"Final"
In an IDPS, specific indications of a possible attack are called
Signatures
When one host wants to initiate a TCP session with another host, it sends a packet with the ___ flag set
SYN
Which of the following is an advantage of using a hardware firewall rather than a software firewall?
Scalability Increased output
Which of the following is the process of listening on each available channel for an AP's Beacon
Scanning
When using symmetric and asymmetric algorithms to encrypt the same amount of data, which of the following statements is correct?
The symmetric algorithm encrypts data faster than the asymmetric algorithm
Servers with outside access to the public should be located on __________.
Their own subnet a DMZ
Which is the most secure wireless implementation?
WPA2-AES Personal
To avoid attacks that use advanced evasion techniques, such as path obfuscation CGI scripts, and packet injection, you must do which of the following
Watch your log files closely Keep your IDPS signature files updated
Which of the following attack methods target Web users? (Choose all that apply.) a. social engineering b. phishing c. SQL injection d. pharming
b phishing d pharming
Which of the following IP addresses is most likely to be the source IP address of an encapsulated VPN packet? a. 150.80.26.59 b. 172.30.78.45 c. 11.17.5.210 d. 210.240.255.48
b. 172.30.78.45
Which of the following is caused by a flaw in how a running process allocates memory to a variable? a. unsecured cryptographic storage b. buffer overflow c. broken authentication d. SQL injection
b. Buffer overflow
Which of the following is an advantage of centralized data collection? a. reduced traffic through network gateways b. reduced administrative costs c. reduced software and hardware costs d. only one person needed to review data
b. reduce admin cost C. reduce software and hardware cost
Why would you choose distributed data collection rather than centralized data collection? a. to reduce traffic through gateways b. to reduce the load on security managers c. to reduce overall costs d. to reduce hardware and software costs
b. reduce the load on security managers
In a SQL injection attack, which character is an attacker most likely to use? a. asterisk b. single quotation mark c. exclamation mark d. double quotation mark
b. single quotation mark
The ultimate goal of a security policy is which of the following? a. reducing the risks to zero b. doing it right the first time so the policy does not have to be rewritten constantly c. convincing management that the IT budget should be increased d. none of the above
d. none of the above
The distance between midpoint of a wave is called
wavelength
In CIDR notation, the IP address and subnet mask 191.9.205.22 255.255.192.0 are written as __________________.
191.9.205.22/18
A Class C address has a first octet decimal range of ____________ to ____________.
192, 223
An ICMPv6 is indicated by a Next Header Value of _____
58
Which authentication method does WPA2 Enterprise Security Use?
802.1x
A group of authentication and encryption settings that two computers negotiate to set up a secure VPN connection is called which of the following? a. protocol b. Security Association c. handshake d. key exchange
B. Security Association
Which of the following features distinguishes IPv6 from IPv4?
IPv6 fragmentation occurs only at the source node
A firewall policy does which of the following?
Identifies and mitigates risks explains how the firewall is set up, managed and updated Specifies how the firewall should handle app0lication traffic
what function does an SSID serve on a wireless network?
Identifies the network name
The number of TCP segments that can be sent before an acknowledgement must be received is determined by the __
Sliding window size
Which of the following parameters con you find in a standard access control list?
Source IP address Source port number
Which of the following is the correct order in which TCP flags appear during the initiation of a normal connection?
Syn, Syn/Ack, Ack
Which of the following combines a hashed message authentication code with a shared secret key, processes each half of the input data with different hashing algorithms and recombines them with XOR function?
TLS
The Class A address of 127.0.0.1 is used for which of the following
Testing the local TCP/IP software implementation
A station can be authenticated without being associated.
True
A signature-detection IDPS can be circumvented in which of the following ways?
changes in attack methods
What is the name of an error-checking procedure that uses a formula to calculate a numeric value?
checksum
Which of the following is almost inevitable and should be expected after installing an IDPS?
false negatives huge log files signatures that become outdated fals positives
Which of the following is considered an advantage of spread spectrum over narrowband wireless transmissions
increased security decreased susceptibility to interference
What are some of the reasons for network attacks
industrial espionage. revenge financial gain
Wireless communication emits which types of EM radiation?
infrared radiation radio frequency waves
Protocols that guide a router's decisions on packet forwarding based on the current condition of the network are___
link-state protocols
what type of IDPS should you use if your main concern is preventing known attacks?
signature-based IDPS
How can an inline sensor be positioned to reduce the load on a perimeter security device, such as a firewall or router?
Place the sensor outside the security perimeter
A VPN server configured to receive PPTP traffic listens for incoming connections on port and needs to receive GRE traffic identified by protocol ID. a. UDP 1443, 17 b. TCP 1723, 47 c. UDP 3349, 443 d. UDP 1723, 47
B. TCP 1723,47
The stateless packet filters are more secure than the stateful filters because they do not contain a state table that can be exploited by an attacker. True or false
False
To isolate all external Web requests to a specific Web sever on the DMZ, it would be best to use many - to - one NAT? true or false
False
To keep log files organized, store them on the server you are monitoring. True or False?
False
Which of the following features are typical of dynamic routing protocols?
Faster convergence Increased network traffic
Why is fragmentation considered a security risk?
Fragment numbers 1 or higher are passed through filters
How do atackers use fragmentation to circumvent network defenses
Fragments are crafted to be too large or too small the initial packet is missing the fragments arrive too slowly
Which of the following is a reason that IPsec has become the standard protocol for tunneled communication?
IPsec supports IPv4 and IPv6 IPsec can encrypt the entire packet
What advantages does IPv6 have over IPv4?
IPv6 uses a 128-bit address space IPv6 incorporates IPsec
Which of the following describes a goal of a security event management program? a. consolidating events from multiple sources b. responding to events as quickly as possible c. conducting forensics to trace and prosecute offenders d. managing IDPS signatures
A. consolidating events from multiple sources
What is a requirement for a successful file attachment attack? a. The user must open the file attachment. b. The user must reply to the e-mail that contains the attachment. c. The user must delete the file attachment immediately. d. The attachment must be an image file.
A. the user must open the file attachment
WPA2 uses which of the following for encryption?
AES
To configure a router using a telephone connection, you would connect to the ____ port.
AUX
Firewall enforcement of policies is handled primarily through setting up packet-filtering rules, a set of which is contained in the
Access control list
Which port is used for name/address resolution?
Port 53
When you request a web page, which port does the web server use to send you the page.
Port 80
Packet filters can block or allow transmission of packets based on which of the following criteria?
Port number Time of access attempt IP address
The windows RPC service works like the UNIX _________ service
Portmapper
Which program keeps track of services and ports made available through remote procedure call?
Portmapper
How do routers handle packets that are too large to pass through because of frame size limitations?
Routers break packets into smaller piece fragment
Almost every type of firewall depends on what configurable feature for its effectiveness?
Rule Base
Which of the following default settings should you change before connecting to a device?
SSID Channel
Authentication Header verifies the integrity of TCP/IP packets by signing them with a digital signature.
True
Even though 802.11 wireless devices can hold up to four keys simultaneously, they have to use the same tone to communicate with each other.
True
Given the multiple and varied demands on network administrators, those in charge of small-to-medium sized networks should probably purchase a vendor-supplied turn-key perimeter firewall solution.
True
Which of the following is an example of a reconnaissance traffic signature
ping sweep
Misuse-based detection is based on which feature of network traffic?
signatures
An IP address combined with a TCP/IP port number is called which of the following?
socket
An IDPS management server preforms which of the following functions?
storing and analyzing sensor data
Frequency is defined as
the number of times an event occurs in a specified period
For which of the following reasons would you consider creating a protected subnet within an already protected internal network?
to protect customer information to protect management servers to protect the company's reputation to protect the web servers
Which IDPS activity could detect a DoS attack?
traffic monitoring
The maximum departure of a wave from its undisturbed state is call which of the following?
amplitude
Which of the following is not required for single-packet attacks?
an ICMP flood
Which intrusion detection method is almost impossible for intruders to test before attempting an attack?
anomaly detection
All Cisco access control lists require d. a deny all statement as the last access control entry
at least one permit statement
Putting a VPN on the firewall has which of the following disadvantage?
b only one server controls security so any configurations errors leave the network open to attack. c. Internet access and VPN traffic compete for resources on the server.
Attackers often use DNS cache poisoning to do which of the following?a.Query systems on a network one by one b. Steer unsuspecting users to a server of their choice c. Flood the network with packets and cause it to crash d. Install a virus on the network.
b steer unsuspecting users to a server of their choice instead of the Website where users intended to go
Survivable Network Analysis begins with what assumption? a. that you have laid the groundwork for a risk analysis b. that your network will be attacked c. that the probability of threats is increasing constantly d. that an effective security policy can reduce risks to zero
b. that you have laid the groundwork for a risk analysis
Which of the factors enables attackers to program ActiveX controls to run malicious code on a user's Web browser a.They run in a sandbox b. They do not require user action to be activated c.They run automatically when the browser loads the Web page d.They have almost full access to the Windows OS
b.ActiveX controls do not require user action to be activated. c. ActiveX controls run automatically when the browser loads the webpage that contains them d. ActiveX controls have almost full access to the Windows OS
Which of the following is an IDPS detection capability you can customize?
blacklists signatures thresholds
In tunnel mode, Encapsulating Security Payload encrypts which of the following?
both header and data
What is an escalation procedure? a. how network security can be improved in stages. b. how a virus can multiply and affect more assets. c. different levels of response based on incident severity. d. employees who should be involved in the response.
c. It describes different levels of response based on incident severity. d. It identifies employees who should be involved in the response
A password policy should be established in the and enforced by whenever possible. a. risk assessment process, management b. company Web site, network administrators c. security policy, software d. company employee handbook, security guards
c. Security policy software
Which of the following sections of a security policy affects the most people in an organization? a. incident handling policy b. privileged access policy c. acceptable use policy d. remote access policy
c. acceptable use policy
What are the hardware, software, and informational resources you need to protect? a. threats b. tangibles c. assets d. business holdings
c. assets
Which of the following technologies helps protect sensitive data even after it has been stolen from a secured medium? a. virus protection b. authentication c. encryption d. Spybot
c. encryption
IPsec provides for what security activity to take place before data is encrypted or transmitted? a. encapsulation b. authentication c. establishment of a Security Association (SA) d. application of security policy settings
c. establishment of a Security Association
The Internet backbone is connected to regional ISPs via which of the following? a. POP ISPs b. network service points c. network access points d. carrier network points
c. network access points
Which of the following, if worded correctly, can protect companies from wrongful termination lawsuits? a. nondisclosure clauses b. acceptable use policies c. penalty clauses d. punitive clauses
c. penalty clauses
Which of the following issues public and private key pairs?
certificate authority
Which of the following is used to check whether a certificate is still valid?
certificate revocation list
An anomaly-based IDPS can be circumvented in which of the following ways?
change in user habits
To enable SHH on a Cisco router, you should ____
create RSA keys
A password policy might specify which of the following attributes for password selection? a. length requirements b. complexity requirements c. frequency for changing passwords d. all of the above
d. all of the above
employees who connect remotely what are security concerns? a. mobile devices being stolen b.virus infections spreading to corporate systems c.the use of updated d. all of the above
d. all of the above
To determine the value of hardware and software you need to protect, which of the following approaches is easiest to use? a. getting the most recent prices online b. keeping records of purchase costs c. using your experience and expertise d. interviewing support personnel
d. interviewing support personnel
Which of the following provides employees with formal instructions about the organization's security strategy? a. acceptable use policy b. risk assessment c. strategy meeting d. security user awareness program
d. security user awareness program
When should an organization conduct a new round of risk analysis? a. every month b. every three months c. as frequently as possible d. when equipment or staff change significantly
d. when equipment or staff change significantly
Which of the following is used to provide a relative measurement of RF power?
decibels
What type of infrared transmission relies on reflected light?
diffused IR transmission
Hardening a bastion host involves which of the following measures?
disabling unnecessary services removing unnecessary accounts Installing current patches all of the above
A site survey helps accomplish which of the following
evaluation what type of antennas to use Identifying where APs should be placed
Which of the following addresses are valid IPv6 addresses?
fe80::a02a:64b0:27a9:c73b fe80:cd5c::f40f:9eea:7580
What is the purpose of the 4-byte acknowledgement number in a TCP header?
it acknowledges receipt of the previous packets in the sequence
Which of the following can be included in network traffic signature
logon attempts TCP Options
Which of the following IDPS results in the cause of greatest concern?
False negatives
All type of electromagnetic radiation are collective called
EM spectrum
Having an abundance of APs in a wireless network improves security
False
In a Cisco ASA 5505 firewall, security level 100 is the least secure level. True or False
False
Infrared wireless is extremely fast, can travel long distances, and is not susceptible to interference
False
Radio waves striking an antenna create infrared radiation?
False
Refraction occurs when RF signal is dispersed by small objects, such as raindrops or foliage
False
A rule base should end with a ______________ rule.
Cleanup
AH uses protocol ID . a. 50 b. 171 c. 500 d. 51
D. 51
An uninterruptible power supply is a component of _____________ security.
Physical
Which of the following OSI layers are most important in a wireless network?
Physical Network Data Link
In a mesh topology, all participants in the VPN have with one another. a. tunnels b. SAs c. static routes d. trusts
B. SAs
Which of the following issues should you consider in firewall design.
Fault Tolerance Log Size Authorization Load Balancing
Which of the following are routing protocols?
EIGRP RIP
A Firewall can do which of the following?
Filter traffic based on rules. Provide a layer of protection for the network
Which of the following is a common type of signal loss
diffraction scattering
The change management process might apply when which of the following occurs? a. New password logon procedures are needed. b. You need to block access to DMZ servers. c. A new VPN gateway is installed. d. You need to change a fragmentation rule in a packet filter.
A. New passwords logon procedures are needed C. A new VPN gateway is installed
IEEE 802.11ac is expected to support a bandwidth of
1000 Mbps
Compressing the IPv6 address 1080:0:0:0:8:800:200C:417A results in which of the following?
1080::8:800:200C:417A
Which of the following IP addresses would be filtered by an access control entry that contained an IP address and inverse mask specifications of 12.96.115.77 0.15.255.255?
12.104.146.190 12.11.115.77
What is the block size in the AES implementation of Rijndael?
128,192, or 256 bits
How can you gather information on a variety of security events and respond to it quickly? a. Assemble a large response team. b. Use distributed data collection. c. Automate data collection and analysis. d. Outsource security management.
A. Assemble a large response team
Because of an increase in the use of Web-based business applications, there has been an increase in -based VPNs. a. SSL b. IPsec c. L2TP d. PPTP
A. SSL
Which of the following is a type of security audit? a. automated b. independent c. centralized d. operational
B. Independent D. Operational
Where should you place the most important rules in a rule base?
At the top of the rule base
Security devices on a network process digital information, such as text files and Web pages, in the same way. However, which of the following pieces of information might they handle differently
Attack signatures
Which of the following employees has primary responsibilities that include maintaining and strengthening network defenses? a. security incident response team leader b. computer security manager c. chief information officer d. security auditor
B. Computer security manager
What can happen if you change a security configuration too abruptly and without proper authorization? a. Employees might ignore the change. b. The change might surprise other security managers. c. You might be flooded with protests from employees. d. You could face disciplinary action.
B. The change might surprise other security managers C. You might be flooded with protest from employees
Which protocols and ports must be allowed to pass when you are using L2TP and IPsec? (Choose all that apply.) a. protocol ID 50 b. UDP 500 c. TCP 50 d. protocol ID 1701
B. UDP 500 D. protocol ID 701
In a restrictive firewall policy, what is the starting point for developing a rule base
Block all traffic
How many root servers are in the DNS infrastructure? a. 10 b. 11 c. 13 d. 14
C. 13
What is a main disadvantage of mesh VPNs? a. They are not reliable. b. There is a lack of confidentiality among peers. c. They are difficult to enlarge or change. d. The equipment must be the same at all sites.
C. They are diffcult to enlarge or change
The VPN connection through which data passes from one endpoint to another is called a(n) . a. gateway b. extranet c. tunnel d. transport
C. Tunnel
When should you follow the procedure for carrying out change shown in Figure 14-4? a. when many employees will be affected by the change b. when the change is needed urgently c. whenever a change needs to be made to security configurations d. when the change will have a substantial impact
C. Whenever a change is needed to be made to security configurations
Which control frame give a station permission to transmit?
CTS - Clear to Send
Which of the following is an advantage of using a software firewall rather than a hardware firewall.
Cost
Why are cryptographically secure pseudorandom number generators so important to cryptography?
Cryptographic primitives used to generate sequence of numbers that approximate random values.
An attacker who causes harm to systems in support of some principle is categorized as which of the following?
Cyber terrorist
What is a realistic goal of ongoing security management? a. blocking all suspicious packets b. tracing all attacks c. tracing as many intrusion attempts as possible d. continually strengthening and modifying defenses
D. Continually strengthening and modifying defenses C. Tracing as many intrusion attempts as possible
What is an auditing program in which current connections are scanned and alerts are generated after suspicious logon attempts? a. social engineering b. port scan c. event monitoring d. Tinkerbell program
D. Tinkerbell program
What makes a VPN a cost-effective option? a. Computers can use the same hardware and software. b. It requires no administrative configuration to set up or maintain. c. Many VPN applications are available as shareware or freeware. d. VPNs use public Internet and ISP connections.
D. VPNs use public Internet and ISP connections
When securing an Apache Web server, which tasks is not necessary? a. installing the latest Apache patches b. disabling processing of server-side includes c. deleting unneeded or default Apache files and sample code d. creating a privileged user ID for the Apache Web User account with root access
D. creating a privileged user ID for the Apache Web User account with root access
Before installing new signatures for an IDPS, what do you need to do? a. Back up the IDPS. b. Stop the IDPS. c. Change passwords. d. Double-check to verify whether new signatures are necessary.
D. double-check to verify whether new signatures are necessary
Which of the following is a symmetric algorithm that is not considered safe for encryption use?
DES
Which of the following frames carries TCP/IP packets in a wireless network?
Data
Name 4 goals of network security
Data confidentiality Data integrity Data availability Ensuring Privacy
The Stuxnet worm was designed to
Disrupt computer controlled industrial operations
Which of the following computers is likely to be found in a DMZ?
E-mail server Web server
Which of the following is not a best practice for VPN client management? a. Enable split tunneling. b. Disable FTP. c. Disable Telnet. d. Enable VPN quarantine.
Enable split tunneling
A DNS server translates ____ to _____.
FQDNs to IPaddress
Which protocol uses one port number to establish a connection and a different port number to transfer data?
FTP
Which of the following functions can a bastion host perform?
FTP server e-mail server
A Web server can be hardened just by configuring the Web application correctly. True or False?
False
A bastion host is usually located on the internal network? True or False
False
A firewall is an effective stand-alone security solution. True or false
False
A packet filtering device evaluates data in the payload and compares it with a predefined set of rules
False
An HIDPS can detect an intrusion attempt that targets the entire network, such as a port scan on a ranged of computres
False
Cisco encryption type 7 is the strongest encryption method available on the router?
False
For optimum efficiency, configure a domain controller to function also as an IIS Web server. True or False?
False
A socket is a combination of an ______and a ____________
IP and Port number
Stateless packet filters allow or block packets based on which of the following?
Information in protocol headers
Most network threats originate from which of the following
Inside the company
In which of the following situations can CVE improve the coordination of intrusion information on a network?
Installing application patches can thwart a reported attack
In which of the following situations can CVE improve the coordination of an intrusion detection system
Installing application patches can thwart a reported attack.
A proxy server ___________.
Is designed to improve web access Can filter Application layer content
What is the purpose of a beacon frame?
It advertise services or information about the wireless networkk
How can data gained from intrusion detection improve network security?
It can help prevent future attacks it can help determine how to respond to a security incidents
Why is UDP considered unreliable
It is connectionless
Why is digital modulation superior to analog modulation?
It makes more efficient use of bandwidth. It has fewer interference problems. Error correction is more compatible with other digital systems. Less power is required to transmit.
What enables servers in a server farm to work together to handle requests?
Load balancing software
In digital signatures, which of the following values is compared to verify a message's integrity?
Message digest
Define cryptographic primitives
Modular mathematical functions that perform one task reliably. They form the basic building blocks of modern cryptography.
____is used for one to many communication in which a single host can send packets to a group of recipients?
Mullticast
Which of the following is an IPv6 Protocol?
Multicast listen detection Multicast listener discovery Neighbor discovery
Which of the following can hide internal IP addresses from the internet.
NAT Proxy servers
Which of the following is a method of hiding internal host IP addresses?
Network Address Translation Proxy servers
A packet has destination Data Link Layer address of FF-FF-FF-FF-FF-FF
Network hosts process this packet to see if it is of interest
A screening router would be an appropriate choice for meeting the security needs of a ___ a. small office network b. home network c. DMZ d. none of the above
None of the above
The capability to prevent one participant in an electronic transaction from denying that it performed an action is called ____________.`
Nonrepudiation
Which of the following components enables Ipsec to use Diffie-Hellman to create keys?
Oakley
Which of the following packets should never have a data payload?
One with SYN flag set
What preventive responses can an IDPS make to a possible attack?
Prevent malicious code from running drop the suspicious packet allow, reset, alarm reset all network connections
Which of the following is used as a cryptographic primitive?
Pseudorandom number generators feistel networks
A DMZ is _________________
Semi Trusted network
The IEEE 802.11 standard provides which of the following authentication methods?
Shared Key Open System
Which intrusion detection method can begin protecting an network immediately after installation?
Signature detection
Consider the following statements A: An ACL can be applied only to one router interface B: An ACL can apply only to one routed protocol C: An ACL can filter packet traveling in only one direction
Statement A is false, and statement B is correct.
Consider the following statements:A: Supernetting reduces the number of routes in routing tablesB: Variable length subnet masks allow router to determine whether an address is public or private.C. Statement A is true, and statement B is true.
Statement A is true, and statement B is false
Consider the following statements: A:Dynamic routing protocols decrease network security B: Static routing protocols conserve network bandwidth
Statement A is true, and statement B is true.
Which of the following packet elements can be filtered by a named ACL?
TCP flags noninitial fragments destination ports source IP addresses
What is the main problem with using a screening router?
The router alone cannot stop many types of attacks
Which of the following is a guideline for developing a firewall rule base?
The rule base should restrict access to ports and subnets on the internal network from the internet. The rule base should not interfere with application traffic
Which of the following attacks might potential to exploit AES
XSL
A corporation with several branch offices has decided to maintain multiple firewalls, one to protect each branch office's network. What is the most efficient way to maintain these firewalls?
Use a centralized security workstation
Which of the following malware is designed to replicate itself?
Worm Virus
Why is it important to protect the confidentiality of information you gather through auditing? a. Employee privacy could be compromised. b. The information might become corrupted when you store it. c. Intruders could discover passwords. d. Viruses could infect it.
a. Employee privacy could be compromised C. Intruders could discover passwords
Which of the following is an advantage of using a star VPN configuration?a. It is easier to increase the VPN's size b. Fewer VPN hardware or software devices are required c. Only the VPN server at the center or "hub" needs to be updated d. All participants can communicate with all other participants
a. It is easier to increase the VPN's size
Attackers can exploit routing information updates to do which of the following? (Choose all that apply.) a. Launch DoS attacks. b. Poison DNS caches. c. Use IP spoofing to intercept packets. d. Launch man-in-the-middle attacks.
a. Launch DoS attacks c. Use IP spoofing to intercept packets d. Launch man in the middle attacks
Which of the following is a common type of SQL injection attack? (Choose all that apply.) a. Web form attack b. browser executable attack c. system tray attack d. query string attack
a. Web form attack d. query string attack
Which of the following situation would a wireless network be an effective alternative?
a. a business that occupies temporary space b. a network with employees who travel c. an older building with no wiring
A risk analysis report should call attention to. a. all identified risks b. the most urgent risks c. the newest risks d. the risks that are easiest to manage
a. all identified risk
Ensuring that databases remain accessible if primary systems go offline is known as . a. fault tolerance b. failover c. redundancy d. resiliency
a. fault tolerance
In a DNS zone transfer, what is actually transferred? a. fully qualified domain names and IP addresses b. usernames and passwords c. server MAC addresses d. UDP and ICMP messages
a. fully qualified domain names and IP addresses
Security auditing involves which of the following? a. reviewing log files b. reviewing hardware and software costs c. testing defenses d. rotating firewall logs
a. reviewing log files c. testing defenses
What is nonrepudiation? a. the ability of a system to authenticate users b. the ability to rely on information gained through a security audit c. a legal defense used by employees whose privacy has allegedly been violated d. the ability to validate transactions through electronic documentation
a. the ability of a system to authenticate users.
What client-side issues do you need to consider when planning a VPN deployment?a. whether to require the client to use a firewall b. the organization's current growth rate c. how policies should be enforced on the client computer d. the cost of equipment that employees need to buy
a. whether to require the client to use a firewall c. how policies should be enforced on the client computer.
