Quiz 4
An enterprise-wide VPN can include elements of both the client-to-site and site-to-site models. True False
True
By default, the native VLAN is the same as the default VLAN. True False
True
Digital certificates are issued, maintained, and validated by an organization called a certificate authority (CA). True False
True
In order to identify the transmissions that belong to each VLAN, a switch will add a tag to Ethernet frames that identifies the port through which they arrive at the switch. True False
True
Network segmentation at Layer 2 of the OSI model is accomplished using VLANs. True False
True
Office 365 is an example of an SaaS implementation with a subscription model. True False
True
PPP can support several types of Network layer protocols that might use the connection. True False
True
The Virtual Network Computing (VNC) application uses the cross-platform remote frame buffer (RFB) protocol. True False
True
A Type 2 hypervisor installs on a computer before any OS, and is therefore called a bare-metal hypervisor. True False
False
A native VLAN mismatch occurs when two access ports that are connected to each other are both tagging traffic with different VLAN IDs. True False
False
After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel. True False
False
All that is needed to provide communication between two VLANs is a DHCP relay agent. True False
False
An unmanaged switch can still support the creation of VLANs, provided there is an interface for configuration. True False
False
Network segmentation decreases both performance and security on a network. True False
False
Only Class B and Class C networks can be subnetted. True False
False
The HTTPS (HTTP Secure) protocol utilizes the same TCP port as HTTP, port 80. True False
False
When an 802.1Q tag is added to an Ethernet frame, where is it placed? a. It is inserted between the source address and the Ethernet type field. b. It is appended to the end of the frame. c. It is inserted between the preamble and the destination address. d. It is inserted between the destination and the source addresses.
a. It is inserted between the source address and the Ethernet type field.
The use of certificate authorities to associate public keys with certain users is known by what term? a. certified infrastructure b. public-key infrastructure c. public-key organization d. symmetric identification
b. public-key infrastructure
You are working on a Cisco switch and need to learn what VLANs exist on the switch. Which command will list the current VLANs recognized by the switch? a. list switch-vlans b. show vlan c. show vlandb d. get vlans
b. show vlan
IPv6 addressing does not utilize classful addressing, therefore every IPv6 address is classless. True False
true
A community cloud is a service shared between multiple organizations, but not available publicly. True False
True
A /24 CIDR block is equivalent to a 255.255.255.0 subnet mask. True False
True
By default, when using classful addressing, how many bits exist in the host portion of a Class A address? a. 24 b. 8 c. 32 d. 16
a. 24
What is the maximum number of host IP addresses that can exist in a Class B network? a. 65,534 b. 1022 c. 8190 d. 32,766
a. 65,534
When using IPv6, what would a /64 network likely be assigned to? a. A smaller organization or business. b. A very large organization. c. A large Internet service provider. d. A regional Internet registry.
a. A smaller organization or business.
With VTP, where is the VLAN database stored? a. On the switch that is known as the stack master. b. On the switch that is configured as the trunk root. c. On the router responsible for maintaining the VTP database. d. On the designated VLAN server for the network.
a. On the switch that is known as the stack master.
What is NOT one of the ways in which networks are commonly segmented? a. by device manufacturer b. by geographic location c. by departmental boundaries d. by device types
a. by device manufacturer
Which of the following terms is commonly used to describe a VLAN configuration in which one router connects to a switch that supports multiple VLANs? a. router-on-a-stick b. branched router c. router-on-a-branch d. router overloading
a. router-on-a-stick
What command will set the native VLAN on a Juniper switch port? a. set native-vlan-id b. switchport trunk native vlan c. config native vlan d. switchport set native vlan
a. set native-vlan-id
In order to generate a public and private key for use with SSH, what command line utility should you use? a. ssh-keygen b. key-generate c. gpg --ssh d. ssh-newkey
a. ssh-keygen
On a Cisco switch, what would the security association identifier be for VLAN 13? a. 1000130 b. 100013 c. 1013 d. 5013
b. 100013
A network with 10 bits remaining for the host portion will have how many usable host addresses? a. 4192 b. 1022 c. 510 d. 2046
b. 1022
Given a host IP address of 172.16.1.154 and a subnet mask of 255.255.254.0, what is the network ID for this host? a. 172.16.2.0 b. 172.16.0.0 c. 172.0.0.0 d. 172.16.1.0
b. 172.16.0.0
What subnet mask can be used to segment the 172.16.0.0 network to allow for a minimum of 6 subnets while maximizing the number of hosts per subnet? a. 255.255.192.0 b. 255.255.224.0 c. 255.255.248.0 d. 255.255.128.0
b. 255.255.224.0
How many /64 subnets can be created within a /56 prefix? a. 1024 b. 256 c. 512 d. 2048
b. 256
How many subnets can a /48 site prefix support? a. 131,072 subnets b. 65,536 subnets c. 256 subnets d. 16384 subnets
b. 65,536 subnets
Which of the following suggestions can help prevent VLAN hopping attacks on a network? a. Install an additional switch to isolate traffic. b. Disable auto trunking and move native VLANs to unused VLANs. c. Install a router to process the untagged traffic on the VLAN. d. Use MAC address filtering.
b. Disable auto trunking and move native VLANs to unused VLANs
An IP address of 192.168.18.73/28 has what network ID? a. 192.168.18.32 b. 192.168.16.0 c. 192.168.18.64 d. 192.168.18.0
c. 192.168.18.64
How large is the 802.1Q tag that is added to an Ethernet frame when using VLANs? a. 8 bytes b. 12 bytes c. 4 bytes d. 20 bytes
c. 4 bytes
What IEEE standard specifies how VLAN information appears in frames and how switches interpret that information? a. 802.1V b. 802.1c c. 802.1Q d. 802.1d
c. 802.1Q
Which of the following is NOT a task that a VPN concentrator is responsible for? a. A VPN concentrator establishes tunnels for VPN connections. b. A VPN concentrator authenticates VPN clients. c. A VPN concentrator shuts down established connections with malicious traffic occurs. d. A VPN concentrator manages encryption for VPN transmissions.
c. A VPN concentrator shuts down established connections with malicious traffic occurs.
Amazon and Rackspace both utilize what virtualization software below to create their cloud environments? a. VMware vSphere b. Oracle VirtualBox c. Citrix Xen d. Parallels
c. Citrix Xen
The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field? a. encryption b. FEC c. FCS d. priority
c. FCS
Regarding VNC (Virtual Network Computing or Virtual Network Connection), what statement is accurate? a. VNC uses the Remote Desktop Protocol (RDP). b. VNC is a standard developed by Microsoft and used by Windows Remote Desktop. c. VNC is open source, allowing companies to develop their own software based on VNC. d. VNC is faster than Remote Desktop, and requires less network bandwidth.
c. VNC is open source, allowing companies to develop their own software based on VNC.
A subnet of 255.255.248.0 can be represented by what CIDR notation? a. /20 b. /18 c. /29 d. /21
d. /21
You have been tasked with the creation and design of a network that must support a minimum of 5000 hosts. Which network accomplishes this goal? a. 192.168.0.0/20 b. 172.20.50.0/23 c. 10.90.0.0/22 d. 10.3.0.0/19
d. 10.3.0.0/19
A network with a CIDR notation of /26 would have what subnet mask? a. 255.255.255.0 b. 255.255.255.240 c. 255.255.255.224 d. 255.255.255.192
d. 255.255.255.192
Which of the following virtualization products is an example of a bare-metal hypervisor? a. VirtualBox b. VMware Player c. Linux KVM d. Citrix XenServer
d. Citrix XenServer
By default, what network connection type is selected when creating a VM in VMware, VirtualBox, or KVM? a. bridged mode b. lockdown mode c. host-only mode d. NAT mode
d. NAT mode
Which of the following statements regarding IPv6 subnetting is NOT accurate? a. A single IPv6 subnet is capable of supplying 18,446,744,073,709,551,616 IPv6 addresses. b. IPv6 addressing uses no classes, and is therefore classless. c. IPv6 does not use subnet masks. d. The largest IPv6 subnet capable of being created is a /64.
d. The largest IPv6 subnet capable of being created is a /64.
VMware Player and Linux KVM are both examples of what type of hypervisor? a. barebones hypervisor b. Type 1 hypervisor c. bare-metal hypervisor d. Type 2 hypervisor
d. Type 2 hypervisor
FTPS (FTP Security or FTP Secure) and SFTP (Secure FTP) are two names for the same protocol. True False
False
What type of scenario would be best served by using a Platform as a Service (PaaS) cloud model? a. A group of developers needs access to multiple operating systems and the runtime libraries that the OS provides. b. An organization wishes to gain access to applications through an online user interface, while maintaining compatibility across operating systems. c. A small organization needs to have high availability for their web server. d. An organization needs to have a hosted virtual network infrastructure for their services, which are run on virtual machines.
a. A group of developers needs access to multiple operating systems and the runtime libraries that the OS provides.
What special enterprise VPN supported by Cisco devices creates VPN tunnels between branch locations as needed rather than requiring constant, static tunnels? a. Dynamic Multipoint VPN b. Auto Switched VPN Service c. Symmetric VPN Autodial d. Dynamic SmartVPN
a. Dynamic Multipoint VPN
When using public and private keys to connect to an SSH server from a Linux device, where must your public key be placed before you can connect? a. In an authorization file on the host where the SSH server is. b. In the /var/run/ssh/public folder. c. In the /etc/ssh/keys folder. d. In an authorization file under your home directory on your computer.
a. In an authorization file on the host where the SSH server is.
Why is the telnet utility a poor choice for remote access to a device? a. It provides poor authentication and no encryption. b. It cannot be used over a public WAN connection. c. It provides no mechanism for authentication. d. It does not allow for control of a computer remotely.
a. It provides poor authentication and no encryption.
A vSwitch (virtual switch) or bridge is a logically defined device that operates at what layer of the OSI model? a. Layer 2 b. Layer 1 c. Layer 7 d. Layer 4
a. Layer 2
What open-source VPN protocol utilizes OpenSSL for encryption and has the ability to possibly cross firewalls where IPsec might be blocked? a. OpenVPN b. Generic Routing Encapsulation (GRE) c. Layer 2 Tunneling Protocol (L2TP) d. Point-to-Point Tunneling Protocol (PPTP)
a. OpenVPN
In a software defined network, what is responsible for controlling the flow of data? a. SDN controller b. flow director c. vRouter d. SDN switch
a. SDN controller
Which statement regarding the use of a bridged mode vNIC is accurate? a. The vNIC will its own IP address on the physical LAN. b. The vNIC will be assigned a NAT-ed IP address. c. The vNIC will only be able to communicate across the bridge to the host PC. d. The vNIC will utilize the host PC's IP address.
a. The vNIC will its own IP address on the physical LAN.
When dealing with a Cisco switch, what is NOT one of the pre-established VLANs? a. VLAN 1001 b. VLAN 1005 c. VLAN 1 d. VLAN 1003
a. VLAN 1001
What statement regarding the SSH (Secure Shell) collection of protocols is accurate? a. SSH provides a graphical view of the remote computer. b. SSH supports port forwarding. c. SSH does not protect against IP spoofing. d. SSH does not protect against DNS spoofing.
b. SSH supports port forwarding.
An interface that manages traffic from multiple VLANs is known by what term? a. egress port b. trunk port c. aggregation port d. access port
b. trunk port
Which statement regarding the IKEv2 tunneling protocol is accurate? a. IKEv2 is an open-source VPN protocol that utilizes OpenSSL for encryption. b. IKEv2 is based on technology developed by Cisco and standardized by the IETF. c. IKEv2 offers fast throughput and good stability when moving between wireless hotspots. d. IKEv2 is an older, Layer 2 protocol developed by Microsoft that encapsulates VPN data frames.
c. IKEv2 offers fast throughput and good stability when moving between wireless hotspots.
What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission? a. SSL b. L2TP c. IPsec d. TLS
c. IPsec
Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers? a. SaaS b. PaaS c. IaaS d. XaaS
c. IaaS
What does the VLAN Trunk Protocol (VTP) do? a. It is the protocol that defines how VLAN tagging is accomplished in an Ethernet network. b. It is the protocol used by a trunk port for establishing a trunk with another switch. c. It shares VLAN database information amongst switches that participate. d. It shares trunking information amongst switches that participate.
c. It shares VLAN database information amongst switches that participate.
At what layer of the OSI model does the IPsec encryption protocol operate? a. Physical layer b. Application layer c. Network layer d. Transport layer
c. Network layer
Which of the following statements regarding the Point-to-Point (PPP) protocol is NOT accurate? a. PPP can negotiate and establish a connection between two endpoints. b. PPP can support several Network layer protocols, such as IP, that might use the connection. c. PPP can support strong encryption, such as AH or ESP. d. PPP can utilize an authentication protocol, such as MS-CHAPv2 or EAP to authenticate a client.
c. PPP can support strong encryption, such as AH or ESP
What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices? a. PaaS b. XaaS c. SaaS d. IaaS
c. SaaS
In an IPv6 address, what do the first four blocks or 64 bits of the address represent? a. The usable host portion of the network. b. The MAC address of the router assigning the host ID. c. The site prefix or global routing prefix. d. The broadcast domain for the configured host ID.
c. The site prefix or global routing prefix.
What is NOT a potential disadvantage of utilizing virtualization? a. Increased complexity and administrative burden can result from the use of virtual machines. b. Multiple virtual machines contending for finite resources can compromise performance. c. Virtualization software increases the complexity of backups, making creation of usable backups difficult. d. Licensing costs can be high due to every instance of commercial software requiring a separate license.
c. Virtualization software increases the complexity of backups, making creation of usable backups difficult.
On certain Cisco products, what command can be used to create and send helper messages that support several types of UDP traffic, including DHCP, TFTP, DNS, and TACACS+? a. ip create helper server b. ip new helper c. ip helper-address d. set ip helper address
c. ip helper-address
What term is used to describe a space that is rented at a data center facility by a service provider? a. service location (SL) b. central service point (CSP) c. point of presence (PoP) d. locally exchanged data point (ledp)
c. point of presence (PoP)
If the EUI-64 standard is used, what part of an IPv6 address is affected? a. The first four blocks of the address. b. The middle four blocks of the address. c. All blocks of the address are affected. d. The last four blocks of the address.
d. The last four blocks of the address.
Which file transfer protocol has no authentication or security for transferring files, uses UDP, and requires very little memory to use? a. Secure FTP (SFTP) b. File Transfer Protocol (FTP) c. FTP Secure (FTPS) d. Trivial FTP (TFTP)
d. Trivial FTP (TFTP)
When using a site-to-site VPN, what type of device sits at the edge of the LAN and establishes the connection between sites? a. VPN server b. VPN proxy c. VPN transport d. VPN gateway
d. VPN gateway
When is it appropriate to utilize the NAT network connection type? a. Only if the VM does not need to communicate with the host PC. b. Only if the VM is intended for VM-to-host communications. c. Only when the VM requires an IP address on the physical LAN. d. Whenever the VM does not need to be access at a known address by other network nodes.
d. Whenever the VM does not need to be access at a known address by other network nodes.
The combination of a public key and a private key are known by what term below? a. key team b. key tie c. key set d. key pair
d. key pair
Subtracting an interesting octet value from 256 yields what number? a. subnet ID b. host ID c. network ID d. magic number
d. magic number