Networking 4 Exam

¡Supera tus tareas y exámenes ahora con Quizwiz!

Fundamental protocols—including IP and TCP or UDP—offer no built-in security controls.

True

Ipv6 and IPv4 will probably exist side by side for many years

True

The nested model could be used for an IPv6 site that requires one or more "islands" of IPv4 subnets.

True

The transition from IPv4 to IPv6 requires that multiple stages occur in the move from a pure IPv4 environment to one that exclusively uses IPv6.

True

Use of DHCPv6 for address assignment will result in a locally unique host identifier that changes when you move to a different network.

True

When applications are written, they usually call functions in standard libraries that implement network tasks.

True

You do not have to perform IP subnetting in IPv6 because each subnet can support an extremely large number of hosts.

True

ISATAP nodes use the default route of ____ and set that address on their tunneling interface as the next-hop address for the link-local address of the router. ::/0 ff::/0 ::/f /0:ff::

::/0

To transition name resolution services from IPv4 to IPv6 on a mixed network, DNS servers must be configured for dual stack and support both A record for IPv4 nodes and which of the following records for IPv6 nodes? AAAA master domain AA

AAAA

What component of BGP works much like private IP addresses? DMZs ASNs SLAs MTUs

ASNs

An IPv6 tunnel created and destroyed by the protocol when needed, without having an administrator manually involved proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox

automatic tunnel

The ____ node is responsible for reassembling any fragmented packets, removing the IPv4 header encapsulation, and processing the IPv6 packet. encapsulator parser decapsulator gateway

decapsulator

The receiving node at the other end of the tunnel, which is responsible for reassembling any fragmented packets, removing the IPv4 header encapsulation, and processing the IPv6 packet. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List

decapsulator

Which node is responsible for reassembling any fragmented packets, removing the IPv4 header encapsulation, and processing the iPv6 packet? encapsulator parser decapsulator gateway

decapsulator

a set of all the Internet networks that are operated without a default route proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox

default free zone

the route used by a network device to communicate to other devices on a different physical or virtual subnet, leading to the next-hop device, which is typically a router. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List

default route

A(n) ____ consists of creating hashed values for all words in a specialized dictionary of terms, then comparing those values to the hashed values in password files.

dictionary attack

QoS in IPv6 is basically the same as ____ in IPv4. diffserv CMDB FCoE SLA

diffserv

Network layer protocol functionality on hosts is mostly deployed as software in the form of ____. ASICs NICs firmware drivers

drivers

A computer possessing a(n) ____ architecture maintains separate stacks at both the Network and Transport layers. hybrid-layer dual-transport dual-IP-layer dual-stack

dual stack

ISATAP requires all hosts to be which of the following? single stack mon stack home stack dual stack

dual stack

An IPv4/IPv6-capable computer in which each version of IP accesses a separate Transport layer stack. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List

dual stack architecture

The current clear front-runner for most IPv4-to-IPv6 transitions is the ____ method. dual-stack method 6to4 method Teredo method ISATAP method

dual stack method

A network node possessing a(n) ____ architecture has both IPv4 and IPv6 protocols operating in a single Transport layer implementation. dual-stack dual-IP-layer hybrid-layer dual-transport

dual-IP-layer

What type of protocol is implemented at the level of the device's operating system, allowing the device to support both IPv4 and IPv6, either as independent protocols or in a hybrid form? dual-stack dual-architecture hybrid transition

dual-stack

IPv4/IPv6-capable routers that are linked in an IPv4 routing infrastructure can tunnel IPv6 packets between each other by creating a(n) ____ path. router-to-host path end-to-end path host-to-router path host-to-host path

end-to-end path

A(n) ____ reveals a system vulnerability and is often documented, either by the manufacturer or by an attacker. hole exploit break-in attack

exploit

An IPv6 tunnel created and destroyed by the protocol when needed, without having an administrator manually involved. private tunnels configured tunnels self-managed tunnels automatic tunnels

automatic tunnels

A(n) ____ reveals a system vulnerability and is often documented, either by the manufacturer or by an attacker. hole exploit break-in attack

exploit

The collection of IT components in the environment that are disrupted by a single component failure. proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox

failure domain

A ____ is a specially "hardened" software service or software/hardware product that erects a barrier to inspect and control traffic flow between networks. firewall bastion host DMZ boundary router

firewall

____ address autoconfiguration is accomplished via a new version of DHCP known as DHCPv6. stateless autoconfiguration stateful address autoconfiguration aware address autoconfiguration awareless address autoconfiguration

stateful address autoconfiguration

What features of IPv6 enables you to perform minimal configuration on the router so that it advertises the network prefix on the local link? Stateful configuration Source route addressing Stateless autoconfiguration Default route configuration

stateless autoconfiguration

a list of conditions used to define whether an activity has completed successfully or not.

success criteria

Which of the following allows you to reduce the size of the routing table by having one large prefix entry point the way to many smaller ones that share the same next hop? clustering chaining multihoming summarization

summarization

What is the most commonly used exterior gateway protocol? OSPF EIGRP BGP RIP

BGP

____ tunneling requires that an administrator configure the end points of a tunnel. Automatic Dynamic Configured Managed

Configured

Which of the following terms means restricting who may view or use certain resources, including access to bandwidth or a computer, as well as access to information Access control Data origin authentication Connectionless integrity Confidentiality

access control

A ____ is a weak spot or known place of attack on any common operating system, application, or service. back door hole discovery hash

hole

An attempt to snoop inside traffic moving across the Internet to look for unprotected account and password information, or to obtain other sensitive information while it's in transit is called ____. 15 minutes 20 minutes 25 minutes 30 minutes

15 minutes

In how many minutes can any knowledge systems professional with the right toolkit break into just about any system if allowed unsupervised and unrestricted access to the computer on which such a system resides? 15 minutes 20 minutes 25 minutes 30 minutes

15 minutes

What is the first 16 bits of an IPv6 6to4 address?

2002

With IPv6-over-IPv4, when the IPv4 header is created, the protocol field value is set at ____ to indicate that it is an encapsulated IPv6 packet. 37 41 53 61

41

With IPv6-over-IPv4, when the IPv4 header is created, the protocol field value is set at _________ to indicate that it is an encapsulated IPv6 packet. 37 41 53 61

41

The _____ is the node at the sending end of the tunnel, and it is responsible for encapsulating the IPv6 packet in an IPv4 header, then transmitting the packet in the tunnel.

Encapsulator

The node at the sending end of the tunnel, which is responsible for encapsulating the IPv6 packet on an IPv4 header, then transmitting the packet in the tunnel.

Encapsulator

____ and associated tools keep track of the configuration of your network devices and let you know if something changes. DHCPv6 CMDBs OOB gateways IPAMs

CMDBs

____ tunneling requires that an administrator configure the end points of a tunnel. automatic dynamic configured managed

Configured

___________ attacks are DoS attacks that are launched from numerous devices

DDoS

A ____ is an area that's accessible to both outsiders and insiders, but which establishes a buffer area between what's completely inside and outside a network boundary. firewall bastion host DMZ boundary router

DMZ

Which of the following is the ability to verify that the data received did in fact come from the named source? Access control Connectionless integrity Data origin authentication Confidentiality

Data origin authentication

In a(n) _____ attack, a service is inundated with requests, or malformed service requests, which cause a server to hang or freeze, preventing it from responding to input.

DoS

____-related attacks include SYN Flood, broadcast amplification attacks, and buffer overflow. DoS related Brute force related Main in the middle IP service

DoS

Which type of attacks are designed to interrupt or completely disrupt operations of a network device or network communications? trojan horse attacks dictionary attacks DoS attacks Worms

DoS attacks

Which type of attack includes SYN Flood, broadcast amplification attacks, and buffer overflow? DoS-related Brute force-related Man-in-the-middle-related IP service-related

DoS-related

___________ nodes allow a single computer to communicate to both IPv4-only and IPv6-only destination nodes without any tunneling mechanism in most cases, but often some form of tunneling must be deployed.

Dual-architecture-capable

Both dual-IP-layer and dual-stack architecture require IPv6-over-IPv6 tunneling to be effective as a transition mechanism.

False

By default, application services such as DNS, DHCP, and FTP are compatible with the IPv6 address space.

False

Most IPv4 drivers are old, which means that they are full of bugs.

False

Proxy server software permits internal network addresses to be "translated" into public network addresses when packets leave inside networks so only public IP addresses are exposed on the public Internet.

False

Strictly speaking, VPNs use tunneling protocols; therefore, they need to encrypt tunneled traffic.

False

The reasons for which a company is deploying IPv6 should not determine the due dates and project funding.

False

When users from outside the network attach to a service inside the network, they actually attach to the proxy server, which establishes a proxy session into the private side of the network from there.

False

A method of verifying that a string is an IP address and, if so, determining if the address is IPv4 or IPv6. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List

IP address parser

____ are quite popular in legacy IPv4 networks because they solve several issues regarding tracking and assignment of scarce resources and they facilitate DDNS. DHCPv6 CMDBs IPAMs OOB gateways

IPAMs

Which type of device makes access control decisions on the basis of application content rather than by looking at IP addresses or port numbers and can act on a host to deny potentially malicious activity? Firewall IPS IDS Proxy

IPS

SIIT defines a type of Ipv6 address called __________ addresses that can be formatted as ::ffff:0:0:0/96 or ::ffff:0:a.b.c.d. unique hybird address transition address domain address IPv4 translated address

IPv4 translated address

____ addresses are composed of a valid 64-bit unicast address prefix and an IPv4 interface identifier. ISATAP Teredo 6to4 MAC

ISATAP

____ is used to connect dual-stack IPv4/IPv6 devices across IPv4 network infrastructures. FQDN NAT-PT ISATAP NBMA

ISATAP

____ means that one technology can work with another technology

Interoperability

____ is used throughout the industry today to provide translation between private IP addresses and public IP addresses. 6to4 NAT ISATAP Teredo

NAT

Windows Server 2012, Windows Server 2016, Windows 7, and Windows 10 support a TCP/IP implementation that integrates IPv6 and iPv4 in a dual-stack configuration that Microsoft calls which of the following? Update TCP/IP stack Version 2.0 TCP/IP Next Generation TCP/IP stack Advanced TCP/IP

Next Generation TCP/IP stack

An ICMP Echo-based operation used to locate active devices on a network. threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot

PING sweep

A method used by ISATAP nodes to maintain a current list of routes and routers, since ISATAP prevents the use of automatic router discovery dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List

Potential router list

The ____ specification describes two domains, an IPv4 domain and an IPv6 domain, joined by one or more IP/ICMP translators called XLATs. FQDN ISATAP SIIT NAT-PT

SIIT

____ was created as a replacement for NAT-PT, which was originally specified in RFC 2766 and subsequently documented in RFC 4966.

SIIT

____ is a process of borrowing identity information, such as an IP address, domain name, NetBIOS name, or TCP or UDP port numbers to hide or deflect interest in attack activities. Ingress filtering Data authentication Network sniffing Spoofing

Spoofing

____ is unsolicited and unwanted software that takes up stealthy unauthorized and uninvited residence on a computer. SA bundle Spyware Adware Cache

Spyware

If you need to tunnel through NAT, using UDP is a good choice, which could mean using ____. IPSec ISATAP Teredo 6to4

Teredo

Which tunneling method is a good choice if you must tunnel through a NAT using UDP, but a poor choice based on performance issues? 6to4 Teredo ISATAP GRE

Teredo

Which of the following is an IPv6/IPv6 node that is connected to both an IPv4 Internet and an IPv6 Internet using different interfaces? Teredo client Teredo host Teredo relay Teredo server

Teredo server

A stealthy attacker may cover its tracks by deleting log files, or terminating any active direct connections.

True

The process of an ISATAP host communicating with an IPv6 node on an IPv6-capable subnet involves two different connections: a connection between the ISATAP router and the IPv6-capable subnet and which of the following? a router-to-host connection through an ISATAP proxy an ISATAP gateway connection through the ISATAP tunnel a host-to-host tunnel from the ISATAP router to the non-ISATAP router a host-to-router tunnel from the ISATAP node to the ISATAP router

a host to router tunnel from the ISATAP node to the ISATAP router

____ is a type of software that opens the door for a compromised machine to display all kinds of unsolicited and unwanted advertising, often of an unsavory nature. SA bundle Spyware Adware Cache

adware

When deploying IPv6, ____ is perhaps the most critical and difficult task. acquiring IPv6 addreses creatinga computer inventory working with providers application remediation

application remediation

A ____ is an undocumented and illicit point of entry into an operating system or application added by a system's programmers to bypass normal security. back door hole discovery hash

back door

A virtual network infrastructure model describing IPv6 nodes existing in a IPv4 core backbone, such as the Internet, and communicating with each other using a tunneling technology. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List

basic hybrid model

A ____ is a hardened computer specifically designed to resist and oppose illicit or unwanted attempts at entry, and whose job is to guard the boundary between internal and external networks. firewall bastion host DMZ boundary router

bastion host

A(n) ____ refers to a successful attempt to compromise a system's security. discovery exploit break-in gateway

break-in

The process of examine the "footprints" that an attacker leaves behind. threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot

computer forensics

An IPv6 tunnel that an administrator creates manually. proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox

configured tunnel

What is another name for static tunnels? private tunnels configured tunnels automatic tunnels self-managed tunnels

configured tunnels

In networking, a conversation between two end points in which all the packets in the flow have the same source and destination addresses and the same Transport layer headers proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox

flow

IPv6 includes a(n) ____, which is a portion of the IPv6 header used for QoS

flow label

The _____ table holds all Internet address prefixes for the default-free zone

global routing

A manager system in a DDos attack threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot

handler

A computer system deliberately set up to attract, entice, and entrap would-be attackers, often by being made to appear part of a larger network threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot

honeypot

For a ____ tunnel, two IPv6 nodes are linked directly using a tunnel over an IPv4 network infrastructure. host-to-host router-to-router router-to-host host-to-router

host to host

Packets in IPv6 can be very large, such as jumbograms, and fragmentation is done by the ____. routers switches hosts intermediate systems

hosts

A type of bastion host that is usually a terminal server or proxy server that allows administrators to access systems in another network without actually having direct network connectivity proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox

jump box

Which of the following is a proxy server or terminal server that has one interface on the production network for you to access a terminal via Secure Shell SSH or access a virtual desktop jump box bastion host OOB gateway IPAM

jump box

In a(n) ____ attack, the attacker is able to intercept traffic from both parties and either pass the traffic unaltered to the other end of the communication link, or the attacker can forge replies from either side. DoS attack brute force attack man in the middle attack IP service attack

man in the middle attack

A(n) _______ occurs when an organization buys another organization and combines assets

merger and acquisition M&A

In IPv6, ____ is the ability to move from one network to another while retaining an IP address and ongoing sessions. mobility summarization multihoming single-homing

mobility

In IPv6, which of the following is the ability to move from one network to another while retaining an IP address, and ongoing sessions? mobility summarization multihoming single-homing

mobility

Which of the following connections has uplinks to two ore more switches, service providers, or other systems? multihomed connection external connection enterprise connection hub connection

multihomed connection

The ____ network model can be considered an adaptation of the basic hybrid model

nested hybrid

A virtual network infrastructure model describing IPv6-capable networks embedded within a larger core IPv4 LAN and communicating with other IPv6 networks, within and outside the IPv4 LAN, using tunneling technology. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List

nested hybrid network model

A technology that translates an IP address used in one network, such as a private LAN, to a different IP address used in a different network, such as the public internet. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List

network address translation

a route used by a network node to communicate with another network node on the same physical or virtual subnet. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List

on link route

An attempt to snoop inside traffic moving across the Internet to look for unprotected account and password information, or to obtain other sensitive information while it's in transit is called ____. brute force attack user impersonation session hijacking packet sniffing

packet sniffing

A(n) ____________ model excludes users from access to resources, by default, and then adds whatever users need access to such resources as exceptions to the general exclusionary rule.

pessimistic security

A special-purpose software tool that cycles through either well0known TCP and UDP port with easy vulnerabilities or all possible TCP and UDP port addresses, looking for open ports that then can be probed for access or exploited for vulnerabilities. threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot

port scanner

Which of the following software programs can attempt to communicate with any IP based system while cycling through all valid TCP and UDP port addresses? agent Trojan port scanner socket

port scanner

The act of moving an IT component from one life cycle stage or environment to the next proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox

promote

An IT component that is not standards based and useable by anyone without license proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox

proprietary

The purpose of ____ is to find out what you have and what is vulnerable. reconnaissance covering-up session hijacking packet sniffing

reconnaissance

A 6to4 ____ is a specialized device that acts as an IPv6/IPv4 router. router relay node/router host/router

relay

Any type of network service that permits users elsewhere on a network to use the network to log on to a system as if they were attached locally while operating remotely. threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot

remote logon service

A ____ is an IT environment isolated from the production environment. sandbox playbox virtual network virtual domain

sandbox

An IT environment that is isolated from the production network for the purpose of testing or containing things that could disrupt service on the production network proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox

sandbox

A document that represents the concrete manifestation of an organization's requirements for security practices, rules, and procedures threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot

security policy

An IP attack technique whereby an imposter takes over an ongoing communications session between a client and server threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot

session hijacking

Which of the following types of attacks serves the purpose of masquerading as an authorized user in order to gain access to a system? egress filtering session hijacking data authentication network sniffing

session hijacking

In the generic sense, a(n) _____ connection has uplinks to a single switch, service provider, or other system

single-homed

Any activity that represents a potential danger or attack on a system or network threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot

threat

The ____ network model can represent a number of hybrid configurations, but it assumes that a site has a variety of different subnets, based on IP version implementation. basic hybrid transition hybrid nested true hybrid

true hybrid

A(n) _______ is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.

vulnerability


Conjuntos de estudio relacionados

General Behavioral Health Course Objectives, Diagnosis: Behavioral Health PA 604

View Set

Evolve: School-Age Childern (Lvl 3)

View Set

Principles of Microeconomics Exam1 Review Questions Ch 1-4

View Set

Fees billing collections and credit

View Set

Chapter 8 Ionizing and Non-Ionizing Radiation

View Set