IT161
You need to configure a wireless network. You want to use WPA2 Enterprise. Which of the following components should be part of your design? (Select two.) Pre-shared keys Open authentication AES encryption 802.1x TKIP encryption WEP encryption
AES encryption 802.1x
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks? Circuit proxy Kernel proxy Bastion Multi-homed
Bastion
Which type of communication path-sharing technology do all 802.11 standards for wireless networking support? Polling CSMA/CA CSMA/CD Token passing
CSMA/CA
Which of the following does the sudo iptables -F command accomplish? Lists all the current rules. Saves changes to iptables. Drops all incoming traffic. Clears all the current rules.
Clears all the current rules.
Which of the following can become a critical point of failure in a large wireless network infrastructure? Backhaul Access point Controller Wireless bridge
Controller
Which of the following usually provides DHCP services to dynamically assign IP addressing information to wireless clients and connect the wireless network to the internal wired network and the internet? Bridges Controllers Backhauls Access points
Controllers
Which of the following allows incoming traffic addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private network? IP masquerade DNAT OSPF Dynamic NAT
DNAT
You have configured a wireless access point to create a small network and configured all necessary parameters. Wireless clients seem to take a long time to find the wireless access point. You want to reduce the time it takes for the clients to connect. What should you do? Change the channel on the access point to a lower number. Create a wireless profile on the client. Decrease the beacon interval. Enable SSID broadcast.
Decrease the beacon interval.
Which of the following is a limitation of consumer-grade wireless equipment? -It supports a maximum of 5-10 wireless clients at a time. -APs can quickly re-associate themselves with a different wireless controller. -It operates on 5 GHz channels at 20 MHz wide. -It makes the transmitted bandwidth signal wider than the data stream needs.
It supports a maximum of 5-10 wireless clients at a time.
An attacker hides his computer's identity by impersonating another device on a network. Which of the following attacks did the attacker MOST likely perform? MAC spoofing attack DTP attack VLAN hopping attack ARP spoofing attack
MAC spoofing attack
Which of the following does an SNR higher than 1:1 indicate? More noise than signal No noise No signal More signal than noise
More signal than noise
You need to place a wireless access point in your two-story building while avoiding interference. Which of the following is the best location for the access point? Near the backup generators In the kitchen area On the top floor In the basement
On the top floor
Which IDS type can alert you to trespassers? NIDS PIDS HIDS VMIDS
PIDS
Your manager has asked you to set up four independent APs and configure them with the same SSID, channel, and IP subnet. What should you enable to accomplish this? Channel bonding A basic service set A spectrum analyzer Roaming
Roaming
Your company security policy states that wireless networks are not to be used because of the potential security risk they present. One day you find that an employee has connected a wireless access point to the network in his office. Which type of security risk is this? Social engineering On-path attack Rogue access point Phishing Physical security
Rogue access point
Which of the following BEST describes dynamic routing? Routing is done between autonomous systems. Routing is done within an autonomous system. Routers learn about networks by sharing routing information with each other. Routing entries are manually added to routing tables.
Routers learn about networks by sharing routing information with each other.
You have physically added a wireless access point to your network and installed a wireless networking card in two laptops that run Windows. Neither laptop can find the network, and you've come to the conclusion that you must manually configure the wireless access point (WAP). Which of the following values uniquely identifies the WAP? WEP Channel SSID Frequency
SSID
Which of the following NAT implementations maps a single private IP address to a single public IP address on the NAT router? Static NAT Dynamic NAT IP masquerade Many-to-one NAT
Static NAT
Which of the following switch attacks bypasses the normal functions of a router to communicate between VLANs and gain unauthorized access to traffic on another VLAN? ARP spoofing Dynamic Trunking Protocol attack Switch spoofing MAC spoofing
Switch spoofing
Which of the following BEST describes roaming? A deployment model used by newer wireless networks. The name of the wireless network that is broadcasted from an AP. The ability to broadcast the same SSID across multiple APs. A model that connects wired and/or wireless networks.
The ability to broadcast the same SSID across multiple APs.
In which of the following tables does a NAT router store port numbers and their associated private IP addresses? MAC address table ARP table Routing table Translation table
Translation table
You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch in VLAN 1. What should you configure to allow communication between these two devices through the switches? Layer 3 switching Spanning Tree Bonding Trunking
Trunking
You've just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis? Update the signature files. Modify clipping levels. Check for backdoors. Generate a new baseline.
Update the signature files.
Which of the following scenarios would cause a problem in asymmetric routing? Using two stateful firewalls in the traffic flow. Using two switches in the traffic flow. Using a hub in the traffic flow. Using two routers in the traffic flow.
Using two stateful firewalls in the traffic flow.
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation? Port security VLAN Spanning Tree VPN
VLAN
Which of the following functions does a consumer-grade access point combine into a single device? (Select two.) WPA WAP SSID AES NAT
WAP NAT
Which wireless networking component is used to connect multiple APs together? STA BSS WDS IBSS
WDS
Which of the following provides security for wireless networks? 802.11a WPA CSMA/CD WAP
WPA
Which of the following utilities would you use to view the routing table? traceroute route mtr tracert dig
route
How many network interfaces does a dual-homed gateway typically have? two three one four
three
Which IDS method defines a baseline of normal network traffic and then looks for anything that falls outside of that baseline? Pattern matching Dictionary recognition Anomaly-based Misuse detection
Anomaly-based
Which of the following scenarios would typically utilize 802.1x authentication? Authenticating remote access clients. Controlling access through a router. Authenticating VPN users through the internet. Controlling access through a switch.
Controlling access through a switch.
Which of the following routing protocols is a hybrid that uses a composite number for its metric based on bandwidth and delay? BGP RIP EIGRP OSPF
EIGRP
Which of the following are characteristics of a packet-filtering firewall? (Select two.) Filters IP address and port Stateful Filters based on sessions Filters based on URL Stateless
Filters IP address and port Stateless
Which of the following chains is used for incoming connections that aren't delivered locally? Forward Drop Output Reject
Forward
Which of the following is a device that can send and receive data simultaneously? Full-duplex Managed Unmanaged Honeypot
Full-duplex
Which of the following are true about reverse proxy? (Select two.) -Sits between a client computer and the internet. -Handles requests from the internet to a server on a private network. -Handles requests from inside a private network out to the internet. -Can perform load balancing, authentication, and caching. -Clients always know they are using reverse proxy.
Handles requests from the internet to a server on a private network. Can perform load balancing, authentication, and caching.
As a security precaution, you've implemented IPsec to work between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? Protocol analyzer Host-based IDS Network-based IDS Port scanner VPN concentrator
Host-based IDS
You're concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? Packet sniffer Port scanner IPS IDS
IPS
Under which of the following circumstances might you implement BGP on your company network and share routes with internet routers? If the network has over 15 hops. If the network is connected to the internet using multiple ISPs. If the network has over 15 areas and uses IPv6. If the network is connected to the internet using public addressing.
If the network is connected to the internet using multiple ISPs.
Which of the following is a method that allows you to connect a private network to the internet without obtaining registered addresses for every host? BGP EIGRP OSPF NAT
NAT
What do you need to configure on a firewall to allow traffic directed to the public resources on the screened subnet? Answer Subnet FTP Packet filters VPN
Packet filters
Which of the following switch features allows you to configure how the switch's MAC address table is filled? Auto-negotiation Spanning Tree Protocol Port mirroring Port security
Port security
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database? Anomaly analysis-based IDS Signature-based IDS Stateful inspection-based IDS Heuristics-based IDS
Signature-based IDS
Which of the following has the least default administrative distance? Static route to an IP address RIP OSPF External BGP
Static route to an IP address
In which type of device is a MAC address table stored? Hub Repeater Switch Router
Switch
Which of the following is the BEST solution to allow access to private resources from the internet? FTP VPN Packet filters Subnet
VPN
For which of the following devices does a voice VLAN prioritize traffic? Hub Layer 3 switch Bridge VoIP phone
VoIP phone
A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned both networks. The next hop router for network 192.168.3.0 has changed. You need to make the change with the least amount of effort possible. What should you do? -Wait for convergence to take place. -Stop and restart the RIP protocol on the router. -Manually reconfigure the default route to point to the new next hop router. -Force RIP to perform an immediate update.
Wait for convergence to take place.
Which of the following must each device's MTU be set to for jumbo frames to transverse the network without risk of fragmentation? 6,000 3,000 1,500 9,000
9,000
Which of the following is the protocol used for address resolution when you switch from IPv4 to IPv6? CSMA/CD Auto-MDIX ARP NDP
NDP
How many total channels are available for 802.11g wireless networks? 3 11 12 23 54
11
Which technologies are used by the 802.11ac standard to increase network bandwidth? (Select two.) Data compression Four MIMO radio streams 160 MHz bonded channels Eight MIMO radio streams 40 MHz bonded channels
160 MHz bonded channels Eight MIMO radio streams
Which of the following is true about a firewall? -Host-based firewalls and network-based firewalls can be installed separately, but they cannot be placed together to provide multiple layers of protection. -You must manually specify which traffic you want to allow through the firewall. Everything else is blocked. -Implicit deny is used to deny permissions to a specific user even when the rest of the user's group is allowed access. -Firewalls protect against email spoofing attacks.
You must manually specify which traffic you want to allow through the firewall. Everything else is blocked.
In which of the following situations would you MOST likely implement a screened subnet? -You want users to see a single IP address when they access your company network. -You want to detect and respond to attacks in real time. -You want to protect a public web server from attack. -You want to encrypt data sent between two hosts using the internet.
You want to protect a public web server from attack.
Which protocol is well known for its use in the home security and home automation industry, uses a mesh topology, makes devices act as repeaters, and has a low data transfer rate? Z-Wave 802.11ac NFC Ant+
Z-Wave
You have decided to conduct a business meeting at a local coffee shop. The coffee shop you chose has a wireless hotspot for customers who want internet access. You decide to check your email before the meeting begins. When you open the browser, you cannot gain internet access. Other customers are using the internet without problems. You're sure that your laptop's wireless adapter works because you use a wireless connection at work. What is the MOST likely cause of the problem? Incorrectly configured PPP An out-of-range WAP Different LAN protocols A mismatched SSID
A mismatched SSID
Which of the following should you include in your site survey kit? A network bridge Mounting brackets A tall ladder A GPS
A tall ladder
Which of the following uses a 2.4 GHz ISM band, has fast transmission rates, and has been used for applications like geocaching and health monitors? Z-Wave Ant+ NFC 802.11ac
Ant+
Match each wireless term or concept on the left with its associated description on the right. Each term may be used more than once. (Not all descriptions have a matching term.) -Compares the Wi-Fi signal level to the level of background radio signals. -Checks channel utilization and identifies sources of RF inference. -Identifies how strong a radio signal is at the receiver. Received signal level Signal-to-noise ratio Spectrum analysis
Compares the Wi-Fi signal level to the level of background radio signals. Signal-to-noise ratio Checks channel utilization and identifies sources of RF inference. Spectrum analysis Identifies how strong a radio signal is at the receiver. Received signal level
Which of the following measures will make your wireless network invisible to the casual attacker performing war driving? Use a form of authentication other than open authentication. Change the default SSID. Implement WPA2 Personal. Disable SSID broadcast.
Disable SSID broadcast.
You manage a network with multiple switches. You find that your switches are experiencing heavy broadcast storms. Which of the following will help reduce the effects of these broadcast storms? Disable auto-duplex detection. Manually set the speed for each switch port. Configure each switch with a single trunk port. Enable Spanning Tree on the switches.
Enable Spanning Tree on the switches.
Which of the following features are supplied by WPA2 on a wireless network? Client connection refusals based on MAC address Encryption Traffic filtering based on packet characteristics A centralized access point for clients
Encryption
Which of the following features does WPA2 supply on a wireless network? Encryption Client-connection refusal based on MAC address Network identification Centralized access points for clients
Encryption
Which of the following is true of a wireless network SSID? Enables wireless interconnection of multiple APs. Groups wireless devices together into the same logical network. Is a 48-bit value that identifies an AP. Coordinates all communications between wireless devices.
Groups wireless devices together into the same logical network.
Which of the following is a configuration in which a wireless controller is connected to all APs through a wired link? Bridges Hub and spoke Independent APs Mesh infrastructure
Hub and spoke
Which of the following purposes do wireless site surveys fulfill? (Select two.) -Identify the coverage area and preferred placement of access points. -Identify existing or potential sources of interference. -Document existing infrared traffic in the 5.4 GHz spectrum. -Determine the amount of bandwidth required in various locations. -Identify the recommended 100 degree separation angle for alternating access points.
Identify the coverage area and preferred placement of access points. Identify existing or potential sources of interference.
The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. She wants guests to be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the internet. If a user does not provide the correct code, he or she should not be allowed to access the internet. What should you do? Implement MAC address filtering. Implement pre-shared key authentication. Implement a captive portal. Implement 802.1x authentication using a RADIUS server.
Implement a captive portal.
Your wireless network consists of multiple 802.11n access points that are configured as follows: SSID (hidden): CorpNet Security: WPA2-PSK using AES Frequency: 5.75 GHz Bandwidth per channel: 40 MHz Because of your facility's unique construction, there are many locations that do not have a clear line of sight between network clients and access points. As a result, radio signals are reflected along multiple paths before finally being received. The result is distorted signals that interfere with each other. What should you do? Switch to RADIUS authentication for wireless clients. Install directional access points. Reduce the power of the access point radio signals. Implement antenna diversity.
Implement antenna diversity.
Which of the following do switches and wireless access points use to control access through a device? Port number filtering MAC address filtering Session filtering IP address filtering
MAC address filtering
You're setting up a wireless hotspot in a local coffee shop. For best results, you want to disperse the radio signals evenly throughout the coffee shop. Which of the following antenna types would you use on the AP to provide a 360-degree dispersed wave pattern? Uni-directional Directional Omni-directional Multi-directional
Omni-directional
You want to implement 802.1x authentication on your wireless network. Where would you configure the passwords that will be used for the authentication process? On the wireless access point and each wireless device. On the wireless access point. On a certificate authority (CA). On a RADIUS server.
On a RADIUS server.
Which of the following recommendations should you follow when placing access points to provide wireless access for users within your company building? Place multiple access points in the same area. Place access points near outside walls. Place access points above where most clients are. Place access points in the basement.
Place access points above where most clients are.
You are implementing a wireless network inside a local office. You require a wireless link to connect a laptop in the administrator's office directly to a system in the sales department. In the default configuration, the wireless AP uses a 360-dispersed RF wave design. After installation, the signal between the two systems is weak, as many obstacles interfere with it. Which of the following strategies could you try to increase signal strength? Replace the directional antenna with an omni-directional antenna. Replace the omni-directional antenna with a directional antenna. Increase the RF setting on the client system. Increase the RF power on the isotropic antenna.
Replace the omni-directional antenna with a directional antenna.
Which of the following wireless network protection methods prevents the wireless network name from being broadcast? MAC filtering Shared secret key 802.1x SSID broadcast
SSID broadcast
You have a small wireless network that uses multiple access points. The network uses WPA and broadcasts the SSID. WPA2 is not supported by the wireless access points. You want to connect a laptop computer to the wireless network. Which of the following parameters do you need to configure on the laptop? (Select two.) Channel BSSID AES encryption TKIP encryption Pre-shared key
TKIP encryption Pre-shared key
A user on your network has been moved to another office down the hall. After the move, she calls you complaining that she has only occasional network access through her wireless connection. Which of the following is MOST likely the cause of the problem? -An SSID mismatch between the client and the WAP. -The client has incorrect WEP settings. -The encryption level has been erroneously set back to the default setting. -The client system has moved too far away from the access point. -An SSID mismatch between the client and the server.
The client system has moved too far away from the access point.
You have been hired to troubleshoot a wireless connectivity issue for two separate networks located within a close proximity. Both networks use a WAP from the same manufacturer, and all settings (with the exception of SSIDs) remain configured to their defaults. Which of the following might you suspect is the cause of the connectivity problems? The two server systems' SSIDs match. The two client systems' SSIDs match. There are overlapping channels. There is WEP overlap. There is crosstalk between the RF signals.
There are overlapping channels.
Which of the following wireless security methods uses a common shared key that's configured on the wireless access point and all wireless clients? WPA Enterprise and WPA2 Enterprise WPA Personal and WPA2 Enterprise WEP, WPA Personal, WPA Enterprise, WPA2 Personal, and WPA2 Enterprise WEP, WPA Personal, and WPA2 Personal
WEP, WPA Personal, and WPA2 Personal
You need to add security for your wireless network. You would like to use the most secure method. Which method should you implement? Kerberos WEP WPA2 WPA
WPA2
Which of the following connects wired or wireless networks together? Wireless mesh Wireless router Wireless bridge Hub and spoke
Wireless bridge
Which of the following is NOT one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server? 169.254.0.1 to 169.254.255.254 10.0.0.1 to 10.255.255.254 192.168.0.1 to 192.168.255.254 172.16.0.1 to 172.31.255.254
169.254.0.1 to 169.254.255.254
Which of the following is the open standard for tagging Layer 2 frames? ARP RFC1918 802.1q NDP
802.1q
Which of the following do hosts on a private network share if the network utilizes a NAT router? A virtual MAC address A physical MAC address A physical IP address A virtual IP address
A physical IP address
Which of the following protocols prescribes what to do when a data channel is in use on a half-duplex device? Auto-MDI-X CSMA/CD NDP ARP
CSMA/CD
Which device is NAT typically implemented on? AD server ISP router RADIUS server Default gateway router
Default gateway router
Which of the following is a method of VLAN hopping? ARP spoofing MAC spoofing Double tagging MAC flooding
Double tagging
Which of the following is true about an unmanaged switch? It is capable of VLAN creation. It supports link aggregation. It can connect to all devices in a small area. It allows port configuration.
It can connect to all devices in a small area.
Which of the following methods is best to have when a network goes down? Out-of-band management Client-to-site VPN Site-to-site VPN In-band management
Out-of-band management
Which of the following combines several layers of security services and network functions into one piece of hardware? Intrusion detection system (IDS) Circuit-level gateway Firewall Unified Threat Management (UTM)
Unified Threat Management (UTM)
Which command would you use on a switch to enable management from a remote network? ip address dhcp ip default-gateway 192.168.10.185 ip address 192.168.10.185 255.255.255.0 no shutdown
ip default-gateway 192.168.10.185
Match the wireless networking term or concept on the left with its appropriate description on the right. (Each term may be used once, more than once, or not at all.) -Moving a wireless device between access points within the same wireless network. -Used by Cisco wireless equipment to route frames back and forth between the wireless network and the wired LAN. -Specifies the number of clients that can utilize the wireless network. -Automatically partitions a single broadcast domain into multiple VLANs. -Connects two wired networks over a Wi-Fi network. -The number of useful bits delivered from sender to receiver within a specified amount of time. Goodput VLAN pooling Roaming Wireless bridge Device density LWAPP
-Moving a wireless device between access points within the same wireless network. Roaming -Used by Cisco wireless equipment to route frames back and forth between the wireless network and the wired LAN. LWAPP -Specifies the number of clients that can utilize the wireless network. Device density -Automatically partitions a single broadcast domain into multiple VLANs. VLAN pooling -Connects two wired networks over a Wi-Fi network. Wireless bridge -The number of useful bits delivered from sender to receiver within a specified amount of time. Goodput
Match the wireless signaling method on the left with its definition on the right. -Transfers data over a radio signal by switching channels at random within a larger frequency band. -Makes the transmitted bandwidth signal wider than the data stream needs. -Encodes data over a wireless network using non-overlapping channels. OFDM FHSS DSSS
-Transfers data over a radio signal by switching channels at random within a larger frequency band. FHSS -Makes the transmitted bandwidth signal wider than the data stream needs. DSSS -Encodes data over a wireless network using non-overlapping channels. OFDM
Which of the following are frequencies defined by 802.11 committees for wireless networking? (Select two.) 900 MHz 1.9 GHz 2.4 GHz 5.75 GHz 10 GHz
2.4 GHz 5.75 GHz
How many total channels (non-overlapping) are available for 802.11a wireless networks? 3 11 12 24 54
24
Which network modes can typically be used for both 2.4 GHz and 5 GHz clients? (Select two.) 802.11b only 802.11ax only 802.11n only 802-11a only 802.11g only
802.11ax only 802.11n only
You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using? (Select two.) 802.11a 802.3a 802.11b Bluetooth Infrared
802.11b Bluetooth
You are designing a wireless network for a client. Your client needs the network to support a data rate of at least 150 Mbps. In addition, the client already has a wireless telephone system installed that operates at 2.4 GHz. Which 802.11 standard works best in this situation? 802.11a 802.11n 802.11b 802.11g
802.11n
You are designing an update to your client's wireless network. The existing wireless network uses 802.11b equipment, which your client complains runs too slowly. She wants to upgrade the network to run up to 600 Mbps. Due to budget constraints, your client wants to upgrade only the wireless access points in the network this year. Next year, she will upgrade the wireless network boards in her users' workstations. She has also indicated that the system must continue to function during the transition period. Which 802.11 standard will work BEST in this situation? 802.11c 802.11n 802.11a 802.11d 802.11b
802.11n
Which of the following BEST describes Ethernet flow control? -A configuration that sends a pause frame to the transmitting device when the receiving device cannot keep up with the volume of data being sent. -A configuration that allows traffic from multiple VLANs on a single port. -A configuration that allows frames larger than 1,500 bytes to pass through the port without fragmentation. -A protocol designed to prevent looping in network traffic.
A configuration that sends a pause frame to the transmitting device when the receiving device cannot keep up with the volume of data being sent.
Which of the following best describes DHCP scope exhaustion? -When an attacker adds a second DHCP server to a network and offers IP addresses to clients wanting to join the network. -When IP address lease times on a DHCP server are shortened. -A denial of service from a lack of IP addresses in a DHCP server's pool. -When a DHCP snooping technique is used to drop packets from untrusted DHCP servers.
A denial of service from a lack of IP addresses in a DHCP server's pool.
Your company has an internet connection. You also have a web server and an email server that you want to make available to your internet users, and you want to create a screened subnet for these two servers. Which of the following should you use? A network-based firewall A host-based firewall An IPS An IDS
A network-based firewall
Which of the following is true about a network-based firewall? -A network-based firewall is installed on a single computer. -A network-based firewalls are considered software firewalls. -A network-based firewall is less expensive and easier to use than host-based firewalls. -A network-based firewall is installed at the edge of a private network or network segment.
A network-based firewall is installed at the edge of a private network or network segment.
How does a proxy server differ from a packet-filtering firewall? -A proxy server includes filters for the session ID as well as the IP address and port number. -A proxy server can prevent unknown network attacks, while a packet-filtering firewall can only prevent known attacks. -A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer. -A proxy server is used to create a screened subnet, while a packet-filtering firewall can only be used with screened subnets.
A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer.
Drag each description on the left to the appropriate switch attack type on the right. ARP spoofing/poisoning Dynamic Trunking Protocol MAC flooding MAC spoofing -Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called fail open mode. -The source device sends frames to the attacker's MAC address instead of to the correct device. -Should be disabled on the switch's end user (access) ports before implementing the switch configuration in to the network. -Can be used to hide the identity of the attacker's computer or impersonate another device on the network.
ARP spoofing/poisoning The source device sends frames to the attacker's MAC address instead of to the correct device. Dynamic Trunking Protocol Should be disabled on the switch's end user (access) ports before implementing the switch configuration in to the network. MAC flooding Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called fail open mode. MAC spoofing Can be used to hide the identity of the attacker's computer or impersonate another device on the network.
Your Cisco router has three network interfaces configured. S0/1/0 is a WAN interface that is connected to an ISP. F0/0 is connected to an Ethernet LAN segment with a network address of 192.168.1.0/24. F0/1 is connected to an Ethernet LAN segment with a network address of 192.168.2.0/24. You have configured an access control list on this router using the following rules: deny ip 192.168.1.0 0.0.0.255 any deny ip 192.168.2.0 0.0.0.255 any These rules will be applied to the WAN interface on the router. Your goal is to block any IP traffic coming in on the WAN interface that has a spoofed source address that makes it appear to be coming from the two internal networks. However, when you enable the ACL, you find that no traffic is being allowed through the WAN interface. What should you do? -Apply the access list to the Fa0/1 interface instead of the S0/1/0 interface. -Apply the access list to the Fa0/0 interface instead of the S0/1/0 interface. -Use the out parameter instead of the in parameter within each ACL rule. -Add a permit statement to the bottom of the access list.
Add a permit statement to the bottom of the access list.
Which of the following describes how access control lists can improve network security? -An access control list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. -An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. -An access control list filters traffic based on the frame header, such as source or destination MAC address. -An access control list identifies traffic that must use authentication or encryption.
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number.
Which of the following BEST describes an ARP spoofing attack? -An attack that changes the source MAC address on frames. -An attack where a frame is manipulated to contain two tags. -An attack in which a switch is flooded with packets, each containing a different source MAC address. -An attack that associates an attacker's MAC address with the IP address of a victim's device.
An attack that associates an attacker's MAC address with the IP address of a victim's device.
Which of the following is true about an intrusion detection system? -An intrusion detection system monitors data packets for malicious or unauthorized traffic. -An intrusion detection system maintains an active security role within the network. -An intrusion detection system can block malicious activities. -An intrusion detection system can terminate or restart other processes on the system.
An intrusion detection system monitors data packets for malicious or unauthorized traffic.
You are concerned that wireless access points might have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.) Answer -Implement an intrusion prevention system (IPS). -Implement an intrusion detection system (IDS). -Implement a network access control (NAC) solution. -Check the MAC addresses of devices that are connected to your wired switch. -Conduct a site survey.
Check the MAC addresses of devices that are connected to your wired switch. Conduct a site survey.
Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all. Commonly sold at retail stores. Provides port security features. Supports VLANs. Provides very few configuration options. Can be configured over a network connection. Can be configured over a dedicated communication channel. Managed switch Unmanaged switch
Commonly sold at retail stores. Unmanaged switch Provides port security features. Managed switch Supports VLANs. Managed switch Provides very few configuration options. Unmanaged switch Can be configured over a network connection. Managed switch Can be configured over a dedicated communication channel. Managed switch
Match each switch management method on the left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all. Competes with normal network traffic for bandwidth. Uses a dedicated communication channel. Must be encrypted to protect communications from sniffing. Does not compete with normal network traffic for bandwidth. Affected by network outages. Out-of-band management In-band management
Competes with normal network traffic for bandwidth. In-band management Uses a dedicated communication channel. Out-of-band management Must be encrypted to protect communications from sniffing. In-band management Does not compete with normal network traffic for bandwidth. Out-of-band management Affected by network outages. In-band management
You have configured a wireless access point to create a small network. For security reasons, you have disabled SSID broadcast. From a client computer, you try to browse to find the access point. You see some other wireless networks in the area, but cannot see your network. What should you do? -Enable the wireless card on the client. -Configure a profile on the wireless client. -Set the channel on the client to match the channel used by the access point. -Decrease the beacon interval on the access point.
Configure a profile on the wireless client.
What does the ip address dhcp command allow you to do? Configure a switch to act as a DHCP server. Specify the DHCP relay server for forwarding DHCP packets. Configure a switch to obtain an IP address from a DHCP server. Send the DHCP server address for all connected devices.
Configure a switch to obtain an IP address from a DHCP server.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that's connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do? -Create a VLAN for each group of four computers. -Create static MAC addresses for each computer and associate each address with a VLAN. -Remove the hub and place each library computer on its own access port. -Configure port security on the switch.
Configure port security on the switch.
You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do? -Configure the connection to use 802.1x authentication and AES encryption. -Configure the connection with a pre-shared key and AES encryption. -Configure the connection with a pre-shared key and TKIP encryption. -Configure the connection to use 802.1x authentication and TKIP encryption.
Configure the connection with a pre-shared key and AES encryption.
Which of the following are true about routed firewalls? (Select two.) -Operates at Layer 2. -Internal and external interfaces connect to the same network segment. -Counts as a router hop. -Supports multiple interfaces. -Easily introduced to an existing network.
Counts as a router hop. Supports multiple interfaces.
Which level of the OSI model does a Layer 2 switch operate at? Data Link layer Network layer Transportation layer Session layer
Data Link layer
You have just connected a new computer to your network. The network uses static IP addressing. You find that the computer can communicate with hosts on the same subnet, but not with hosts on a different subnet. No other computers are having issues. Which of the following configuration values would you MOST likely need to change? DNS server IP address Default gateway Subnet mask
Default gateway
Which of the following BEST describes a stateful inspection? -Designed to sit between a host and a web server and communicate with the server on behalf of the host. -Allows all internal traffic to share a single public IP address when connecting to an outside entity. -Offers secure connectivity between many entities and uses encryption to provide an effective defense against sniffing. -Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated.
Which of the following enterprise wireless deployment models uses access points with enough intelligence to allow the creation of guest WLANs for keeping public wireless traffic separate from private traffic? -Distributed wireless mesh infrastructure -Lightweight access point (LWAP) with wireless controller infrastructure -Independent access points -Hub-and-spoke infrastructure
Distributed wireless mesh infrastructure
Jake is a network administrator for a hospital. There is medical equipment that relies on having uninterrupted internet connectivity. Which of the following types of routing protocols should Jake focus on to ensure that the hospital's network connectivity remains reliable? Exterior dynamic routing protocols Distance vector routing protocols Link state routing protocols Interior dynamic routing protocols
Exterior dynamic routing protocols
Which IDS traffic assessment indicates that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic? Negative Positive False positive False negative
False positive
You have been given a laptop to use for work. You connect the laptop to your company network, use the laptop from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? VPN concentrator Proxy server Host-based firewall Network-based firewall
Host-based firewall
Which statements accurately describe the port states of both bridges and switches? (Select two.) -In the learning state, the MAC address table can be populated, but frames are not forwarded. -In the learning state, the MAC address table cannot be populated because the port is blocked. -Ports in a blocked state still receive BPDUs. -Ports in a blocked state cannot receive BPDUs. -In the learning state, all ports are in a forwarding state.
In the learning state, the MAC address table can be populated, but frames are not forwarded. Ports in a blocked state still receive BPDUs.
You're replacing a wired business network with an 802.11g wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network has multiple wireless access points, and you want to use WPA2 on the network. What should you do to configure the wireless network? (Select two.) Configure devices to run in ad hoc mode. Install a RADIUS server and use 802.1x authentication. Use open authentication with MAC address filtering. Configure devices to run in infrastructure mode. Use shared secret authentication.
Install a RADIUS server and use 802.1x authentication. Configure devices to run in infrastructure mode.
You have been hired to design a wireless network for a SOHO environment. You are currently in the process of gathering network requirements from management. Which of the following questions should you ask? (Select three.) -Are there microwaves or cordless phones that can cause interference? -Is the size of the business expected to grow in the future? -Which type of data will be transmitted on the network? -What are the zoning and permit requirements? -How many devices will need to be supported? -Where can network hardware be mounted in the building? -Is there future construction that might affect or disrupt the RF signals?
Is the size of the business expected to grow in the future? Which type of data will be transmitted on the network? How many devices will need to be supported?
Which of the following is true about an NIDS? -It can access encrypted data packets. -It can monitor changes that you've made to applications and systems. -It can analyze fragmented packets. -It detects malicious or unusual incoming and outgoing traffic in real time.
It detects malicious or unusual incoming and outgoing traffic in real time.
Which of the following are true of the IS-IS routing protocol? (Select two.) A router is the boundary between one area and another. It supports IPv6 routing. It uses bandwidth and delay for the metric. It is best suited for small networks. It is a classful protocol. It divides large networks into areas.
It supports IPv6 routing. It divides large networks into areas.
Which of the following is true about Network Address Translation? It cannot forward DNS requests to the internet. It provides end-device to end-device traceability. It allows external hosts to initiate communication with internal hosts. It supports up to 5,000 concurrent connections.
It supports up to 5,000 concurrent connections
As a network administrator, you have 10 VLANs on your network that need to communicate with each other. Which of the following network devices is the BEST choice for allowing communication between 10 VLANs? Layer 3 switch Layer 2 switch Repeater Load balancer
Layer 3 switch
On your network, you have a VLAN for the sales staff and a VLAN for the production staff. Both need to be able to communicate over the network. Which of the following devices would work BEST for communication between VLANs? Repeater Load balancer Layer 3 switch Layer 2 switch
Layer 3 switch
Which of the following BEST describes port aggregation? -Multiple ports linked together and used as a single logical port. -A priority-based flow control that allows you to prioritize network traffic. -IEEE network standard 802.3. -Multiple VLANs traveling through a single port.
Multiple ports linked together and used as a single logical port.
Which of the following locations creates the greatest amount of interference for a wireless access point? (Select two.) Near backup generators Near cordless phones Near DCHP servers Near a geofence In the top floor of a two-story building
Near backup generators Near cordless phones
You are an administrator of a growing network. You notice that the network you've created is broadcasting, but you can't ping systems on different segments. Which device should you use to fix this issue? Access point Network bridge Range extender Network hub
Network bridge
You are configuring a switch so that you can manage it using PuTTY from the same network segment. On the switch, you enter the following commands: switch#config terminalswitch(config)#interface vlan 1switch(config-if)#ip address 192.168.1.10 255.255.255.0 Will this configuration work? -Yes. The switch can now be accessed by PuTTY using the IP address 192.168.1.10. -No. The ip default-gateway command needs to be set. -No. The no shutdown command needs to be entered. -No. The switch needs to obtain an IP address from the DHCP server using the ip address dhcp command.
No. The no shutdown command needs to be entered.
What are the main differences between the OSPF and IS-IS routing protocols? OSPF requires an area 0, while IS-IS does not. OSPF is an IGP routing protocol, while IS-IS is a BGP routing protocol. OSPF is a classful protocol, while IS-IS is a classless protocol. OSPF is a link state protocol, while IS-IS is not.
OSPF requires an area 0, while IS-IS does not.
Which of the following is required to establish a new network switch and configure its IP address for the first time? Client-to-site VPN Out-of-band management Site-to-site VPN In-band management
Out-of-band management
Which of the following is a firewall function? Encrypting FTP hosting Frame filtering Packet filtering
Packet filtering
Which options are you able to set on a firewall? (Select three.) Checksum Sequence number Acknowledgment number Packet source address Packet destination address Port number Digital signature
Packet source address Packet destination address Port number
You have a large Power over Ethernet flat screen that you are installing in a conference room that requires 70 watts of power. Which of the following IEEE standards does your PoE switch need to provide power for the flat screen? PoE+ PoE++ Type 3 PoE PoE++ Type 4
PoE++ Type 4
Your organization's management wants to monitor all the customer services calls. The calls are taken on VoIP phones. Which of the following configurations would BEST help you set up a way to monitor the calls? Port mirroring Spanning Tree Protocol LACP Priority-based flow control
Port mirroring
You are managing a network and have used firewalls to create a screened subnet. You have a web server that internet users need to access. It must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) -Put the database server and the web server inside the screened subnet. -Put the database server inside the screened subnet. -Put the database server on the private network. -Put the web server on the private network. -Put the web server inside the screened subnet.
Put the database server on the private network. Put the web server inside the screened subnet.
You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) Put the web server inside the screened subnet. Put the web server on the private network. Put the database server outside the screened subnet. Put the database server on the private network. Put the database server inside the screened subnet.
Put the web server inside the screened subnet. Put the database server on the private network.
What is the main difference between RIP and RIPv2? RIP is a classful protocol, while RIPv2 is a classless protocol. RIP has a limit of 15 hops, while RIPv2 increases the hop count limit. RIP is a distance vector protocol, while RIPv2 is a link state protocol. RIP use hop count for the metric, while RIPv2 uses a relative link cost.
RIP is a classful protocol, while RIPv2 is a classless protocol.
You are unsure if the gateway address is correct for one of your subnetworks because traffic is not leaving the network. Which of the following tables could you look at to check if the gateway address is correct? ARP table MAC address table Routing table State table
Routing table
Which of the following uses access control lists (ACLs) to filter packets as a form of security? Screened-host gateway Screened router Screened subnet Dual-homed gateway
Screened router
Which of the following can serve as a buffer zone between a private, secured network and an untrusted network? Intranet Padded cell Extranet Screened subnet
Screened subnet
Which of the following is another name for a firewall that performs router functions? Dual-homed gateway Screened-host gateway Screened subnet Screening router
Screening router
You manage a single subnet with three switches. The switches are connected to provide redundant paths between themselves. Which feature prevents switching loops and ensures that there is only a single active path between any two switches? 802.1x Spanning Tree PoE Trunking
Spanning Tree
You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers? Static Dynamic Restricted Overloading
Static
You have only one physical interface but want to connect two IP networks. Which of the following would allow you to do so? A loopback address The sticky feature Virtual IPs Subinterfaces
Subinterfaces
Which of the following is a communication device that connects other network devices through cables and receives and forwards data to a specified destination within a LAN? Hub Switch Access point Router
Switch
Which of the following can cause broadcast storms? Switching loops Duplicate MAC addresses Duplicate IP addresses Routing loops
Switching loops
A switch receives a frame with a destination MAC address that is not found in its MAC address table. What happens next? -The frame stops at the switch and is not forwarded until the destination MAC address is manually added to the MAC address table. -The frame is rejected and returned to the source host. -The frame is replicated and sent to every active port on the switch except the source port. -The frame is replicated and sent to every active port on the switch.
The frame is replicated and sent to every active port on the switch except the source port.
Which of the following describes the worst possible action by an IDS? -The system identified harmless traffic as offensive and generated an alarm. -The system identified harmful traffic as harmless and allowed it to pass without generating any alerts. -The system correctly deemed harmless traffic as inoffensive and let it pass. -The system detected a valid attack and the appropriate alarms and notifications were generated.
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
A user calls to report that she is experiencing intermittent problems while accessing the wireless network from her laptop computer. While talking to her, you discover that she is trying to work from the coffee room two floors above the floor where she normally works. What is the MOST likely cause of her connectivity problem? -The user needs a new IP address because she is working on a different floor. -The wireless network access point on the user's normal floor has failed. -The user has not yet logged off and back on to the network while at her new location. -The user is out of the effective range of the wireless access point. -The user has not yet rebooted her laptop computer while at her new location.
The user is out of the effective range of the wireless access point.
Your organization uses an 802.11b wireless network. Recently, other tenants installed the following equipment in your building: A wireless television distribution system running at 2.4 GHz. A wireless phone system running at 5.8 GHz. A wireless phone system running at 900 MHz. An 802.11a wireless network running in the 5.725 - 5.850 GHz frequency range. An 802.11j wireless network running in the 4.9 - 5.0 GHz frequency range. Since this equipment was installed, your wireless network has been experiencing significant interference. Which system is to blame? The 802.11a wireless network The wireless TV system The 5.8 GHz wireless phone system The 900 MHz wireless phone system The 802.11j wireless network
The wireless TV system
Which device combines multiple security features, such as anti-spam, load-balancing, and antivirus, into a single network appliance? Circuit-level gateway Unified Threat Management (UTM) Next Generation Firewall (NGFW) Packet-filtering firewall
Unified Threat Management (UTM)
Kate, a network administrator, has been tasked with staying within the company budget. She has a large network and doesn't want to spend more than she needs to on purchasing and registering multiple public IP addresses for each of the hosts on her network. Which of the following methods could help her provide internet access but also keep costs low and limit the number of registered IP addresses her organization needs to purchase? Use PoE devices. Use Network Address Translation. Use Layer 2 switches. Use Layer 3 switches.
Use Network Address Translation.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to the internet users. Which solution should you use? -Use a single firewall. Put the web server in front of the firewall and the private network behind the firewall. -Use firewalls to create a screened subnet. Place the web server and the private network inside the screened subnet. -Use a single firewall. Put the server and the private network behind the firewall. -Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet.
Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet.
Which of the following are specific to extended Access control lists? (Select two.) Use the number ranges 100-199 and 2000-2699. Are the most used type of ACL. Are used by route maps and VPN filters. Identify traffic based on the destination address. Should be placed as close to the destination as possible.
Use the number ranges 100-199 and 2000-2699. Are the most used type of ACL.
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. Which of the following should you use in this situation? Port security VPN Spanning Tree VLAN
VLAN
Which of the following attacks manipulates a switch's auto-negotiation setting to access a virtual local area network that's connected to the same switch as the attacker's virtual local area network? Dynamic Trunking Protocol attack MAC spoofing VLAN spoofing ARP spoofing
VLAN spoofing
A workstation's network board is currently configured as follows: Network Speed = Auto Duplexing = Auto The workstation is experiencing poor network performance, and you suspect that the network board is incorrectly detecting the network speed and duplex settings. Upon investigation, you find that it's running at 10 Mbps half-duplex. You know that your network switch is capable of much faster throughput. To fix this issue, you decide to manually configure these settings on the workstation. Before you do so, you need to verify the switch port configuration for the connected workstation. Given that it's a Cisco switch, which commands can you use on the switch to show a list of all switch ports and their current settings? (Select two.) show interface capabilities show interface ethernet counters show running-config interface show interface switchport show interface
show running-config interface show interface