CH07-9 EX3
T/F: A server room should have a locked door to limit access. It should also have adequate power receptacles, a cooling system, and there should be no sources of EMI to interfere with the network.
True
T/F: Both a virus and a worm are replicating programs, but a virus attaches itself to another program whereas a worm is a self-contained program.
True
T/F: DoS refers to attacking a Web server by forcing it to respond to a flood of ping packets so that the server can't respond to normal traffic.
True
T/F: In a layered approach, each layer is only responsible for a specific task instead of the end-to-end communication.
True
T/F: In the IEEE 802 standards, each number after the dot represents a different technology or subset of a technology.
True
T/F: It is best to change the SSID as a preventative measure to help strengthen your security.
True
T/F: Many network administrators use encryption technologies to safeguard data as it travels across the Internet and within the company network.
True
T/F: Of all switching methods, cut-through switching is the fastest; it reads the destination MAC address and sends the frame out.
True
T/F: One of the problems that can occur in the Network layer is the incorrect configuration of a hosts IP address.
True
T/F: Peer communication between layers means that each layer on the receiving computer sees network data in the same format its counterpart on the sending computer did.
True
T/F: Server rooms should be equipped with power that's preferably on a circuit separate from other electrical devices.
True
T/F: The "802" in the IEEE 802 standard represents the year and the month that the project began—February of 1980.
True
T/F: The IEEE felt the need to develop LAN standards to ensure that network interfaces and cabling from multiple manufacturers would be compatible.
True
T/F: The PDU for the Application, Presentation, and Session layers is data.
True
T/F: The Spanning Tree Protocol is used to detect whether there is a possibility of a switching loop caused by redundant paths. If a loop is possible, it places one of the ports in blocking mode to prevent it.
True
T/F: The Transport layer is the same in both the OSI model and the TCP/IP model.
True
T/F: The major disadvantage to using store-and-forward switching in a large network is that it will slow down the speed of network traffic.
True
T/F: The maximum transmission unit for Ethernet is 1500 bytes plus an additional 18 bytes of header/trailer.
True
T/F: TrueCrypt is a free open-source product that can be used to encrypt the contents of an entire drive.
True
T/F: When a switch receives a broadcast frame, it floods the frame out to all ports.
True
What should you configure on a switch that's connected to three broadcast domains? Collision detection VLANs All of these choices STP IGMP
VLANs
A(n) _____ is a connection across a public network that uses encryption to make sure that the communication is private and secure.
VPN
Which of the following should be a common element in any level of security policy? (Choose all that apply.) Virus protection Data encryption Monitoring and auditing Backup procedures Password complexity
Virus protection Backup procedures
The Protocol Data Unit (PDU) at the Data Link layer is called a(n) ____________.
Frame
Which of the following is a guideline for creating a security policy? (Choose all that apply.) 1) A security policy should be enforceable. 2) A security policy should have different provisions depending on the user. 3) A security policy should be general enough so that rules may be added as needed. 4) Access to the security policy should be limited and closely monitored. 5) A security policy should be cryptic in the event that an attacker gains access.
1
You just purchased some new switches for your company's network. Your junior technicians are doing most of the work connecting switches to workstations and to each other, and you don't want to confuse them by requiring them to use both patch cables and crossover cables. How can you test the switches to determine whether you need both types of cable, and what's the feature for using only one type of cable for all connections? 1)Connect two switches by using a patch cable. If the connection works, the switch supports auto-MDIX. 2)Connect two switches by using a crossover cable. If the connection works, the switch supports auto-negotiate. 3)There is no need to perform such testing. 4)Connect the switch to a PC NIC and configure different speeds on the NIC by using the NIC driver. If the switch links at all speeds, it supports auto-MDIX. 5)Connect the switch to a PC NIC and configure different speeds on the NIC by using the NIC driver. If the switch links at all speeds, it supports auto-negotiate.
1
What are the complexity requirements for a Windows password? (Choose all that apply.) 1) Special characters 2)Uppercase letters 3) Lowercase letters 4) Minimum of 8 characters 5) Numerals
1 2 3 5
What does a router do after receiving a frame on one of its interfaces? (Choose all that apply.) 1) Deencapsulates the frame to create a packet 2) Encapsulates the frame to create a new packet 3) Encapsulates the packet to create a new frame 4) Deencapsulates the packet to create a segment 5) Encapsulates the segment to create a new packet
1 3
Access control lists can be configured based on which of the following? (Choose all that apply.) 1) destination MAC address 2) source MAC address 3) protocol 4) destination network 5) source IP address
1 3 4 5
Firewalls can filter packets based on which of the following? (Choose all that apply.) 1) Destination address 2) Operating system 3) Protocol 4) Context 5) Source address
1 3 4 5
How can you find out what your MAC address is? (Choose all that apply.) 1) Open a command prompt and type the command ipconfig /all. 2) Open a command prompt and type the command arp -d. 3) Right-click on the Local Area Connection and choose status. 4) Open a command prompt and type the command getmac. 5) Issue the netstat -r command.
1 3 4 5
Which of the following can be used to secure data on disk drives? (Choose all that apply.) 1) TrueCrypt 2) IPSec 3) EFS 4) Kerberos 5) BitLocker
1 3 5
In Windows, what is the maximum length that a password can be? 32 128 64 8 16
128
You have two eight-port switches. On each switch, seven stations are connected to ports, and the two switches are connected with the eighth port. How many collisions domains are there? 15 8 1 14 16
15
Which of the following is not a function that would be found in a managed switch? 1) the creation of VLANS to logically separate resources 2) the ability to transfer its switching table with neighboring switches 3) the ability to stop switching loops using STP 4) None of these choices. 5) to limit access to the network by enabling security on individual ports
2
Firewall rules can be based on which of the following properties? (Choose all that apply.) 1) destination MAC address 2) context 3) source IP address 4) operating system 5) protocol
2 3 5
How may a route be added to the routing table? (Choose all that apply.) 1) SNMP message 2) Administrator enters the route information manually 3) Dynamically via a routing protocol 4) ICMP router discovery 5) Destination network is directly connected
2 3 5
Which of the following is a characteristic of routing protocols? (Choose all that apply.) 1) They populate routing tables statically. 2) They add routing table entries dynamically. 3) They're not a good solution with redundant routes. 4) You can't combine static routing with routing protocols in your internetwork. 5) Network changes are reflected in the routing table automatically.
2 5
The original commercial version of Ethernet supported 10 Mbps bandwidth; the version introduced in the early 1990s supports 100 Mbps; and in 1998, Gigabit Ethernet was introduced. All versions use the same data frame formats, with the same maximum PDU sizes, so they can interoperate freely. Given this information and what you know of layered technologies, which of the following statements is true? (Choose all that apply.) 1) Ethernet spans several layers and requires a new protocol stack to upgrade to new versions. 2) Ethernet is not considered a scalable technology. 3) Changes in technology at one layer of the OSI model don't usually affect the operation of other layers. 4) Ethernet works at the Data Link and Physical layers of the OSI model, and upgrades to newer, faster versions of Ethernet can be made by changing only the components that work at these layers.
3 4
Which of the following is not a characteristic of routing protocols? (Choose all that apply.) 1) They add routing table entries dynamically. 2) Network changes are reflected in the routing table automatically. 3) They populate routing tables statically. 4) They're not a good solution with redundant routes. 5) You can't combine static routing with routing protocols in your internetwork.
3 4 5
Which OSI layer is responsible for setting up, maintaining, and ending ongoing information exchanges across a network? 1 2 3 4 5
5
T/F: A firewall can be a software program that is installed in the operating system, or a firewall can be a hardware device, which is usually a router with specialized software installed.
True
Which security feature is offered by most access points (APs)? (Choose all that apply.) AP isolation Encryption Malware protection MAC filtering Authentication
AP isolation Encryption MAC filtering Authentication
Which of the following is a protocol found at the Network layer? (Choose all that apply.) ARP SNMP IP Ethernet ICMP
ARP IP ICMP
One job that a router performs is that of gatekeeper, which means that it can be configured to only allow certain packets access into the network based on a list of rules. What is that process called? Packet Forwarding Access Control Signal Bounce Media Control
Access Control
What feature should you configure to prevent users on one subnet from accessing the Web server on another subnet? Access control lists MAC filtering IPSec All of these choices AP isolation
Access control lists
Which of the following is a requirement for rooms housing network servers? Adequate cooling All of these choices Large entryway Separate heating system False ceilings
Adequate cooling
Which of the following may be used to help secure a wireless network? (Choose all that apply.) Disable SSID broadcast WPA2 WEP WPA MAC filtering
All of these
When a switch attempts to set a port's operating mode to the highest performance setting, the connecting device that supports it is called _________________________ mode.
Auto-Negotiate
A(n) ____________ is a switching loop that occurs with broadcast packets.
Broadcast Storm
In a distance vector routing protocol, where do routers send their routing table information? To their neighbors None of these choices To the next hop To their default gateway To all connected segments
To their neighbors
On a Windows Server computer, you should use which of the following to encrypt data stored on a hard drive? EFS Kerberos Active Directory NTFS All of these choices
EFS
At what layer do NIC's operate?
Data Link
Which OSI layer creates and processes frames?
Data Link
Which layer has been subdivided into the Logical Link Control sublayer and the Media Access Control sublayer? Internetwork Transport Physical Network Data Link
Data Link
Which layer of the OSI model does Project 802 divide into two sublayers? Physical Data Link and Physical Network and Data Link Data Link Network
Data Link
If you don't want wireless clients to view the name of your wireless network, what feature should you use? AP isolation MAC filtering Disable SSID broadcasts All of these choices WEP
Disable SSID Broadcasts
The addition of information to a PDU as it's passed from one layer to the next is called which of the following? Segmentation Fragmentation Deencapsulation All of these choices Encapsulation
Encapsulation
T/F: A Trojan is a self-replicating program that masks itself as a useful program but is actually a type of malware.
False
T/F: A cracker is a person who is skilled in the art of breaking into a network to find where the network is vulnerable for the purposes of advising a company on how to be more secure.
False
T/F: A firewall is similar to an IDS but it tries to detect security breaches before they happen, and it can also begin countermeasures if an attack is already in progress.
False
T/F: A security policy should clearly state the desired rules, even if they cannot be enforced.
False
T/F: An acceptable use policy defines the rules that apply to all users accessing the network. It includes how they are given access, what they can do once they have access, and what will happen if they don't follow the rules.
False
T/F: Changing the SSID on the access point and disabling SSID broadcast is sufficient security for most wireless networks.
False
T/F: Communications through a router are noticeably faster than communications through a switch.
False
T/F: Cut-through switching reads enough to make sure the packet is not fragmented and then sends it out.
False
T/F: It is permissible to use passwords based on your login name because it is easy to remember, thereby eliminating the need to write it down.
False
T/F: Kerberos authentication uses keys that are manually entered by an administrator.
False
T/F: Network switches always must be configured before they can be put into operation in a network.
False
T/F: One shortcoming of the OSI Reference Model is that it does not provide a common framework to work with and learn from.
False
T/F: One type of security for wireless networks involves entering a list of the physical addresses for the devices that are allowed to access the network and excluding all others. This is called IP filtering.
False
T/F: The Media Access Control (MAC) sublayer defines the use of logical interface points, called Service Access Points (SAPs).
False
T/F: The Network layer communicates with the Data Link layer and the Session layer.
False
T/F: The PDU at the Transport layer is data.
False
T/F: The Physical layer has been divided into two sublayers, called the LLC sublayer and the MAC sublayer.
False
T/F: There can be only one MAC address per port in a switching table.
False
T/F: WPA is the strongest encryption protocol for wireless security.
False
T/F: When a switch is configured with VLANs, the switch needs to have a way to communicate between the VLANs. An uplink port is a port that is configured to carry all traffic.
False
T/F: When the Data Link layer receives a frame, it first calculates the CRC and compares it to the incoming frame's CRC to make sure that the values are the same.
False
T/F: You don't need to physically secure your servers as long as you use a good strong password for your accounts.
False
T/F: Your friend creates a shared folder on her computer for several coworkers to use. She assigns the password "0OxqH}ml2-wO" to the folder. Is it an example of a good password?
False
A router's final task when handling a packet is to send the packet on to its next and possibly final destination; this is referred to as packet ____________.
Forwarding
Which of the following accurately describes a distance-vector routing protocol? It converges very quickly. It sends the status of its interface links to other routers. It learns from its neighbors. None of these choices Supports multiple metrics including hop count and link speed.
It learns from its neighbors
What does it mean if the first 24 bits of a MAC address are 01:00:5E? It's an Ethernet frame. The NIC manufacturer is unknown. It's a multicast frame. It's a unicast frame. It's a broadcast frame.
It's a multicast frame
Which of the following is a method IPSec uses to authenticate the identity of communicating devices? (Choose all that apply.) Kerberos Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Pluggable Authentication Modules (PAM) Digital certificates
Kerberos Digital Certificates
A(n) _____ routing protocol shares information with other routers by sending the status of all their interface links to other routers in the internetwork.
Link-State
The two sublayers of the Data Link layer are the _____ and media access control (MAC).
Logical Link Control
Which sublayer defines the use of logical interface points, called Service Access Points (SAPs)?
Logical Link Control (LLC)
What are the names of the sublayers specified as part of Project 802? (Choose all that apply.) Logical Link Control (LLC) Media Acccess Control (MAC) Data Link Control (DLC) Carrier Sense Multiple Access/Collision Detection (CSMA/CD)
Logical Link Control (LLC) Media Access Control (MAC)
Which of the following combinations will you find in a switching table? application/destination port number MAC address/IP address destination network/next Hop MAC address/switch port number IP address/exit interface
MAC address/switch port number
Which access point (AP) feature enables you to restrict which devices can connect to your AP based on their physical address?
MAC filtering
The segmenting of the data is important because every network technology has a maximum frame size called the ____________________________________.
Maximum transmission Unit (MTU)
On a router configured to use RIP, the number of routers a packet must travel between before it reaches its destination is called what? (Choose all that apply.) Traceroute Link-State Metric Hop Count Time-To-Live
Metric Hop Count
Which OSI layer handles flow control, data segmentation, and reliability? 1) Network 2) Session 3) Data Link 4) Transport 5) Physical
Transport
T/F: A DoS attack ties up network bandwidth or services, rendering resources useless to legitimate users.
True
Which one of the following passwords meets Windows password complexity requirement? All of these choices N3tworking1O1 N3tworking1O1 and netw@rk!ngb@s!cs netw@rk!ngb@s!cs NetWoRKing
N3tworking101
What process, available on most routers, will help improve security by masking the internal IP address of the transmitting device? All of these choices EFS NAT VPN IPSec
NAT
Which of the following would be found in a routing table on a router? (Choose all that apply.) MAC address next hop destination network metric timestamp
Next Hop Destination Network Metric Timestamp
Which of the following is found in a routing table? (Choose all that apply.) Next hop Metric Port number Domain name Destination MAC address
Next Hop Metric
Which of the following would be found in a routing table on a router? (Choose all that apply.) MAC address next hop destination network metric timestamp
Next hop Destination Network Metric Timestamp
Which of the following may be found in a routing table entry? (Choose all that apply.) Next hop Destination network Source of the route Metric Timestamp
Next hop Destination network Source of the route Metric Timestamp
At which Data Link sublayer does the physical address reside? Network Access Control (NAC) None of these choices Physical Data Access Control (DAC) Logical Link Control (LLC)
None of these choices
The time it takes for all the routing tables on every router in a network to be fully updated, either when a change occurs or according to a schedule, is called the speed of what? concurrence learning None of these choices synchronization advertisement
None of these choices
To enable blank passwords in a Windows system, which setting do you use for the minimum password length? Windows does not allow blank passwords NULL Blank -1 None of these choices
None of these choices
Which is the IEEE standard that sets the standards for wireless (Wi-Fi) networking? 802.22 802.16 None of these choices 802.15 802.3
None of these choices (802.11)
Which IEEE 802 standard applies to Ethernet? 802.4 802.2 802.5 None of these choices 802.11
None of these choices (802.3)
The Transport layer segments data into smaller chunks, the size of which is determined by which of the following? LLC PDU TCP MSS None of these choices
None of these choices (MTU)
Which PC bus uses up to 32 lanes to achieve very high data transfer rates? All of these choices PCIe and PCI-X PCI-X PCIe PCI
PCIe
Which is the PCI bus type that has the highest possible transfer rate? PCI PCI-X SATA PCIe PCMCIA
PCIe
__________________________ cards are credit card-sized expansion cards used mainly to add functionality to laptop computers.
PCMCIA
Which NIC feature do you need to configure on a thin client? PXE QoS ACPI Auto-negotiate All of these choices
PXE
The process of moving a packet from the incoming interface to the outgoing interface is called packet ___________________________.
Packet forwarding
_____ communication refers to the way that each layer on a transmitting computer communicates with the same layer on the receiving computer, just as though they were in direct contact.
Peer
The ____________ layer of the OSI model is the bottom layer, and its job is to convert bits into signals and vice versa.
Physical
Put the following layers of the OSI model in the proper numeric order: Network Presentation Session Transport Phyiscal Data Link Application
Physical - 1 Data Link - 2 Network - 3 Transport - 4 Session - 5 Presentation - 6 Application - 7
Which of the following elements might the Data Link layer add to its PDU? (Choose all that apply.) Physical Address Sequence Numbers CRC Port Numbers Time-to-Live
Physical Address CRC
Which layer of the OSI model is responsible for encryption and decryption? Application Session All of these choices Transport Presentation
Presentation
Match the layers of the OSI model with their counterparts in the TCP/IP model. Presentation ___ Physical ___ Network ___ Transport ___ Application ___ Data Link ___ Session ____ 1 = Application 2 = Transport 3 = Internetwork 4 = Network Access
Presentation - 1 Physical - 4 Network - 3 Transport - 2 Application - 1 Data Link - 4 Session - 1
Which of the following is a component of a security policy? (Choose all that apply.) Network configuration policy Computer specification policy Privacy policy Authentication policy Encryption policy
Privacy policy Authentication policy
T/F: A distance-vector protocol sends updates to its neighbors that include the entire contents of its routing table.
True
Which of the following protocols are found at the Application layer of the OSI model? (Choose all that apply.) SNMP ICMP FTP TCP ARP DHCP
SNMP FTP DHCP
Which of these protocols is used for VPNs? (Choose all that apply.) SSTP L2TP WPA PPTP UDP
SSTP L2TP PPTP
What is the name of the protocol data unit (PDU) at the Transport layer?
Segment
What does the Transport layer use to make sure that a message is reassembled correctly on the receiving device?
Sequence Number
Which of the following is a not a method of securing passwords on a Windows system? Maximum password age Enforce password history Minimum password age Shadow passwords None of these choices
Shadow passwords
To prevent a wardriver from being able to interpret captured wireless network data, you should enable which of the following? Repeater Mode WPA or WPA2 AP Isolation MAC filtering All of these choices
WPA or WPA2
The 802.1X standard is the newest version of wireless security that uses more advanced encryption methods than the previous versions. It is commonly referred to as _____? WAP WPA None of these choices WPA2 WEP
WPA2
The _____ size is a negotiated amount between the transmitting and receiving devices that sets the amount of data that can be transferred before an acknowledgement must be sent and received.
Window
What information would you find in the header of a Transport layer PDU?
Window Size
The _____ policy explains the manner in which security compliance or violations can be verified and what consequences a violation should have.
auditing
What is a policy that defines the methods involved when a user logs on to the network called? security acceptable use All of these choices authentication audit
authentication
Switches that support VLANs enable you to configure one or more switch ports into separate _____ domains.
broadcast
The _____ policy is the element of a network security policy explaining proper or improper use of the Internet.
internet use
A(n) ____________ routing protocol only sends out information to its neighbors when there is a change in the status.
link-state
Consider the various security levels. A(n) _____ restrictive security policy includes the use of passwords but not necessarily complex ones. It audits the network but usually only for unauthorized access and misuse of resources.
moderately
A(n) ______________________ determines which TCP and UDP ports are available on a particular computer or device.
port scanner
Which form of authentication involves the exchange of a password-like key that must be entered on both devices? digital certificate Kerberos authentication preshared key All of these choices GNU privacy guard
preshared key
If you need to implement a VPN on a Windows Server system, what server role must be installed to access routing and remote access services? All of these choices domain name services Active Directory services and domain name services Active Directory services remote access
remote access
A(n) ____________ is a type of Trojan program that hides in the operating system files and is extremely difficult to detect.
rootkit
What is a type of malware that is so difficult to detect and remove that most experts agree that it is better to backup your critical data and reinstall the OS?
rootkit
What command issued from a command prompt will display the routing table in Windows? route route all route print route table route -?
route print
When a router's interface is configured with multiple IP addresses with each address belonging to different networks, what is it called? link-state router dynamic router multi-homed router VLAN trunk router on a stick
router on a stick
Besides a managed switch, what is a high-end switch that offers features such as multicast processing and port security called? enterprise store-and-forward smart fragment-free cut-through
smart
Which of the following is a type of denial-of-service attack that involves flooding the network with broadcast messages that contain a spoofed source address of an intended victim? half-open SYN attack amplification broadcast flood packet storm smurf attack
smurf attack
By using VPN protocols, such as L2TP or PPTP, a secure and encrypted _____ is created through the public network.
tunnel
What type of hacker uses a scanning device to find unsecured wireless networks and break into those networks? wardriver white hat All of these choices phisher script kiddy
wardriver