Tingnan ang lahat ng mga set ng pag-aaral

CCNA Flashcards, Security+ SY0-501(IT Networking)

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is overload NAT?

Overload Network Address Translation (NAT) is another term for Port Address Translation (PAT). It has a many-to-one mapping.

What is special about IP address 127.0.0.1?

127.0.0.1 is the loopback address. The loopback address lets the host send a message to itself to see whether TCP/IP was properly bounded to the network card.

How many usable subnets and usable hosts can you have if you subnet the network address 192.168.1.0 with the subnet mask 255.255.255.240?

14 subnets with 14 hosts in each network.

What is the difference between a mesh and a partial-mesh topology?

A full-mesh topology connects all nodes to one another for full redundancy. In a partial-mesh, at least one node maintains multiple connections to all other devices.

What is a global unicast address?

A global unicast address is a unicast address that is globally unique and can be routed globally.

What type of WAN link is a leased line?

A leased line is a point-to-point link that provides a single, preestablished WAN communication path from the customer to the remote network

What is a link local unicast address?

A link local unicast address is an IPv6 address whose address is confined to a single link. Thus the address is not routable off the link.

What physical network topology connects all devices to each other?

A mesh network topology connects all devices to each other for fault tolerance and redundancy.

What three things can a network administrator do to minimize WLAN security threats?

A network administrator can do the following things to minimize WLAN security threats: - Use authentication to ensure that only authorized clients access the WLAN - Encrypt wireless data - Use intrusion detection/prevention systems to monitor, identify, and prevent WLAN attacks

What is a poison reverse?

A poison reverse is an update that a router sends to the router it received the route poison from, specifying that all routers on the segment have received the poisoned route information.

What are triggered updates?

Also known as flash updates, triggered updates are routing updates sent immediately out a router's interface when it notices that a directly connected subnet has changed state.

What is at the end of each access list?

An implicit deny any statement is at the end of each access list. An implicit deny statement denies any packet not filtered in the access list.

What are circuit-switched WAN connections?

Circuit-switched WAN connections are connections dedicated for only the duration of the call or the time required to transmit data. The telephone system is an example of a circuit-switched network.

On what layer of the OSI model does DSL operate?

DSL operates at the physical layer (Layer 1) of the OSI model. DSL relies on upper-layer protocols to encapsulate the data at the CO. It uses ATM, Ethernet, or PPP at the data link layer and IP and the network layer.

In a VPN, what is degree of security based on?

Degree of security is based on the encryption algorithm used and the length of the key. The shorter the key, the easier it is to break. The longer the key, the harder it is to break.

What are Cisco IOS global commands?

Global configuration commands are commands that affect the entire device. They can be executed only in global configuration mode.

What are global commands on a Cisco router?

Global configuration commands are commands that affect the entire router. They can be executed only in global configuration mode.

What two WAN encapsulations on a serial link are considered to be the most useful?

HDLC and PPP are considered to be the most useful because they are the most common and easiest to configure on a Cisco router.

What is the default encapsulation on a Cisco serial interface?

HDLC is the default encapsulation on a Cisco serial interface.

What are hold-down timers?

Hold-down timers prevent regular update messages from reinstalling a route that might have gone bad. Hold-down timers tell a router to hold any changes that might affect routes for a period of time. The default hold-down time for RIP is 180 seconds.

What are hold-down timers?

Hold-down timers prevent regular update messages from reinstating a route that might have gone bad. Hold-down timers also tell routers to hold for a period of time any changes that might affect routes.

On what layer are physical data rates, connectors, and MAC addresses located in the TCP/IP stack?

Physical data rates, connectors, and MAC addresses are located on the network access layer.

What is the port number for SMTP?

25.

What is the port number for DNS?

53.

What is the function of ROM on a Cisco router?

On a Cisco router, ROM starts and maintains the router.

How many bits are in an IPv4 address? In an IPv6 address?

IPv4: 32 bits IPv6: 128 bits

What command allows you to suspend a Telnet session?

Press Ctrl-Shift-6 followed by X to suspend a Telnet session.

How do you display the status of interface S0 only?

The IOS command to display the status of interface S0 only is show interface s0.

What IOS command configures the router to boot from an alternate IOS located in flash?

The boot system flash ios-file-name global configuration command instructs the router to boot from a different IOS located in flash memory.

How many internal hosts can be translated to one routable IP address through PAT?

Theoretically, 65,536 internal hosts can be translated by PAT using one routable IP address.

What is VLAN membership?

VLAN membership describes how a port on a switch is assigned to a VLAN.

Which router component stores the routing tables, packet buffers, and Address Resolution Protocol (ARP) cache?

RAM holds the router's routing table, packet buffers, and ARP cache. The running-config is also stored in RAM. On most Cisco routers, the IOS is loaded into RAM as well.

What is serial transmission?

Serial transmission is a method of data transmission in which bits of data are transmitted sequentially over a single channel. WANs use serial transmission.

What is the trace EXEC command used for?

The trace EXEC command displays the path a packet used to get to a remote device, as follows: RouterA#trace 192.168.2.2 Type escape sequence to abort. Tracing the route to 192.168.2.2 1 192.168.2.2 16 msec 16 msec *

Cryptography Basics *Which of the following is similar to Blowfish but works on 128-bit blocks?*

a. *Twofish* Twofish was created by the same creator of Blowfish. It performs a similar function on 128-bit blocks instead of 64-bit blocks.

*What two key elements must be carefully balanced in an effective security policy?* a. Trust and control b. Due process and due care c. Due process and due diligence d. Privilege and threat

a. *Trust and control* An effective security policy must carefully balance two key elements: trust and control.

Wireless Networking Security *An IV attack is usually associated with which of the following wireless protocols?* a. WEP b. WAP c. WPA d. WPA2

a. *WEP* An IV attack is usually associated with the WEP wireless protocol.

*There are two modes for Wi-Fi Protected Access (WPA): _______________.* a. WPA Personal and WPA Enterprise b. WPA Private and WPA Public c. WPA Open and WPA Closed d. WPA Shortwave and WPA Longwave

a. *WPA Personal and WPA Enterprise* There are two modes of WPA. WPA Personal was designed for individuals or small office/home office (SOHO) settings, which typically have 10 or fewer employees. A more robust WPA Enterprise was intended for larger enterprises, schools, and government agencies. WPA addresses both encryption and authentication.

What are the two ways that VTP and VLANs are configured on a Catalyst 2960 switch?

Two ways that VTP and VLANs are configured on a Catalyst 2960 switch are as follows: - In global configuration mode - In VLAN database configuration mode

What is included in VTP advertisements?

VTP advertisements include the following information: - VTP domain name - VTP configuration revision number - Update identity and update timestamp - MD5 digest VLAN configuration - Frame format

What is the default VTP version on a Catalyst 2960 switch?

Version 1.

You enter a command in EXEC mode and receive the following error: % Ambiguous command: What does this error mean?

"% Ambiguous command" means that not enough characters were entered for the IOS to recognize the command.

What are the function of areas and autonomous systems in link-state protocols?

Areas are a grouping of contiguous networks. They are logical subdivisions of an autonomous system (AS).

What are asynchronous links?

Asynchronous links send digital signals without timing. Asynchronous links agree on the same speed, but no check or adjustment of the rates occurs if they are slightly different. Only 1 byte per transfer is sent. Modems are asynchronous.

What is DTP?

Dynamic Trunking Protocol (DTP) is a point-to-point Layer 2 protocol that manages trunk negotiation.

How does EIGRP discover neighbors?

EIGRP neighbors are discovered through Hello messages. On most networks, Hello messages are multicast every 5 seconds to address 224.0.0.10. On Frame Relay and link speeds of T1 (1.544 Mbps) or slower, Hellos are unicast every 60 seconds.

What is the OSPF Exchange state?

In the OSPF Exchange state, a router sends database description packets describing its entire link-state database to neighbors that are in the Exchange state too.

Name the WAN encapsulation that can be configured on an asynchronous serial connection.

PPP can be configured on an asynchronous serial connection.

What is the OSPF neighbor table?

The OSPF neighbor table is a list of all neighbors discovered by OSPF.

*Which port does the File Transfer Protocol (FTP) use for commands?* a. 20 b. 21 c. 22 d. 25

b. *21* The File Transfer Protocol (FTP) uses port 21 for commands.

*Which of the three principles of security is supported by an offsite tape backup system?* a. Confidentiality b. Integrity c. Availability d. Sanitization

c. *Availability* Availability is concerned with ensuring that access to services and data is protected against disruption, including disasters and other events that could require recovering from offsite backup media. Answer A is incorrect because confidentiality involves protecting against unauthorized access. Integrity is concerned with preventing unauthorized modification, making Answer B incorrect. Answer D is incorrect because sanitization involves the destruction or overwriting of data to protect confidentiality.

Cryptography Basics *What is the primary organization for maintaining certificates called?*

c. *LRA* A Certificate Revocation List (CRL) is created and distributed to all CAs to revoke a certificate or key.

What is the port number for Telnet?

23.

What are the three VTP modes a switch can be in?

A switch can be in the following three VTP modes: - Server - Client - Transparent

What is an autonomous system (AS)?

An AS is a collection of networks under common administrative control that share a common routing strategy.

What is the Address Resolution Protocol (ARP)?

ARP is used to resolve a known IP address to a MAC address. For a host to communicate with another host, it must know the MAC address of the destination host (if they are on the same network) or next-hop router. This is the reason for ARP.

When describing the characteristics of a network, what does availability refer to?

Availability is the measure of the likelihood that the network will be available for use when required. Network availability can be calculated using the following formula, which calculates the minutes of downtime compared to the number of minutes in a year: ([525,600 [ms] Minutes downtime]/[525,600]) * 100

What does BASE mean in 10BASE-T and 100BASE-T?

BASE in 10BASE-T and 100BASE-T refers to the baseband signaling method. Baseband is a network technology in which only one carrier frequency is used. This means that when a device transmits, it uses the entire bandwidth on the wire and does not share it. Ethernet defined baseband technology.

What type of protocol is BGP?

BGP is considered an exterior gateway protocol (EGP). BGP is a routing protocol that routes routing protocols' domains (autonomous systems).

What is the Cisco Discovery Protocol (CDP)?

CDP is a Cisco-proprietary protocol that runs on all Cisco IOS[nd]enabled devices. It gathers information about directly connected Cisco devices. CDP operates at Layer 2 of the OSI model and is media independent. With CDP, you can tell the hardware type, device identifier, address list, software version, and active interfaces on neighboring Cisco devices. CDP is enabled by default on all Cisco equipment. It uses a nonroutable Subnetwork Access Protocol (SNAP) frame to communicate between devices.

Does CHAP use a two-way or three-way handshake for authentication?

CHAP uses a three-way handshake for authentication. During startup of the link, the local router sends a challenge response to the remote router. The remote router sends a hash value based on the challenge. The process is complete when the local router accepts the hash value.

Define customer premises equipment (CPE), and give an example.

CPE is equipment that is located on the customer's (or subscriber's) premises. It is equipment owned by the customer or equipment leased by the service provider to the customer. An example is a router.

Why would you want to enable EIGRP route authentication on EIGRP routers?

EIGRP route authentication causes EIGRP routers to authenticate with each other using an MD5 key digest. This prevents the introduction of unauthorized or false routing messages from unauthorized or unapproved routers.

Which of the following is a hybrid routing protocol? - RIPv2 - IGRP - DECnet - EIGRP

EIGRP. EIGRP was developed by Cisco and is considered a hybrid routing protocol because it combines the aspects of distance vector and link-state routing protocols.

What information does each Hello packet contain?

Each Hello packet contains the following information: - Router ID of the originating router - Area ID of the originating router interface - Address mask of the originating router interface - Authentication type and information of the originating router interface - HelloInterval - RouterDeadInterval - Router priority - Designated router (DR) and backup designated router (BDR) - 5 flag bits for optional capabilities - Router IDs of the originating router's neighbors

What criteria do extended IP access lists use to filter packets?

Extended IP access lists use the source address, destination address, protocols, and port numbers to filter packets.

What are the advantages of using full-duplex Ethernet instead of half-duplex?

Full-duplex provides faster data transfer and operates without collisions.

Describe full-duplex transmission.

Full-duplex transmission is achieved by microsegmentation, where each network device has its own dedicated segment to the switch. Because the network device has its own dedicated segment, it does not have to worry about sharing the segment with other devices. With full-duplex transmission, the device can send and receive at the same time, effectively doubling the amount of bandwidth between nodes.

What is Gigabit Ethernet?

Gigabit Ethernet is an extension of the IEEE 802.3 Ethernet standard. It increases the speed of the Ethernet protocol to 1000 Mbps, or 1 Gbps. IEEE 802.3z specifies Gigabit over fiber, and IEEE 802.3ab specifies Gigabit over twisted-pair cable.

After you enable IPv6 on a Cisco router, how do you assign IPv6 addresses to the router's interfaces?

IPv6 addresses are assigned to router interfaces using the ipv6 address prefix/prefix-length interface command. The following example enables IPv6 routing and assigns an IPv6 address to interface Ethernet 0: RouterA#config term RouterA(config)#ipv6 unicast-routing RouterA(config)#interface ethernet 0 RouterA(config-if)#ipv6 address 2001:0d02::2:0100/64

How do you enable IPv6 on a Cisco router?

IPv6 is not enabled by default on Cisco routers. The ipv6 unicast-routing global command enables IPv6 on the router

What is the IPv6 tunneling transition mechanism?

IPv6 tunneling consists of encapsulating IPv6 packets within IPv4 packets to allow an isolated network or host to reach the IPv6 Internet. Two types of tunneling exist: automatic (6to4) and static.

In the IOS, what is privileged EXEC mode?

In privileged EXEC mode, you can view and change the configuration in a router; you have access to all the router's commands and the powerful debug commands. To enter privileged mode, enter the enable command while in user mode. By default, the pound symbol (#) indicates that you are in privileged mode. This mode is usually protected with a password. Here is an example of how to enter privileged mode. You also see the output of the prompt: Router>enable Password: Router#

In the router IOS, what is privileged EXEC mode?

What is the STP forwarding state?

After the default time in the learning state is up, the port moves to the forwarding state. In the forwarding state, the port sends and received data.

What is the EIGRP topology table?

The EIGRP topology table contains all learned routes to a destination. In other words, the topology table holds all feasible routes in its table.

What criteria do standard IP access lists use to filter packets?

Standard IP access lists filter packets by the source address. This results in the packets being permitted or denied for the entire protocol suite based on the source network IP address.

Describe a star and extended star physical topology.

Star and extended star physical topologies are made of a central connection point, such as a hub or switch, where all cable segments connect. A star topology resembles spokes in a bicycle wheel and is the network topology of choice in Ethernet networks. When a star network is expanded to include additional network devices that connect to a main center network device, it is called an extended star topology.

Which has more overhead, UDP or TCP?

TCP. Because UDP segments are not acknowledged, they do not carry the overhead that TCP does, thus allowing faster transmissions and greater efficiency.

What are the protocol numbers for TCP and UDP?

TCP: 6 UDP: 17

What are interior gateway protocols (IGP) and exterior gateway protocols (EGP)?

Interior gateway protocols are routing protocols that run within an AS. RIP, OSPF, and EIGRP are examples of IGPs. Exterior gateway protocols are routing protocols that route between autonomous systems. BGP is an example of an EGP.

What are LAN standards?

LAN standards define the physical media and connectors used to connect to the media at the physical layer and the way devices communicate at the data link layer. LAN standards encompass Layers 1 and 2 of the OSI model. Examples of LAN standards are Ethernet and IEEE 802.3.

What are the three ways LAN traffic is transmitted?

LAN traffic is transmitted one of the following three ways: - Unicast: Unicasts are the most common type of LAN traffic. A unicast frame is a frame intended for only one host. - Broadcast: Broadcasts frames intended for everyone. Stations view broadcast frames as public service announcements. All stations receive and process broadcast frames. - Multicast: Multicasts are traffic in which one transmitter tries to reach only a subset, or group, of the entire segment.

What features does LCP offer to PPP encapsulation?

LCP offers authentication, callback, compression, error detection, and multilink to PPP encapsulation.

A host computer has been correctly configured with a static IP address, but the default gateway is incorrect. Which layer of the OSI model is first affected by this misconfiguration?

Layer 3. The default gateway sends IP packets to a remote network and functions at Layer 3 of the OSI model.

WAN Encapsulation Protocols

Leased Line - HDLC, PPP, SLIP Circuit-Switched - HDLC, PPP, SLIP Packet-Switched - X.25, Frame Relay, ATM

What is maximum hop count?

Maximum hop count is a way of dealing with the count-to-infinity problems with looping in routing updates. RIP uses a maximum hop count of 15, so anything that has a hop count of 16 is unreachable. Any time a packet passes through a router, it is considered one hop.

A fundamental concept behind LAN switching is that it provides microsegmentation. What is microsegmentation?

Microsegmentation is a network design (functionality) where each workstation or device on a network gets its own dedicated segment (collision domain) to the switch. Each network device gets the full bandwidth of the segment and does not have to contend or share the segment with other devices. Microsegmentation reduces collisions because each segment is its own collision domain.

When troubleshooting switches, in what layers of the OSI model do problems occur?

Problems occur in Layers 1 and 2.

What organization defines the 802.11 standard?

The IEEE defines the 802.11 standard.

Can a network hub be connected to a switch port in full-duplex mode?

No. Because a hub shares access to the segment, it must connect to a switch port in half-duplex to be able to detect collisions.

In a wireless Infrastructure mode, do wireless clients communicate directly with each other?

No. In Infrastructure mode, all wireless clients communicate with each other through the AP. The AP controls all traffic flow to and from the network.

What features does OSPFv3 add?

Open Shortest Path First version 3 (OSPFv3) is based on the current version of OSPF, which is version 2. Like version 2, OSPFv3 sends Hellos to neighbors, exchanges link-state advertisements (LSA), and exchanges database descriptor (DBD) packets. However, OSPFv3 runs directly over IPv6 and advertises using multicast groups FF02::5 and FF02::06, but uses its link-local address as the source address of its advertisements. FF02::5 is the "all OSPF routers" address, and FF02::06 is the "all OSPF DRs" address.

What is per-destination and per-packet load balancing?

Per-destination load balancing means that the router distributes packets based on the destination address. Per-packet load balancing means that the router sends one packet for one destination over the first path, and the second packet for the same destination over the second path.

The Institute of Electrical and Electronics Engineers (IEEE) defines what two sublayers of the data link layer?

The IEEE defines the following two sublayers of the data link layer: - The Logical Link Control (LLC) sublayer - The Media Access Control (MAC) sublayer These two sublayers provide physical media independence.

What are some of the functions that the SDM wizards allow you to configure?

The SDM wizards allow you to configure the following functions: - Router interfaces - Firewall rules - Intrusion prevention systems (IPS) - VPNs - Quality of service (QoS) - Security audit - 802.1x - Network Admission Control (NAC)

Explain the IPv6 dual stack transition mechanism.

The dual stack transition mechanism is a network interface that is configured with an IPv4 address and an IPv6 address. A host implementing a dual stack is called a dual-stack host.

What are the eight OSPF neighbor states?

The eight OSPF neighbor states are as follows: - Down - Attempt - Init - 2-Way - Exstart - Exchange - Loading - Full

What IOS command enables PPP on a Cisco router serial interface?

The encapsulation ppp interface command, as follows, enables PPP on a Cisco router serial interface: RouterB(config-if)#encapsulation ppp

What provides clocking for a serial line?

The data communications equipment (DCE) provides clocking for a serial line. Examples of DCE devices are a data service unit/channel service unit (DSU/CSU) or another serial interface on a Cisco router configured for clocking.

In Frame Relay, what identifies a virtual circuit?

The data-link connection identifier (DLCI) locally identifies a VC

What IOS command displays RIP routing updates as they are sent?

The debug ip rip command displays routing updates as they are sent and received.

What is ROM Monitor (ROMMON)?

ROM Monitor (ROMMON) is an operating system used for hardware troubleshooting and for password recovery. To enter ROMMON, press Ctrl-Break during router bootup.

What does RFC 1918 define?

RFC 1918 defines reserved (private) networks and addresses that are not routed on the Internet. These addresses are as follows: - 10.0.0.0 to 10.255.255.255 - 172.16.0.0 to 172.31.255.255 - 192.168.0.0 to 192.168.255.255

What is the difference between RIP version 1 and RIP version 2?

RIP version 2 is a classless protocol that supports VLSM and sends its subnet mask in routing updates. RIP version 2 also sends routing updates through multicast. RIPv1 broadcasts updates. RIPv2 also supports manual route summarization and authentication. RIPv1 does not.

How do you configure static routes with IPv6?

Static routing with IPv6 is configured the same way as with IPv4. However, IPv6 has one specific requirement: The router must be able to determine the link-local address of each neighboring router. In other words, do not use a global unicast address as a next-hop address when configuring IPv6 static routes.

What is the difference between STP and UTP cable?

Shielded twisted-pair (STP) cable combines the twisting techniques of UTP, but each pair of wires is wrapped in a metallic foil. The four pairs of wires are then wrapped in a metallic braid or foil. STP reduces electrical noise and EMI. STP is installed with an STP data connector but can also use an RJ-45 connector. An advantage of STP is that it is more resistant to outside interference; a disadvantage is that it is more expensive and difficult to install.

What is route poisoning?

With route poisoning, when a distance vector routing protocol notices that a route is no longer valid, the route is advertised with an infinite metric, signifying that the route is bad. In RIP, a metric of 16 is used to signify infinity. Route poisoning is used with holddowns.

How do you increase the range of a wireless network?

You can increase the range of a wireless network by increasing the power of the wireless radio. For example, to double the range of the network, you increase the power by a factor of 4.

How do you disable a switch port?

You disable a switch port by issuing the shutdown interface command. To reenable the interface, issue the no shutdown command.

As a network administrator, you want to view the current Telnet connections on a router. What command do you issue to view the current connections?

You issue the show sessions privileged command to view the current connections.

What type of cable do you need to connect to a Cisco device's console port?

You need an RJ-45[nd]to[nd]RJ-45 rollover cable. A rollover cable is a cable that has each pin wired to its opposite number at the other end.

What IOS command would you use to issue a switch the host name of BuildingB-Switch?

The hostname BuildingB-Switch privileged IOS command allows you to configure this switch with a host name.

How do you name a Cisco router?

The hostname name global configuration command configures a name on a Cisco router. For example, the following command changes the router's host name to RouterA: Router(config)#hostname RouterA RouterA(config)#

What are the functions of the session layer (Layer 5)? Give some examples.

The session layer is responsible for creating, managing, and ending communication sessions between presentation layer entities. These sessions consist of service requests and responses that develop between applications located on different network devices. Some examples include Structured Query Language (SQL), remote-procedure call (RPC), X Window System, Zone Information Protocol (ZIP), NetBIOS names, and AppleTalk ASP.

How do you configure the default route on a Cisco router?

To configure a default route on a Cisco router, enter the following global configuration command: ip route 0.0.0.0 0.0.0.0 [ip-address-of-the-next-hop -router ? outbound-interface] For example: RouterB(config)#ip route 0.0.0.0 0.0.0.0 172.16.0.2

How do you enable VTP Version 2 on a Catalyst 2960 switch?

To enable VTP Version 2 on a Catalyst switch, use the vtp version version-number global command, as follows: Cat2960(config)#vtp version 2

On a Windows XP computer, what commands do you use to release an IP address obtained from DHCP and request a new address?

To release the IP address: ipconfig /release To request a new address: ipconfig /renew

How do you resume a suspended Telnet session?

To resume a suspended Telnet session, issue the resume session-number privileged command. The session number is the number from the show sessions command that you want to resume.

Cryptography Implementation *In a bridge trust model, each intermediate CA trusts only those CAs that are:* a. Above and below it b. Above it c. Below it d. On the same level

a. *Above and below it* In a bridge trust model, each intermediate CA trusts those CAs that are above and below it.

Operating System and Application Security *What tool is used in Windows to encrypt an entire volume?*

a. *BitLocker* BitLocker provides drive encryption and is available with Windows 7 and Windows Vista.

What two protocols function at the transport layer of the TCP/IP model?

Two protocols that function at the transport layer of the TCP/IP model are as follows: - TCP (Transmission Control Protocol): A connection-oriented, reliable protocol - UDP (User Datagram Protocol): A connectionless and unacknowledged protocol

What are well-known port numbers?

Well-known port numbers are used for fundamental applications on the Internet such as e-mail and DNS. They have a range from 1 to 1023.

Cryptography Basics *Assuming asymmetric encryption, if data is encoded with a value of 5, what would be used to decode it?*

c. *1/5* With asymmetric encryption, two keys are used—one to encode and the other to decode. The two keys are mathematical reciprocals of each other.

Operating System and Application Security *Which filesystem was primarily intended for desktop system use and offers limited security?*

c. *FAT* FAT technology offers limited security options.

Access Control and Identity Management *What is implied at the end of each access control list?*

c. *Implicit deny* An implicit deny clause is implied at the end of each ACL, and it means that if the proviso in question has not been explicitly granted, then it is denied.

*Consider a building with a value of $10,000,000 (AV) of which 75 percent of it is likely to be destroyed by a tornado (EF). The SLE is _______________.* a. $7,500 b. $75,000 c. $750,000 d. $7,500,000

d. *$7,500,000* Consider a building with a value of $10,000,000 (AV) of which 75 percent of it is likely to be destroyed by a tornado (EF). The SLE would be calculated as follows: $7,500,000 = $10,000,000 x 0.75

*Which port does the Post Office Protocol v3 (POP3) use?* a. 22 b. 25 c. 80 d. 110

d. *110* The Post Office Protocol v3 (POP3) uses port 110.

*An Internet Protocol version 4 (IPv4) address is _______________ in length.* a. 64 bits b. 64 bytes c. 32 bytes d. 32 bits

d. *32 bits* An Internet Protocol version 4 (IPv4) address is 32 bits in length, providing about 4.3 billion possible IP address combinations. This no longer is sufficient for the number of devices that are being connected to the Internet.

*Which port does the Microsoft Terminal Server use?* a. 53 b. 143 c. 443 d. 3389

d. *3389* The Microsoft Terminal Server uses port 3389.

Disaster Recovery and Incident Response *With five nines availability, the total amount of downtime allowed per year is:* a. 4.38 hours b. 526 minutes c. 52.65 minutes d. 5.26 minutes

d. *5.26 minutes* With five nines availability, the total amount of downtime allowed per year is 5.26 minutes.

Security and Vulnerability in the Network *Which IEEE standard is often referred to as EAP over LAN?* a. 802.1E b. 802.1Z c. 802.1Y d. 802.1X

d. *802.1X* The IEEE standard 802.1X is often referred to as EAP over LAN. It defines port-based security for wireless network access control.

What is overload NAT?

Overload NAT is another term for Port Address Translation (PAT). It has a many-to-one mapping.

*Kerberos is used to perform what security service?*

*Authentication protection* Kerberos is a third-party authentication service; thus it provides authentication protection. Kerberos can't be used to encrypt files, secure non-authentication communications, or protect data transfer.

How does a router determine the path a packet should take to reach its destination?

A router determines a path a packet should take to reach a destination by picking the best path to the destination. The best path is determined by one of the following methods: - Static routing - Dynamic routing - Default routing

If a sending device does not know the MAC address of the receiving device, what tool is used to find the MAC address?

Address Resolution Protocol (ARP). ARP is a local broadcast sent to all devices on the local segment to find the MAC address of a host.

How often do switches send BPDUs out active ports?

Every 2 seconds by default.

What is administrative distance?

Administrative distance (AD) is an integer from 0 to 255 that rates the trustworthiness of the source of the IP routing information. It is only important when a router learns about a destination route from more than one source. The path with the lowest AD is the one given priority.

What is administrative distance?

Administrative distance (AD) is an integer from 0 to 255 that rates the trustworthiness of the source of the IP routing information. The AD is only important when a router learns about a destination route from more than one source. The path with the lowest AD is the one entered in the routing table.

How do you access SDM on a Cisco router?

After SDM is installed on a router, you can access it by typing the IP address of the router's interface in a web browser. For example, if the router's Fast Ethernet interface IP is 192.168.10.1, you would type https://192.168.10.1.

How do distance vector routing protocols function?

Also known as Bellman-Ford algorithms, distance vector routing protocols pass complete routing tables to neighboring routers. Neighboring routers then combine the received routing table with their own routing tables. Each router receives a routing table from its directly connected neighbor. RIP is the most common distance vector protocol used in today's internetworks.

How can an administrator determine whether a switch has been configured when it is first powered up?

An unconfigured switch goes into the setup dialog box.

What type of route authentication does EIGRP support?

EIGRP supports message digest algorithm 5 (MD5) route authentication.

List four functions of ICMP.

Four functions of ICMP are as follows: - Flow control - Detect unreachable destinations - Redirect routes - Check remote hosts

Can you enable port security on a trunk port?

No. A trunk port is a port configured to trunk multiple VLANs. Only access ports (ports with only one VLAN) can have port security enabled.

What do wireless networks use to communicate to end devices?

Radio frequency (RF) or infrared waves.

What are six ways to configure a Cisco device?

Six ways to configure a Cisco device are as follows: - Console connection - Auxiliary connection (through a modem) - Telnet connection - HTTP/HTTPS connection - Secure Shell (SSH) Connection - CiscoWorks

In EIGRP, what is the advertised distance (AD)?

The AD is the cost between the next-hop router and the destination.

What advantages are offered by LAN segmentation using LAN switches?

The advantages offered by LAN segmentation using LAN switches are as follows: - Collision-free domains from one larger collision domain - Efficient use of bandwidth - Low latency and high frame-forwarding rates at each interface port

What command changes the clock rate of a Cisco interface acting as a DCE to 56 kbps?

The clock rate 56000 command changes the clock rate to 56 kbps.

What type of devices can be VPN gateways?

The following types of devices can be VPN gateways: - Routers - Firewalls - VPN concentrators

What portion of the MAC address is vendor assigned?

The last 24 bits are vendor assigned.

In 802.1Q, what is the native VLAN?

The native VLAN is VLAN1 by default. 802.1Q does not tag the native VLAN across trunk links.

What IOS command enables PPP on a Cisco router serial interface?

To enable PPP encapsulation on a serial interface, enter the encapsulation ppp interface command, as follows: RouterB(config-if)#encapsulation ppp

What IOS command displays the OSPF neighbor information on a per-interface basis?

The show ip ospf neighbor command displays OSPF neighbor information on a per-interface basis, as follows: RouterB# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 172.16.0.1 1 FULL/ - 00:00:31 10.1.1.1 Serial0

What are the three unlicensed wireless bands?

The three unlicensed wireless bands are as follows: - 900 MHz - 2.8 GHz - 5 GHz

What are time-based access lists?

Time-based ACLs are similar to extended access lists, except they control access based on time.

How many DS0s are bundled to create a T1 line?

Twenty-four DS0s are bundled to create a T1 line. One DS0 is 64 kbps.

*Transferring files can be performed using the File Transfer Protocol (FTP), which is a(n) _______________ TCP/IP protocol.* a. unsecure b. secure c. open d. closed

a. *unsecure* Transferring files can be performed using the File Transfer Protocol (FTP), which is an unsecure TCP/IP protocol. FTP is used to connect to an FTP server, much in the same way that HTTP links to a web server.

*Which port does NetBIOS use?* a. 80 b. 139 c. 143 d. 443

b. *139* NetBIOS uses port 139.

*_______________ business partners refers to the start-up relationship between partners.* a. Enrolling b. On-boarding c. Unrolling d. Off-boarding

b.* On-boarding* On-boarding business partners refers to the start-up relationship between partners

*What type of wireless antenna can be used to send or receive signals in any direction?* a. Cantenna b. Yagi c. Rubber duck d. Panel

c. *Rubber duck* A rubber duck antenna is an omnidirectional antenna.

Disaster Recovery and Incident Response *What is another name for working copies?* a. Functional copies b. Running copies c. Operating copies d. Shadow copies

d. *Shadow copies* Working copies are also known as shadow copies.

Cryptography Implementation *Certificate revocation is the process of revoking a certificate before it:*

*Expires* Certificate revocation is the process of revoking a certificate before it expires.

Cryptography Implementation *The mesh trust model is also known as what?*

*Web structure* The mesh trust model is also known as a web structure.

What are the four major categories of physical components of a computer network?

- Personal computers (PCs): Send and receive data and are the endpoints of the network. - Interconnections: The components that provide a means for data to travel across the network. This includes network interface cards (NIC), network media, and connectors. - Switches: Provide network access for the PCs. - Routers: Interconnect networks.

An OSPF-enabled router has the following IP addresses configured on its interfaces: - Ethernet 0: 192.168.9.5 - Serial 0: 172.16.3.1 - Ethernet 1: 192.168.24.1 What is the router ID of the OSPF-enabled router?

192.168.24.1 is the router ID because it is the numerically highest IP address on all interfaces on the router. If the router had a loopback address configured, it would choose the loopback address as the router ID (even if the loopback IP address was numerically lower than other IP addresses configured on the router).

What are the port numbers for FTP?

20 and 21. FTP uses port 20 for data transfer; port 21 is the command port

In an attempt to extend your Ethernet segment you add a 24-port switch. How many collision domains and broadcast domains will you have in the segment with the addition of a switch?

24 collision domains and 1 broadcast domain. Because switches operate at Layer 2 of the OSI model, they can divide the network into different segments, thus creating more collision domains. Each port on a switch creates one collision domain. Also, because a switch operates at Layer 2 of the OSI model, it cannot filter broadcasts. As such, a switched network will have one broadcast domain.

In a Class A network, how many octets are used for host addresses?

3. One octet consists of 8 bits; thus a Class A network reserves 24 bits for host addresses. The maximum number of hosts a Class A network can have is 16,777,214 (224 [ms] 2).

What is the default bridge priority in a BID for all Cisco switches?

32,768.

How many hosts are available for use in a Class B network?

65,534. A Class B network reserves 16 bits for host addresses; thus 216 [ms] 2 = 65,534.

Your CEO wants to know the stability and availability of your company's network for the past year. During the past year, the network was down for 30 minutes. What was the total availability for the network?

99.994%. ([525,600 [ms] 30]/[525,600]) * 100 = 99.994%

In Spanning Tree, what is the bridge ID (BID)?

A BID is an 8-byte field that is composed of the bridge's 6-byte MAC address and a 2-byte bridge priority.

How many vty ports exist on a Catalyst 2960 switch?

A Catalyst 2960 switch has 16 vty ports.

In what two ways does a Cisco router resolve host names to IP addresses?

A Cisco router resolves host names using either a locally configured host table on each router or a Domain Name System (DNS) server.

What are broadcast domains?

A broadcast domain defines a group of devices that receive each other's broadcast messages. As with collisions, the more broadcasts that occur on the network, the slower the network will be. This is because every device that receives a broadcast must process it to see whether the broadcast is intended for that device.

What are collision domains?

A collision domain defines a group of devices connected to the same physical medium. A collision occurs when two packets are sent at the same time and collide with each other. When a collision occurs, a jam signal is sent from a workstation. A collision affects all the machines on the segment, not just the two that collided; when the jam signal is on the wire, no workstations can transmit data. The more collisions that occur in a network, the slower it will be, because the devices must resend the packets that collided.

What is a crossover Ethernet cable, and when would you use it?

A crossover Ethernet cable is a cable that has the send and receive wires crossed at one of the ends. In a Category 5 cable, the 1 and 3 wires are switched and the 2 and 6 wires are switched at one end of the cable. You should use a crossover cable when connecting similar devices (DCE to DCE), such as connecting a router to a router, a switch to a switch or hub, a hub to a hub, or a PC to a PC.

What is a network?

A network is a collection of devices and end systems. Networks consist of computers, servers, and network devices, such as switches and routers, that can communicate with each other.

For VLANs to communicate with each other, what network component is needed?

A router or Layer 3 switch is needed for inter-VLAN communication. It is important to think of a VLAN as a distinct virtual bridge in a switch, with is its own IP subnet and broadcast domain. A network device cannot communicate from one IP subnet to another without a router. The same is true for a VLAN; you cannot communicate from one VLAN to another without a router.

What is a straight-through Ethernet cable, and when would you use it?

A straight-through Ethernet cable is wired the same way at both ends. This cable uses pins 1, 2, 3, and 6. The send and receive wires are not crossed. You should use a straight-through Ethernet cable when connecting dissimilar devices (for example, data terminal equipment [DTE] to data communications equipment [DCE]). Examples include connecting PCs (DTE) to switches or hubs (DCE) or a router (DTE) to a switch or a hub (DCE).

In EIGRP, what is a successor?

A successor is a route selected as the primary route used to reach a destination. It is the route kept in the routing table

How are access lists processed?

Access lists are processed in sequential, logical order, evaluating packets from the top down, one statement at a time. As soon as a match is made, the permit or deny option is applied, and the packet is not applied to any more access list statements. Because of this, the order of the statements within an access list is significant.

After you created an IPv6 tunnel between domain border routers, how do you configure RIPng to route traffic between the two sites?

After the IPv6 tunnel has been created, you need to route traffic between the sites. This can be done statically or by using a routing protocol. The following commands enable RIPng as the routing protocol:Step 1. Globally enable RIPng using the ipv6 router rip process-word command, as follows: ipv6 router rip cisco Step 2. Enable RIPng for the tunnel, as follows: interface tunnel 0 ipv6 rip cisco enable

What VPN parameters can an administrator configure on a Cisco Easy VPN server to be pushed to a Cisco Easy VPN remote client?

An administrator can configure the following parameters: - Internal IP addresses - Internal subnet masks - Dynamic Host Configuration Protocol (DHCP) server addresses - Windows Internet Name Service (WINS) server addresses - Split-tunneling flags

What is Cisco Easy VPN?

Cisco Easy VPN is a cost-effective solution for deploying VPNs that is ideal for remote offices that have little IT support.

How do collisions occur in Ethernet?

Collisions occur on a shared LAN segment when two devices try to communicate at the same time. In a shared Ethernet segment, only one device can transmit on the cable at a time. When two devices try to transmit at the same time, a collision occurs.

In dynamic routing, what is convergence?

Convergence is the time required for routers to react to changes in the network, remove bad routes, and add new routes.

What is convergence?

Convergence is when all routers have consistent knowledge and correct routing tables.

What are WAN data link layer protocols?

Designed to operate over dedicated lines, multipoint services, and multiaccess-switched services such as Frame Relay, data link layer protocols provide the data link layer encapsulations associated with synchronous serial lines. Examples include High-Level Data Link Control (HDLC), PPP, and Frame Relay.

What are link-state protocols? List two common link-state protocols.

Designed to overcome the limitations of distance vector protocols, link-state protocols respond quickly to network changes and send both triggered updates and periodic updates. Link-state protocols create a picture of the internetwork by determining the status of each interface (link) in the internetwork. When the interface goes down, link-state protocols send updates out all other interfaces, informing other routers of the downed link. OSPF and IS-IS are the most common link-state protocols used.

How does EIGRP for IPv6 differ from EIGRP?

Enhanced IGRP (EIGRP) for IPv6 is the same EIGRP protocol as used with IPv4. It uses the same metric but includes a protocol-dependent module for IPv4 and IPv6.

How often are VTP advertisements flooded throughout the management domain?

Every 5 minutes. VTP advertisements are flooded throughout the management domain to a reserved multicast address every 5 minutes or whenever a change occurs in the VLAN configuration.

When configuring a new router for OSPF, you receive the "can't allocate router-id" error message. Additionally, OSPF does not initialize. Why are you getting this error message?

For the OSPF process to initialize, the router must have one interface with a valid IP address in the up/line protocol up state. If an interface is not enabled and no IP address has been assigned, you will receive the "can't allocate router-id" error message.

What is the default encapsulation on a Cisco serial interface?

HDLC.

What is an example of Layer 2 addresses?

MAC addresses.

What is the Point-to-Point Protocol (PPP)?

PPP is an industry-standard protocol that provides router-to-router or router-to-host connections over synchronous and asynchronous links. It can be used to connect WAN links to other vendors' equipment. It works with several network-layer protocols, such as IP and Internetwork Packet Exchange (IPX). PPP provides authentication (which is optional) through Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), or Microsoft CHAP (MS-CHAP).

What types of physical interfaces can you configure PPP on?

Physical interfaces on which you can configure PPP are as follows: - Asynchronous serial - Synchronous serial - High-Speed Serial Interface (HSSI)

Describe the difference between physical network topology and logical network topology.

Physical topologies refer to the physical layout of devices and network media. Logical topologies refer to the logical paths in which data accesses the media and transmits packets across it.

What two utilities test IP connectivity?

Ping and traceroute (tracert). Ping and traceroute are ICMP utilities. ICMP can test only Layer 3 connectivity.

When troubleshooting a switched network, what are some common Layer 1 issues?

Some common Layer 1 issues are as follows: - Bad or damaged wires. - EMI is introduced. - New equipment is installed.

What is the command to configure DLCI 16 on interface s0?

The command to configure DLCI 16 on interface s0 is frame-relay interface-dlci 16.

On a Cisco router what do the following commands do? Router(config)#line console 0 Router(config)#exec-timeout 30 30

The commands set the timeout on the console port to 30 minutes and 30 seconds.

Upon using the ping EXEC command, you receive one of the following responses: . ! ? N U Q What does each of these responses mean?

The following table describes what each character means with the ping command. Character Description . Each period indicates that the network server timed out while waiting for a reply. ! Each exclamation point indicates the receipt of a reply. ? Unknown packet type. N An ICMP unreachable network PDU was received. U A destination unreachable error PDU was received. Q An ICMP source quench was received.

One of your production Catalyst 2960 switches in your switched networked failed. To recover quickly and get your switched network back online, you take a Catalyst switch from your lab with a good VTP configuration and put it in place of the failed Catalyst. You create a trunk link on the lab switch to connect it to the production network. Shortly after you create the trunk link, all your users in your switched network lose network connectivity. You issue the show vlan command from your VTP server and notice that all the VLANs configured on the VTP server are gone. What has happened?

The lab switch with no VLANs configured was set to VTP server mode and had a higher revision number than the configuration revision number of the VTP domain. As a result, the lab switch erased all the VLANs through the VTP domain. The quickest way to recover from this error is to reconfigure all the VLANs on one of the VTP servers. The best way to prevent this issue from occurring is to ensure that all new switches introduced into your switch environment are not only configured with the correct VTP domain information but are also set to client mode.

When users in VLAN 10 are having difficulty connecting to a server in VLAN 20, the connection is very slow. The users are having no problems communicating with each other, only with the server in VLAN 20. As the network administrator, you issue the show interface command on the switch the server is connected to and you see the following: !Output omitted! Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000-TX The server has a Gigabit network card that is set to half-duplex. What is the problem?

The problem lies with a duplex mismatch between the server and the switch. The show interface command shows that the port's duplex is set to full, but when you look at the server's NIC, its duplex setting is half-duplex. A duplex mismatch would cause a slow connection to the server.

,What is the purpose of TCP sequencing?

The purpose of sequencing is to provide reliability by requiring the recipient to acknowledge receipt of a group of segments before a timer expires.

What is required to configure VTP on a Catalyst switch?

The requirements for configuring VTP on a Catalyst switch are as follows: - VTP domain: All switches must be in the same VTP domain. - Optional password: If a password is configured, all switches in the VTP domain must be configured with the same password. Configuring a password is recommended practice. - VTP version: All switches must run the same VTP version. - Trunk link: VTP propagates on trunk links; thus at least one port must be configured as a trunk link.

What are the six types of IP access lists that can be configured on a Cisco router?

The six types of IP access lists are standard, extended, named, dynamic, reflexive, and time-based.

What are the three classes of routing protocols?

The three classes of routing protocols are as follows: - Distance vector - Link-state - Balanced hybrid

What are the three types of IPv6 addresses?

The three types of IPv6 addresses are as follows: - Unicast - Anycast - Multicast

What are the two ways that inter-VLAN communication can be established?

The two ways that inter-VLAN communication can be established are as follows: - Logically: Involves a single connection, called a trunk link, from the switch to a router. The trunk link uses a VLAN protocol to differentiate between VLANs. This configuration is called a "router on a stick." - Physically: Involves a separate physical connection for each VLAN.

Parked across the street with his Pringles-can antenna in hand, a hacker captures wireless data to crack the wireless key on a company's network. Why type of network attack is this?

This is a close-in and passive attack. It is passive because the hacker is monitoring and gathering data. It is also close-in because the hacker had to gain close proximity to the company's wireless network to capture the wireless data.

A hacker monitors traffic on an unencrypted e-business website, and captures consumer login information to the website. What type of attack is this?

This is a passive attack.

What are three current IPv6 transition mechanisms?

Three current IPv6 transition mechanisms are as follows: - Dual stack - Tunneling - Proxying and translation

What are trunk links?

Trunk links allow the switch to carry multiple VLANs across a single link. By default, each port on a switch can belong to only one VLAN. For devices that are in VLANs (that span multiple switches) to talk to other devices in the same VLAN, you must use trunking or have a dedicated port per VLAN.

How do you clear dynamic Frame Relay maps that were created by Inverse ARP?

Use the clear frame-relay-inarp privileged EXEC command to clear dynamic Frame Relay maps created by Inverse ARP.

In the IOS, what is user EXEC mode?

User EXEC mode is the first mode you enter when you log in to the IOS. This mode is limited and is mostly used to view statistics. You cannot change a router's configuration in this mode. By default, the greater-than sign (>) indicates that you are in user mode. This is how the router prompt looks in user mode: Router>

What is VTP?

VLAN Trunking Protocol (VTP) is a Layer 2 messaging protocol that maintains VLAN configuration consistency throughout a common administrative domain by managing VLAN additions, deletions, and name changes across multiple switches. Without VTP, you would have to manually add VLAN information to each switch in the network.

What is the STP blocking state?

When a switch starts, all ports are in the blocking state. This is to prevent any loops in the network. If a better path to the root bridge exists, the port remains in the blocking state. Ports in the blocking state cannot send or receive traffic; however, they can receive BPDUs.

On your Cisco router, you enter the show interface s0 command and notice that the port is administratively down. What does this mean, and how do you fix it?

When an interface is administratively down, it has been shut down manually or was never enabled. To remedy this, enter the interface command no shutdown.

When routing information changes in the routing table, how does EIGRP send updates?

When routing information changes, EIGRP sends update messages to all neighbors, informing them of the change. If EIGRP has to send to multiple neighbors on the same subnet, the update messages are multicast to IP address 224.0.0.10. If sending updates to one router, the messages are unicast to the neighbor.

What two types of context-sensitive help are available in the Cisco IOS?

Word help and command syntax help. Word help uses a question mark and identifies commands that start with a character or sequence of characters. For example, the following router output shows the use of word help for any IOS command that starts with the letters "cl": Router#cl? clear clock Command syntax help is when you use a question mark after a command so that you can see how to complete the command. For example: Router#clock ? set Set the time and date

Disaster Recovery and Incident Response *Which redundancy strategy has one spare part for every component in use?* a. 1+1 b. JWDO c. JIT d. Rollovers

a. *1+1* The redundancy strategy 1+1 has one spare part for every component in use.

On a Windows XP computer, what command can you use to view the IP information assigned to the PC?

ipconfig.

If Inverse ARP is disabled on your router, how do you reenable it?

Inverse ARP is enabled by default on a Cisco router. If it is disabled, reenable it by using the following command: RouterB(config-if)#frame-relay inverse-arp [protocol] [dlci] Supported protocols indicated by the protocol option include ip, ipx, decnet, appletalk, vines, and xns.

As a network administrator, you want to create two VLANs, one named Admin and the other named Sales. What commands create the two VLANs, assigning VLAN ID 10 and 20, respectively, to each VLAN?

Issue the following commands to create the two VLANs: Cat2960(config)#vlan 10 Cat2960(config-vlan)#name Admin Cat2960(config-vlan)#vlan 20 Cat2960(config-vlan)#name Sales

If PPP is enabled on an interface, how do you view the LCP and NCP states of the interface?

Issue the show interface serial interface-number command, as follows, to view LCP and NCP states: RouterA#show int s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10sec) LCP Open Open: IPCP, CDPCP Last input 00:00:02, output 00:00:02, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 (text omitted)

If PPP is enabled on an interface, how do you view the LCP and NCP states of the interface?

Issue the show interface serial interface-number command, as follows, to view LCP and NCP states: RouterA#show interface s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10sec) LCP Open Open: IPCP, CDPCP Last input 00:00:02, output 00:00:02, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 (text omitted)

As system administrator, you want to view how long the switch has been turned up. What command do you issue to view the uptime of the switch?

Issue the show version privileged EXEC command to view the uptime of the switch. In addition to displaying the switch hardware configuration and software version information, the show version command displays switch uptime, switch platform information including RAM, switch serial number, and MAC address. Cat2960#show version Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Fri 28-Jul-06 04:33 by yenanh Image text-base: 0x00003000, data-base: 0x00AA2F34 ROM: Bootstrap program is C2960 boot loader BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)SEE1, RELEASE SOFTWARE (fc1) Cat2960 uptime is 17 hours, 32 minutes System returned to ROM by power-on <text omitted>

*The security service that protects the secrecy of data, information, or resources is known as what?*

*Confidentiality* The security service that protects the secrecy of data, information, or resources is known as confidentiality. Integrity protects the reliability and correctness of data. Authentication verifies the identity of the sender or receiver of a message. Non-repudiation prevents the sender of a message or the perpetrator of an activity from being able to deny that they sent the message or performed the activity.

Measuring and Weighing Risk *Consider the following scenario: The asset value of your company's primary servers is $2 million and they are housed in a single office building in Anderson, Indiana. You have field offices scattered throughout the United States, so the servers in the main office account for approximately half the business. Tornados in this part of the country are not uncommon, and it is estimated one will level the building every 60 years.* *Which of the following is the SLE for this scenario?*

*$1 million* SLE (single loss expectancy) is equal to asset value (AV) times exposure factor (EF). In this case, asset value is $2 million and exposure factor is 1/2.

Measuring and Weighing Risk *Refer to the scenario in question 2. Which of the following is the ALE for this scenario?*

*$16,666.67* ALE (annual loss expectancy) is equal to SLE times the annualized rate of occurrence. In this case, SLE is $1 million and the ARO is 1/60.

Measuring and Weighing Risk *If you calculate SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is:*

*$40,000* If you calculate SLE to be $4,000 and that there will be 10 occurrences a year (ARO), then the ALE is $40,000 ($4,000 × 10).

Measuring and Weighing Risk *If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE?*

*$6,250* If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then the ALE is $6,250 ($25,000 × .25).

Cryptography Implementation *The process of requiring interoperability is called:*

*Cross certification* The process of requiring interoperability is called cross certification.

Cryptography Implementation *Which of the following is not one of the four main types of trust models used with PKI?*

*Custom* The four main types of trust models used with PKI are hierarchical, bridge, mesh, and hybrid. Custom is not one of the main PKI trust models.

*Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network?* a. Intranet b. DMZ c. Extranet d. Switch

*DMZ* A DMZ provides a network segment where publicly accessible servers can be deployed without compromising the security of the private network.

Measuring and Weighing Risk *Refer to the scenario in question 2. Which of the following is the ARO for this scenario?*

*0.0167* ARO (annualized rate of occurrence) is the frequency (in number of years) the event can be expected to happen. In this case, ARO is 1/60 or 0.0167.

Infrastructure and Connectivity *Which ports are, by default, reserved for use by FTP? (Choose all that apply.)*

*20 and 21 TCP* FTP uses TCP ports 20 and 21. FTP does not use UDP ports.

Infrastructure and Connectivity *How many bits are used for addressing with IPv4 and IPv6, respectively?*

*32, 128* IPv4 uses 32 bits for the host address, while IPv6 uses 128 bits for this.

*LDAP operates over what TCP ports?*

*636 and 389* LDAP operates over TCP ports 636 and 389. POP3 and SMTP operate over TCP ports 110 and 25, respectively. TLS operates over TCP ports 443 and 80 (SSL operates only over TCP port 443; HTTP operates over TCP port 80). FTP operates over TCP ports 20 and 21.

Measuring and Weighing Risk *Which of the following policies describes how the employees in an organization can use company systems and resources, both software and hardware?*

*Acceptable use* The acceptable use policies describe how the employees in an organization can use company systems and resources, both software and hardware.

Measuring and Weighing Risk *Which of the following policy statements should address who is responsible for ensuring that it is enforced?*

*Accountability* The accountability policy statement should address who is responsible for ensuring that it is enforced.

*Which of the following is a description of a key-stretching technique?*

*Adding iterative computations that increase the effort involved in creating the improved result* Often, key stretching involves adding iterative computations that increase the effort involved in creating the improved key result, usually by several orders of magnitude. Salting input before hashing is a means to increase password security against brute-force attacks. Generating a random number and then using a trapdoor one-way function to derive a related key is the process of creating an asymmetric key pair set. Using a challenge-response dialogue is the basis of CHAP authentication.

*Diffie-Hellman is what type of cryptographic system?*

*Asymmetric* Diffie-Hellman is an asymmetric cryptographic system. The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are examples of symmetric cryptography. Message Digest 5 (MD5) and Secure Hash Algorithm version 1 (SHA-1) are examples of hashing. Certificate authorities issue certificates based on an implemented Public Key Infrastructure (PKI) solution.

Measuring and Weighing Risk *The risk-assessment component, in conjunction with the ________, provides the organization with an accurate picture of the situation facing it.*

*BIA* The risk-assessment component, in conjunction with the BIA (Business Impact Analysis), provides the organization with an accurate picture of the situation facing it.

*From a private corporate perspective, which of the following is most secure?*

*Centralized key management* Centralized key management is more secure, or at least more desirable, from a private corporate perspective. From a public or individual perspective, decentralized key management is more secure. Individual and distributed key management are nonstandard terms that could be used to refer to decentralized key management.

Cryptography Implementation *Public Key Infrastructure (PKI) is a first attempt to provide all the aspects of security to messages and transactions that have been previously discussed. It contains four components including:*

*Certificate Authority (CA), Registration Authority (RA), RSA, and digital certificates* Public Key Infrastructure (PKI) contains four components: certificate authority (CA), registration authority (RA), RSA, and digital certificates.

Cryptography Implementation *A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing:*

*Certificates* A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.

Measuring and Weighing Risk *Which of the following is the structured approach that is followed to secure the company's assets?*

*Change management* Change management is the structured approach that is followed to secure the company's assets.

Measuring and Weighing Risk *Separation of duties helps prevent an individual from embezzling money from a company. To successfully embezzle funds, an individual would need to recruit others to commit an act of ________ (an agreement between two or more parties established for the purpose of committing deception or fraud).*

*Collusion* Collusion is an agreement between two or more parties established for the purpose of committing deception or fraud. Collusion, when part of a crime, is also a criminal act in and of itself.

*Which of the following is most directly associated with providing or supporting perfect forward secrecy?*

*ECDHE* Elliptic Curve Diffie-Hellman Ephemeral or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE) implements perfect forward secrecy through the use of elliptic curve cryptography (ECC). PBKDF2 is an example of a key-stretching technology not directly supporting perfect forward secrecy. HMAC is a hashing function. OCSP is used to check for certificate revocation.

*A network-based IDS is not suitable for detecting or protecting against which of the following?* a. Email spoofing b. Denial-of-service attacks c. Attacks against the network d. Attacks against an environment that produces significant traffic

*Email spoofing* Network-based IDSs aren't suitable for protecting against email spoofing.

Measuring and Weighing Risk *Which of the following policy statements may include an escalation contact, in the event that the person dealing with a situation needs to know whom to contact?*

*Exception* The exception policy statement may include an escalation contact, in the event that the person dealing with a situation needs to know whom to contact.

Measuring and Weighing Risk *What is the term used for events that mistakenly were flagged and aren't truly events to be concerned with?*

*False positives* False positives are events that mistakenly were flagged and aren't truly events to be concerned with.

Cryptography Implementation *A registration authority (RA) can do all the following except:*

*Give recommendations* A registration authority (RA) can distribute keys, accept registrations for the CA, and validate identities. It cannot give recommendations.

Cryptography Implementation *Which of the following refers to the ability to manage individual resources in the CA network?*

*Granularity* Granularity refers to the ability to manage individual resources in the CA network.

Measuring and Weighing Risk *You're the chief security contact for MTS. One of your primary tasks is to document everything related to security and create a manual that can be used to manage the company in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task?*

*Guidelines* Guidelines help clarify processes to maintain standards. Guidelines tend to be less formal than policies or standards.

Infrastructure and Connectivity *Which protocol is primarily used for network maintenance and destination information?*

*ICMP* ICMP is used for destination and error reporting functions in TCP/IP. ICMP is routable and is used by programs such as Ping and Traceroute.

Infrastructure and Connectivity *You're the administrator for Mercury Technical. A check of protocols in use on your server brings up one that you weren't aware was in use; you suspect that someone in HR is using it to send messages to multiple recipients. Which of the following protocols is used for group messages or multicast messaging?*

*IGMP* IGMP is used for group messaging and multicasting. IGMP maintains a list of systems that belong to a message group. When a message is sent to a particular group, each system receives an individual copy.

Infrastructure and Connectivity *You're explaining protocols to a junior administrator shortly before you leave for vacation. The topic of Internet mail applications comes up, and you explain how communications are done now as well as how you expect them to be done in the future. Which of the following protocols is becoming the newest standard for Internet mail applications?*

*IMAP* IMAP is becoming the most popular standard for email clients and is replacing POP protocols for mail systems. IMAP allows mail to be forwarded and stored in information areas called stores.

Infrastructure and Connectivity *A socket is a combination of which components?*

*IP and port number* A socket is a combination of IP address and port number. The socket identifies which application will respond to the network request.

Infrastructure and Connectivity *You've been given notice that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't a tunneling protocol but is probably used at your site by tunneling protocols for network security?*

*IPSec* IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security.

Infrastructure and Connectivity *IPv6, in addition to having more bits allocated for each host address, also has mandatory requirements built in for which security protocol?*

*IPSec* The implementation of IPSec is mandatory with IPv6. While it is widely implemented with IPv4, it is not a requirement.

Cryptography Implementation *A Certificate Practice Statement (CPS) is a detailed statement the CA uses to issue certificates and ______ of the CA.*

*Implement policies* A Certificate Practice Statement (CPS) is a detailed statement the CA uses to issue certificates and implement policies of the CA.

Cryptography Implementation *Key destruction is the process of destroying keys that have become:*

*Invalid* Key destruction is the process of destroying keys that have become invalid.

*Which of the following is not true in regards to NoSQL?*

*It is a relational database* NoSQL is not a relational database structure. NoSQL can support SQL expressions, supports hierarchies or multilevel nesting/referencing, and does not support ACID.

*When should a key or certificate be renewed?*

*Just before it expires* Keys and certificates should be renewed just before they expire. All the other choices are incorrect.

*Digital signatures can be created using all but which of the following?*

*Key escrow* Key escrow isn't used in digital signatures, but it's a fault-tolerance feature of certificate and key management. Asymmetric and symmetric cryptography along with hashing are used in digital signatures.

Cryptography Implementation *Key management includes all of the following stages/areas except:*

*Key locking* Key management includes centralized versus decentralized key generation, key storage and distribution, key escrow, and key expiration. Key locking is not a part of key management.

Cryptography Implementation *The primary difference between an RA and _____ is that the latter can be used to identify or establish the identity of an individual.*

*LRA* The primary difference between an RA and LRA is that the LRA can be used to identify or establish the identity of an individual.

Measuring and Weighing Risk *Which of the following policies should be used when assigning permissions, giving users only the permissions they need to do their work and no more?*

*Least privilege* The principle of least privilege should be used when assigning permissions. Give users only the permissions they need to do their work and no more.

Infrastructure and Connectivity *Which of the following can be implemented as a software or hardware solution and is usually associated with a device—a router, a firewall, NAT, and so on—and used to shift a load from one device to another?*

*Load balancer* A load balancer can be implemented as a software or hardware solution, and is usually associated with a device—a router, a firewall, NAT, and so on. As the name implies, it is used to shift a load from one device to another.

*Which of the following is not a benefit of single sign-on?*

*More granular access control* Single sign-on doesn't address access control and therefore doesn't provide granular or nongranular access control. Single sign-on provides the benefits of the ability to browse multiple systems, fewer credentials to memorize, and the use of stronger passwords.

*In a MAC environment, when a user has clearance for assets but is still unable to access those assets, what other security feature is in force?*

*Need to know* Need to know is the MAC environment's granular access-control method. The principle of least privilege is the DAC environment's concept of granular access control. Privacy and SLAs aren't forms of access control.

Infrastructure and Connectivity *What protocol, running on top of TCP/IP, is often used for name registration and resolution with Windows-based clients?*

*NetBIOS* NetBIOS is used for name resolution and registration in Windows-based environments. It runs on top of TCP/IP.

*Which is the strongest form of password?*

*One-time use* A one-time password is always the strongest form of password. A static password is always the weakest form of password. Passwords with more than eight characters and those that use different types of keyboard characters are usually strong, but these factors alone are unable to indicate their strength.

*The most commonly overlooked aspect of mobile phone eavesdropping is related to _____.*

*Overhearing conversations* The most commonly overlooked aspect of mobile phone eavesdropping is related to people in the vicinity overhearing conversations (at least one side of them). Organizations frequently consider and address issues of wireless networking, storage device encryption, and screen locks.

Infrastructure and Connectivity *Which device is used to connect voice, data, pagers, networks, and almost any other conceivable application into a single telecommunications system?*

*PBX* Many modern PBX (private branch exchange) systems integrate voice and data onto a single data connection to your phone service provider. In some cases, this allows an overall reduction in cost of operations. These connections are made using existing network connections such as a T1 or T3 network.

Infrastructure and Connectivity *Most of the sales force have been told that they should no longer report to the office on a daily basis. From now on, they're to spend the majority of their time on the road calling on customers. Each member of the sales force has been issued a laptop computer and told to connect to the network nightly through a dial-up connection. Which of the following protocols is widely used today as a transport protocol for Internet dial-up connections?*

*PPP* PPP can pass multiple protocols and is widely used today as a transport protocol for dial-up connections.

Infrastructure and Connectivity *Which protocol is unsuitable for WAN VPN connections?*

*PPP* PPP provides no security, and all activities are unsecure. PPP is primarily intended for dial-up connections and should never be used for VPN connections.

Cryptography Implementation *In a bridge trust model, a ______ to ______ relationship exists between the root CAs.*

*Peer, peer* In a bridge trust model, a peer-to-peer relationship exists between the root CAs.

Infrastructure and Connectivity *Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function?*

*Prevents unauthorized packets from entering the network* Packet filters prevent unauthorized packets from entering or leaving a network. Packet filters are a type of firewall that blocks specified port traffic.

Protecting Networks *In order for network monitoring to work properly, you need a PC and a network card running in what mode?*

*Promiscuous* In order for network monitoring to work properly, you need a PC and a network card running in promiscuous mode.

*When a subject or end user requests a certificate, they must provide which of the following items? (Choose all that apply.)*

*Proof of identity* *A public key* Proof of identity and the subject's public key must be provided to the CA when the subject requests a certificate. The private key should never be revealed to anyone, not even the CA. A hardware storage device is used after a key or certificate has been issued, not as part of the requesting process.

*Certificates have what single purpose?*

*Proving identity* Certificates have the single purpose of proving identity. They don't prove quality or provide encryption security, and they aren't used to exchange encryption keys.

*Which of the following technologies can be used to add an additional layer of protection between a directory services-based network and remote clients?*

*RADIUS* RADIUS is a centralized authentication solution that adds an additional layer of security between a network and remote clients. SMTP is the email-forwarding protocol used on the Internet and intranets. PGP is a security solution for email. VLANs are created by switches to logically divide a network into subnets.

*What method of access control is best suited for environments with a high rate of employee turnover?*

*RBAC* Role-based access control (RBAC) is best suited for environments with a high rate of employee turnover because access is defined against static job descriptions rather than transitive user accounts (DAC and ACL) or assigned clearances (MAC).

Measuring and Weighing Risk *Which of the following strategies necessitates an identified risk that those involved understand the potential cost/damage and agree to accept?*

*Risk acceptance* Risk acceptance necessitates an identified risk that those involved understand the potential cost/damage and agree to accept.

Measuring and Weighing Risk *Which of the following strategies involves identifying a risk and making the decision to no longer engage in the action?*

*Risk avoidance* Risk avoidance involves identifying a risk and making the decision to no longer engage in the actions associated with that risk.

Measuring and Weighing Risk *Which of the following strategies involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you?*

*Risk deterrence* Risk deterrence involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you.

Measuring and Weighing Risk *Which of the following strategies is accomplished anytime you take steps to reduce the risk?*

*Risk mitigation* Risk mitigation is accomplished anytime you take steps to reduce the risk.

Measuring and Weighing Risk *Which of the following strategies involves sharing some of the burden of the risk with someone else such as an insurance company?*

*Risk transference* Risk transference involves sharing some of the burden of the risk with someone else such as an insurance company.

Infrastructure and Connectivity *Which of the following devices is the most capable of providing infrastructure security?*

*Router* Routers can be configured in many instances to act as packet-filtering firewalls. When configured properly, they can prevent unauthorized ports from being opened.

Infrastructure and Connectivity *Which device stores information about destinations in a network?*

*Router* Routers store information about network destinations in routing tables. Routing tables contain information about known hosts on both sides of the router.

*What mechanism is used to support the exchange of authentication and authorization details between systems, services, and devices?*

*SAML* SAML is an open standard data format based on XML for the purpose of supporting the exchange of authentication and authorization details between systems, services, and devices. A biometric is an authentication factor, not a means of exchanging authentication information. Two-factor authentication is the use of two authentication factors. LDAP is a protocol used by directory services, not directly related to authentication.

Infrastructure and Connectivity *Which of the following services use only TCP ports and not UDP? (Choose all that apply.)*

*SFTP* SFTP uses only TCP ports. IMAP, LDAP, and FTPS all use both TCP and UDP ports.

Infrastructure and Connectivity *Which service(s), by default, use TCP and UDP port 22? (Choose all that apply.)*

*SSH* *SCP* Port 22 is used by both SSH and SCP with TCP and UDP.

*In order to ensure that whole-drive encryption provides the best security possible, which of the following should not be performed?*

*Screen lock the system overnight.* An attack can steal the encryption key from memory, so systems with whole-drive encryption that are only screen-locked are vulnerable. Requiring a boot password, locking the system, and powering down ensure the protection of whole drive encryption.

Measuring and Weighing Risk *Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an organization?* a. Separation of duties b. Acceptable use c. Least privilege d. Physical access control

*Separation of duties* The separation of duties policies are designed to reduce the risk of fraud and prevent other losses in an organization.

*Federation is a means to accomplish _____.*

*Single sign-on* Federation or federated identity is a means of linking a subject's accounts from several sites, services, or entities in a single account. Thus it is a means to accomplish single sign-on. Accountability logging is used to relate digital activities to humans. ACL verification is a means to verify that correct permissions are assigned to subjects. Trusted OS hardening is the removal of unneeded components and securing the remaining elements.

*Which of the following is an example of a Type 2 authentication factor?*

*Something you have, such as a smart card, an ATM card, a token device, or a memory card* A Type 2 authentication factor is something you have. This could be a smart card, an ATM card, a token device, or a memory card.

Infrastructure and Connectivity *As more and more clients have been added to your network, the efficiency of the network has decreased significantly. You're preparing a budget for next year, and you specifically want to address this problem. Which of the following devices acts primarily as a tool to improve network efficiency?*

*Switch* Switches create virtual circuits between systems in a network. These virtual circuits are somewhat private and reduce network traffic when used.

Infrastructure and Connectivity *Which of the following are multiport devices that improve network efficiency?*

*Switches* Switches are multiport devices that improve network efficiency. A switch typically has a small amount of information about systems in a network.

Cryptography Implementation *A hierarchical trust model is also known as a:*

*Tree* A hierarchical trust model is also known as a tree.

*Which of the following symmetric-encryption algorithms offers the strength of 168-bit keys?*

*Triple DES* Triple DES (3DES) offers the strength of 168-bit keys. The Data Encryption Standard (DES) offers the strength of 56-bit keys. The Advanced Encryption Standard (AES) offers the strength of 128-, 192-, or 256-bit keys. The International Data Encryption Algorithm (IDEA) offers the strength of 128-bit keys.

What is a TCP window?

A TCP window is the amount of data that can be sent before an acknowledgment is required.

Protecting Networks *Which Linux utility can show if there is more than one set of documentation on the system for a command you are trying to find information on?*

*Whatis* In Linux, the whatis utility can show if there is more than one set of documentation on the system for a command you are trying to find information on.

Security and Vulnerability in the Network *In which type of testing do you begin with the premise that the attacker has inside knowledge of the network?*

*White box* With white box testing, you begin with the premise that the attacker has inside knowledge of the network.

*Which security stance will be most successful at preventing malicious software execution?*

*Whitelisting* Whitelisting is a security option that prohibits unauthorized software from being able to execute. Whitelisting is also known as deny by default or implicit deny. Blacklisting, also known as deny by exception or allow by default, is the least successful means of preventing malware execution.

Cryptography Implementation *The most popular certificate used is version 3 of:*

*X.509* The most popular certificate used is version 3 of X.509.

In an attempt to extend your Ethernet segment, you add a 24-port hub. How many collision domains will you have in the segment with the addition of the hub?

1. A hub only extends the network segment, and all devices share the same segment bandwidth. As a result, a hub does not create more collision domains.

What is the maximum cable length for STP?

100 meters or 328 feet.

What is the maximum cable length for UTP?

100 meters or 328 feet.

If you have eight routers on an Ethernet network and you establish adjacencies with only the DR and BDR, how many circuits will you have?

14. The formula for calculating the number of circuits (adjacencies or connections) needed to establish adjacencies with the DR and BDR is 2(n[ms]1), where n is the number of routers in the network. So, if you have eight routers in a network, 2(8[ms]1) = 14 adjacencies.

What is the default bandwidth of a serial interface on a Cisco router?

1544 kbps.

How many hosts are available for use in a Class C network?

254. A Class C network reserves 8 bits for host addresses. Thus 28 [ms] 2 = 254.

How many usable IP addresses are provided in a Class C network address?

254. The default subnet mask for a Class C address is 255.255.255.0, or /24. This means that 24 bits are used for the network number and 8 bits are reserved for hosts. 28 = 256. However, because two addresses are reserved for the network address and broadcast address, the amount of usable IP addresses is 254. The formula to calculate usable IP addresses is 2n[ms]2, where n is the number of host bits.

Your ISP has given you the IP network address of 172.16.0.0/16. You have 18 networks, each with 1200 hosts. You want to assign one IP range per network, leaving room for future growth. What subnet mask would best achieve your goals?

255.255.248.0.

You are the network administrator, and your company has a Class C network license. Your company wants to segment the network and requires 5 usable subnets, each capable of accommodating at least 20 hosts. Which subnet mask should you use?

255.255.255.224 uses 3 subnet bits and provides 6 usable subnets (23 [ms] 2 = 6). This leaves 5 bits for hosts, which gives you 30 usable addresses (25 [ms] 2 = 30).

If an IP wants to communicate with all devices on the local network, what is the destination IP address of its broadcast?

255.255.255.255. This address is also called the local broadcast address.

How many bits are in an Ethernet address?

48. Also called a MAC address, an Ethernet address is the Layer 2 address associated with the Ethernet network adapter. Typically burned into the adapter, the MAC address is usually displayed in a hexadecimal format, such as 00-0d-65-ac-50-7f.

What is the default amount of time a port takes to transition from blocking to forwarding in STP?

50 seconds. It takes 20 seconds for the max age to expire, 15 seconds for listening, and 15 seconds for learning.

What is the port number for TFTP?

69.

What is a data-link connection identifier (DLCI)?

A DLCI is a number that identifies the logical circuit between the router and the Frame Relay switch. It is the Frame Relay Layer 2 address. The Frame Relay switch maps DLCIs between each pair of routers to create a PVC. For IP devices at the end of each virtual circuit to communicate, their IP addresses need to be mapped to DLCIs. Mapping DLCIs is done automatically using Inverse ARP. DLCIs have local significance. Think of DLCIs as the MAC address of the Frame Relay network.

What is a LAN segment?

A LAN segment is a network connection made by a single unbroken network cable. Segments are limited by physical distance because, after a certain distance, the data transmission becomes degraded because of line noise and the reduction of signal strength.

How many channels (time slots) are in a full point-to-point or Frame Relay T1 line?

A T1 line has 24 channel, or time slots. Each channel is 64 kbps. This information is useful because not all companies buy a full T1 line. Internet service providers (ISP) might offer fractional T1 lines that are less expensive than a full T1; this can be an option for branch offices that do not require a full T1. When configuring a router for a fractional T1, you need to configure the proper time slots on the CSU/DSU. If the CSU/DSU is internal to the router (a WAN interface card [WIC]), you configure the time slots in the serial interface of the router. If the CSU/DSU is external, you need to configure the external device. The default configuration on a Cisco interface is a full T1 (all 24 channels).

What is a Virtual Private Network (VPN)?

A VPN is an encrypted connection between private networks over a public network such as the Internet. VPNs encrypt the traffic between connections to ensure that the traffic stays private. VPNs use virtual connections routed through the Internet to form a private network of the company to the remote site or employee host.

What is the difference between a routed and a routing protocol.

A routed protocol is a protocol suite that provides the information in its network layer to allow a packet to direct traffic and defines the use of fields within a packet. Examples of routed protocols are IP, Internetwork Packet Exchange (IPX), and DECnet. A routing protocol finds routes in an internetwork, exchanges routing tables, and maintains route awareness. Routing protocols determine how routed protocols are routed. Routing Information Protocol (RIP), Enhanced IGRP (EIGRP), Intermediate System[nd]to[nd]Intermediate System (IS-IS), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP) are examples of routing protocols.

What is a routing metric?

A routing metric is a factor that determines the desirability of a route. A router uses the metric to determine the best or optimal path to which network traffic should be forwarded.

What is a socket?

A socket is an IP address combined with a TCP or UDP port number. When a host wants to talk to another host, it sends its IP address along with the application (port number) it wants to communicate with. For example, if host 192.168.0.3 wants to talk to host 192.168.0.2 by e-mail, host 192.168.0.3 sends its IP address and destination port number (192.168.0.3:1023) to host 192.168.0.2 with the port number it wants to communicate with (192.168.0.2:25).

What can cause a switch to enter setup mode?

A switch enters setup mode if any of the following occur: - The switch is a new switch, with no previous configuration. - No configuration is stored in NVRAM. - The setup command was issued from the privileged mode prompt.

What is VTP server mode?

A switch in VTP server mode can add, delete, and modify VLANs and other configuration parameters for the entire VTP domain. It is the default mode for all Catalyst switches. VLAN configurations are saved in NVRAM. When you change VLAN configuration in server mode, the change is dynamically propagated to all switches in the VTP domain.

What is the size of an ATM cell?

AN ATM cell is 53 bytes. This includes a 5-byte header and 48 bytes of payload.

Define access attacks.

Access attacks exploit known web services, databases, operating systems, and authentication services.

In wireless LANs (WLANs), what distributes the wireless signal?

Access points (AP) or a wireless hub. APs or wireless hubs distribute the wireless signal, and nodes receive the wireless signal through a wireless adapter card.

How do access points broadcast the name of their SSID?

Access points broadcast the name of their SSID through beacons. Beacons are a broadcast that the access point sends out in all directions to announce the services it offers. Beacons are also used to logically separate WLANs.

Router A is running EIGRP and has four paths to network 192.168.100.0. All four paths have the same cost. Which path will Router A choose to route to network 192.168.100.0?

All four paths. By default, EIGRP can load-balance up to four equal-cost routes. This is called equal-cost load balancing. Because EIGRP has four equal-cost paths to network 192.168.100.0, all paths are included in Router A's routing table.

What is a VTP domain?

Also called a VLAN management domain, a VTP domain is one or more interconnected switches that share the same VTP environment. A switch can be in only one VTP domain, and all VLAN information is propagated to all switches in the same VTP domain.

How do distance vector routing protocols function?

Also known as Bellman-Ford algorithms, distance vector routing protocols pass complete routing tables to neighboring routers. Neighboring routers then combine the received routing table with their own routing table. Each router receives a routing table from its directly connected neighbor.

What are triggered updates?

Also known as flash updates, triggered updates are routing updates sent immediately out a router interface when it notices that a directly connected subnet has changed state.

What is the Cisco Catalyst fragment-free switching method?

Also known as modified cut-through, fragment-free switching checks the first 64 bytes before forwarding the frame. If the frame is less than 64 bytes, the switch discards the frame. Ethernet specifications state that collisions should be detected during the first 64 bytes of the frame. By reading the first 64 bytes of the frame, the switch can filter most collisions, although late collisions are still possible.

What is a default route?

Also known as the gateway of last resort, a default route is a special type of static route with an all-0s network and network mask. The default route directs any packets for which a next hop is not specifically listed in the routing table. By default, if a router receives a packet to a destination network that is not in its routing table, it drops the packet. When a default route is specified, the router does not drop the packet. Instead, it forwards the packet to the IP address specified in the default route.

In the OSI model, what are the responsibilities of the presentation layer (Layer 6)? Give some examples of this layer

Also known as the translator, the presentation layer provides coding and conversion functions to application layer data. This guarantees that the application layer on one system can read data transferred from the application layer of a different system. Some examples of the presentation layer are as follows: - Compression, decompression, and encryption - JPEG, TIFF, GIF, PICT, QuickTime, MPEG, EBCDIC, and ASCII file types

As a network administrator, you think your network is having some Spanning Tree issues. What commands can you use on the Catalyst 2960 switch to troubleshoot Spanning Tree?

Although many commands are available to troubleshoot Spanning Tree, the ones required to know for the ICND2 exam are as follows: - show spanning-tree: Displays the root ID, bridge ID, and priority time for all VLANs in STP - show spanning-tree vlan vlan-id: Displays STP information for a specific VLAN - debug spanning-tree: Verifies receipt of BPDUs and troubleshoots other spanning-tree errors

What is an IPv6 multicast address?

An IPv6 multicast address identifies a set of devices called a multicast group. It has a one-to-many mapping and also replaces IPv4 broadcast addresses.

What is an IPv6 unicast address?

An IPv6 unicast address is an address that identifies a single device. It has a one-to-one mapping. Unicast addresses include global, link local, unique local, and compatible.

An OSPF router has the OSPF priority set to 0. What does this mean?

An OSPF priority setting of 0 means that the router can never become a DR.

As a network administrator, you enabled OSPF in all routers on your network. However, one of the routers in your network is not receiving the routing table. You issue the show ip ospf neighbor command and you see an "ospf-4-badlsa type error" message. Why is the router getting this error?

An "ospf-4-badlsa type error" message indicates that the OSPF packet (LSA) is being corrupted by Layer 2 (the interface) or the software.

What is an autonomous system (AS)?

An AS is a network under a common administration or domain.

What type of data can an ATM network transfer?

An ATM network can transfer voice, video, and data. ATM uses a cell-switched network, and the cells that transfer voice, video, and data are always a fixed size of 53 bytes.

An OSPF router has its AuType set to 1. What does this mean?

An AuType of 1 means that the OSPF interface is configured of plain-text authentication. The three AuTypes are as follows: - AuType 0: Null - AuType 1: Plain-text authentication - AuType 2: MD5 authentication

An IP address is a hierarchical address that consists of what two parts?

An IP address is a hierarchical address that consists of the following two parts: - Network ID: Describes the network to which the IP address or device belongs - Host ID: The ID that identifies a specific host

What is an IP address used for?

An IP address uniquely identifies a device on an IP network.

How many network bits are in an IPv6 address?

An IPv6 address is 128 bits long and is represented in eight 16-bit hexadecimal segments. An example of an IPv6 address is as follows: 2001:0D02:0000:0000:0000:C003:0001:F00D

What is an IPv6 anycast address?

An IPv6 anycast address is an address that represents a service instead of a device. Anycast addresses have a one-to-nearest mapping.

What are the three ways an IPv6 host can be assigned an address?

An IPv6 host can be assigned an address statically, with stateless autoconfiguration, or by Dynamic Host Configuration Protocol version 6 (DHCPv6). The last 64 bits of an IPv6 address are always the host portion of the address.

What is an SSL VPN or WebVPN?

An SSL VPN or WebVPN provides remote-access connectivity from almost any Internet-enabled location using a web browser and its native Secure Socket Layer (SSL) encryption. A WebVPN does not require client software to be installed on the endpoint host. Because no client software is needed, WebVPNs allow an organization to extend secure remote access to almost any Internet-enabled host.

Create an access list that permits only Telnet traffic from network 192.168.10.0 255.255.255.0 to connect to a Cisco device.

An access list that permits only Telnet traffic from network 192.168.10.0 255.255.255.0 is as follows: SwitchA(config)#access list 10 permit ip 192.168.10.0 0.0.0.255 SwitchA(config)#line vty 0 15 SwitchA(config-if)#access-class 10 in This applies the access list to telnet ports

A Cisco 2950 switch is configured with all ports assigned to VLAN 10. What is the effect of adding switch ports to a new VLAN on this switch?

An additional broadcast domain is created. Because you are adding switch ports to a new VLAN, you are in effect creating a new broadcast domain on the switch.

In RSTP, what is an edge port?

An edge port is a port that is directly connected to end stations. Because directly connected end stations cannot create bridging loops in the network, an edge port directly transitions to the forwarding state, skipping the listening and learning states. Edge ports are configured using the spanning-tree portfast interface command.

What is Frame Relay?

An industry standard, Frame Relay is a switched data link layer protocol that uses virtual circuits to identify the traffic that belongs to certain routers. It provides dynamic bandwidth allocation and congestion control.

How much overlap is recommended between ESA cells?

An overlap of 10 to 15 percent is recommended. When an AP does not have a large enough BSA, another AP can be added (with a different channel) to extend the service area (ESA). ESAs should have a 10 to 15 percent overlap to allow wireless clients to roam without losing connection to the wireless network.

What must occur before a client can send and receive data through an access point?

Authentication and association of the client with the AP must occur before a client can send and receive data through an access point.

Security-Related Policies and Procedures *Which audits help ensure that procedures and communications methods are working properly in the event of a problem or issue?* a. Communication b. Escalation c. Selection d. Preference

B. *Escalation* Escalation audits help ensure that procedures and communications methods are working properly in the event of a problem or issue.

What happens when you segment the network with hubs/repeaters?

Because hubs and repeaters operate at the physical layer of the OSI model, segmenting a network with these devices appears as an extension to the physical cable. Hubs and repeaters are transparent to devices; they are unintelligent devices. All devices that connect to a hub/repeater share the same bandwidth. Hubs/repeaters create a single broadcast and collision domain.

What is balanced hybrid routing? Describe one balanced hybrid routing protocol.

Balanced hybrid routing protocols combine aspects of distance vector and link-state protocols. Balanced hybrid routing protocols use distance vectors that are more accurate to determine the best path to a destination network and use topology changes to trigger routing updates. Enhanced IGRP (EIRGP) is a balanced hybrid protocol that is Cisco proprietary.

By default, what does EIGRP use for calculating routes?

Bandwidth and delay. By default, bandwidth and delay are used by EIGRP to calculate its metric. EIGRP can also be configured to use reliability, load, and maximum transmission unit (MTU). The metric of EIGRP is the metric of IGRP multiplied by 256 for improved granularity.

What is the routing metric OSPF is based on?

Bandwidth. OSPF's metric is a cost value based on bandwidth or the speed of its connection. The default formula used to calculate OSPF cost is as follows: Cost = 100,000,000 / bandwidth in bps For example, OSPF assigns the cost of 10 to a 10-MB Ethernet line (100,000,000 / 10,000,000 = 10).

What is the difference between baseband and broadband?

Baseband is a network technology in which only one carrier frequency is used (such as Ethernet). Broadband is a network technology in which several independent channels are multiplexed into one cable (for example, a T1 line or broadband [TV] cable)

As a network administrator, you are running OSPF in your network and you have two paths to the same destination; however, the costs of the paths are not the same. As a result, OSPF routes all traffic across the route with the lowest cost. You want to use the second link. How do you configure OSPF to load-balance between the two links?

Because OSPF's metric is based on cost, to load-balance between two links with different costs, you must manually configure each interface with the same cost. The ip ospf cost interface-cost interface command sets the OSPF cost of an interface. In the example stated in the question, you would enter the following commands to make both interfaces have the same cost: RouterA(config)#interface serial 0/0 RouterA(config-if)#ip ospf cost 10 RouterA(config-if)#interface serial 0/1 RouterA(config-if)#ip ospf cost 10

How to you configure an RSTP root switch and backup switch?

Because all Cisco switches have the same bridge ID, by default in STP and RSTP, the switch with the lowest MAC address is the root bridge. In many instances, this is not desired. To specify a switch to be the root switch, use the spanning-tree mst instance-id root primary [diameter net-diameter [hello-time seconds]] global command, as follows: Cat2960(config)#spanning-tree mst 1 root primary To configure the backup root switch, use the spanning-tree mst instance-id root secondary global command.

Host A wants to send data to host B. Host B is on a different segment from host A. The two segments are connected to each other through a router. What happens to the MAC address of host A during data transit to host B?

Because host B is on a different segment that is separated by a router, the MAC address of host A will change. Anytime a frame passed through a router, a router rewrites the MAC address to the MAC address of the router and then sends the frame to the local host. In this case, the router will change the MAC address of the frame sent from host A. Host B will see that the frame came from the MAC address of the router with the IP address of host A.

You configure Frame Relay between two Cisco routers; however, you cannot ping the remote network. You issue the show interface serial 0 command and you see the following: RouterA#show int s0 Serial0 is up, line protocol is down Hardware is HD64570 Internet address is 192.168.1.2/24 What are the possible reasons that you cannot ping the remote network?

Because the line is up but the line protocol is down, the router is getting carrier signal from the CSU/DSU, and problem is with the data link layer. Causes for the line protocol being down include the following: - The Frame Relay provider did not activate its port. - An LMI mismatch has occurred. - An encapsulation mismatch has occurred. - The DLCI is inactive or has been deleted. - The DLCI is assigned to the wrong subinterface.

As a network administrator, you configured Frame Relay on your Cisco routers; however, the Frame Relay link is down. You issue the show interface serial 0 command on your Cisco routers and you see the following: RouterA#show int s0 Serial0 is down, line protocol is down Hardware is HD64570 Internet address is 192.168.1.2/24 What are possible reasons that the Frame Relay link is down?

Because the show interface command shows that the interface is down and the line protocol is down, the error is at the physical layer. This means that the problem is with the cable, the channel service unit/data service unit (CSU/DSU), or the serial line. To troubleshoot the problem, perform the following steps: Step 1. Check the cable to make sure that it is a DTE serial cable and that the cables are securely attached. Step 2. If the cable is correct, try a different serial port. Step 3. If the cable does not work on the second port, try replacing the cable. If replacing the cable does not work, the problem lies with your carrier.

A hub is connected to a switch. Fifteen users are connected to the hub. All users are trying to connect to a server off of the switch, but are experiencing latency. What type of problem is this, and what are some of the causes for this problem?

Because the users are connected to a hub, they are in the same collision domain and are experiencing collision domain connectivity problems. Causes for the latency problem can include the following: - The segment is overloaded or oversubscribed. - Bad cabling on the segment. - NICs on the segment do not have compatible settings. - Faulty NICs.

Before installing a new, upgraded version of the Cisco IOS, what should be checked on the router? What IOS command gathers this information?

Before upgrading the IOS on a router, the amount of available flash and RAM should be checked. You need to verify that the router can support the new image. The show version privileged command displays the amount of flash and RAM available on a router.

Convert the decimal number 167 to binary.

Binary uses only two symbols (1 or 0) instead of ten symbols like decimal. In binary, 1 signifies ON and 0 signifies OFF. To convert a decimal number to binary, each digit represents the number 2 raised to a power exponent based on its position To convert a decimal number to binary, first find the largest power of 2 that can fit into the decimal number. If you have the decimal number 167, 128 is the largest power of 2 that fits into this binary number, so 128 is considered ON. Subtracting 128 from 167 leaves you with 39. The next largest power that can fit into 39 is 32, so 32 is considered ON. Subtracting 32 from 39 leaves you with 7, so 4, 2, and 1 are considered ON. This leaves you with the following binary number: 10100111

What are some network devices that operate at the data link layer (Layer 2)?

Bridges and switches are network devices that operate at the data link layer. Both devices make decisions about what traffic to forward or drop (filter) by MAC addresses, and logical network addresses are not used at this layer. Data link layer devices assume a flat address space. Typically, a bridge is designed to create two or more LAN segments and is software implemented. A switch is a hardware version of a bridge, but that has many more ports than a bridge, and is designed to replace a hub while providing the filtering benefits of a bridge.

What are some network devices that operate at the data link layer?

Bridges and switches operate at the data link layer. Both devices make decisions about what traffic to forward or drop (filter) by MAC addresses, and logical network address are not used at this layer. Data link layer devices assume a flat address space.

After the root bridge and root ports are selected, the last step in Spanning Tree is to elect designated ports. How do bridges elect designated ports?

Bridges elect designated ports by choosing the lowest value based on cumulative root path cost to the root bridge. In Spanning Tree, each segment in a bridged network has one designated port. This port is a single port that both sends and receives traffic to and from that segment and the root bridge. All other ports are placed in a blocking state. This ensures that only one port on any segment can send and receive traffic to and from the root bridge, ensuring a loop-free topology. The bridge that contains the designated port for a segment is called the designated bridge for that segment. Designated ports are chosen based on cumulative root path cost to the root bridge.

What is the advantage of segmenting a network with bridges/switches?

Bridges/switches operate at Layer 2 of the OSI model and filter by MAC address. Each port on a bridge/switch provides fully dedicated bandwidth and creates a single collision domain. Because bridges/switches operate at Layer 2 of the OSI model, they cannot filter broadcasts, and they create a single broadcast domain.

What is a broadcast storm?

Broadcast storms occur when many broadcasts are sent simultaneously across all network segments. They are usually caused by Layer 2 loops because of spanning tree failures, a bad network interface card (NIC), a faulty network device, or a virus.

What physical network topology connects all devices to one cable?

Bus topology. A bus topology connects all devices to a single cable. This cable connects one computer to another. In a logical bus topology, only one packet can be transmitted at a time.

What is the logical topology of Ethernet?

Bus. Ethernet uses a logical bus topology and either a physical bus or star topology.

Router A is connected to Router B through a point-to-point T1 link. Router B is connected to network 192.168.100.0 on its Fast Ethernet interface. EIGRP is running on both routers. You install a second point-to-point link between the two routers for redundancy. The new link has a bandwidth of 256 kbps. Because the new link has a higher cost than the T1 link, the new link is not installed in the routing table and is idle. EIGRP only uses the T1 link to route to network 192.168.100.0. You want to load-balance between the two links. How do you enable EIGRP to load-balance between the two links?

By default, EIGRP can only load-balance equal-cost links and not load-balance between unequal-cost links. EIGRP needs to be configured to load-balance between unequal-cost links. The goal is to configure EIGRP to spread the traffic load inversely proportionally to the metrics on the two links. EIGRP uses the variance command to perform unequal-cost load balancing. The variance command defines a multiplier by which a metric can vary from the lowest-cost route. A variance of 1 means that the metrics of multiple routes must be equal. In this question, the metric of the T1 link is 1,657,856. The composite metric to network 192.168.100.0 (the total of the cost of the T1 link and the Fast Ethernet interface) is 2,172,416. The composite metric of the 256-kbps link is 10,514,432. To find the variance between the two paths to perform unequal-cost load balancing, divide the metric of the 256-kbps link by the T1 link: 10,514,432/2,172,416 = 4.8. Thus to configure unequal-cost load balancing, the variance on Router A needs to be set to 5, as follows: RouterA(config)#router eigrp 100 RouterA(config-router)#variance 5

What is VTP pruning?

By default, a trunk link carries traffic for all VLANs in the VTP domain. Even if a switch has no ports in a specific VLAN, traffic for that VLAN is carried across the trunk link. VTP pruning uses VLAN advertisements to determine when a trunk connection is needlessly flooding traffic to a switch that has no ports in the particular VLAN. VTP pruning increases available bandwidth by restricting flooded traffic to trunk lines that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled.

What is carrier sense multiple access collision detect (CSMA/CD)?

CSMA/CD describes the Ethernet access method. In CSMA/CD, many stations can transmit on the same cable, and no station has priority over any other. Before a station transmits, it listens on the wire (carrier sense) to make sure that no other station is transmitting. If no other station is transmitting, the station transmits across the wire. If a collision occurs, the transmitting stations detect the collision and run a backoff algorithm. The backoff algorithm is a random time that each station waits before retransmitting.

What is the function of CSMA/CD algorithm in Ethernet technologies?

Carrier sense multiple access collision detect (CSMA/CD) defines how the Ethernet media is accessed.

In Spanning Tree, what is path cost?

Path cost is a calculation based on the link's bandwidth. It is a value assigned to each port that is based on the port's speed.

What is Cisco AutoSecure?

Cisco AutoSecure is a tool that attempts to secure the router by disabling the services most commonly used by hackers to attack a router. For example, AutoSecure disables HTTP server, Cisco Discovery Protocol (CDP), Network Time Protocol (NTP), Internet Control Message Protocol (ICMP), and other services on the router. AutoSecure can run in interactive or noninteractive mode.

List the eight practices that Cisco recommends to secure a switch.

Cisco recommends the following practices to secure a switch: - Set system passwords - Secure access to the console port - Secure access to vty ports through access lists - Use SSH when possible - Disable the HTTP server on the switch - Configure switch warning banners - Disable unneeded services on the switch - Configure logging

Why does Cisco recommend using SSH instead of Telnet for remote access of a Cisco device?

Cisco recommends using SSH because it encrypts communication between the Cisco device and the host. Telnet is unsecure, and all communication between the Cisco device and host is sent in clear text.

What is the difference between classful routing protocols and classless routing protocols?

Classful routing protocols do not include the subnet mask in routing advertisements. As a result, all subnetworks of the same major network must use the same subnet mask. Routers using classful routing protocols automatically perform route summarization across network boundaries. RIPv1 is an example of a classful routing protocol. Classless routing protocols include subnet mask information in routing advertisements and support variable-length subnet mask (VLSM). In classless routing, summarization is controlled manually. RIPv2, OSPF, IS-IS, and EIGRP are classless routing protocols.

What is the difference between classful and classless routing protocols?

Classful routing protocols do not send the subnet mask in their routing updates. As a result, all interfaces on the router have to be configured with the same subnet mask, because classful routing protocols assume that all remote networks have the same subnet mask of the exiting interface. Classless routing protocols send the subnet mask in their routing updates and support VLSM and CIDR. RIPv2, OSPF, and EIGRP are classless routing protocols.

What is CIDR?

Classless interdomain routing (CIDR) is a new addressing scheme for the Internet that allows more efficient use of IP addresses than the old class A, B, and C scheme. It is more flexible and offers route aggregation (supernetting). A CIDR address is a network address that does not use original Class A, B, and C rules. For example, a CIDR address can look like this: 192.168.2.0 255.255.255.248.

In WAN communications, what is clocking?

Clocking is the method used to synchronize data transmission among devices on a WAN. The CSU/DSU (DCE device) controls the clocking of the transmitted data.

How do you disable VTP on a Catalyst 2960 switch?

Configure the switch for VTP transparent mode as follows: Cat2960(config)#vtp mode transparent

How do you configure MD5 authentication between two OSPF routers?

Configuring MD5 authentication between two OSPF routers is similar to configuring plain-text authentication, except you need to have a key ID and a password. The area area-id authentication message-digest command enables MD5 for the OSPF area. The ip ospf message-digest-key key-id md5 password interface command sets the password between the two routers. The following commands enable MD5 authentication for key 1 with the password of cisco: RouterA(config)#router ospf 1 RouterA(config-if)#area 0 authentication message-digest RouterA(config)#interface serial 0/0 RouterA(config-if)#ip ospf message-digest-key 1 md5 cisco

Convert binary number 01100100 to decimal.

Converting a binary number to decimal is just the reverse of converting a decimal number to binary. When converting from binary, look at the numbers that are considered ON and then find their place value. In the binary number 01100100, the place values 64, 32, and 4 are ON. If you add these place values together, you get the decimal number of 100.

Convert the binary number 0101011011000010 to hexadecimal.

Converting binary to hex is easier than it looks. No matter how large the binary number, always apply the following conversion: Break the binary number into groups of four, starting from the right and moving left. If the binary number is not divisible by four, add 0s to the left end or until you have four digits in every group. Using this equation, 0101011011000010 is broken into the following groups: 0101 0110 1100 0010. After you have created the groups, you can convert the digits to hex. 0101 is 5 in hex, 0110 is 6, 1100 is C, and 0010 is 2, so this binary number looks like the following in hex: 0x56C2.

When describing the characteristics of a network, what does cost refer to?

Cost refers to the general cost of network components, installation, and maintenance.

Describe DSL.

Digital subscriber line (DSL) is a modem technology that uses existing twisted-pair telephone lines to transfer high-speed data. Many types of DSL are used today; the most common are asymmetric DSL (ADSL) and symmetric DSL (SDSL). ADSL provides a higher downstream speed than upstream. SDSL provides the same speed for both upstream and downstream traffic.

Disaster Recovery and Incident Response *Which plan or policy helps an organization determine how to relocate to an emergency site?*

Disaster-recovery plan* The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage.

How do distance vector routing protocols keep track of changes to the internetwork?

Distance vector routing protocols keep track of changes to the internetwork by periodically broadcasting updates out all active interfaces. These broadcasts contain the entire routing table. This method is often called "routing by rumor."

How do distance vector routing protocols keep track of changes to the internetwork?

Distance vector routing protocols keep track of changes to the internetwork by periodically broadcasting updates out all active interfaces. This broadcast contains the entire routing table.

How do distance vector routing protocols keep track of any changes to the internetwork?

Distance vector routing protocols keep track of changes to the internetwork by periodically broadcasting updates out all active interfaces. This broadcast contains the entire routing table. This method is often called "routing by rumor."

What is DHCP?

Dynamic Host Configuration Protocol (DHCP) allows a host to obtain an IP address automatically and to set TCP/IP stack configuration parameters such as subnet mask, default gateway, and DNS addresses.

What are dynamic access lists?

Dynamic access lists (lock-and-key) dynamically create access list entries on the router to allow a user that has authenticated to the router through Telnet to access resources that are blocked behind the router. Dynamic access lists depend on the user authenticating to the router and on extended access lists. Considered lock-and-key, the configuration starts with an extended ACL that blocks traffic through the router. A user that wants to traverse through the router is blocked by the extended ACL until he authenticates to the router through Telnet with a username and password. After the user is authenticated, the Telnet connection is dropped, and a single-entry dynamic ACL entry is added to the extended ACL to permit the user to traverse through the router.

On the VTP server, where is the VLAN configuration stored?

NVRAM. Only on a VTP server is VLAN configuration stored in NVRAM (also called flash). VLAN information is stored in a file called vlan.dat. This is called the VLAN database.

How do the different layers of the OSI model communicate with each other?

Each layer of the OSI model can communicate only with the layer above it, below it, and parallel to it (a peer layer). For example, the presentation layer can communicate with only the application layer, session layer, and presentation layer on the machine it is communicating with. These layers communicate with each other using service access points (SAP) and protocol data units (PDU). The SAP is a conceptual location at which one OSI layer can request the services of another OSI layer. PDUs control information that is added to the user data at each layer of the model. This information resides in fields called headers (the front of the data field) and trailers (the end of the data field).

What is EIRP?

Effective Isotropic Radiated Power (EIRP) is the final unit of measurement monitored by local regulatory agencies. EIRP is calculated as follows: EIRP = Transmission power + Antenna gain [ms] Cable loss

An end user complains of slow access to the network. You issue the show interface command on the port the end user is connected to and you see a lot of collisions and runts on the interface. What is most likely the cause of the problem?

Either a change of traffic patterns usually caused by the installation of a new application or the installation of a hub can cause excessive collisions and runts on an interface.

After bridges elect a root bridge, what is the next step in the spanning-tree process?

Elect root ports. After electing the root bridge, switches elect root ports. A root port is the port on nonroot bridges that has the lowest cost to the root bridge. Every nonroot bridge must select one root port.

How many LSAs exist in OSPF?

Eleven distinct link-state packet formats are used in OSPF; each is used for a different purpose. The ICND exam will only test you on two LSA types: Type 1 and Type 2. Type 1 LSAs are router LSAs and are generated by each router for each area to which it belongs. These LSAs describe the states of the router's links to the area and are flooded within a single area. Type 2 LSAs are network LSAs and are generated by the DR and BDR. They describe the set of routers attached to a particular network. They are flooded within a single area.

What protocol does Frame Relay rely on for error checking?

Frame Relay relies on upper-layer protocols. Frame Relay does not rely on any certain protocol for error checking. Instead, it relies on upper-layer protocols to provide error checking. For example, Frame Relay relies on TCP to provide error checking in an IP network.

What is data encapsulation?

Encapsulation wraps data with the necessary protocol information before network transmission. A PDU can include different information as it goes up or down the OSI model. It is given a different name according to the information it is carrying (the layer where it is located). When the transport layer receives upper-layer data, it adds a TCP header to the data; this is called a segment. The segment is then passed to the network layer, and an IP header is added; thus, the data becomes a packet. The packet is passed to the data link layer, thus becoming a frame. This frame is then converted into bits and is passed across the network medium. This is data encapsulation. For the ICND test, you should know the following: - Application layer: Data - Transport layer: Segment - Network layer: Packet - Data link layer: Frame - Physical layer: Bits

How do you delete a VLAN from a Catalyst switch?

Enter the no vlan vlan-id global command for the VLAN you want to delete, as follows: Switch(config)#no vlan 10

What is Etherchannel?

Etherchannel is a Cisco feature that allows you to combine several physical links (up to eight) into one logical connection for increased bandwidth. Data between the links is load-balanced, and Spanning Tree sees the logical link as one link; thus all physical ports are forwarding. Fast Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet links can be configured for Etherchannel. For example, two 1-Gigabit links can be configured for Etherchannel, providing 2 Gbps of bandwidth.

The Frame Relay circuit between two routers is experiencing congestion. Which types of notifications are used to alleviate the congestion?

FECNs, BECNs, and DE notifications alleviate the congestion.

List five types of access attacks.

Five types of access attacks are as follows: - Password attacks - Trust exploitation - Port redirection - Man-in-the-middle attacks - Buffer overflow

What is flash memory used for on a Cisco router?

Flash memory stores the Cisco IOS Software image and, if room exists, multiple configuration files or multiple IOS files. Flash memory is not erased when the router or switch is reloaded.

What is flow control, and what are the three methods of implementing it?

Flow control is the method of controlling the rate at which a computer sends data, thus preventing network congestion. The three methods of implementing flow control are as follows: - Buffering - Source-quench messages (congestion avoidance) - Windowing

What is the purpose of flow control?

Flow control provides a mechanism for the receiver to control the transmission speed. TCP implements flow control by using the SYN and ACK fields in the TCP header, along with the Window field. The Window field is a number that implies the maximum number of unacknowledged bytes allowed outstanding at any time.

How do you enable PPP authentication using PAP or CHAP on a Cisco router?

Follow these steps to enable PPP authentication using PAP or CHAP on a Cisco router: Step 1. Make sure that each router has a host name assigned to it using the hostname command. Step 2. On each router, define the username of the remote router and the password that both routers will use with the username remote-router-name password password command. Step 3. Configure PPP authentication with the ppp authentication {chap | chap pap | pap chap | pap} interface command. (If both PAP and CHAP are enabled, the first method you specify in the command is used. If the peer suggests the second method or refuses the first method, the second method is used.) RouterB(config)#hostname RouterB RouterB(config)#username RouterA password cisco RouterB(config)#int s0 RouterB(config-if)#ppp authentication chap pap

For IPsec encryption to work in a VPN, what must both the sender and receiver be configured with?

For IPsec encryption to work in a VPN, the sender and receiver must be configured with the same transform set. A transform set is the rules used to encrypt the traffic through the VPN. These rules are based on an algorithm and a key. If each end had a different transform set, the receiving device would not know how to decrypt the traffic of the sending device.

For OSPF routers to become neighbors, what parameters must match in their Hello packets?

For OSPF routers to become neighbors, the parameters that must match in their Hello packets are as follows: - Subnet mask used on the subnet - Subnet number - Hello Interval - Dead Interval - OSPF area ID

What is the OSPF router ID, and where does an OSPF router receive its router ID?

For OSPF to initialize, it must be able to define a router ID for the entire OSPF process. A router can receive its router ID from several sources: manual configuration through the router-id command; by the numerically highest IP address set on the loopback interface. The loopback interface is a logical interface that never goes down. If no loopback address is defined, an OSPF-enabled router selects the numerically highest IP address on all its interfaces as its router ID.

List four advantages that Layer 2 switches have over bridges.

Four advantages that Layer 2 switches have over bridges are as follows: - A high-speed backplane that enables multiple simultaneous conversations to occur. - Data-buffering capabilities that store and forward packets to the correct ports or port. - Higher port densities versus bridges. - Lower latency than bridges. Layer 2 switches are implemented in hardware, allowing millions of bits per second to be transmitted at the same time.

What are four advantages link-state protocols have over distance vector protocols?

Four advantages that link-state protocols have over distance vector protocols are as follows: - Link-state protocols send routing updates only when they detect a topology change. - Fast convergence. - Support for classless addressing. - Networks can be segmented into area hierarchies, limiting where routing updates are flooded to.

List four devices used to connect to or used on a WAN?

Four devices used to connect to or used on a WAN are as follows: - Routers: Used to connect the LAN to the WAN. Routers provide network layer services; they route data from one network to another. - WAN switches/networking devices: Used in the WAN network. They are multiport devices that switch Frame Relay, X.25, or ATM traffic. They operate at the data link layer of the OSI model. - Modems or DSUs/CSUs: In analog lines, modems convert analog to digital. Modems modulate and demodulate a signal, enabling data to be transmitted over telephone lines. In digital lines, data service units/channel service units (DSU/CSU) convert one form of digital format to another digital format. - Communication servers: Concentrate dial-in and dial-out user communications.

Provide four reasons why you would use OSPF instead of RIP.

Four reasons why you would use OSPF instead of RIP are as follows: - Fast convergence - No reachability limitations - More efficient use of bandwidth - Path selection is based on bandwidth rather than hops

Is Frame Relay a circuit-switched or packet-switched network?

Frame Relay is a packet-switched network that creates virtual circuits (VC) between DTE devices on a network to enable bidirectional communication. These virtual circuits can either be permanent virtual circuits (PVC) or dynamically switched virtual circuits (SVC).

How does Frame Relay use Inverse ARP?

Frame Relay uses Inverse ARP as a way to dynamically map a network layer address to a DLCI. Frame Relay uses Inverse ARP to determine the remote node's IP address by sending the Inverse ARP to the local DLCI. With Inverse ARP, the router can discover the network address of a device associated with a virtual circuit (VC).

Describe HDLC.

HDLC was derived from Synchronous Data Link Control (SDLC). It is the default encapsulation type on point-to-point dedicated links and circuit-switched connections between Cisco routers. It is an ISO-standard, bit-oriented, data-link protocol that encapsulates data on synchronous links. HDLC is a connection-oriented protocol that has little overhead. HDLC lacks a protocol field and therefore cannot encapsulate multiple network layer protocols across the same link. Because of this, each vendor has its own method of identifying the network-layer protocol. Cisco offers a propriety version of HDLC that uses a type field that acts as a protocol field, making it possible for multiple network-layer protocols to share the same link.

What is the IP multicast address of Hello protocols?

Hello protocols are periodically sent out each interface using the IP multicast address 224.0.0.5 (AllSPFRouters). The HelloInterval each router uses to send out the Hello protocol is based on the media type. The default HelloInterval of point-to-point and point-to-multipoint broadcast networks is 10 seconds; on NBMA networks, the default is 30 seconds.

As a network administrator, you want to block all Telnet traffic originating from your router's Fast Ethernet interface 0/0 that is connected to network 192.168.1.0/24 and permit all other IP traffic. You create the following access list and apply it to Fast Ethernet interface 0/0: access-list 101 deny tcp 192.168.1.0 0.0.0.255 any eq 23 After you apply the access list, hosts connected to the router's Fast Ethernet interface cannot communicate with remote networks. Why?

Hosts attached to network 192.168.1.0/24 cannot communicate with remote networks because the access list is denying all IP traffic. At the end of each access list is a deny all statement. Thus access list 101 is not only denying Telnet traffic but is also denying all IP traffic as well. To resolve the problem, the access list needs to be configured as follows: access-list 101 deny tcp 192.168.1.0 0.0.0.255 any eq 23 access-list 101 permit ip any any

Describe 802.1Q tagging?

IEEE 802.1Q tagging provides a standard method of identifying frames that belong to a particular VLAN. 802.1Q does this by using an internal process that modifies the existing Ethernet frame with the VLAN identification.

What is the difference between interior gateway protocols (IGP) and exterior gateway protocols (EGP)?

IGPs route data within an autonomous system (AS). EGPs route data between autonomous systems. Examples of IGPs are RIP, EIGRP, IS-IS, and OSPF. BGP is an example of an EGP.

What is an example of Layer 3 addresses?

IP addresses.

What is the Internet Protocol (IP)?

IP is a connectionless protocol that provides best-effort delivery routing of packets. IP has the following characteristics: - Operates at Layer 3 of the Open Systems Interconnection (OSI) (network) and TCP/IP (Internet) model - Is connectionless - Uses hierarchical addressing - Provides best-effort delivery of packets - Has no built-in data recovery

What is IPsec?

IPsec is an industry-standard protocol that acts at the network layer, protecting and authenticating IP packets between IPsec peers (devices). IPsec secures a path between a pair of gateways, a pair of hosts, or a gateway and a host. IPsec is not bound to any specific encryption or authentication algorithm, keying or technology, or security algorithms, thus allowing IPsec to support newer and better algorithms.

What four security services does IPsec provide?

IPsec provides the following four security services: - Confidentiality (encryption): Packets are encrypted before being transmitting across a network. - Data integrity: The receiver can verify that the transmitted data was not altered or changed. This is done through checksums. - Authentication: Ensures that the connection is made with the desired communication partner. - Antireplay protection: Verifies that each packet is unique and not duplicated. This is done by comparing the sequence number of the received packets with a sliding window of the destination host or gateway.

How do you manually configure IPv6 tunnels?

IPv6 tunnels are configured on domain border routers that have to communicate with each other through an IPv4 network. The following commands create an IPv6 tunnel through an IPv4 network: RouterB(config)#interface tunnel 0 (create the tunnel interface) RouterB(config-if)#description IPv6 tunnel to RouterA (identify the tunnel) RouterB(config-if)#ipv6 unnumbered ethernet 0 (use IPv6 address on e0 for tunnel) RouterB(config-if)#tunnel source ethernet 0 (configure tunnel source as e0) RouterB(config-if)#tunnel destination 192.168.10.2 (the IPv4 address the tunnel terminates) RouterB(config-if)#tunnel mode ipv6ip (configure the tunnel mode as IPv6)

Which of the following are link-state protocols? - IS-IS - BGP - Variable-length subnet mask (VLSM) - RIP - OSPF

IS-IS and OSPF are link-state protocols.

What is maximum hop count?

If a loop is in an internetwork, a packet loops around the internetwork until the TTL in the IP packet reaches zero and is removed. Maximum hop counts prevent routing loops by defining the maximum number of times a packet can loop around the internetwork. RIP uses a hop count of up to 15, so anything that requires 16 hops is unreachable. Anytime a packet passes through a router, it is considered one hop.

If a remote router does not support Inverse ARP, what must you configure on the router?

If a remote router does not support Inverse ARP, you must configure a static mapping between the local DLCI and the remote protocol address.

Upon first boot, a new router does not have a configuration file to load. In the event that a router has no configuration file, what happens?

If a router does find a configuration file, the router runs setup mode, a question-driven configuration wizard that allows you to configure basic router parameters.

You are configuring a serial interface and the interface says "Interface is up, line protocol is down." What does this tell you regarding the serial interface?

If an interface says "Interface is up, line protocol is down," the interface is experiencing Layer 2 problems. This could be caused by not receiving keepalives, no clocking received, or encapsulation mismatch.

The default encapsulation for a serial interface configured for Frame Relay is cisco. If you are connecting to a non-Cisco router, how do you change the encapsulation type?

If you are connecting to a non-Cisco router in a Frame Relay network, you need to specify ietf as the encapsulation type, as follows: RouterB(config-if)#ip address 192.168.1.1 255.255.255.0 RouterB(config-if)#encapsulation frame-relay ietf

You have a link on your switch that is not working properly. You enter the show interface command on the faulty port and the port status says "errDisable". What is the cause for this error?

If you are having connectivity issues and the port state shows "errDisable" the following issues can be causing this error: - EtherChannel misconfiguration - Duplex mismatch - Bridge protocol data unit (BPDU) port-guard has been enabled on the port - Unidiretional Link Detection (UDLD) - A native VLAN mismatch

How many usable subnets and usable hosts do you have if you subnet the network address 192.168.1.0 with the subnet mask 255.255.255.240?

If you subnet 192.168.1.0 with a 28-bit mask (255.255.255.240), you have 14 networks with 14 hosts in each network. If you look at the network address and subnet mask in binary, you can see that in the last octet, you have 4 bits for networks and 4 bits for hosts, as follows: 11000000.10101000.00000000.00000000 11111111.11111111.11111111.11110000 You can apply these bits to the following formula: 2n = amount of subnets or hosts, where n is the amount of masked bits Therefore, 24 = 16 subnets. You then apply the same equation to the find the hosts and you receive 16.

How does RSTP handle BPDUs?

In 802.1D (Spanning Tree), a nonroot bridge only generates BPDUs when it receives one on the root port. In RSTP (802.1w), a bridge sends a BPDU every 2 seconds by default, even if it does not receive any from the root bridge.

What is the difference between Ad hoc mode and Infrastructure mode?

In Ad hoc mode, wireless clients connect directly to each other without an access point. In Infrastructure mode, wireless clients connect through an access point.

What does the Hello protocol do in an OSPF network?

In OSPF, the Hello protocol ensures that communication between OSPF-speaking routers is bidirectional. It is the means by which neighbors are discovered, and it acts as a keepalive between neighbors. It also establishes and maintains neighbor relationships and elects the designated router (DR) and the backup designated router (BDR) to represent the segment on broadcast and nonbroadcast multiaccess (NBMA) networks.

What is Per-VLAN Spanning Tree (PVST) and PVST+?

In PVST, a different spanning-tree instance exists for each VLAN on a switch. So, each VLAN has its own root bridge, root port, designated port, and nondesignated port. PVST is defined in 802.1D. PVST+ is based on the 802.1D standards but also includes Cisco-proprietary features such as UplinkFast and BackboneFast.

In RSTP, when does a bridge consider it has lost connectivity to a direct neighbor?

In RSTP, a bridge considers that it has lost connectivity to a directly connected neighbor if it misses three BPDUs in a row (6 seconds). In RSTP, BPDUs act as keepalive mechanisms between bridges. If a bridge does not receive a BPDU from a neighbor, the switch is certain that the connection to the neighbor has failed.

How are link types derived in RSTP?

In RSTP, a link can only rapidly transition to a forwarding state on edge port and on point-to-point links. A point-to-point link is a link that directly connects two switches. In RSTP, the link type is automatically derived from the duplex mode of a port. Full-duplex is assumed to be point-to-point, and a half-duplex link is considered a shared point.

What is VTP client mode?

In VTP client mode, a switch cannot create, delete, or modify VLANs. In client mode, the switch transmits and receives VTP updates on its trunk links. VLAN configurations are received from the VTP server.

What is included in a DHCPOFFER message?

In a DHCPOFFER message, initial IP configuration for the client, such as IP address, subnet mask, and default gateway, is included.

Describe a ring topology.

In a ring topology, all hosts and devices are connected in the form of a ring or circle. The following two types of ring networks exist: - Single-ring: In a single-ring network, all devices share a single cable and data travels in one direction. Each device waits its turn to send data over the network. - Dual-ring: A dual-ring network has a second ring to add redundancy and allows data to be sent in both directions.

What is the Cisco Catalyst cut-through switching method?

In cut-through switching mode, the switch only checks the frame's destination address and immediately begins forwarding the frame out the appropriate port. Because the switch checks the destination address in only the header and not the entire frame, the switch forwards a collision frame or a frame that has a bad CRC.

How do you configure the VTP operation mode, VTP domain, and VTP password on a Catalyst 2960 switch?

In global configuration mode, the vtp mode [server | client | transparent] global command sets the VTP mode, followed by the vtp domain domain-name to configure the VTP domain and vtp password password to set the VTP password, as follows: Cat2960(config)#vtp mode server Cat2960(config)#vtp domain CiscoPress Changing VTP domain name from NULL to CiscoPress Cat2960(config)#vtp password ICND Setting device VLAN database password to ICND

In OSPF, what is the designated router and backup designated router?

In multiaccess networks (LANs) a designated router (DR) must be elected on the subnet before database description packets can be exchanged between routers. All database description packets are forwarded to the DR, which in turn forwards them to other OSPF routers. The DR has the following duties: - Represent the multiaccess network and attached routers for the OSPF area - Manage the flooding process on the multiaccess network

In routing, what is load balancing?

In routing, if a router has multiple paths with the same administrative distance and cost to a destination, packets are load-balanced across the paths. Load balancing is a function of Cisco IOS router software and is supported for static routes, RIP, RIPv2, Interior Gateway Routing Protocol (IGRP), Enhanced IGRP (EIGRP), OSPF, Intermediate System[nd]to[nd]Intermediate System (IS-IS) Protocol, and Border Gateway Protocol (BGP).

What is the OSFP Loading state

In the Loading state, the exchange of link-state information occurs. Routers send link-state request packets to neighbors requesting more-recent LSAs that have been discovered but not received.

What is the OSPF Exstart state?

In the OSPF Exstart state, the router and the segment's DR and BDR establish a master-slave relationship and choose the initial sequence of numbers to form an adjacency.

What is the STP learning state?

In the STP learning state, no user data is passed. The port quietly builds its bridging table. The default time in the learning state is 15 seconds.

If a bridge is faced with a tie in electing designated ports, how does it decide which port will be the designated port?

In the event of a tie, STP used the four-step decision process discussed in Question 8. It first looks for the BPDU with the lowest BID; this is always the root bridge. If the switch is not the root bridge, it moves to the next step: the BPDU with the lowest path cost to the root bridge. If both paths are equal, STP looks for the BPDU with the lowest sender BID. If these are equal, STP uses the link with the lowest port ID as the final tiebreaker.

What is the Cisco Catalyst store-and-forward switching method?

In the store-and-forward switching method, the switch's incoming interface receives the entire frame before it forwards it. The switch computes the cyclic redundancy check (CRC) to make sure that the frame is not bad. If the frame is good, the switch forwards it. If the CRC is bad, the switch drops it. If the frame is a runt (less than 64 bytes, including the CRC) or a giant (more than 1518 bytes, including the CRC), the switch discards it. Because the switch stores the frame before forwarding it, latency is introduced in the switch. Latency through the switch varies with the size of the frame.

What is VTP transparent mode?

In transparent mode, a switch does not participate in the VTP domain. However, a switch can add, modify, and delete VLANs locally. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. In VTP version 2, transparent switches forward VTP advertisements they receive out their trunk ports.

In what two ways can IP access lists be applied to an interface?

Inbound or outbound. Inbound access lists process packets as they enter a router's interface and before they are routed. Outbound access lists process packets as they exit a router's interface and after they are routed.

Is a DLCI locally or globally significant?

It is locally significant.

What are link-state advertisements?

Link-state advertisements (LSA) are what OSPF-speaking routers send out all interfaces to describe the state of the routers' links. LSAs are also packets that OSPF uses to advertise changes in the condition of a specific link to other OSPF routers.

What are local-area networks?

Local-area networks (LANs) are high-speed, low-error data networks that cover a small geographic area. LANs are usually located in a building or campus and do not cover a large distance. They are relatively inexpensive to develop and maintain. LANs connect computers, printers, terminals, and other devices in a single building or a limited area.

What is an example of a Layer 2 address?

MAC address. MAC addresses are assigned to end devices and are used for communication over the local network. MAC addresses are hard-coded into the network card.

What is Multiple Spanning Tree Protocol (MSTP)?

MSTP allows switches running RSTP to group VLANs into one spanning-tree instance. Each VLAN group has a separate spanning-tree instance that is independent of other spanning-tree instances. MSTP is defined in 802.1s.

Physical and Hardware-Based Security *Which of the following is a high-security installation that requires visual identification, as well as authentication, to gain access?*

Mantrap* High-security installations use a type of intermediate access control mechanism called a mantrap. Mantraps require visual identification, as well as authentication, to gain access. A mantrap makes it difficult for a facility to be accessed in number because it allows only one or two people into the facility at a time.

What advantage do named access lists have over standard and extended access lists?

Named access lists allow you to edit or delete individual rules in the access lists. With standard and extended access lists, if you want to modify the access list, you have to remove the entire access list, make the changes, and then apply the edited access list.

*NetBIOS (Network Basic Input/Output System) is a transport protocol used by _______________ systems to allow applications on separate computers to communicate over a LAN.*

Microsoft Windows* NetBIOS (Network Basic Input/Output System) is a transport protocol used by Microsoft Windows systems to allow applications on separate computers to communicate over a LAN.

What is the cause of multiple collisions on a port?

Multiple collisions are the number of times the transmitting port had more than one collision before successfully transmitting a frame. If you experience multiple collisions on a port, the problem usually lies with an oversaturated medium.

WANs use a technology called multiplexing. What is multiplexing?

Multiplexing is a technology that enables multiple logical signals to be transmitted simultaneously across a single physical channel and then be combined into a single data channel at the source. This enables the signals to appear as one, combining the speeds of all channels.

On what layer of the OSI model does multiplexing occur?

Multiplexing occurs on the physical layer. Because multiplexing combines signals across a single physical channel, it occurs at the physical layer of the OSI model.

You configure your Cisco router to NAT hosts on network 192.168.10.0/24 to use NAT pool 216.1.1.2[nd]216.1.1.200 for Internet access. After configuring NAT, your hosts still cannot access the Internet. The following is a partial output from your router's configuration: interface Ethernet0 ip address 192.168.10.1 255.255.255.0 ip nat inside ! interface Ethernet1 ip address 216.1.1.1 255.255.255.0 ! ip nat pool Internet 216.1.1.2 216.1.1.200 ip nat inside source list 10 pool Internet ! access-list 10 permit 192.168.10.0 0.0.0.255 ! -text omitted- What is the problem?

NAT is configured incorrectly. The router configuration shows that a NAT outside interface is not configured. As a result, the router cannot translate the IP addresses. To fix the problem, define interface Ethernet1 with the ip nat outside command.

Are network layer addresses physical or logical?

Network layer addresses are logical. These addresses are logical addresses that are specific to the network layer protocol being run on the network. Each network layer protocol has a different addressing scheme. They are usually hierarchical and define networks first and then hosts or devices on that network. An example of a network address is an IP address, which is a 32-bit address often expressed in decimal format. An example of an IP address in decimal format is 192.168.0.1.

How do nonroot bridges decide which port they will elect as a root port?

Nonroot bridges use root path cost to determine which port will be the root port. Root path cost is the cumulative cost of all links to the root bridge. The port with the lowest root path cost is elected the bridge's root port and is placed in the forwarding state.

What is the function of NVRAM on a Cisco router?

Nonvolatile random-access memory (NVRAM) holds the saved router configuration (it also holds the switch configuration). This configuration is maintained when the device is turned off or reloaded.

What VLAN ranges does the Catalyst 2960 support?

Normal-range and extended-range VLANs. VLANs are identified by a number from 1 to 4094. VLANs 1 to 1005 are considered normal-range VLANs. Extended-range VLANs are numbered 1006 to 4094.

You issue the show ip ospf interface command on your Cisco router. You receive the following output: RouterA# show ip ospf interface serial0 Serial0 is up, line protocol is up Internet Address 192.16.0.1/24, Area 0 Process ID 10, Router ID 172.16.0.1, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 4 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1 What type of authentication is enabled on your router?

OSPF MD5 authentication is enabled on the router. When issuing the show ip ospf interface command, the following response indicates that MD5 authentication is enabled with the key ID of 1: Message digest authentication enable Youngest key id is 1

How do OSPF-speaking routers build adjacencies and exchange routing tables?

OSPF-speaking routers build adjacencies and exchange routing tables by sending Hello packets out all OSPF-enabled interfaces. If the routers share a common data link and agree on certain parameters set in their Hello packets, they become neighbors. If these parameters are different, they do not become neighbors and communication stops. OSPF routers can then form adjacencies with certain routers. The routers that OSPF-speaking routers build adjacencies with are determined by the data-link media type. After adjacencies have been formed, each router sends link-state advertisements (LSA) to all adjacent routers. These LSAs describe the state of each of the router's links. Because of the varying types of link-state information, OSPF defines multiple LSA types. Finally, a router receiving LSAs from neighbors records the LSA in a link-state database and floods a copy of the LSA to all its other neighbors. When all databases are complete, each router uses the SPF algorithm to calculate a loop-free topology and builds its routing table based on this topology.

On a multiaccess network, how is the DR elected?

On a multiaccess network, the DR is elected by the following criteria: - The router with the highest OSPF priority becomes the DR. - If two or more routers have the same OSPF priority, the router with the highest router ID becomes the DR.

How many access lists can be applied to an interface on a Cisco router?

Only one access list per protocol, per direction, per interface can be applied on a Cisco router. Multiple access lists are permitted per interface, but they must be for different protocols.

You configure your Cisco router to NAT hosts on network 192.168.10.0/24 to use NAT pool 216.1.1.2[nd]216.1.1.254 for Internet access. After configuring NAT, only some of your hosts have Internet access. The following is a partial output from your router's configuration: interface Ethernet0 ip address 192.168.10.1 255.255.255.0 ip nat inside ! interface Ethernet1 ip address 216.1.1.1 255.255.255.0 ip nat outside ! ! ip nat pool Internet 216.1.1.2 216.1.1.200 ip nat inside source list 10 pool Internet ! access-list 10 permit 192.168.10.0 0.0.0.127 ! -text omitted- What is the problem?

Only some of the hosts on network 192.168.10.0/24 have Internet access because of an incorrect wildcard mask in the access list. The current wildcard mask only NATs half of the hosts on network 192.168.10.0/24. To fix the problem, use the correct wildcard mask of 0.0.0.255.

PPP can be used over what physical WAN interfaces?

PPP can be used over the following physical WAN interfaces: - Asynchronous serial interfaces - High-Speed Serial Interfaces (HSSI) - ISDN interfaces - Synchronous serial interfaces

What is the Point-to-Point Protocol (PPP)?

PPP is an industry-standard protocol that provides router-to-router or router-to-host connections over synchronous and asynchronous links. It can be used to connect WAN links to other vendors' equipment. It works with several network-layer protocols, such as IP and Internetwork Packet Exchange (IPX). PPP provides optional authentication through Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), or Microsoft CHAP (MS-CHAP).

Describe packet-switched WAN connections.

Packet-switched connections use virtual circuits (VC) to provide end-to-end connectivity. Packet-switched connections are similar to leased lines, except that the line is shared by other customers. A packet knows how to reach its destination by the programming of switches. Frame Relay and X.25 are examples of a packet-switched connection.

What is the difference between path cost and root path cost?

Path cost is the value assigned to each port. It is added to BPDUs received on that port to calculate the root path cost. Root path cost is defined as the cumulative cost to the root bridge. In a BPDU, this is the value transmitted in the cost field. In a bridge, this value is calculated by adding the receiving port's path cost to the value contained in the BPDU.

What is the difference between the physical and logical network topology?

Physical topology defines the physical components of the network: cables, network devices, and computers. Logical topology defines the data path of the network.

You want to test TCP/IP connectivity between two hosts. What IP tool can you use to do this?

Ping. Ping is a tool that is part of IP that sends Internet Control Message Protocol (ICMP) packets to test network layer connectivity between two hosts. Ping sends an "echo request" packet to the target host and listens for an ICMP "echo response."

Which of the following are used for loop avoidance? - Link-state advertisements - Poison reverse - Route discovery - Split horizon

Poison reverse and split horizon are used for loop avoidance.

What is port-based authentication?

Port authentication is based on 802.1x and requires a client to be authenticated before it is allowed access to the LAN. 802.1x is a standards-based method that defines client-server[nd]based access control. In 802.1x, the authentication server authenticates each client that is connected to a switch port before making available any network access offered by the switch. 802.1x uses Extensible Authentication Protocol over LAN (EAPoL) to authenticate clients.

What is the STP listening state?

Ports transition from a blocking state to a listening state. In this state, no user data is passed. The port only listens for BPDUs. After listening for 15 seconds (if the bridge does not find a better path), the port moves to the next state, a learning state.

What are reconnaissance network attacks?

Reconnaissance attacks are attacks that gather information about the target. Types of attacks include sniffers, ping sweeps, port scans, and Internet Domain Name System (DNS) queries.

What is RIP?

RIP is a true distance vector routing protocol that sends its complete routing table out all active interfaces every 30 seconds. RIP uses hop count as its metric to determine the best path to a remote network. The maximum allowable hop count is 15; thus a hop count of 16 is unreachable. Two versions of RIP exist, version 1 and version 2. RIP can load-balance over four equal-cost paths by default.

What is RIPng?

RIPng is the IPv6 version of Routing Information Protocol (RIP), a distance vector protocol. RIPng is defined in RFC 2080 and is based on RIPv2. Thus RIPng uses hop count as its metric and has a maximum hop count of 15. However, some changes to RIPng are as follows: - Uses IPv6 for transport. - Uses multicast group FF02::09 to advertise routes every 30 seconds. - Updates are sent on User Datagram Protocol (UDP) port 521.

What are reflective access lists?

Reflective access lists allow IP packets to be filtered based on upper-layer session information. The allow outbound traffic and limit inbound traffic in response to sessions that originate from a network inside the router. Reflective ACLs contain only temporary entries that are created when a new IP session begins and are removed when the session ends. Reflective ACLs are not applied directly to an interface, but are "nested" within an extended named IP ACL that is applied to an interface.

When describing the characteristics of a network, what does reliability refer to?

Reliability refers to the dependability of the devices that make up the network (switches, routers, PCs, servers, and so on).

What is reliable versus best-effort delivery?

Reliable delivery is connection oriented, and best-effort is connectionless.

What does route aggregation mean when referring to variable subnet masking?

Route aggregation means combining routes to multiple networks into one supernet.

What is route summarization?

Route summarization is a way to reduce the size of routing tables in the network. Route summarization takes more specific routes to a network and replaces them with a single summary route that includes all the IP addresses covered in the original routes. Summarization is also called supernetting or route aggregation. RIP and EIGRP automatically perform route summarization each time they cross a border between two major networks. OSFP must be configured to perform summarization.

As a network administrator, you configure OSPF on two routers. However, the routers fail to exchange complete routing information. You issue the show run command on each router and see the following response: RouterA#show run !Text-ommitted! ! router ospf 10 network 172.16.0.0 0.0.255.255 area 0 network 192.168.0.0 0.0.0.255 area 0 ! RouterB#show run !Text-ommitted! ! router ospf 20 network 192.168.0.0 0.0.255.255 area 1 network 192.168.1.0 0.0.0.255 area 0 ! What is the cause of the problem?

Router B is configured with the wrong area. Router B is configured for area 0 and area 1. As a result, routers for area 1 do not appear in area 0. To fix the problem, place all the networks in area 0.

Define routing.

Routing is the act of finding a path to a destination and moving information across an internetwork from the source to the destination.

How do routing protocols maintain their routing tables with each other?

Routing protocols maintain their routing tables through the transmission of routing update messages. Routing update messages are exchanged between routers at periodic intervals or when a change in the network topology occurs. The information contained in the routing updated messages varies from routing protocol to routing protocol.

What is the Spanning Tree Protocol (STP)?

STP is a loop-prevention bridge-to-bridge protocol. Its main purpose is to dynamically maintain a loop-free network. It does this by sending out bridge protocol data units (BPDU), discovering any loops in the topology, and blocking one or more redundant links.

How does STP maintain a loop-free Layer 2 network?

STP maintains a loop-free network by doing the following: - Electing a root bridge - Electing a root port on each nonroot bridge - Electing designated ports on each segment - Blocking any redundant port that is not a root port or a designated port

What is the Spanning Tree Protocol (STP)?

STP, or 802.1D, is a Layer 2 loop-prevention bridge-to-bridge protocol. Its main purpose is to dynamically maintain a loop-free Layer 2 network. STP does this by sending out bridge protocol data units (BPDU), discovering any loops in the topology, and blocking one or more redundant links.

What is the difference between switched virtual circuits (SVC) and permanent virtual circuits (PVC)?

SVCs are dynamically established. PVCs are permanent. SVCs are virtual circuits that are dynamically established when data needs to be transferred and that are terminated when data transmission is complete. SVCs consist of four states: call setup, data transfer, idle, and call termination. PVCs are permanently established virtual circuits that operate in one of two states: idle or data transfer. When the PVC is idle, the connection between the data terminal equipment (DTE) devices is still active.

When describing the characteristics of a network, what does scalability refer to?

Scalability refers to how well the network can accommodate more users and more data.

When describing the characteristics of a network, what does security refer to?

Security refers to how secure the network and network data are.

List six Cisco Easy VPN restrictions.

Six Cisco Easy VPN restrictions are as follows: - Manual Network Address Translation (NAT) or Port Address Translation (PAT) configuration is not allowed. Cisco Easy VPN Remote automatically creates the appropriate NAT or PAT configuration for the VPN tunnel. - Only one destination peer and only one tunnel connection are supported. Multiple VPN tunnels must be manually configured. - Cisco Easy VPN requires the destination peer to be a Cisco Easy VPN remote access server. - Digital certificates are not supported. Authentication is done using Pre-Shared Keys (PSK). - Only Internet Security Association and Key Management Protocol (ISAKMP) policy group 2 is supported on IPsec servers. - Transform sets that provide encryption without authentication (ESP-DES and ESP-3DES) or authentication with encryption are not supported. Authentication Header (AH) is not supported either.

You install a 6-port router on your network. How many collision domains and broadcast domains will be created on the network with the addition of the 6-port router?

Six collision domains and six broadcast domains. Each interface on a router creates a collision domain and a broadcast domain.

What are six reasons the OSI reference model was created?

Six reasons that the OSI reference model was created are as follows: - To ensure that different vendors' products can work together - To create standards to enable ease of interoperability by defining standards for the operations at each level - To clarify general functions of internetworking - To divide the complexity of networking into smaller, more manageable sublayers - To simplify troubleshooting - To enable developers to modify or improve components at one layer without having to rewrite an entire protocol stack

Besides a larger address space, what are some additional benefits of IPv6?

Some additional benefits of IPv6 are as follows: - Simplified header - Autoconfiguration - Security with mandatory IPsec for all IPv6 devices - Mobility - Enhanced multicast support - Extension headers - Flow labels - Improved address allocation - Address aggregation

What are some benefits of using the Cisco Easy VPN solution?

Some benefits of using the Cisco Easy VPN solution are as follows: - Dynamic configuration of end-user policies. - Local VPN configuration is independent of the remote peer IP address. - Provides centralized security policy management. - Enables large-scale deployments with rapid user provisioning. - Removes the need for end users to install and configure Cisco Easy VPN Remote software on their PCs.

What are some differences between WLANs and LANs?

Some differences between WLAN and LANs are as follows: - WLANs use radio waves or infrared as the physical layer. - WLANs use carrier sense multiple access collision avoid (CSMA/CA) instead of carrier sense multiple access collision detect (CSMA/CD). - WLAN's frame format is different than that of wired Ethernet LANs. - WLANs are limited to coverage problems, interference, and noise. - Wireless access points are shared devices similar to an Ethernet hub. - WLANs must meet country-specific radio frequency (RF) regulations.

Slow convergence of distance vector routing protocols can cause inconsistent routing tables and routing loops. What are some mechanisms that distance vector protocols implement to prevent routing loops and inconsistent routing tables?

Some mechanisms that distance vector protocols implement to prevent routing loops and inconsistent routing tables are as follows: - Maximum hop count (count to infinity) - Split horizon - Route poisoning - Hold-down timers

Some mechanisms that distance vector protocols must implement to prevent routing loops and inconsistent routing tables are as follows: - Maximum hop count (count to infinity) - Split horizon - Route poisoning - Holddowns - Time to live (TTL)

What are some protocols that operate at the TCP/IP Internet layer?

Some protocols that operate at the TCP/IP Internet layer are as follows: - IP - ICMP (Internet Control Message Protocol) - ARP (Address Resolution Protocol) - RARP (Reverse Address Resolution Protocol)

Some ways distance vector routing protocols prevent routing loops and inconsistent routing tables are as follows: - Maximum hop count (count to infinity) - Split horizon - Route poisoning - Holddowns

What are some ways to mitigate password attacks?

Some ways to mitigate password attacks are as follows: - Disable accounts after a specific number of unsuccessful login attempts. - Do not use plain-text passwords. - Do not allow users to share the same password on different systems. - Use strong passwords.

When describing the characteristics of a network, what does speed refer to?

Speed refers to how fast data is transmitted over the network.

What is split horizon?

Split horizon prohibits a router from advertising a route through an interface that the router itself is using to reach the destination.

What is the difference between static and dynamic routes?

Static routes are routes that an administrator manually enters into a router. Dynamic routes are routes that a router learns automatically through a routing protocol.

What is switch port security?

Switch port security allows you to restrict input to a port by limiting and/or identifying the MAC addresses of the devices allowed to access the port.

What are some ways you can prevent unauthorized users from reconfiguring or viewing your switch configuration?

Switch-based authentication prevents unauthorized users from accessing the switch remotely. Switch-based authentication includes using console, vty, and enable passwords. It also includes using different usernames and passwords for access. Also, switches can use a TACACS+ or RADIUS server to provide remote authentication.

How do switches pass spanning-tree information between them?

Switches pass STP information using special frames called bridge protocol data units (BPDU). Every time a switch receives a BPDU, it compares it with all received BPDUs as well as with the BPDU that would be sent on the port. The switch checks the BPDU against the four-step sequence describe in Question 8 to see whether it has a lower value than the existing BPDU save for that port.

What devices are used to break up collision domains?

Switches, bridges, and routers are used to break up collision domains. They create more collision domains and fewer collisions. Each port on a bridge, switch, and router creates one collision domain. For example, if you have a switch with 24 ports, you have 24 separate collision domains.

What are synchronous links?

Synchronous links have identical frequencies and contain individual characters encapsulated in control bits, called start/stop bits, which designate the beginning and end of each character. Synchronous links try to use the same speed as the other end of a serial link. Synchronous transmission occurs on V.35 and other interfaces, where one set of wires carries data and a separate set of wires carries clocking for that data.

Why should you use Secure Shell (SSH) instead of Telnet to manage your Cisco devices?

Telnet sends all data in clear text, including passwords. SSH encrypts all data, ensuring that passwords and session data are secured.

Which frequency has higher data rates, 900 MHz or 2.8 GHz?

The 2.8-GHz frequency offers higher data rates. Higher frequencies allow higher data rates, so of the two, 2.8 GHz allows faster data transfer rates than 900 MHz. Although higher frequencies allow higher data rates, they also have a shorter range because the receiver requires a stronger signal to access information and a shorter transmission range.

How many available channels does 802.11b/g offer?

The 802.11b/g standards offer three channels. Although 802.11b/g has 11 channels, only 3 channels are nonoverlapping. As a result, the channels to use in 802.11b/g are 1, 6, and ll.

Which of the following wireless encryption specifications is most secure: WEP, WPA, or 802.11i?

The 802.11i specification is the most secure. Also known as WPA2, 802.11i uses the Advanced Encryption Standard (AES) for encryption and has dynamic key management. Wired Equivalent Privacy (WEP) uses a 64-bit static key for encryption and authentication. WEP keys are not strong and can be compromised. Wi-Fi Protected Access (WPA) was created to overcome WEP weaknesses. It provides strong user authentication and encryption using stronger algorithms such as Temporal Key Integrity Protocol (TKIP).

What is the AD of each of the following? - Directly connected interface - Static route - Border Gateway Protocol (BGP) - EIGRP - OSPF - RIPv2 - External EIGRP - Unknown

The ADs are as follows: - Directly connected interface: 0 - Static route: 1 - BGP: 20 - EIGRP: 90 - OSPF: 110 - RIPv2: 120 - External EIGRP: 170 - Unknown: 255

What is the AD for each of the following? - Directly connected interface - Static route - EIGRP - IGRP - OSPF - IS-IS - RIP - External EIGRP - Unknown

The ADs are as follows: - Directly connected interface: 0 - Static route: 1 - EIGRP: 90 - IGRP: 100 - OSPF: 110 - IS-IS 115 - RIP: 120 - External EIGRP: 170 - Unknown: 255

What is the AD for each of the following?

The ADs are as follows: - Directly connected interface: 0 - Static route: 1 - EIGRP: 90 - OSPF: 110 - RIPv1, RIPv2: 120 - External EIGRP: 170 - Unknown or Unreachable: 255

What is the ARP table?

The ARP table stores the reference of each known IP address to its MAC address. The ARP table is created and maintained dynamically.

What is backward explicit congestion notification (BECN)?

The BECN is the bit in the Frame Relay header that signals to switches and DTEs receiving the frame that congestion is occurring in the direction opposite (backward) of the frame. If switches and DTE devices detect that the BECN bit in the Frame Relay header is set to 1, they slow the rate at which data is sent in that direction.

In WLANs, what is the basic service area (BSA)?

The BSA is the access point's RF coverage area. In other words, it is the area that is covered by the access point.

What is the committed information rate (CIR)?

The CIR is the rate, in bits per second, that the service provider commits to transferring data. The service provider sends any data in excess of this rate if its network has capacity at that time.

Define the central office (CO).

The CO is the WAN service provider's office where the local loop terminates and in which circuit switching occurs.

Define the following Cisco NAT terminology: - Inside local address - Inside global address - Outside local address - Outside global address

The Cisco NAT terminology is defined as follows: - Inside local address: The IP address assigned to a host on the inside, private network. This is usually a private IP address. - Inside global address: A legal, routable IP address that represents one or more inside local IP addresses to the outside world. - Outside local address: The IP address of an outside host as it appears to the inside, private network. This is usually a private IP address. - Outside global address: The IP address assigned to a host on the outside network by the host's owner. This is usually a routable IP address.

What is Cisco SDM?

The Cisco Security Device Manager (SDM) is a web-based device-management tool for Cisco IOS Software[nd]based routers. SDM allows you to quickly configure, monitor, and deploy Cisco routers. It is a free tool that works on the following routers: 830 series, 1700 series, 1800 series, 2600XM series, 2800 series, 3600 series, 3700 series, 3800 series, and select 7200 and 7301 series

Describe HDLC.

The Cisco version of HDLC is the default encapsulation type on point-to-point dedicated links and circuit-switched connections between Cisco routers. It is an ISO-standard, bit-oriented, data-link protocol that encapsulates data on synchronous links. HDLC is a connection-oriented protocol that has little overhead. The ISO-standard version of HDLC lacks a protocol field and therefore cannot encapsulate multiple network-layer protocols across the same link. Because of this, each vendor has its own method of identifying the network-layer protocol. Cisco offers a propriety version of HDLC that uses a type field that acts as a protocol field, making it possible for multiple network-layer protocols to share the same link.

In the Frame Relay header, what is the discard eligibility (DE) bit?

The DE bit is turned on for frames that are in excess of the CIR. The DE bit tells a switch which frames to discard if they must be discarded. For example, if your CIR is 256 kbps and you are using 512 KB of bandwidth, any frame above the first 256 KB will have the DE bit turned on. If the Frame Relay switch becomes congested, it will discard any frame above the first 256 KB with the DE turned on.

What is the Diffie-Hellman Key Exchange?

The Diffie-Hellman (DH) Key Exchange is a public key exchange that exchanges symmetric shared secret keys used for encryption and decryption over an insecure channel.

What is DNS?

The Domain Name System (DNS) converts names into IP addresses. Instead of having to remember a host's IP address, DNS allows you to use a friendly name to access the host. For example, it is easier to remember http://www.cisco.com than 198.133.219.25.

What is the EIGRP neighbor table?

The EIGRP neighbor table lists all adjacent routers. Each EIGRP router maintains a neighbor table.

What do the Ethernet and IEEE 802.3 standards define?

The Ethernet and IEEE 802.3 standards define a bus-topology LAN that operates at a baseband signaling rate of 10 Mbps, referred to as 10BASE. Within the Ethernet standards are protocol specifications that define the transmission medium and access. The following three protocol specifications exist: - 10BASE2: Known as thin Ethernet, this specification uses thin coaxial cable as its medium and provides access for multiple stations on the same segments. - 10BASE5: Called thick Ethernet, this specification uses a thick coaxial cable as its medium. The maximum segment length of 10BASE5 is over twice that of 10BASE2. - 10BASE-T: This specification provides access for a single station only, so all stations connect to a switch or hub. The physical topology of 10BASE-T is that of a star network. It uses unshielded twisted-pair (UTP) cable Category 3, 4, 5, and 5e as its network medium.

What are the Ethernet segment distance limitations for the following? - 100BASE-TX - 100BASE-FX - 1000BASE-T

The Ethernet segment distance limitations are as follows: - 100BASE-TX: 100 meters - 100BASE-FX: 400 meters - 1000BASE-T: 100 meters - 1000BASE-LX: 550 meters for multimode fiber, 10 km for single-mode fiber - 1000BASE-SX: 250 meters for multimode fiber, 550 meters for single-mode fiber - 1000BASE-CX: 25 meters

Define the Fast Ethernet standard.

The Ethernet standard that defines Fast Ethernet is IEEE 802.3u. This standard raises the speed of the Ethernet standard of 10 Mbps to 100 Mbps with only minimal changes to the existing cable structure. The Fast Ethernet standard defines different protocol specifications depending of the physical medium used. The following are the four different Fast Ethernet specifications: - 100BASE-FX: Uses two strands of multimode fiber-optic cable as its medium and has a maximum segment length of 400 meters. - 100BASE-T: Defines UTP as its medium and has a maximum segment length of 100 meters. - 100BASE-T4: Uses four pairs of Cat 3 to 5 UTP as its medium. It maximum segment length is 100 meters. - 100BASE-TX: Specifies two pairs of UTP or shielded twisted-pair (STP) cable as its medium with a maximum segment distance of 100 meters.

In EIGRP, what is the feasible distance (FD)?

The FD is the metric from the local router, through the next-hop router, and to the destination.

In Frame Relay, what is forward explicit congestion notification (FECN)?

The FECN is the bit in the Frame Relay header that signals to anyone receiving the frame (switches and DTEs) that congestion is occurring in the same direction as the frame (the frame cloud). Switches and DTEs can react by slowing the rate at which data is sent in that direction.

What does the Frame Relay switch use to distinguish between each PVC connection?

The Frame Relay switch uses DLCIs to distinguish between each PVC connection.

What IOS command displays values associated with routing timers, the administrative distance, and network information associated with the entire router?

The IOS command show ip protocols, as follows, displays values associated with routing timers, the administrative distance, and network information associated with the entire router: RouterB#show ip protocols Routing Protocol is "rip" Sending updates every 30 seconds, next due in 2 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain Serial0 1 1 2 Serial1 1 1 2 Routing for Networks: 192.168.1.0 192.168.2.0 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120)

What IOS commands assign interface f0/1 to VLAN 10 and interface f0/2 to VLAN 20?

The IOS commands that assign interface f0/1 to VLAN 10 and interface f0/2 to VLAN 20 are as follows: Cat2960(config)#int f0/1 Cat2960(config-if)#switchport access vlan 10 Cat2960(config-if)#int f0/2 Cat2960(config-if)#switchport access vlan 20

What is the OSPF Init state?

The Init state indicates that a router has received a Hello packet from its neighbor, but the receiving router's ID was not included in the Hello packet. As a result, two-way communication has not yet been established.

What is the largest WAN in the world?

The Internet is the largest WAN in the world. The Internet is the best example of a WAN. It is a collection of thousands of interconnected networks all over the world.

What is the Local Management Interface (LMI)?

The LMI is a signaling standard between a customer premises equipment (CPE) device (a router) and the Frame Relay switch that is responsible for managing and maintaining status between the devices. It is autosensed with Cisco IOS Release 11.2 and later.

What is the administrative distance?

The administrative distance (AD) is an integer from 0 to 255 that rates the trustworthiness of the source of the IP routing information. It is significant only when a router learns about a destination route from more than one routing source. The path with the lowest AD is the one given priority.

For what is the Logical Link Control (LLC) sublayer responsible?

The Logical Link Control (802.2) sublayer is responsible for identifying different network layer protocols and then encapsulating them to be transferred across the network. Two types of LLC frames exist: Service access point (SAP) and Subnetwork Access Protocol (SNAP). An LLC header tells the data link layer what to do with a packet after it is received.

What does the LLC sublayer do?

The Logical Link Control (802.2) sublayer is responsible for identifying different network layer protocols and then encapsulating them to be transferred across the network. Two types of LLC frames exist: service access points (SAP) and Subnetwork Access Protocol (SNAP). An LLC header tells the data link layer what to do with a packet after it is received.

What functions does the Media Access Control (MAC) sublayer provide?

The MAC sublayer specifies how data is placed and transported over the physical wire. It controls access to the physical medium. The LLC sublayer communicates with the network layer, but the MAC sublayer communicates downward directly to the physical layer. Physical addressing (MAC addresses), network topologies, error notification, and delivery of frames are defined at this sublayer.

What functions does the Media Access Control (MAC) sublayer provide?

When is the message of the day (MOTD) banner displayed?

The MOTD is displayed upon connection to the switch either by Telnet or by the console port.

Define the OSPF 2-Way state.

The OSFP 2-Way state indicates that bidirectional communication has been established between two routes. Bidirectional communication means that each router sees its router ID in its neighbor's Hello packets.

What is the OSPF Attempt state?

The OSPF Attempt state only applies to neighbors on NBMA networks. In this state, the router sends unicast Hello packets to a neighbor at the HelloInterval instead of at the PollInterval.

Define the OSPF Down state.

The OSPF Down state is the first OSPF neighbor state. It means that no Hellos have been received from the OSPF neighbor.

Define the OSPF Full state.

The OSPF Full state means that all routers are fully adjacent with each other and that the routers' databases are fully synchronized.

How can you manually restart the OSPF process without rebooting the router?

The OSPF process can be restarted with the clear ip ospf process global command.

What are the RSTP port states?

The RSTP port states are as follows: - Discarding - Learning - Forwarding

What does a VTP client do if it receives a VTP packet from the VTP server that contains less VLANs than are currently in the client's database and a lower revision number than the VTP client?

The VTP client ignores the packet. Because the revision number is lower than the client's current revision number, the client knows that the packet is not correct and ignores the packet. Every time VLAN information is modified on the VTP server, the server increments its VTP revision number by 1. In this scenario, if the VTP packet had a higher revision number than the one on the client, the client would update its VLAN information.

What does the following access list do? access-list 110 deny ip host 172.16.0.2 any access-list 110 permit ip any any

The access list denies any traffic from the host 172.16.0.2 and permits all other traffic.

What are the additional features found in VTP version 2?

The additional features found in VTP version 2 are as follows: - Token Ring support - Unrecognized type-length-value (TLV) support - Version-dependent transparent mode (forwards VTP messages in transparent mode out all trunk interfaces) - Consistency checks

What does the application layer (Layer 7) of the OSI model do, and what are some examples of this layer?

The application layer is the layer that is closest to the user. This means that this layer interacts directly with the software application. The application layer's main function is to identify and establish communication partners, determine resource availability, and synchronize communication. Some examples include the following: - TCP/IP applications such as Telnet, FTP, Simple Mail Transfer Protocol (SMTP), and HTTP - OSI applications such as Virtual Terminal Protocol; File Transfer, Access, and Management (FTAM); and Common Management Information Protocol (CMIP)

What Cisco command clears all the NAT mappings in the NAT table?

The clear ip nat translation * command clears all the NAT translations in the NAT table. This command is useful for troubleshooting NAT.

When a DHCP-enabled client first boots up, what does the client broadcast?

The client broadcasts a DHCPDISCOVER message on the local subnet. The destination address of DHCPDISCPOVER messages is 255.255.255.255.

What command must be entered when connecting two routers without external DCE devices through a serial link?

The clock rate command must be entered. When connecting two routers without an external DCE device, the clock rate interface command changes one of the router's serial interfaces from a data terminal equipment (DTE) device to a DCE device.

What is the IOS command syntax that creates a standard IP access list?

The command syntax that creates a standard IP access list is as follows: access-list access-list-number {permit | deny} source-address [wildcard-mask] In this syntax, access-list-number is a number from 1 to 99 or 1300 to 1999. For example: RouterA(config)#access-list 10 deny 192.168.0.0 0.0.0.255 This command creates access list number 10, which denies any IP address between 192.168.0.0 and 192.168.0.255.

What is the IOS command syntax that creates a standard IP access list?

The command syntax to create a standard IP access list is as follows: access-list access-list-number {permit | deny} source-address [wildcard-mask] The access-list-number parameter is a number from 1 to 99 or 1300 to 1999. For example: SwitchA(config)#access-list 10 deny 192.168.0.0 0.0.0.255 SwitchA(config)#access-list 10 permit any This creates access list number 10, which denies any IP address between 192.168.0.1 and 192.168.255.255 while permitting all other traffic.

Assuming that you are using no channel service unit/data service unit (CSU/DSU) and that you are using back-to-back data terminal equipment/data communications equipment (DTE/DCE) serial cables, what command would you use to set the serial interface on a router to provide clocking to another router at 64 kbps?

The command to set the serial interface on a router to provide clocking to another router at 64 kbps is clock rate 64000.

How do you enable RIP on a Cisco router?

The commands to enable RIP on a Cisco router are as follows: - router rip global command - network connected-network-address command

What communication protocol allows you to connect your computer to the Internet using a standard telephone line, and can transmit multiple protocols?

The communication protocol is PPP. PPP offers the following features: - Control of data link setup - Provides dynamic IP address assignment - Link configuration and link quality testing - Error detection - Network-layer address negotiation and data compression - Supports several network-layer protocols

You have one computer that is connected to a switch that is having very slow and intermittent connections with the network. You log on to the switch and issue the show interface command on the port that the user is connected to. You see the following: !output omitted! 5 minute input rate 10000 bits/sec, 8 packets/sec 5 minute output rate 10000 bits/sec, 7 packets/sec 1476671 packets input, 363178961 bytes, 0 no buffer Received 20320 broadcasts (12683 multicast) 0 runts, 325 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored What is most likely the cause of the problem?

The computer has a faulty NIC. The switch is receiving a lot of giants. Giants are frames greater than the Ethernet maximum transmission unit (MTU) of 1518 bytes. The cause for giants is usually a faulty NIC on the computer.

What is the main purpose of the configuration register on a Cisco router?

The configuration register's main purpose is to control how the router boots up. It is a 16-bit software register that, by default, is set to load the Cisco IOS from flash memory and to look for and load the startup-config file from NVRAM.

What three configuration settings does a host on a TCP/IP network require to communicate with hosts on a remote TCP/IP network?

The configuration settings are as follows: - IP address - Subnet mask - Default gateway address

What are the console configuration settings needed to connect to a Cisco device's console port?

The console configuration settings needed to connect to a Cisco device's console port are as follows: - Speed: 9600 bits per second - Data bits: 8 - Parity: None - Stop bit: 1 - Flow control: None

How do you restore a configuration file from a TFTP server into your Cisco router's RAM?

The copy tftp running-config privileged EXEC command merges the saved and running configuration into your router's RAM, so any commands not explicitly changed or removed will remain in the running configuration. Sample command output is as follows: RouterB#copy tftp running-config Address or name of remote host []? 192.168.0.2 Source filename []? routerb-confg Destination filename [running-config]? Accessing tftp://192.168.0.2/routerb-confg... Loading routerb-confg from 192.168.0.2 (via Ethernet0): ! [OK - 780/1024 bytes] 780 bytes copied in 4.12 secs (195 bytes/sec) RouterB# 01:40:46: %SYS-5-CONFIG: Configured from tftp: //192.168.0.2/routerb-confg

What is the correct network address for host 192.168.10.72/26?

The correct network address is 192.168.10.64. A 26-bit subnet mask is 255.255.255.192. A quick way to find the network of a given subnet mask is to subtract the last portion of the subnet mask with 256. In this case, 256 [ms] 192 = 64. Assuming that the ip subnet zero command is enabled on the router, the usable networks for a 26-bit subnet mask are as follows: - 192.168.10.0 - 192.168.10.64 - 192.168.10.128 - 192.168.10.192 Host 192.168.10.72 falls in the 192.168.10.64 network.

What is the responsibility of the data link layer (Layer 2)?

The data link layer defines how data is formatted from transmission and how access to the physical media is controlled. This layer also typically includes error correction to ensure reliable delivery of data. The data link layer translates messages from the network layer into bits for the physical layer, and it enables the network layer to control the interconnection of data circuits within the physical layer. Its specifications define different network and protocol characteristics, including physical addressing, error notification, network topology, and sequencing of frames. Data-link protocols provide the delivery across individual links and are concerned with the different media types, such as 802.2 and 802.3. The data link layer is responsible for putting 1s and 0s into a logical group. These 1s and 0s are then put on the physical wire. Some examples of data link layer implementations are IEEE 802.2/802.3, IEEE 802.5/802.2, packet trailer (for Ethernet, frame check sequence [FCS], or cyclic redundancy check [CRC]), Fiber Distributed Data Interface (FDDI), High-Level Data Link Control (HDLC), and Frame Relay.

As a network administrator, you configured MD5 authentication between your OSPF routers. However, authentication fails. You verify the configuration on both routers, and the configuration appears correct. What command can you use to view the authentication process between the routers?

The debug deb ip ospf adj command allows you to capture the authentication process between routers configured for OSPF authentication.

What command allows you to troubleshoot EIGRP authentication?

The debug eigrp packets command allows you to view the neighbor adjacency process. When authentication is enabled on two routers, it is part of the adjacency process, and you can view whether authentication is the cause of failed neighbor adjacencies. If the failed neighbor adjacency is due to a misconfiguration in EIGRP authentication, you will see the following debugging output from the router: *Mar 26 12:48:15.749: EIGRP: pkt key id = 2, authentication mismatch *Mar 26 12:48:15.749: EIGRP: Serial 0: ignored packet from 192.168.1.2, opc ode = 5 (invalid authentication) *Mar 26 12:48:15.749: EIGRP: Dropping peer, invalid authentication

In your OSPF network, two routers are not becoming fully adjacent. You want to troubleshoot the problem and see any packet information that passes between the two neighbors. What command can you use to view OSPF packets and Hellos between the routers?

The debug ip ospf packet command displays log messages that describe the content of all OSPF packets. The debug ip ospf hello command displays all log messages that describe Hellos and Hello failures.

What is the default LMI type for Cisco routers that are configured for Frame Relay?

The default LMI for Cisco routers configured for Frame Relay is Cisco. By default, Cisco routers autosense the LMI type the Frame Relay switch is using. If it cannot autosense the LMI type, the router uses Cisco as its LMI type. The three types of LMIs supported by Cisco routers are as follows:• Cisco • ANSI • Q933a

What are the default Layer 2 Ethernet interface VLAN settings on a Catalyst 2960?

The default Layer 2 Ethernet interface VLAN settings on a Catalyst 2960 are as follows: - Interface mode: switchport mode dynamic auto - Allowed VLANs: 1 to 4094 - Default VLAN: VLAN 1 - VLAN pruning eligible range: 2 to 4094 - Native VLAN: 1

What is the default STP type on Cisco Catalyst switches?

The default STP type on Cisco Catalyst switches is PVST+.

What is the default VTP configuration on a Catalyst 2960 switch?

The default VTP configuration on a Catalyst 2960 switch is as follows: - VTP domain: Null - VTP mode: Server - VTP version: Version 1 - VTP password: (None) - VTP pruning: Disabled

What is the default bandwidth of a serial interface on a Cisco router?

The default bandwidth is 1544 kbps, or T1. This can be viewed with the show interface serial interface-number command, as follows: RouterA#show int s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10sec) (Text omitted)

What is the default configuration register of a Cisco 2600 series router?

The default configuration register of a Cisco 2600 series router is 0x2102. The configuration register tells the router what configuration file to load at router startup. Modifying the configuration register is part of the password recovery process.

What is the purpose of the default gateway?

The default gateway allows hosts to communicate to hosts that are on a different network (segment). All data that is not destined for the same network is sent to the default gateway for delivery.

What is the default mode of a switch port?

The default mode is trunk. Because the default mode of a switch port is dynamic desirable, the port will try to negotiate to trunking if the other end of the link has a compatible setting. This setting can allow an unauthorized user to plug a device into an unused switch port and gain access to the network. Cisco recommends securing unused switch ports.

What type of physical network is the default for a Frame Relay WAN?

The default type of physical network is a nonbroadcast multiaccess (NBMA) network. The physical network means the network topology. By default, Frame Relay networks are NBMA. Nonbroadcast means that the network does not support broadcasts. Multiaccess means that the communication medium is shared by multiple devices, such as a LAN.

What is the demarcation point (demarc)?

The demarc is a point where the CPE ends and the local loop begins. It is the point between the wiring that comes in from the local service provider (telephone company) and the wiring installed to connect the customer's CPE to the service provider. It is the last responsibility of the service provider and is usually a network interface device (NID) located in the customer's telephone wiring closet. Think of the demarc as the boundary between the customer's wiring and the service provider's wiring.

What are the different classes of IP addressing and the address ranges of each class?

The different classes of IP addressing and their ranges are as follows: - Class A: 1.0.0.0 to 126.255.255.255 - Class B: 128.0.0.0 to 191.255.255.255 - Class C: 192.0.0.0 to 223.255.255.255 - Class D: 224.0.0.0 to 239.255.255.255 (Multicasting) - Class E: 240.0.0.0 to 255.255.255.254 (Reserved)

How do you enable routing between VLANs on a Cisco router using 802.1Q?

The encapsulation dot1q vlan-id interface command enables 802.1Q trunking on a Cisco router. To configure trunking on a router, first create a subinterface and then configure the subinterface with the encapsulation dot1q vlan-id command, where the vlan-id is the VLAN number of the associated VLAN. The following example enables inter-VLAN routing for VLANs 1, 10, and 20: RouterB(config)#int f0/0 RouterB(config-if)#ip address 192.168.1.1 255.255.255.0 RouterB(config-if)#int f0/0.10 RouterB(config-if)#ip address 192.168.10.1 255.255.255.0 RouterB(config-if)#encapsulation dot1q 10 RouterB(config-if)#int f0/0.20 RouterB(config-if)#ip address 192.168.20.1 255.255.255.0 RouterB(config-if)#encapsulation dot1q 20

Router A is connected to Router B through a dedicated link. Router B is a non-Cisco router. Using the command output shown, what must be configured on interface S of Router A to change the line protocol from down to up? RouterA#show int s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10sec) !output omitted!

The encapsulation ppp command changes the line protocol from down to up. Because Router B is a non-Cisco router, PPP must be used as the encapsulation type between the routers. In the output, Router A is configured to use HDLC. Because HDLC is proprietary to Cisco, it does not work with a non-Cisco router.

A Cisco router and a router from another manufacturer are directly connected through a dedicated serial link. What command can be used on the Cisco router to form a WAN connection between the two routers?

The encapsulation ppp interface command can be used to form a WAN connection between the two routers. Because the Cisco router is connecting to another manufacturer's router over a dedicated serial link, PPP needs to be configured as the Layer 2 WAN protocol. If both routers were Cisco routers, HDLC or PPP encapsulation could be used.

What are the five network types that OSPF defines?

The five network types defined by OSPF are as follows: - Broadcast networks - NBMA networks - Point-to-point networks - Point-to-multipoint networks - Virtual links

On a Cisco IOS device, name the enhanced editing commands that do the following: - Move the cursor to the beginning of the line - Move the cursor to the end of the line - Move the cursor forward one word - Move the cursor forward one character - Move the cursor back one character - Erase a line

The enhanced editing commands are as follows: - Move the cursor to the beginning of the line: Ctrl-A - Move the cursor to the end of the line: Ctrl-B - Move the cursor forward one word: Esc-B - Move the cursor forward one character: Ctrl-F - Move the cursor back one character: Ctrl-B - Erase a line: Ctrl-U

How do you restore your router to factory defaults?

The erase startup-config privileged EXEC command, as follows, erases your router's configuration, thus bringing it back to its factory defaults: RouterB#erase startup-config Erasing the nvram filesystem will remove all files! Continue? [confirm] [OK] Erase of nvram: complete

In EIGRP, what is the feasible successor?

The feasible successor is the backup route. These routes are selected at the same time the successors are identified, but they are only kept in the topology table, not the routing table. They are used for fast convergence. If the successor fails, the router can immediately route through the feasible successor. Multiple feasible successors can exist for a destination.

What fields are included in the TCP header?

The fields included in the TCP header are as follows: - Acknowledgment Number - Sequence Number - Source/Destination Port - Window Size - TCP Checksum

What are the first 3 bits of an IPv6 unicast address always set to?

The first 3 bits of an IPv6 unicast address are always 001.

What portion of the MAC address is vendor specific?

The first half or first 24 bits of the MAC address are vendor specific. A MAC address is 48 bits and is displayed in hexadecimal. The first half of the address identifies the vendor or manufacturer of the card. This is called the Organizational Unique Identifier (OUI). The last half of the address identifies the card address.

What is the range of binary values for the first octet in class B addresses?

The first octet for a class B IP address is 128[nd]191 in decimal, which is 10000000-10111111 in binary.

When configuring trunking on a Catalyst 2960, what are the five Layer 2 interface modes supported?

The five Layer 2 interface modes supported when configuring trunking on a Catalyst 2960 are as follows: - switchport mode access: Makes the interface a nontrunking access port. - switchport mode dynamic auto: Allows the interface to convert to a trunk link if the connecting neighbor interface is set to trunk or desirable. - switchport mode dynamic desirable: Makes the interface attempt to convert the link to a trunk link. The link becomes a trunk if the neighbor interface is set to trunk, desirable, or auto. - switchport mode trunk: Configures the port to permanent trunk mode and negotiates with the connected device if the other side can convert the link to trunk mode. - switchport nonegotiate: Prevents the interface from generating DTP frames.

What are the five Spanning Tree port states?

The five Spanning Tree port states are as follows: - Blocking - Listening - Learning - Forwarding - Disabled

What are the five classes of network attacks?

The five classes of network attacks are as follows: - Passive: Include capturing and monitoring unprotected communication and capturing passwords. The attacker gains access to information or data without the consent or knowledge of users. - Active: Actively try to break or bypass security devices, introduce malicious code, and steal and modify data. - Close-in: Occur when an individual attains close physical proximity to networks or facilities with the intent of gathering or changing data. - Insider: Occur from authorized users inside a network. They can be either malicious or nonmalicious. - Distribution: Focus on the malicious changes to hardware or software at the factory or during distribution to introduce the malicious code to unsuspecting users.

What are the five different port roles in RSTP?

The five different port roles in RSTP are as follows: - Root port: The best path to the root (the same as in STP) - Designated port: The port through which the designated switch is attached to the LAN (the same as in STP) - Alternate port: A backup port to the root switch - Backup port: A backup port to the designated switch - Disabled port: A port with no role in Spanning Tree

List five types of information obtained from CDP?

The five types of information obtained from CDP are as follows: - Device identifiers (host name of remote device) - Network address list of remote devices - Port identifiers of remote devices - Capabilities list of remote devices - Platform of remote devices (type of remote device)

What are the five types of physical topologies implemented in today's networks?

The five types of physical topologies implemented in today's networks are as follows: - Bus - Ring - Star - Extended star - Mesh

During client association to an AP, what information is sent from the client to the AP?

The following information is sent from the client to the AP during client association to an AP: - Client service set identifier (SSID) - Client MAC address - Client security settings

Because IPv6 uses a 128-bit address, routing protocols need to be modified to support IPv6. What routing protocols support IPv6?

The following routing protocols support IPv6: - RIPng - OSPFv3 - EIGRP for IPv6 - Intermediate System[nd]to[nd]Intermediate System (IS-IS) for IPv6 - Multiprotocol Border Gateway Protocol (MP-BGP)

What six types of information are stored in routing tables?

The following six types of information are stored in routing tables: - Destination network address - Next-hop address - Exiting interface - Metric - Administrative distance - Routing protocol used

How do you enable PVRST+ on a Cisco switch?

The following steps enable PVRST+ on a Cisco switch: Step 1. Enable PVRST+ as follows: spanning-tree mode rapid-pvst Step 2. Designate and configure a root bridge as follows: spanning-tree vlan vlan-id root primary Step 3. Designate and configure a backup bridge as follows: spanning-tree vlan vlan-id root secondary

What two authentication methods are used by IPsec to authenticate peers?

The following two authentication methods are used by IPsec to authenticate peers: - Pre-Shared Keys: Pre-Shared Keys are secret key values entered into each peer manually that authenticate the peer. - Rivest, Shamir, and Adelman (RSA) signatures: RSA signatures use the exchange of digital certificates to authenticate the peers.

What are the four VLAN port membership modes on a Catalyst 2960 switch?

The four VLAN port membership modes on a Catalyst 2960 switch are as follows: - Static-access: Static-access ports belong to only one VLAN and are manually assigned. - Trunk (IEEE 802.1Q): By default, a trunk port is a member of all VLANs. - Dynamic-access: Dynamic-access ports belong to one VLAN and are dynamically assigned by a VMPS. Dynamic-access ports must not connect to another switch. - Voice VLAN: Voice VLAN ports are access ports attached to an IP phone that are configured to use one VLAN for voice traffic and another VLAN for data traffic from a device connected to the IP phone.

What are the four available WAN connection types?

The four available WAN connection types are as follows: - Dedicated connections (leased lines) - Circuit-switching connections - Packet-switching connections - Cell-switching connections

What are the four characteristics of a typical VLAN setup?

The four characteristics of a typical VLAN setup are as follows: - Each logical VLAN is like a separate physical bridge. - For different VLANs to communicate with each other, traffic must be forwarded through a router or Layer 3 switch. - Each VLAN is considered to be a separate logical network. - VLANs can span multiple switches.

What are the four components of EIGRP?

The four components of EIGRP are as follows: - Protocol-independent modules - Reliable Transport Protocol (RTP) - Neighbor discovery/recovery - Diffusing Update Algorithm (DUAL)

What are the four layers of the TCP/IP stack?

The four layers of the TCP/IP stack are as follows: - Application - Transport - Internet - Network Access

What are the four major resources that are shared on a computer network?

The four major resources that are shared on a computer network are as follows: - Data and applications: Consist of computer data and network-aware applications such as e-mail - Resources: Include input and output devices such as cameras and printers - Network storage: Consists of directly attached storage devices (physical storage that is directly attached to a computer and a shared server), network attached storage, and storage area networks - Backup devices: Can back up files and data from multiple computers

What are the four steps of the Cisco security wheel?

The four steps of the Cisco security wheel are as follows: - Step 1: Secure - Step 2: Monitor - Step 3: Test - Step 4: Improve

What four timers does RIP use to regulate performance?

The four timers RIP uses to regulate performance are as follows:Route update timer: The time between router updates. Default is 30 seconds. Route invalid timer: The time that must expire before a route becomes invalid. Default is 180 seconds. Route hold-down timer: If RIP receives an update with a hop count higher than the metric recording in the routing table, RIP goes into a holddown for 180 seconds. Route flush timer: The time from when a route becomes invalid to when it is removed from the routing table. Default is 240 seconds.

What are the four types of multiplexing?

The four types of multiplexing are as follows:Time-division multiplexing (TDM): Each data channel is allocated bandwidth based on time slots, regardless of whether data is transferred; thus bandwidth is wasted when there is no data to transfer. Frequency-division multiplexing (FDM): Information of each data channel is allocated bandwidth based on the signal frequency of the traffic. An example of this is FM radio. Wave-division multiplexing (WDM) and dense WDM (DWDM): Each data channel is allocated bandwidth based on wavelength (inverse of frequency). Statistical-division multiplexing: Bandwidth is dynamically allocated to data channels.

What are the four types of routes found in a routing table?

The four types of routes found in a routing table are as follows:Directly connected networks: Route entries that a router is directly connected to. Static routes: Routes entered manually by an administrator. Dynamic routes: Routes learned and populated by a routing protocol. Default route: Used to route packets when the router does not have a specific destination for packets in its routing table. The default route is entered manually or dynamically.

What is split horizon?

The split horizon rule prohibits a router from advertising a route through an interface that the router itself is using to reach the destination.

When calculating a loop-free environment, Spanning Tree uses a four-step decision sequence to determine which switch will be the root bridge and which ports will be in the forwarding or blocking state. What are these four steps?

The four-step decision sequence that Spanning Tree uses to determine the root bridge is as follows: Step 1. The lowest root BID Step 2. The lowest path cost to the root bridge Step 3. The lowest sender BID Step 4. The lowest port ID

What command enables a loopback interface on a Cisco router?

The interface loopback number global configuration command configures a loopback interface. The number option specifies the loopback interface number you are creating.

On a Cisco router, what does the ip classless global command do?

The ip classless command prevents a router from dropping packets for an unknown subnetwork of a directly attached network if a default route is configured. The ip classless command is enabled by default.

What is the local loop?

The local loop is the physical cable that extends from the demarc to the provider's central office switch.

What banner is displayed before the username and password login prompts on a Catalyst switch?

The login banner is displayed. The login banner is configured using the banner login global command. For example: Cat2960#config t Enter configuration commands, one per line. End with CNTL/Z. Cat2960(config)#banner login # Enter TEXT message. End with the character '#'. Notice! Only Authorized Personnel Are Allowed to Access This Device #

What are the most common network user applications on today's networks?

The most common network user applications on today's networks are as follows: - E-mail - Web browsers - Instant messaging - Collaboration - Databases

What are the most common routing metrics used in routing algorithms?

The most common routing metrics used in routing algorithms are as follows: - Bandwidth: The data capacity of a link - Delay: The length of time required to move a packet from source to destination - Load: The amount of activity on the link or network resource - Reliability: A reference to the error rate on each network link - Hop count: The number of routers a packet must take to reach its destination - Cost: A value assigned by the network administrator, usually based on bandwidth or monetary expense on the link

An end user complains of slow access to the network. You issue the show interface command on the port the user is connected to and you see a lot of collisions and cyclic redundancy check (CRC) errors on the interface. What is most likely the cause of the problem?

The most likely cause of the problem is a bad network cable, damaged media, or EMI. Excessive collisions and CRC errors usually indicate a problem with the network cable attached to the port, or outside interference.

Describe the function of the network layer (Layer 3). Give some examples of network layer implementations.

The network layer provides internetwork routing and logical network addresses. It defines how to transport traffic between devices that are not locally attached. The network layer also supports connection-oriented and connectionless service from higher-layer protocols. Routers operate at the network layer. IP, Internetwork Packet Exchange (IPX), AppleTalk, and Datagram Delivery Protocol (DDP) are examples of network layer implementations.

While troubleshooting a computer with network connectivity problems, you notice steady link lights on both the computer and the switch port the computer is connected to. However, when you issue the ping command from the computer, you receive a "Request timed out" message. On what layer of the OSI model does the problem most likely exist?

The network layer. Because the link lights on the computer network interface card (NIC) and workstation port are on, the physical connection is working properly. Because you are getting a "Request timed out" message, the problem most likely resides at the network layer.

What are the number ranges that define standard and extended IP access lists?

The number ranges that define standard and extended IP access lists are as follows: - Standard IP access lists: 1 to 99 and 1300 to 1999 (expanded range) - Extended IP access lists: 100 to 199 and 2000 to 2699 (expanded range)

What is the passive-interface command?

The passive-interface command configures an interface to not participate in the routing process. By issuing the passive-interface command on a router interface, the configured interface stops sending or routing protocol information. However, incoming routing information is not stopped. Because the passive-interface command stops sending routing updates, it breaks adjacencies in OSPF and EIGRP.

Determine the Spanning Tree path cost for each of the following: - 10 Mbps - 100 Mbps - 1 Gbps - 10 Gbps

The path costs are as follows: - 10 Mbps: 100 - 100 Mbps: 19 - 1 Gbps: 4 - 10 Gbps: 2

What is the function of the OSI model's physical layer (Layer 1)? Give some examples of physical layer implementations.

The physical layer defines the physical medium. It defines the media type, the connector type, and the signaling type (baseband versus broadband). This includes voltage levels, physical data rates, and maximum cable lengths. The physical layer is responsible for converting frames into electronic bits of data, which are then sent or received across the physical medium. Twisted-pair, coaxial, and fiber-optic cable operate at this level. Other implementations at this layer are repeaters/hubs.

If a nonroot bridge has two redundant ports with the same root path cost, how does the bridge choose which port will be the root port?

The port with the lowest port ID becomes the root port. If a nonroot bridge has redundant ports with the same root path cost, the deciding factor is the port with the lower port ID (port number). For example, port number g0/1 is preferred over port g0/2.

On your VTP server, you removed VLAN 20 because it is no longer needed. The network runs fine after removing the VLAN. A week later, the company suffers a power loss and all the switches are power cycled. When the switches come back online, some users complain that they cannot access the network. You issue the show interface command on one of the switches and notice that some of the ports are inactive. Why are the ports inactive?

The ports are inactive because they are most likely members of VLAN 20, which was removed the week before. Switch ports move to the inactive state when they are members of VLANs that no longer exist in the VLAN database. This occurs after a VLAN has been removed and the switch is power cycled. A quick way to fix this is to assign the ports to an existing VLAN.

As the network administrator of a switched network, you add redundant links to your network. Shortly after doing so, users complain that they can no longer access the network. Additionally, you notice a lot of broadcast traffic on the network. What is the cause of the problem?

The problem is most likely due to a misconfiguration in Spanning Tree. Because the problem started when redundant switch links were installed, one of the switches is most likely having Spanning Tree problems, and a traffic loop is probably occurring in the network.

As a network administrator, you add a new switch to your environment. You configure the links between your core switch and your new switch for trunking. However, the new switch is not receiving VLAN configuration from your VTP server. You issue the show vtp status command on both switches. You see the following on the core switch: core#show vtp status VTP Version : 2 Configuration Revision : 19 Maximum VLANs supported locally : 1005 Number of existing VLANs : 14 VTP Operating Mode : Server VTP Domain Name : CiscoPress VTP Pruning Mode : Enabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled You see the following on the new switch: new#show vtp status VTP Version : 2 Configuration Revision : 1 Maximum VLANs supported locally : 1005 Number of existing VLANs : 1 VTP Operating Mode : Client VTP Domain Name : Ciscopress VTP Pruning Mode : Enabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled What is the problem?

The problem is that an incorrect VTP domain is configured on the new switch. The VTP domain on the core switch is CiscoPress, but on the new switch, it is Ciscopress. The setting for the VTP domain is case sensitive (and so is the VTP password). This mismatch prevents the switches from exchanging VTP information

You connect two switches using a straight-through unshielded twisted-pair (UTP) Cat 6 cable. The port link lights between the switches are not coming on. What is the problem?

The problem is with the cable. A straight-through cable is used to connect data terminal equipment (DTE) devices to data communications equipment (DCE) devices. A switch is considered a DCE device, and so are hubs. DTE devices include computers, printers, servers, and routers. For two like devices to connect to each other, a crossover cable is needed. In this case, replacing the cable with a crossover cable will fix the problem.

An end user's computer network card is set to half-duplex and the switch port his computer is connected to is set to full-duplex. What is the result?

The result is a duplex mismatch. As a result, the computer does not gain access to the network.

What is one of the most important components in the VTP advertisement?

The revision number. Every time a VTP server modifies its VLAN configuration, it increments the configuration number by 1. The largest configuration number in the VTP domain contains the most current information. When a client receives a revision number higher than its current number, it updates its VLAN configuration.

What IOS commands enable EIGRP on a Cisco router and advertise 192.168.3.0 and 192.168.4.0 as its directly connected networks?

The router eigrp process-id command, followed by the network command, enables EIGRP on the router. The following commands enable EIGRP using AS 100 and then advertise networks 192.168.3.0 and 192.168.4.0: RouterA(config)#router eigrp 100 (100 is the AS) RouterA(config-router)#network 192.168.3.0 RouterA(config-router)#network 192.168.4.0

How do you enable OSPF on a Cisco router?

The router ospf process-id command enables the OSPF process, and the network address wildcard-mask area area-id command assigns networks to a specific OSPF area. Consider the following example: RouterA(config)#router ospf 10 RouterA(config-router)#network 192.168.10.0 0.0.0.255 area 0 These commands enable OSPF process 10 and advertise the network 192.168.10/24 in area 0. Notice that you must specify the wildcard mask instead of the subnet mask.

When a router is powered on, what three tasks does the router perform?

The router performs the following tasks when powered on: 1. Runs a power-on self test (POST) to test the hardware 2. Finds and loads the IOS 3. Finds and applies the router configuration file

During router startup, you see the following error message: Boot cannot open "flash" What will the router try to do next?

The router will attempt to locate the IOS image from a TFTP server. If the router cannot find the IOS image from a TFTP server, the router will load a limited IOS from ROM.

What are the seven layers of the OSI reference model? Include the layer number and name of each layer in your answer.

The seven layers of the OSI reference model are as follows: - Layer 7: Application layer - Layer 6: Presentation layer - Layer 5: Session layer - Layer 4: Transport layer - Layer 3: Network layer - Layer 2: Data link layer - Layer 1: Physical layer

What does the show cdp command display?

The show cdp command displays global CDP information about the device. It tells you when the device will send CDP packets and the CDP holdtime: RouterB#show cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds

What does the show cdp interface command display?

The show cdp interface command, as follows, displays the status of CDP on all interfaces on your device: RouterB#show cdp interface Ethernet0 is up, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0 is up, line protocol is up Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial1 is up, line protocol is up Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds

On a Cisco router, what does the show cdp neighbors command display?

The show cdp neighbors command displays the following: - Device ID (name of the device) - Local interface (local outgoing port) - Holdtime displayed in seconds - Device's capability code - Hardware platform of the neighboring device - Port ID of the neighboring device (remote port)

What does the show cdp neighbors detail command display?

The show cdp neighbors detail and show cdp entry * commands show the same output. They both display the following: - Device ID (host name) of the remote neighbor - Layer 3 address of the remote device (if the device has more than one Layer 3 address on its interface, only the primary address is shown) - Device platform and capabilities - Local interface and outgoing port ID - Remote device holdtime in seconds - IOS type and version

What does the show cdp traffic command display?

The show cdp traffic command, as follows, displays information about interface traffic. This includes the number of CDP packets sent and received and CDP errors: RouterB#show cdp traffic CDP counters : Hdr syntax: 0, Chksum error: 0, Encaps failed: No memory: 0, Invalid packet: 0, Fragmented: 0

What Cisco IOS command displays the contents of flash memory?

The show flash command displays the contents of flash memory. This includes the images stored in flash memory, the images' names, bytes used in flash memory, bytes available, and the total amount of flash memory on your router, as follows: RouterA#show flash System flash directory: File Length Name/status 1 6897716 c2500-d-l.120-13.bin [6897780 bytes used, 1490828 available, 8388608 total] 8192K bytes of processor board System flash (Read ONLY)

What Cisco IOS command displays the LMI traffic statistics and LMI type?

The show frame-relay lmi command, as follows, displays the LMI traffic statistics and LMI type: RouterA#show frame-relay lmi LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Rcvd 1748 Num Status msgs Sent 1748 Num Update Status Sent 0 Num St Enq. Timeouts 0

What command displays the status of a Frame Relay virtual circuit?

The show frame-relay pvc enable command shows the status of the Frame Relay circuit. It also lists all the configured PVCs and DLCI numbers and the status of each PVC.

What Cisco IOS command would you use to view a list of the most recently used commands?

The show history command, by default, displays the last ten commands used. You can also use the up-arrow key (or press Ctrl-P) to display the very last command you entered and the down-arrow key (or press Ctrl-N) to display the previous commands you entered. As you use the up- or down-arrow keys, you are scrolling through the history buffer. The following is an example of the show history command: Router#show history en show running-config show history enable show version show clock show history Router#

What are some of the things the show interface interface-type number command displays?

The show interface command displays the following: - Whether the interface is administratively down - Whether the line protocol is up or down - An Internet address (if one is configured) - Maximum transmission unit (MTU) and bandwidth - Traffic statistics on the interface - Interface encapsulation type

How do you view the encapsulation type on a serial interface?

The show interface serial interface-number command, as follows, allows you to view the encapsulation type on a serial interface: RouterB#show interface serial 0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input 00:00:00, output 00:00:03, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec

How do you display the trunking interfaces on a Catalyst 2960?

The show interfaces interface-id trunk privilege EXEC command shows the interfaces that are trunking on a switch and the trunk configuration, as follows: Cat2960#show interfaces trunk Port Mode Encapsulation Status Native vlan Gi0/1 on 802.1q trunking 1 Port Vlans allowed on trunk Gi0/1 1-4094 Port Vlans allowed and active in management domain Gi0/1 1-3,5,10,20,30,40,50,60 Port Vlans in spanning tree forwarding state and not pruned Gi0/1 1-3,5,40

What command allows you to view the statistics for all interfaces configured on the switch?

The show interfaces privileged command allows you to view the statistics for all interfaces configured on the switch.

What command would you use to see EIGRP adjacencies?

The show ip eigrp neighbors command displays EIGRP adjacencies and directly connected neighbors, as follows: RouterA# show ip eigrp neighbors IP-EIGRP Neighbors for process 100 Address Interface Holdtime Uptime Q Seq SRTT RTO (secs) (h:m:s) Count Num (ms) (ms) 192.168.10.2 Ethernet1 13 0:02:00 0 11 4 20 192.168.11.2 Ethernet0 14 0:02:01 0 10 12 24

How do you view the EIGRP neighbor table?

The show ip eigrp neighbors command shows the EIGRP neighbor table.

How do you view the EIGRP topology table?

The show ip eigrp topology command shows the EIGRP topology table, including successors and feasible successors, as follows: RouterB# show ip eigrp topology IP-EIGRP Topology Table for process 100 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 192.168.4.0 255.255.255.0, 1 successors, FD is 2172416 via 192.168.3.2 (2172416/28160), Serial0 via 192.168.2.2 (2684416/1794560), Serial1

What command displays the switch's configured IP address, subnet mask, and default gateway?

The show ip interface privileged EXEC command displays all IP information configured for all interfaces on the switch. Following is the output of the show ip interface command: Cat2960#show ip interface Vlan1 is up, line protocol is down Internet address is 192.168.0.10/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled

What IOS command lists the OSPF area for router interfaces and the neighbors adjacent on the interface?

The show ip ospf interface command lists the area in which the router interface resides and the neighbors of the interface. Additionally, it lists the interface state, process ID, router ID, network type, cost, priority, DR and BDR, timer intervals, and authentication if it is configured. Here is an example of the show ip ospf interface command: RouterB# show ip ospf interface ethernet 0 Ethernet0 is up, line protocol is up Internet Address 10.1.1.1/24, Area 0 Process ID 1, Router ID 172.16.0.2, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 172.16.0.1, Interface address 10.1.1.2 Backup Designated router (ID) 172.16.0.2, Interface address 10.1.1.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:06 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 2, maximum is 2 Last flood scan time is 0 msec, maximum is 4 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 172.16.0.1 (Designated Router) Suppress hello for 0 neighbor(s)

How do you verify that authentication is enabled on an OSPF interface?

The show ip ospf interface command, as follows, shows that OSPF authentication is enabled: RouterA# show ip ospf interface serial0 Serial0 is up, line protocol is up Internet Address 192.16.0.1/24, Area 0 Process ID 10, Router ID 172.16.0.1, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 4 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) Simple password authentication enabled

What command can you use to view the OSPF neighbor state?

The show ip ospf neighbor command shows the OSPF neighbor state.

What IOS command allows you to view all EIGRP routes in the routing table?

The show ip route eigrp command allows you to view all EIGRP-learned routes in the routing table.

As the network administrator, you want to view all the routes learned by OSPF on your router. What IOS command can you use to view this information?

The show ip route ospf command shows all routes the router learned through OSPF.

What IOS command shows the active outbound connections after telneting into multiple routers simultaneously?

The show sessions command, as follows, displays the active outbound Telnet sessions from that particular user on your router: RouterA#show sessions Conn Host Address Byte Idle Conn Name * 1 192.168.1.2 192.168.1.2 0 0 192.168.1.2

On a Cisco router, what does the show version command display?

The show version command displays the system hardware's configuration, including RAM, flash memory, software version, configuration register, and boot images. For example: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2600 Software (C2600-JS-M), Version 12.0(8), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by Cisco Systems, Inc. Compiled Mon 29-Nov-99 15:26 by kpma Image text-base: 0x80008088, data-base: 0x80B081E0 --Text omitted-- Router uptime is 50 minutes System restarted by power-on System image file is "flash:c2600-js-mz.120-8.bin" cisco 2610 (MPC860) processor (revision 0x300) with 53248K/12288K bytes of memory. Processor board ID 02073409, with hardware revision 00000000 --Text omitted-- 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102

What Cisco IOS command would you use to view the current configuration register value?

The show version command, as follows, displays the router's current configuration register: RouterA#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-D-L), Version 12.0(13), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Wed 06-Sep-00 01:08 by linda Image text-base: 0x030388F8, data-base: 0x00001000 <Output omitted> Configuration register is 0x2102

What Cisco switch IOS command displays the system hardware, software version, names of configuration files, and boot images?

The show version switch IOS command displays the system hardware, software version, boot images, and configuration register. The following is the output of the show version command: Cat2960#show version Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Fri 28-Jul-06 04:33 by yenanh Image text-base: 0x00003000, data-base: 0x00AA2F34 ROM: Bootstrap program is C2960 boot loader BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)SEE1, RELEASE SOFTWARE (fc1) Cat2960 uptime is 17 hours, 32 minutes System returned to ROM by power-on System image file is "flash:c2960-lanbase-mz.122-25.SEE2/c2960-lanbase-mz.122-25.SEE2.bin" cisco WS-C2960-24TT-L (PowerPC405) processor (revision B0) with 61440K/4088K bytes of memory. Processor board ID FOC1043Z2SG Last reset from power-on 1 Virtual Ethernet interface 24 FastEthernet interfaces 2 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. <text omitted> Configuration register is 0xF

One switch in your network is not receiving VLAN information. How do you verify whether the switch is receiving VTP information?

The show vtp counters privilege EXEC command displays VTP statistics about advertisements received and pruning information, as follows: Cat2960#show vtp counters VTP statistics: Summary advertisements received : 426 Subset advertisements received : 1 Request advertisements received : 0 Summary advertisements transmitted : 481 Subset advertisements transmitted : 0 Request advertisements transmitted : 0 Number of config revision errors : 0 Number of config digest errors : 0 Number of V1 summary errors : 0 VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Gi2/2 5043 5036 0 Gi2/3 5043 5033 0 Gi2/4 5043 5032 0 Gi2/5 5043 5033 0 Gi2/6 5043 5038 0 Gi3/1 5043 5035 0 Gi3/2 5043 5034 0 Gi3/4 5044 5033 0 Po1 4903 4903 0

How do you configure plain-text authentication for OSPF?

The steps for configuring plain-text authentication for OSPF are as follows: Step 1. Assign a password to be used with the ip ospf authentication-key password interface command. Step 2. Specify the authentication type with the ip ospf authentication interface command. Step 3. Configure authentication under the OSPF area using the area area-id authentication command.

What are the steps for the TCP three-way handshake?

The steps for the TCP three-way handshake are as follows: Step 1. The source host sends a SYN to the destination host. Step 2. The destination host replies to the source with an ACK. At the same time, it sends a SYN to the source host. Step 3. The source host replies with an ACK.

How do you enable EIGRP MD5 authentication on Cisco routers?

The steps to configure EIGRP authentication are as follows: Step 1. Enter the interface that you want to configure authentication on. Step 2. Enable MD5 authentication using the ip authentication mode eigrp process-id md5 interface command. Step 3. Create an authentication key using the ip authentication key-chain eigrp process-id key-chain command. The key-chain parameter is the name of the key you want to create. Step 4. Exit interface configuration mode. Step 5. Identify the key chain that you configured in Step 3 using the key chain name-of-key-chain command. Step 6. Create a key number with the key number command. Step 7. Identify the key string using the key-string text command.

What are the steps to configure IPv6?

The steps to configure IPv6 are as follows: Step 1. Obtain IPv6 prefixes. Step 2. Allocate IPv6 addresses to devices. Step 3. Configure router interfaces. Step 4. Configure tunnels (if communicating over an IPv4 network). Step 5. Configure routing (static, RIPng, OSPF, EIGRP). Step 6. Configure name servers.

What are the steps to implement a wireless network?

The steps to implement a wireless network are as follows: Step 1. Verify wired operation, including Dynamic Host Configuration Protocol (DHCP) and Internet access. Step 2. Install the AP. Step 3. Configure the AP with no security. Step 4. Install and configure a wireless client with no security. Step 5. Verify wireless connectivity. Step 6. Configure security on the AP and client. Step 7. Verify wireless operation.

As a network administrator, you have a class B address. Assuming that the ip subnet zero command is enabled on the router, what subnet mask allows you to have 100 subnetworks with at least 500 usable hosts?

The subnet mask is 255.255.254.0. 255.255.254.0 in binary is as follows: 11111111.11111111.11111110.00000000 All you care about are the last two octets. So you have 7 bits for the network and 9 bits for host addresses. Seven bits of subnetting provide 128 subnets, and 9 bits of host subnetting provide 510 hosts per subnet.

Your Internet provider has given you the IP network address of 172.16.0.0/16. You have 18 networks, each with 1200 hosts. You want to assign one IP range per subnet, leaving room for future growth. Assuming that the ip subnet zero command is enabled on all routers, what subnet mask would best achieve your goals?

The subnet mask of 255.255.248.0 would best achieve your goals. If you look at this subnet mask in binary, you can see that you have 5 subnet bits for the network address: 11111111.11111111.11111000.00000000 If you use the subnet equation 25 = 32, 32 available networks will be provided with the subnet mask, which fulfills the requirement for 18 networks and allows adequate growth. This leaves you with 11 bits to be assigned to hosts. This gives you 2046 (211 [ms] 2) addresses, giving you more than enough IP addresses to be assigned to hosts. If you use a subnet mask of 255.255.240.0, you will meet the requirement of 1200 hosts (212 [ms] 2 = 4094 available hosts) but not have enough networks (24 = 16 available networks).

What is the switch MAC address table used for?

The switch MAC address table forwards traffic to the appropriate port. Because switches operate at Layer 2 of the OSI model, they switch traffic by MAC address. Instead of flooding traffic out all ports, a switch learns the MAC address of devices on each port and only forwards traffic destined to the host on the port. The learned MAC addresses are stored in the switch's MAC address table.

How many MAC addresses can a Catalyst 2960 switch store in its MAC address table?

The switch can store 8192 MAC addresses. MAC addresses on a Catalyst 2960 are dynamically learned. They are stored in memory and are updated and aged out automatically. When a switch is rebooted, the MAC addresses stored in the MAC address table are reset.

As a network administrator, you try to add a new VLAN to a Catalyst 2960 switch. However, when you add the new VLAN, you get the following error from the switch: Switch(config)#vlan 20 %VTP VLAN configuration not allowed when device is in CLIENT mode. The VLAN is not added to the switch. Why did this error occur?

The switch is a VTP client. A switch can only add, modify, or delete VLANs if it is in server or transparent mode. To remedy the problem, change the switch to server or transparent mode using the vtp mode [server | transparent] global command.

One of your Catalyst 2960 switches is generating the following error: %SW_VLAN-6-VTP_MODE_CHANGE: VLAN manager changing device mode from CLIENT to TRANSPARENT Why is this error occurring?

The switch is changing from VTP client to transparent mode for the following two reasons: - The switch has more VLANs running on STP than it can support. - The switch receives more VLANs from the VTP server than the switch can support.

While troubleshooting a switched network, you see the following on a switch interface that is having connectivity problems: !output omitted! 5 minute input rate 10000 bits/sec, 8 packets/sec 5 minute output rate 10000 bits/sec, 7 packets/sec 1476671 packets input, 363178961 bytes, 0 no buffer Received 20320 broadcasts (12683 multicast) 2345 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored What could be the cause of the problem?

The switch is receiving a lot of runts. Runts are frames smaller than 64 bytes with a bad frame check sequence (FCS). Bad cabling or inconsistent duplex settings usually cause runts.

Traffic between two switches is slow. You issue the show interface command on the uplink between the two switches and you see the following: !output omitted! 0 input packets with dribble condition detected 180749 packets output, 8004302 bytes, 0 underruns 0 output errors, 45345 collisions, 0 interface resets 0 babbles, 45345 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out What is the problem?

The switch port is receiving a lot of late collisions. The problem can be a duplex mismatch or a faulty port, or the distance between the two switches might exceed the cable specifications.

As network administrator, you issue the following commands on your Catalyst 2960 switch: Cat2960(config)#enable password Cisco Cat2960(config)#enable secret cisco What password will the switch use to enter privileged EXEC mode?

The switch will use cisco to enter privileged EXEC mode. When a switch has the enable password and enable secret password configured, the switch will use the enable secret password as the password to enter privileged EXEC mode.

In STP, how is a root bridge elected?

The switch with the lowest BID is elected the root bridge. All ports on the root bridge are placed in the forwarding state and are called designated ports. The BID is 8 bytes and is composed of two fields: the default priority of 32,768 (2 bytes) and a MAC address (6 bytes). Because all Cisco switches use the default priority, the switch with the lowest MAC address is elected the root bridge.

What are the three classes of routing protocols?

The three classes of routing protocols are as follows: - Distance vector: Uses a vector of distance and direction to find the best path. Distance is defined in terms of a metric, and direction is defined as the next-hop router. Distance vector protocols broadcast the entire routing table to all neighbors at periodic intervals. Distance vector protocols are slow to converge because of hold-down timers. RIP is a distance vector protocol. - Link-state: Uses a topological database that is created on each router. This database keeps track of directly connected neighbors, the entire network, and the routing table. Link-state updates are typically multicast to all neighbors. Open Shortest Path First (OSPF) and Intermediate System[nd]to[nd]Intermediate System (IS-IS) are examples of link-state protocols. - Balance hybrid: Combines aspects of distance vector and link-state protocols. An example is Enhanced IGRP (EIGRP).

What are the three switching methods (frame transmission modes) in Cisco Catalyst switches?

The three frame operating modes to handle frame switching are as follows: - Store-and-forward - Cut-through - Fragment-free

What are three general steps that EIGRP uses to add routes to the router's routing table?

The three general steps that EIGRP uses to add routes to the router's routing table are as follows:Step 1. Discover other EIGRP routers attached to the same subnet and form a neighbor relationship with the discovered routers. All discovered routers are kept in the router's EIGRP neighbor table. Step 2. Exchange network topology information with all discovered neighbors. This information is stored in the EIGRP topology table. Step 3. Run DUAL on all topology information and put the lowest-metric routes in the routing table.

What three major functions do Layer 2 switches provide?

The three major functions that Layer 2 switches provide are as follows: - Address learning - Packet forwarding/filtering - Loop avoidance with the Spanning Tree Protocol

What are the three mechanisms TCP uses to accomplish a connection-oriented connection?

The three mechanisms TCP uses to accomplish a connection-oriented connection are as follows: - Packet sequencing - Acknowledgments, checksums, and timers - Windowing

What are the three mechanisms that DHCP uses for IP address allocation?

The three mechanisms that Dynamic Host Configuration Protocol (DHCP) uses for IP address allocation are as follows: - Automatic allocation: Assigns a permanent IP address to a client - Dynamic allocation: Assigns an IP address to a client for a set period of time, for example, 7 days - Manual allocation: Assigns a specific IP address to a client as defined by the administrator using the client's MAC address

What are the three most common ways that VLAN membership is established?

The three most common ways of establishing VLAN membership are as follows: - Port-driven membership - MAC address membership - Layer 3[nd]based membership

What three phases establish a PPP session?

The three phases that establish a PPP session are as follows: Step 1. Link establishment: Each PPP device sends LCP packets to configure and test the link (Layer 1). Step 2. Authentication phase (optional): If authentication is configured, either PAP or CHAP is used to authenticate the link. This must take place before the network layer protocol phase can begin (Layer 2). Step 3. Network layer protocol phase: PPP sends NCP packets to choose and configure one or more network layer protocols to be encapsulated and sent over the PPP data link (Layer 3).

What three phases are used to establish a PPP session?

The three phases used to establish a PPP session are as follows: Step 1. Link establishment phase: Each PPP device sends LCP packets to configure and test the link (Layer 1). Step 2. Authentication phase (optional): If authentication is configured, either PAP or CHAP is used to authenticate the link. This must take place before the network layer protocol phase can begin (Layer 2). Step 3. Network layer protocol phase: PPP sends NCP packets to choose and configures one or more network layer protocols to be encapsulated and sent over the PPP data link (Layer 3).

When a router receives LMI information, it updates its VC status to one of three states. What are these three states?

The three states of a VC are as follows: - Active state: The connection is active, and routers can exchange data. - Inactive state: The local connection to the Frame Relay switch is working, but the remote router's connection to the Frame Relay switch is not working. - Deleted state: Indicates that no LMIs are being received from the Frame Relay switch or that no service exists between the router and the Frame Relay switch.

How do you enable PPP authentication using PAP or CHAP on a Cisco router?

The three steps to enable PPP authentication on a Cisco router are as follows: Step 1. Make sure that each router has a host name assigned to it using the hostname command. Step 2. On each router, define the username of the remote router and password that both routers will use with the username remote-router-name password password command. Step 3. Configure PPP authentication with the ppp authentication {chap | chap pap | pap chap | pap} interface command. (If both PAP and CHAP are enabled, the first method you specify in the command is used. If the peer suggests the second method or refuses the first method, the second method is used.) RouterB(config)#hostname RouterB RouterB(config)#username RouterA password cisco RouterB(config)#int s0 RouterB(config-if)#ppp authentication chap pap

What three types of STP are supported on Cisco switches?

The three types of STP supported on Cisco switches are as follows: - PVST+: PVST+ is based on the 802.1D standard but also includes Cisco-proprietary features such as UplinkFast and BackboneFast. - PVRST+: PVRST+ (Per-VLAN Rapid Spanning Tree) is defined in 802.1w and has faster convergence than 802.1D. - MSTP: MSTP combines PVST+ and all IEEE standards.

What are the three types of authentication supported by OSPF?

The three types of authentication supported by OSPF are as follows: - Null authentication - Plain-text authentication - Message digest algorithm 5 (MD5) authentication

What is the purpose of a three-way handshake?

The three-way handshake initiates communication by establishing an initial sequence number and window size.

What is the transport layer (Layer 4) responsible for? Give some examples of transport layer implementations.

The transport layer segments and reassembles data from upper-layer applications into data streams. It provides reliable data transmission to upper layers. End-to-end communications, flow control, multiplexing, error detection and correction, and virtual circuit management are typical transport layer functions. Some examples include TCP, User Datagram Protocol (UDP), and Sequenced Packet Exchange (SPX).

You want to create a trunk link between two Catalyst switches. On each switch's Gigabit 0/1 port, you issue the switchport mode dynamic auto command on both switches; however, the trunk link is not established. Why is the trunk link not being created?

The trunk link is not being established because both ports are set to dynamic auto. When a trunking port is set to dynamic auto, the port can trunk only if the neighboring device is set to trunk or dynamic desirable. Properly configuring one of the ports to trunk or dynamic desirable will fix the issue.

What two Cisco IOS commands verify end-to-end connectivity?

The two Cisco IOS commands that verify end-to-end connectivity are the ping and trace EXEC commands. The ping command sends an echo to the remote destination; the trace command shows the path from the source to the destination.

What two EXEC modes are supported in the Cisco router IOS?

The two EXEC modes are as follows: - User EXEC mode (user mode) - Privileged EXEC mode (enable or privileged mode)

What two EXEC modes are supported in the Cisco IOS?

The two EXEC modes supported in Cisco IOS are as follows: - User EXEC mode (user mode) - Privileged EXEC mode (enable or privileged mode)

What are the two Infrastructure modes?

The two Infrastructure modes are as follows:Basic Service Set (BSS): Wireless clients connect to each other and the wireless network through one access point. Extended Services Set (ESS): More than one access point exists, with all APs configured with a common SSID to allow roaming.

What are the two categories of routing protocols?

The two categories of routing protocols are as follows: - Interior gateway protocols (IGP): Exchange routing information within an autonomous system (AS). An AS is a collection of networks under a common administrative domain. RIP, IS-IS, OSPF, and EIGRP are IGPs. - Exterior gateway protocols (EGP): Exchange routing information between autonomous systems. Border Gateway Protocol (BGP) is an example of an EGP.

What are the two components of Cisco VPNs?

The two components of Cisco VPNs are as follows: - Cisco Easy VPN Server: The VPN server is a dedicated VPN gateway such as a Cisco VPN concentrator, Cisco PIX firewall, Cisco ASA adaptive security appliance, or a Cisco IOS router. The VPN server can terminate VPN tunnels initiated by mobile and remote workers running Cisco VPN client software. It also terminates VPN tunnels in site-to-site VPNs. - Cisco Easy VPN Remote: The VPN remote enables Cisco IOS routers, PIX firewalls, Cisco ASA appliances, and Cisco VPN hardware clients to receive security polices from a Cisco Easy VPN server to minimize VPN configuration requirements at remote locations.

What are the two configuration modes in the Cisco Catalyst 2960 series switch IOS?

The two configuration modes are global configuration and interface configuration. Global configuration configures global settings to the switch, such as IP address or host name. Interface configuration configures interface settings, such as port speed or duplex.

What two key concepts does STP calculation use to create a loop-free topology?

The two key concepts that the STP calculation uses to create a loop-free topology are as follows: - Bridge ID (BID) - Path cost

What are the two key functions that a router performs?

The two key functions that a router performs are path determination (routing) and packet forwarding (switching). The routing mechanism is responsible for learning and maintaining awareness of the network topology. The switching function is the process of moving packets from an inbound interface to an outbound interface.

What are the two main IPsec framework protocols?

The two main IPsec framework protocols are as follows: - Authentication Header (AH): AH provides authentication and data integrity for IPsec using the authentication and data integrity algorithms. AH does not encrypt packets and, used alone, provides weak protection. As such, AH is used with ESP to provide data encryption and tamper-aware security features. - Encapsulation Security Protocol (ESP): ESP provides encryption, authentication, and integrity. ESP encrypts the IP packet and the ESP header, thus concealing the data payload and the identities of the source and destination.

What two methods of authentication can be used with PPP links?

The two methods of authentication on PPP links are as follows:Password Authentication Protocol (PAP): PAP is the less secure of the two methods; passwords are sent in clear text and are exchanged only upon initial link establishment. Challenge Handshake Authentication Protocol (CHAP): CHAP is used upon initial link establishment and periodically to make sure that the router is still communicating with the same host. CHAP passwords are exchanged as message digest algorithm 5 (MD5) hash values.

What two methods of authentication can be used with PPP links?

The two methods of authentication that can be used with PPP links are as follows: - Password Authentication Protocol (PAP) - Challenge Handshake Authentication Protocol (CHAP)

What are the two methods to assign a port to a VLAN?

The two methods to assign a port to a VLAN are as follows: - Statically: Statically assigning a port to a VLAN is a manual process performed by the administrator. - Dynamically: Assigning VLANs dynamically is done using a VLAN Membership Policy Server (VMPS). The VMPS contains a database that maps MAC addresses to VLAN membership. A dynamic port can belong to only one VLAN at a time. A Catalyst 4500 or 6500 switch can be configured to be a VMPS, but a Catalyst 2960 switch cannot.

What are the two modes of Cisco WebVPN?

The two modes of Cisco WebVPN are as follows: - Clientless - Thin client

What two protocols are available for compression on PPP links?

The two protocols are Stacker and Predictor. As a rule, Predictor uses more memory than Stacker, and Stacker is more CPU intensive than Predictor.

What two protocols are available for compression on PPP links?

The two protocols available for compression are Stacker and Predictor. As a general rule, Predictor uses more memory than Stacker, and Stacker is more CPU intensive than Predictor.

What are the two rules for reducing the size of written IPv6 addresses?

The two rules for reducing the size of written IPv6 addresses are as follows: - Rule 1: The leading 0s in any segment do not have to be written. If a segment has fewer than four hexadecimal digits, it is assumed that the missing digits are leading 0s. For example, 2001:0D02:0000:0000:0000:C003:0001:F00D, can be written as follows: 2001:D02:0:0:0:C003:1:F00D - Rule 2: Any single, consecutive fields of all 0s can be represented with a double colon. For example, 2001:D02:0:0:0:C003:1:F00D can be further reduced to the following: 2001:D02::C003:1:F00D

PPP is a data link layer protocol that provides network layer services. What are the two sublayers of PPP?

The two sublayers of PPP are as follows: - Network Control Protocol (NCP): The component that encapsulates and configures multiple network layer protocols. Some examples of these protocols are IP Control Protocol (IPCP) and Internetwork Packet Exchange Control Protocol (IPXCP). - Link Control Protocol (LCP): Used to establish, configure, maintain, and terminate PPP connections.

PPP is a data link layer protocol that provides network-layer services. What are the two sublayers of PPP?

The two sublayers of PPP are as follows:Network Control Protocol (NCP): The component that encapsulates and configures multiple network-layer protocols. Some examples of these protocols are IP Control Protocol (IPCP) and Internetwork Packet Exchange Control Protocol (IPXCP). Link Control Protocol (LCP): Establishes, configures, maintains, and terminates PPP connections.

What are the two types of VPNs?

The two types of VPNs are as follows: - Site-to-site - Remote access

As a network administrator, you use VLAN 1 for the Sales division. As a result, all users in VLAN 1 cannot access other users assigned to different VLANs. Why is this happening, and how do you enable the users in VLAN 1 to communicate with other users in different VLANs?

The users in VLAN 1 cannot communicate with the other VLANs because, by default, VLAN 1 is the native VLAN. 802.1Q does not encapsulate traffic from the native VLAN. Thus the users in VLAN 1 cannot communicate with other users. To fix the issue, you need to change the native VLAN to a different unused VLAN in your network. To do this, use the switchport trunk native vlan vlan-id interface command. The following command changes the native VLAN on trunking interface g0/1 from 1 to 1000: Cat2960(config-if)#switchport trunk native vlan 1000

Define the following STP terms: - Forward delay - Hello time - Max age timer

These STP terms are defined as follows: - Forward delay: The time it takes a port to move from listening to learning or from learning to forwarding. The default time is 30 seconds: 15 seconds to transition to listening and 15 seconds to transition to learning. - Hello time: The time interval between the sending of BPDUs. The default time is 2 seconds. - Max age timer: How long a bridge stores a BPDU before discarding it. The default time is 20 seconds (10 missed hello intervals).

Define the following Cisco NAT terminology: - Inside local address - Inside global address - Outside local address - Outside global address

These terms are defined as follows: - Inside local address: The IP address assigned to a host on the inside, private network. This is usually a private (RFC 1918) IP address. - Inside global address: A registered, Internet-routable IP address that represents one or more inside local IP addresses to the outside world. - Outside local address: The IP address of an outside host as it appears to the inside, private network. - Outside global address: The IP address assigned to a host on the outside network by the host's owner. This is usually a routable IP address.

What are three benefits of NAT?

Three benefits of NAT are as follows: - Eliminates readdressing overhead of hosts that require external access - Conserves IP addresses through application port-level multiplexing - Hides the internal network, providing a small level of network security

List three categories of network applications.

Three categories of network applications are as follows: - Batch applications: Examples are FTP and TFTP. They are started by a human and complete with no other interaction. - Interactive applications: Include database updates and queries. A person requests data from the server and waits for a reply. Response time depends more on the server than the network. - Real-time applications: Include VoIP and video. Network bandwidth is critical because these applications are time critical. Quality of service (QoS) and sufficient network bandwidth are mandatory for these applications.

List three characteristics of PPP.

Three characteristics of PPP are as follows: - It can be used over dial (analog) or switched lines. - It provides error correction. - It encapsulates several routed protocols.

What are three common methods (technologies) used to connect to the Internet?

Three common methods (technologies) used to connect to the Internet are digital subscriber line (DSL), cable, and serial.

List three disadvantages link-state protocols have over distance vector protocols.

Three disadvantages that link-state protocols have over distance vector protocols are as follows: - Significant demands of resources. Because link-state protocols require a topology database of the internetwork, they require a significant amount of memory and CPU cycles to run the SPF algorithm. - Link-state protocol networks are more complex, making it more difficult to troubleshoot than distance vector protocols. - All areas have to connect to a backbone area, thus requiring a lot of planning in implementing a link-state network.

What three factors can affect radio wave propagation?

Three factors that can affect radio wave propagation are as follows:Reflection: Occurs when RF waves bounce off objects such as metal or glass Scattering: Occurs when RF waves strike uneven surfaces Absorption: Occurs when RF waves are absorbed by objects, for example, water

List three reasons to disable CDP?

Three reasons to disable CDP are as follows: - To save network bandwidth by not exchanging CDP frames. - If you are connecting to non-Cisco devices. - Security. CDP multicasts information about the device every 60 seconds. Sniffers and other devices can view these broadcasts to discover information about your network.

List three security threats to WLANs?

Three security threats to WLANs are as follows:War drivers: War driving is when someone is driving around with a laptop and wireless card/antenna looking for wireless access points to exploit. Hackers: Most hackers start by war driving. When an access point is identified, hackers try to exploit weak security keys and passwords to gain access to the network. Rogue APs: Rogue access points (AP) are access points installed on a WLAN that can interfere with day-to-day network operation. Rogue APs are also unauthorized APs installed on the network by employees.

List three types of encryption algorithms supported by IPsec.

Three types of encryption algorithms supported by IPsec are as follows: - Data Encryption Standard (DES): Uses a 56-bit key that ensures high performance encryption. Uses a symmetric key cryptosystem. - Triple DES (3DES): A variant of DES that breaks data into 64-bit blocks. 3DES then processes each block three times, each time with an independent 56-bit key, thus providing significant improvement in encryption strength over DES. Uses a symmetric key cryptosystem. - Advanced Encryption Standard (AES): Provides stronger encryption than DES and is more efficient than 3DES. Key lengths can be 128-, 192-, and 256-bit keys.

What two things must you do to activate an access list?

To activate an access list, you must follow these steps: Step 1. Create the access list. Step 2. Apply the access list as part of a group on an interface.

How do you add a password for Telnet access on a Cisco router?

To add a password for Telnet access, enter the line vty 0 4 global configuration command, the login command, and finally the password line subcommand. The password is case sensitive. In the following example, the Telnet password is set to ciscopress: RouterA(config)#line vty 0 4 RouterA(config-line)#login RouterA(config-line)#password ciscopress

How do you add a password to the console terminal?

To add a password to the console terminal, use the line console 0 global configuration command, followed by the login and password password line subcommands, as follows: Cat2960(config)#line console 0 Cat2960(config-line)#login Cat2960(config-line)#password CCNA The login subcommand forces the router to prompt for authentication. Without this command, the router will not authenticate a password. The password CCNA subcommand sets the console password to CCNA. The password set is case sensitive.

On a Cisco router, how do you add a password to the console line?

To add a password to the console terminal, use the line console 0 global configuration command, followed by the login and password password line subcommands, as follows: RouterA(config)#line console 0 RouterA(config-line)#login RouterA(config-line)#password ICND The login subcommand forces the router to prompt for authentication. Without this command, the router does not authenticate a password. The password ICND subcommand sets the console password to ICND. The password set is case sensitive.

How do you add a static MAC address to a port on a Catalyst 2960 switch?

To add a static MAC address, use the mac-address-table static vlan vlan-id interface interface-id global command.

How do you add a message of the day (MOTD) banner on a Cisco router?

To add an MOTD banner to a Cisco router, enter the banner motd # text # global configuration command. The pound signs (#) are delimiting characters. They can be any character of your choice, but they must be the same and cannot be included in your text. They signify the beginning and end of your text. The following example shows the banner motd command: RouterA(config)#banner motd # <ENTER> Enter TEXT message. End with the character '#'. Warning only authorized users many access this Router. <ENTER> # RouterA(config)#

As a network administrator, you have a new Catalyst 2960 switch. You want to assign it the IP address of 192.168.0.10/24. What IOS commands do you need to enter to assign the IP address to the switch?

To assign the IP address to the switch, enter the following commands: Step 1. Enter the VLAN 1 interface. This is a logical interface used for management. Step 2. Assign the IP address and subnet masks. Step 3. Enable the interface by issuing the no shutdown command. interface vlan1 ip address 192.168.0.10 255.255.255.0 no shutdown Follow these steps to assign the IP address to the switch:

How do you back up a Cisco router IOS?

To back up the current IOS image on your router, use the copy flash tftp privileged EXEC mode command, as follows: RouterB#copy flash tftp Source filename [routerb-flash]? flash:c2500-d-l.120-13.bin Address or name of remote host []? 192.168.0.2 Destination filename [c2500-d-l.120-13.bin]? !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 6897716 bytes copied in 90.856 secs (76641 bytes/sec)

What two IOS commands would you use to back up the running configuration on a router to a TFTP server?

To back up the running configuration to a TFTP server, use the copy running-config tftp privileged EXEC command or the write network command. The following is an example of the copy run tftp command: RouterB#copy run tftp Address or name of remote host []? 192.168.0.2 Destination filename [routerb-confg]? !! 780 bytes copied in 6.900 secs (130 bytes/sec)

By default, Cisco uses HDLC as its default encapsulation method across synchronous lines (point-to-point links). If a serial line uses a different encapsulation protocol, how do you change it back to HDLC?

To change a serial line back to HDLC, use the following interface command on the serial interface you want to change: Router(config-if)#encapsulation hdlc

To change a serial line back to HDLC, use the following interface command on the serial interface you want to change: Router(config-if)#encapsulation hdlc If the serial interface was previously configured for Frame Relay, you could also use the no encapsulation frame-relay interface command to set the encapsulation back to HDLC.

How do you change the configuration register on a Cisco router?

To change the configuration register on a Cisco router, use the config-register command from global configuration mode.

The last step in configuring IPv6 is to configure name servers on the router. How do you configure Cisco routers to use IPv6 name servers (Domain Name Systems [DNS])?

To configure IPv6 DNS name servers on the router for domain name resolution, use the following global command: ip name-server server-address1 [server-address2...server-address6]

How do you configure PAT or overload NAT?

To configure PAT, you first define an access list that permits the internal hosts to be translated. You then use the ip nat inside source list access-list-number interface interface-type overload global command. The following example enables PAT for internal host 192.168.10.0/24 using the external IP address on interface S0: RouterB(config)#access-list 20 permit 192.168.10.0 0.0.0.255 RouterB(config)#ip nat inside source list 20 interface s0 overload

How you make a Cisco router a TFTP server?

To configure a Cisco router as a TFTP server, use the tftp-server global configuration command.

How would you configure a Fast Ethernet interface 0 with an IP address of 192.168.0.1/24 on a Cisco router?

To configure a Fast Ethernet interface 0 with an IP address of 192.168.0.1/24 on a Cisco router, issue the following commands: Router(config)#interface f0 Router(config-if)#ip address 192.168.0.1 255.255.255.0 Router(config-if)#no shutdown

Configure a Catalyst 2960 switch with VLAN number 10 and name the VLAN "Accounting."

To configure a VLAN on a Catalyst 2960 switch, first ensure that the switch is in VTP server or transparent mode. When the switch is in one of these modes, the vlan vlan-id global configuration command adds a VLAN. The vlan-id can be a number from 1 to 4094 for normal-range VLANS, as follows: Switch(config)#vlan 10 Switch(config-vlan)#name Accounting

As a network administrator, you want to add ports 1 through 12 to VLAN 10 on your Catalyst 2960 switch. How do you statically assign these ports to the switch?

To configure a range of ports to a VLAN, enter the range command. The following commands assign ports 1[nd]12 to VLAN 10: Cat2960(config)#interface range fastethernet 0/1 - 12 Cat2960(config-if-range)#switchport mode access Cat2960(config-if-range)#switchport access vlan 10 You can assign VLANs to a switch one port at a time or a range of ports at a time. First, enter the interface you want to configure. Second, define the interface as an access port. Finally, assign the port to a VLAN. Notice how the prompt changes to config-if-range mode when you use the range command. The other commands define the ports as an access port and then assign the ports to vlan 10. To assign a port to a different VLAN, enter the switchport access vlan command followed by the VLAN ID you want to change the port to.

How do you configure a static route on a Cisco router?

To configure a static route on a Cisco router, enter the ip route destination-network [mask] {next-hop-address | outbound- interface} [distance] [permanent] global command. Here's an example: RouterB(config)#ip route 172.17.0.0 255.255.0.0 172.16.0.1 This example instructs the router to route to 172.16.0.1 any packets that have a destination of 172.17.0.0 to 172.17.255.255.

How do you configure Cisco router interfaces?

To configure an interface on a Cisco router, use the interface interface-type number global configuration command, where interface-type number is the interface type and number you want to configure. For example, if you want to configure the second serial interface on your router, you would enter the following: RouterA(config)#interface serial1 RouterA(config-if)# Cisco interfaces start with 0 instead of 1. So, the first interface is number 0. The prompt also changes to RouterA(config-if)# to tell you that you are in interface mode. If you have a router with a module slot, such as the Cisco 3800, you would enter interface mode by entering the slot/port number. For example, if you have a Cisco 3800 router with two module serial interfaces, and you want to configure the first serial interface on the second module, you would enter interface s1/0.

Configure the internal host range of 192.168.10.0 255.255.255.0 to be translated using NAT to the external range of IP addresses 216.1.1.0 255.255.255.240.

To configure dynamic NAT, you first have to create a NAT pool of external IP addresses that internal hosts can draw from. Then create an access list that defines the internal hosts to be translated. Finally, enable the translation to occur. As with static NAT, you have to define which interface is internal and which interface is external. The following commands outline this process: RouterB(config)#ip nat pool cisco 216.1.1.1 216.1.1.14 netmask 255.255.255.240 (creates a NAT pool called cisco) RouterB(config)#access-list 10 permit 192.168.10.0 0.0.0.255 (defines the IP addresses that will be translated) RouterB(config)#ip nat inside source list 10 pool cisco (establishes dynamic translation of access list 10 with the NAT pool named cisco)

Configure internal host 192.168.10.5/24 to be statically translated to the external IP address 216.1.1.3/24.

To configure static NAT, you must first create the static mapping table and then define which interfaces on your router connect to the inside network and the outside network. The following example creates the static mapping and defines interface s0 as connecting to the outside network and interface e0 as connecting to the inside network: RouterB(config)#ip nat inside source static 192.168.10.5 216.1.1.3 RouterB(config)#int s0 RouterB(config-if)#ip nat outside RouterB(config-if)#int e0 RouterB(config-if)#ip nat inside

How do you configure a Catalyst 2960 switch with a default gateway?

To configure the default gateway, use the ip default-gateway ip-address global configuration command. The following example configures the switch to use IP address 192.168.0.1 as its default gateway: Switch(config)#ip default-gateway 192.168.0.1

How do you create a dynamic access list on a Cisco router?

To create a dynamic ACL, follow these steps: Step 1. Create a user authentication method on the router. This can either be local or remote using an authentication, authorization, and accounting (AAA) or RADIUS server. Step 2. Define an extended ACL to permit vty access but block all other traffic. Step 3. Create a dynamic ACL that applies to the extended ACL you created after it is authenticated. The following example uses local authentication: RouterA(config)#username remote password 0 cisco RouterA(config)#username remote autocommand access-enable host timeout 10

Create a named access list that blocks pings from networks 172.16.0.0/22 to host 192.168.0.101.

To create a named access list that blocks pings from networks 172.16.0.0/22 to host 192.168.0.101, enter the following: ip access-list extended block-ping deny icmp 172.16.0.0 0.0.3.255 host 192.168.0.101 echo

Create an access list that permits only vty access from network 192.168.10.0 255.255.255.0 to connect to the Cisco router.

To create an access list that permits only vty access from network 192.168.10.0 255.255.255.0 to connect to the Cisco router, enter the following: RouterA(config)#access list 10 permit ip 192.168.10.0 0.0.0.255 RouterA(config)#line vty 0 15 RouterA(config-if)#access-class 10 in

What is the Cisco IOS command syntax that creates an extended access list?

To create an extended access list in IOS, use the following command: access-list access-list-number {permit | deny} protocol source-address source-wildcard [operator port] destination-address destination-wildcard [operator port] In this syntax, protocol examples include IP, TCP, User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), generic routing encapsulation (GRE), and Interior Gateway Routing Protocol (IGRP). The operator port value can be lt (less than), gt (greater than), eq (equal to), or neq (not equal to) and a protocol port number.

Create an extended access list that denies web traffic to network 192.168.10.0.

To create an extended access list that denies web traffic to network 192.168.10.0, enter the following: access-list 101 deny tcp any 192.168.10.0 0.0.0.255 eq www access-list 101 permit ip any any

If a remote router does not support Inverse ARP, you must define the address-to-DLCI table statically. How do you create these static maps?

To define static maps on a Cisco router, use this command: RouterA(config-if)#frame-relay map protocol remote-protocol-address local-dlci [broadcast] [ietf | cisco] [payload-compress packet-by-packet] The protocol option defines the supported protocol: bridging or Logical Link Control (LLC). The protocol-address option is the remote router's network layer address. The dlci option defines the local router's local DLCI. The broadcast statement specifies whether you want to forward broadcasts over the VC, permitting dynamic routing protocols over the VC. The ietf | cisco statement is the encapsulation type. For example, the following command tells the router to get to IP address 192.168.1.2 using DLCI 110: RouterB(config-if)#frame-relay map ip 192.168.1.2 110 broadcast cisco

If you are using Cisco IOS Release 11.1 or earlier, or if you do not want to autosense the LMI type, how do you define the LMI type on a Cisco router?

To define the LMI type on a Cisco router, use the frame-relay lmi-type {ansi | cisco | q933a} interface command, as follows: RouterB(config-if)#ip address 192.168.1.1 255.255.255.0 RouterB(config-if)#encapsulation frame-relay RouterB(config-if)#frame-relay lmi-type ansi

What IOS command can you use to see whether an IP access list is applied to an interface?

To determine whether an IP access list is applied to an interface, enter the following command: show ip interface interface-type interface-number

How can you display all access lists on a Cisco router?

To display all access lists, enter the show running-config or the show access-list command, as follows: RouterA#show access-list Standard IP access list 10 deny 192.168.0.0, wildcard bits 0.0.0.255 Extended IP access list 101 permit tcp any any eq www permit udp any any eq domain permit udp any eq domain any permit icmp any any deny tcp 192.168.10.0 0.0.0.255 any eq www RouterA#

How do you enter global configuration mode?

To enter global configuration mode, you enter the config terminal command from privileged EXEC mode, as follows: Router#config terminal Enter configuration commands, one per line. End with CTRL-Z. Router(config)#

How do you enter global configuration mode?

To enter global configuration mode, you enter the config terminal command from privileged EXEC mode. Here is an example of this command: Router#config terminal Enter configuration commands, one per line. End with CTRL-Z. Router(config)#

How do you display the contents of the routing table on a Cisco router?

To display the contents of the routing table on a Cisco router, enter the show ip route command, as follows: RouterA#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF interarea N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is 192.168.1.1 to network 0.0.0.0 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 R 192.168.0.0/24 [120/1] via 192.168.1.1, 00:00:21, Serial0 C 192.168.1.0/24 is directly connected, Serial0 C 192.168.2.0/24 is directly connected, Ethernet0 R* 0.0.0.0/0 [120/1] via 192.168.1.1, 00:00:21, Serial0 [120/1] indicates that 120 is the AD, and 1 is the number of hops to the remote network.

How do you display the encapsulation type, DLCI, LMI type, and whether the device is a DTE or DCE on a serial interface?

To display the interface's encapsulation type, DLCI number, LMI type, and whether the device is a DTE or DCE, use the show interface interface-type interface-number command, as follows: RouterA#show int s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 192.168.1.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec) LMI enq sent 3, LMI stat recvd 0, LMI upd recvd 0, DTE LMI up LMI enq recvd 5, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0 Last input 00:00:05, output 00:00:07, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: weighted fair <Output omitted>

Command history is enabled by default and records ten commands in its history buffer for the current session. How do you edit the number of commands that are stored in the Cisco IOS device's history buffer?

To edit the number of command lines stored for the current session, use the terminal history [size number-of-lines] command in privileged EXEC mode. For example, the following changes the history size to 20 lines: Router#terminal history size 20

How do you enable Frame Relay on a Cisco router?

To enable Frame Relay on a Cisco router, you must first enable the serial interface for Frame Relay encapsulation with the encapsulation frame-relay interface command, as follows: RouterB(config)#int s 0 RouterB(config-if)#ip address 192.168.1.1 255.255.255.0 RouterB(config-if)#encapsulation frame-relay

How do you enable Frame Relay on a subinterface?

To enable Frame Relay on a subinterface, you must remove the IP address from the primary interface with the no ip address ip-address subnet-mask interface command, enable Frame Relay encapsulation on the serial interface, and then configure each subinterface with the IP address. For example, if you wanted to configure interface serial 0 with a subinterface, you would issue the following commands: West-SD(config-if)#no ip address 192.168.1.5 255.255.255.0 West-SD(config-if)#encap frame-relay West-SD(config-if)#int s0.1 point-to-point West-SD(config-if)#ip address 192.168.1.5 255.255.255.0 West-SD(config-if)#frame-relay interface-dlci 10 West-SD(config-if)#int s0.2 point-to-point West-SD(config-if)#ip address 192.168.2.5 255.255.255.0 West-SD(config-if)#frame-relay interface-dlci 20

What commands enable RIP on a Cisco router and advertise network 10.1.0.0?

To enable RIP on a Cisco router and advertise network 10.1.0.0, you would enter the following commands: router rip network 10.0.0.0

By default, RSTP is disabled on Cisco switches. How do you enable RSTP?

To enable RSTP, you first have to define a Mono Spanning Tree (MST) region and then enable RSTP on the switch. For switches to be in the same MST region, they must have the same VLAN-to-instance mapping, the same configuration revision number, and the same name. The following commands enable MST on a switch: Cat2960(config)#spanning-tree mst configuration (enter MST config) Cat2960(config-mst)#instance 1 vlan 10, 20, 30, 50 (define MST instance and VLANs) Cat2960(config-mst)#name Cisco (define MST name) Cat2960(config-mst)#revision 1 (specify the revision number) Cat2960(config-mst)#exit Cat2960(config)#spanning-tree mode mst (enable MST and RSTP) Cat2960(config)#end The instance instance-id vlan vlan-range command maps configured VLANs to an MST instance. The instance-id can be a range from 1 to 15. This example maps MST instance 1 to VLANs 10, 20, 30, and 50. To map a range of VLANs, enter the start VLAN, enter a hyphen, and then enter the end VLAN: 1[nd]50.

How do you enable VTP pruning?

To enable VTP pruning on a Catalyst 2960, use the vtp pruning global configuration command, as follows: Cat2960(config)#vtp pruning Pruning switched on

By default, Telnet access to a switch is disabled. How do you enable Telnet access and configure a password to secure access to the switch?

To enable add a password for Telnet access, enter the line vty 0 15 global configuration command, the login command, and finally the password line subcommand. The password is case sensitive. In this example, the Telnet password is set to CCNA: Cat2960(config)#line vty 0 15 Cat2960(config-line)#login Cat2960(config-line)#password CCNA

When you view the configuration on Cisco routers, only the enable secret password is encrypted. How do you encrypt the console, Telnet, and enable passwords?

To encrypt the passwords, use the service password-encryption global command, as follows: Cat2960(config)#service password-encryption

When you view the configuration on Cisco routers, only the enable secret password is encrypted. How do you encrypt user mode and the enable password?

To encrypt user mode and the enable password, use the service password-encryption global command, as follows: RouterA(config)#service password-encryption

How do you end a remote Telnet session on a Cisco router?

To end a Telnet session, use the exit or logout command while you're on the remote device, as follows: RouterB>exit [Connection to 192.168.1.2 closed by foreign host] RouterA#

How does IPsec ensure data integrity?

To ensure data integrity, IPsec uses a data integrity algorithm that adds a hash to the message. The hash guarantees the integrity of the original message. If the transmitted hash matches the received hash, the message has not been tampered with. The data integrity algorithm is called the Hash-based Message Authentication Code (HMAC).

What IOS command is used to enter global configuration mode?

To enter global configuration mode, use the configure terminal command.

What IOS command is used to enter interface configuration mode?

To enter interface configuration mode, use the interface interface-id command. To enter interface mode, you first need to be in global configuration mode. The interface-id parameter is the type and number of the interface you want to configure. For example, if to configure Gigabit interface 1, enter the following: switch(config)#interface g0/1 switch(config-if)#

What devices can you use to extend a LAN segment?

To extend a LAN segment, you can use the following devices: - Hubs - Repeaters - Bridges - Switches

As a network administrator, you purchased, configured, and installed a new Cisco 2800 series router. You now want to use SDM to monitor and manage your router. What must you configure on your router to install SDM without disrupting network access?

To install SDM on a router without disrupting network access, you need to configure the router with the following parameters: Step 1. Enable HTTP/HTTPS server on the router: Router(config)#ip http server Router(config)#ip http secure-server Router(config)#ip http authentication local Step 2. Create a user account with enable privileges: Router(config)#username admin privilege 15 password 0 password Step 3. Configure Secure Shell (SSH) and Telnet for local login and privilege level 15: Router(config)#line vty 0 4 Router(config-line)#privilege level 15 Router(config-line)#login local Router(config-line)#transport input telnet Router(config-line)#transport input telnet ssh

By default, VLANs 1[nd]4094 are allowed to propagate on all trunk links. How do you limit a trunk to allow only VLANs 10[nd]50 on a trunk link?

To limit the VLANs on a trunk link, enter the switchport trunk allowed vlan {add | all | except | remove} vlan-list interface command. To allow only VLANs 1[nd]50 on a trunk link, you would enter the following: Cat2960(config-if)#switchport trunk allowed vlan 10-50

As a network administrator, you added a new VLAN, VLAN 10 on a switch and called it Accounting. However, you later find out that VLAN 10 is going to be assigned to Sales. How do you modify the VLAN name?

To modify a VLAN name, you need to enter config-vlan mode for the VLAN you want to modify and rename the VLAN, as follows: Switch(config)#vlan 10 Switch(config-vlan)#name Sales Switch(config-vlan)#exit

What are TCP and UDP port numbers?

To pass information (such as e-mail) to upper layers, TCP and UDP use port numbers. These port numbers are predefined and keep track of different conversations among different hosts at the same time. Originating source port numbers are dynamically assigned by the source host using a number in the range of 49,152 to 65,535.

Create an extended ACL using entry sequence numbers that permits HTTP and FTP traffic from network 192.168.1.0 255.255.255.0 to network 172.16.0.0 255.255.0.0.

To permit HTTP and FTP traffic, use the following syntax: ip access list extended 100 1 permit tcp 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 eq http 10 permit tcp 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 eq ftp

How do you reestablish a suspended Telnet session on a Cisco router?

To reestablish a suspended Telnet session, use the show session command to find the session you want to resume and use the resume session-number command to connect to the specified session, as follows: RouterA#show session Conn Host Address Byte Idle Conn Name 1 192.168.1.2 192.168.1.2 0 0 192.168.1.2 * 2 192.168.2.2 192.168.2.2 0 0 192.168.2.2 RouterA#resume 1 [Resuming connection 1 to 192.168.1.2 ... ] RouterB>

Privileged EXEC mode allows you to make global configurations to a switch. As such, access to global configuration mode should be restricted. How do you restrict access to privileged EXEC mode?

To restrict access to privileged EXEC mode, assign a password to privileged mode. This is done in one of two ways: by either using the enable password global command or the enable secret global command. Cisco recommends that you use the enable secret global command versus the enable password command because the enable secret command encrypts the password.

How do you store the active configuration to NVRAM?

To save the running config to the startup config, use the copy running-config startup-config privileged mode command.

What Cisco IOS router command can you use to see a neighbor router's IP address?

To see a neighbor router's IP address, you must use the show cdp neighbor detail or show cdp entry * user mode or EXEC command.

What Cisco IOS router command would you use to find out whether a serial interface is a DCE or DTE interface (providing clocking)?

To see whether a serial interface is providing clocking, use the enable command show controllers serial-interface-type serial-number. The following example shows that serial interface 0 is providing clock rate at 56 kbps and that a DCE cable is attached to the serial interface: RouterA#show controllers s 0 HD unit 0, idb = 0xCCE04, driver structure at 0xD2298 buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 56000 cpb = 0x81, eda = 0x4940, cda = 0x4800 RX ring with 16 entries at 0x814800

What key sequence do you use to suspend a Telnet session on a remote system and return to your local router?

To suspend a Telnet session, press Ctrl-Shift-6 and then press X.

What Cisco IOS command displays every packet that is translated by the router?

To troubleshoot NAT and view every packet that is translated by the router, use the debug ip nat command.

How do you upgrade or restore the Cisco router IOS?

To upgrade or restore the Cisco router IOS, use the copy tftp flash privileged EXEC mode command.

What command allows you to view information that is specific to VLAN 10?

To view information that is specific to VLAN 10, enter the show vlan id 10 command, as follows: Cat2960#show vlan id 10 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 10 sales active Fa0/1, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12 <text omitted>

What command can you use on a Catalyst switch to view port information, statistics, and errors?

To view port information, such as port type, speed, duplex settings, or statistics and errors, use the show interface interface-id privileged EXEC command. The following command shows the information for interface g0/1. You should be familiar with the highlighted areas. vc-core#show interface g0/1 GigabitEthernet0/1 is up, line protocol is up (connected) Hardware is Gigabit Ethernet Port, address is 000d.65ac.5040 (bia 000d.65ac.5040) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX input flow-control is on, output flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:09, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 10000 bits/sec, 8 packets/sec 5 minute output rate 10000 bits/sec, 7 packets/sec 1476671 packets input, 363178961 bytes, 0 no buffer Received 20320 broadcasts (12683 multicast) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 1680749 packets output, 880704302 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out

How do you view the active NAT translations in the NAT table?

To view the active NAT mappings in the NAT table, use the show ip nat translation command, as follows: RouterB# show ip nat translation Pro Inside global Inside local Outside local Outside global --- 216.1.1.1 192.168.10.5 --- --- --- 216.1.1.2 192.168.10.16 --- ---

How do you view the active NAT translations in the NAT table?

To view the active NAT translations in the NAT table, use the show ip nat translations command.

What two commands can you use to show the clock rate on a serial interface?

To view the clock rate on a serial interface, you can use the show running-config privileged EXEC command and the show controllers privileged EXEC command.

The show frame-relay pvc enable command shows the status of the Frame Relay circuit. It also lists all the configured PVCs and DLCI numbers and the status of each PVC.

To view the current map entries and information about the connections, use the show frame-relay map command, as follows: RouterA#show frame-relay map Serial0 (up): ip 192.168.1.2 dlci 100(0x64,0x1840), dynamic, Broadcast, status defined, active

What command allows you to view the duplex and speed setting configured for a switch port?

To view the duplex and speed setting configured for a switch port, enter the show interface interface-id command, as follows: Cat2960#show interface f0/1 FastEthernet0/1 is up, line protocol is up Hardware is Fast Ethernet, address is 0019.e81a.4801 (bia 0019.e81a.4801) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00

What command can you use to view the mapping between network addresses and MAC addresses on a router?

To view the mapping between network addresses and MAC addresses on a router, issue the show ip arp command. For example: vc-core#show ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.6.10 3 0007.e9d5.8e28 ARPA Ethernet0/0 Internet 10.1.1.2 3 0002.b3ef.c687 ARPA Ethernet0/0 Internet 10.1.2.1 - 000d.65ac.507f ARPA Ethernet0/0 Internet 10.1.1.3 4 0010.db72.b08f ARPA Ethernet0/0 Internet 10.1.3.1 - 000d.65ac.507f ARPA Ethernet0/0

What command allows you to view the names of all the VLANs configured on a switch?

To view the names of all the VLANs configured on a switch, enter the show vlan brief command, as follows: Cat2960#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 sales active Fa0/1, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12 20 admin active Fa0/2 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 1002 fddi-default act/unsup 1003 trcrf-default act/unsup 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup

What are trunk links?

Trunk links allow the switch to carry multiple VLANs across a single link. By default, each port on a switch can belong to only one VLAN. For devices that are in a VLAN (that spans multiple switches) to talk to other devices in the same VLAN, you must use trunking or have a dedicated port for each VLAN. Trunk links encapsulate frames using a Layer 2 protocol. This encapsulation contains information for a switch to distinguish traffic from different VLANs and to deliver frames to the proper VLANs. The Catalyst 2960 supports 802.1Q as its trunking protocol.

How do you disable CDP on Cisco routers?

Two commands disable CDP on a Cisco router. To disable CDP on the entire device, use the no cdp run global command, as follows: RouterB(config)#no cdp run To disable CDP on an interface only, use the no cdp enable interface command, as follows: RouterB(config)#int e0 RouterB(config-if)#no cdp enable This disables CDP on Ethernet interface 0.

What are two common HMAC algorithms used by IPsec?

Two common HMAC algorithms used by IPsec are as follows: - Message digest algorithm 5 (MD5): Uses a 128-bit shared secret key. The message and 128-bit shared secret key are combined and run through the MD5 hash algorithm, producing a 128-bit hash. This hash is added to the original message and forwarded to the remote host. - Secure Hash Algorithm 1 (SHA-1): Uses a 160-bit secret key. The message and 160-bit shared secret key are combined and run through the SHA-1 hash algorithm, producing a 128-bit hash. This hash is added to the original message and forwarded to the remote host.

Because VLANs are considered individual broadcasts domains, for inter-VLAN communication to occur, a router is needed. What two things must occur for inter-VLAN routing?

Two requirements for inter-VLAN routing to occur are as follows: - The router must know how to reach all VLANs. - The routers must have a separate physical connection for each VLAN, or trunking must be enabled on a single physical connection.

What are two types of Layer 1 network devices?

Two types of Layer 1 network devices are as follows: - Repeaters: Regenerate and retime network signals, amplifying them to allow the signal to travel a longer distance on a network media. - Hubs: Known as a multiple-port repeaters, hubs also regenerate and retime network signals. The main difference between a hub and a repeater is the number of cables that connect to the device. A repeater typically has 2 ports, whereas a hub has from 4 to 48 ports.

What are two types of network-monitoring software?

Two types of network-monitoring software are as follows: - Protocol analyzers: Capture network packets between computers and decode the packets so that one can view what is occurring during transmission - Sniffers: Work like a wiretap and allow you to not only observe communication between computers but also view what is being transmitted

What are typical Layer 2 encapsulation methods for WAN links?

Typical Layer 2 encapsulation methods for WAN links are as follows: - High-Level Data Link Control (HDLC) - Point-to-Point Protocol (PPP) - Serial Line Internet Protocol (SLIP) - X.25 - Link Access Procedure, Balanced (LAPB) - Frame Relay - Asynchronous Transfer Mode (ATM) - Metro Ethernet - Point-to-Point over Ethernet (PPoE)

What is UTP cabling?

Unshielded twisted-pair (UTP) cabling is a type of twisted-pair cable that relies solely on the cancellation effects produced by the twisted wire pairs to limit electromagnetic interference (EMI) and radio frequency interference (RFI). UTP cable is often installed using an RJ-45 connector, and UTP cabling must follow precise specifications dictating how many twists are required per meter of cable. The advantages of UTP are ease of installation and low cost. A disadvantage of UTP is that it is more prone to EMI than other types of media.

What are IPv6 transition mechanisms?

Until IPv6 completely replaces IPv4, IPv6 hosts need to be able to communicate with IPv4 hosts or through IPv4 networks. IPv6 transition mechanisms are ways to enable IPv6-only hosts to reach IPv4 services and ways to allow isolated IPv6 hosts and networks to reach the IPv6 Internet over the IPv4 infrastructure.

How many VLANs does a Catalyst 2960 switch support?

Up to 255 VLANs.

What commands enable port security on interface f0/1? Only allow one MAC address on the port, and let the switch dynamically learn the MAC address. Restrict the port if a second MAC address is detected.

Use the following commands to enable port security on interface f0/1: Cat2960(config)#int f0/1 Cat2960(config-if)#switchport mode access Cat2960(config-if)#switchport port-security Cat2960(config-if)#switchport port-security max 1 Cat2960(config-if)#switchport port-security mac-address sticky Cat2960(config-if)#switchport port-sec violation restrict

After you create a standard or extended IP access list, how do you apply it to an interface on a Cisco router?

Use the ip access-group interface command, as follows: ip access-group access-list-number {in | out} For example: RouterA(config)#int s0 RouterA(config-if)#ip access-group 10 in This applies access list 10 to serial interface 0 as an inbound access list.

In IOS, what is user EXEC mode?

As a network administrator, you have EIGRP enabled on all network routers. Your company has two locations. The corporate network is 172.16.1.0 255.255.255.0. The branch office network is 192.168.1.0 255.255.255.0. Your company acquires another company, and you connect the newly acquired company through a WAN link at the branch office. The network range of the newly acquired company is 172.16.2.0 255.255.255.0. You enable EIGRP on the router that connects to the new office, but users at the corporate network cannot access devices on the newly acquired company's network. Why?

Users from the corporate network cannot access the newly acquired company's network because the network is discontiguous, and by default, EIGRP summarizes routes across classful boundaries. As a result, the router on network 192.168.1.0 advertises 172.16.0.0 to both the corporate network and the newly acquired network. Thus when a user at the corporate network tries to connect to a device at the newly acquired network, the router drops the packet because it thinks it is local. Additionally, the branch office router thinks it has two equal-cost paths to the 172.16.0.0 network. To fix the issue, you need to disable auto-summary on the routers. This is done with the no auto-summary EIGRP router configuration mode command.

You are trying to configure OSPF on a new router. When enabling OSPF, you receive the "ospf unknown protocol" error message. Why are you receiving this error message?

Usually, the "ospf unknown protocol" error message means that the router's IOS does not support OSPF. This is usually the case for Cisco 1600 or 800 series routers.

What are VLANs?

VLANs are broadcast domains in a Layer 2 network. Each broadcast domain is like a distinct virtual bridge within the switch. Each virtual bridge created in a switch defines a broadcast domain. By default, traffic from one VLAN cannot pass to another VLAN. Each user in a VLAN is also in the same IP subnet. Each switch port can belong to only one VLAN. The exception to this is if the port is a trunk port.

What are VLANs?

VLANs are broadcast domains in a Layer 2 network. Each broadcast domain is like a distinct virtual bridge within the switch. Each virtual bridge you create in a switch defines a broadcast domain. By default, traffic from one VLAN cannot pass to another VLAN. Each of the users in a VLAN would also be in the same IP subnet. Each switch port can belong to only one VLAN.

What is WAN signaling?

WAN signaling is the process of sending a transmission signal over a physical medium for communication. WAN transmission facilities feature standardized signaling schemes that define transmission rates and media types. For example, the signaling standard for a T1 line in North America is DS1 with a transmission rate of 1.544 Mbps.

WANs operate at what layers of the OSI model?

WANs operate at the physical and data link layers of the OSI model. A WAN interconnects LANs that are separated by a large geographical distance not supported by typical LAN media. The physical layer defines the electrical, mechanical, and operation connections of WANs, in addition to the interface between the data terminal equipment (DTE) and data communications equipment (DCE). The data link layer defines the WAN Layer 2 encapsulation, such as Frame Relay, ATM, and PPP.

What does WPA use for authenticating clients?

WPA uses 802.1x and Pre-Shared Key (PSK) to authenticate clients.

When implementing access lists, what are wildcard masks?

Wildcard masks define the subset of the 32 bits in the IP address that must be matched. Wildcards are used with access lists to specify a host, network, or part of a network. In wildcard masks, when 0s are present, the octet address must match. Mask bits with a binary value of 1 are wildcards. For example, if you have an IP address of 172.16.0.0 with a wildcard mask of 0.0.255.255, the first two portions of the IP address must match 172.16, but the last two octets can be in the range of 1 to 255.

When implementing access lists, what are wildcard masks?

Wildcard masks define the subset of the 32 bits in the IP address that must be matched. Wildcards are used with access lists to specify a host, network, or part of a network. Wildcard masks work exactly the opposite of subnet masks. In subnet masks, 1 bits are matched to the network portion of the address, and 0s are wildcards that specify the host range. In wildcard masks, when 0s are present, the octet address must match. Mask bits with a binary value of 1 are wildcards. For example, if you have an IP address of 172.16.0.0 with a wildcard mask of 0.0.255.255, the first two portions of the IP address must match 172.16, but the last two octets can be in the range of 0 to 255.

What is route poisoning?

With route poisoning, when a distance vector routing protocol notices that a route is no longer valid, the route is advertised with an infinite metric, signifying that the route is bad. In RIP, a metric of 16 signifies infinity. Route poisoning is used with hold-down timers.

Create a standard access list that permits the following networks: 192.168.200.0 192.168.216.0 192.168.232.0 192.168.248.0

You have two ways to do this. First, you can create one access list that contains an entry for each network using the following commands: access-list 10 permit 192.168.200.0 0.0.0.255 access-list 10 permit 192.168.216.0 0.0.0.255 access-list 10 permit 192.168.232.0 0.0.0.255 access-list 10 permit 192.168.248.0 0.0.0.255 A second way to do this is to create a single entry with wildcard masks, as follows: access-list 10 permit 192.168.200.0 0.0.48.255 To see how this one statement denies all the networks, you must look at it in binary: .200 = 11001000 .216 = 11011000 .232 = 11101000 .248 = 11111000 All the bits match except the third and fourth bits. With wildcard masks, these are the bits you want to match. Therefore, your wildcard mask would be 00110000 in binary, which is 48.

How do you add a message of the day (MOTD) banner on a Cisco device?

You add an MOTD banner by entering the banner motd # text # global configuration command. The pound signs (#) are delimiting characters. They can be any character of your choice, but they must be the same and cannot be included in your text. They signify the beginning and end of your text. The following example shows the banner motd command: Cat2960(config)#banner motd # <ENTER> Enter TEXT message. End with the character '#'. Warning only authorized users many access this switch. <ENTER> # Cat2960(config)#

How do you administratively disable an interface on a Cisco router?

You administratively disable an interface on a Cisco router by issuing the shutdown interface configuration command. In this example, the serial interface is issued the shutdown command: RouterA(config)#int s0 RouterA(config-if)#shutdown 00:27:14: %LINK-5-CHANGED: Interface Serial0, changed state to administratively down

When you are in privileged EXEC mode, how do you return to user EXEC mode?

You can return to user EXEC mode by using the disable IOS command. Here is an example of using the disable command: Router#disable Router>

How do you verify the VLANs on a Catalyst switch and the ports assigned to each VLAN?

You can use two commands to verify the VLANs on a switch: the more detailed show vlan {name vlan-name | id id} command or the show vlan brief command, as follows: Switch#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi0/2 10 InternetAccess active 20 Operations active Fa0/1, Fa0/2, 30 Administration active Fa0/6, Fa0/7, Fa0/8, Fa0/9 40 Engineering active Fa0/3, Fa0/4, Fa0/5, Fa0/10, Fa0/11, Fa0/12, Fa0/13,Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18, Fa0/19,Fa0/20 60 Public active Fa0/21, Fa0/22, Fa0/23, Fa0/24 !text-omitted!

What are three ways to verify the ports assigned to VLANs?

You can verify the ports assigned to a VLAN by viewing the entire switch configuration with the show running-config command. You can also check by using the show running-config interface interface-id command and the show vlan command. Here is an example of the show running-config interface command for port F0/1 on the switch: Cat2960#show running-config interface f0/1 Building configuration... Current configuration : 84 bytes! interface FastEthernet0/1 switchport access vlan 10 switchport mode access end

How do you determine the VTP version, domain name, and password on a Catalyst switch?

You determine the VTP version, domain name, and password by issuing the privileged EXEC show vtp status command, which displays the following: - VTP version - Number of existing VLANs on a switch and the maximum number of locally supported VLANs - VTP domain name, password, and operating mode - Whether VTP pruning is enabled - The last time the VLAN configuration was modified

How can you tell whether port security is enabled on a switch?

You determine whether port security is enabled on a switch by issuing the show port-security command, as follows: Cat2960#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Fa0/1 1 0 0 Restrict --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 8320

How do you display the MAC address table on a Catalyst 2960?

You display the MAC address table on a Catalyst 2960 by issuing the show mac-address-table privileged command, as follows: vcswitch-admin1#show mac-address-table Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- All 0000.0000.0000 STATIC CPU All 000b.469d.c900 STATIC CPU 10 0002.b3ef.c687 DYNAMIC Po1 10 0007.e980.d7a6 DYNAMIC Fa0/7 10 000d.65ac.507f DYNAMIC Po1 10 000f.207a.008c DYNAMIC Po1 10 0010.db72.b08f DYNAMIC Fa0/24 <text omitted>

On a Cisco router, how do you display the configuration running in RAM?

You display the configuration running in RAM using the show running-config privileged mode command. For example: Router#show running-config Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable password cisco ! --More--

How do you display the current active configuration on a switch?

You display the current active configuration on a switch by issuing the show running-config or sh run privileged command.

Because a DHCPDISCOVER message is a broadcast, a router will not forward DHCPDISCOVER messages. If a client is on a different IP subnet than the DHCP server, how do you forward the DHCPDISCOVER message from the client to the DHCP server?

You forward the DHCPDISCOVER message by issuing the ip helper-address server-address interface command on the router.

Because a switch operates at Layer 2 of the OSI model, why do you need to configure a default gateway on the switch?

You need to configure a default gateway on the switch to allow remote networks to manage the switch. Although a switch does not see Layer 3 and above information, a default gateway is configured on a switch to allow administrators to remotely administer and configure the switch.

Upon entering a command in EXEC mode, you receive the following error: % Invalid input detected at '^' marker Why did you get this error?

You received the "% Invalid input detected at '^' marker" error because you entered the command incorrectly. For example, if you entered sjow ip instead of show ip, you would receive this error.

From EXEC mode, you issue the show ip command. After pressing Enter, you receive the following error: % Incomplete command Why did you get this error?

You received the error because you did not enter all the values or keywords that IOS requires for this command. In this case, IOS does not know which ip command you want to view.

By default, any IP address can connect to vty ports. How do you restrict access to vty ports, allowing only certain IP addresses to connect to vty ports?

You restrict access to vty ports by using standard access lists. Standard access lists allow you to permit or deny traffic based on the source IP address. To restrict access to vty ports, you would create a standard access list that permits each authorized IP address to connect to vty and apply the access list to the vty ports.

How do you secure unused switch ports?

You secure an unused switch port by either disabling the port or putting the port in an unused VLAN.

On a Cisco router, how do you set a password to restrict access to privileged EXEC mode?

You set a password to restrict access to privileged EXEC mode using the enable secret global configuration command, as follows: RouterA(config)#enable secret ICND This example sets the password to enter privileged mode to ICND

How do you set an interface for 802.1Q trunking on a Catalyst 2960 switch?

You set an interface for 802.1Q trunking by using the switchport mode trunk interface command. To enable an interface for trunking on a Catalyst 2960 switch, use the switchport mode [dynamic {auto | desirable} | trunk] interface command. The following examples configure one interface for trunking and a second interface to trunk only if the neighboring device is set to trunk, desirable, or auto: Cat2960(config)#interface g0/1 Cat2960(config-if)#switchport mode trunk Cat2960(config-if)#interface g0/2 Cat2960(config-if)#switchport mode dynamic desirable

Your company has its headquarters in San Jose and regional offices in different cities throughout the region. As the network administrator, you want to connect the regional offices to headquarters. You are evaluating WAN technologies that could accomplish this. You want each regional office to connect to headquarters in a hub-and-spoke topology using a packet-switching technology. What WAN technology should you use to accomplish your goal?

You should use Frame Relay. Frame Relay is a packet-switched technology that functions in a hub-and-spoke topology (also known as a star topology).

Which encapsulation type is appropriate to use in a Frame Relay network that has routers from two different vendors?

You should use IETF. Frame Replay encapsulation defines the Layer 2 frame format used by both ends of a Frame Relay link. Cisco routers support two types of Frame Relay encapsulation: Cisco and IETF. Cisco is the default encapsulation on Cisco routers and is only supported between Cisco routers. IETF encapsulation is a standard that is used to connect to other non-Cisco routers.

On a Cisco router, how do you view the configuration stored in nonvolatile RAM (NVRAM)?

You view the configuration stored in NVRAM using the show startup-config privileged mode command.

Why would you want to issue the show processes command on a router before entering a debug command?

You want to issue the show processes command before entering a debug command to verify that CPU utilization is low enough to handle the effects of a debug command.

What IOS command would you use to view the EIGRP neighbor states?

You would use the debug eigrp neighbors command to check the EIGRP neighbor states. This command displays the contents of the Hello packet used in EIGRP as well as the neighbors discovered by EIGRP.

You have an IPv6 host on a network and want to access a web server on the IPv4 Internet. What type of transition mechanism would you use to accomplish this?

You would use the proxying and translation mechanism. The easiest way to access the web server is to use a web proxy that can translate your IPv6 address to an IPv4 address to communicate with the IPv4 web server.

Protecting Networks *Sockets are a combination of the IP address and which of the following?*

a. *Port* Sockets are a combination of the IP address and the port.

Physical and Hardware-Based Security *The process of reducing or eliminating susceptibility to outside interference is called what?* a. Shielding b. EMI c. TEMPEST d. Desensitization

a. *Shielding* Shielding keeps external electronic signals from disrupting operations.

*If an asset is valued at 100,000, the threat exposure factor of a risk affecting that asset is 25%, and the annualized rate of occurrence is 20%, what is the ALE?* a. $5,000 b. $20,000 c. $25,000 d. $45,000

a. *$5,000* The annualized loss expectancy (ALE) is the product of the SLE (value times exposure factor) and the ARO or $20% of 100,000 × 25% = $5,000. Answer B is incorrect because $20,000 represents the asset value times ARO. Answer C is incorrect because the value times the exposure factor represents the single loss expectancy (SLE) rather than the annual loss expectancy (ALE). Answer D is simply an incorrectly calculated value.

*An Internet Protocol version 6 (IPv6) address is _______________ in length.* a. 128 bits b. 64 bytes c. 32 bytes d. 32 bits

a. *128 bits* IPv6 expands the length of source and destination IP addresses from IPv4's 32 bits to 128 bits.

Wireless Networking Security *What is the size of the wrapper TKIP places around the WEP encryption with a key that is based on such things as the MAC address of your machine and the serial number of the packet?* a. 128-bit b. 64-bit c. 56-bit d. 12-bit

a. *128-bit* TKIP places a 128-bit wrapper around the WEP encryption with a key that is based on such things as the MAC address of your machine and the serial number of the packet.

*Which port does the Simple Mail Transfer Protocol (SMTP) use?* a. 25 b. 53 c. 110 d. 143

a. *25* The Simple Mail Transfer Protocol (SMTP) uses port 25.

Security-Related Policies and Procedures *Which ISO standard states: "Privileges should be allocated to individuals on a need-to-use basis and on an event-by-event basis, i.e. the minimum requirement for their functional role when needed"?* a. 27002 b. 27102 c. 20102 d. 20112

a. *27002* The ISO standard 27002 (which updates 17799) states: "Privileges should be allocated to individuals on a need-to-use basis and on an event-by-event basis, i.e. the minimum requirement for their functional role when needed."

Protecting Networks *It is suspected that some recent network compromises are originating from the use of RDP. Which of the following TCP port traffic should be monitored?* a. 3389 b. 139 c. 138 d. 443

a. *3389* TCP port 3389 is used by RDP. Answer B is incorrect because UDP uses port 139 for network sharing. Answer C is incorrect because port 138 is used to allow NetBIOS traffic for name resolution. Answer D is incorrect because port 443 is used for HTTPS.

Wireless Networking Security *Which protocol operates on 2.4GHz and has a bandwidth of 1 Mbps or 2 Mbps?* a. 802.11 b. 802.11a c. 802.11b d. 802.11g

a. *802.11* 802.11 operates on 2.4GHZ. This standard allows for bandwidths of 1 Mbps or 2 Mbps.

Wireless Networking Security *Which of the following 802.11 standards provides for bandwidths of up to 300 Mbps?* a. 802.11n b. 802.11i c. 802.11g d. 802.11b

a. *802.11n* The 802.11n standard provides for bandwidths of up to 300Mbps.

Threats and Vulnerabilities *Internal users are reporting repeated attempts to infect their systems as reported to them by pop-up messages from their virus-scanning software. According to the pop-up messages, the virus seems to be the same in every case. What is the most likely culprit?*

a. *A server is acting as a carrier for a virus.* Some viruses won't damage a system in an attempt to spread into all the other systems in a network. These viruses use that system as the carrier of the virus.

Access Control and Identity Management *A newly hired junior administrator will assume your position temporarily while you attend a conference. You're trying to explain the basics of security to her in as short a period of time as possible. Which of the following best describes an ACL?*

a. *ACLs provide individual access control to resources.* Access control lists allow individual and highly controllable access to resources in a network. An ACL can also be used to exclude a particular system, IP address, or user.

*When a user signs a(n) _____, it's a form of consent to the monitoring and auditing processes used by the organization.* a. Acceptable use policy b. Privacy policy c. Separation of duties policy d. Code of ethics policy

a. *Acceptable use policy* When a user signs an acceptable use policy, it's a form of consent to the monitoring and auditing processes used by the organization. A privacy policy usually explains that there is no privacy on company systems. A separation of duties policy indicates that administrative functions are divided among several people. The code of ethics policy describes decision-making processes to use when faced with ethical dilemmas.

Security-Related Policies and Procedures *Which rule of evidence within the United States involves Fourth Amendment protections?* a. Admissible b. Complete c. Reliable d. Believable

a. *Admissible* Admissibility involves collecting data in a manner that ensures its viability in court, including legal requirements such as the Fourth Amendment protections against unlawful search and seizure. Answers B and C are incorrect because data must be collected completely and protected against modification to ensure reliability, but these are not concerns of the Fourth Amendment. Answer D is incorrect because believability focuses on evidence being understandable, documented, and not subject to modification during transition.

Threats and Vulnerabilities *Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing?*

a. *Password-guessing attack* A password-guessing attack occurs when a user account is repeatedly attacked using a variety of different passwords.

*Which of the following are steps that can be taken to harden FTP services?* a. Anonymous access to shared files of questionable or undesirable content should be limited. b. Regular review of networks for unauthorized or rogue servers. c. Technologies that allow dynamic updates must also include access control and authentication. d. Unauthorized zone transfers should also be restricted.

a. *Anonymous access to shared files of questionable or undesirable content should be limited.* Anonymous access to shared files of questionable or undesirable content should be limited for proper FTP server security. Answer B is incorrect because it is a hardening practice for DHCP services. Answers C and D are incorrect because they are associated with hardening DNS service.

Access Control and Identity Management *Which type of authorization provides no mechanism for unique logon identification?* a. Anonymous b. Kerberos c. TACACS d. TACACS+

a. *Anonymous* During anonymous access, such as requests to a public FTP server, unique identify of the requester is not determined and so cannot be used for personalized logon identification. Answers B, C, and D are incorrect because authorization services such as Kerberos, TACACS, and its replacement TACACS+ all verify access requests against a list of authorized credentials and so can log individual visits and identify access request logons.

*Which of the following applications should be used to properly protect a host from malware? (Select two correct answers.)* a. Antispam software b. Antivirus software c. Content-filtering software d. Web-tracking software

a. *Antispam software* b. *Antivirus software* All host devices must have some type of malware protection. A necessary software program for protecting the user environment is antivirus software. Antivirus software is used to scan for malicious code in email and downloaded files. Antispam, antispyware software can add another layer of defense to the infrastructure. Answer C is incorrect because content filtering is done at the server level to keep host machines from accessing certain content. Answer D is incorrect because web tracking software merely tracks the sites a person visited.

*Which of the following is the preferred type of encryption used in SaaS platforms?* a. Application level b. Database level c. Media level d. HSM level

a. *Application level* In a software-as-a-service (SaaS) environment, application-level encryption is preferred because the data is encrypted by the application before being stored in the database or file system. The advantage is that it protects the data from the user all the way to storage. Answer B is incorrect because in cloud implementations data should be encrypted at the application layer rather than within a database due to the complexity involved, and media encryption is managed at the storage layer. Answer C is incorrect because encryption of a complete virtual machine on infrastructure-as-a-service (IaaS) could be considered media encryption. Answer D is incorrect because a hardware security module (HSM) solution is mainly found in private datacenters that manage and offload cryptography with dedicated hardware appliances.

Threats and Vulnerabilities *You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is he referring to?*

a. *Armored virus* An armored virus is designed to hide the signature of the virus behind code that confuses the antivirus software or blocks it from detecting the virus.

Security-Related Policies and Procedures *Which process inspects procedures and verifies that they're working?* a. Audit b. Business continuity plan c. Security review d. Group privilege management

a. *Audit* An audit is used to inspect and test procedures within an organization to verify that those procedures are working and up-to-date. The result of an audit is a report to management.

Security and Vulnerability in the Network *What checks to make sure that things are operating status quo and that change detection is used to alert when modifications are made?* a. Baseline reporting b. Code review c. Attack surfacing d. Risk analysis

a. *Baseline reporting* Baseline reporting checks to make sure that things are operating status quo and that change detection is used to alert when modifications are made.

Operating System and Application Security *Which of the following terms refers to the process of establishing a standard for security?*

a. *Baselining* Baselining is the process of establishing a standard for security.

Educating and Protecting the User *You've recently been hired by ACME to do a security audit. The managers of this company feel that their current security measures are inadequate. Which information access control model prevents users from writing information down to a lower level of security and prevents users from reading above their level of security?*

a. *Bell-LaPadula model* The Bell-LaPadula model is intended to protect confidentiality of information. This is accomplished by prohibiting users from reading above their security level and preventing them from writing below their security level.

Physical and Hardware-Based Security *Which technology uses a physical characteristic to establish identity?* a. Biometrics b. Surveillance c. Smart card d. CHAP authenticator

a. *Biometrics* Biometrics is a technology that uses personal characteristics, such as a retinal pattern or fingerprint, to establish identity.

*You are conducting a penetration test on an application for a client. The client provides you with no details about the source code and development process. What type of test will you likely be conducting?* a. Black box b. White box c. Vulnerability d. Answers A and C

a. *Black box* Black box testing does not provide any information about the environment. Answer B is incorrect as white box testing is more transparent and would provide details around the particular application. A vulnerability test and penetration test are separate items, thus answer C is incorrect. Answer D is also incorrect.

Security and Vulnerability in the Network *In which type of testing do you begin with the premise that the attacker has no knowledge of the network?* a. Black box b. White box c. Gray box d. Green box

a. *Black box* With black box testing, you begin with the premise that the attacker has no knowledge of the network.

Physical and Hardware-Based Security *Which component of physical security addresses outer-level access control?* a. Perimeter security b. Mantraps c. Security zones d. Locked doors

a. *Perimeter security* The first layer of access control is perimeter security. Perimeter security is intended to delay or deter entrance into a facility.

*A situation in which a program or process attempts to store more data in a temporary data storage area than it was intended to hold is known as which of the following?* a. Buffer overflow b. Denial of service c. Distributed denial of service d. Storage overrun

a. *Buffer overflow* A buffer overflow occurs when a program or process attempts to store more data in a buffer than the buffer was intended to hold. The overflow of data can flow over into other buffers, overwriting or deleting data. A denial of service is a type of attack in which too much traffic is sent to a host, preventing it from responding to legitimate traffic. A distributed denial of service is similar, but it is initiated through multiple hosts; therefore, answers B and C are incorrect. Although answer D sounds correct, it is not.

*Never inserting untrusted data except in allowed locations can be used to mitigate which of the following attacks? (Select two answers.)* a. Buffer overflow b. Cross-site request forgery (XSRF) c. Cross-Site Scripting (XSS) d. Input validation error

a. *Buffer overflow* d. *Input validation error* A buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions, and input validation errors are a result of improper field checking in the code. Answer B is incorrect because Cross-site request forgery (XSRF) is an attack in which the end user executes unwanted actions on a web application while they are currently authenticated. Answer C is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A.

Security-Related Policies and Procedures *Most CAs require what to define certificate issue processes, record keeping, and subscribers' legal acceptance of terms?* a. CPS b. DAC c. SRC d. GPM

a. *CPS* Most CAs require a Certificate Practice Statement (CPS), which defines certificate issue processes, record keeping, and subscribers' legal acceptance of the terms of the CPS.

*Which of the following is widely used as a controlled access measure in businesses that offer free Wi-Fi hotspots to Internet users such as hotels and restaurants?* a. Captive portal b. Site survey c. VPN (over open wireless) d. Omnidirectional antenna

a. *Captive portal* Captive portals are widely used in businesses that offer free Wi-Fi hotspots to Internet users such as hotels and restaurants. Answer B is incorrect because a site survey is conducted before implementing any WLAN solution to optimize network layout within each unique location. Answer C is incorrect because VPNs over open wireless are commonly used to securely connect employees to corporate networks when they are not in the office by using an Internet connection. Answer D is incorrect. Omnidirectional antennas provide a 360° radial pattern to provide the widest possible signal coverage for a wireless network.

Cryptography Basics *What document describes how a CA issues certificates and what they are used for?*

a. *Certificate policies* The certificate policies document defines what certificates can be used for.

Security-Related Policies and Procedures *Which policy dictates how an organization manages certificates and certificate acceptance?* a. Certificate policy b. Certificate access list c. CA accreditation d. CRL rule

a. *Certificate policy* A certificate policy dictates how an organization uses, manages, and validates certificates.

*When a certificate authority revokes a certificate, notice of the revocation is distributed via what?* a. Certificate revocation list b. Certificate policy c. Digital signature d. Certificate practice statement

a. *Certificate revocation list* Certificate revocation lists are used to identify revoked certificates; however, the Online Certificate Status Protocol (OCSP), which provides certificate status in real time, has been created as an alternative to CRLs. Answers B and D are both incorrect because these terms relate to the policies and practices of certificates and the issuing authorities. Answer C is incorrect because a digital signature is an electronic signature used for identity authentication.

Physical and Hardware-Based Security *Which of the following is an example of perimeter security?* a. Chain link fence b. Video camera c. Elevator d. Locked computer room

a. *Chain link fence* Perimeter security involves creating a perimeter or outer boundary for a physical space. Video surveillance systems wouldn't be considered a part of perimeter security, but they can be used to enhance physical security monitoring.

*Evidence is inadmissible in court if which of the following is violated or mismanaged?* a. Chain of custody b. Service-level agreement c. Privacy policy d. Change management

a. *Chain of custody* If the chain of custody is violated or mismanaged, evidence is inadmissible in court. Service-level agreements (SLAs), privacy policies, and change management aren't associated with evidence gathering or forensics.

Disaster Recovery and Incident Response *Your company is about to invest heavily in an application written by a new startup. Because it is such a sizable investment, you express your concerns about the longevity of the new company and the risk this organization is taking. You propose that the new company agree to store its source code for use by customers in the event that it ceases business. What is this model called?* a. Code escrow b. SLA c. BCP d. CA

a. *Code escrow* Code escrow allows customers to access the source code of installed systems under specific conditions, such as the bankruptcy of a vendor.

Access Control and Identity Management *Which of the three principles of security is supported by an iris biometric system?* a. Confidentiality b. Integrity c. Availability d. Vulnerability

a. *Confidentiality* Confidentiality involves protecting against unauthorized access, which biometric authentication systems support. Integrity is concerned with preventing unauthorized modification, making answer B incorrect. Answer C is not correct because availability is concerned with ensuring that access to services and data is protected against disruption. Answer D is incorrect because a vulnerability is a failure in one or more of the C-I-A principles.

Protecting Networks *Security has become the utmost priority at your organization. You're no longer content to act reactively to incidents when they occur—you want to start acting more proactively. Which system performs active network monitoring and analysis and can take proactive steps to protect a network?*

a. *IDS* An IDS is used to protect and report network abnormalities to a network administrator or system. It works with audit files and rule-based processing to determine how to act in the event of an unusual situation on the network.

*Which of the following should be implemented if the organization wants to monitor unauthorized transfers of confidential information?* a. Content inspection b. Proxy server c. Protocol analyzer d. Packet-filtering firewall

a. *Content inspection* Content inspection appliances use access control filtering software on a dedicated filtering appliance. The device monitors every packet of traffic that passes over a network. Answer B is incorrect. When a proxy server receives a request for an Internet service, it passes through filtering requirements and checks its local cache of previously downloaded web pages. Because web pages are stored locally, response times for web pages are faster and traffic to the Internet is substantially reduced. Answer C is incorrect. Protocol analyzers help you troubleshoot network issues by gathering packet-level information across the network. These applications capture packets and decode the information into readable data for analysis. Answer D is incorrect; a packet-filtering firewall filters packets based on IP addresses, ports, or protocols and is a simple, good first line of defense.

Access Control and Identity Management *In a decentralized key management system, the user is responsible for which one of the following functions?* a. Creation of the private and public key b. Creation of the digital certificate c. Creation of the CRL d. Revocation of the digital certificate

a. *Creation of the private and public key* In a decentralized key system, the end user generates his or her own key pair. The other functions, such as creation of the certificate, CRL, and the revocation of the certificate, are still handled by the certificate authority; therefore, answers B, C, and D are incorrect.

Access Control and Identity Management *The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be reduced slightly. Which access model allows users some flexibility for information-sharing purposes?*

a. *DAC* DAC allows some flexibility in information-sharing capabilities within the network.

Operating System and Application Security *Which systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed?*

a. *DLP* DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.

*In which of the following types of architecture is the user responsible for the creation of the private and public key?* a. Decentralized key management b. Centralized key management c. Revocation key management d. Multilevel key management

a. *Decentralized key management* In a decentralized key-management scheme, the user creates both the private and public key and then submits the public key to the CA to allow it to apply its digital signature after it has authenticated the user. Answer B is incorrect because centralized key management allows the organization to have complete control over the creation, distribution, modification, and revocation of the electronic credentials that it issues. Answers C and D are incorrect because they are nonexistent terms.

*A physical security plan should include which of the following? (Select all correct answers.)* a. Description of the physical assets being protected b. The threats from which you are protecting against and their likelihood c. Location of a hard disk's physical blocks d. Description of the physical areas where assets are located

a. *Description of the physical assets being protected* b. *The threats from which you are protecting against and their likelihood* d. *Description of the physical areas where assets are located* A physical security plan should be a written plan that addresses your current physical security needs and future direction. With the exception of answer C, all the answers are correct and should be addressed in a physical security plan. A hard disk's physical blocks pertain to the file system.

Access Control and Identity Management *LDAP is an example of which of the following?*

a. *Directory access protocol* Lightweight Directory Access Protocol (LDAP) is a directory access protocol used to publish information about users. This is the computer equivalent of a phone book.

Operating System and Application Security *LDAP is an example of which of the following?*

a. *Directory access protocol* Lightweight Directory Access Protocol (LDAP) is a directory access protocol used to publish information about users. This is the computer equivalent of a phone book.

*Which one of the following best describes the type of attack designed to bring a network to a halt by flooding the systems with useless traffic?* a. DoS b. Ping of death c. Teardrop d. Social engineering

a. *DoS* A DoS attack is designed to bring down a network by flooding the system with an overabundance of useless traffic. Although answers B and C are both types of DoS attacks, they are incorrect because DoS more accurately describes "a type of attack." Answer D is incorrect because social engineering describes the nontechnical means of obtaining information.

Threats and Vulnerabilities *Which type of attack denies authorized users access to network resources?*

a. *DoS* A DoS attack is intended to prevent access to network resources by overwhelming or flooding a service or network.

*You manage a network on which there are mixed vendor devices and are required to implement a strong authentication solution for wireless communications. Which of the following would best meet your requirements? (Select two correct answers.)* a. EAP b. WEP c. LEAP d. PEAP

a. *EAP* d. *PEAP* The IEEE and IETF specify 802.1X and EAP as the standard for secure wireless networking, and Protected EAP (PEAP) is standards based. PEAP was jointly developed by Microsoft, RSA Security, and Cisco Systems. It is an IETF open standard. PEAP provides mutual authentication and uses a certificate for server authentication by the client, and users have the convenience of entering password-based credentials. Answer B is incorrect because WEP is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point. Answer C is incorrect because LEAP is a Cisco-proprietary protocol.

Cryptography Basics *As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consideration in key storage?*

a. *Environmental controls* Proper key storage requires that the keys be physically stored in a secure environment. This may include using locked cabinets, hardened servers, and effective physical and administrative controls.

*Which statement concerning virtualized environments is correct?* a. Existing security tools, such as antivirus, antispam, and IDS, are designed for single physical servers and do not always adapt well to multiple virtual machines. b. All hypervisors have the necessary security controls to keep out determined attackers. c. In a network with virtual machines, external devices such as firewalls and IDS reside between servers and can help prevent one from infecting another. d. A guest operating system that has remained dormant for a period of time can contain the latest patches and other security updates.

a. *Existing security tools, such as antivirus, antispam, and IDS, are designed for single physical servers and do not always adapt well to multiple virtual machines.* Existing security tools, such as antivirus, antispam, and IDS, were designed for single physical servers and do not always adapt well to multiple virtual machines.

Disaster Recovery and Incident Response *With high availability, the goal is to have key services available 99.999 percent of the time. What is this availability also known as?* a. Five nines b. Three nines c. Perfecta d. Trifecta

a. *Five nines* With high availability, the goal is to have key services available 99.999 percent of the time (also known as five nines availability).

Educating and Protecting the User *Which of the following is the best description of tailgating?*

a. *Following someone through a door they just unlocked* Tailgating is best defined as following someone through a door they just unlocked.

*Which of the following is the most useful when you're dealing with machines that are being taken on the road by traveling executives, sales managers, or insurance agents?* a. Full disk encryption b. File-level encryption c. Media-level encryption d. Application-level encryption

a. *Full disk encryption* Full disk encryption is most useful when you're dealing with machines that are being taken on the road by traveling executives, sales managers, or insurance agents. Answer B is incorrect because in file- or folder-level encryption, individual files or folders are encrypted by the file system itself. Answer C is incorrect because media encryption is used for USB flash drives, iPods, and other portable storage devices. Answer D is incorrect because application-level encryption does not protect the data stored on the machines.

Security-Related Policies and Procedures *The organization is concerned about vulnerabilities in commercial off-the-shelf (COTS) software. Which of the following might be the only means of reviewing the security quality of the program?* a. Fuzzing b. Cross-Site Scripting c. Input validation d. Cross-site request forgery

a. *Fuzzing* In some closed application instances, fuzzing might be the only means of reviewing the security quality of the program. Answer B is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer C is incorrect because input validation tests whether an application properly handles input from a source outside the application destined for internal processing. Answer D, Cross-site request forgery (XSRF), is an attack in which the end user executes unwanted actions on a web application while she is currently authenticated.

*Which of the following methods can be used to locate a device in the event it is lost or stolen?* a. GPS tracking b. Voice encryption c. Remote wipe d. Passcode policy

a. *GPS tracking* If a mobile device is lost, GPS tracking can be used to find the location. Answer B is incorrect because voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer C is incorrect because remote wipe allows the handheld's data to be remotely deleted if the device is lost or stolen. Answer D is incorrect because a screen lock or passcode is used to prevent access to the phone.

Physical and Hardware-Based Security *Due to growth beyond current capacity, a new server room is being built. As a manager, you want to make certain that all the necessary safety elements exist in the room when it's finished. Which fire-suppression system works best when used in an enclosed area by displacing the air around a fire?* a. Gas based b. Water based c. Fixed system d. Overhead sprinklers

a. *Gas based* Gas-based systems work by displacing the air around a fire. This eliminates one of the three necessary components of a fire: oxygen.

Disaster Recovery and Incident Response *You're a consultant brought in to advise MTS on its backup procedures. One of the first problems you notice is that the company doesn't utilize a good tape-rotation scheme. Which backup method uses a rotating schedule of backup media to ensure long-term information storage?* a. Grandfather, Father, Son method b. Full Archival method c. Backup Server method d. Differential Backup method

a. *Grandfather, Father, Son method* The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving.

Cryptography Basics *What is the process of deriving an encrypted value from a mathematical process called?*

a. *Hashing* Hashing algorithms are used to derive an encrypted value from a message or word.

Protecting Networks *What is a system that is intended or designed to be broken into by an attacker called?*

a. *Honeypot* A honeypot is a system that is intended to be sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecution.

Security and Vulnerability in the Network *Which of the following serves the purpose of trying to lure a malicious attacker into a system?* a. Honeypot b. Pot of gold c. DMZ d. Bear trap

a. *Honeypot* A honeypot is used to serve as a decoy and lure a malicious attacker. Answers B and D are incorrect answers and are not legitimate terms for testing purposes. Answer C is incorrect because a demilitarized zone (DMZ) is an area between the Internet and the internal network.

*Which of the following are types of updates applied to systems? (Select all correct answers.) * a. Hotfix b. Service packs c. Patches d. Coldfix

a. *Hotfix* b. *Service packs* c. *Patches* Each of these describes types of updates that can be applied to a system. Answer D is incorrect.

Protecting Networks *Which of the following copies the traffic from all ports to a single port and disallows bidirectional traffic on that port?*

a. *Port spanning* Port spanning (also known as port mirroring) copies the traffic from all ports to a single port and disallows bidirectional traffic on that port.

*Which term describes the concept of using a data based IP network to add digital voice clients and new voice applications onto the IP network?* a. IP telephony b. Virtualization c. Loop protection d. Captive portals

a. *IP telephony* Using Internet Protocol (IP), various services such as voice, video, and data can be combined (multiplexed) and transported under a universal format. IP telephony is using a data based IP network to add digital voice clients and new voice applications onto the IP network.

Access Control and Identity Management *You've been given notice that you'll soon be transferred to another site. Before you leave, you're to audit the network and document everything in use and the reason why it's in use. The next administrator will use this documentation to keep the network running. Which of the following protocols isn't a tunneling protocol but is probably used at your site by tunneling protocols for network security?*

a. *IPSec* IPSec provides network security for tunneling protocols. IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security.

Access Control and Identity Management *What is invoked when a person claims they are the user but cannot be authenticated—such as when they lose their password?*

a. *Identity proofing* Identity proofing is invoked when a person claims they are the user but cannot be authenticated, such as when they lose their password.

*Which is the best access control constraint to protect against accidental unauthorized access?* a. Implicit denial b. Least privilege c. Separation of duties d. Account expiration

a. *Implicit denial* The default assignment of an implicit denial, overridden by explicit grants of access aids in protecting resources against accidental access during normal network operations. Answer B is incorrect because least privilege is a principle of assigning only those rights necessary to perform assigned tasks. Answer C is incorrect because separation of duties is focused on ensuring that action and validation practices are performed separately. Answer D is incorrect because account expiration protocols ensure that individual accounts do not remain active past their designated lifespan, but they do nothing to protect against accidental resource availability for currently enabled accounts.

Disaster Recovery and Incident Response *Your organization is exploring data-loss prevention (DLP) solutions. The proposed solution is a software network solution that would be installed near the network perimeter to monitor for and flag policy violations. This solution is targeting which of the following data states?* a. In-transit b. At-rest c. In-use d. In-arrival

a. *In-transit* Protection of data in-transit is considered to be a network solution and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer B is incorrect because protection of data at-rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer C is incorrect because protection of data in-use is considered to be an endpoint solution and the application is run on end-user workstations or servers in the organization. Answer D is incorrect because there is no such data state.

Security and Vulnerability in the Network *Which Windows workstation feature is accused of—sometimes inadvertently—making network bridging possible and introducing security concerns?* a. Internet Connection Sharing b. Windows Firewall c. Network Address Translation d. Dynamic Naming Service

a. *Internet Connection Sharing* ICS—Internet Connection Sharing—is accused of (sometimes inadvertently) making network bridging possible and introducing security concerns.

*Communications between different IP devices on a network is handled by one of the core protocols of TCP/IP, namely, _______________.* a. Internet Control Message Protocol (ICMP) b. Network Basic Input/Output System (NetBIOS) c. Telnet d. Simple Network Management Protocol (SNMP)

a. *Internet Control Message Protocol (ICMP)* Different IP devices on a network often need to share between them specific information. However, IP does not have the capability for devices to exchange these low-level control messages. The communications between devices is handled by one of the core protocols of TCP/IP, namely, Internet Control Message Protocol (ICMP).

*_______________ is an IP-based storage networking standard for linking data storage facilities.* a. Internet Small Computer System Interface (iSCSI) b. Internet Control Message Protocol (ICMP) c. Simple Network Management Protocol (SNMP) d. Network Basic Input/Output System (NetBIOS)

a. *Internet Small Computer System Interface (iSCSI)* iSCSI (Internet Small Computer System Interface) is an IP-based storage networking standard for linking data storage facilities. Because it works over a standard IP network, iSCSI can transmit data over LANs, wide area networks (WANs), and the Internet.

Educating and Protecting the User *at.allow is an access control that allows only specific users to use the service. What is at.deny?*

a. *It does not allow users named in the file to access the system.* The at.deny file does not allow users named in the file to access the system.

Physical and Hardware-Based Security *In a hot and cold aisle system, what is the typical method of handling cold air?* a. It is pumped in from below raised floor tiles. b. It is pumped in from above through the ceiling tiles. c. Only hot air is extracted and cold air is the natural result. d. Cold air exists in each aisle.

a. *It is pumped in from below raised floor tiles.* With hot and cold aisles, cold air is pumped in from below raised floor tiles.

*Which of the following is true of Pretty Good Privacy (PGP)? (Select the two best answers.)* a. It uses a web of trust. b. It uses a hierarchical structure. c. It uses public key encryption. d. It uses private key encryption.

a. *It uses a web of trust.* c. *It uses public key encryption.* PGP uses a web of trust rather than the hierarchical structure. It also uses public key encryption. Based on this, answers B and D are incorrect.

*_______________ limits the amount of time that individuals have to manipulate security configurations.* a. Job rotation b. Mandatory vacation c. Separation of duties d. Least privilege

a. *Job rotation* Job rotation limits the amount of time that individuals are in a position to manipulate security configurations.

Wireless Networking Security *If the interconnection between the WAP server and the Internet isn't encrypted, packets between the devices may be intercepted. What is this vulnerability known as?* a. Packet sniffing b. Minding the gap c. Middle man d. Broken promise

a. *Packet sniffing* If the interconnection between the WAP server and the Internet isn't encrypted, packets between the devices may be intercepted and this is known as packet sniffing.

Cryptography Basics *After returning from a conference in Jamaica, your manager informs you that he has learned that law enforcement has the right, under subpoena, to conduct investigations using keys. He wants you to implement measures to make such an event run smoothly should it ever happen. What is the process of storing keys for use by law enforcement called?*

a. *Key escrow* Key escrow is the process of storing keys or certificates for use by law enforcement. Law enforcement has the right, under subpoena, to conduct investigations using these keys.

*Which of the following is a denial-of-service attack that uses network packets that have been spoofed so that the source and destination address are that of the victim?* a. Land b. Teardrop c. Smurf d. Fraggle

a. *Land* A land DoS attack uses network packets that have been spoofed so that the source and destination address are that of the victim. A teardrop attack uses fragmented IP packets. Smurf and fraggle attacks use spoofed ICMP and UDP packets, respectively, against an amplification network.

*_______________ is a proprietary EAP method developed by Cisco Systems and is based on the Microsoft implementation of Challenge Handshake Authentication Protocol (CHAP).* a. Lightweight EAP (LEAP) b. Advanced Encryption Standard (AES) c. Protected EAP (PEAP) d. Temporal Key Integrity Protocol (TKIP)

a. *Lightweight EAP (LEAP)* Lightweight EAP (LEAP) is a proprietary EAP method developed by Cisco Systems and is based on the Microsoft implementation of CHAP. It requires mutual authentication used for WLAN encryption using Cisco client software (there is no native support for LEAP in Microsoft Windows operating systems).

Security and Vulnerability in the Network *What is the name given to the activity that consists of collecting information that will be later used for monitoring and review purposes?* a. Logging b. Auditing c. Inspecting d. Vetting

a. *Logging* Logging is the process of collecting data to be used for monitoring and auditing purposes. Auditing is the process of verification that normally involves going through log files; therefore, answer B is incorrect. Typically, the log files are frequently inspected, and inspection is not the process of collecting the data; therefore, answer C is incorrect. Vetting is the process of thorough examination or evaluation; therefore, answer D is incorrect.

Threats and Vulnerabilities *Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you dialed in to the Internet. Which kind of attack has probably occurred?*

a. *Logic bomb* A logic bomb notifies an attacker when a certain set of circumstances has occurred. This may in turn trigger an attack on your system.

*Which of the following is not an example of multifactor authentication?* a. Logon and password b. Smart card and PIN c. RFID chip and thumbprint d. Gait and iris recognition e. Location and CAC

a. *Logon and password* Both logon and password represent a form of "what you know" authentication. Answers B, C, D, and E are all incorrect because they represent paired multifactor forms of authentication. A smart card and PIN represent what you have and know, and an RFID chip and thumbprint link what you have with what you are. Gait is a measure of what you do, and iris details are an example of what you are. Somewhere you are is a location, which could be based on GPS coordinates or IP address, and a common access card (CAC) is something you have.

*After a new switch was implemented, some sporadic connectivity issues on the network have occurred. The issues are suspected to be device related. Which of the following would the organization implement as a method for additional checks in order to prevent issues?* a. Loop protection b. Flood guard c. Implicit deny d. Port security

a. *Loop protection* The loop protection feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with denial-of-service (DoS) attacks. Answer C is incorrect because implicit deny is an access control practice wherein resource availability is restricted to only those logons explicitly granted access. Answer D is incorrect because port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port.

Access Control and Identity Management *Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the method is to be one that is primarily based on preestablished access and can't be changed by users?*

a. *MAC* Mandatory Access Control (MAC) is oriented toward preestablished access. This access is typically established by network administrators and can't be changed by users.

*Which form of access control relies on labels for access control management?* a. MAC b. DAC c. Role-based (RBAC) d. Rule-based (RBAC)

a. *MAC* Mandatory access control (MAC) systems require assignment of labels such as Public, Secret, and Sensitive to provide resource access. Answer B is incorrect because discretionary access control (DAC) systems allow data owners to extend access rights to other logons based on explicit assignments or inherited group membership. Answers C and D are incorrect because both RBAC access control forms rely on conditional assignment of access rules either inherited (role based) or by environmental factors such as time of day or secured terminal location (rule based).

Protecting Networks *A junior administrator bursts into your office with a report in his hand. He claims that he has found documentation proving that an intruder has been entering the network on a regular basis. Which of the following implementations of IDS detects intrusions based on previously established rules that are in place on your network?*

a. *MD-IDS* By comparing attack signatures and audit trails, a misuse-detection IDS determines whether an attack is occurring.

Threats and Vulnerabilities *An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute?*

a. *Man-in-the-middle attack* A man-in-the-middle attack attempts to fool both ends of a communications session into believing the system in the middle is the other end.

Protecting Networks *The IDS console is known as what?*

a. *Manager* The IDS console is known as the manager.

*Which one of the following is a holding area between two entry points that gives security personnel time to view a person before allowing him into the internal building?* a. Mantrap b. Biometric c. Honeypot d. Honeynet

a. *Mantrap* A mantrap is a physical security control that is a holding area between two entry points that gives security personnel time to view a person before allowing him into the internal building. Biometrics typically incorporate something about the person, such as retina scan or fingerprint, to allow access, and so Answer B is incorrect. Answers C and D are also incorrect as these describe controls not related to physical security.

Educating and Protecting the User *For which U.S. organization was the Bell-LaPadula model designed?*

a. *Military* The Bell-LaPadula model was originally designed for use by the military.

*Which one of the following controls are physical security measures? (Select all correct answers.)* a. Motion detector b. Antivirus software c. CCTV d. Fence

a. *Motion detector* c. *CCTV* d. *Fence* Motion detectors, CCTV, and fencing are all controls used for physical security. Antivirus is not a physical security control, but a control used to protect computer systems from malware, and therefore Answer B is incorrect.

Access Control and Identity Management *After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon?*

a. *Multifactor* A multifactor authentication method uses two or more processes for logon. A two-factor method might use smart cards and biometrics for logon.

*TCP/IP uses its own four-layer architecture that includes _______________ layers.* a. Network Interface, Internet, Transport, and Application b. Network Interface, Network, Transport, and Application c. Network Interface, Internet, Transport, and Authentication d. Network Interface, Network, Transport, and Authentication

a. *Network Interface, Internet, Transport, and Application* TCP/IP uses its own four-layer architecture that includes Network Interface, Internet, Transport, and Application layers.

*Which term describes a technique that allows private IP addresses to be used on the public Internet?* a. Network address translation (NAT) b. Port address translation (PAT) c. Network access control (NAC) d. Loop protection

a. *Network address translation (NAT)* Network address translation (NAT) is a technique that allows private IP addresses to be used on the public Internet.

Operating System and Application Security *Users are complaining about name resolution problems suddenly occurring that were never an issue before. You suspect that an intruder has compromised the integrity of the DNS server on your network. What is one of the primary ways in which an attacker uses DNS?*

a. *Network footprinting* DNS records in a DNS server provide insights into the nature and structure of a network. DNS records should be kept to a minimum in public DNS servers. Network footprinting involves the attacker collecting data about the network to devise methods of intrusion.

Infrastructure and Connectivity *At which layer of the OSI model does the Internet Protocol Security protocol function?* a. Network layer b. Presentation layer c. Session layer d. Application layer

a. *Network layer* IPsec validation and encryption function at the network layer of the OSI model. Answers B, C, and D are incorrect because IPsec functions at a lower level of the OSI model.

Protecting Networks *Which of the following can be used to monitor a network for unauthorized activity? (Choose two.)*

a. *Network sniffer* b. *NIDS* Network sniffers and NIDSs are used to monitor network traffic. Network sniffers are manually oriented, whereas an NIDS can be automated.

Network Security *Which type of switch network monitoring is best suited for high-speed networks that have a large volume of traffic?* a. Network tapping b. Port mirroring c. Load balancing d. Packet filtering

a. *Network tapping* A network tap is generally best for high-speed networks that have a large volume of traffic, while port mirroring is better for networks with light traffic.

*The sender of data is provided with proof of delivery, and neither the sender nor receiver can deny either having sent or received the data. What is this called?* a. Nonrepudiation b. Repetition c. Nonrepetition d. Repudiation

a. *Nonrepudiation* Nonrepudiation means that neither party can deny either having sent or received the data in question. Both answers B and C are incorrect. And repudiation is defined as the act of refusal; therefore, answer D is incorrect.

*Which of the following are used to verify the status of a certificate? (Select two correct answers.)* a. OCSP b. CRL c. OSPF d. ACL

a. *OCSP* b. *CRL* The Online Certificate Status Protocol (OCSP) and the certificate revocation list (CRL) are used to verify the status of digital certificates. OSPF is a routing protocol; therefore, answer C is incorrect. An ACL is used to define access control; therefore, answer D is incorrect.

*What is a significant difference between vulnerability scanners and penetration testing?* a. One tests both the infrastructure and personnel. b. One only tests internal weaknesses. c. One only tests for configuration errors. d. One is used to find problems before hackers do.

a. *One tests both the infrastructure and personnel.* The primary difference between vulnerability assessment and penetration testing is that penetration testing tests both the infrastructure and the personnel. Vulnerability assessment is performed by a security administrator using an automated tool that is designed solely to test the configuration of target systems

Access Control and Identity Management *Which one of the following defines APIs for devices such as smart cards that contain cryptographic information?* a. PKCS #11 b. PKCS #13 c. PKCS #4 d. PKCS #2

a. *PKCS #11* PKCS #11, the Cryptographic Token Interface Standards, defines an API named Cryptoki for devices holding cryptographic information. Answer B is incorrect because PKCS #13 is the Elliptic Curve Cryptography (ECC) standard. Both answers C and D are incorrect because PKCS #4 and PKCS #2 no longer exist and have been integrated into PKCS #1, RSA Cryptography Standard.

Access Control and Identity Management *Which protocol is unsuitable for WAN VPN connections?*

a. *PPP* PPP provides no security, and all activities are unsecure. PPP is primarily intended for remote connections and should never be used for VPN connections.

*_______________ is designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords.* a. Protected EAP (PEAP) b. Lightweight EAP (LEAP) c. Temporal Key Integrity Protocol (TKIP) d. PSK2-mixed mode

a. *Protected EAP (PEAP)* Protected EAP (PEAP) is designed to simplify the deployment of 802.1x by using Microsoft Windows logins and passwords. PEAP is considered a more flexible PEAP scheme because it creates an encrypted channel between the client and the authentication server, and the channel then protects the subsequent user authentication exchange.

Disaster Recovery and Incident Response *There have been some sporadic connectivity issues on the network. Which of the following is the best choice to investigate these issues?* a. Protocol analyzer b. Circuit-level gateway logs c. Spam filter appliance d. Web application firewall logs

a. *Protocol analyzer* Protocol analyzers help you troubleshoot network issues by gathering packet-level information across the network. These applications capture packets and can conduct protocol decoding, putting the information into readable data for analysis. Answer B is incorrect because a circuit-level gateway filters based on source and destination addresses. Answer C is incorrect because all-in-one spam filter appliances allow for checksum technology, which tracks the number of times a particular message has appeared, and message authenticity checking, which uses multiple algorithms to verify authenticity of a message. Answer D is incorrect because a web application firewall is software or a hardware appliance used to protect the organization's web server from attack.

Disaster Recovery and Incident Response *You've been brought in as a temporary for FRS, Inc. The head of IT assigns you the task of evaluating all servers and their disks and making a list of any data not stored redundantly. Which disk technology isn't fault tolerant?* a. RAID 0 b. RAID 1 c. RAID 3 d. RAID 5

a. *RAID 0* RAID 0 is a method of spreading data from a single disk over a number of disk drives. It's used primarily for performance purposes.

*A rootkit has been discovered on your mission-critical database server. What is the best step to take to return this system to production?* a. Reconstitute it. b. Run an antivirus tool. c. Install an HIDS. d. Apply vendor patches.

a. *Reconstitute it.* The only real option to return a system to a secure state after a rootkit is reconstitution.

*Which of the following algorithms is now known as the Advanced Encryption Standard (AES)?* a. Rijndael b. 3DES c. RC6 d. Twofish e. CAST

a. *Rijndael* Rijndael was the winner of the new AES standard. Although RC6 and Twofish competed for selection, they were not chosen. 3DES and CAST did not participate; therefore, answers B, C, D, and E are incorrect.

Protecting Networks *Which of the following protocols supports DES, 3DES, RC2, and RSA2 encryption along with CHAP authentication, but was not widely adopted?* a. S-HTTP b. S/MIME c. HTTP d. PPTP

a. *S-HTTP* An alternative to HTTPS is the Secure Hypertext Transport Protocol (S-HTTP), which was developed to support connectivity for banking transactions and other secure web communications. S-HTTP was not adopted by the early web browser developers (for example, Netscape and Microsoft) and so remains less common than the HTTPS standard. Additionally, S-HTTP encrypts individual messages so it cannot be used for VPN security. Answer B is incorrect. S/MIME is used to encrypt electronic mail transmissions over public networks. Answer C is incorrect because HTTP is used for unsecured web-based communications. Answer D is incorrect because Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks.

Protecting Networks *Which of the following is most likely to use network segmentation as an alternate security method?* a. SCADA systems b. Mainframes c. Android d. Gaming consoles

a. *SCADA systems* Network segmentation is one of the most effective controls an organization can implement in order to mitigate the effect of a network intrusion. Due to the sensitive nature of supervisory control and data acquisition (SCADA) systems, they would most likely use network segmentation. Answer B is incorrect because mainframes would most likely use security layers. Answer C is incorrect because Android would most likely use security layers. Answer D is incorrect. Most gaming consoles use firmware version control as an alternative security method.

Operating System and Application Security *The flexibility of relational databases in use today is a result of which of the following?*

a. *SQL* SQL is a powerful database access language used by most relational database systems.

Physical and Hardware-Based Security *Which of the following methods is the most effective way to physically secure laptops that are used in an environment such as an office?* a. Security cables b. Server cages c. Locked cabinet d. Hardware dongle

a. *Security cables* Security cables with combination locks can provide such security and are easy to use. They are used mostly to secure laptops and leave the equipment exposed. Answer B is incorrect because PC Safe tower and server cages are designed to bolt to the floor and are meant to be in an environment that is static. Answer C is incorrect because a locked cabinet is an alternative for equipment that is not used or does not have to be physically accessed on a regular, daily basis. Vendors provide solutions such as a security cabinet locker that secures CPU towers. The housing is made of durable, heavy-duty steel for strength. Answer D is incorrect because a hardware dongle is used for license enforcement.

Security-Related Policies and Procedures *MTS is in the process of increasing all security for all resources. No longer will the legacy method of assigning rights to users as they're needed be accepted. From now on, all rights must be obtained for the network or system through group membership. Which of the following groups is used to manage access in a network?* a. Security group b. Single sign-on group c. Resource sharing group d. AD group

a. *Security group* A security group is used to manage user access to a network or system.

Operating System and Application Security *The administrator at MTS was recently fired, and it has come to light that he didn't install updates and fixes as they were released. As the newly hired administrator, your first priority is to bring all networked clients and servers up-to-date. What is a bundle of one or more system fixes in a single product called?*

a. *Service pack* A service pack is one or more repairs to system problems bundled into a single process or function.

*Which protocol is used to manage network equipment and is supported by most network equipment manufacturers?* a. Simple Network Management Protocol (SNMP) b. Internet Control Message Protocol (ICMP) c. Secure Copy Protocol (SCP) d. Transmission Control Protocol/Internet Protocol (TCP/IP)

a. *Simple Network Management Protocol (SNMP)* The Simple Network Management Protocol (SNMP) is a popular protocol used to manage network equipment and is supported by most network equipment manufacturers.

Protecting Networks *Which device monitors network traffic in a passive manner?*

a. *Sniffer* Sniffers monitor network traffic and display traffic in real time. Sniffers, also called network monitors, were originally designed for network maintenance and troubleshooting.

Educating and Protecting the User *As part of your training program, you're trying to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type?*

a. *Social engineering* Social engineering uses the inherent trust in the human species, as opposed to technology, to gain access to your environment.

Threats and Vulnerabilities *You're the administrator for a large bottling company. At the end of each month, you routinely view all logs and look for discrepancies. This month, your email system error log reports a large number of unsuccessful attempts to log on. It's apparent that the email server is being targeted. Which type of attack is most likely occurring?*

a. *Software exploitation attack* A software exploitation attack attempts to exploit weaknesses in software. A common attack attempts to communicate with an established port to gain unauthorized access. Most email servers use port 25 for email connections using SMTP.

*An authentication system relies on an RFID chip embedded in a plastic key together with the pattern of blood vessels in the back of an authorized user's hand. What types of authentication are being employed in this system?* a. Something you have and something you are b. Something you do and something you know c. Something you know and something you are d. Somewhere you are and something you have

a. *Something you have and something you are* The RFID-enabled key is a form of "something you have," and the blood vessel biometric signature is a form of "something you are." Answers B and C are incorrect because there are no "something you know" requirements, such as the input of a personal identification number (PIN) or password. Answer D is incorrect because the "somewhere you are," also known as geolocation, authentication factor is not mentioned in the question.

Network Security *Which type of firewall packet filtering looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator?* a. Stateless packet filtering b. Stateful packet filtering c. Switched packet filtering d. Secure packet filtering

a. *Stateless packet filtering* Packets can be filtered by a firewall in one of two ways. Stateless packet filtering looks at the incoming packet and permits or denies it based on the conditions that have been set by the administrator. Stateful packet filtering keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions.

Disaster Recovery and Incident Response *Which of the following outlines those internal to the organization who have the ability to step into positions when they open?* a. Succession planning b. Progression planning c. Emergency planning d. Eventuality planning

a. *Succession planning* Succession planning outlines those internal to the organization who have the ability to step into positions when they open.

*Which of the following is a non-proprietary protocol that provides authentication and authorization as well as accounting of access requests against a centralized service for authorization of access requests?* a. TACACS+ b. SAML c. Secure LDAP d. XTACACS

a. *TACACS+* TACACS+, released as an open standard, is a protocol that provides authentication and authorization as well as accounting of access requests against a centralized service for authorization of access requests. TACACS+ is similar to RADIUS but uses TCP instead of RADIUS's UDP transport. Answer B is incorrect because SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) framework for creating and exchanging security information between online partners. Answer C is incorrect because secure LDAP is a way to make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. Answer D is incorrect because XTACACS is a proprietary version of the original TACACS protocol that was developed by Cisco.

Threats and Vulnerabilities *A server on your network will no longer accept connections using TCP. The server indicates that it has exceeded its session limit. Which type of attack is probably occurring?*

a. *TCP ACK attack* A TCP ACK attack creates multiple incomplete sessions. Eventually, the TCP protocol hits a limit and refuses additional connections.

*A man-in-the-middle attack takes advantage of which of the following?* a. TCP handshake b. UDP handshake c. Juggernaut d. All of the above

a. *TCP handshake* TCP is a connection-oriented protocol, which uses a three-way handshake to establish and close a connection. Answers B, C, and D are incorrect. A man-in-the-middle attack takes advantage of this handshake by inserting itself in the middle. UDP is a connectionless protocol and does not use a handshake to establish a connection. Juggernaut describes a program that helps make man-in-the-middle attacks easier.

Wireless Networking Security *Which encryption technology is associated with WPA?* a. TKIP b. CCMP c. WEP d. LDAP

a. *TKIP* The encryption technology associated with WPA is TKIP.

Cryptography Basics *Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols?*

a. *TLS* TLS is a security protocol that uses SSL, and it allows the use of other security protocols.

*Which type of risk control involves enforcing technology to control risk, such as antivirus software, firewalls, and encryption?* a. Technical b. System c. Management d. Operational

a. *Technical* Technical risk control types involve enforcing technology to control risk, such as antivirus software, firewalls, and encryption.

*Which term describes both an older TCP/IP protocol for text-based communication and a terminal emulation program?* a. Telnet b. File Transfer Protocol (FTP) c. Network Basic Input/Output System (NetBIOS) d. Secure Network Management Protocol (SNMP)

a. *Telnet* Telnet is an older TCP/IP protocol for text-based communication. In addition, Telnet is also an application. This application is a terminal emulation program that runs on a local computer that connects to a server on the network. Commands can be entered using the Telnet application to the remote server as if the user was at the server itself.

*The heart and soul of WPA is a newer encryption technology called _______________.* a. Temporal Key Integrity Protocol (TKIP) b. Advanced Encryption Standard (AES) c. Triple DES d. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

a. *Temporal Key Integrity Protocol (TKIP)* The heart and soul of WPA is a newer encryption technology called Temporal Key Integrity Protocol (TKIP). TKIP functions as a "wrapper" around WEP by adding an additional layer of security but still preserving WEP's basic functionality.

Security-Related Policies and Procedures *A policy of mandatory vacations should be implemented in order to assist in:* a. The prevention of fraud b. Identifying employees no longer needed c. Reducing insurance expenses d. Enforcing privilege management

a. *The prevention of fraud* A policy of mandatory vacations should be implemented in order to assist in the prevention of fraud.

Access Control and Identity Management *Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data you work with, it's imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session?*

a. *Tokens* Tokens are created when a user or system successfully authenticates. The token is destroyed when the session is over.

Educating and Protecting the User *Which of the following is the highest classification level in the government?*

a. *Top Secret* Top Secret is the highest classification level in the government.

*What is the most common protocol used today for both local area networks (LANs) and the Internet?* a. Transmission Control Protocol/Internet Protocol (TCP/IP) b. Secure Sockets Layer (SSL) c. Hypertext Transport Protocol Secure (HTTPS) d. Domain Name System (DNS)

a. *Transmission Control Protocol/Internet Protocol (TCP/IP)* Computer networks also have protocols, or rules for communication. These protocols are essential for proper communication to take place between network devices. The most common protocol used today for both local area networks (LANs) and the Internet is Transmission Control Protocol/Internet Protocol (TCP/IP).

Threats and Vulnerabilities *A mobile user calls you from the road and informs you that his laptop is exhibiting erratic behavior. He reports that there were no problems until he downloaded a tic-tac-toe program from a site that he had never visited before. Which of the following terms describes a program that enters a system disguised in another program?*

a. *Trojan horse virus* A Trojan horse enters with a legitimate program to accomplish its nefarious deeds.

Access Control and Identity Management *Which technology allows a connection to be made between two networks using a secure protocol?*

a. *Tunneling* Tunneling allows a network to make a secure connection to another network through the Internet or other network. Tunnels are usually secure and present themselves as extensions of both networks.

Access Control and Identity Management *You're the administrator for Mercury Technical. Due to several expansions, the network has grown exponentially in size within the past two years. Which of the following is a popular method for breaking a network into smaller private networks that can coexist on the same wiring and yet be unaware of each other?*

a. *VLAN* Virtual local area networks (VLANs) break a large network into smaller networks. These networks can coexist on the same wiring and be unaware of each other. A router or other routing-type device would be needed to connect these VLANs.

*You are setting up an FTP server that needs to be accessed by both the employees and external contractors. What type of architecture should you implement?* a. VLAN b. DMZ c. NAT d. VPN

a. *VLAN* b. *DMZ* c. *NAT* All except answers D and E are advantages of honeypots and honeynets. Currently, the legal implications of using such systems are not that well defined, and the use of these systems typically requires more administrative resources.

*Which of the following is a cloud-based security solution mainly found in private data centers?* a. VPC b. HSM c. TPM d. PKI

a. *VPC* The HSM and cloud machines can both live on the same virtual private network through the use of a virtual private cloud (VPC) environment. This type of solution is mainly found in private datacenters that manage and offload cryptography with dedicated hardware appliances. Answer B is incorrect because traditionally HSMs have been used in the banking sector to secure numerous large, bulk transactions. Answer C is incorrect because TPM refers to a secure crypto-processor used to authenticate hardware devices such as a PC or laptop. Answer D is incorrect because public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

*Which one of the following is not considered a physical security component?* a. VPN tunnel b. Mantrap c. Fence d. CCTV

a. *VPN tunnel* A VPN tunnel is an example of data security, not physical security. Mantrap, fence, and CCTV are all components of physical security; therefore, answers B, C, and D are incorrect.

Network Security *What term refers to a technology that enables authorized users to use an unsecured public network, such as the Internet, as if it were a secure private network?* a. Virtual private network (VPN) b. Gateway c. Intrusion detection system (IDS) d. Port mirroring

a. *Virtual private network (VPN)* A virtual private network (VPN) is a technology that enables authorized users to use an unsecured public network, such as the Internet, as if it were a secure private network.

*Which of the following provide a "sandboxed" system that can be used to investigate malware?* a. Virtualization b. Network storage c. Host software baselining d. Application baselining

a. *Virtualization* A virtualized "sandboxed" guest system can help in computer-security research, which enables the study of the effects of some viruses or worms without the possibility of compromising the host system. Answer B is incorrect because network storage has nothing to do with desktop management. Answer C is incorrect because host software baselining can be done for a variety of reasons including malware monitoring and creating system images. Answer D is incorrect because application baselining is used to monitor changes in application behavior.

Security and Vulnerability in the Network *Nessus is a tool that performs which security function?* a. Vulnerability scanning b. Penetration testing c. Ethical hacking d. Loop protection

a. *Vulnerability scanning* Nessus is one of the better-known vulnerability scanners.

*Which of the following provides government-grade security by implementing the AES encryption algorithm and 802.1X-based authentication?* a. WPA2 b. WEP c. WPA d. WAP

a. *WPA2* WPA2 is based on the IEEE 802.11i standard and provides government-grade security by implementing the AES encryption algorithm and 802.1X-based authentication. Answer B is incorrect because the WEP standard was proven to be unsecure and has been replaced by the newer WPA standards. Answer C is incorrect because the early WPA standard has been superseded by the WPA2 standard, implementing the full 802.11i-2004 amendment. Answer D is incorrect because a WAP refers to a wireless access point, which is the wireless network hardware that functions in the place of a wired switch.

Wireless Networking Security *Which of the following manages the session information and connection between wireless devices?* a. WSP b. WPD c. WPT d. WMD

a. *WSP* WSP (Wireless Session Protocol) manages the session information and connection between wireless devices.

Security-Related Policies and Procedures *Which of the following is not a principal concern for first responders to a hacking incident within a corporation operating in the United States?* a. Whether EMI shielding is intact b. Whether data is gathered properly c. Whether data is protected from modification d. Whether collected data is complete

a. *Whether EMI shielding is intact* EMI shielding is important to protecting data and services against unauthorized interception as well as interference but is not a principal concern for first responders following an incident. First responders must ensure that data is collected correctly and protect it from modification using proper controls ensuring a clear chain of evidence, making answers B and C incorrect. Answer D is incorrect because a first responder might be the only agent able to ensure that all data is collected before being lost due to volatility of storage.

Cryptography Basics *Which set of specifications is designed to allow XML-based programs access to PKI services?*

a. *XKMS* XML Key Management Specification (XKMS) is designed to allow XML-based programs access to PKI services.

Physical and Hardware-Based Security *You're the administrator for MTS. You're creating a team that will report to you, and you're attempting to divide the responsibilities for security among individual members. Similarly, which of the following access methods breaks a large area into smaller areas that can be monitored individually?* a. Zone b. Partition c. Perimeter d. Floor

a. *Zone* A security zone is a smaller part of a larger area. Security zones can be monitored individually if needed. Answers B, C, and D are examples of security zones.

*A(n) _______________ access point (AP) uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials, providing a higher degree of security.* a. captive portal b. open portal c. closed portal d. Internet portal

a. *captive portal* A captive portal AP uses a standard web browser to provide information, and gives the wireless user the opportunity to agree to a policy or present valid login credentials, providing a higher degree of security.

*A _______________ cloud is a cloud that is open only to specific organizations that have common concerns.* a. community b. public c. hybrid d. private

a. *community* A community cloud is a cloud that is open only to specific organizations that have common concerns.

*Risk _______________ involves understanding something about the attacker and then informing him of the harm that may come his way if he attacks an asset.* a. deterrence b. mitigation c. transference d. avoidance

a. *deterrence* Risk deterrence involves understanding something about the attacker and then informing him of the harm that may come his way if he attacks an asset.

*A _______________ is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a denial of service (DoS) attack.* a. flood guard b. virtual local area network (VLAN) c. network intrusion detection system (NIDS) d. virtual private network (VPN) concentrator

a. *flood guard* One defense against DoS and DDoS SYN flood attacks is to use a flood guard. A flood guard is a feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS attack.

*In _______________ virtualization, an entire operating system environment is simulated.* a. host b. network c. application d. cloud

a. *host* One type of virtualization in which an entire operating system environment is simulated is known as host virtualization. Instead of using a physical computer, a virtual machine, which is a simulated software-based emulation of a computer, is created. The host system (the operating system installed on the computer's hardware) runs a hypervisor that manages the virtual machine operating systems and supports one or more guest systems (a foreign virtual operating system).

Security and Vulnerability in the Network *You want to implement MAC filtering on a small network but do not know the MAC address of a Linux-based workstation. Which command-line tool can you run on the workstation to find the MAC address?* a. ifconfig b. ifconfig /show c. ipconfig d. ipconfig /all

a. *ifconfig* The command ifconfig will show the MAC address on the Linux or Unix-based workstation.

*An advantage of _______________ is that it helps to expose any potential avenues for fraud by having multiple individuals with different perspectives learn about the job and uncover vulnerabilities that someone else may have overlooked.* a. job rotation b. mandatory vacation c. separation of duties d. least privilege

a. *job rotation* An advantage of job rotation is that it helps to expose any potential avenues for fraud by having multiple individuals with different perspectives learn about the job and uncover vulnerabilities that someone else may have overlooked.

Network Security *Using _______________, filters can assess if a webpage contains any malicious elements or exhibits any malicious behavior, and then flag questionable pages with a warning message.* a. malware inspection and filtering b. content inspection c. uniform resource locator (URL) filtering d. detailed reporting

a. *malware inspection and filtering* With malware inspection and filtering, filters can assess if a webpage contains any malicious elements or exhibits any malicious behavior, and then flag questionable pages with a warning message.

*In redundancy and fault tolerance, the term _______________ describes the average amount of time that it will take a device to recover from a failure that is not a terminal failure.* a. mean time to recovery b. failure In Time c. mean time between failures d. mean time to failure

a. *mean time to recovery* Mean time to recovery (MTTR) is the average amount of time that it will take a device to recover from a failure that is not a terminal failure.

*Ports can be secured through disabling unused interfaces, using _______________, and through IEEE 802.1x.* a. media access control (MAC) limiting and filtering b. virtual private network (VPN) tunneling c. packet sniffers d. virtual local area networks (VLANs)

a. *media access control (MAC) limiting and filtering* Ports can be secured through disabling unused interfaces, using MAC limiting and filtering, and through IEEE 802.1x.

*The goal of _______________ is to prevent computers with suboptimal security from potentially infecting other computers through the network.* a. network access control (NAC) b. virtualization c. captive portals d. port security

a. *network access control (NAC)* The goal of NAC is to prevent computers with suboptimal security from potentially infecting other computers through the network.

*A weakness of FTPS is that although the control port commands are encrypted, the data port (_______________) may or may not be encrypted.* a. port 20 b. port 21 c. port 25 d. port 80

a. *port 20* A weakness of FTPS is that although the control port commands are encrypted, the data port (port 20) may or may not be encrypted.

*By using _______________, instead of giving each outgoing packet a different IP address, each packet is given the same IP address but a different TCP port number.* a. port address translation (PAT) b. network access control (NAC) c. network address translation (NAT) d. port mirroring

a. *port address translation (PAT)* A variation of NAT is port address translation (PAT). Instead of giving each outgoing packet a different IP address, each packet is given the same IP address but a different TCP port number. This allows a single public IP address to be used by several users.

Network Security *A(n) _______________ captures packets to decode and analyzes their contents.* a. protocol analyzer b. load balancer c. Internet content filter d. spam filter

a. *protocol analyzer* A protocol analyzer captures packets to decode and analyzes their contents.

Network Security *A(n) _______________ is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user.* a. proxy server b. load balancer c. network tap d. Internet content filter

a. *proxy server* A proxy server is a computer or an application program that intercepts user requests from the internal secure network and then processes that request on behalf of the user.

*Within a firewall rule, the _______________ describes the TCP/IP port number being used to send packets of data through.* a. source port b. destination port c. source address d. destination address

a. *source port* The source port is the TCP/IP port number being used to send packets of data through. Options for setting the source port often include a specific port number, a range of numbers, or Any (port).

*One way to provide network separation is to physically separate users by connecting them to different _______________.* a. switches and routers b. hubs c. mirrored ports d. operating systems

a. *switches and routers* One way to provide network separation is to physically separate users by connecting them to different switches and routers. This prevents bridging and even prevents a reconfigured device from allowing that connection to occur.

Which of the following are used for loop avoidance? a. Link-state advertisements b. Poison reverse c. Route discovery d. Split horizon

b and d. Poison reverse and split horizon are used for loop avoidance. Link-state advertisements are what OSPF uses to advertise its links, and route discovery is a process of discovering all available routes.

*The IEEE 802.1x standard provides the highest degree of port security by implementing port-based _______________.* a. encryption b. authentication c. auditing d. integrity

b. *authentication* The IEEE 802.1x standard provides the highest degree of port security by implementing port-based authentication.

Network Security *A more "intelligent" firewall is a(n) _______________ firewall, sometimes called a next-generation firewall (NGFW).* a. rule-based b. application-aware c. hardware-based d. host-based

b. *application-aware* A more "intelligent" firewall is an application-aware firewall, sometimes called a next-generation firewall (NGFW).

*An asset is valued at $12,000, the threat exposure factor of a risk affecting that asset is 25%, and the annualized rate of occurrence is 50%. What is the SLE?* a. $1,500 b. $3,000 c. $4,000 d. $6,000

b. *$3,000* The single loss expectancy (SLE) is the product of the value ($12,000) and the threat exposure (.25), or $3,000. Answer A is incorrect because $1,500 represents the annualized loss expectancy (ALE), which is the product of the SLE and the annualized rate of occurrence (ARO). Answers C and D are incorrect calculated values.

Disaster Recovery and Incident Response *What is the maximum number of drive failures a RAID 5 array can survive from and still be able to function?* a. 0 b. 1 c. 2 d. More than 2

b. *1* A RAID 5 array can survive the failure of any one drive and still be able to function. It can't survive the failure of multiple drives.

*Which port does the Internet Message Access Protocol (IMAP) use?* a. 25 b. 143 c. 443 d. 3389

b. *143* The Internet Message Access Protocol (IMAP) uses port 143.

*If an organization takes a full backup every Sunday morning and a daily differential backup each morning, what is the fewest number of backups that must be restored following a disaster on Friday?* a. 1 b. 2 c. 5 d. 6

b. *2* With a differential backup scheme, only the last full and last differential backup need to be restored, making answer C incorrect as well. Daily full backups would require only the last full backup, making answer A incorrect in this configuration. Answer D would be correct in an incremental rather than a differential backup setting, where the last full and all intervening incremental backups must be restored for recovery.

*You want to be sure that the FTP ports that are required for a contract worker's functionality have been properly secured. Which of the following ports would you check?* a. 25/110/143 b. 20/21 c.137/138/139 d. 53

b. *20/21* Ports 20 and 21 are used for FTP. Answer A is incorrect because these ports are used for email. Answer C is incorrect because these NetBIOS ports are required for certain Windows network functions such as file sharing. Answer D is incorrect because this port is used for DNS.

*Which port does the Secure Shell (SSH) protocol use?* a. 21 b. 22 c. 139 d. 443

b. *22* The Secure Shell (SSH) protocol uses port 22.

Wireless Networking Security *What is the size of the initialization vector (IV) that WEP uses for encryption?* a. 6-bit b. 24-bit c. 56-bit d. 128-bit

b. *24-bit* The initialization vector (IV) that WEP uses for encryption is 24-bit.

*What is the proper humidity level or range for IT environments?* a. Below 40 percent b. 40 percent to 60 percent c. Above 60 percent d. 20 percent to 80 percent

b. *40 percent to 60 percent* The proper humidity level or range for IT environments is 40% RH to 60% RH.

*Which port does the Domain Name System (DNS) protocol use?* a. 25 b. 53 c. 80 d. 443

b. *53* The Domain Name System (DNS) protocol uses port 53.

Network Security *What feature distinguishes a network intrusion prevention system (NIPS) from a network intrusion detection system (NIDS)?* a. A NIPS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis. b. A NIPS is located "in line" on the firewall itself. c. A NIPS is designed to integrate with existing antivirus, antispyware, and firewalls that are installed on the local host computer. d. A NIPS can use a protocol stack verification technique.

b. *A NIPS is located "in line" on the firewall itself.* One of the major differences between a NIDS and a NIPS is its location. A NIDS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis. A NIPS, on the other hand, would be located "in line" on the firewall itself. This can allow the NIPS to more quickly take action to block an attack.

Educating and Protecting the User *You have recently had security breaches in the network. You suspect they might be coming from a telecommuter's home network. Which of the following devices would you use to require a secure method for employees to access corporate resources while working from home?* a. A router b. A VPN concentrator c. A firewall d. A network-based IDS

b. *A VPN concentrator* A VPN concentrator is used to allow multiple users to access network resources using secure features that are built in to the device and are deployed where the requirement is for a single device to handle a very large number of VPN tunnels. Answer A is incorrect because a router forwards information to its destination on the network or the Internet. A firewall protects computers and networks from undesired access by the outside world; therefore, answer C is incorrect. Answer D is incorrect because network-based intrusion-detection systems monitor the packet flow and try to locate packets that are not allowed for one reason or another and might have gotten through the firewall.

*Which of the following statements best describes nonrepudiation?* a. A set of mathematical rules used in encryption b. A means of proving that a transaction occurred c. A method of hiding data in another message d. A drive technology used for redundancy and performance improvement

b. *A means of proving that a transaction occurred* Nonrepudiation means that neither a sender nor a receiver can deny sending or receiving a message or data. Answer A is incorrect because it describes an algorithm. Answer C is incorrect because it describes steganography. Answer D is incorrect because it describes RAID.

Threats and Vulnerabilities *You're working late one night, and you notice that the hard disk on your new computer is very active even though you aren't doing anything on the computer and it isn't connected to the Internet. What is the most likely suspect?*

b. *A virus is spreading in your system.* A symptom of many viruses is unusual activity on the system disk. This is caused by the virus spreading to other files on your system.

*Which of the following best describes why a requesting device might believe that incoming ARP replies are from the correct devices?* a. ARP requires validation. b. ARP does not require validation. c. ARP is connection oriented. d. ARP is connectionless.

b. *ARP does not require validation.* ARP is a protocol used for mapping IP addresses to MAC addresses. It does not require validation, thus answer A is incorrect. Answers C and D are incorrect because connection oriented and connectionless are used to describe communications between two endpoints in which a message is sent with or without prior arrangement.

Physical and Hardware-Based Security *After a number of minor incidents at your company, physical security has suddenly increased in priority. No unauthorized personnel should be allowed access to the servers or workstations. The process of preventing access to computer systems in a building is called what?* a. Perimeter security b. Access control c. Security zones d. IDS systems

b. *Access control* Access control is the primary process of preventing access to physical systems.

*Which password standard provides the best opportunity to detect and react to a high-speed, brute-force password attack?* a. Password length b. Account lockout c. Password expiration d. Logon banner

b. *Account lockout* By locking an account after a limited number of failed attempts, administrative action is necessary to unlock the account and can raise awareness of repeated unauthorized access attempts while reducing the overall number of tests that can be attempted. Answers A and C are incorrect because both password length and password expiration can aid in complicating slow brute-force testing of sequential passwords if performed only a few times per day to avoid notice, but they provide only limited protection against high-bandwidth, brute-force attempts to guess passwords. Password complexity (including mixed-case letters, numbers, and symbols) provides more protection than length alone because the number of variations possible for each character rapidly expands the number of total tests that must be completed. Answer D is incorrect because logon banners detail legal repercussions following unauthorized access but provide no barrier against a brute-force attack.

Protecting Networks *In intrusion detection system parlance, which account is responsible for setting the security policy for an organization?*

b. *Administrator* The administrator is the person/account responsible for setting the security policy for an organization.

*Which of the following are advantages of honeypots and honeynets? (Select all correct answers.)* a. Attackers are diverted to systems that they cannot damage. b. Administrators are allotted time to decide how to respond to an attack. c. Attackers' actions can more easily be monitored and resulting steps taken to improve system security. d. Well-defined legal implications. e. Provides a structure that requires fewer security administrators.

b. *Administrators are allotted time to decide how to respond to an attack.* On-boarding is a term describing the process of registering an asset and provisioning the asset so it can be used to access the corporate network. Answer A is incorrect because mobile application management (MAM) focuses on application management. Answer C is incorrect. Mobile device management (MDM) allows the enrollment of enterprise devices for management functions such as provisioning devices, tracking inventory, configuration changes, updates, managing applications, and enforcing policies. Answer D is incorrect because device access controls are used to control network access not manage devices.

*What is an asset?* a. An item costing more than $10,000 b. Anything used in a work task c. A threat to the security of an organization d. An intangible resource

b. *Anything used in a work task* An asset is anything used in a work task.

Disaster Recovery and Incident Response *Your organization is exploring data-loss prevention (DLP) solutions. The proposed solution is a software storage solution that monitors how confidential data is stored. This solution is targeting which of the following data states?* a. In-transit b. At-rest c. In-use d. In-service

b. *At-rest* Protection of data at-rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer A is incorrect because protection of data in-transit is considered to be a network solution and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer C is incorrect because protection of data in-use is considered to be an endpoint solution and the application is run on end-user workstations or servers in the organization. Answer D is incorrect because there is no such data state.

Security and Vulnerability in the Network *Which of the following is the area of an application that is available to users—those who are authenticated and more importantly those who are not?* a. Exposed liability b. Attack surface c. Security weakness d. Susceptible claim

b. *Attack surface* The attack surface of an application is the area of an application that is available to users—those who are authenticated and more importantly those who are not.

Access Control and Identity Management *Which process involves verifying keys as being authentic?* a. Authorization b. Authentication c. Access control d. Verification

b. *Authentication* Authentication involves the presentation and verification of credentials of keys as being authentic. Answer A is incorrect because authorization involves checking authenticated credentials against a list of authorized security principles. Once checked, resource access is allowed or limited based on access control constraints, making Answer C incorrect. Answer D is incorrect because verification of credentials occurs during authentication (as being authentic) and authorization (as being authorized to request resource access) and is not a recognized access control process.

Security and Vulnerability in the Network *Your manager has purchased a program intended to be used to find problems during code review. The program will read the code and look for any possible bugs or holes. What type of assessment is this known as?* a. Mechanized b. Automated c. Programmed d. Manual

b. *Automated* Simply reading the code is known as manual assessment, while using tools to scan the code is known as automated assessment.

*Which risk management response is being implemented when a company decides to close a little-used legacy web application identified as vulnerable to SQL Injection?* a. Acceptance b. Avoidance c. Mitigation d. Transference

b. *Avoidance* Risk avoidance involves simply terminating the operation that produces the risk, such as when shutting down a vulnerable site. Answer A is incorrect because accepting a risk is to do nothing in response except document the risk-management decision and obtain senior management signoff. Answer C is not correct because mitigation applies a solution that results in a reduced level of risk or exposure. Answer D is incorrect because the liability or cost associated with a risk is transferred through insurance policies and other such legal means.

*Bluejacking and bluesnarfing make use of which wireless technology?* a. Wi-Fi b. Bluetooth c. Blu-Fi d. All of the above

b. *Bluetooth* Both bluejacking and bluesnarfing refer to types of attacks over short-range Bluetooth technology. Answers A, C, and D are incorrect.

Threats and Vulnerabilities *A collection of compromised computers running software installed by a Trojan horse or a worm is referred to as which of the following?* a. Zombie b. Botnet c. Herder d. Virus

b. *Botnet* Answers A and C are incorrect but are related to a botnet in that a zombie is one of many computer systems that make up a botnet, whereas a bot herder is the controller of the botnet. Answer D is incorrect. A virus is a program that infects a computer without the knowledge of the user.

*Which of the following makes it difficult for an eavesdropper to spot patterns and contains a message integrity method to ensure that messages have not been tampered with?* a. ICMP b. CCMP c. WEP d. LEAP

b. *CCMP* CCMP makes it difficult for an eavesdropper to spot patterns, and the CBC-MAC message integrity method ensures that messages have not been tampered with. Answer A is incorrect because ICMP is a network troubleshooting protocol. Answer C is incorrect because WEP is the most basic form of encryption that can be used on 802.11-based wireless networks. Answer D is incorrect because LEAP uses unencrypted challenges and responses and is vulnerable to dictionary attacks.

*What mechanism of wireless security is based on AES?* a. TKIP b. CCMP c. LEAP d. WEP

b. *CCMP* Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is based on the AES encryption scheme.

Cryptography Implementation *Which of the following is responsible for issuing certificates?* a. Registration authority (RA) b. Certificate authority (CA) c. Document authority (DA) d. Local registration authority (LRA)

b. *Certificate authority (CA)* The certificate authority (CA) is responsible for issuing certificates.

Access Control and Identity Management *Which of the following is not true regarding expiration dates of certificates?* a. Certificates may be issued for a week. b. Certificates are issued only at yearly intervals. c. Certificates may be issued for 20 years. d. Certificates must always have an expiration date.

b. *Certificates are issued only at yearly intervals.* Digital certificates contain a field indicating the date to which the certificate is valid. This date is mandatory, and the validity period can vary from a short period of time up to a number of years; therefore, answers A, C, and D are incorrect.

*Which of the following provides a clear record of the path evidence takes from acquisition to disposal?* a. Video capture b. Chain of custody c. Hashes d. Witness statements

b. *Chain of custody* The chain of custody provides a clear record of the path evidence takes from acquisition to disposal. Answer A is incorrect because videotaping the actual entrance of a forensics team into the area helps refute claims that evidence was planted at the scene. Answer C is incorrect because hashes allow validation that the forensic analysis itself has not produced unexpected modifications of evidentiary data. Answer D is incorrect because witnesses provide statements about what they saw, when, where, and how.

Educating and Protecting the User *Users should be educated in the correct way to close pop-up ads in the workplace. That method is to:*

b. *Click the "X" in the top right* Pop-up ads should be closed by clicking the "X" in the top right.

*Which term refers to a pay-per-use computing model in which customers pay only for the online computing resources they need?* a. Host computing b. Cloud computing c. Patch computing d. Server computing

b. *Cloud computing* Cloud computing, which is a pay-per-use computing model in which customers pay only for the online computing resources they need, has emerged as a revolutionary concept that can dramatically impact all areas of IT, including network design, applications, procedures, and even personnel.

*Which of the following best describes a host-based intrusion detection system (HIDS)?* a. Examines the information exchanged between machines b. Collects and analyzes data that originates on the local machine c. Controls the information coming in and out of the host machine d. Attempts to prevent network attacks in real time

b. *Collects and analyzes data that originates on the local machine* A host-based intrusion detection system (HIDS) collects and analyzes data that originates on the local machine. Answer A is incorrect; a network-based intrusion detection system (NIDS) tries to locate packets not allowed on the network that the firewall missed and looks at the information exchanged between machines. Answer C is incorrect because firewalls control the information that gets in and out of the host machine. Answer D is incorrect; intrusion prevention differs from intrusion detection in that it actually prevents attacks in real time instead of only detecting the occurrence.

Security-Related Policies and Procedures *The process of establishing boundaries for information sharing is called:* a. Disassociation b. Compartmentalization c. Isolation d. Segregation

b. *Compartmentalization* The process of establishing boundaries for information sharing is called compartmentalization.

*Firewalls provide security through what mechanism?* a. Watching for intrusions b. Controlling traffic entering and leaving a network c. Requiring strong passwords d.

b. *Controlling traffic entering and leaving a network* Firewalls provide protection by controlling traffic entering and leaving a network.

*_______________ switches reside at the top of the hierarchy and carry traffic between switches, while _______________ switches are connected directly to the devices on the network.* a. Workgroup; core b. Core; workgroup c. Public; private d. Private; public

b. *Core; workgroup* Core switches reside at the top of the hierarchy and carry traffic between switches, while workgroup switches are connected directly to the devices on the network.

Threats and Vulnerabilities *Which of the following types of attacks can be done by either convincing the users to click on an HTML page the attacker has constructed or insert arbitrary HTML in a target website that the users visit?* a. Buffer overflow b. Cross-site request forgery (XSRF) c. Cross-Site Scripting (XSS) d. Input validation error

b. *Cross-site request forgery (XSRF)* The key element to understanding XSRF is that attackers are betting that users have a validated login cookie for the website already stored in their browsers. All they need to do is get the browsers to make a request to the website on their behalf. This can be done by either convincing the users to click on an HTML page the attacker has constructed or inserting arbitrary HTML in a target website that the users visit. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer C is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer D is incorrect because input validation errors are a result of improper field checking in the code.

Security and Vulnerability in the Network *Adding a token for every POST or GET request that is initiated from the browser to the server can be used to mitigate which of the following attacks?* a. Buffer overflow b. Cross-site request forgery (XSRF) c. Cross-Site Scripting (XSS) d. Input validation error

b. *Cross-site request forgery (XSRF)* To mitigate cross-site request forgery (XSRF) attacks, the most common solution is to add a token for every POST or GET request that is initiated from the browser to the server. Answer A is incorrect because buffer overflows are associated with input validation. Answer C is incorrect because setting the HTTPOnly flag on the session cookie is used to mitigate XSS attacks. Answer D is incorrect because input validation tests whether an application properly handles input from a source outside the application destined for internal processing.

Access Control and Identity Management *Which form of access control enables data owners to extend access rights to other logons?* a. MAC b. DAC c. Role-based (RBAC) d. Rule-based (RBAC)

b. *DAC* Discretionary access control (DAC) systems enable data owners to extend access rights to other logons. Mandatory access control (MAC) systems require assignment of labels to extend access, making answer A incorrect. Answers C and D are incorrect because both RBAC access control forms rely on conditional assignment of access rules either inherited (role-based) or by environmental factors such as time of day or secured terminal location (rule-based).

Threats and Vulnerabilities *As the security administrator for your organization, you must be aware of all types of attacks that can occur and plan for them. Which type of attack uses more than one computer to attack the victim?*

b. *DDoS* A DDoS attack uses multiple computer systems to attack a server or host in the network.

*Which of the following is included in a BYOD policy?* a. Key management b. Data ownership c. Credential management d. Transitive trusts

b. *Data ownership* When formulating a bring-your-own-device (BYOD) policy, the organization should clearly state who owns the data stored on the device, specifically addressing what data belongs to the organization. Answer A is incorrect because key management is intended to provide a single point of management for keys, enable users to manage the lifecycle of keys and to store them securely, and make key distribution easier. Answer C is incorrect because the use of credentials is to validate the identities of users, applications, and devices. Answer D is incorrect because transitive trusts enable decentralized authentication through trusted agents.

Cryptography Basics *You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately you notice that it's using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process?*

b. *Key transmission* Key transmission is the largest problem from among the choices given. Transmitting private keys is a major concern. Private keys are typically transported using out-of-band methods to ensure security.

*Which of the following is the formal process of assessing risk involved in discarding particular information?* a. Sanitization b. Declassification c. Degaussing d. Overwriting

b. *Declassification* Declassification is a formal process of assessing the risk involved in discarding particular information. Answer A is incorrect because sanitization is the process of removing the contents from the media as fully as possible, making it extremely difficult to restore. Answer C is incorrect because degaussing uses an electrical device to reduce the magnetic flux density of the storage media to zero. Answer D is incorrect because overwriting is applicable to magnetic storage devices and writes over all data on the media, destroying what was originally recorded.

Physical and Hardware-Based Security *If RF levels become too high, it can cause the receivers in wireless units to become deaf. This process is called:* a. Clipping b. Desensitizing c. Distorting d. Crackling

b. *Desensitizing* If RF levels become too high, it can cause the receivers in wireless units to become deaf and is known as desensitizing. This occurs because of the volume of RF energy present.

*Which of the following is the most effective method that can be used to prevent data from being accessed in the event the device is lost or stolen?* a. GPS tracking b. Device encryption c. Remote wipe d. Passcode policy

b. *Device encryption* Just like the data on hard drives, the data on mobiles can be encrypted. Answer A is incorrect because in the event a mobile device is lost, GPS tracking can be used to find the location. Answer C is incorrect. A remote wipe allows the handheld's data to be remotely deleted in the event the device is lost or stolen. Answer D is incorrect because a screen lock or passcode is used to prevent access to the phone.

Cryptography Basics *Which of the following algorithms is not an example of a symmetric encryption algorithm?* a. Rijndael b. Diffie-Hellman c. RC6 d. AES

b. *Diffie-Hellman* Diffie-Hellman uses public and private keys, so it is considered an asymmetric encryption algorithm. Because Rijndael and Advanced Encryption Standard (AES) are now one in the same, they both can be called symmetric encryption algorithms; therefore, answers A and D are incorrect. Answer C is incorrect because RC6 is symmetric, too.

Operating System and Application Security *If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as:*

b. *Directory traversal* If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as directory traversal.

*What aspect of disaster recovery planning details training requirements for managers, administrators, and users?* a. Impact and risk assessment b. Disaster recovery plan c. Disaster recovery policies d. Service level agreements

b. *Disaster recovery plan* The disaster recovery plan documents how organizations will recover from a disaster. It includes risk evaluations, restoration procedures application, and training required. Answer A is incorrect because the impact and risk assessment details on recovery scope, priority, and order of restoration. Answer C is incorrect because the disaster recovery policies detail responsibilities and procedures to follow during disaster recovery events. Service level agreements are contracts with suppliers and vendors that detail minimum levels of support, making answer D incorrect.

Disaster Recovery and Incident Response *The only difference between mirroring and which of the following is the addition of one more controller card?* a. Additioning b. Duplexing c. Failing over d. Sanctifying

b. *Duplexing* The only difference between mirroring and duplexing is one more controller card.

*TEMPEST deals with which of the following forms of environmental control?* a. HVAC b. EMI shielding c. Humidity d. Cold-aisle

b. *EMI shielding* TEMPEST protections involve the hardening of equipment against EMI broadcast and sensitivity. Answers A and C are incorrect because HVAC controls include temperature and humidity management techniques to manage evolved heat in the data center and to minimize static charge buildup. Answer D is incorrect because hot-aisle/cold-aisle schemes provide thermal management for data centers by grouping air intakes on cold aisles and air exhausts on designated hot aisles, making HVAC more effective.

*What are the two major security areas of WLANs addressed by WPA2?* a. Access and integrity b. Encryption and authentication c. Encryption and access d. Authentication and access

b. *Encryption and authentication* WPA2 addresses the two major security areas of WLANs, namely, encryption and authentication.

Protecting Networks *Which of the following are not methods for minimizing a threat to a web server? (Choose the two best answers.)* a. Disable all nonweb services b. Ensure Telnet is running c. Disable nonessential services d. Enable logging

b. *Ensure Telnet is running* d. *Enable logging* Having Telnet enabled presents security issues and is not a primary method for minimizing threat. Logging is important for secure operations and is invaluable when recovering from a security incident. However, it is not a primary method for reducing threat. Answer A is incorrect because disabling all nonweb services might provide a secure solution for minimizing threats. Answer C is incorrect because each network service carries its own risks; therefore, it is important to disable all nonessential services.

Protecting Networks *Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?*

b. *Entrapment* Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead.

*Which statement accurately describes a characteristic of FTP Secure (FTPS)?* a. FTPS is an entire protocol itself. b. FTPS is a combination of two technologies (FTP and SSL or TLS). c. FTPS uses a single TCP port. d. FTPS encrypts and compresses all data and commands.

b. *FTPS is a combination of two technologies (FTP and SSL or TLS).* There are several differences between SFTP and FTPS. First, FTPS is a combination of two technologies (FTP and SSL or TLS), whereas SFTP is an entire protocol itself and is not pieced together with multiple parts. Second, SFTP uses only a single TCP port instead of two ports like FTPS. Finally, SFTP encrypts and compresses all data and commands (FTPS may not encrypt data).

*Which element of business continuity planning (BCP) is most concerned with hot-site/cold-site planning?* a. Network connectivity b. Facilities c. Clustering d. Fault tolerance

b. *Facilities* Facilities continuity planning is focused around alternative site management, hardware, and service contracts. Network connectivity BCP involves establishing alternative network access paths and dedicated recovery administrative connections, making answer A incorrect. High-availability clustered servers ensure that automatic failover occurs in the event that the primary service nodes are unable to perform normal service functions, making answer C incorrect. Fault tolerance, particularly in the area of storage devices, supports individual server operational continuity in the face of hardware device failure, making answer D incorrect. In SAN storage systems, redundant storage network connections similarly ensure continuous resource access for devices in the storage-area network.

Security and Vulnerability in the Network *What are the two states that an application can fail in?* a. Dependable b. Failsafe c. Failopen d. Assured

b. *Failsafe* c. *Failopen* There are two states that an application can fail in. In a failsafe mode, the crash leaves the system secure. In a failopen state, the crash leaves the system exposed (not secure).

Security and Vulnerability in the Network *Which of the following is a protection feature built into many firewalls that allow the administrator to tweak the tolerance for unanswered login attacks?* a. MAC filter b. Flood guard c. MAC limiter d. Security posture

b. *Flood guard* A flood guard is a protection feature built into many firewalls that allow the administrator to tweak the tolerance for unanswered login attacks. By reducing this tolerance, it is possible to reduce the likelihood of a successful DoS attack.

*What technique or method can be employed by hackers and researchers to discover unknown flaws or errors in software?* a. Dictionary attacks b. Fuzzing c. War dialing d. Cross-site request forgery

b. *Fuzzing* Fuzzing is a software-testing technique that generates input for targeted programs. The goal of fuzzing is to discover input sets that cause errors, failures, and crashes, or to discover other unknown defects in the targeted program.

Operating System and Application Security *Which of the following is the technique of providing unexpected values as input to an application to try to make it crash?*

b. *Fuzzing* Fuzzing is the technique of providing unexpected values as input to an application to try to make it crash. Those values can be random, invalid, or just unexpected.

Educating and Protecting the User *The Cyberspace Security Enhancement Act gives law enforcement the right to:*

b. *Gain access to encryption keys* The Cyberspace Security Enhancement Act gives law enforcement the right to gain access to encryption keys.

Educating and Protecting the User *Which act mandates national standards and procedures for the storage, use, and transmission of personal medical information?*

b. *HIPAA* HIPAA mandates national standards and procedures for the storage, use, and transmission of personal medical information.

*Which of the following is commonly used in the banking sector to secure numerous large bulk transactions?* a. Full disk encryption b. HSM c. TPM d. File-level encryption

b. *HSM* Traditionally, hardware security modules (HSMs) have been used in the banking sector to secure numerous large bulk transactions. Answer A is incorrect because full disk encryption is most useful when you're dealing with a machine that is being taken on the road by people such as traveling executives, sales managers, or insurance agents. Answer C is incorrect because trusted platform module (TPM) refers to a secure crypto-processor used to authenticate hardware devices such as PC or laptop. Answer D is incorrect because in file- or folder-level encryption, individual files or folders are encrypted by the file system itself.

Operating System and Application Security *You've been chosen to lead a team of administrators in an attempt to increase security. You're currently creating an outline of all the aspects of security that will need to be examined and acted upon. Which of the following terms describes the process of improving security in an NOS?*

b. *Hardening* Hardening is the process of improving the security of an operating system or application. One of the primary methods of hardening an OS is to eliminate unneeded protocols.

*The process of making an operating system more secure by closing known vulnerabilities and addressing security issues is known as which of the following?* a. Handshaking b. Hardening c. Hotfixing d. All of the above

b. *Hardening* Hardening refers to the process of securing an operating system. Handshaking relates the agreement process before communication takes place; therefore, answer A is incorrect. A hotfix is just a security patch that gets applied to an operating system; therefore, answer C is incorrect. Hardening is the only correct answer; therefore, answer D is incorrect.

Cryptography Basics *Which of the following is the type of algorithm used by MD5?* a. Block cipher algorithm b. Hashing algorithm c. Asymmetric encryption algorithm d. Cryptographic algorithm

b. *Hashing algorithm* Although the message digest (MD) series of algorithms is classified globally as a symmetric key encryption algorithm, the correct answer is hashing algorithm, which is the method that the algorithm uses to encrypt data. Answer A in incorrect because a block cipher divides the message into blocks of bits. Answer C is incorrect because MD5 is a symmetric key algorithm, not an asymmetric encryption algorithm (examples of this include RC6, Twofish, and Rijndael). Answer D is incorrect because cryptographic algorithm is a bogus term.

Network Security *Which statement concerning heuristic monitoring is correct?* a. Heuristic monitoring operates by being adaptive and proactive. b. Heuristic monitoring is founded on experience-based techniques. c. Heuristic monitoring is designed for detecting statistical anomalies. d. Heuristic monitoring looks for well-known patterns.

b. *Heuristic monitoring is founded on experience-based techniques.* Heuristic monitoring is founded on experience-based techniques. It attempts to answer the question, "Will this do something harmful if it is allowed to execute?"

Cryptography Basics *Which organization can be used to identify an individual for certificate issue in a PKI environment?*

b. *LRA* A local registration authority (LRA) can establish an applicant's identity and verify that the applicant for a certificate is valid. The LRA sends verification to the CA that issues the certificate.

*A CA with multiple subordinate CAs would use which of the following PKI trust models?* a. Cross-certified b. Hierarchical c. Bridge d. Linked

b. *Hierarchical* A DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer A is incorrect. The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer C is incorrect because NAT acts as a liaison between an internal network and the Internet. Answer D is incorrect because a VPN is a network connection that allows you access via a secure tunnel created through an Internet connection.

*Which of the following describes a network of systems designed to lure an attacker away from another critical system?* a. Bastion host b. Honeynet c. Vulnerability system d. Intrusion-detection system

b. *Honeynet* Honeynets are collections of honeypot systems interconnected to create networks that appear to be functional and that can be used to study an attacker's behavior within the network. A bastion host is the first line of security that a company allows to be addressed directly from the Internet; therefore, answer A is incorrect. Answer C is incorrect because it is a made-up term. Answer D is incorrect because an IDS is used for intrusion detection.

Physical and Hardware-Based Security *Which of the following won't reduce EMI?* a. Physical shielding b. Humidity control c. Physical location d. Overhauling worn motors

b. *Humidity control* Electrical devices, such as motors, that generate magnetic fields cause EMI. Humidity control won't address EMI.

*Which protocol is the standard protocol for Internet usage?* a. Internet Control Message Protocol (ICMP) b. Hypertext Transport Protocol (HTTP) c. Network Basic Input/Output System (NetBIOS) d. Secure Network Management Protocol (SNMP)

b. *Hypertext Transport Protocol (HTTP)* Hypertext Transport Protocol (HTTP), which is the standard protocol for Internet usage.

Network Security *Load balancing that is used for distributing HTTP requests received is sometimes called _______________.* a. content filtering b. IP spraying c. content inspection d. port mirroring

b. *IP spraying* Load balancing that is used for distributing HTTP requests received is sometimes called IP spraying.

*Which statement accurately describes IP telephony?* a. IP telephony requires an increase in infrastructure requirements. b. IP telephony convergence provides the functionality of managing and supporting a single network for all applications. c. New IP telephony applications can take a long time to develop. d. The cost of convergence technologies is high in comparison to startup costs for new traditional telephone equipment.

b. *IP telephony convergence provides the functionality of managing and supporting a single network for all applications.* Instead of managing separate voice and data networks, convergence provides the functionality of managing and supporting a single network for all applications.

Measuring and Weighing Risk *What is the first step in performing a basic forensic analysis?* a. Ensure that the evidence is acceptable in a court of law b. Identify the evidence c. Extract, process, and interpret the evidence d. Determine how to preserve the evidence

b. *Identify the evidence* It is necessary to first identify the evidence that is available to be collected. Answer A is incorrect because protecting data's value as evidence must come after the type and form of evidence is known. Extraction, preservation, processing, and interpretation of evidence also follow the identification of data types and storage that must be collected, making answers C and D incorrect.

Disaster Recovery and Incident Response *You're trying to rearrange your backup procedures to reduce the amount of time they take each evening. You want the backups to finish as quickly as possible during the week. Which backup system backs up only the files that have changed since the last backup?* a. Full backup b. Incremental backup c. Differential backup d. Backup server

b. *Incremental backup* An incremental backup backs up files that have changed since the last full or partial backup.

*Which of the fields included within a digital certificate identifies the directory name of the entity signing the certificate?* a. Signature algorithm identifier b. Issuer c. Subject name d. Subject public key information

b. *Issuer* The Issuer field identifies the name of the entity signing the certificate, which is usually a certificate authority. The Signature Algorithm Identifier identifies the cryptographic algorithm used by the CA to sign the certificate; therefore, answer A is incorrect. The Subject Name is the name of the end entity identified in the public key associated with the certificate; therefore, answer C is incorrect. The Subject Public Key Information field includes the public key of the entity named in the certificate, including a cryptographic algorithm identifier; therefore, answer D is incorrect.

*Which type of authorization provides a mechanism for validation of both sender and receiver?* a. Anonymous b. Kerberos c. TACACS d. RADIUS

b. *Kerberos* Kerberos authentication enables validation of both endpoints and can help protect against interception attacks such as the "man-in-the-middle." Anonymous connections do not even allow verification of the access requestor, making answer A incorrect. Answers C and D are incorrect because neither TACACS or RADIUS services provide mutual endpoint validation.

Access Control and Identity Management *You've been assigned to mentor a junior administrator and bring him up to speed quickly. The topic you're currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems?*

b. *Kerberos* Kerberos uses a key distribution center (KDC) to authenticate a principal. The KDC provides a credential that can be used by all Kerberos-enabled servers and applications.

Cryptography Implementation *Which of the following is one of the biggest challenges associated with database encryption?* a. Multitenancy b. Key management c. Weak authentication components d. Platform support

b. *Key management* One of the biggest challenges associated with database encryption is key management. Answer A is incorrect because multitenancy is a security issue related to cloud computing implementations. Answer C is incorrect because lack of management software and weak authentication components are associated with hardware hard drive encryption. Answer D is incorrect because cost and platform support are concerns with smartphone encryption products.

Educating and Protecting the User *There are two types of implicit denies. One of these can be configured so that only users specifically named can use the service and is known as:*

b. *at.allow* at.allow configurations allow only users specifically named to use the service.

*Which risk reduction policy does not aid in identifying internal fraud?* a. Mandatory vacations b. Least privilege c. Separation of duties d. Job rotation

b. *Least privilege* Although least privilege can aid in protecting against internal fraud, it does not particularly aid in identifying it if occurring. Mandatory vacations, job rotation, and separation of duties such as monetary processing and validation all provide cross-checks that can aid in the identification of ongoing fraudulent operations, making answers A, C, and D incorrect.

*Lynn needs access to the Accounting order-entry application but keeps getting an error that indicates inadequate access permissions. Bob assigns Lynn's account to the Administrator's group to overcome the error until he can work on the problem. Which access control constraint was violated by this action?* a. Implicit denial b. Least privilege c. Separation of duties d. Account expiration

b. *Least privilege* Least privilege is a principle of assigning only those rights necessary to perform assigned tasks. By making Lynn a member of the Administrators group, Bob not only bypassed the application's access control protocols but may also have granted Lynn access to additional application features or administrative-only tools that often lack the same safeguards as user-level APIs. Answer A is incorrect because the default assignment of an implicit denial is overridden by explicit grants of access aids in protecting resources against accidental access and is not directly violated by this action because Lynn's account now has full administrator rights assigned. Answer C is incorrect because separation of duties is focused on ensuring that action and validation practices are performed separately. Answer D is incorrect because account expiration protocols ensure that individual accounts do not remain active past their designated lifespan, but Lynn's account is current and enabled so is unaffected.

*Which of the following is not a common quality of quantitative risk analysis?* a. Difficult for management to understand b. Less precise c. Labor intensive d. Time-consuming

b. *Less precise* Qualitative risk assessments tend to be less precise than quantitative assessments. Quantitative risk assessments tend to be more difficult for management to understand properly without additional explanation, require intensive labor to gather all of the necessary measurements, and are time-consuming to produce and keep up to date, making answers A, C, and D incorrect.

Physical and Hardware-Based Security *For physical security, what should you do with rack-mounted servers?* a. Run a cable from them to a desk. b. Lock each of them into the cabinet. c. Install them in safes. d. Use only Type D, which incorporates its own security.

b. *Lock each of them into the cabinet.* Server racks should lock the rack-mounted servers into the cabinets to prevent someone from simply pulling one and walking out the front door with it.

*Which of the following is not one of the vulnerabilities of LDAP authentication services?* a. Buffer overflow vulnerabilities can be used to enact arbitrary commands on the LDAP server. b. Loss of time synchronization between the service, client, and KDC prevents communication. c. Format string vulnerabilities might result in unauthorized access to enact commands on the LDAP server or impair its normal operation. d. Improperly formatted requests might be used to create an effective denial-of-service (DoS) attack against the LDAP server.

b. *Loss of time synchronization between the service, client, and KDC prevents communication.* Kerberos is a time-synchronized protocol that relies on a common time base for session ticket lifetime verification. LDAP is not a ticket-based or a lifetime-based protocol. Answers A, C, and D are incorrect because all three are vulnerabilities of some LDAP service variations.

Security and Vulnerability in the Network *An organization is looking for a filtering solution that will help eliminate some of the recent problems it has had with viruses and worms. Which of the following best meets this requirement?* a. Intrusion detection b. Malware inspection c. Load balancing d. Internet content filtering

b. *Malware inspection* A malware inspection filter is basically a web filter applied to traffic that uses HTTP. The body of all HTTP requests and responses is inspected. Malicious content is blocked, but legitimate content passes through unaltered. Answer A is incorrect because intrusion-detection systems are designed to analyze data, identify attacks, and respond to the intrusion. Answer C is incorrect because load balancers are servers configured in a cluster to provide scalability and high availability. Answer D is incorrect because Internet content filters use a collection of terms, words, and phrases that are compared to content from browsers and applications.

Operating System and Application Security *Which of the following is needed to establish effective security baselines for host systems? (Select two correct answers.)* a. Cable locks b. Mandatory settings c. Standard application suites d. Decentralized administration

b. *Mandatory settings* c. *Standard application suites* To establish effective security baselines, enterprise network security management requires a measure of commonality between the systems. Mandatory settings, standard application suites, and initial setup configuration details all factor into the security stance of an enterprise network. Answer A is incorrect because cable locks have nothing to do with effective security baselines. Answer D is incorrect because decentralized management does not have anything to do with security baselines.

*What is the most common type of wireless access control?* a. Electronic Access Control (EAC) b. Media Access Control (MAC) address filtering c. Extensible Authentication Protocol-Transport Layer Security (EAP/TLS) d. Port Based Access Control (PBAC)

b. *Media Access Control (MAC) address filtering* The most common type of wireless access control is Media Access Control (MAC) address filtering. The MAC address is a hardware address that uniquely identifies each node of a network.

*The most effective means to reduce the risk of losing the data on a mobile device, such as a notebook computer, is _____.*

b. *Minimize sensitive data stored on the mobile device.* The risk of a lost or stolen notebook is the data loss, not the loss of the system itself. Thus, keeping minimal sensitive data on the system is the only way to reduce the risk. Hard-drive encryption, cable locks, and strong passwords, although good ideas, are preventative tools, not means of reducing risk. They don't keep intentional and malicious data compromise from occurring; instead, they encourage honest people to stay honest.

Security and Vulnerability in the Network *Which log visible in Event Viewer shows successful and unsuccessful login attempts in Windows 7?* a. System b. Security c. Audit d. Application

b. *Security* The Security log in Windows 7 (as well as in all versions of Windows) shows successful and unsuccessful login attempts and can be viewed with Event Viewer.

*What technology provides an organization with the best control over BYOD equipment?* a. Encrypted removable storage b. Mobile device management c. Geo-tagging d. Application whitelisting

b. *Mobile device management* Mobile device management (MDM) is a software solution to the challenging task of managing the myriad mobile devices that employees use to access company resources. The goals of MDM are to improve security, provide monitoring, enable remote management, and support troubleshooting. Not all mobile devices support removable storage, and even fewer support encrypted removable storage. Geotagging is used to mark photos and social network posts, not for BYOD management. Application whitelisting may be an element of BYOD management, but is only part of a full MBM solution.

Cryptography Basics *During a training session, you want to impress upon users how serious security and, in particular, cryptography is. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use?*

b. *NIST* NIST is responsible for establishing the standards for general-purpose government encryption. NIST is also becoming involved in private-sector cryptography.

Wireless Networking Security *Which of the following is synonymous with MAC filtering?* a. TKIP b. Network lock c. EAP-TTLS d. MAC secure

b. *Network lock* The term network lock is synonymous with MAC filtering.

*Which of the following is a term describing the process of registering an asset and provisioning the asset so it can be used to access the corporate network?* a. Mobile application management b. Onboarding c. Mobile device management d. Device access controls

b. *Onboarding* On-boarding is a term describing the process of registering an asset and provisioning the asset so it can be used to access the corporate network. Answer A is incorrect because mobile application management (MAM) focuses on application management. Answer C is incorrect. Mobile device management (MDM) allows the enrollment of enterprise devices for management functions such as provisioning devices, tracking inventory, configuration changes, updates, managing applications, and enforcing policies. Answer D is incorrect because device access controls are used to control network access not manage devices.

Access Control and Identity Management *Which of the following security areas encompasses network access control (NAC)?*

b. *Operational security* Operational security issues include network access control (NAC), authentication, and security topologies after the network installation is complete.

Access Control and Identity Management *Most of your client's sales force have been told that they should no longer report to the office on a daily basis. From now on, they're to spend the majority of their time on the road calling on customers. Each member of the sales force has been issued a laptop computer and told to connect to the network nightly through a remote connection. Which of the following protocols is widely used today as a transport protocol for remote Internet connections?*

b. *PPP* PPP can pass multiple protocols and is widely used today as a transport protocol for remote connections.

b. *Partition* Partitioning is the process of breaking a network into smaller components that can each be individually protected. This is analogous to building walls in an office building.

Physical and Hardware-Based Security *Which of the following is equivalent to building walls in an office building from a network perspective?* a. Perimeter security b. Partitioning c. Security zones d. IDS systems

b. *Partitioning* Access control is the primary process of preventing access to physical systems.

*An organization has had a rash of malware infections. Which of the following can help mitigate the number of successful attacks?* a. Application baselining b. Patch management c. Network monitoring d. Input validation

b. *Patch management* Proactive patch management is necessary to keep your technology environment secure and reliable. Answer A is incorrect because application baselining is similar to operating system baselining in that it provides a reference point for normal and abnormal activity. Answer C is incorrect because network monitoring is used to check network activity. Answer D is incorrect because input validation errors are a result of improper field checking in the code.

Threats and Vulnerabilities *You are the senior administrator for a bank. A user calls you on the telephone and says they were notified to contact you but couldn't find your information on the company website. Two days ago, an email told them there was something wrong with their account and they needed to click a link in the email to fix the problem. They clicked the link and filled in the information, but now their account is showing a large number of transactions that they did not authorize. They were likely the victims of what type of attack?*

b. *Phishing* Sending an email with a misleading link to collect information is a phishing attack.

Physical and Hardware-Based Security *Which of the following statements are true when discussing physical security? (Select all correct answers.)* a. Physical security attempts to control access to data from Internet users. b. Physical security attempts to control unwanted access to specified areas of a building. c. Physical security attempts to control the effect of natural disasters on facilities and equipment. d. Physical security attempts to control internal employee access into secure areas.

b. *Physical security attempts to control unwanted access to specified areas of a building.* c. *Physical security attempts to control the effect of natural disasters on facilities and equipment.* d. *Physical security attempts to control internal employee access into secure areas.* Natural disasters, unwanted access, and user restrictions are all physical security issues. Preventing Internet users from getting to data is data security, not physical security; therefore, answer A is incorrect.

*The _______________ is the expected monetary loss every time a risk occurs.* a. Annualized Loss Expectancy b. Single Loss Expectancy c. Annualized Rate of Occurrence d. Multiple Loss Expectancy

b. *Single Loss Expectancy* The Single Loss Expectancy (SLE) is the expected monetary loss every time a risk occurs.

*In which of the following types of fuzzing are forged packets sent to the tested application and then replayed?* a. Application fuzzing b. Protocol fuzzing c. File format fuzzing d. Web page fuzzing

b. *Protocol fuzzing* In protocol fuzzing, forged packets are sent to the tested application, which can act as a proxy and modify requests on the fly and then replay them. Answer A is incorrect because in an application fuzzing attack vectors are within its I/O, such as the user interface, the command-line options, URLs, forms, user-generated content, and RPC requests. Answer C is incorrect because in file format fuzzing, multiple malformed samples are generated and then opened sequentially. Answer D is incorrect because web page fuzzing is not a real term.

Educating and Protecting the User *______ information is made available to either large public or specific individuals, while ______ information is intended for only those internal to the organization.*

b. *Public; Private* Public information is made available to either large public or specific individuals, while Private information is intended for only those internal to the organization.

*Which of the following should you deploy within your PKI to provide a method for initially verifying a user's identity so that a certificate may be issued?* a. Certificate authority (CA) b. Registration authority (RA) c. Certificate practice statement (CPS) d. Certificate registration list (CRL)

b. *Registration authority (RA)* A registration authority is used to first verify the user's identity before passing the request along to the certificate authority to issue a digital certificate. So, answer A is incorrect. Answer C is also incorrect because a CPS is a legal document created and published by the CA. Answer D is incorrect. A certificate registration list is a red herring. Within PKI, CRL refers to a certificate revocation list, which is a mechanism for disturbing information about revoked certificates.

*Which of the following are steps that can be taken to harden DHCP services?* a. Anonymous access to share files of questionable or undesirable content should be limited. b. Regular review of networks for unauthorized or rogue servers. c. Technologies that allow dynamic updates must also include access control and authentication. d. Unauthorized zone transfers should also be restricted.

b. *Regular review of networks for unauthorized or rogue servers.* Regular review of networks for unauthorized or rogue servers is a practice used to harden DHCP services. Answer A is incorrect because anonymous access to share files of questionable or undesirable content should be limited for proper FTP server security. Answers C and D are incorrect because they are associated with hardening DNS servers.

Operating System and Application Security *Your company is growing at a tremendous rate, and the need to hire specialists in various areas of IT is becoming apparent. You're helping to write the newspaper ads that will be used to recruit new employees, and you want to make certain that applicants possess the skills you need. One knowledge area in which your organization is weak is database intelligence. What is the primary type of database used in applications today that you can mention in the ads?*

b. *Relational* Relational database systems are the most frequently installed database environments in use today.

*Which of the following is considered best practice when formulating minimum standards for developing password policies?* a. Password length set to 6 characters b. Require password change at 90 days c. Maximum password age set to zero d. Account lockout threshold set to zero

b. *Require password change at 90 days* Require users to change passwords every 90 to 180 days, depending on how secure the environment needs to be. Remember that the more often users are required to change passwords, the greater the chance that they will write them down, potentially exposing them to unauthorized use. Answer A is incorrect because making the password length at least eight characters and requiring the use of combinations of uppercase and lowercase letters, numbers, and special characters is good practice. Answer C is incorrect because good policy is to set the maximum password age to a value between 30 and 90 days. Answer D is incorrect because if the lockout threshold is set to zero, accounts will not be locked out due to invalid logon attempts.

*You run a full backup every Monday. You also run a differential backup every other day of the week. You experience a drive failure on Friday. Which of the following restoration procedures should you use to restore data to the replacement drive?* a. Restore the full backup and then each differential backup. b. Restore the full backup and then the last differential backup. c. Restore the differential backup. d. Restore the full backup.

b. *Restore the full backup and then the last differential backup.* The proper procedure is to restore the full backup, and then the last differential backup. The other three options are incorrect or incomplete.

Threats and Vulnerabilities *Your system has been acting strangely since you downloaded a file from a colleague. Upon examining your antivirus software, you notice that the virus definition file is missing. Which type of virus probably infected your system?*

b. *Retrovirus* Retroviruses are often referred to as anti-antiviruses. They can render your antivirus software unusable and leave you exposed to other, less-formidable viruses.

*A certificate authority discovers it has issued a digital certificate to the wrong person. What needs to be completed?* a. Certificate practice statement (CPS) b. Revocation c. Private key compromise d. Fraudulent practices statement (FPS)

b. *Revocation* A certificate might need to be revoked (including a certificate being issued to the incorrect person) for any number of reasons. A CPS is a published document from the CA describing their policies and procedures for issuing and revoking certificates; therefore, answer A is incorrect. A private key compromise is actually another reason to perform revocation of a certificate; therefore, answer C is incorrect. Answer D is incorrect because this is a bogus term.

*Which of the following statements is true about SSL?* a. SSL provides security for both the connection and the data after it is received. b. SSL only provides security for the connection, not the data after it is received. c. SSL only provides security for the data when it is received, not the connection. d. SSL does not provide security for either the connection or the data after it is received.

b. *SSL only provides security for the connection, not the data after it is received.* Secure Sockets Layer (SSL) provides security only for the connection, not the data after it is received. The data is encrypted while it is being transmitted, but when received by the computer, it is no longer encrypted. Therefore, answers A, C, and D are incorrect.

Access Control and Identity Management *Which category of authentication includes smart cards?* a. Something you know b. Something you have c. Something you are d. Something you do e. Somewhere you are

b. *Something you have* Something you have includes smart cards, tokens, and keys. Something you know includes account logons, passwords, and PINs, making answer A incorrect. Answers C and D are incorrect because both something you are and something you do involve measures of personal biological qualities and do not require an external device such as a smart card or key. Answer E is incorrect because somewhere you are is generally associated with either being in a trusted or less trusted location which could be based on GPS coordinates or IP address.

Educating and Protecting the User *The Clark-Wilson model must be accessed through applications that have predefined capabilities. This process prevents all except:*

b. *Spam* The Clark-Wilson model must be accessed through applications that have predefined capabilities. This process prevents all the choices listed except spam.

Threats and Vulnerabilities *What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes?*

b. *Stealth virus* A stealth virus reports false information to hide itself from antivirus software. Stealth viruses often attach themselves to the boot sector of an operating system.

*Which of the following is not a certificate trust model for the arranging of certificate authorities?* a. Bridge CA architecture b. Sub-CA architecture c. Single-CA architecture d. Hierarchical CA architecture

b. *Sub-CA architecture* Sub-CA architecture does not represent a valid trust model. Answers A, C, and D, however, all represent legitimate trust models. Another common model also exists, called cross-certification; however, it usually makes more sense to implement a bridge architecture over this type of model.

Security-Related Policies and Procedures *On a NetWare-based system, which account is equivalent to the administrator account in Windows?* a. Auditor b. Supervisor c. Root d. Master

b. *Supervisor* The supervisor user in NetWare is equivalent to the administrator user in Windows.

*Which of the following is the best choice for encrypting large amounts of data?* a. Asymmetric encryption b. Symmetric encryption c. Elliptical curve encryption d. RSA encryption

b. *Symmetric encryption* Public key encryption is not usually used to encrypt large amounts of data, but it is does provide an effective and efficient means of sending a secret key from which to do symmetric encryption thereafter, which provides the best method for efficiently encrypting large amounts of data. Therefore, answers A, C, and D are incorrect.

Access Control and Identity Management *Which of the following is a client-server-oriented environment that operates in a manner similar to RADIUS?*

b. *TACACS* Terminal Access Controller Access-Control System (TACACS) is a client-server-oriented environment, and it operates in a manner similar to how RADIUS operates.

*Why do experts recommend that access points (APs) be mounted as high as possible?* a. Antennas must hang upside down for best performance. b. The radio frequency (RF) signal may experience fewer obstructions. c. The air is "heavier" as it rises, providing better transmission of the radio frequency (RF) signal. d. Warm air rises and provides a better conductor for the radio frequency (RF) signal.

b. *The radio frequency (RF) signal may experience fewer obstructions.* Generally the AP can be secured to the ceiling or high on a wall. It is recommended that APs be mounted as high as possible for two reasons: there may be fewer obstructions for the RF signal, and to prevent thieves from stealing the device.

Access Control and Identity Management *Which of the following is true of digital signatures? (Choose the two best answers.)* a. They are the same as a hash function. b. They can be automatically time-stamped. c. They allow the sender to repudiate that the message was sent. d. They cannot be imitated by someone else.

b. *They can be automatically time-stamped.* d. *They cannot be imitated by someone else.* Digital signatures offer several features and capabilities. This includes being able to ensure the sender cannot repudiate that he or she used the signature. In addition, nonrepudiation schemes are capable of offering time stamps for the digital signature. Answer A is incorrect. Hashing algorithms are only used for integrity purposes and only confirm original content. Answer C is incorrect because a key feature of digital signatures is to provide for nonrepudiation.

*Your organization provides a secure web portal. You discover another portal that mimics your organization's portal look and feel. This portal has a similar URL but is different by one letter. Which of the following are most likely true? (Select two correct answers.)* a. This is an example of transitive access. b. This is typo squatting. c. The site is collecting usernames and passwords. d. The site is a result of a malicious insider.

b. *This is typo squatting.* c. *The site is collecting usernames and passwords.* Typo squatting takes advantage of mistyped domain names. Sometimes for advertising purposes, but it can also be for more malicious intent. The unauthorized site may be looking to collect usernames and passwords, then of course, allowing access. Transitive access describes a situation that can be exploited, but one that is normally by design that takes advantage of trust relationships, thus answer A is incorrect. Answer D is also incorrect. A malicious insider may have set up the rouge site, but there is no indication this was the case.

Network Security *What is the role of a router?* a. To inspect packets and either accept or deny entry b. To forward packets across different computer networks c. To intercept user requests from the internal secure network and then process that request on behalf of the user d. To connect networks together so that they function as a single network segment

b. *To forward packets across different computer networks* A router is a network device that can forward packets across different computer networks. When a router receives an incoming packet, it reads the destination address and then, using information in its routing table, sends the packet to the next network toward its destination.

Disaster Recovery and Incident Response *Although you're talking to her on the phone, the sound of the administrative assistant's screams of despair can be heard down the hallway. She has inadvertently deleted a file that the boss desperately needs. Which type of backup is used for the immediate recovery of a lost file?* a. Onsite storage b. Working copies c. Incremental backup d. Differential backup

b. *Working copies* Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file.

*Your organization has organized a trade show in the United States. With the goal of increasing revenue, you decide to operate a Wi-Fi hotspot for a fee. Which of the following are reasons your organization could use wireless jamming? (Select all correct answers.)* a. To maximize revenue b. To prevent degraded service c. To prevent attendees from operating their own Wi-Fi hot spots d. To prevent attacks

b. *To prevent degraded service* d. *To prevent attacks* Wireless jamming may be a legal way to prevent degraded service or attacks. Answers A and C are incorrect. Wireless jamming may provide an effective means to ensure that no other Wi-Fi network may operating and may increase profits by interfering with the signal, but it is against FCC regulations and illegal to do this.

Threats and Vulnerabilities *A user has downloaded trial software and subsequently downloads a key generator in order to unlock the trial software. The user's antivirus detection software now alerts the user that the system is infected. Which one of the following best describes the type of malware infecting the system?* a. Logic bomb b. Trojan c. Adware d. Worm

b. *Trojan* Trojans are programs disguised as something useful. In this instance, the user was likely illegally trying to crack software, and in the process infected the system with malware. Although answers A, C, and D are types of malware, they are not the best choices.

Cryptography Implementation *PKI (Public Key Infrastructure) is a key-asymmetric system utilizing how many keys?*

b. *Two* PKI (Public Key Infrastructure) is a key-asymmetric system utilizing two keys.

Wireless Networking Security *Which of the following authentication levels with WAP requires both ends of the connection to authenticate to confirm validity?* a. Relaxed b. Two-way c. Server d. Anonymous

b. *Two-way* Two-way authentication requires both ends of the connection to authenticate to confirm validity.

Physical and Hardware-Based Security *Type K fire extinguishers are intended for use on cooking oil fires. This type is a subset of which other type of fire extinguisher?* a. Type A b. Type B c. Type C d. Type D

b. *Type B* Type K fire extinguishers are a subset of Type B fire extinguishers.

*The new biometric authentication system has been identified as having a high FAR. What does this mean?* a. Authorized users are being allowed access. b. Unauthorized users are being allowed access. c. Authorized users are being denied access. d. Unauthorized users are being denied access.

b. *Unauthorized users are being allowed access.* The false acceptance rate (FAR) is a measure of unauthorized biometric signatures being accepted as valid. Answers A and D are incorrect because they represent valid biometric operations. Answer C is incorrect because denial of authorized signatures is measured as the false rejection rate (FRR).

*Which term describes a means of managing and presenting computer resources by function without regard to their physical layout or location?* a. Port mirroring b. Virtualization c. Cloud computing d. Virtual LAN (VLAN) management

b. *Virtualization* Virtualization is a means of managing and presenting computer resources by function without regard to their physical layout or location.

*An organization is looking for a mobile solution that allows both executives and employees to discuss sensitive information without having to travel to secure company locations. Which of the following fulfills this requirement?* a. GPS tracking b. Voice encryption c. Remote wipe d. Passcode policy

b. *Voice encryption* Mobile voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer A is incorrect because in the event a mobile device is lost, GPS tracking can be used to find the location. answer C is incorrect because remote wipe allows a handheld's data to be remotely deleted in the event the device is lost or stolen. Answer D is incorrect because a screen lock or passcode is used to prevent access to the phone.

Disaster Recovery and Incident Response *Which site best provides limited capabilities for the restoration of services in a disaster?* a. Hot site b. Warm site c. Cold site d. Backup site

b. *Warm site* Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site.

*What is the minimal level of alternative site that includes live networking?* a. Cold b. Warm c. Hot d. Remote

b. *Warm* A warm site generally includes power, phone, and networking. It might include computers that are not yet set up or kept fully up to date. Cold sites generally have little more than space, restrooms, and electricity until activated, making answer A incorrect. Hot sites are locations that are fully operational and include all aspects of operational requirements, making answer C incorrect. Alternate sites (hot, warm, or cold) should be remote enough to be outside of the zone of involvement during a disaster event, making answer D incorrect.

Security-Related Policies and Procedures *Which of the following is the basic premise of least privilege?* a. Always assign responsibilities to the administrator who has the minimum permissions required. b. When assigning permissions, give users only the permissions they need to do their work and no more. c. Regularly review user permissions and take away one that they currently have to see if they will complain or even notice that it is missing. d. Do not give management more permissions than users.

b. *When assigning permissions, give users only the permissions they need to do their work and no more.* The basic premise of least privilege is: When assigning permissions, give users only the permissions they need to do their work and no more.

Protecting Networks *Which of the following are examples of protocol analyzers? (Check all correct answers.)* a. Metasploit b. Wireshark c. OVAL d. Microsoft Message Analyzer

b. *Wireshark* d. *Microsoft Message Analyzer* Windows Server operating systems come with a protocol analyzer called by Microsoft Message Analyzer. Third-party programs such as Wireshark can also be used for network monitoring. Metasploit is a framework used for penetration testing, and OVAL is intended as an international language for representing vulnerability information using an XML schema for expression; therefore, answers A and C are incorrect.

Operating System and Application Security *Which of the following statements is not true?*

b. *You should share the root directory of a disk.* Never share the root directory of a disk if at all possible. Doing so opens the entire disk to potential exploitation.

Network Security *VPN transmissions are achieved through communicating with _______________.* a. network taps b. endpoints c. Internet content filters d. proxy servers

b. *endpoints* VPN transmissions are achieved through communicating with endpoints. An endpoint is the end of the tunnel between VPN devices. An endpoint can be software on a local computer, a dedicated hardware device such as a VPN concentrator (which aggregates hundreds or thousands of VPN connections), or integrated into another networking device such as a firewall.

Protecting Networks *Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?*

b. *faillog* Use the faillog utility in Linux to view a list of users' failed authentication attempts.

*An event that, in the beginning, is considered to be a risk, yet turns out not to be one, is called a _______________.* a. false negative b. false positive c. negative-positive d. positive-negative

b. *false positive* An event that, in the beginning, is considered to be a risk yet turns out not to be one is called a false positive.

*A _______________ cloud is a combination of public and private clouds.* a. community b. hybrid c. mixed d. connected

b. *hybrid* A hybrid cloud is a combination of public and private clouds.

*In many fraud schemes, the perpetrator must be present every day in order to continue the fraud or keep it from being exposed. Many organizations require _______________ for all employees to counteract this.* a. job rotation b. mandatory vacations c. separation of duties d. least privilege

b. *mandatory vacations* In many fraud schemes, the perpetrator must be present every day in order to continue the fraud or keep it from being exposed. Many organizations require mandatory vacations for all employees to counteract this.

*Risk _______________ is the attempt to address risks by making risk less serious.* a. deterrence b. mitigation c. acceptance d. avoidance

b. *mitigation* Risk mitigation is the attempt to address the risks by making risk less serious.

*A(n) _______________ policy outlines how the organization uses the personal information it collects.* a. acceptable use b. privacy c. data acquisition d. data storage

b. *privacy* A privacy policy outlines how the organization uses personal information it collects.

*A _______________ cloud is one in which the services and infrastructure are offered to all users with access provided remotely through the Internet.* a. private b. public c. hybrid d. community

b. *public* A public cloud is one in which the services and infrastructure are offered to all users with access provided remotely through the Internet.

*The _______________ approach to calculating risk uses an "educated guess" based on observation.* a. cumulative b. qualitative c. technical d. quantitative

b. *qualitative* The qualitative approach to calculating risk uses an "educated guess" based on observation.

*The _______________ is the maximum length of time that an organization can tolerate between backups.* a. mean time to failure b. recovery point objective c. mean time to recovery d. recovery time objective

b. *recovery point objective* The recovery point objective (RPO) is the maximum length of time that an organization can tolerate between backups.

*A(n) _______________ is an in-depth examination and analysis of a wireless LAN site.* a. network log b. site survey c. captive portal d. threat vector

b. *site survey* Ensuring that a wireless LAN can provide its intended functionality and meet its required design goals can best be achieved through a site survey. A site survey is an in-depth examination and analysis of a wireless LAN site.

*An integrated device that combines several security functions is called a(n) _______________ security product.* a. demilitarized zone (DMZ) b. unified threat management (UTM) c. virtual private network (VPN) d. application-aware IPS

b. *unified threat management (UTM)* An integrated device that combines several security functions, called a Unified Threat Management (UTM) security product.

*Segmenting a network by separating devices into logical groups is known as creating a _______________.* a. cloud b. virtual LAN (VLAN) c. flood guard d. unified threat management (UTM) system

b. *virtual LAN (VLAN)* Segmenting a network by separating devices into logical groups is known as creating a virtual LAN (VLAN).

Cryptography Basics *MAC is an acronym for what as it relates to cryptography?*

c. *Message authentication code* A MAC as it relates to cryptography is a method of verifying the integrity of an encrypted message. The MAC is derived from the message and the key.

Physical and Hardware-Based Security *Proximity readers work with which of the following? (Choose all that apply.)* a. 15.75 fob card b. 14.32 surveillance card c. 13.56 MHZ smart card d. 125 kHz proximity card

c. *13.56 MHZ smart card* d. *125 kHz proximity card* Proximity readers work with 13.56 MHz smart card and 125 kHz proximity cards.

*Fiber channel (FC) is a high-speed storage network protocol that can transmit up to _______________ per second.* a. 16 bits b. 16 megabits c. 16 gigabits d. 16 terabits

c. *16 gigabits* Fibre Channel (FC) is a high-speed storage network protocol that can transmit up to 16 gigabits per second.

*What is the minimum number of drives necessary to provide a RAID 5 redundant with distributed parity disk array?* a. 1 b. 2 c. 3 d. 5

c. *3* The minimum number of drives in a RAID 5 array is three, making answers B and D incorrect. A single drive does not provide fault tolerance, making Answer A incorrect.

Infrastructure and Connectivity *What is the recommended range of humidity level according to the ASHRAE?* a. 10% to 20% b. 30% to 40% c. 40% to 55% d. 55% to 65%

c. *40% to 55%* The American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE) recommends optimal humidity levels in the 40% to 55% range, making answers A, B, and D incorrect. Very low levels of humidity can promote the buildup of electrostatic charges that can harm sensitive electronic components. Very high levels of humidity can promote condensation on chilled surfaces and introduce liquid into operating equipment.

*Which port does the Hypertext Transfer Protocol Secure (HTTPS) use?* a. 53 b. 143 c. 443 d. 3389

c. *443* The Hypertext Transfer Protocol Secure (HTTPS) uses port 443.

*Which port does the Hypertext Transfer Protocol (HTTP) use?* a. 20 b. 21 c. 80 d. 443

c. *80* The Hypertext Transfer Protocol (HTTP) uses port 80.

Wireless Networking Security *Which of the following 802.11 standards is often referenced as WPA2?* a. 802.11a b. 802.11b c. 802.11i d. 802.11n

c. *802.11i* The WPA2 standard is also known as 802.11i.

Wireless Networking Security *Which type of encryption does CCMP use?* a. EAP b. DES c. AES d. IV

c. *AES* CCMP uses 128-bit AES encryption.

Security and Vulnerability in the Network *The goal of _____ is to minimize the possibility of exploitation by reducing the amount of code and limiting potential damage.* a. EAPOL b. EAP c. ASR d. 802.1X

c. *ASR* The goal of attack surface reduction (ASR) is to minimize the possibility of exploitation by reducing the amount of code and limiting potential damage.

Cryptography Basics *Which of the following terms refers to the prevention of unauthorized disclosure of keys?*

c. *Access control* Access control refers to the process of ensuring that sensitive keys aren't divulged to unauthorized personnel.

*Which of the following is not a way to prevent or protect against XSS?* a. Input validation b. Defensive coding c. Allowing script input d. Escaping metacharacters

c. *Allowing script input* A programmer can implement the most effective way to prevent XSS by validating input, coding defensively, escaping metacharacters, and rejecting all script-like input.

*Which of the following is an example of a false negative result?* a. An authorized user is granted access to a resource. b. An unauthorized user is granted access to a resource. c. An authorized user is refused access to a resource. d. An unauthorized user is refused access to a resource.

c. *An authorized user is refused access to a resource.* A false negative result involves access refusal for an authorized user, which makes answer D incorrect. Answers A and B are incorrect because they represent granted resource access.

*The _______________ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.* a. Single Loss Expectancy b. Annualized Rate of Occurrence c. Annualized Loss Expectancy d. Multiple Loss Expectancy

c. *Annualized Loss Expectancy* The Annualized Loss Expectancy (ALE) is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.

Protecting Networks *Which of the following IDS types looks for things outside of the ordinary?*

c. *Anomaly-based* An anomaly-detection IDS (AD-IDS) looks for anomalies, meaning it looks for things outside of the ordinary.

*Which of the following describes a simple form of social engineering in which an unauthorized individual follows closely behind someone who has authorized physical access to an environment?* a. Tailgating b. Piggybacking c. Answers A and B d. None of the above

c. *Answers A and B* Both tailgating and piggybacking describe a simple method to gain unauthorized access to an environment by closely following behind someone with authorized access. Neither answer A nor B alone is correct. Answer D is incorrect.

Infrastructure and Connectivity *When troubleshooting SSL, which two layers of the OSI model are of most value?* a. Application layer and presentation layer b. Presentation layer and session layer c. Application layer and transport layer d. Physical layer and data link layer

c. *Application layer and transport layer* SSL connections occur between the application and transport layers. Answer A is incorrect because SSL operates at a deeper level. Answer B is incorrect because the Secure Sockets Layer transport effectively fills the same role as these OSI model layers. Answer D is incorrect because the data has been abstracted beyond the level at which SSL operates.

*Which of the following would be used to detect unauthorized or unintentional access or escalation of privileges?* a. Change management b. Incident management c. Auditing d. Data-loss prevention

c. *Auditing* Auditing is used to detect unauthorized or unintentional access or escalation of privileges. Answer A is incorrect because change management provides specific details when system changes are made, such as the files being replaced, the configuration being changed, or the machines or operating systems affected. Answer B is incorrect because incident management includes preparation, roles, rules, and procedures for incident response and how to maintain business continuity while defending against further attacks. Answer D is incorrect because DLP is a way of detecting and preventing confidential data from being exfiltrated physically or logically from an organization by accident or on purpose. Auditing is used to prevent unauthorized or unintentional access or escalation of privileges.

Threats and Vulnerabilities *An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?*

c. *Backdoor* In a backdoor attack, a program or service is placed on a server to bypass normal security procedures.

*What communications technique can a hacker use to identity the product that is running on an open port facing the Internet?* a. Credentialed penetration test b. Intrusive vulnerability scan c. Banner grabbing d. Port scanning

c. *Banner grabbing* Banner grabbing is the communications technique a hacker can use to identify the product that is running on an open port facing the Internet.

Educating and Protecting the User *An NDA (nondisclosure agreement) is typically signed by?*

c. *Beta testers* An NDA (nondisclosure agreement) is typically signed by beta testers.

*Which of the following describes a type of algorithm where data is broken into several units of varying sizes (dependent on algorithm) and encryption is applied to those chunks of data?* a. Symmetric encryption algorithm b. Elliptic curve c. Block cipher d. All of the above

c. *Block cipher* When data that is going to be encrypted is broken into chunks of data and then encrypted, the type of encryption is called a block cipher. Although many symmetric algorithms use a block cipher, answer A is incorrect because block cipher is a more precise and accurate term for the given question. Answer B is incorrect because elliptic curve is a type of asymmetric encryption algorithm. Answer D is an incorrect choice because only one answer is correct.

*Which type of power variation includes short-term decreases in voltage levels?* a. Spikes b. Surges c. Brownouts d. Blackouts

c. *Brownouts* A brownout is a short-term decrease in voltage, often occurring when motors are started or due to provider faults. Both spikes and surges are increases of voltage, making answers A and B incorrect. Blackouts involve a complete loss of power rather than simply a reduction of voltage, making answer D incorrect.

Cryptography Basics *Due to a breach, a certificate must be permanently revoked, and you don't want it to ever be used again. What is often used to revoke a certificate?*

c. *CRL* A Certificate Revocation List (CRL) is created and distributed to all CAs to revoke a certificate or key.

Access Control and Identity Management *To check the validity of a digital certificate, which one of the following would be used?* a. Corporate security policy b. Certificate policy c. Certificate revocation list d. Expired domain names

c. *Certificate revocation list* A certificate revocation list (CRL) provides a detailed list of certificates that are no longer valid. A corporate security policy would not provide current information on the validity of issued certificates; therefore, answer A is incorrect. A certificate policy does not provide information on invalid issued certificates, either; therefore, answer B is incorrect. Finally, an expired domain name has no bearing on the validity of a digital certificate; therefore, answer D is incorrect.

Security and Vulnerability in the Network *During what process do you look at all custom written applications for holes that may exist (in the form of the finished application, configuration files, libraries, and so on)?* a. Network bridging b. Design review c. Code review d. Remediation

c. *Code review* During a code review, you look at all custom written applications for holes that may exist (in the form of the finished application, configuration files, libraries, and the like).

Educating and Protecting the User *Which concept does the Bell-LaPadula model deal most accurately with?*

c. *Confidentiality* The Bell-LaPadula model deals most accurately with confidentiality.

*What statement accurately describes a best practice for managing a virtual LAN (VLAN)?* a. Configure empty switch ports to connect to a used VLAN. b. Keep all default VLAN names. c. Configure the ports on the switch that pass tagged VLAN packets to explicitly forward specific tags. d. Configure VLANs so that public devices are on a private VLAN.

c. *Configure the ports on the switch that pass tagged VLAN packets to explicitly forward specific tags.* Some general principles for managing VLANs are: (1) Configure empty switch ports to connect to an unused VLAN (2) Change any default VLAN names (3) Configure the ports on the switch that pass tagged VLAN packets to explicitly forward specific tags (4) Configure VLANs so that public devices, such as a web application server, are not on a private VLAN, forcing users to have access to that VLAN.

Disaster Recovery and Incident Response *Which of the following would normally not be part of an incident response policy?* a. Outside agencies (that require status) b. Outside experts (to resolve the incident) c. Contingency plans d. Evidence collection procedures

c. *Contingency plans* A contingency plan wouldn't normally be part of an incident response policy. It would be part of a disaster-recovery plan.

*What is a security risk of an embedded system that is not commonly found in a standard PC?* a. Power loss b. Access to the Internet c. Control of a mechanism in the physical world d. Software flaws

c. *Control of a mechanism in the physical world* Because an embedded system is in control of a mechanism in the physical world, a security breach could cause harm to people and property. This typically is not true of a standard PC. Power loss, Internet access, and software flaws are security risks of both embedded systems and standard PCs.

Cryptography Implementation *Which of the following is an attack against the algorithm?* a. Birthday attack b. Weak key attack c. Mathematical attack d. Registration attack

c. *Mathematical attack* A mathematical attack is an attack against the algorithm.

*The encryption protocol used for WPA2 is the _______________.* a. Triple DES b. Advanced Encryption Standard (AES) c. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) d. Temporal Key Integrity Protocol (TKIP)

c. *Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)* The encryption protocol used for WPA2 is the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and specifies the use of CCM (a general purpose cipher mode algorithm providing data privacy) with AES.

*Which of the following types of attacks is characterized by client-side vulnerabilities presented by ActiveX or JavaScript code running within the client's browser?* a. Buffer overflow b. Cross-site request forgery (XSRF) c. Cross-Site Scripting (XSS) d. Input validation error

c. *Cross-Site Scripting (XSS)* Cross-Site Scripting (XSS) attacks take advantage of vulnerabilities in ActiveX or JavaScript code running within the client's browser. The attack hijacks the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer B is incorrect. The key element to understanding XSRF is that attackers are betting that users have a validated login cookie for the website already stored in their browsers. Answer D is incorrect because input validation errors are a result of improper field checking in the code.

Threats and Vulnerabilities *Which of the following types of attacks is executed by placing malicious executable code on a website?* a. Buffer overflow b. Cross-site request forgery (XSRF) c. Cross-Site Scripting (XSS) d. Input validation error

c. *Cross-Site Scripting (XSS)* Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer B is incorrect. The key element to understanding XSRF is that attackers are betting that users have a validated login cookie for the website already stored in their browsers. Answer D is incorrect because input validation errors are a result of improper field checking in the code.

Threats and Vulnerabilities *Which of the following is a coordinated effort in which multiple machines attack a single victim or host with the intent to prevent legitimate service?* a. DoS b. Masquerading c. DDoS d. Trojan horse

c. *DDoS* A distributed denial of service (DDoS) attack is similar to a denial-of-service (DoS) attack in that they both try to prevent legitimate access to services. However, a DDoS attack is a coordinated effort among many computer systems; therefore, answer A is incorrect. Masquerading involves using someone else's identity to access resources; therefore, answer B is incorrect. A Trojan horse is a program used to perform hidden functions; therefore, answer D is incorrect.

*llegal or unauthorized zone transfers are a significant and direct threat to what type of network server?* a. Web b. DHCP c. DNS d. Database

c. *DNS* Illegal or unauthorized zone transfers are a significant and direct threat to DNS servers.

Protecting Networks *Which type of active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken?*

c. *Deception* A deception active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken.

*Which form of media sanitization might be required for flash-based solid state drives to be considered fully sanitized?* a. Declassification b. Degaussing c. Destruction d. Overwriting

c. *Destruction* In some forms of nonferric solid-state storage devices, only destruction may provide full data sanitization. Answer A is incorrect because declassification is a formal process for assessing the risk associated with discarding information, rather than a sanitization process itself. Answer B is incorrect because nonferric solid-state data storage might not react to powerful magnetic fields used during degaussing. Answer D is incorrect because overwriting in a solid state device operates differently than in magnetic storage media and might not completely wipe all data.

Disaster Recovery and Incident Response *Which backup system backs up all the files that have changed since the last full backup?* a. Full backup b. Incremental backup c. Differential backup d. Archival backup

c. *Differential backup* A differential backup backs up all the files that have changed since the last full backup.

*Which protocol is a TCP/IP protocol that resolves (maps) a symbolic name (www.cengage.com) with its corresponding IP address (69.32.133.11)?* a. Internet protocol (IP) b. Internet Control Message Protocol (ICMP) c. Domain Name System (DNS) d. Hypertext Transport Protocol Secure (HTTPS)

c. *Domain Name System (DNS)* The Domain Name System (DNS) is a TCP/IP protocol that resolves (maps) a symbolic name (www.cengage.com) with its corresponding IP address (69.32.133.11).

Security-Related Policies and Procedures *Which type of policy would govern whether employees can engage in practices such as taking gifts from vendors?* a. Termination policy b. Endowment policy c. Ethics policy d. Benefit policy

c. *Ethics policy* An ethics policy is the written policy governing accepted organizational ethics.

*Which type of biometric authentication system is not subject to false rejection due to illness or minor injury?* a. Fingerprint b. Voiceprint c. Facial recognition d. Retina

c. *Facial recognition* Facial recognition systems measure relative spacing between underlying features such as the bone structure and eye placement, requiring more than a minor injury to modify this biometric signature. Fingerprint signatures can be modified by minor cuts, abrasions, and exposure to chemicals, making answer A incorrect. Both voiceprint and retinal signatures can be modified due to illness and injury, making answers B and D incorrect.

Disaster Recovery and Incident Response *The process of automatically switching from a malfunctioning system to another system is called what?* a. Fail safe b. Redundancy c. Fail-over d. Hot site

c. *Fail-over* Fail-over occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations.

Security and Vulnerability in the Network *In which type of testing do you begin with the premise that an outsider attacker is being fed some knowledge from someone inside the network?* a. Black box b. White box c. Gray box d. Green box

c. *Gray box* With gray box testing, you begin with the premise that an outsider attacker is being fed some knowledge from someone inside the network.

Protecting Networks *You're the administrator for Acme Widgets. After attending a conference on buzzwords for management, your boss informs you that an IDS should be up and running on the network by the end of the week. Which of the following systems should be installed on a host to provide IDS capabilities?*

c. *HIDS* A host-based IDS (HIDS) is installed on each host that needs IDS capabilities.

*What is a potential concern to weaker encryption algorithms as time goes on? (Select the best answer.)* a. Performance of the algorithm worsens over time b. Keys generated by users start to repeat on other users' systems c. Hackers using distributed computing might be able to finally crack algorithms. d. All options are correct.

c. *Hackers using distributed computing might be able to finally crack algorithms.* As computers get faster, so does the ability for hackers to use distributed computing as a method of breaking encryption algorithms. With computer performance, in some cases, increasing by 30% to 50% a year on average, this could become a concern for some older algorithms. Answer A is incorrect because weak keys exhibit regularities, and the weakness has nothing to do with performance. Answer B is incorrect because the weakness in keys comes from a block cipher regularity in the encryption of secret keys. The keys do not repeat themselves on other machines. Answer D is incorrect because there is only one correct answer.

*What type of algorithm is SHA-1?* a. Asymmetric encryption algorithm b. Digital signature c. Hashing algorithm d. Certificate authority

c. *Hashing algorithm* SHA-1 is a cryptographic hash function and is an updated version of the original Secure Hash Algorithm (SHA). Answer A is incorrect because this is an algorithm that uses a public and private key pair and is not associated with SHA-1. Answer B is incorrect because a digital signature is not an encryption algorithm. Answer D is incorrect because a certificate authority accepts or revokes certificates.

Operating System and Application Security *Which of the following will help track changes to the environment when an organization needs to keep legacy machines?* a. Virtualization b. Network storage policies c. Host software baselining d. Roaming profiles

c. *Host software baselining* Host software baselining can be done for a variety of reasons including malware monitoring and creating system images. Generally, the environment needs of an organization will fall into a legacy, enterprise, or high-security client. Answer A is incorrect because virtualization adds a layer of security as well as improves enterprise desktop management and control with faster deployment of desktops and fewer support calls due to application conflicts. Answer B is incorrect because network storage policies have nothing to do with desktop management. Answer D is incorrect because roaming profiles do not add a layer of security.

Operating System and Application Security *Your company does electronic monitoring of individuals under house arrest around the world. Because of the sensitive nature of the business, you can't afford any unnecessary downtime. What is the process of applying a repair to an operating system while the system stays in operation called?*

c. *Hotfix* A hotfix is done while a system is operating. This reduces the necessity of taking a system out of service to fix a problem.

*Which protocol uses TLS and SSL to secure Hypertext Transport Protocol (HTTP) communications between a browser and a web server?* a. FTP Secure (FTPS) b. Secure Shell (SSH) c. Hypertext Transport Protocol Secure (HTTPS) d. Internet Protocol Security (IPsec)

c. *Hypertext Transport Protocol Secure (HTTPS)* One common use of TLS and SSL is to secure Hypertext Transport Protocol (HTTP) communications between a browser and a web server. This secure version is actually "plain" HTTP sent over SSL or TLS and is called Hypertext Transport Protocol Secure (HTTPS).

*In a(n) _______________ attack, an Internet Control Message Protocol (ICMP) redirect packet is sent to the victim that asks the host to send its packets to another "router," which is actually a malicious device.* a. network discovery b. smurf c. ICMP redirect d. ping of death

c. *ICMP redirect* In an Internet Control Message Protocol (ICMP) redirect attack, an ICMP redirect packet is sent to the victim that asks the host to send its packets to another "router," which is actually a malicious device.

*Each firewall rule is essentially a separate instruction with a(n) _______________ construction.* a. FOR-EACH b. DO-UNTIL c. IF-THEN d. WHILE-DO

c. *IF-THEN* Firewall rules are essentially an IF-THEN construction. IF these rule conditions are met, THEN the action occurs.

*You have been tasked with mitigating the risk of password-based attacks. Which of the following should you consider to provide a control beyond just what someone knows?* a. Enforce complex passwords b. Prevent the user from entering more than three incorrect passwords c. Implement use of a one-time use token d. A and B

c. *Implement use of a one-time use token* Although both A and B provide controls for passwords, they are still both based on something the user knows: a password. A one-time use token can be a dedicated hardware token or may be a software token or text message on a mobile device. This would be an example of something the user has (for example, a hardware token or registered mobile device). Answer D is incorrect.

* _______________ in access control means that if a condition is not explicitly met, the request for access is rejected.* a. Static allow b. Explicit allow c. Implicit deny d. Dynamic deny

c. *Implicit deny* Implicit deny in access control means that if a condition is not explicitly met, the request for access is rejected. (Implicit means that something is implied or indicated but not actually expressed.)

*Which of the following is an example of role-based access control criteria?* a. GPS coordinates b. Trusted OS c. Members of the Administrators group d. Time of day

c. *Members of the Administrators group* Role-based access control involves assignment of access rights to groups associated with specific roles, with accounts inheriting rights based on group membership. Answers A and B are incorrect, as requirements for access only from specific locations or only from systems running a trusted OS are examples of rule-based access controls. Time of day restrictions are also rule-based access controls, making answer D incorrect.

*An organization has an access control list implemented on the border router, but it appears that unauthorized traffic is still being accepted. Which of the following would the organization implement to improve the blocking of unauthorized traffic?* a. Loop protection b. Flood guard c. Implicit deny d. Port security

c. *Implicit deny* Implicit deny is an access control practice wherein resource availability is restricted to only those logons explicitly granted access. Answer A is incorrect because the loop protection feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature to control network activity associated with denial-of-service (DoS) attacks. Answer D is incorrect because port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port.

Security and Vulnerability in the Network *Your organization is exploring endpoint data-loss prevention (DLP) solutions. This solution is targeting which of the following data states?* a. In-transit b. At-rest c. In-use d. In-flux

c. *In-use* Protection of data in-use is considered to be an endpoint solution and the application is run on end user workstations or servers in the organization. Answer A is incorrect because protection of data in-transit is considered to be a network solution and either a hardware or software solution is installed near the network perimeter to monitor for and flag policy violations. Answer B is incorrect because protection of data at-rest is considered to be a storage solution and is generally a software solution that monitors how confidential data is stored. Answer D is incorrect because there is no such data state.

*Buffer overflows, format string vulnerabilities, and utilization of shell-escape codes can be mitigated by which of the following practices?* a. Fuzzing b. Testing c. Input validation d. Browser initiated token request

c. *Input validation* Input validation tests whether an application properly handles input from a source outside the application destined for internal processing. Answer A is incorrect because fuzzing allows an attacker to inject random-looking data into a program to see if it can cause the program to crash. Answer B is incorrect because testing is too generic or a term. Answer D is incorrect because it is a method used to mitigate Cross-site request forgery (XSRF) attacks.

Network Security *Which option for installing a corporate spam filter is considered to be the most effective approach?* a. Install the spam filter on the Domain Name Server (DNS). b. Install the spam filter on the Post Office Protocol (POP3) server. c. Install the spam filter with the Simple Mail Transfer Protocol (SMTP) server. d. Contract with a third-party entity that filters out spam.

c. *Install the spam filter with the Simple Mail Transfer Protocol (SMTP) server.* Installing the spam filter with the SMTP serve is the simplest and most effective approach.

*_______________ is a protocol suite for securing Internet Protocol (IP) communications.* a. Internet Small Computer System Interface (iSCSI) b. Internet Control Message Protocol (ICMP) c. Internet Protocol Security (IPsec) d. Hypertext Transport Protocol Secure (HTTPS)

c. *Internet Protocol Security (IPsec)* Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications.

Network Security *Which statement concerning behavior-based monitoring is correct? * a. It is necessary to update signature files before monitoring can take place. b. It is necessary to compile a baseline of statistical behavior before monitoring can take place. c. It can more quickly stop new attacks as compared to anomaly- and behavior-based monitoring. d. Behavior-based monitoring operates in a reactive mode.

c. *It can more quickly stop new attacks as compared to anomaly- and behavior-based monitoring.* One of the advantages of behavior-based monitoring is that it is not necessary to update signature files or compile a baseline of statistical behavior before monitoring can take place. In addition, behavior-based monitoring can more quickly stop new attacks.

Physical and Hardware-Based Security *Which of the following methods would be the most effective method to physically secure computers that are used in a lab environment that operates on a part-time basis?* a. Security cables b. Server cages c. Locked cabinet d. Hardware dongle

c. *Locked cabinet* A locked cabinet is an alternative for equipment that is not used or does not have to be physically accessed on a regular, daily basis. Vendors provide solutions such as a security cabinet locker that secures CPU towers. The housing is made of durable, heavy-duty steel for strength. Answer A is incorrect because security cables with combination locks can provide such security and are easy to use but are used mostly to secure laptops and leave the equipment exposed. Answer B is incorrect because PC Safe tower and server cages are designed to bolt to the floor and are meant to be in an environment that is static. Answer D is incorrect because a hardware dongle is used for license enforcement.

*An organization has agreed to collaborate on a business project with another organization. Which of the following documents would outline the terms and details of an agreement between parties, including each party's requirements and responsibilities?* a. SLA b. BPA c. MOU d. ISA

c. *MOU* A memorandum of understanding (MOU) is a document that outlines the terms and details of an agreement between parties, including each party's requirements and responsibilities. Answer A is incorrect because a service level agreement (SLA) is a contract between a service provider and a customer that specifies the nature of the service to be provided and the level of service that the provider will offer to the customer. Answer B is incorrect because a business partners agreement (BPA) is a contract that establishes partner profit percentages, partner responsibilities, and exit strategies for partners. Answer D is incorrect because an interconnection security agreement (ISA) is an agreement between organizations that have connected IT systems.

Disaster Recovery and Incident Response *Which of the following is the measure of the anticipated incidence of failure for a system or component?* a. CIBR b. AIFS c. MTBF d. MTTR

c. *MTBF* Mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component.

*Which type of risk control is administrative in nature and includes the laws, regulations, policies, practices, and guidelines that govern overall requirements and controls?* a. Technical b. System c. Management d. Operational

c. *Management* Management risk control types are administrative in their nature and are the laws, regulations, policies, practices, and guidelines that govern the overall requirements and controls.

Security-Related Policies and Procedures *People in an organization can withhold classified or sensitive information from others in the company when governed by what type of policy?* a. Nondisclosure b. Suppression c. Need-to-know d. Revelation

c. *Need-to-know* People in an organization can withhold classified or sensitive information from others in the company when governed by need-to-know policies.

*Which of the following would best mitigate the risks associated with allowing organizational network access required by the terms of a joint project with a business partner?* a. Captive portal b. Access control lists c. Network segmentation d. Log analysis

c. *Network segmentation* With interconnected networks, the potential for damage greatly increases because one compromised system on one network can easily spread to other networks. Networks that are shared by partners, vendors, or departments should have clear separation boundaries. Answer A is incorrect because a captive portal is used to block Internet access for users until some action is taken. Answer B is incorrect because access control generally refers to the process of making resources available to accounts that should have access, while limiting that access to only what is required. Answer D is incorrect because logging is the process of collecting data to be used for monitoring and auditing purposes.

*Which of the following is a security concern when implementing NoSQL databases?* a. NoSQL databases do not provide any authentication mechanisms. b. The NoSQL design uses server-side validation. c. NoSQL databases lack confidentiality and integrity. d. NoSQL databases are lacking in areas of scalability and performance.

c. *NoSQL databases lack confidentiality and integrity.* The NoSQL design does not place security as a high priority, lacking confidentiality and integrity. Answer A is incorrect because NoSQL databases such as MongoDB have added support for Kerberos authentication, more granular access controls, and SSL encryption. Answer B is incorrect because server-side validation helps protect against malicious attempts by a user to bypass validation or submit unsafe input and it is associated with web-based applications not databases. Answer D is incorrect because when compared to relational databases, NoSQL systems are more scalable and provide superior performance. Scalability and performance are not security concerns.

Cryptography Basics *What is the acronym for the de facto cryptographic message standards developed by RSA Laboratories?* a. PKIX b. X.509 c. PKCS d. Both A and C

c. *PKCS* The Public Key Cryptography Standards (PKCS) are the de facto cryptographic message standards developed and maintained by RSA Laboratories, the Security Division of EMC. PKIX describes the development of Internet standards for X.509-based digital certificates; therefore, answers A, B, and D are incorrect.

Operating System and Application Security *What is the process of applying manual changes to a program called?*

c. *Patching* A patch is a temporary workaround of a bug or problem in code that is applied manually. Complete programs usually replace patches at a later date.

*Security guards are a form of which specific type of control?* a. Management b. Technical c. Physical d. Access

c. *Physical* Physical controls include facility design details such as layout, door, locks, guards, and surveillance systems. Management controls include policies and procedures, whereas technical controls include access control systems, encryption, and data classification solutions, making answers A and B incorrect. Access controls include all three classifications (management, technical, and physical), making Answer D incorrect because the question asks for a specific type.

*Which of the following is the best measure to prevent divulging sensitive information through dumpster diving? (Select two correct answers.)* a. A firewall b. Antivirus software c. Proper disposal policy d. Training and awareness

c. *Proper disposal policy* d. *Training and awareness* Dumpster diving describes a physical means of acquiring sensitive data, often by digging through discarded material. A policy that clearly describes an organization's stance on proper disposal of data and equipment along with user training and awareness are key measures that should be taken to prevent the disclosure of sensitive data through dumpster diving. Answers A and B are incorrect and cannot prevent a physical attack on materials.

*Which utility allows the identification of all devices conducting network traffic both to and from a network segment?* a. Port scanner b. Vulnerability scanner c. Protocol analyzer d. Network mapper

c. *Protocol analyzer* Protocol analyzers examine network traffic and identify protocols and endpoint devices in the identified transactions. Port scanners check service ports on a single device, making answer A incorrect. Answer B is incorrect because vulnerability scanners look for vulnerabilities associated with particular versions of software or services. Answer D is incorrect because a network mapper identifies all devices within a network segment and would not identify endpoint devices beyond that address space.

Access Control and Identity Management *Your office administrator is being trained to perform server backups. Which authentication method would be ideal for this situation?*

c. *RBAC* Role-Based Access Control (RBAC) allows specific people to be assigned to specific roles with specific privileges. A backup operator would need administrative privileges to back up a server. This privilege would be limited to the role and wouldn't be present during the employee's normal job functions.

Cryptography Basics *You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym?*

c. *RFC* The Request for Comments (RFC) process allows all users and interested parties to comment on proposed standards for the Internet. The RFC editor manages the RFC process. The editor is responsible for cataloging, updating, and tracking RFCs through the process.

*You are setting up a switched network in which each department requires a logical separation. Which of the following meets these requirements?* a. DMZ b. VPN c. VLAN d. NAT

c. *VLAN* The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer A is incorrect because a DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer B is incorrect because a virtual private network (VPN) is a network connection that allows you access via a secure tunnel created through an Internet connection. Answer D is incorrect because NAT acts as a liaison between an internal network and the Internet.

Disaster Recovery and Incident Response *Which of the following designates the amount of data loss that is sustainable and up to what point in time data recovery could happen before business is disrupted?* a. RTO b. MTBF c. RPO d. MTTF

c. *RPO* Recovery point objective (RPO) is the amount of time that can elapse during a disruption before the quantity of data lost during that period exceeds the BCP's maximum allowable threshold. Simply put, RPO specifies the allowable data loss. It determines up to what point in time data recovery could happen before business is disrupted. Answer A is incorrect because recovery time objective (RTO) is the amount of time within which a process must be restored after a disaster to meet business continuity. It defines how much time it takes to recover after notification of process disruption. Answer B is incorrect because mean time between failures (MTBF) is the average amount of time that passes between hardware component failures excluding time spent waiting for or being repaired. Answer D is incorrect because mean time to failure (MTTF) is the length of time a device or product is expected to last in operation.

Physical and Hardware-Based Security *RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across which of the following?* a. Network medium b. Electrical wiring c. Radio spectrum d. Portable media

c. *Radio spectrum* RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across a radio spectrum. Motors with defective brushes can generate RFI, as can a number of other devices.

Protecting Networks *Which of the following is an active response in an IDS?*

c. *Reconfiguring a router to block an IP address* Dynamically changing the system's configuration to protect the network or a system is an active response.

*Which of the following is a method that can be used to prevent data from being accessed in the event the device is lost or stolen?* a. GPS tracking b. Voice encryption c. Remote wipe d. Asset tracking

c. *Remote wipe* A remote wipe allows the handheld's data to be remotely deleted in the event the device is lost or stolen. Answer A is incorrect because in the event a mobile device is lost, GPS tracking can be used to find the location. Answer B is incorrect because mobile voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer D is incorrect because asset tracking is used for management of assets in the field so that the device location is known at all times.

Threats and Vulnerabilities *You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be?*

c. *Replay attack* A replay attack attempts to replay the results of a previously successful session to gain access.

*Which type of biometric authentication involves identification of the unique patterns of blood-vessels at the back of the eye?* a. Facial recognition b. Iris c. Retina d. Signature

c. *Retina* Retinal biometric systems identify unique patterns of blood vessels in the back of the eye. Facial recognition systems identify fixed spacing of key features of the face such as bones, eyes, and chin shape, making answer A incorrect. Answer B is incorrect because iris scanning involves identification of unique patterns in the outer colored part of the eye. Answer D is incorrect because signature analysis is a form of what you do biometric authentication recording the speed, shape, and unique kinematics of a personal written signature.

*A security template can be used to perform all but which of the following tasks?* a. Capture the security configuration of a master system b. Apply security settings to a target system c. Return a target system to its precompromised state d. Evaluate compliance with security of a target system

c. *Return a target system to its precompromised state* A security template alone cannot return a system to its precompromised state.

Security-Related Policies and Procedures *On a Linux-based system, which account is equivalent to the administrator account in Windows?* a. Auditor b. Supervisor c. Root d. Master

c. *Root* The root user in Linux is equivalent to the administrator user in Windows.

*An organization that relies heavily on cloud and SaaS service providers, such as Salesforce.com, WebEx, and Google, would have security concerns when implementing which of the following?* a. TACACS+ b. Secure LDAP c. SAML d. XTACACS

c. *SAML* SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) framework for creating and exchanging security information between online partners. The weakness in the SAML identity chain is the integrity of users. To mitigate risk, SAML systems need to use timed sessions, HTTPS, and SSL/TLS. Answer A is incorrect because TACACS+ protocol provides authentication and authorization in addition to accounting of access requests against a centralized service for authorization of access requests. Answer B is incorrect because secure LDAP is a way to make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. Answer D is incorrect because XTACACS is a proprietary version of the original TACACS protocol that was developed by Cisco.

*Which statement accurately describes Secure FTP (SFTP)?* a. SFTP is a combination of two technologies (FTP and SSL or TLS). b. SFTP uses two ports. c. SFTP is an entire protocol itself. d. SFTP encrypts and compresses only data, not commands.

c. *SFTP is an entire protocol itself.* There are several differences between Secure FTP (SFTP) and FTP Secure (FTPS). First, FTPS is a combination of two technologies (FTP and SSL or TLS), whereas SFTP is an entire protocol itself and is not pieced together with multiple parts. Second, SFTP uses only a single TCP port instead of two ports like FTPS. Finally, SFTP encrypts and compresses all data and commands (FTPS may not encrypt data).

Disaster Recovery and Incident Response *Which agreement outlines performance requirements for a vendor?* a. MTBF b. MTTR c. SLA d. BCP

c. *SLA* A service-level agreement (SLA) specifies performance requirements for a vendor. This agreement may use MTBF and MTTR as performance measures in the SLA.

*Which of the following services/protocols operate on port 22?* a. DNS b. HTTPS c. SSH d. RDP

c. *SSH* Secure Shell (SSH) operates on port 22. Answer A is incorrect because Domain Name Service (DNS) uses port 53. Answer B is incorrect because HTTPS uses port 443. Answer D is incorrect because Remote Desktop Protocol (RDP) uses port 3389.

* A switch can be used to prevent broadcast storms between connected systems through the use of what?* a. SSL b. S/MIME c. VLANs d. LDAP

c. *VLANs* Switches can create VLANs. Broadcast storms aren't transmitted between one VLAN and another.

*Which of the following models is useful for individuals and businesses that want to have the right to access a certain application without having to purchase a full license?* a. PaaS b. IaaS c. SaaS d. DaaS

c. *SaaS* Software-as-a-service (SaaS) is the delivery of a licensed application to customers over the Internet for use as a service on demand. Answer A is incorrect. Platform-as-a-service (PaaS) is the delivery of a computing platform, often an operating system with associated services, that is delivered over the Internet without downloads or installation. Answer B is incorrect because infrastructure-as-a-service (IaaS) is the delivery of computer infrastructure in a hosted service model over the Internet. Answer D is incorrect because desktop-as-a-service (DaaS), also called virtual desktop or hosted desktop services, is the outsourcing of a virtual desktop infrastructure (VDI) to a third-party service provider.

*Which of the following would be implemented for secure communications when the organization is using an application that authenticates with Active Directory Domain Services (AD DS) through simple BIND?* a. TACACS+ b. SAML c. Secure LDAP d. XTACACS

c. *Secure LDAP* Reasons for enabling Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) / Transport Layer Security (TLS) also known as LDAPS, include protection of the authentication session when an application authenticates with Active Directory Domain Services (AD DS) through simple BIND. Answer A is incorrect because the TACACS+ protocol provides authentication and authorization as well as accounting of access requests against a centralized service for authorization of access requests. Answer B is incorrect because SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) framework for creating and exchanging security information between online partners. Answer D is incorrect because XTACACS is a proprietary version of the original TACACS protocol that was developed by Cisco.

* _______________ is an encrypted alternative to the Telnet protocol that is used to access remote computers.* a. Internet Control Message Protocol (ICMP) b. Internet Small Computer System Interface (iSCSI) c. Secure Shell (SSH) d. Secure Network Management Protocol (SNMP)

c. *Secure Shell (SSH)* Secure Shell (SSH) is an encrypted alternative to the Telnet protocol that is used to access remote computers.

*Which common cryptographic transport algorithm was developed by Netscape in 1994 in response to the growing concern over Internet security?* a. Hypertext Transport Protocol Secure (HTTPS) b. Secure Shell (SSH) c. Secure Sockets Layer (SSL) d. Transport Layer Security (TLS)

c. *Secure Sockets Layer (SSL)* One of the most common cryptographic transport algorithms is Secure Sockets Layer (SSL). This protocol was developed by Netscape in 1994 in response to the growing concern over Internet security.

*What is a written document that states how an organization plans to protect the company's information technology assets?* a. Privacy notice b. Acceptable use c. Security policy d. Data insurance

c. *Security policy* A security policy is a written document that states how an organization plans to protect the company's information technology assets.

Security and Vulnerability in the Network *The approach a business takes to security is known as its:* a. Rule-based management b. Network bridging c. Security posture d. Assessment technique

c. *Security posture* The security posture is the approach a business takes to security.

Physical and Hardware-Based Security *You're the leader of the security committee at ACME. After a move to a new facility, you're installing a new security monitoring system throughout. Which of the following best describes a motion detector mounted in the corner of a hallway?* a. Perimeter security b. Partitioning c. Security zone d. IDS system

c. *Security zone* A security zone is an area that is a smaller component of the entire facility. Security zones allow intrusions to be detected in specific parts of the building.

*Which of the following provides the output for an example of banner grabbing?* a. http://www.example.com/index.htm b. This is a government computer system. Authorized access only. c. Server Apache 2.0.46 (Red Hat Linux) d. Welcome to our FTP site

c. *Server Apache 2.0.46 (Red Hat Linux)* Banner grabbing is a technique used to discover information about a computer system. This information is used to further understand the underlying system. In this example, a vulnerability scanner can narrow down which vulnerabilities to test for. However, an attacker knows which exploits the system may be susceptible to. Answer A is simply a URL and is incorrect. Answers B and D are incorrect, and although they may be referred to as a "login banner," do not confuse these with banner grabbing.

Operating System and Application Security *What is the term used when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party?*

c. *Session hijacking* Session hijacking occurs when the item used to validate a user's session, such as a cookie, is stolen and used by another to establish a session with a host that thinks it is still communicating with the first party.

*An organization has a high-speed fiber Internet connection that it uses for most of its daily operations, as well as its offsite backup operations. This represents what security problem?* a. Single point of failure b. Redundant connections c. Backup generator d. Offsite backup storage

c. *Single point of failure* Having only a single high-speed fiber Internet connection represents the security problem of a single point of failure.

*In the _______________ model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure.* a. Infrastructure as a Service (IaaS) b. Application as a Service (AaaS) c. Software as a Service (SaaS) d. Platform as a Service (PaaS)

c. *Software as a Service (SaaS)* In the Software as a Service (SaaS) model, the cloud computing vendor provides access to the vendor's software applications running on a cloud infrastructure. These applications, which can be accessed through a web browser, do not require any installation, configuration, upgrading, or management from the user.

Cryptography Basics *Kristin, from Payroll, has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true?*

c. *Suspended keys can be reactivated.* Suspending keys is a good practice: It disables a key, making it unusable for a certain period of time. This can prevent the key from being used while someone is gone. The key can be reactivated when that person returns.

*Which of the following is a hardware solution typically attached to the circuit board of the system used for greater security protection for processes such as digital signing, mission-critical applications, and businesses where high security is required?* a. Full disk encryption b. HSM c. TPM d. File-level encryption

c. *TPM* At the most basic level, a trusted platform module (TPM) provides for the secure storage of keys, passwords, and digital certificates, and it is hardware based (typically attached to the circuit board of the system). Answer A is incorrect because full disk encryption is a software solution and is most useful when you're dealing with a machine that is being taken on the road by people such as traveling executives, sales managers, or insurance agents. Answer B is incorrect because a hardware security module (HSM) can be described as black box combination hardware and software/firmware that is attached or contained inside a computer used to provide cryptographic functions for tamper protection and increased performance. Answer D is incorrect because in file- or folder-level encryption, individual files or folders are encrypted by the file system itself.

Operating System and Application Security *Which of the following is the name assigned to a chip that can store cryptographic keys, passwords, or certificates?*

c. *TPM* TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. TPM can be used to protect cell phones and devices other than PCs as well.

*Which statement accurately describes an access control list characteristic?* a. Access control lists are efficient. b. Access control lists are simple to manage in an enterprise setting. c. The structure behind an access control list table can be complex. d. Access control lists are used extensively with UNIX systems but not on Windows operating systems.

c. *The structure behind an access control list table can be complex.* Although access control lists (ACLs) can be associated with any type of object, these lists are most often viewed in relation to files maintained by the operating system. ACLs have limitations. First, using ACLs is not efficient. Second, they can be difficult to manage in an enterprise setting where many users need to have different levels of access to many different resources. Note that the structure behind ACL tables can be complex.

Security-Related Policies and Procedures *You're giving hypothetical examples during a required security training session when the subject of certificates comes up. A member of the audience wants to know how a party is verified as genuine. Which party in a transaction is responsible for verifying the identity of a certificate holder?* a. Subscriber b. Relying party c. Third party d. Omni registrar

c. *Third party* The third party is responsible for assuring the relying party that the subscriber is genuine.

Threats and Vulnerabilities *_________ describes the potential that a weakness in hardware, software, process, or people will be identified and taken advantage of.* a. Vulnerability b. Exploit c. Threat d. Risk

c. *Threat* A threat is the potential that a vulnerability will be identified and exploited. Answer A is incorrect because a vulnerability is the weakness itself and not the likelihood that it will be identified and exploited. Answer B is incorrect because an exploit is the mechanism of taking advantage of a vulnerability rather than its likelihood of occurrence. Answer D is incorrect because risk is the likelihood that a threat will occur and the measure of its effect.

Operating System and Application Security *You're redesigning your network in preparation for putting the company up for sale. The network, like all aspects of the company, needs to perform the best that it possibly can in order to be an asset to the sale. Which model is used to provide an intermediary server between the end user and the database?*

c. *Three-tiered* A three-tiered model puts a server between the client and the database.

*What mechanism of loop protection is based on an element in a protocol header?* a. Spanning Tree Protocol b. Ports c. Time to live d. Distance vector protocols

c. *Time to live* Time to live (TTL) is a value in the IP header used to prevent loops at Layer 3.

*Which of the following standards ensures privacy between communicating applications and clients on the Web and has been designed to replace SSL?* a. Secure Sockets Layer 4 b. Point-to-Point Tunneling Protocol c. Transport Layer Security d. Internet Protocol Security

c. *Transport Layer Security* Transport Layer Security (TLS) is a network protocol that replaces Secure Sockets Layer (SSL) to provide communication security over networks. Answer A is incorrect, as such a thing was never developed. Answers B and D are incorrect as these describe methods for implementing VPNs and are were not designed to replace SSL.

*Which protocol is often used for the automated transfer of configuration files between devices?* a. Hypertext Transfer Protocol (HTTP) b. Secure Copy Protocol (SCP) c. Trivial File Transfer Protocol (TFTP) d. Secure FTP (SFTP)

c. *Trivial File Transfer Protocol (TFTP)* A "light" version of File Transfer Protocol (FTP) known as Trivial File Transfer Protocol (TFTP) uses a small amount of memory but has limited functionality. It is often used for the automated transfer of configuration files between devices.

Physical and Hardware-Based Security *You've been drafted for the safety committee. One of your first tasks is to inventory all the fire extinguishers and make certain the correct types are in the correct locations throughout the building. Which of the following categories of fire extinguisher is intended for use on electrical fires?* a. Type A b. Type B c. Type C d. Type D

c. *Type C* Type C fire extinguishers are intended for use in electrical fires.

Security-Related Policies and Procedures *A periodic security audit of which of the following can help determine whether privilege-granting processes are appropriate and whether computer usage and escalation processes are in place and working?* a. Event logs b. User account and ldp settings c. User access and rights review d. System security log files

c. *User access and rights review* A periodic security audit of user access and rights review can help determine whether privilege-granting processes are appropriate and whether computer usage and escalation processes are in place and working.

Wireless Networking Security *Which of the following is not one of the three transmission technologies used to communicate in the 802.11 standard?* a. DSSS b. FHSS c. VITA d. OFDM

c. *VITA* The three technologies available for use with the 802.11 standard are DSSS (direct-sequence spread spectrum), FHSS (frequency-hopping spread spectrum), and OFDM (orthogonal frequency division multiplexing). VITA (Volunteer Income Tax Assistance) is not a wireless transmission technology.

*If Bob wants to send a secure message to Val using public key encryption without sender validation, what does Val need?* a. Bob's private key b. Bob's public key c. Val's private key d. Val's public key

c. *Val's private key* Val needs her own private key to decrypt the message Bob encrypted with her public key. Neither of Bob's keys is needed because the originator does not need to be validated, making Answers A and B incorrect. Answer D is incorrect because Val's public key is used to encrypting the original message before transmission.

Security and Vulnerability in the Network *Which of the following is a software application that checks your network for any known security holes?* a. Logic bomb b. Log analyzer c. Vulnerability scanner d. Design reviewer

c. *Vulnerability scanner* A vulnerability scanner is a software application that checks your network for any known security holes.

Wireless Networking Security *Which protocol is mainly used to enable access to the Internet from a mobile phone or PDA?* a. WEP b. WTLS c. WAP d. WOP

c. *WAP* Wireless Application Protocol (WAP) is an open international standard for applications that use wireless communication.

Wireless Networking Security *WAP uses a smaller version of HTML for Internet displays. This is known as:* a. DSL b. HSL c. WML d. OFML

c. *WML* WAP uses a smaller version of HTML called Wireless Markup Language (WML) for Internet displays.

Wireless Networking Security *You're outlining your plans for implementing a wireless network to upper management. Suddenly, a paranoid vice president brings up the question of security. Which protocol was designed to provide security to a wireless network and can be considered equivalent to the security of a wired network?* a. WAP b. WTLS c. WPA2 d. IR

c. *WPA2* Wi-Fi Protected Access 2 (WPA2) was intended to provide security that's equivalent to the security on a wired network and implements elements of the 802.11i standard.

Wireless Networking Security *Which of the following provides services similar to TCP and UDP for WAP?* a. WTLS b. WDP c. WTP d. WFMD

c. *WTP* The Wireless Transaction Protocol (WTP) provides services similar to TCP and UDP for WAP.

Educating and Protecting the User *Which of the following is the best description of shoulder surfing?*

c. *Watching someone enter important information* Shoulder surfing is best defined as watching someone enter important information.

*A pirated movie-sharing service was discovered operating on company equipment. Administrators do not know who planted the service or who the users are. What technique could be used to attempt to trace the identity of the users?* a. Typo squatting b. Integer overflow c. Watering hole attack d. Ransomware

c. *Watering hole attack* A watering hole attack could be used to plant phone-home-to-identity malware on the systems of subsequent visitors.

Educating and Protecting the User *Which of the following is another name for social engineering?*

c. *Wetware* Wetware is another name for social engineering.

*Due to organizational requirements strong encryption cannot be used. Which of the following is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point?* a. Wireless Application Environment (WAE) b. Wireless Session Layer (WSL) c. Wired Equivalent Privacy (WEP) d. Wireless Transport Layer Security (WTLS)

c. *Wired Equivalent Privacy (WEP)* WEP is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point. Answer A is incorrect. Wireless Application Environment (WAE) specifies the framework used to develop applications for mobile devices, including cell phones, data pagers, tablets, and laptops. Answers B and D are incorrect. Wireless Session Layer (WSL), Wireless Transport Layer (WTL), and Wireless Transport Layer Security (WTLS) are the specifications that are included in the WAP standard.

*Due to organizational requirements, strong encryption cannot be used. Which of the following is the most basic form of encryption that can be used on 802.11-based wireless networks to provide privacy of data sent between a wireless client and its access point?* a. Wireless Application Environment (WAE) b. Wireless Session Layer (WSL) c. Wired Equivalent Privacy (WEP) d. Wireless Transport Layer Security (WTLS)

*_______________ is an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information.* a. PSK2-mixed mode b. Temporal Key Integrity Protocol (TKIP) c. Wired Equivalent Privacy (WEP) d. Extensible Authentication Protocol (EAP)

c. *Wired Equivalent Privacy (WEP)* Wired Equivalent Privacy (WEP) is an IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information.

Threats and Vulnerabilities *A user calls you in a panic. He is receiving emails from people indicating that he is inadvertently sending viruses to them. Over 200 such emails have arrived today. Which type of attack has most likely occurred?*

c. *Worm* A worm is a type of malicious code that attempts to replicate using whatever means are available. The worm may not have come from the user's system; rather, a system with the user's name in the address book has attacked these people.

Security-Related Policies and Procedures *Which of the following is one of the most common certificates in use today?* a. X.733 b. X.50 c. X.509 d. X.500

c. *X.509* One of the most common certificates in use today is the X.509 certificate. It includes encryption, authentication, and a reasonable level of validity.

*Risk _______________ simply means that the risk is acknowledged but that no steps are taken to address it.* a. deterrence b. mitigation c. acceptance d. avoidance

c. *acceptance* Acceptance simply means that the risk is acknowledged but no steps are taken to address it.

Network Security *When a modern firewall receives a packet, it tends to use a(n) _______________ method to determine the action to be taken.* a. rule-based b. role-based c. application-based d. authentication-based

c. *application-based* Traditional firewalls are rule-based while more modern firewalls are application-based.

Network Security *A load balancer is typically located _______________ in a network configuration.* a. in front of a server b. in front of a router c. between a router and a server d. between a router and a switch

c. *between a router and a server* Because load balancers generally are located between routers and servers, they can detect and stop attacks directed at a server or application.

*All wireless network interface card (NIC) adapters have _______________ antennas.* a. external b. peripheral c. embedded d. focused

c. *embedded* Although all wireless network interface card (NIC) adapters have embedded antennas, attaching an external antenna will significantly increase the ability to detect a wireless signal.

*A _______________ is an event that does not appear to be a risk but actually turns out to be one.* a. false positive b. negative-positive c. false negative d. positive-negative

c. *false negative* A false negative is an event that does not appear to be a risk but actually turns out to be one.

*TCP/IP uses its own _______________ architecture that corresponds generally to the OSI reference model.* a. two-layer b. three-layer c. four-layer d. seven-layer

c. *four-layer* TCP/IP uses its own four-layer architecture that includes Network Interface, Internet, Transport, and Application layers. This corresponds generally to the OSI reference model.

*Fibre Channel over Ethernet (FCoE) encapsulates Fibre Channel _______________ over Ethernet networks.* a. headers b. addresses c. frames d. packets

c. *frames* A variation of FC is Fibre Channel over Ethernet (FCoE) that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use fast Ethernet networks while preserving the Fibre Channel protocol.

*Which of the following is a common storage networking standard chosen by businesses for ease of installation, cost, and utilization of current Ethernet networks?* a. Fibre Channel b. FTP c. iSCSI d. HTTPS

c. *iSCSI* Businesses choose Internet Small Computer System Interface (iSCSI) due to ease of installation, cost, and utilization of current Ethernet networks. Answer A is incorrect. Fibre Channel infrastructure generally is more costly and complex to manage due to the separate network switching infrastructure. Answer B is incorrect. FTP servers provide user access to upload or download files between client systems and a networked FTP server. Answer D is incorrect because HTTPS is used for secured web-based communications.

*The term _______________ refers to the average (mean) amount of time until a component fails, cannot be repaired, and must be replaced.* a. mean time to recovery b. failure in time c. mean time between failures d. mean time to failure

c. *mean time between failures* The term mean time between failures refers to the average (mean) amount of time until a component fails, cannot be repaired, and must be replaced.

*A _______________ cloud offers the highest level of security and control.* a. public b. community c. private d. hybrid

c. *private* A private cloud is created and maintained on a private network. Although this type offers the highest level of security and control (because the company must purchase and maintain all the software and hardware), it also reduces any cost savings.

*One of the best practices for access control is _______________, which requires that if the fraudulent application of a process might potentially result in a breach of security, the process should be divided between two or more individuals.* a. job rotation b. mandatory vacation c. separation of duties d. least privilege

c. *separation of duties* Separation of duties requires that if the fraudulent application of a process could potentially result in a breach of security, the process should be divided between two or more individuals.

*Allowing an IP address to be split anywhere within its 32 bits is known as _______________.* a. splitting b. spanning c. subnetting d. IP spraying

c. *subnetting* Allowing an IP address to be split anywhere within its 32 bits. This is known as subnetting or subnet addressing.

*Networks are usually segmented by using _______________ to divide the network into a hierarchy.* a. hubs b. routers c. switches d. proxies

c. *switches* Networks are usually segmented by using switches to divide the network into a hierarchy.

*The term risk _______________ refers to the act of shifting risk to a third party.* a. deterrence b. mitigation c. transference d. avoidance

c. *transference* Risk transference is the act of transferring the risk to a third party.

What is the correct command to add the description "Link to West LA" to an interface on a Cisco router? a. name Link to West LA b. interface description Link to West LA c. description Link to West LA d. interface name Link to West LA

c. The command to add a description to an interface is the description interface-description interface configuration command.

Which is the correct command to change the bandwidth of a serial interface to 256 kbps? a. bandwidth 256k b. band width 256 c. bandwidth 256 d. bandwidth 256000 e. band width 256000

c. The command to change the bandwidth of a serial interface is the bandwidth bandwidth-in-kbps interface command. The correct command to change the bandwidth to 256 kbps is as follows: RouterA(config-if)# bandwidth 256

Network Security *Which statement concerning a network intrusion detection system (NIDS) is correct?* a. A NIDS knows such information as the applications that are running as well as the underlying operating systems so that it can provide a higher degree of accuracy regarding potential attacks. b. Compared to a network intrusion prevention system (NIPS), a NIDS can more quickly take action to block and attack. c. A NIDS attempts prevent malicious attacks by stopping the attack. d. A NIDS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis.

d. *A NIDS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis.* A network intrusion prevention system (NIPS) is similar to a NIDS in that it monitors network traffic to immediately react to block a malicious attack. One of the major differences between a NIDS and a NIPS is its location. A NIDS has sensors that monitor the traffic entering and leaving a firewall, and reports back to the central device for analysis. A NIPS, on the other hand, would be located "in line" on the firewall itself. This can allow the NIPS to more quickly take action to block an attack.

*Which of the following is not an example of the principles of influence used in social engineering attacks?* a. Authority b. Intimidation c. Scarcity and urgency d. Authenticity and authorization e. Trust

d. *Authenticity and authorization* Authenticity and authorization both relate to identity and access control and are not principle reasons for effectiveness as related to social engineering. Answers, A, B, C, and E are all legitimate principles and so are incorrect answers.

*Which statement describes a limitation of Secure Copy Protocol (SCP)?* a. SCP can only operate in the Windows environment. b. SCP cannot encrypt commands. c. SCP is being replaced by Remote Copy Protocol (RCP). d. A file transfer cannot be interrupted and then resumed in the same session.

d. *A file transfer cannot be interrupted and then resumed in the same session.* Secure Copy Protocol (SCP) encrypts files and commands, yet has limitations. For example, a file transfer cannot be interrupted and then resumed in the same session; the session must be completely terminated and then restarted.

*Which of the following risk-assessment formulas represents the total potential loss a company may experience within a single year due to a specific risk to an asset?* a. EF b. SLE c. ARO d. ALE

d. *ALE* The annualized loss expectancy (ALE) represents the total potential loss a company may experience within a single year due to a specific risk to an asset. EF is the percentage of asset value loss that would occur if a risk was realized. SLE is the potential dollar value loss from a single risk-realization incident. ARO is the statistical probability that a specific risk may be realized a certain number of times in a year.

*What is the last step in the access control process?* a. Identification b. Authentication c. Authorization d. Access control

d. *Access control* Only after credentials have been provided, authenticated, and authorized will access control list (ACL) values be assigned based on explicit and inherited grant and denial constraints. Answer A is incorrect because identification involves only the presentation of credentials and not the requirement for verifying those credentials as valid. Answers B and C are incorrect because both authentication and authorization must occur before access control constraints can be applied to an access request.

*Which of the following is a security control type that is not usually associated with or assigned to a security guard?* a. Preventive b. Detective c. Corrective d. Administrative

d. *Administrative* A security guard is not an administrative control. A security guard can be considered a preventive, detective, and/or corrective control.

*Which one of the following is an indication that a system might contain spyware?* a. The system is slow, especially when browsing the Internet. b. It takes a long time for the Windows desktop to come up. c. Clicking a link does nothing or goes to an unexpected website. d. All of the above.

d. *All of the above.* Each of these represents common symptoms of a computer that has had spyware installed.

*Which of the following is included in hardening a host operating system?* a. A policy for antivirus updates b. A policy for remote wipe c. An efficient method to connect to remote sites d. An effective system for file-level security

d. *An effective system for file-level security* Hardening of the operating system includes planning against both accidental and directed attacks, such as the use of fault-tolerant hardware and software solutions. In addition, it is important to implement an effective system for file-level security, including encrypted file support and secured file system selection that allows the proper level of access control. Answer A is incorrect because it is a host protection measure, not an OS hardening measure. Answer B is incorrect because this is a feature associated with data security, not host hardening. Answer C is incorrect because this is a secure communication measure.

Protecting Networks *Which IDS function evaluates data collected from sensors?*

d. *Analyzer* The analyzer function uses data sources from sensors to analyze and determine whether an attack is under way.

*Historical data can be used to determine the likelihood of a risk occurring within a year. This is known as the _______________.* a. Annualized Loss Expectancy b. Single Loss Expectancy c. Multiple Loss Expectancy d. Annualized Rate of Occurrence

d. *Annualized Rate of Occurrence* Historical data can be used to determine the likelihood of a risk occurring within a year. This is known as the Annualized Rate of Occurrence (ARO).

Network Security *Which statement concerning anomaly-based monitoring is correct?* a. Anomaly-based monitoring is founded on experience based techniques. b. Anomaly-based monitoring looks for well-known patterns. c. Anomaly-based monitoring operates by being adaptive and proactive. d. Anomaly-based monitoring is designed for detecting statistical anomalies.

d. *Anomaly-based monitoring is designed for detecting statistical anomalies.* Anomaly-based monitoring is designed for detecting statistical anomalies.

Wireless Networking Security *Which of the following authentication levels with WAP allows virtually anyone to connect to the wireless portal?* a. Relaxed b. Two-way c. Server d. Anonymous

d. *Anonymous* Anonymous authentication allows virtually anyone to connect to the wireless portal.

*Which of the following is the most useful when you're dealing with data that is stored in a shared cloud environment?* a. Full disk encryption b. File-level encryption c. Media-level encryption d. Application-level encryption

d. *Application-level encryption* In a cloud environment, application-level encryption is preferred because the data is encrypted by the application before being stored in the database or file system. The advantage is that it protects the data from the user all the way to storage. Answer A is incorrect because full disk encryption is most useful when you're dealing with a machine that is being taken on the road by people such as traveling executives, sales managers, or insurance agents. Answer B is incorrect because in file- or folder-level encryption, individual files or folders are encrypted by the file system itself. Answer C is incorrect because media encryption is used for USB flash drives, iPods, and other portable storage devices.

*Which statement accurately describes a weakness in disabling SSID broadcasts?* a. Turning off the SSID broadcast may allow users to freely roam from one AP coverage area to another. b. For most hardware routers, the effect is temporary and the disabling actions must be repeated frequently. c. Disabling SSID broadcasts may disable the entire network. d. Attackers with protocol analyzers can still detect the SSID.

d. *Attackers with protocol analyzers can still detect the SSID.* The SSID can be easily discovered even when it is not contained in beacon frames because it is transmitted in other management frames sent by the AP. Attackers with protocol analyzers can still detect the SSID.

Security and Vulnerability in the Network *You want to implement MAC filtering on a small network but do not know the MAC address of a Windows-based workstation. Which command-line tool can you run on the workstation to find the MAC address?* a. ifconfig b. ifconfig /show c. ipconfig d. ipconfig /all

d. *ipconfig /all* The command ipconfig /all will show the MAC address as the physical address.

*Which of the following is not focused on recovering after loss of function?* a. RTO b. DRP c. RPO d. BCP

d. *BCP* Business continuity planning (BCP) / continuity of operations (COO) is focused on maintaining continued service availability even if in a limited form. Recovery time objectives (RTOs) and recovery point objectives (RPOs) are components of disaster recovery planning (DRP) focusing on recovery after a loss of function, making answers A, B, and C incorrect.

*_______________ can be prevented with loop protection.* a. IP address spoofing b. Man-in-the-middle attacks c. Denial of service (DoS) attacks d. Broadcast storms

d. *Broadcast storms* Broadcast storms can be prevented with loop protection, which uses the IEEE 802.1d standard spanning-tree algorithm (STA).

Access Control and Identity Management *Which of the following is a type of smart card issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees?*

d. *CAC* One type of smart card is the Common Access Card (CAC). These cards are issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees.

*Which of the following types of cloud computing is designed to meet industry-specific needs such as healthcare, public sector, or energy?* a. Public b. Private c. Hybrid d. Community

d. *Community* Community clouds are designed to accommodate the mutual needs of a particular business community. This is generally industry-specific such as healthcare, public sector, or energy. Answer A is incorrect because a public cloud is an environment where the services and infrastructure are hosted at a service provider's offsite facility and accessed over the Internet based on a monthly or yearly usage fee. Answer B is incorrect because a private cloud is a hosted infrastructure on a private platform and can sometimes be referred to as an internal, corporate, or enterprise cloud. Answer C is incorrect. A hybrid cloud is a combination of public and private clouds where control of data is kept using a private cloud while other functions are hosted using a public cloud.

Network Security *Which type of Internet content filtering restricts unapproved websites from being displayed by searching for and matching keywords?* a. Uniform resource locator (URL filtering) b. Profiling c. Malware inspection d. Content inspection

d. *Content inspection* Internet content filters monitor Internet traffic and block access to preselected websites and files. A requested webpage is displayed only if it complies with the specified filters. Unapproved websites can be restricted based on the Uniform Resource Locator or URL (URL filtering) or by searching for and matching keywords such as sex or hate (content inspection) as well as looking for malware (malware inspection).

*Which of the following is a commonly applied principle for fault tolerance against accidental faults designed into critical facilities planning?* a. Firmware version control b. Wrappers c. Manual updates d. Control redundancy

d. *Control redundancy* Control redundancy is replication of a component in identical copies to compensate for random hardware failures. Redundancy is usually dispersed geographically as well as through backup equipment and databases, or hot sparing of system components. Answer A is incorrect because firmware version control is important in systems like gaming consoles because many vulnerabilities cannot be fixed via firmware updates, leaving a system vulnerable until a new console is released. Answer B is incorrect because wrappers are used in several types of implementations such as smart grids, integration of legacy systems, and reducing the risk of web-based attacks. Answer C is incorrect because manual updates, although inconvenient, may also be necessary when the system contains sensitive data and is segmented.

Threats and Vulnerabilities *Which of the following is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated?* a. Buffer overflow b. Input validation error c. Cross-site scripting d. Cross-site request forgery

d. *Cross-site request forgery* Cross-site request forgery (XSRF) is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer B is incorrect because input validation errors are a result of improper field checking in the code. Answer C is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A.

Security-Related Policies and Procedures *Which policy defines what constitutes sensitive data and applies protection to it?* a. Classification b. BCP c. Data review d. Data theft

d. *Data theft* A data theft policy defines what constitutes sensitive data and applies protection to it.

*In which of the following phases should code security first be implemented?* a. Testing b. Review c. Implementation d. Design

d. *Design* It is important that security is implemented from the very beginning. In the early design phase, potential threats to the application must be identified and addressed. Ways to reduce the associated risks must also be taken into consideration. Therefore, answers A, B, and C are incorrect.

*What item is considered to be the biggest obstacle to log management?* a. Offsite storage accessibility b. Very large volume of data c. Multiple devices generating logs d. Different log formats

d. *Different log formats* Perhaps the biggest obstacle to log management is that different devices record log information in different formats and even with different data captured. Combining multiple logs, each with a different format, can be a major challenge.

*A newer secure version of DNS known as _______________ allows DNS information to be digitally signed so that an attacker cannot forge DNS information.* a. Domain Name System Security (DNSS) b. Advanced Domain Name System (ADNS) c. Domain Name System2 (DNS2) d. Domain Name System Security Extensions (DNSSEC)

d. *Domain Name System Security Extensions (DNSSEC)* A newer secure version of DNS known as Domain Name System Security Extensions (DNSSEC) allows DNS information to be digitally signed so that an attacker cannot forge DNS information.

*If user awareness is overlooked, what attack is more likely to succeed?* a. Man-in-the-middle b. Reverse hash matching c. Physical intrusion d. Social engineering

d. *Social engineering* Social engineering is more likely to occur if users aren't properly trained to detect and prevent it. The lack of user awareness training won't have as much impact on man-in-the-middle, reverse hash-matching, or physical intrusion attacks.

*Which form of fire suppression functions best in an Alaskan fire of burning metals?* a. Dry-pipe sprinkler b. Wet-pipe sprinkler c. Carbon dioxide d. Dry powder

d. *Dry powder* Combustible metal fires (Class D) require sodium chloride and copper-based dry powder extinguishers. Although dry-pipe would be preferable to wet-pipe sprinklers in regions that experience very low temperatures such as Alaska, water is only appropriate for wood, paper, and trash fires (Class A), making answers A and B incorrect. Answer C is incorrect because carbon dioxide and Halon extinguishers are useful for fires involving live electric wiring (Class C) and would not be used for burning metals.

*_______________ was created as a more secure alternative than the weak Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP).* a. Temporal Key Integrity Protocol (TKIP) b. Advanced Encryption Standard (AES) c. Protected EAP (PEAP) d. Extensible Authentication Protocol (EAP)

d. *Extensible Authentication Protocol (EAP)* A framework for transporting the authentication protocols is known as the Extensible Authentication Protocol (EAP). EAP was created as a more secure alternative than the weak Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP). Despite its name, EAP is a framework for transporting authentication protocols instead of the authentication protocol itself.

Physical and Hardware-Based Security *Which form of cabling is least susceptible to EM interference?* a. STP b. UTP c. Coaxial d. Fiber optic

d. *Fiber optic* Fiber-optic cabling is least subject to electromagnetic interference because its communications are conducted by transmitting pulses of light over glass, plastic, or sapphire transmission fibers. Twisted-pair (shielded STP as well as unshielded UTP) copper cables provide minimal shielding against interference but can function as antenna picking up nearby EM sources when extended over long cable runs, making answers A and B incorrect. Answer C is incorrect because although coaxial cables limit EM interference by encasing one conductor in a sheath of conductive material, they are still conductive and not as resistant as purely optical forms of communication.

*What form of storage or file-transfer technology was originally designed to be operated over an optical network but was adapted to run over a copper network as well?* a. FTP b. iSCSI c. SATA d. Fibre Channel

d. *Fibre Channel* Fibre Channel is a form of network data-storage solution (SAN or NAS) that allows for high-speed file transfers upwards of 16 Gbps. It was designed to be operated over fiber optic cables, but support for copper cables was added later to offer less expensive options.

Cryptography Basics *Which of the following is a hybrid cryptosystem?* a. PAP b. MD5 c. RSA d. GPG

d. *GPG* Privacy Guard (GnuPG or GPG) is a hybrid cryptosystem that uses combination of public key and private key encryption. The incorrect choices are A, B, and C: PAP is a basic form of authentication during which the username and password are transmitted unencrypted, RSA is an asymmetric cipher, and MD5 is a hash.

Educating and Protecting the User *Which of the following actions would not be allowed in the Bell-LaPadula model?*

d. *General with Top Secret clearance writing at the Confidential level* The first three actions would be allowed since you can write to your level and read at your level (or below). The situation that would not be allowed is the General with Top Secret clearance writing at the Confidential level.

Protecting Networks *Which IDS system uses algorithms to analyze the traffic passing through the network?*

d. *Heuristic* A heuristic system uses algorithms to analyze the traffic passing through the network.

Security-Related Policies and Procedures *Which policies define how individuals are brought into an organization?* a. Service policies b. Continuity policies c. Pay policies d. Hiring policies

d. *Hiring policies* Hiring policies define how individuals are brought into an organization. They also establish the process used to screen prospective employees for openings.

*What tool is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network?* a. Firewall b. IDS c. Router d. Honeypot

d. *Honeypot* A honeypot is used to lure or retain intruders in order to gather sufficient evidence without compromising the security of the private network.

*Which term refers to the expansion and contraction of random access memory (RAM) or hard drive space as needed?* a. On-demand computing b. Host computing c. Host availability d. Host elasticity

d. *Host elasticity* Virtualization has several advantages. First, new virtual server machines can be quickly made available (host availability), and resources such as the amount of Random Access Memory (RAM) or hard drive space can easily be expanded or contracted as needed (host elasticity).

Physical and Hardware-Based Security *Which of the following is a method of cooling server racks in which hot air and cold are both handled in the server room?* a. Hot/cold vessels b. Hot and cold passages c. Hot/cold walkways d. Hot and cold aisles

d. *Hot and cold aisles* Hot and cold aisles is a method of cooling server racks in which hot air and cold are both handled in the server room.

*What form of recovery site requires the least amount of downtime before mission-critical business operations can resume?* a. Cold b. Warm c. Hot d. Offsite

d. *Hot* A hot site requires the least amount of downtime before mission-critical business operations can resume, because it is a real-time mirror of the primary site.

Threats and Vulnerabilities *A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be a valid system in your network. Which protocol does a smurf attack use to conduct the attack?*

d. *ICMP* A smurf attack attempts to use a broadcast ping (ICMP) on a network. The return address of the ping may be a valid system in your network. This system will be flooded with responses in a large network.

*Loop protection uses the _______________ standard spanning-tree algorithm (STA).* a. IEEE 801.2d b. IEEE 802.3 c. IEEE 802.11n d. IEEE 802.1d

d. *IEEE 802.1d* Broadcast storms can be prevented with loop protection, which uses the IEEE 802.1d standard spanning-tree algorithm (STA).

*Limiting access to rooms in a building is a model of the information technology security principle of _______________.* a. job rotation b. mandatory vacations c. separation of duties d. least privilege

d. *least privilege* Limiting access to rooms in a building is a model of the information technology security principle of least privilege.

Security-Related Policies and Procedures *An organization is partnering with another organization which requires shared systems. Which of the following documents would outline how the shared systems interface?* a. SLA b. BPA c. MOU d. ISA

d. *ISA* An interconnection security agreement (ISA) is an agreement between organizations that have connected IT systems. Answer A is incorrect because a service level agreement (SLA) is a contract between a service provider and a customer that specifies the nature of the service to be provided and the level of service that the provider will offer to the customer. Answer B is incorrect because a business partners agreement (BPA) is a contract that establishes partner profit percentages, partner responsibilities, and exit strategies for partners. Answer C is incorrect because a memorandum of understanding (MOU) is a document that outlines the terms and details of an agreement between parties, including each party's requirements and responsibilities.

*Which of the following methods of cloud computing enables the client to literally outsource everything that would normally be in a typical IT department?* a. SaaS b. DaaS c. PaaS d. IaaS

d. *IaaS* Infrastructure-as-a-service (IaaS) is the delivery of computer infrastructure in a hosted service model over the Internet. This method of cloud computing enables the client to literally outsource everything that would normally be in a typical IT department. Answer A is incorrect because software-as-a-service (SaaS) is the delivery of a licensed application to customers over the Internet for use as a service on demand. Answer B is incorrect because desktop-as-a-service (DaaS), also called virtual desktop or hosted desktop services, is the outsourcing of a virtual desktop infrastructure (VDI) to a third-party service provider. Answer C is incorrect. Platform-as-a-service (PaaS) is the delivery of a computing platform, often an operating system with associated services, that is delivered over the Internet without downloads or installation.

*Which cloud computing service model provides the customer the highest level of control?* a. Application as a Service (AaaS) b. Software as a Service (SaaS) c. Platform as a Service (PaaS) d. Infrastructure as a Service (IaaS)

d. *Infrastructure as a Service (IaaS)* In the Infrastructure as a Service (IaaS) model, the customer has the highest level of control. The cloud computing vendor allows customers to deploy and run their own software, including operating systems and applications. Consumers have some control over the operating systems, storage, and their installed applications, but do not manage or control the underlying cloud infrastructure.

Cryptography Basics *A brainstorming session has been called. The moderator tells you to pull out a sheet of paper and write down your security concerns based on the technologies that your company uses. If your company uses public keys, what should you write as the primary security concern?*

d. *Integrity* Public keys are created to be distributed to a wide audience. The biggest security concern regarding their use is ensuring that the public keys maintain their integrity. This can be accomplished by using a thumbprint or a second encryption scheme in the certificate or key.

Cryptography Implementation *One disadvantage of decentralized key generation is:* a. It depends on key escrow. b. It is more vulnerable to single point attacks. c. There are more risks of attacks. d. It creates a storage and management issue.

d. *It creates a storage and management issue.* A disadvantage of decentralized key generation is the storage and management issue it creates.

Security and Vulnerability in the Network *Rule-based management defines conditions for access to objects and is also known as:* a. Distributed management b. Management by objective c. Role-based management d. Label-based management

d. *Label-based management* Rule-based management, also known as label-based management, defines conditions for access to objects.

Educating and Protecting the User *Which classification of information designates that information can be released on a restricted basis to outside organizations?*

d. *Limited distribution* Limited distribution information can be released to select individuals and organizations, such as financial institutions, governmental agencies, and creditors.

*Which of the following is more formal than a handshake agreement but not a legal binding contract?* a. SLA b. BIA c. DLP d. MOU

d. *MOU* A memorandum of understanding (MOU) is an expression of agreement or aligned intent, will, or purpose between two entities. An MOU is not typically a legal agreement or commitment, but rather a more formal form of a reciprocal agreement or gentleman's handshake (neither of which is typically written down). An SLA is a formal control. BIA is business impact assessment. DLP is data loss prevention.

*Which of the following is the length of time a device or product is expected to last in operation?* a. RTO b. MTBF c. RPO d. MTTF

d. *MTTF* Mean time to failure (MTTF) is the length of time a device or product is expected to last in operation. Answer A is incorrect because recovery time objective (RTO) is the amount of time within which a process must be restored after a disaster to meet business continuity. It defines how much time it takes to recover after notification of process disruption. Answer B is incorrect because mean time between failures (MTBF) is the average amount of time that passes between hardware component failures excluding time spent waiting for or being repaired. Answer C is incorrect because recovery point objective (RPO) is the amount of time that can elapse during a disruption before the quantity of data lost during that period exceeds the BCP's maximum allowable threshold. It determines up to what point in time data recovery could happen before business is disrupted.

Access Control and Identity Management *If Sally wants to send a secure message to Mark using public key encryption but is not worried about sender verification, what does she need in addition to her original message text?* a. Sally's private key b. Sally's public key c. Mark's private key d. Mark's public key

d. *Mark's public key* Sally needs Mark's public key to encrypt her original message in a form that only Mark can decrypt. Neither of Sally's keys is needed because the originator does not need to be validated, making answers A and B incorrect. Answer C is incorrect because Mark's private key is used for decrypting the encrypted message to reveal Sally's original message.

*What is the average amount of time expected until the first failure of a piece of equipment?* a. Mean Time to Recovery b. Failure In Time c. Mean Time Between Failures d. Mean Time To Failure

d. *Mean Time To Failure* Mean Time To Failure (MTTF) is the average amount of time expected until the first failure of a piece of equipment.

Security-Related Policies and Procedures *Which Windows Firewall events are logged by default in Windows 7?* a. Dropped packets b. Successful connections c. Both dropped packets and successful connections d. Neither dropped packets nor successful connections

d. *Neither dropped packets nor successful connections* By default, Windows Firewall in Windows 7 logs neither dropped packets nor successful connections. Logging occurs only when one or both of these are turned on.

Cryptography Basics *Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments her company is working on. Telephone logs, however, show that such a call was placed from her phone, and time clock records show she was the only person working at the time. What do these records provide?*

d. *Non-repudiation* Non-repudiation offers undisputable proof that a party was involved in an action.

Cryptography Basics *The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified?*

d. *OCSP* Online Certificate Status Protocol (OCSP) can be used to immediately verify a certificate's authenticity.

*Which type of risk control may include using video surveillance systems and barricades to limit access to secure sites?* a. Technical b. System c. Management d. Operational

d. *Operational* Operational risk control types may include using video surveillance systems and barricades to limit access to secure sites.

*An organization is looking for a basic mobile solution which will be used to prevent unauthorized access to users' phones. Which of the following fulfills this requirement?* a. GPS tracking b. Voice encryption c. Remote wipe d. Passcode policy

d. *Passcode policy* A screen lock or passcode is used to prevent access to the phone. Answer A is incorrect because if a mobile device is lost, GPS tracking can be used to find the location. Answer B is incorrect because mobile voice encryption can allow executives and employees alike to discuss sensitive information without having to travel to secure company locations. Answer C is incorrect because remote wipe allows the handheld's data to be remotely deleted in the event the device is lost or stolen.

Security and Vulnerability in the Network *Which of the following involves trying to get access to your system from an attacker's perspective?* a. Loop recon b. Flood gating c. Vulnerability scanning d. Penetration testing

d. *Penetration testing* Penetration testing involves trying to get access to your system from an attacker's perspective.

*Which statement represents a best practice for securing router configurations?* a. Allow remote configuration for dynamic installation in case of an emergency. b. Store the router configuration on a public network for easy access in case of an emergency. c. Store the router configuration on a USB drive for compact storage. d. Perform changes in the router configuration from the console.

d. *Perform changes in the router configuration from the console.* The configuration of the router should be performed from the console and not a remote location. This configuration can then be stored on a secure network drive as a backup and not on a laptop or USB flash drive.

*What type of virus is able to regenerate itself if a single element of its infection is not removed from a compromised system?* a. Polymorphic b. Armored c. Retro d. Phage

d. *Phage* A phage virus is able to regenerate itself from any of its remaining parts.

Educating and Protecting the User *What is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request?*

d. *Phishing* Phishing is the form of social engineering in which you simply ask someone for a piece of information that you want by making it look as if it is a legitimate request.

*A video surveillance system is a form of which type of access control?* a. Quantitative b. Management c. Technical d. Physical

d. *Physical* Physical controls include facility design details such as layout, door, locks, guards, and electronic surveillance systems. Quantitative risk analysis involved the use of numerical metrics and is used to identify and sort risks rather than to control risk, making answer A incorrect. Answer B is incorrect because management controls include policies and procedures. Answer C is incorrect because technical controls include access control systems, encryption, and data classification solutions.

*Which cloud computing service model allows the consumer to install and run their own specialized applications on the cloud computing network without requiring the consumer to manage or configure any of the underlying cloud infrastructure?* a. Application as a Service (AaaS) b. Infrastructure as a Service (IaaS) c. Software as a Service (SaaS) d. Platform as a Service (PaaS)

d. *Platform as a Service (PaaS)* Unlike Software as a Service (SaaS), in which the application software belonging to the cloud computing vendor is used, in Platform as a Service (PaaS), consumers can install and run their own specialized applications on the cloud computing network.

Physical and Hardware-Based Security *A new switch has been implemented in areas where there is very little physical access control. Which of the following would the organization implement as a method for additional checks to prevent unauthorized access?* a. Loop protection b. Flood guard c. Implicit deny d. Port security

d. *Port security* Port security is a Layer 2 traffic control feature on Cisco Catalyst switches. It enables individual switch ports to be configured to allow only a specified number of source MAC addresses coming in through the port. Answer A is incorrect because the loop guard feature makes additional checks in Layer 2 switched networks. Answer B is incorrect because a flood guard is a firewall feature used to control network activity associated with denial-of-service (DoS) attacks. Answer C is incorrect because implicit deny is an access control practice wherein resource availability is restricted to only those logons explicitly granted access.

Measuring and Weighing Risk *Which of the following is information that is unlikely to result in a high-level financial loss or serious damage to the organization but still should be protected?* a. Public data b. Confidential data c. Sensitive data d. Private data

d. *Private data* Private data is information that is unlikely to result in a high-level financial loss or serious damage to the organization but still should be protected. Answer A is incorrect because the unauthorized disclosure, alteration, or destruction of public data would result in little or no risk to the organization. Answer B is incorrect because confidential data is internal information that defines the way in which the organization operates. Security should be high. Answer C is incorrect because sensitive data is considered confidential data.

Educating and Protecting the User *You are implementing network access for several internal business units that work with sensitive information on a small organizational network. Which of the following would best mitigate risk associated with users improperly accessing other segments of the network without adding additional switches?* a. Log analysis b. Access control lists c. Network segmentation d. Proper VLAN management

d. *Proper VLAN management* VLANs provide a way to limit broadcast traffic in a switched network. This creates a boundary and, in essence, creates multiple, isolated LANs on one switch. Answer A is incorrect because logging is the process of collecting data to be used for monitoring and auditing purposes. Answer B is incorrect because access control generally refers to the process of making resources available to accounts that should have access while limiting that access to only what is required. Answer C is incorrect because network segmentation is used for interconnected networks where a compromised system on one network can easily threaten machines on other network segments.

*Which one of the following best identifies the system of digital certificates and certification authorities used in public key technology?* a. Certificate practice system (CPS) b. Public key exchange (PKE) c. Certificate practice statement (CPS) d. Public key infrastructure (PKI)

d. *Public key infrastructure (PKI)* PKI represents the system of digital certificates and certificate authorities. Answers A, B, and C are incorrect. A CPS is a document created and published by a CA that provides for the general practices followed by the CA. Answers A and B are fictitious terms.

Access Control and Identity Management *What is the name given to the system of digital certificates and certificate authorities used for public key cryptography over networks?* a. Protocol key instructions (PKI) b. Public key extranet (PKE) c. Protocol key infrastructure (PKI) d. Public key infrastructure (PKI)

d. *Public key infrastructure (PKI)* Public key infrastructure describes the trust hierarchy system for implementing a secure public key cryptography system over TCP/IP networks. Answers A, B, and C are incorrect because these are bogus terms.

Disaster Recovery and Incident Response *You're the head of information technology for MTS and have a brother in a similar position for ABC. The companies are approximately the same size and are located several hundred miles apart. As a benefit to both companies, you want to implement an agreement that would allow either company to use resources at the other site should a disaster make a building unusable. What type of agreement between two organizations provides mutual use of their sites in the event of an emergency?* a. Backup-site agreement b. Warm-site agreement c. Hot-site agreement d. Reciprocal agreement

d. *Reciprocal agreement* A reciprocal agreement is between two organizations and allows one to use the other's site in an emergency.

*A goal of NAC is which of the following?* a. Reduce social engineering threats b. Map internal private addresses to external public addresses c. Distribute IP address configurations d. Reduce zero-day attacks

d. *Reduce zero-day attacks* The goals of Network Access Control (NAC) include preventing/reducing zero-day attacks, enforcing security policy throughout the network, and using identities to perform access control.

* _______________ refers to any combination of hardware and software that enables remote users to access a local internal network.* a. Virtual LAN (VLAN) management b. Cloud computing c. Unified threat management (UTM) d. Remote access

d. *Remote access* Remote access refers to any combination of hardware and software that enables remote users to access a local internal network.

Network Security *What type of firewall systems are static in nature and cannot do anything other than what they have been expressly configured to do?* a. Application-based b. Authentication-based c. Role-based d. Rule-based

d. *Rule-based* Rule-based systems are static in nature and cannot do anything other than what they have been expressly configured to do.

Operating System and Application Security *Which of the following is a network protocol that supports file transfers and is a combination of RCP and SSH?* a. HTTPS b. FTPS c. SFTP d. SCP

d. *SCP* The Secure Copy Protocol (SCP) is a network protocol that supports file transfers. SCP is a combination of RCP and SSH. It uses the BSD RCP protocol tunneled through the Secure Shell (SSH) protocol to provide encryption and authentication. Answer A is incorrect because HTTPS is used for secured web-based communications. Answer B is incorrect. FTPS, also known as FTP Secure and FTP-SSL, is an FTP extension that adds support for TLS and SSL. Answer C is incorrect because SFTP, or secure FTP, is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in the clear over the network.

Operating System and Application Security *What is it known as when an attacker manipulates the database code to take advantage of a weakness in it?*

d. *SQL injection* SQL injection occurs when an attacker manipulates the database code to take advantage of a weakness in it.

*Which protocol is used for file transfers?* a. Internet Small Computer System Interface (iSCSI) b. Network Basic Input/Output System (NetBIOS) c. Secure Network Management Protocol (SNMP) d. Secure Copy Protocol (SCP)

d. *Secure Copy Protocol (SCP)* Secure Copy Protocol (SCP) is used for file transfers. SCP is an enhanced version of Remote Copy Protocol (RCP). SCP encrypts files and commands.

Protecting Networks *Which of the following implies ignoring an attack and is a common response?*

d. *Shunning* Shunning, or ignoring an attack, is a common response.

Network Security *Which statement concerning signature-based monitoring is correct?* a. Signature-based monitoring is designed for detecting statistical anomalies. b. Signature-based monitoring uses an algorithm to determine if a threat exists. c. Signature-based monitoring operates by being adaptive and proactive. d. Signature-based monitoring looks for well-known patterns.

d. *Signature-based monitoring looks for well-known patterns.* A method for auditing usage is to examine network traffic, activity, transactions, or behavior and look for well-known patterns, much like antivirus scanning. This is known as signature-based monitoring because it compares activities against a predefined signature.

Wireless Networking Security *Which of the following is a primary vulnerability of a wireless environment?* a. Decryption software b. IP spoofing c. A gap in the WAP d. Site survey

d. *Site survey* A site survey is the process of monitoring a wireless network using a computer, wireless controller, and analysis software. Site surveys are easily accomplished and hard to detect.

*Which category of authentication includes your ATM card?* a. Something you are b. Something you do c. Somewhere you are d. Something you have

d. *Something you have* "Something you have" includes ATM cards, smart cards, and keys. "Somewhere you are" is a location, making answer C incorrect. Answers A and B are incorrect because both "something you are" and "something you do" are biometric measures present even without your ATM card.

Measuring and Weighing Risk *An executive from ABC Corp receives an email from a vice president of XYZ Corp, which is a prestigious partner organization of ABC Corp. This email was formatted using XYZ's corporate logo, images, and text from their website (checked by the executive before opening the included form). After clicking the provided link, the executive was asked to verify his credentials for access to a confidential report about ABC Corp, but after he filled out the form, the executive received only a referral to XYZ's site. What type of attack was used in this scenario?* a. Phishing b. Smishing c. Vishing d. Spear phishing

d. *Spear phishing* This is an example of a spear phishing attack, which uses fraudulent email to obtain access to data of value (here, the executive's credentials) from a targeted organization. Answer A is incorrect because while phishing attacks involve email, spear phishing attacks are targeted and customized to a selected target. The question's description of the images, links, and report all indicate a very targeted attack. Answer B is incorrect because smishing attacks are conducted using SMS messages. Answer C is similarly incorrect because vishing attacks employ telephone or VoIP audio communications.

*While performing regular security audits, you suspect that your company is under attack and someone is attempting to use resources on your network. The IP addresses in the log files belong to a trusted partner company, however. Assuming an attack, which of the following might be occurring?* a. Replay b. Authorization c. Social engineering d. Spoofing

d. *Spoofing* The most likely answer is spoofing because this enables an attacker to misrepresent the source of the requests. Answer A is incorrect because this type of attack records and replays previously sent valid messages. Answer B is incorrect because this is not a type of attack but is instead the granting of access rights based on authentication. Answer C is incorrect because social engineering involves nontechnical means of gaining information.

*Which of the following does not describe techniques for assessing threats and vulnerabilities?* a. Understanding attack surface b. Baseline reporting c. Reviews of architecture, design, and code d. System hardening

d. *System hardening* System hardening refers to reducing a system's security exposure and strengthening its defenses against unauthorized access attempts and other forms of malicious attention. Answers A, B, and C, in contrast, are specific techniques to assess for threats and vulnerabilities.

Threats and Vulnerabilities *A user reports that he is receiving an error indicating that his TCP/IP address is already in use when he turns on his computer. A static IP address has been assigned to this user's computer, and you're certain this address was not inadvertently assigned to another computer. Which type of attack is most likely underway?*

d. *TCP/IP hijacking* One of the symptoms of a TCP/IP hijacking attack may be the unavailability of a TCP/IP address when the system is started.

Threats and Vulnerabilities *A junior administrator comes to you in a panic. After looking at the log files, he has become convinced that an attacker is attempting to use an IP address to replace another system in the network to gain access. Which type of attack is this?*

d. *TCP/IP hijacking* TCP/IP hijacking is an attempt to steal a valid IP address and use it to gain authorization or information from a network.

Physical and Hardware-Based Security *You work for an electronics company that has just created a device that emits less RF than any competitor's product. Given the enormous importance of this invention and of the marketing benefits it could offer, you want to have the product certified. Which certification is used to indicate minimal electronic emissions?* a. EMI b. RFI c. CC EAL 4 d. TEMPEST

d. *TEMPEST* TEMPEST is the certification given to electronic devices that emit minimal RF. The TEMPEST certification is difficult to acquire, and it significantly increases the cost of systems.

*When a vendor releases a patch, which of the following is the most important?* a. Installing the patch immediately b. Setting up automatic patch installation c. Allowing users to apply patches d. Testing the patch before implementation

d. *Testing the patch before implementation* It is most important to test patches before installing them onto production systems. Otherwise, business tasks can be interrupted if the patch does not perform as expected. Never rush to install a patch, if that means skipping testing. Do not automatically roll out patches; be sure to test them first. Do not give users the power to install patches; this should be managed by administrators.

*What is the advantage of using an access point's (AP's) power level control?* a. The power can be adjusted to "jam" frequencies of sniffers used by potential hackers. b. The power can be adjusted to provide a cleaner signal with less interference. c. The power can be adjusted so that more of the signal leaves the premises and reaches outsiders. d. The power can be adjusted so that less of the signal leaves the premises and reaches outsiders.

d. *The power can be adjusted so that less of the signal leaves the premises and reaches outsiders.* A security feature on some APs is the ability to adjust the level of power at which the WLAN transmits. On devices with that feature, the power can be adjusted so that less of the signal leaves the premises and reaches outsiders.

Cryptography Basics *Which of the following best describes the process of encrypting and decrypting data using an asymmetric encryption algorithm?* a. Only the public key is used to encrypt, and only the private key is used to decrypt. b. The public key is used to either encrypt or decrypt. c. Only the private key is used to encrypt, and only the public key is used to decrypt. d. The private key is used to decrypt data encrypted with the public key.

d. *The private key is used to decrypt data encrypted with the public key.* When encrypting and decrypting data using an asymmetric encryption algorithm, you use only the private key to decrypt data encrypted with the public key. Answers A and B are both incorrect because in public key encryption, if one key is used to encrypt, you can use the other to decrypt the data. Answer C is incorrect because the public key is not used to decrypt the same data it encrypted.

*Users received a spam email from an unknown source and chose the option in the email to unsubscribe and are now getting more spam as a result. Which one of the following is most likely the reason?* a. The unsubscribe option does not actually do anything. b. The unsubscribe request was never received. c. Spam filters were automatically turned off when making the selection to unsubscribe. d. They confirmed that their addresses are "live."

d. *They confirmed that their addresses are "live."* Often an option to opt out of further email does not unsubscribe users; instead it means, "send me more spam" because it has been confirmed that the email address is not dormant. This is less likely to occur with email a user receives that he or she opted into in the first place, however. Answers A, B, and C are incorrect because these are less likely and not the best choices.

Access Control and Identity Management *Which is the best rule-based access control constraint to protect against unauthorized access when admins are off-duty?* a. Least privilege b. Separation of duties c. Account expiration d. Time of day

d. *Time of day* Time-of-day rules prevent administrative access requests during off-hours when local admins and security professionals are not on duty. Answer A is incorrect because least privilege is a principle of assigning only those rights necessary to perform assigned tasks. Answer B is incorrect because separation of duties aids in identification of fraudulent or incorrect processes by ensuring that action and validation practices are performed separately. Answer C is incorrect because account expiration policies ensure that individual accounts do not remain active past their designated lifespan but do nothing to ensure protections are enabled during admin downtime.

Network Security *What is the role of a switch?* a. To inspect packets and either accept or deny entry b. To forward packets across different network computer networks c. To intercept user requests from the internal secure network and then process that request on behalf of the user d. To connect networks together so that they function as a single network segment

d. *To connect networks together so that they function as a single network segment* Early local area networks (LANs) used a hub, which is a standard network device for connecting multiple network devices together so that they function as a single network segment. A network switch is a device that connects network devices together. However, unlike a hub, a switch has a degree of "intelligence."

Network Security *What is the primary role of a firewall?* a. To forward packets across different network computer networks b. To intercept user requests from the internal secure network and then process that request on behalf of the user c. To connect networks together so that they function as a single network segment d. To inspect packets and either accept or deny entry

d. *To inspect packets and either accept or deny entry* Although a host-based application software firewall that runs as a program on one client is different from a hardware-based network firewall designed to protect an entire network, their functions are essentially the same: to inspect packets and either accept or deny entry.

*Several organizational users are experiencing network and Internet connectivity issues. Which of the following would be most helpful in troubleshooting where the connectivity problems might exist?* a. SSL b. IPsec c. SNMP d. Traceroute

d. *Traceroute* Traceroute uses an ICMP echo request packet to find the path between two addresses. Answer A is incorrect because SSL is a public key-based security protocol that is used by Internet services and clients for authentication, message integrity, and confidentiality. Answer B is incorrect because the Internet Protocol Security (IPsec) authentication and encapsulation standard is widely used to establish secure VPN communications. Answer C is incorrect because SNMP is an application layer protocol whose purpose is to collect statistics from TCP/IP devices. SNMP is used for monitoring the health of network equipment, computer equipment, and devices such as uninterruptible power supplies (UPSs).

Disaster Recovery and Incident Response *Which risk management response is being implemented when a company purchases insurance to protect against service outage?* a. Acceptance b. Avoidance c. Mitigation d. Transference

d. *Transference* The liability of risk is transferred through insurance policies. Answer A is incorrect because accepting a risk is to do nothing in response. Risk avoidance involves simply terminating the operation that produces the risk, making answer B incorrect. Answer C is not correct because mitigation applies a solution that results in a reduced level of risk or exposure.

Access Control and Identity Management *You have added a new child domain to your network. As a result of this, the child has adopted all the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this?*

d. *Transitive access* Transitive access exists between the domains and creates this relationship.

*_______________ is a cryptographic transport algorithm.* a. Secure Shell (SSH) b. Data Encryption Standard (DES) c. Advanced Encryption Standard (AES) d. Transport Layer Security (TLS)

d. *Transport Layer Security (TLS)* Transport Layer Security (TLS) is a cryptographic transport algorithm.

*What two encryption modes are supported by Internet Protocol Security (IPsec)?* a. Electronic code book (ECB) and cipher block chaining (CBC) b. Kerberos and Secure Shell (SSH) c. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) d. Transport and tunnel

d. *Transport and tunnel* IPsec supports two encryption modes: transport and tunnel.

Cryptography Implementation *Which of the following uses a secure crypto-processor to authenticate hardware devices such as a PC or laptop?* a. Public key infrastructure b. Full disk encryption c. File-level encryption d. Trusted Platform Module

d. *Trusted Platform Module* Trusted Platform Module (TPM) refers to a secure crypto-processor used to authenticate hardware devices such as a PC or laptop. The idea behind TPM is to allow any encryption-enabled application to take advantage of the chip. Answer A is incorrect because public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Answer B is incorrect because full-disk encryption involves encrypting the operating system partition on a computer and then booting and running with the system drive encrypted at all times. Answer C is incorrect because in file- or folder-level encryption, individual files or folders are encrypted by the file system itself.

Security-Related Policies and Procedures *Which of the following occurs under the security policy administered by a trusted security domain?* a. Positive inspection b. Confident poll c. Voucher session d. Trusted transaction

d. *Trusted transaction* A trusted transaction occurs under the security policy administered by a trusted security domain. Your organization may decide that it can serve as its own trusted security domain and that it can use third-party CAs, thus allowing for additional flexibility.

Educating and Protecting the User *When you combine phishing with Voice over IP, it is known as:*

d. *Vishing* Vishing involves combining phishing with Voice over IP.

Wireless Networking Security *Which of the following is a script language WAP-enabled devices can respond to?* a. WXML b. Winsock c. WIScript d. WMLScript

d. *WMLScript* WAP-enabled devices can respond to scripts using an environment called WMLScript.

Infrastructure and Connectivity *You want to implement a technology solution for a small organization that can function as a single point of policy control and management for access to Internet content. Which of the following should you choose?* a. Proxy gateway b. Circuit-level gateway c. Application-level gateway d. Web security gateway

d. *Web security gateway* Web security gateways offer a single point of policy control and management for web-based content access. Answer A is too generic to be a proper answer. Answer B is incorrect because a circuit-level gateway's decisions are based on source and destination addresses. Answer C is incorrect because an application-level gateway understands services and protocols.

*Which of the following best describes the difference between phishing and whaling?* a. They are the same. b. Whaling makes use of the voice channel, whereas phishing uses email. c. Whaling uses SMS, whereas phishing uses email. d. Whaling is similar to phishing but specifically targets high-profile individuals.

d. *Whaling is similar to phishing but specifically targets high-profile individuals.* Whaling specifically targets high-profile individuals. Phishing attempts to acquire sensitive information from anyone. Although they are very similar, they differ in the scope of the target, making answer A incorrect. Answer B is incorrect and refers to vishing, which is essentially phishing but using the phone. Answer C is incorrect as this describes smishing, which uses Short Message Service (SMS), or text messaging.

*When is business continuity needed?* a. When new software is distributed b. When business processes are interrupted c. When a user steals company data d. When business processes are threatened

d. *When business processes are threatened* Business continuity is used when business processes are threatened. Security policy is used when new software is distributed. Disaster recovery is used when business processes are interrupted. Incident response is used when a user steals company data.

Operating System and Application Security *An organization is looking to add a layer of security and maintain strict control over the apps employees are approved to use. Which of the following fulfills this requirement?* a. Blacklisting b. Encryption c. Lockout d. Whitelisting

d. *Whitelisting* Application whitelisting only permits known good apps. When security is a concern, whitelisting applications is a better option because it allows organizations to maintain strict control over the apps employees are approved to use. Answer A is incorrect because although blacklisting is an option, it is not as effective as whitelisting. Answer B is incorrect because encryption has nothing to do with restricting application usage. Answer C is incorrect because lockout has to do with number of times a user can enter a passcode.

Operating System and Application Security *Which of the following involves unauthorized commands coming from a trusted user to the website?*

d. *XSRF* XSRF involves unauthorized commands coming from a trusted user to the website. This is often done without the user's knowledge and employs some type of social networking to pull it off.

Cryptography Basics *Which authorization protocol is generally compatible with TACACS?* a. LDAP b. RADIUS c. TACACS+ d. XTACACS

d. *XTACACS* The Extended Terminal Access Controller Access Control System (XTACACS) protocol is a proprietary form of the TACACS protocol developed by Cisco and is compatible in many cases. Neither LDAP nor RADIUS is affiliated with the TACACS protocol, making answers A and B incorrect. Answer C is incorrect because the newer TACACS+ is not backward compatible with its legacy equivalent.

*A security _______________ log can provide details regarding requests for specific files on a system.* a. event b. administration c. audit d. access

d. *access* A security access log can provide details regarding requests for specific files on a system while an audit log is used to record which user performed an action and what that action was. System event logs document any unsuccessful events and the most significant successful events.

*Risk _______________ involves identifying the risk, but making a decision to not engage in the activity.* a. deterrence b. mitigation c. acceptance d. avoidance

d. *avoidance* Risk avoidance involves identifying the risk but making the decision to not engage in the activity.

*With _______________, the customer's data should be properly isolated from that of other customers, and the highest level of application availability and security must be maintained.* a. virtualization b. IP telephony c. Sandboxing d. cloud computing

d. *cloud computing* In cloud computing, the customer's data must be properly isolated from that of other customers, and the highest level of application availability and security must be maintained.

*Another name for layered security is _______________.* a. network separation b. VPN tunneling c. Unified threat management (UTM) d. defense in depth

d. *defense in depth* A basic level of security can be achieved through using the security features found in standard network hardware. And because networks typically contain multiple types of network hardware, this allows for layered security, also called defense in depth.

*A _______________ functions as a separate network that rests outside the secure network perimeter.* a. gateway b. segment c. virtual private network (VPN) d. demilitarized zone (DMZ)

d. *demilitarized zone (DMZ)* In order to allow untrusted outside users access to resources such as web servers, most networks employ a demilitarized zone (DMZ). The DMZ functions as a separate network that rests outside the secure network perimeter: untrusted outside users can access the DMZ but cannot enter the secure network.

*With subnetting, rather than simply having networks and hosts, networks can effectively be divided into three parts: _______________.* a. network, subnet, and port b. port, subnet, and IP address c. network, port, and host d. network, subnet, and host

d. *network, subnet, and host* Improved addressing techniques introduced in 1985 allowed an IP address to be split anywhere within its 32 bits. This is known as subnetting or subnet addressing. Instead of just having networks and hosts, with subnetting, networks essentially can be divided into three parts: network, subnet, and host.

*In a(n) _______________ attack, a malformed ICMP ping that exceeds the size of an IP packet is sent to the victim's computer potentially causing the host to crash.* a. network discovery b. smurf c. ICMP redirect d. ping of death

d. *ping of death* In a ping of death attack, a malformed ICMP ping that exceeds the size of an IP packet is sent to the victim's computer. This can cause the host to crash.

*The _______________ approach to calculating risk attempts to create "hard" numbers associated with the risk of an element in a system by using historical data.* a. cumulative b. qualitative c. technical d. quantitative

d. *quantitative* The quantitative approach to calculating risk attempts to create "hard" numbers associated with the risk of an element in a system by using historical data.

*The _______________ is the length of time it will take to recover the data that has been backed up.* a. mean time to recovery b. recovery point objective c. mean time to failure d. recovery time objective

d. *recovery time objective* The recovery time objective is the length of time it will take to recover the data that has been backed up.

*A(n) _______________ VPN, often used on mobile devices like laptops in which the VPN endpoint is actually software running on the device itself, offers the most flexibility in how network traffic is managed.* a. closed b. open c. hardware-based d. software-based

d. *software-based* Software-based VPNs, often used on mobile devices like laptops in which the VPN endpoint is actually software running on the device itself, offer the most flexibility in how network traffic is managed.

Network Security *A _______________ is a special type of firewall that looks at the applications using HTTP.* a. network intrusion detection system (NIDS) b. network intrusion prevention system (NIPS) c. spam filter d. web application firewall

d. *web application firewall* A Web application firewall is a special type of firewall that looks at the applications using HTTP.

Network Security *A(n) _______________ can block malicious content in real time as it appears.* a. uniform resource locator (URL) filter b. virtual private network (VPN) c. Internet content filter d. web security gateway

d. *web security gateway* A web security gateway can block malicious content in real time as it appears (without first knowing the URL of a dangerous site).

*A(n) _______________ policy is one that defines the actions users may perform while accessing systems and networking equipment.* a. data acquisition b. privacy c. data storage d. acceptable use

d.* acceptable use* An Acceptable Use Policy (AUP) is a policy that defines the actions users may perform while accessing systems and networking equipment.

CCNA Flashcards, Security+ SY0-501(IT Networking)

Kaugnay na mga set ng pag-aaral

RESEARCH "online sources"

CH. 9 Cognitive Ability Tests

test 2

doing it

CH1

chemistry ch 11

Psychology ch.1 practice quiz

Organization Behavior Exam 2

Chap 6-Therapeutic Communication

WGU C232: Introduction to Human Resources Assessment

Study questions P & C

Wellness and Nutrition Module

s66 pe2

Chapter 8 photosynthesis

Catholic Reformation and The Council of Trent

Upgrade Computer Hardware- Part 1

Nutrition Final

Chapters 5, 6, 7

fin 300 exam 2

Module 4 Quizzes