Scribd
Upload
2 views5 pages

MTCSE Q1

The document contains a series of questions related to network security, focusing on topics such as Public Key Infrastructure, IPsec protocols, RouterOS services, encryption mechanisms, DHCP attacks, and various security concepts. It tests knowledge on specific protocols, ports, and methods for securing networks, as well as identifying true statements about security practices. The questions cover a wide range of network security topics, making it a comprehensive assessment tool.

Uploaded by

eliyash16264603
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views5 pages

MTCSE Q1

The document contains a series of questions related to network security, focusing on topics such as Public Key Infrastructure, IPsec protocols, RouterOS services, encryption mechanisms, DHCP attacks, and various security concepts. It tests knowledge on specific protocols, ports, and methods for securing networks, as well as identifying true statements about security practices. The questions cover a wide range of network security topics, making it a comprehensive assessment tool.

Uploaded by

eliyash16264603
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

"MTCSE" certificate test

1) Select which of the following are components of a Public key infrastructure:

Shared public key for encryption and decryption

Shared private key for encryption and decryption

Certificate authority

Registration authority

2) Select which protocol(s) and port(s) have to be opened in a firewall for an IPsec ESP tunnel to be
established:

IP protocol 51

UDP port 1701


UDP port 500 and IP protocol 50

TCP port 1723 and IP protocol 47

3) Select which of the following RouterOS services use encryption:

SSH

WWW-SSL

TELNET

WWW

WINBOX

FTP

4) “Transforming data into something an attacker cannot 'understand' ” what type of network security
mechanism is it?

Authentication

Interception

Authorization

Auditing

Encryption

Modification

5) "Port Knocking" is a method that is used for:

Discovering other routers on the network

Assigning a DHCP address to a host that is "knocking" a DHCP server

Monitoring router WAN interface


Accessing a router by attempting to connect on a sequence of “pre-specified” ports
6) Select which statements about IPsec are true

Standard DES encryption algorithm is cryptographically weak and should not be deployed

anymore
IPsec ESP can operate in tunnel mode and transport mode

IPsec ESP provides only encryption there is no message integrity check

IPsec AH provides no encryption facility for data, it checks message integrity

IPsec ESP can only operate in tunnel mode

IPsec AH on its own can provide encryption facility for data

7) In case of a rogue DHCP server is detected, what does the DHCP Alert on RouterOS do?

Automatically creates rules to stop the attack

Prevents the attack

Alerts the administrator about the attack

Stops the attack

8) What are three main security services that IPsec VPN provide?

Data integrity

Data confidentiality

Peer authentication

Data authentication

Data validation

9) Select which of the following algorithms are asymmetric:

RC4

DES

RSA

DSA

10) A certificate can be used for:

SMTP/IMAP e-mail services

IPsec tunneling

Digital signature

DHCP server
TLS server
11) Which of the following are the most common DHCP attacks?

DHCP TCP SYN

DHCP Scanning

DHCP Phishing

DHCP Starvation

Rogue DHCP

12) Select which resources the DHCP starvation attack is exhausting:

MAC adresses

UDP ports

TCP ports
IP adress pool

13) Select the correct statement about a bruteforce attack:

It is a trial-and-error attack method used to obtain information such as username and password

It is an attack on an SSH server

It is an attack on a Telnet Server

It is an attack on an FTP server

14) Where on RouterOS can the SYN packets be watched?

/interfaces monitor

/ip firewall connection print

/system profile

/ip arp
/ip firewall filter print

15) What is the most common target for a UDP attack?

DNS

ICMP

HTTP

MySQL

HTTPS

16) Select how to prevent a TCP SYN flood attack:

By enabling TCP SYN cookies in IP settings


Using firewall mangle table
Using firewall RAW table

By enabling TCP SYN cookies in connection tracking settings

17) Select which of the following protocols and ports are commonly used for IPsec and its related
services:

IP protocol 51

TCP port 51

TCP port 4500

UDP port 4500

UDP port 500

UDP port 50

TCP port 500


IP protocol 50

18) “Verifying the claimed identity of a subject, such as user name, password, etc” what type of
network security mechanism is it?

Interception

Authentication

Modification

Authorization

Encryption

Auditing

19) Select which of the following IPsec modes can be used to secure LAN to LAN communication
(without using additional tunneling protocols):
AH transport mode

AH tunnel mode

ESP tunnel mode

ESP transport mode

20) Select which of the following are security mechanisms:

Encryption

Data fabrication

Authentication

Authorization

21) What does the ICMP Smurf attack do?

Sends packets to a unicast address


Sends packets to a multicast address

Uses TCP protocol

Sends packets to a broadcast address

22) To which OSI layer does the DHCP starvation attack applies?

Layer7

Layer4

Layer2

Layer1

Layer3

23) Select which of the following protocols can be used by IPsec:

Remote Authentication Dial-In User Service (RADIUS)

Secure Soket Layer (SSL)

Encapsulating Security Payload (ESP)

Authentication Header (AH)

Internet Key Exchange (IKE)

24) “Checking whether the subject has the right to perform the action requested” what type of
network security mechanism is it?

Authentication

Interception

Authorization

Encryption

Modification
Auditing

25) Where on RouterOS the performance of individual processes can be seen?

/system identity

/system resource

/system profile

/tool profile

You might also like