Unit 4 of 5
Study guide for CLEP CLEP Information Systems — Unit 4: Networks & Security. Practice questions, key concepts, and exam tips.
20
Practice Questions
10
Flashcards
4
Key Topics
Try these 5 questions from this unit. Sign up for full access to all 20.
A company's IT department discovers that an employee's workstation has been compromised by malware. The malware is capable of capturing and transmitting sensitive data to an external server. Which of the following is the most likely type of threat in this scenario?
Answer: C — The correct answer is C) Trojan horse because it is a type of malware that can capture and transmit sensitive data to an external server. A Trojan horse is a malicious program that disguises itself as a legitimate program, allowing it to bypass security measures and gain access to sensitive data. Option A is incorrect because a phishing attack is a type of social engineering attack that tricks users into revealing sensitive information, but it is not typically associated with malware. Option B is incorrect because a Denial-of-Service (DoS) attack is designed to overwhelm a system with traffic, making it unavailable to users, but it is not typically used to capture and transmit sensitive data. Option D is incorrect because a virus infection can cause damage to a system, but it is not typically used to capture and transmit sensitive data to an external server.
A company's network has been compromised by a malicious actor who has gained access to sensitive data. The actor demands a ransom in exchange for not releasing the data to the public. This type of attack is an example of which of the following?
Answer: D — This is correct because a ransomware attack involves a malicious actor gaining access to a network or system and demanding a ransom in exchange for not releasing sensitive data. The other options are incorrect because phishing attacks involve tricking users into revealing sensitive information, DoS attacks involve overwhelming a system with traffic, and MitM attacks involve intercepting communication between two parties.
A company has a wireless network that is used by employees and guests. The network is not encrypted, but a username and password are required to access it. One day, an employee reports that their laptop was connected to the network, but they did not authorize any purchases that were made from their device. It is likely that the network was compromised by a rogue access point. What type of attack is most likely to have occurred?
Answer: A — The correct answer is D because a rogue access point can be used to intercept and modify network traffic, allowing an attacker to steal sensitive information or make unauthorized purchases. A phishing attack (A) typically involves tricking a user into revealing sensitive information, which is not relevant to this scenario. A man-in-the-middle attack using a rogue server (B) would require the attacker to have control of the network's server, which is not indicated in the scenario. A Denial of Service (DoS) attack (C) would involve overwhelming the network with traffic, which would not allow an attacker to make purchases from a user's device.
A company has just set up a new network and wants to ensure that only authorized personnel can access it. They are considering implementing a security measure that will require all users to provide a username and password before gaining access to the network. What type of security measure is this an example of?
Answer: D — This is an example of authentication because it requires users to provide a username and password to verify their identity before accessing the network. Firewall configuration (A) is incorrect because it involves controlling incoming and outgoing network traffic. Encryption (C) is incorrect because it involves scrambling data to protect it from unauthorized access. Intrusion detection (D) is incorrect because it involves monitoring network traffic for signs of unauthorized access or malicious activity.
A company is setting up a virtual private network (VPN) to securely connect remote employees to the main office network. The VPN will be used to transmit sensitive data, including financial information and personal employee data. Which of the following protocols is most suitable for establishing a secure VPN connection?
Answer: B — IPSec (Internet Protocol Security) is a suite of protocols used to secure IP communications by encrypting and authenticating each packet of data. It is widely used for establishing secure VPN connections. HTTP (Hypertext Transfer Protocol) is used for transferring data over the web, FTP (File Transfer Protocol) is used for transferring files, and Telnet is used for remote access, but none of these protocols provide the level of security required for a VPN connection. Therefore, IPSec is the most suitable protocol for establishing a secure VPN connection.
CLEP® is a trademark registered by the College Board, which is not affiliated with, and does not endorse, this product.