Section 4.1 Demonstrate your acquired knowledge about explaining the importance of basic network security concepts. This will demonstrate your proficiency for section 4.1 of the Network+ 10-009 objectives. 1 / 25 Geofencing in cybersecurity can restrict access based on: User credentials Device MAC address Geographic location Application protocol 2 / 25 In Role-Based Access Control (RBAC), what determines user access? Username Assigned role or group IP address MAC address 3 / 25 What is the concept of limiting user permissions to only what is necessary for their job? Least privilege SSO Time-based access Federation 4 / 25 Time-based authentication often uses which type of code? Static PIN OTP Username Barcode 5 / 25 TACACS+ differs from RADIUS in that it: Only works with Windows Separates authentication and authorization functions Doesn't encrypt data Cannot be used with MFA 6 / 25 Which term refers to the physical separation of guest devices from internal resources on a network? NAC VLAN hopping Network segmentation MAC filtering 7 / 25 What is the key concern when enforcing network segmentation for IoT and IIoT devices? Licensing restrictions Device naming conventions Isolating devices to limit their attack surface Operating system compatibility 8 / 25 GDPR primarily governs: Credit card processing Protection of personal data for EU citizens IoT security regulations DNS security for global domains 9 / 25 What does PCI DSS specifically apply to? Health records Employment databases Credit card transaction systems Domain name services 10 / 25 Which term best describes a flaw in a system that can be exploited? Threat Risk Vulnerability Patch 11 / 25 What does the "I" in the CIA triad stand for, and what does it protect? Intrusion – stopping unauthorized access Integrity – ensuring data has not been altered Identity – verifying user credentials Intelligence – logging user activity 12 / 25 Which of the following represents a threat in the context of network security? A vulnerability in a server OS An attacker exploiting a vulnerability An open port Unpatched software 13 / 25 What is the difference between a honeypot and a honeynet? Honeypot is hardware-based; honeynet is virtual Honeypot is a single system, honeynet is a group of decoys Honeynet uses encryption, honeypot does not There is no difference 14 / 25 A honeypot is best described as: A backup server A firewall log collector A decoy system designed to attract attackers A secure certificate store 15 / 25 What is geofencing in the context of network security? Creating firewalls between VLANs Restricting or allowing access based on geographic location Setting password complexity rules Blocking devices not on an allowlist 16 / 25 Which access control model grants permissions based on job function? Discretionary access control (DAC) Role-based access control (RBAC) Mandatory access control (MAC) Time-based access 17 / 25 What is the principle of least privilege? Granting users the minimum access needed to perform their job Requiring password changes every week Using multifactor authentication Enabling guest access by default 18 / 25 Which IAM protocol is XML-based and often used for web-based authentication across different domains? TACACS+ SAML Kerberos OAuth 19 / 25 Single sign-on (SSO) is designed to: Increase password complexity Require local device authentication Allow users to authenticate once to access multiple systems Enforce dual login for all resources 20 / 25 What does multifactor authentication (MFA) require? Two different passwords Two or more distinct categories of authentication factors One biometric input only Username and password on separate screens 21 / 25 Which protocol allows central authentication of remote users and supports accounting features? LDAP RADIUS HTTPS SAML 22 / 25 Which of the following best describes a self-signed certificate? Issued by a trusted certificate authority Issued and signed by the same entity that uses it More secure than CA-issued certificates Used only for mobile devices 23 / 25 What role does PKI play in network security? Provides NAT services Manages digital certificates and encryption keys Blocks unauthorized USB access Detects malware 24 / 25 Which type of encryption is most commonly used to protect data stored on hard drives? Asymmetric encryption Hashing Encryption of data at rest DNSSEC 25 / 25 What does encryption of data in transit primarily protect against? Physical theft of hardware Eavesdropping or interception of network traffic Malware infection Device spoofing Your score is 0% Restart quiz Return to CompTia N+ 10-009 Objectives