Advanced Networking Chapter 8

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which feature allows Nmap to work out hop counts? --traceroute switch -sn switch -p switch --script switch

--traceroute switch

Which option is used with tcpdump to specify the network interface to listen on? -v -i -w -e

-i

What is a major security weakness of SNMP v2c? It uses strong encryption by default. It restricts management operations to known hosts. It sends community strings in plaintext. It supports too many users.

It sends community strings in plaintext

Which of the following is NOT information that CDP can report? IOS version MAC address table sizes Device ID/hostname Power over Ethernet usage

MAC address table sizes

An organization is using the Simple Network Management Protocol (SNMP) for remote management and monitoring of servers and network appliances and must deploy an agent to each device. Where are the statistics relating to the activity of each device kept? Trap OID MIB Get

MIB

Which of the following is NOT a traffic class defined by DiffServ? Maximum Throughput Expedited Forwarding Assured Forwarding Best Effort

Maximum Throughput

Which agreement is most likely to be used between two companies to protect shared sensitive information? Memorandum of Understanding (MOU) Service Level Agreement (SLA) Employment Contract Non-Disclosure Agreement (NDA)

Non-Disclosure Agreement (NDA)

What does log aggregation in the context of SIEM refer to? Encrypting log files for secure storage The physical collection of log files from different devices The process of deleting outdated log files to free up storage space Normalizing data from different sources to make it consistent

Normalizing data from different sources to make it consistent

What is the standard method of sanitizing an HDD? Degaussing Incineration Shredding Overwriting

Overwriting

What does an availability monitor check for in an HTTP service to confirm availability? A 500 status code A 404 status code A 200 status code A 302 status code

A 200 status code

How do SIEM tools handle differences in date/time zones among various log sources? By only accepting logs in the UTC time zone By normalizing date/time zone differences to a single timeline By storing logs in separate databases based on their time zones By ignoring date/time information to avoid confusion

By normalizing date/time zone differences to a single timeline

How can a high priority alert be communicated in an event management system? By displaying it on the system dashboard only By increasing the logging level on all hosts By sending an email to the system administrator By generating a detailed report at the end of the month

By sending an email to the system administrator

A network administrator is tasked with improving the performance of a company's VoIP (Voice over Internet Protocol) system, which has been experiencing poor audio quality during peak business hours. The network is also used for email, web browsing, and file transfers. The administrator decides to implement a solution to prioritize VoIP traffic over other types of traffic. Which of the following solutions would be MOST effective in achieving the desired improvement in VoIP performance? Configuring a Random Early Detection (RED) algorithm on all network switches. Implementing a First-In, First-Out (FIFO) queuing discipline across the network. Increasing the bandwidth of the company's internet connection. Deploying traffic shaping to prioritize VoIP packets.

Deploying traffic shaping to prioritize VoIP packets.

What does an IP scanner do? Edits images Encrypts network traffic Creates spreadsheets Establishes the logical topology of the network

Establishes the logical topology of the network

What type of data transfer is described as bursty? Voice over IP (VoIP) File transfer Live audio broadcasting Real-time video streaming

File transfer

What role does a Change Advisory Board (CAB) play in change management? It creates the Request for Change (RFC) documents. It documents the need for change. It approves major or significant changes. It implements the changes directly.

It approves major or significant changes.

What role does a NetFlow exporter play in a network? It defines cache flows. It analyzes and reports flow information. It increases the bandwidth of the network. It aggregates flows from multiple collectors.

It defines cache flows

What does a configuration monitor do when there is a change to a device's production configuration? It updates the baseline configuration. It disconnects the device from the network. It automatically reverts the change. It generates logs, alerts, or alarms.

It generates logs, alerts, or alarms

What is the significance of monitoring queue length in network performance? It measures the physical condition of the network interface. It indicates the total number of users in the network. It helps determine whether the link is a bottleneck. It shows the financial cost of data transfer.

It helps determine whether the link is a bottleneck.

Why is plotting data as a graph helpful in log analysis? It eliminates the need for software analysis. It reduces the amount of data that needs to be stored. It increases the speed of the network. It makes it easier to spot trends or spikes in the data.

It makes it easier to spot trends or spikes in the data.

What distinguishes a Passive TAP from a SPAN/port mirroring connection? It physically copies the signal from the cabling to a monitor port. It requires special software to function. It can increase network speed. It can only monitor encrypted traffic.

It physically copies the signal from the cabling to a monitor port

What does Nmap use to determine whether a host is present when used without switches? It pings and sends a TCP ACK packet to ports 80 and 443. It sends an email to the network administrator. It performs a full database scan. It listens for any active Bluetooth devices.

It pings and sends a TCP ACK packet to ports 80 and 443.

Which of the following is the BEST approach when a configuration has drifted from its baseline? Perform testing to determine whether to revert. Always revert to the golden configuration. Update the baseline template without testing. Ignore the drift as it is usually insignificant.

Perform testing to determine whether to revert

What does the Secure Erase (SE) command do on HDDs? Physically destroys the drive Performs a single pass of zero-filling Marks all blocks as empty Encrypts all data on the drive

Performs a single pass of zero-filling

Which version of SNMP supports encryption and strong user-based authentication? SNMP v3 SNMP v1 SNMP v2c SNMP v4

SNMP v3

What metric measures the actual amount of data transferred over a network? Memory usage Bandwidth CPU utilization Throughput

Throughput

What is a configuration backup used for when applying an update? To enhance the performance of the update To serve as a fallback To comply with software licensing agreements To reduce the time required for the update

To serve as a fallback

What is the purpose of a community string in SNMP? To identify the network topology To increase network speed To serve as a type of password To encrypt data packets

To serve as a type of password

What is the purpose of using display filters in Wireshark? To delete unwanted packets from the network To change the color of the interface To increase the capture speed of packets To show only particular frames or sequences of frames

To show only particular frames or sequences of frames

Why is it important to stay up to date with system security advisories? To monitor the stock market for technology companies To ensure compliance with IT audit standards To stay informed about vulnerabilities To keep track of new IT products

To stay informed about vulnerabilities

What is the primary function of an availability monitor? To update digital certificates To manage network bandwidth To increase the speed of a service To trigger an alarm for service unscheduled downtime

To trigger an alarm for service unscheduled downtime

What do "top talkers" and "top listeners" refer to in network analysis? Top talkers are interfaces generating the most outgoing traffic, while top listeners are the interfaces receiving the most incoming traffic. Top talkers are devices with the highest error rates in the network, while top listeners are devices with the highest packet loss rates. Top talkers are the most secure connections in a network, and top listeners are the least secure connections. Top talkers are the fastest network connections, while top listeners are the slowest network connections.

Top talkers are interfaces generating the most outgoing traffic, while top listeners are the interfaces receiving the most incoming traffic.

What is considered an acceptable error rate in general terms? Exactly 5 percent Under 1 percent Over 15 percent Under 10 percent

Under 1 percent

What is a potential consequence of using traffic policing devices instead of traffic shapers? Fewer lost packets during periods of congestion Under-utilization of bandwidth during idle periods Increased latency for non-critical applications More efficient use of available bandwidth

Under-utilization of bandwidth during idle periods

How can the detail of the information shown about each frame be increased in tcpdump? Using the -i switch Using the -v, -vv, or -vvv switches Using the -e switch Using the -w switch

Using the -v, -vv, or -vvv switches

Which open-source tool is mentioned as a graphical packet capture and analysis utility? Wireshark Nmap Nessus Netcat

Wireshark

What does a syslog message comprise? Only a header containing a timestamp A severity level and a message part Only a message part with content A PRI code, a header, and a message part

A PRI code, a header, and a message part

What distinguishes an application log from a system log? An application log records data for the entire operating system. An application log is only used for security purposes. An application log cannot record errors. An application log records data for a single specific service.

An application log records data for a single specific service

Why might an aggregation TAP drop frames under heavy load? Because it rebuilds streams into a single channel Because it cannot handle encrypted traffic Because it requires a direct internet connection Because it does not support gigabit signaling

Because it rebuilds streams into a single channel

What is a basic type of IP scanning mentioned in the document? Spreadsheet analysis Email filtering Color correction Host discovery

Host discovery

Why is collecting just the packet metadata preferred over recording each frame? It reduces the bandwidth required by the sniffer. It enhances the security of the network. It increases the network speed. It imposes a heavy processing overhead.

It reduces the bandwidth required by the sniffer

Which layer's diagram would show asset IDs, cable links, and wall/patch panel/switch port IDs? Data Link (Layer 2) Logical (IP/Layer 3) PHY (Physical layer) Application

PHY (Physical layer)

What are latency and jitter in the context of network performance? Problems of timing and sequence of packet delivery Types of network security protocols Measures of network speed and efficiency Techniques for optimizing bandwidth usage

Problems of timing and sequence of packet delivery

Which type of scanners use specially crafted probes to locate hosts that might be configured not to respond to pings? Spreadsheet analysis tools Graphic design software Security-oriented scanners Email management systems

Security-oriented scanners

What is an automated event management system configured to generate? Some sort of alert A list of all devices on the network A backup of the logging system Detailed reports for every event

Some sort of alert

Which backup mode creates a snapshot-type image of the whole system? State/bare metal Configuration file Differential backup Incremental backup

State/bare metal

What historical method might IT departments have used for tracking IP usage? Static files Physical logbooks Cloud-based databases Oral tradition

Static files

In Wireshark, where can you access tools for traffic analysis? File menu Statistics menu Tools menu Edit menu

Statistics menu

What type of events does an audit log generally record? System configuration backups Performance metrics for compute resources Success/fail type events related to authentication Detailed descriptions of all user activities

Success/fail type events related to authentication

What can cause a broadcast storm in a network? High bandwidth availability Switching loops Low CPU utilization Insufficient storage space on network devices

Switching loops

Which Nmap scan type is less stealthy due to its use of the operating system to attempt a full TCP connection? Port range (-p) TCP SYN (-sS) TCP connect (-sT) UDP scans (-sU)

TCP connect (-sT)

What is referred to as configuration drift? The initial setup of a CI's configuration The process of updating a CI's baseline The deviation of a CI from its baseline The act of backing up a CI's configuration

The deviation of a CI from its baseline

What is packet loss? The encryption of data packets for security purposes The duplication of data packets to ensure delivery The discarding of data packets in a network The intentional slowing down of data transmission

The discarding of data packets in a network

What is a key feature of performance/traffic logs? They record metrics for network resources. They exclusively track user login attempts. They serve as backups for application data. They record only security breaches.

They record metrics for network resources

What advantage do website performance checkers offer for testing site response times? They increase website traffic automatically. They can physically repair websites. They test from the perspective of customers in different countries. They design websites.

They test from the perspective of customers in different countries.

What should you consider doing if a server hosting a service is overloaded? Throttle client connections. Decrease the server's memory. Disable the Spanning Tree Protocol (STP). Increase network congestion.

Throttle client connections.

What is the purpose of installing a special driver for a software-based sniffer? To encrypt the captured frames To decrease the network's latency To increase the sniffer's processing speed To allow the frames to be read from the network stack

To allow the frames to be read from the network stack

What is the role of a packet sniffer in the context of a protocol analyzer? To capture frames moving over the network medium To increase the bandwidth of the network To provide encryption for data packets To physically connect different network segments

To capture frames moving over the network medium

What is the primary purpose of using physical network diagrams? To track software installations on network devices To track software installations on network devices To document the physical location of employees To capture the complex relationships between network elements

To capture the complex relationships between network elements

What is the primary function of traffic shapers? To categorize protocols into different service levels To delay certain packet types based on their content To increase the speed of packet delivery To monitor traffic conditions and generate reports

To delay certain packet types based on their content

What is the primary purpose of monitoring individual interface statistics in a network? answer To reduce the cost of network maintenance To enhance the security of network communications To increase the network speed To diagnose performance issues

To diagnose performance issues

What is the primary function of Cisco Discovery Protocol (CDP)? To discover information about directly connected Cisco devices To provide a secure tunnel for data transmission To encrypt data traffic between Cisco devices To assign IP addresses to devices on a network

To discover information about directly connected Cisco devices

Why is it important to track software license usage in an asset inventory? To track the company's profit margins To monitor employee internet usage To evaluate the company's branding strategies To ensure compliance with the vendor's licensing agreement

To ensure compliance with the vendor's licensing agreement

Why should configuration changes only be made with a service request ticket? To bypass the approval process To increase the speed of changes To ensure that the activity of network personnel is recorded To eliminate the need for documentation

To ensure that the activity of network personnel is recorded

What is the purpose of the PRI code in a syslog message? To specify the protocol used To indicate the message's priority To encrypt the message To identify the recipient of the message

To indicate the message's priority

What is the primary purpose of using Quality of Service (QoS) mechanisms in a network? To prioritize certain types of traffic over others To decrease network security To reduce the cost of network infrastructure To increase the number of devices that can connect to the network

To prioritize certain types of traffic over others

What is the purpose of using the -sV or -A switch with Nmap? To disable logging of the scan results To increase the speed of the scan To probe for software versions on each port To limit the scan to the local network only

To probe for software versions on each port

What is the purpose of a rack diagram? To document the physical location of employees within an office To record the position of each appliance in the rack To map out the logical flow of data within the network To track software versions installed on network devices

To record the position of each appliance in the rack

What does the -w switch do in tcpdump? Shows the Ethernet header Increases the amount of detail shown Reads the contents of a capture file Writes output to a file

Writes output to a file

What mode in SNMP v3 does not encrypt packets? noAuthNoPriv privAuth authNoPriv authPriv

authNoPriv


Kaugnay na mga set ng pag-aaral

Organizational Management Midterm

View Set

(12-13) Know the layers of the heart wall and Know the functions of the pericardium

View Set

National Topic Tester-Transfer of Property

View Set

Pharmacology Chapter 19: NCLEX Questions

View Set