Advanced Networking Chapter 8
Which feature allows Nmap to work out hop counts? --traceroute switch -sn switch -p switch --script switch
--traceroute switch
Which option is used with tcpdump to specify the network interface to listen on? -v -i -w -e
-i
What is a major security weakness of SNMP v2c? It uses strong encryption by default. It restricts management operations to known hosts. It sends community strings in plaintext. It supports too many users.
It sends community strings in plaintext
Which of the following is NOT information that CDP can report? IOS version MAC address table sizes Device ID/hostname Power over Ethernet usage
MAC address table sizes
An organization is using the Simple Network Management Protocol (SNMP) for remote management and monitoring of servers and network appliances and must deploy an agent to each device. Where are the statistics relating to the activity of each device kept? Trap OID MIB Get
MIB
Which of the following is NOT a traffic class defined by DiffServ? Maximum Throughput Expedited Forwarding Assured Forwarding Best Effort
Maximum Throughput
Which agreement is most likely to be used between two companies to protect shared sensitive information? Memorandum of Understanding (MOU) Service Level Agreement (SLA) Employment Contract Non-Disclosure Agreement (NDA)
Non-Disclosure Agreement (NDA)
What does log aggregation in the context of SIEM refer to? Encrypting log files for secure storage The physical collection of log files from different devices The process of deleting outdated log files to free up storage space Normalizing data from different sources to make it consistent
Normalizing data from different sources to make it consistent
What is the standard method of sanitizing an HDD? Degaussing Incineration Shredding Overwriting
Overwriting
What does an availability monitor check for in an HTTP service to confirm availability? A 500 status code A 404 status code A 200 status code A 302 status code
A 200 status code
How do SIEM tools handle differences in date/time zones among various log sources? By only accepting logs in the UTC time zone By normalizing date/time zone differences to a single timeline By storing logs in separate databases based on their time zones By ignoring date/time information to avoid confusion
By normalizing date/time zone differences to a single timeline
How can a high priority alert be communicated in an event management system? By displaying it on the system dashboard only By increasing the logging level on all hosts By sending an email to the system administrator By generating a detailed report at the end of the month
By sending an email to the system administrator
A network administrator is tasked with improving the performance of a company's VoIP (Voice over Internet Protocol) system, which has been experiencing poor audio quality during peak business hours. The network is also used for email, web browsing, and file transfers. The administrator decides to implement a solution to prioritize VoIP traffic over other types of traffic. Which of the following solutions would be MOST effective in achieving the desired improvement in VoIP performance? Configuring a Random Early Detection (RED) algorithm on all network switches. Implementing a First-In, First-Out (FIFO) queuing discipline across the network. Increasing the bandwidth of the company's internet connection. Deploying traffic shaping to prioritize VoIP packets.
Deploying traffic shaping to prioritize VoIP packets.
What does an IP scanner do? Edits images Encrypts network traffic Creates spreadsheets Establishes the logical topology of the network
Establishes the logical topology of the network
What type of data transfer is described as bursty? Voice over IP (VoIP) File transfer Live audio broadcasting Real-time video streaming
File transfer
What role does a Change Advisory Board (CAB) play in change management? It creates the Request for Change (RFC) documents. It documents the need for change. It approves major or significant changes. It implements the changes directly.
It approves major or significant changes.
What role does a NetFlow exporter play in a network? It defines cache flows. It analyzes and reports flow information. It increases the bandwidth of the network. It aggregates flows from multiple collectors.
It defines cache flows
What does a configuration monitor do when there is a change to a device's production configuration? It updates the baseline configuration. It disconnects the device from the network. It automatically reverts the change. It generates logs, alerts, or alarms.
It generates logs, alerts, or alarms
What is the significance of monitoring queue length in network performance? It measures the physical condition of the network interface. It indicates the total number of users in the network. It helps determine whether the link is a bottleneck. It shows the financial cost of data transfer.
It helps determine whether the link is a bottleneck.
Why is plotting data as a graph helpful in log analysis? It eliminates the need for software analysis. It reduces the amount of data that needs to be stored. It increases the speed of the network. It makes it easier to spot trends or spikes in the data.
It makes it easier to spot trends or spikes in the data.
What distinguishes a Passive TAP from a SPAN/port mirroring connection? It physically copies the signal from the cabling to a monitor port. It requires special software to function. It can increase network speed. It can only monitor encrypted traffic.
It physically copies the signal from the cabling to a monitor port
What does Nmap use to determine whether a host is present when used without switches? It pings and sends a TCP ACK packet to ports 80 and 443. It sends an email to the network administrator. It performs a full database scan. It listens for any active Bluetooth devices.
It pings and sends a TCP ACK packet to ports 80 and 443.
Which of the following is the BEST approach when a configuration has drifted from its baseline? Perform testing to determine whether to revert. Always revert to the golden configuration. Update the baseline template without testing. Ignore the drift as it is usually insignificant.
Perform testing to determine whether to revert
What does the Secure Erase (SE) command do on HDDs? Physically destroys the drive Performs a single pass of zero-filling Marks all blocks as empty Encrypts all data on the drive
Performs a single pass of zero-filling
Which version of SNMP supports encryption and strong user-based authentication? SNMP v3 SNMP v1 SNMP v2c SNMP v4
SNMP v3
What metric measures the actual amount of data transferred over a network? Memory usage Bandwidth CPU utilization Throughput
Throughput
What is a configuration backup used for when applying an update? To enhance the performance of the update To serve as a fallback To comply with software licensing agreements To reduce the time required for the update
To serve as a fallback
What is the purpose of a community string in SNMP? To identify the network topology To increase network speed To serve as a type of password To encrypt data packets
To serve as a type of password
What is the purpose of using display filters in Wireshark? To delete unwanted packets from the network To change the color of the interface To increase the capture speed of packets To show only particular frames or sequences of frames
To show only particular frames or sequences of frames
Why is it important to stay up to date with system security advisories? To monitor the stock market for technology companies To ensure compliance with IT audit standards To stay informed about vulnerabilities To keep track of new IT products
To stay informed about vulnerabilities
What is the primary function of an availability monitor? To update digital certificates To manage network bandwidth To increase the speed of a service To trigger an alarm for service unscheduled downtime
To trigger an alarm for service unscheduled downtime
What do "top talkers" and "top listeners" refer to in network analysis? Top talkers are interfaces generating the most outgoing traffic, while top listeners are the interfaces receiving the most incoming traffic. Top talkers are devices with the highest error rates in the network, while top listeners are devices with the highest packet loss rates. Top talkers are the most secure connections in a network, and top listeners are the least secure connections. Top talkers are the fastest network connections, while top listeners are the slowest network connections.
Top talkers are interfaces generating the most outgoing traffic, while top listeners are the interfaces receiving the most incoming traffic.
What is considered an acceptable error rate in general terms? Exactly 5 percent Under 1 percent Over 15 percent Under 10 percent
Under 1 percent
What is a potential consequence of using traffic policing devices instead of traffic shapers? Fewer lost packets during periods of congestion Under-utilization of bandwidth during idle periods Increased latency for non-critical applications More efficient use of available bandwidth
Under-utilization of bandwidth during idle periods
How can the detail of the information shown about each frame be increased in tcpdump? Using the -i switch Using the -v, -vv, or -vvv switches Using the -e switch Using the -w switch
Using the -v, -vv, or -vvv switches
Which open-source tool is mentioned as a graphical packet capture and analysis utility? Wireshark Nmap Nessus Netcat
Wireshark
What does a syslog message comprise? Only a header containing a timestamp A severity level and a message part Only a message part with content A PRI code, a header, and a message part
A PRI code, a header, and a message part
What distinguishes an application log from a system log? An application log records data for the entire operating system. An application log is only used for security purposes. An application log cannot record errors. An application log records data for a single specific service.
An application log records data for a single specific service
Why might an aggregation TAP drop frames under heavy load? Because it rebuilds streams into a single channel Because it cannot handle encrypted traffic Because it requires a direct internet connection Because it does not support gigabit signaling
Because it rebuilds streams into a single channel
What is a basic type of IP scanning mentioned in the document? Spreadsheet analysis Email filtering Color correction Host discovery
Host discovery
Why is collecting just the packet metadata preferred over recording each frame? It reduces the bandwidth required by the sniffer. It enhances the security of the network. It increases the network speed. It imposes a heavy processing overhead.
It reduces the bandwidth required by the sniffer
Which layer's diagram would show asset IDs, cable links, and wall/patch panel/switch port IDs? Data Link (Layer 2) Logical (IP/Layer 3) PHY (Physical layer) Application
PHY (Physical layer)
What are latency and jitter in the context of network performance? Problems of timing and sequence of packet delivery Types of network security protocols Measures of network speed and efficiency Techniques for optimizing bandwidth usage
Problems of timing and sequence of packet delivery
Which type of scanners use specially crafted probes to locate hosts that might be configured not to respond to pings? Spreadsheet analysis tools Graphic design software Security-oriented scanners Email management systems
Security-oriented scanners
What is an automated event management system configured to generate? Some sort of alert A list of all devices on the network A backup of the logging system Detailed reports for every event
Some sort of alert
Which backup mode creates a snapshot-type image of the whole system? State/bare metal Configuration file Differential backup Incremental backup
State/bare metal
What historical method might IT departments have used for tracking IP usage? Static files Physical logbooks Cloud-based databases Oral tradition
Static files
In Wireshark, where can you access tools for traffic analysis? File menu Statistics menu Tools menu Edit menu
Statistics menu
What type of events does an audit log generally record? System configuration backups Performance metrics for compute resources Success/fail type events related to authentication Detailed descriptions of all user activities
Success/fail type events related to authentication
What can cause a broadcast storm in a network? High bandwidth availability Switching loops Low CPU utilization Insufficient storage space on network devices
Switching loops
Which Nmap scan type is less stealthy due to its use of the operating system to attempt a full TCP connection? Port range (-p) TCP SYN (-sS) TCP connect (-sT) UDP scans (-sU)
TCP connect (-sT)
What is referred to as configuration drift? The initial setup of a CI's configuration The process of updating a CI's baseline The deviation of a CI from its baseline The act of backing up a CI's configuration
The deviation of a CI from its baseline
What is packet loss? The encryption of data packets for security purposes The duplication of data packets to ensure delivery The discarding of data packets in a network The intentional slowing down of data transmission
The discarding of data packets in a network
What is a key feature of performance/traffic logs? They record metrics for network resources. They exclusively track user login attempts. They serve as backups for application data. They record only security breaches.
They record metrics for network resources
What advantage do website performance checkers offer for testing site response times? They increase website traffic automatically. They can physically repair websites. They test from the perspective of customers in different countries. They design websites.
They test from the perspective of customers in different countries.
What should you consider doing if a server hosting a service is overloaded? Throttle client connections. Decrease the server's memory. Disable the Spanning Tree Protocol (STP). Increase network congestion.
Throttle client connections.
What is the purpose of installing a special driver for a software-based sniffer? To encrypt the captured frames To decrease the network's latency To increase the sniffer's processing speed To allow the frames to be read from the network stack
To allow the frames to be read from the network stack
What is the role of a packet sniffer in the context of a protocol analyzer? To capture frames moving over the network medium To increase the bandwidth of the network To provide encryption for data packets To physically connect different network segments
To capture frames moving over the network medium
What is the primary purpose of using physical network diagrams? To track software installations on network devices To track software installations on network devices To document the physical location of employees To capture the complex relationships between network elements
To capture the complex relationships between network elements
What is the primary function of traffic shapers? To categorize protocols into different service levels To delay certain packet types based on their content To increase the speed of packet delivery To monitor traffic conditions and generate reports
To delay certain packet types based on their content
What is the primary purpose of monitoring individual interface statistics in a network? answer To reduce the cost of network maintenance To enhance the security of network communications To increase the network speed To diagnose performance issues
To diagnose performance issues
What is the primary function of Cisco Discovery Protocol (CDP)? To discover information about directly connected Cisco devices To provide a secure tunnel for data transmission To encrypt data traffic between Cisco devices To assign IP addresses to devices on a network
To discover information about directly connected Cisco devices
Why is it important to track software license usage in an asset inventory? To track the company's profit margins To monitor employee internet usage To evaluate the company's branding strategies To ensure compliance with the vendor's licensing agreement
To ensure compliance with the vendor's licensing agreement
Why should configuration changes only be made with a service request ticket? To bypass the approval process To increase the speed of changes To ensure that the activity of network personnel is recorded To eliminate the need for documentation
To ensure that the activity of network personnel is recorded
What is the purpose of the PRI code in a syslog message? To specify the protocol used To indicate the message's priority To encrypt the message To identify the recipient of the message
To indicate the message's priority
What is the primary purpose of using Quality of Service (QoS) mechanisms in a network? To prioritize certain types of traffic over others To decrease network security To reduce the cost of network infrastructure To increase the number of devices that can connect to the network
To prioritize certain types of traffic over others
What is the purpose of using the -sV or -A switch with Nmap? To disable logging of the scan results To increase the speed of the scan To probe for software versions on each port To limit the scan to the local network only
To probe for software versions on each port
What is the purpose of a rack diagram? To document the physical location of employees within an office To record the position of each appliance in the rack To map out the logical flow of data within the network To track software versions installed on network devices
To record the position of each appliance in the rack
What does the -w switch do in tcpdump? Shows the Ethernet header Increases the amount of detail shown Reads the contents of a capture file Writes output to a file
Writes output to a file
What mode in SNMP v3 does not encrypt packets? noAuthNoPriv privAuth authNoPriv authPriv
authNoPriv
