Explanation: Switch spoofing and double-tagging of frames are the two main types of VLAN hopping. In switch spoofing, an attacker can negotiate a trunk link and tag their packets with the VLAN they want to attack, bypassing controls. In double-tagging, attacker’s packets carry two tags, one for the current VLAN and one for the target VLAN. The switch removes the first tag and sends the packet based on the second tag.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 479 in PDF)

Explanation: Local authentication is typically used for providing access to a small group of people where each account has to be manually created on each device or server to be accessed. This is because local authentication operates by authenticating the user to a local database contained on the equipment or server.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 469 in PDF)

Explanation: An employee can access an electronic device from a smart locker by scanning their employee badge. The equipment is then automatically checked out to them.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 523 in PDF)

Explanation: Well-trained employees can identify when a threat exists and anticipate the potential risks associated with that threat being carried out. In some cases, they might be able to address the risk without external assistance, thereby bolstering the organization’s security.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 519 in PDF)

Explanation: The text specifies that when disposing of assets, considerations must be made regarding accounting practices, environmental compliance, recycling, and physical security which also includes the residual data on the equipment.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 523 in PDF)

Explanation: The RA Guard feature is designed to restrict which port can send Router Advertisement (RA) messages. This aids in the prevention of spoofing attacks where an attacker may attempt to divert traffic via a forged RA message.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 490 in PDF)

Explanation: The CVE system was designed primarily to create a standard nomenclature for vulnerabilities, reducing overlap in documentation from different agencies documenting the same vulnerability. This system aids in easy tracking and referencing of vulnerabilities across multiple platforms and documentation.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 455 in PDF)

Explanation: A captive portal acts as a mechanism to redirect users who connect to the network (wired or wireless) to a portal where they can log in or agree to the Acceptable Use Policy (AUP). This is done before the users gain full web access. This feature is common in establishments such as hotels.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 503 in PDF)

Explanation: Even in secure areas where unauthorized access is unlikely, locking network racks can prevent accidental power down or tampering of the server or equipment. This can be particularly crucial in maintaining uninterrupted network services.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 522 in PDF)

Explanation: The console router is used by the technician to give access to the console CLI (command-line interface). This is useful for out-of-band configuration and diagnostics or initial setup.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 513 in PDF)

Explanation: Phishing is a social engineering attack that is typically performed via email to gather usernames, passwords and other personally identifiable information. The attacker crafts an email resembling the system’s interface and asks the user to input their information, usually through a link to a compromised website.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 487 in PDF)

Explanation: Biometric access control systems use unique physical or behavioral characteristics of a person to grant or deny access. The most common forms of biometrics are fingerprints, facial features, iris or retinal scans, and voice. The description in the text explains that fingerprint recognition is most common.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 520 in PDF)

Explanation: PIR sensors operate by monitoring the measurement of infrared radiation from several zones, and they typically have a grid pattern on the sensor face.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 517 in PDF)

Explanation: Access Control Lists (ACLs) in a screened subnet (DMZ) are typically designed to restrict which services Internet hosts can access on servers in the DMZ, as well as control which hosts can communicate with internal servers. It is a form of security measure to control and restrict unauthorized access to the network.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 461 in PDF)

Explanation: According to the text, the easiest method of segmentation for a network is to implement virtual local area networks, or VLANs. VLANs each have a distinct network ID and can create segments within the network, improving security by limiting access.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 461 in PDF)

Explanation: According to the CIA triad described in the text, file hashes are used to protect the integrity of the information by detecting unauthorized altering of the data, not its confidentiality.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 453 in PDF)

Explanation: EAP is not a specific authentication method or mechanism. Instead, it’s a framework that allows for the extensibility of authentication methods.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 470 in PDF)

Explanation: In the context of CompTIA Network+, ’Piggybacking’ refers to an individual covertly following another person into a secure area, such as a building, without using a key, card, or any other security device. The person originally swiping in may not even see the ’piggybacker’. This type of physical intrusion is a form of social engineering.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 487 in PDF)

Explanation: Social engineering in the context of network security is about manipulating people to disclose confidential information. It usually involves making people feel obliged to help without realizing they’re disclosing sensitive information that can be used for malicious activities.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 487 in PDF)

Explanation: Changing the native VLAN mitigates the risk of users being exposed to the management VLAN and potential VLAN hopping attacks. This reduces the possibility of unauthorized access to the management network or undesired data movement.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 495 in PDF)

Explanation: The separation of duties in network security is aimed at reducing the control or power of one individual over a process. This is done by assigning specific responsibilities and limiting permissions to those areas necessary to perform their specific duties. This helps prevent misuse, misconfigurations, as well as concealing illicit activities by deleting logs.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 462 in PDF)

Explanation: A zero-day vulnerability refers to a network vulnerability that is discovered before a patch or workaround can be developed and made available. This leaves the network exposed to potential attacks.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 456 in PDF)

Explanation: MAC spoofing refers to the technique where an attacker mimics the MAC address of a validated device to bypass network security measures like firewalls or captive portals using the MAC Authentication Bypass protocol. This method is commonly used in networks that allow self-registration of devices.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 484 in PDF)

Explanation: The Remote Desktop Protocol (RDP) communicates over TCP 3389 to deliver the remote screen and connect the local mouse and keyboard to the RDP session.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 509 in PDF)

Explanation: The Kerberos protocol provides strong security for transmitted usernames and passwords via Triple Data Encryption Standard (3DES) and Advanced Encryption Standard (AES) encryption, and it was named after a three-headed hound in Greek mythology. It introduces this level of security through a three-way trust, where both the client and server must trust the authenticating server for access.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 469 in PDF)

Explanation: A virus distinguishes itself from other malware because it is self-replicating code that often injects its payload into documents and executables. This is done in an attempt to infect more users and systems.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 486 in PDF)

Explanation: The text mentions that detection of physical access allows you to know what happened (event), when it happened (time), and who did it (person responsible). Therefore, option C is correct.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 515 in PDF)

Explanation: The key goal of a security assessment is to report the current security status of the organization with an aim to improve or tighten security.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 471 in PDF)

Explanation: SNMP version 3 is the first version to address security concerns. It acknowledges potential issues of unauthorized access and introduces encryption and strong authentication process for a safer and secure transmission of information. Therefore, the statement focusing on SNMP version 3 is correct.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 489 in PDF)

Explanation: Port security is implemented primarily to restrict specific MAC addresses or a certain number of MAC addresses on a physical access mode switch port. By doing this, it sets a limit on who has access that port which can help to improve network security.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 490 in PDF)

Explanation: PEAP uses TLS to protect EAP messages by providing an encrypted tunnel as well as authentication between the host and the authenticating server before credentials are passed.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 502 in PDF)

Explanation: The text mentions that when evaluating the hardening techniques to be utilized on a network, it is necessary to evaluate your risk, evaluate the overhead the hardening introduces, and prioritize which of these techniques should be activated.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 489 in PDF)

Explanation: Hybrid drives are made up of a combination of a conventional magnetic drive and a small amount of SSD flash to store the most frequently used data blocks. Due to this arrangement, these drives need to be sanitized using a proprietary tool from the vendor.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 525 in PDF)

Explanation: Both Microsoft Server (starting from Windows Server 2008) and Linux/Unix operating systems use the tactic of disabling all services out of the box. This reduces the surface area of attack by reducing the number of potentially exploitable entry points.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 494 in PDF)

Explanation: Protected Extensible Authentication Protocol (PEAP) is jointly developed by Cisco, Microsoft, and RSA Security and works in conjunction with 802.1X authentication systems and provides Transport Layer Security (TLS).

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 501 in PDF)

Explanation: A rogue DHCP server is an unauthorized DHCP server that an attacker can use to distribute invalid IP addresses within a network. By doing so, the attacker causes a DoS (Denial of Service) and could also redirect network traffic through their own host computer.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 481 in PDF)

Explanation: As explained in the text, solid state drives contain non-volatile memory chips and use proprietary algorithms to organize the data. They cannot sanitize data through the systematic writing of 1s and 0s to eliminate the underlying data. Instead, these devices usually require a vendor-specific tool to erase the drive fully.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 524 in PDF)

Explanation: Although factory reset means that the configuration of the equipment will be wiped out, it does not always mean that all stateful information will also be deleted beyond recovery. This is particularly true for computers, where data may still be recoverable post-reset, depending on the method. Therefore, it is important to refer to the vendor’s documentation for proper decommissioning procedures.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 524 in PDF)

Explanation: In an On-Path (Man-in-the-Middle) attack, the attacker positions themselves between the user and the destination server. This allows the attacker to eavesdrop on and manipulate the network conversation without either party knowing, impersonating both parties involved in the network conversation.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 478 in PDF)

Explanation: The text mentions the most common authentication factors as: something you know (passwords), something you have (smartcard), and something you are (biometrics). There is no mention of ’Something you think (Thoughts)’ being an authentication factor.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 464 in PDF)

Explanation: From the text, it is clear that confidentiality, as part of the CIA triad, can be achieved with physical locks, file cabinets, safes, and, in extreme cases, security guards. Confidentiality can also be achieved electronically with authentication, encryption, and firewalls. These measures limit access to only the individuals allowed to access the information while denying access for those individuals who are restricted from accessing the information.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 454 in PDF)

Explanation: MAC filtering enhances wireless security by only permitting devices with MAC addresses that have been whitelisted to access the network. This is particularly effective as it’s challenging for an attacker to identify which MAC addresses are allowed by the switch or WAP.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 499 in PDF)

Explanation: While DNA is a measure related to a person’s body, it is not commonly used for biometric access control due to practicality and privacy concerns. Regularly used biometric access controls include voice recognition, fingerprints and iris (or retina) scans.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 520 in PDF)

Explanation: DHCP snooping prevents a rogue DHCP server, also referred to as a spurious DHCP server, from sending DHCP messages to clients. This helps protect the network from DHCP spoofing attacks in which an attacker uses a rogue DHCP server to redirect valid traffic to a compromised website.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 495 in PDF)

Explanation: A VPN concentrator in a site-to-site VPN connection encrypts and encapsulates the information as data, creating a route entry for the remote network. It then sends the encrypted data to the other side of the tunnel over the Internet.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 506 in PDF)

Explanation: Multifactor authentication tackles the issue of a compromised single-factor authentication method by integrating multiple authentication methods. This could include a combination of physical security (something you have), biometrics (something you are), passwords (something you know), location data (somewhere you are), or behavioral attributes (something you do).

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 465 in PDF)

Explanation: Explicit deny is used in a firewall to restrict specific applications or IP addresses even if there is a subsequent rule that allows broad access. This allows more control and security over the network as you can deny access to certain applications like Remote Desktop Protocol (RDP) or Secure Shell (SSH) that shouldn’t be accessible from the client network.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 499 in PDF)

Explanation: Geofencing creates a virtual perimeter using mapping software and GPS coordinates reported by an agent installed on the device. If a device moves outside of this virtual boundary, it is considered out of compliance and may be subject to a device wipe as a security measure to prevent data loss.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 503 in PDF)

Explanation: Secure Shell (SSH) uses asymmetrical encryption, or public-private keypair, to provide authentication between the SSH client and server.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 510 in PDF)

Explanation: Due to the unknown length of time that a device may have been stored before purchase, vulnerabilities may have been discovered that hackers can exploit. Updating the firmware helps to patch these vulnerabilities, ensuring the security of the device when it is put into service.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 496 in PDF)

Explanation: A split tunnel directs only corporate network traffic over the tunnel, allowing direct access to the Internet for non-corporate traffic. A full tunnel, however, directs all traffic over the tunnel, regardless of its destination. This is useful when an organization wants to filter all traffic, often for security or content filtering purposes.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 509 in PDF)

Explanation: The principle of least privilege ensures that a user is given no more access rights than what is necessary for them to perform their duties. This is a fundamental concept of IT security and is critical to minimizing potential damage upon security incidences. In the context of remote access, this principle specifically applies to what resources a user can access in the organization’s internal network when working remotely.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 511 in PDF)

Explanation: In-band management of a network device is viable while the device is active and functioning properly, as it is accessible via the data plane it serves. However, when a malfunction or an equipment failure occurs, out-of-band management becomes necessary, allowing the device to be reached independently of the network connections it serves.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 512 in PDF)

Explanation: According to the text, brute-force attacks involve trying every combination of a password until access is granted. This method is a last resort in password attacks and can be employed in both online, which is attempting to crack the password directly on the application, and offline methods, which involves theft of the credentials file and attempting the attack on the offline credentials file.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 483 in PDF)

Explanation: In a DDoS attack, many bots are employed to create a botnet. A compromised server or host, known as a command and control server, is used by the bad actor to send commands to each bot in the botnet. Unlike other forms of DoS attacks, it’s virtually impossible to isolate and firewall the source of the attack when traffic is coming from millions of different hosts making up the botnet.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 478 in PDF)

Explanation: Defense in depth is based on the concept that combining several different security measures will make it harder for an attacker to succeed. It doesn’t rely on any single mechanism but uses different mechanisms to create more layers, or depth, to the defense strategy.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 459 in PDF)

Explanation: EAP-TLS is an open standard defined by the IETF which is commonly deployed with a certificate authority. When it’s deployed with a certificate authority, the deployment is more secure because each user or computer is issued an individual certificate, according to the passage.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 502 in PDF)

Explanation: The languages spoken by guests is not typically a consideration when setting up a guest network. Factors such as bandwidth, length of access, and connection permissions are more critical for network security and functionality.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 501 in PDF)

Explanation: Surveying the environment before entering personal data is the best defense against shoulder surfing. It allows you to ensure that no one is positioned in a way that they could view your keystrokes or other sensitive information.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 487 in PDF)

Explanation: A SIEM system is responsible for collecting data (usually in the form of logs), identifying anomalies in that data, and taking actions based on the identified anomalies, which can range from sending a notification to actively blocking a threat.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 473 in PDF)

Explanation: Changing both the default username and password makes it more difficult for a brute-force attack to be performed against the default username. This in turn increases the overall security of the network device.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 494 in PDF)

Explanation: A dictionary attack is made using a database of common words or frequently used passwords. The best way to mitigate this kind of attack is to use passwords that are complex, including lowercase, uppercase, symbols, and numbers, and also long (over 10 characters), making them less likely to appear in the ’dictionary’ of commonly-used words.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 483 in PDF)

Explanation: In an ARP spoofing attack, the attacker sends a spoofed ARP reply (a forged Gratuitous Address Resolution Protocol packet) in response to the victim’s ARP request for the default gateway IP address. This updated (manipulated) ARP entry causes the victim to send subsequent packets intended for the default gateway to the attacker’s address instead. The attacker can then inspect the packets’ contents and forward the information to the real default gateway.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 481 in PDF)

Explanation: While a risk assessment may involve elements like identifying potential bad actors or contracting out to security firms, its main function is to identify an organization’s overall risks and recommend steps to mitigate these risks.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 472 in PDF)

Explanation: Solid state drives contain non-volatile memory chips and they use proprietary algorithms to arrange the data in the memory. So, these drives cannot be sanitized by the systematic writing of 1s and 0s to erase the underlying data. These devices typically require a vendor-specific tool that can erase the entire drive. Each vendor will have a proprietary tool to sanitize the data, and therefore you should always check with the vendor when preparing to sanitize an SSD.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 524 in PDF)

Explanation: Patching an operating system immediately after installation is crucial to fix vulnerabilities present in the system at the time of the build, as outlined in the provided text. This ensures that the system is secure before it is put into service, and patches are provided by the system vendor.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 496 in PDF)

Explanation: A honeypot is a physical or virtual host that is set up to allow unauthorized access. The honeypot is a system that is tightly controlled by the administrator, but it allows an attacker to compromise the system so that the administrator can analyze the attacker’s efforts.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 464 in PDF)

Explanation: Lightweight Directory Access Protocol (LDAP) by default uses the TCP protocol on port 389.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 468 in PDF)

Explanation: In the context of network security, a vulnerability is a weakness which can be exploited by attackers. It can be physical- or network-based, found in applications, operating systems, and network products. Regular patching helps mitigate known vulnerabilities but it’s impossible to eliminate all vulnerabilities.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 455 in PDF)

Explanation: Control Plane Policing (CoPP) is designed to protect the control plane of a router or switch from being overwhelmed by unnecessary or maliciously intended traffic. It does this by policing and, if necessary, dropping traffic directed to the control plane, thereby protecting the CPU of the device.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 492 in PDF)

Explanation: In a security assessment, a penetration test is carried out to exploit the known vulnerabilities in a network. This is done in order to test the security of the network, and to see how it would hold up against an actual attack.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 472 in PDF)

Explanation: A preshared key (PSK) is indeed a symmetrical encryption system where the key that encrypts the data also decrypts the data.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 501 in PDF)

Explanation: According to the passage, the main reason organizations have adopted VDI is for better control over their data. The text clearly states that this strategy can minimize an organization’s data loss because the data never leaves the organization’s data center.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 511 in PDF)

Explanation: A reflective DoS attack is when an attacker sends a request to a third-party server and forges the source address of the packet with the victim’s IP address. The third party then responds to the victim, leading to a denial of service.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 476 in PDF)

Explanation: The sanitization of magnetic drives requires the overwriting of data because the data is stored magnetically on the platter. The data is erased by writing 1s and 0s to each addressable cluster location in the filesystem.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 524 in PDF)

Explanation: Active RFID tags contain a battery-powered transmitter, which makes them capable of transceiving tracking signals. On the other hand, passive RFID tags do not have their own power source, they work by responding to the incoming radiation (RF) from a high-powered transponder.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 518 in PDF)

Explanation: Tailgating, a social engineering tactic, refers to an attacker sticking so close to a person entering a building that they are able to enter right behind them without needing to use a key, card, or any other security device. The person who is being followed might even unwittingly hold the door open for the attacker, thinking they are a colleague.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 487 in PDF)

Explanation: Dynamic ARP Inspection (DAI) inspects the DHCP binding table for each ARP request. If an ARP reply comes back that conflicts with the information in this table, the DAI process will drop the ARP reply. This serves as a security measure to prevent ARP spoofing attacks.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 491 in PDF)

Explanation: Role-based access simplifies security by grouping the necessary permissions for a specific job into a single role. Once the role is assigned to a user, they are granted all of the necessary permissions, reducing the complexity of security setups that would traditionally require individual permissions to be layered or stacked on one another. This simplifies the management of permissions, helps to prevent the misallocation of permissions and reduces the risk of security breaches due to inappropriate access permissions.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 498 in PDF)

Explanation: Unused switchports on network devices can be exploited by an attacker with physical access to the switch. If they are not disabled or protected, an attacker can connect a device, such as a laptop or a wireless access point, to these ports and gain access to the network.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 493 in PDF)

Explanation: DNS poisoning is an attack that involves an attacker replacing valid DNS entries with their own IP address, often carried out by sending random answers to the DNS server with their IP address. This is done in the hope that the targeted DNS server, which may have asked a legitimate DNS server for the answer, will accept the malicious reply.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 479 in PDF)

Explanation: Private VLANs offer micro-segmentation of the primary VLAN (standard VLAN) to introduce security between hosts. They isolate different parts of the network to ensure secure communication.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 492 in PDF)

Explanation: An internal threat refers to a potential danger to the network or the assets of the organization coming from within the organization itself. This could be actions taken by a disgruntled employee such as leaking sensitive data or running malicious code.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 455 in PDF)

Explanation: Locking network racks and cabinets is an important physical security measure. It helps in preventing unauthorized personnel from accidentally or intentionally powering down equipment, modifying existing wiring, or accessing the network. It also prevents unauthorized access to information or materials stored in locked cabinets.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 522 in PDF)

Explanation: By definition, an amplified DoS attack involves making a small request to a third-party server that results in a larger response being sent to the victim. Taking advantage of server capabilities like DNS and NTP, the attacker can cause a disproportionately large traffic signal to be sent to the victim based on a relatively small initial request, greatly magnifying the impact of the attack.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 477 in PDF)

Explanation: Role-based access simplifies the permission settings by assigning users specific roles that already have established rights, instead of assigning individual permissions. This both reduces complexity and minimizes potential errors.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 457 in PDF)

Explanation: In an Evil Twin attack, the attacker sets up a fake wireless access point that mimics a legitimate one. Once a user connects to it, their traffic can be monitored and exploited by the attacker. Creating a stronger signal is one way to lure users into connecting with the fake access point.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 482 in PDF)

Explanation: In the context of network security, an exploit refers to a method (usually in the form of scripts, software, or sequences of commands) that takes advantage of a known vulnerability. The aim of an exploit is often to gain unauthorized access or control.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 456 in PDF)

Explanation: On POTS lines, the modem can provide a top speed of 56 Kbps.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 512 in PDF)

Explanation: An access control vestibule, also known as a mantrap, is a security measure designed primarily to prevent unauthorized users from following an authorized user into a secure area. This is called tailgating. The vestibule is a small room with two controlled access doors; a person must enter the first door and be authenticated before the second door will open, effectively preventing anyone from entering without proper authorization.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 522 in PDF)

Explanation: VNC supports encryption via plug-ins but is not encrypted by default.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 510 in PDF)

Explanation: Transmission interception detection is not a type of tamper detection mentioned in the material. Tamper detection mostly involves detection of direct physical interference with the equipment.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 519 in PDF)

Explanation: The wireless client isolation feature is primarily used for enhancing security. It prevents wireless clients on the same network from interacting with each other, making it harder for an attacker to compromise other devices or use them as a pivot point for their attack.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 500 in PDF)

Explanation: The text suggests that creating a password should always follow best practices, which include the password being at least 12 to 18 characters. This ensures that the password is strong enough and thus, harder for a potential hacker to guess or crack.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 494 in PDF)

Explanation: A Network Access Control (NAC) system, when used with the 802.1X protocol, acts as a monitoring tool for client health and integrity before permitting network access. This check includes factors like the client’s current patch level, antivirus signature date, and firewall status. This setup not only assists in ensuring stable and secure network operation but can also place any client that fails the checks into a remediation network for appropriate rectification before network access.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 463 in PDF)

Explanation: A VPN is primarily used to extend a company’s internal network across the public internet. It allows remote clients and branch networks to connect securely and privately with the company’s network.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 506 in PDF)

Explanation: IP Spoofing is, indeed, an attack technique where an attacker impersonates the IP address of an organization’s assets. This allows the attacker to circumvent access control systems and gain access to protected resources.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 485 in PDF)

Explanation: Considering security viewpoint, power levels should be adjusted so the signal does not go beyond the interior of the building, preventing possible infiltrations. The 802.11h wireless protocol can help control the power of the access point needed by each individual client through its Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS) functionality.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 500 in PDF)

Explanation: Data integrity in transit can be ensured using signatures and checksums, such as the use of the Authentication Header (AH) protocol. This ensures that the data is not altered as it is being transmitted across the network.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 454 in PDF)

Explanation: Phase 0 in EAP-FAST (Extensible Authentication Protocol – Flexible Authentication via Secure Tunneling) is when in-band provision occurs to create a shared secret that will be used in Phase 1 to establish a secure tunnel.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 502 in PDF)

Explanation: The deauthentication attack is a type of security attack involving the 802.11 wireless protocol. An attacker can use a deauthentication frame to disconnect a client from their access point, typically in an effort to get them to inadvertently connect to a false access point set up by the attacker. This can then allow the attacker to generate association traffic, which can be utilized for cracking the wireless passphrase and further compromising network security.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 486 in PDF)

Explanation: The TACACS+ protocol is primarily used for authorization, authentication, and auditing of routers and switches. It was developed by Cisco as an open standard.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 466 in PDF)

Explanation: As per the information provided, if a specific condition in an ACL is not met, the default action is to deny the traffic.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 496 in PDF)

Explanation: In the context of the CIA triad for information security, ’Availability’ refers to how consistently, effectively, and reliably the systems serving the information are available or function without downtime. It involves the use of redundant systems and components to ensure high availability of information, and also considers backups and restoration times.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 454 in PDF)

Explanation: A brute-force attack is generally a last-ditch effort in which an attacker uses a brute-force application to try every possible combination of a password until access is granted. These combinations include uppercase and lowercase letters, symbols, and numbers, making the total number of potential combinations exponentially increase with each added character.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 483 in PDF)

Explanation: The Remote Desktop Gateway is a Microsoft server role that primarily allows centralized access to remote desktops, such as remote desktop workstations or remote desktop servers. This allows users to access their systems remotely through a secured and authorized connection.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 509 in PDF)

Explanation: A distributed denial-of-service (DDoS) is a more common type of DoS attack that uses multiple compromised servers or hosts, cast as bots, to create a botnet. The large number of sources makes it difficult to block or isolate the DoS. The bad actor controls the botnet using a command and control server, which is often a compromised server as well.

Ref: CompTIA Network+ Review Guide: Exam N10-008 5th Edition

(Page 475 in PDF)