NVCC ITN 263 Final Exam Study
Guide. Latest 2026-2027. Questions &
Correct Answers. Graded A
A firewall is either software or dedicated hardware that exists between the
__________ being protected. - Ansnetwork and the resource
A probe or even a full pen test is often a precursor to which phase in the
attacker "kill chain" process? - AnsDelivery
A security stance that blocks access to all resources until a valid authorized
explicit exception is defined? - AnsDefault deny
A well-designed malicious email campaign can expect __________
responses, or click-throughs, as a legitimate commercial email campaign. -
Ansabout the same number of
A(n) __________ is the unique name of the computer on the network
capable of originating or responding to an interaction using the Internet
Protocol. - Anshostname
1
,According to the 2013 Data Breach Investigations Report, __________
percent of all successful data breaches involve internal attackers. -
Ansfourteen
All of the following are advantages of a defense-in-depth security design
except which one? - AnsDefense in depth keeps senior management out of
the activities of the security department.
An organization can guard against social engineering and reverse social
engineering: - Ansthrough awareness training.
At which layer of the TCP/IP model does IPsec operate? - AnsInternet
Before analyzing a network packet file in Wireshark in this lab, you created
a filter. What did the filter do? - AnsDisplayed certain types of traffic in a
packet file
Before configuring any rules in the firewall, the WAN tab includes which of
the following notes? - Ans"All incoming connections on this interface will be
blocked until you add pass rules."
By default, the pfSense firewall __________ outbound access from the
LAN interface. - Ansallows unrestricted
Domain Name Service runs on port: - Ans53
2
,For attackers, the last step in penetration testing is often __________,
during which log files or other forensic information is destroyed or modified.
- Anscovering their tracks
For defenders, the last step in penetration testing is __________, during
which vulnerabilities are fixed and the pen test steps are repeated to
ensure the attack can't occur again. - Ansremediation
For the Windows server to be accessible from the outside, you must take
an address on the outside and bind it, or in other words: - Anstranslate it to
the inside address.
For which of the following does the mobile user take specific actions to
connect to the VPN? - AnsHost-to-gateway VPN
Gathering through eavesdropping on communications, whether encrypted
or not, is known as what? - AnsTraffic and trend analysis
Hackers can be deterred by defense methods that detect and evade. All of
the following are defense methods, except which one? - AnsBotnet army
How can FTP be made more secure? - AnsEncrypt files before transferring
them.
If Secure Shell (SSH) is configured to use asymmetrical encryption, which
of the following statements is true? - AnsTwo keys are required when
sending data.
3
, In addition to providing network security, organizations must address what
other type of security issue? - AnsTransaction security
In order to use NetWitness Investigator to analyze the same packets that
you analyzed with Wireshark, you first had to save the
DemoCapturepcap.pcapng file in the older __________ format. - Ans.pcap
In SmoothWall, what color network interface card indicates the segment of
the network is not trusted, but shares the Internet connection? - Ansorange
In the center pane of the __________, the direction of each arrow indicates
the direction of the TCP traffic, and the length of the arrow indicates
between which two addresses the interaction is taking place. - AnsFlow
Graph Analysis results
In the frame detail pane, which of the following was a field unique to
wireless traffic, confirming that it is a wireless packet? - AnsThe
Encapsulation type: Per-Packet Information header
In the IEEE 802.11 Quality of Service information and Flags fields,
Wireshark displays information about the __________, which enables the
network administrator to determine which Media Access Control (MAC)
addresses match each of them. - Anstransmitters and receivers of the data
In the lab, 10.20.1.0 represented the: - Anspublic network.
4
Guide. Latest 2026-2027. Questions &
Correct Answers. Graded A
A firewall is either software or dedicated hardware that exists between the
__________ being protected. - Ansnetwork and the resource
A probe or even a full pen test is often a precursor to which phase in the
attacker "kill chain" process? - AnsDelivery
A security stance that blocks access to all resources until a valid authorized
explicit exception is defined? - AnsDefault deny
A well-designed malicious email campaign can expect __________
responses, or click-throughs, as a legitimate commercial email campaign. -
Ansabout the same number of
A(n) __________ is the unique name of the computer on the network
capable of originating or responding to an interaction using the Internet
Protocol. - Anshostname
1
,According to the 2013 Data Breach Investigations Report, __________
percent of all successful data breaches involve internal attackers. -
Ansfourteen
All of the following are advantages of a defense-in-depth security design
except which one? - AnsDefense in depth keeps senior management out of
the activities of the security department.
An organization can guard against social engineering and reverse social
engineering: - Ansthrough awareness training.
At which layer of the TCP/IP model does IPsec operate? - AnsInternet
Before analyzing a network packet file in Wireshark in this lab, you created
a filter. What did the filter do? - AnsDisplayed certain types of traffic in a
packet file
Before configuring any rules in the firewall, the WAN tab includes which of
the following notes? - Ans"All incoming connections on this interface will be
blocked until you add pass rules."
By default, the pfSense firewall __________ outbound access from the
LAN interface. - Ansallows unrestricted
Domain Name Service runs on port: - Ans53
2
,For attackers, the last step in penetration testing is often __________,
during which log files or other forensic information is destroyed or modified.
- Anscovering their tracks
For defenders, the last step in penetration testing is __________, during
which vulnerabilities are fixed and the pen test steps are repeated to
ensure the attack can't occur again. - Ansremediation
For the Windows server to be accessible from the outside, you must take
an address on the outside and bind it, or in other words: - Anstranslate it to
the inside address.
For which of the following does the mobile user take specific actions to
connect to the VPN? - AnsHost-to-gateway VPN
Gathering through eavesdropping on communications, whether encrypted
or not, is known as what? - AnsTraffic and trend analysis
Hackers can be deterred by defense methods that detect and evade. All of
the following are defense methods, except which one? - AnsBotnet army
How can FTP be made more secure? - AnsEncrypt files before transferring
them.
If Secure Shell (SSH) is configured to use asymmetrical encryption, which
of the following statements is true? - AnsTwo keys are required when
sending data.
3
, In addition to providing network security, organizations must address what
other type of security issue? - AnsTransaction security
In order to use NetWitness Investigator to analyze the same packets that
you analyzed with Wireshark, you first had to save the
DemoCapturepcap.pcapng file in the older __________ format. - Ans.pcap
In SmoothWall, what color network interface card indicates the segment of
the network is not trusted, but shares the Internet connection? - Ansorange
In the center pane of the __________, the direction of each arrow indicates
the direction of the TCP traffic, and the length of the arrow indicates
between which two addresses the interaction is taking place. - AnsFlow
Graph Analysis results
In the frame detail pane, which of the following was a field unique to
wireless traffic, confirming that it is a wireless packet? - AnsThe
Encapsulation type: Per-Packet Information header
In the IEEE 802.11 Quality of Service information and Flags fields,
Wireshark displays information about the __________, which enables the
network administrator to determine which Media Access Control (MAC)
addresses match each of them. - Anstransmitters and receivers of the data
In the lab, 10.20.1.0 represented the: - Anspublic network.
4
