Network Security (Security+ Exam), SY0-401:1 TS Quiz Network Security, N10-006 - Transcender Exam, N+ Exam A, Chpt 4 4.1-4.3

"Which network entity acts as the interface between a local area network and the Internet using one IP address? VPN NAT router router firewall"

" Answer: NAT router Explanation: Network Address Translation (NAT) router acts as the interface between a local area network and the Internet using one IP address. A VPN is a private network that is implemented over a public network, such as the Internet. A router divides a network into smaller subnetworks. Each host on the subnetwork is given its own IP address to use to communicate. A firewall is a device that protects a network from unauthorized access by allowing only certain traffic to pass through it. While a firewall can also be a router, it is referred to as a firewall when it functions to create a DMZ."

"Several users report that they are having trouble connecting to the organization's Web site that uses HTTPS. When you research this issue, you discover that the Web client and Web server are not establishing a TCP/IP connection. During which phase of SSL communication is the problem occurring? A handshake B key exchange C authentication D encrypted connection establishment"

" Answer: handshake Explanation: The problem is occurring during the handshake phase of Secure Sockets Layer (SSL) communication. First, a TCP/IP connection is established between a Web server and a Web client. Next, the key exchange occurs. Rivest, Shamir, Adleman (RSA) is used for the SSL/TLS key exchange. After the key exchange, the Web client uses a Web server's key information to authenticate the Web server. Finally, the Web client and the Web server establish an encrypted connection and exchange data on an SSL-encrypted connection."

"A Web server is located on a DMZ segment. The Web server only serves HTTP pages, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall? A 20 B 80 C 110 D 443 "

" Answer: 80 Explanation: Only port 80 should be opened on the Internet side of the demilitarized zone (DMZ) firewall. The firewall will allow only HTTP traffic to enter the DMZ; all other port traffic will be prevented from entering the DMZ. Port 20 is used by File Transfer Protocol (FTP) to send data. Port 110 is used by Post Office Protocol (POP), and port 443 is used by Secure Sockets Layer (SSL). The Web server on the DMZ only serves Web pages, so only HTTP services should be activated on the Web server. All other services on the Web server should be deactivated, which will strengthen security on the Web server. "

"You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack. What should you do? (Choose all that apply.) Change the default Service Set Identifier (SSID). Disable SSID broadcast. Configure the network to use authenticated access only. Configure the WEP protocol to use a 128-bit key. "

" Answer: Change the default Service Set Identifier (SSID). Disable SSID broadcast. Configure the network to use authenticated access only. Configure the WEP protocol to use a 128-bit key. Explanation: You should complete all of the following steps to protect against war-driving attacks: Change the default SSID - This prevents hackers from being able to use the wireless network based on the access point's default settings. Disable SSID broadcast - This prevents the SSID from being broadcast. Although there are other ways to discover the SSID, disabling the broadcast will cut down on attacks. Configure the network to use authenticated access only - This ensures that no unauthenticated connections can occur. Configure the WEP protocol to use a 128-bit key - WEP using 128-bit key is better than the default WEP. However, it is even BETTER to implement some forms of WPA. Some other suggested steps include the following: Implement Wi-Fi Protected Access (WPA) or WPA2 instead of WEP - WPA is stronger than WEP. WPA2 is stronger than both WPA and WEP. Reduce the access point signal strength or power level controls - This allows you to reduce the area that is covered by the access point. War driving is a method of discovering 802.11 wireless networks by driving around with a laptop and looking for open wireless networks. NetStumbler is a common war-driving tool. "

"You have been hired to access the security needs for an organization that uses several Web technologies. During the assessment, you discover that the organization uses HTTPS, S-HTTP, ActiveX, and JavaScript. You need to rank these technologies based on the level of security they provide. Which of the technologies listed provides the highest level of security? A HTTPS B S-HTTP C ActiveX D JavaScript "

" Answer: HTTPS Explanation: Of the options given, HTTPS provides the highest level of security. The HTTP Secure (HTTPS) protocol provides a secure connection between two computers. The connection is protected, and all traffic between the two computers is encrypted. HTTPS uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS). It uses private key encryption to encrypt the entire channel. HTTPS uses port 443 by default. Secure HTTP (S-HTTP) is different from HTTPS. S-HTTP allows computers to negotiate an encryption connection and is not as secure as HTTPS. It uses document encryption to protect the HTTP document's contents only. ActiveX is very vulnerable to attacks because users can configure their computer to automatically access an ActiveX component or control. JavaScript scripts can be downloaded from a Web site and executed, causing damage to systems. "

"Your organization is trying to increase network security. After a recent security planning meeting, management decides to implement a protocol that digitally signs packet headers and encrypts and encapsulates packets. Which protocol should you implement? AES CA DES IPsec "

" Answer: IPsec Explanation: You should implement Internet Protocol security (IPsec). This protocol digitally signs Internet Protocol (IP) packet headers and encrypts and encapsulates packets. IPsec provides both authentication and encryption, and is regarded as one of the strongest security standards. When the Authentication Header (AH) protocol is used, IPSec digitally signs packet headers, and when the Encapsulating Security Protocol (ESP) is used, IPsec encrypts packets. AH is protocol ID 51, and ESP is protocol ID 50. When tunnel mode is used, packets are encapsulated within other packets; when transport mode is used, packets are not encapsulated. Two routers that require secure communications should use IPSec in tunnel mode to encrypt packets. Advanced Encryption Standard (AES) and Data Encryption Standard (DES) are private key encryption standards that can be used to protect the confidentiality of file contents. A Certification Authority (CA) creates and manages digital certificates, which contain digital signatures and identification information for the owners of the digital signatures. "

"Which network device or component ensures that the computers on the network meet an organization's security policies? A NAT B IPsec C DMZ D NAC "

" Answer: NAC Explanation: Network Access Control (NAC) ensures that the computer on the network meet an organization's security policies. NAC user policies can be enforced based on the location of the network user, group membership, or some other criteria. Media access control (MAC) filtering is a form of NAC. Network Address Translation (NAT) is an IEEE standard that provides a transparent firewall solution between an internal network and outside networks. Using NAT, multiple internal computers can share a single Internet interface and IP address. Internet Protocol Security (IPsec) is a protocol that secures IP communication over a private or public network. IPSec allows a security administrator to implement a site-to-site VPN tunnel between a main office and a remote branch office. A demilitarized zone (DMZ) is a section of a network that is isolated from the rest of the network with firewalls. Servers in a DMZ are more secure than those on the regular network. When connecting to a NAC, the user should be prompted for credentials. If the user is not prompted for credentials, the user's computer is missing the authentication agent."

"You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA). You want to ensure that no unauthorized wireless access points are established. What should you do? A Change the two wireless networks to WPA2. B Change the two wireless networks to WEP. C Periodically complete a site survey. D Disable SSID broadcasts for the two wireless networks. "

" Answer: Periodically complete a site survey. Explanation: You should periodically complete a site survey to ensure that no unauthorized wireless access points are established. Site surveys generally produce information on the types of systems in use, the protocols in use, and other critical information. You need to ensure that hackers cannot use site surveys to obtain this information. To protect against unauthorized site surveys, you should change the default Service Set Identifier (SSID) and disable SSID broadcasts. Immediately upon discovering a wireless access point using a site survey, you should physically locate the device and disconnect it. Site surveys are also used to analyze antenna placement. To ensure that no unauthorized wireless access points are established, you should not change the two wireless networks to WPA2. This would increase the security for the two networks and prevent hackers from accessing the networks. However, it would not prevent an attacker from setting up a new wireless access point. You should not disable SSID broadcasts for the two wireless networks to ensure that no unauthorized wireless access points are established. The reason you would disable SSID broadcasts is to protect a wireless network from hackers and to prevent unauthorized site surveys. Disabling the SSID broadcast on an existing network CANNOT prevent the establishment of new wireless access points. When adding a new access point, you should ensure that you correctly configure the new access point, especially if other wireless access points are already in use in the area. If a new access point has intermittent problems with users connecting successfully and then being disconnected, the new access point could be interfering with an old access point. You would need to reconfigure the new access point. There are three main types of site surveys: Passive - a site survey application passively listens to wireless traffic to detect access points and measure signal strength and noise level. However, the wireless adapter being used for a survey is not associated with any WLANs. For system design purposes, one or more temporary access points are deployed to identify and quantify access point locations. Active - the wireless adapter is associated with one or several access points to measure round-trip time, throughput rates, packet loss, and retransmissions. Active surveys are used to troubleshoot wireless networks or to verify performance post-deployment. Predictive - a model of the RF environment, including location and RF characteristics of barriers like walls or large objects, is created using simulation tools. Therefore, temporary access points or signal sources can be used to gather information on propagation in the environment. The value of a predictive survey as a design tool versus a passive survey done with only a few access points is that modeled interference can be taken into account in the design."

"Management has requested that you ensure all firewalls are securely configured against attacks. You examine one of your company's packet-filtering firewalls. You have configured the following rules on the firewall: Permit all traffic to and from local hosts. Permit all inbound TCP connections. Permit all SSH traffic to linux1.kaplanit.com. Permit all SMTP traffic to smtp.kaplanit.com. Which rule will most likely result in a security breach? Permit all traffic to and from local hosts. Permit all inbound TCP connections. Permit all SSH traffic to linux1.kaplanit.com. Permit all SMTP traffic to smtp.kaplanit.com. "

" Answer: Permit all inbound TCP connections. Explanation: The Permit all inbound TCP connections filter will most likely result in a security breach. This rule is one you will not see in most firewall configurations. By simply allowing all inbound TCP connections, you are not limiting remote hosts to certain protocols. Security breaches will occur because of this misconfiguration. You should only allow those protocols that are needed by remote hosts, and drop all others. In most cases, permitting all traffic to and from local hosts is a common firewall rule. If you configure firewall rules regarding local host traffic, you should use extreme caution. It is hard to predict the type of traffic originating with your local hosts. If you decide to drop certain types of traffic, users may complain about being unable to reach remote hosts. Limiting certain types of traffic, such as SSH and SMTP traffic, to certain computers is a common firewall configuration. By using this type of rule, you can protect the other computers on your network from security breaches using those protocols or ports. Other common firewall packet filters include dropping inbound packets with the Source Routing option set, dropping router information exchange protocols, and dropping inbound packets with an internal source IP address. For the most part, filters blocking outbound packets with a specific external destination IP address are not used. Any time rules are implemented on a network, you are using rules-based management. With these rules, you specifically allow or deny traffic based on IP address, MAC address, protocol used, or some other factor"

"Your network contains four segments. Which network devices can you use to connect two or more of the LAN segments together? (Choose three.) A Hub B Router C Switch D Bridge E Repeater F Multiplexer "

" Answer: Router Switch Bridge Explanation: Bridges, switches, and routers can be used to connect multiple LAN segments. Bridges and switches operate at the Data Link layer of the OSI model (Layer 2), using the Media Access Control (MAC) address to send packets to their destination. Routers operate at the Network layer (Layer 3) by using IP addresses to route packets to their destination along the most efficient path. Hubs act as a central connection point for network devices on one network segment. They work at the Physical layer (Layer 1). Repeaters are used to extend the length of network beyond the cable's maximum segment distance. They take a received frame's signal and regenerate it to all other ports on the repeater. They also work at the Physical layer. An inverse multiplexer is used to connect several T1 lines together for fault tolerance purposes. The multiplexer is placed at both ends of the connection. "

"Your company has a UNIX computer. Several users have requested remote access to this server. You need to implement a solution that transmits encrypted authentication information over a secure communications channel and transmits data securely during terminal connections with UNIX computers. Which technology should you use? A FTP B HTTP C SSH D Telnet "

" Answer: SSH Explanation: You should use Secure Shell (SSH). It transmits both authentication information and data securely during terminal connections with UNIX computers. SSH operates over port 22 by default. File Transfer Protocol (FTP) and Telnet transfer authentication information in clear text. Hypertext Transfer Protocol (HTTP) transfers data in clear text, and HTTP does not require authentication information. FTP uses ports 20 and 21 by default. Telnet uses port 23 by default. HTTP uses port 80 by default."

"You company needs to be able to provide employees as to a suite of applications. However, you do not want the employees to install a local copy of the applications. Which method should you use to deploy the suite of applications? virtualization Platform as a Service Software as a Service Infrastructure as a Service "

" Answer: Software as a Service Explanation: You should use Software as a Service (SaaS) to deploy the suite of applications. This will ensure on-demand, online access to the suite without the need for local installation. Another example of this type of cloud computing deployment is when a company needs to give employees access to a database but cannot invest in any more servers. WebMail is an example of this cloud computing type. Virtualization hosts one or more operating systems (OSs) within the memory of a single host computer. This mechanism allows virtually any OS to operate on any hardware and allows multiple OSs to work simultaneously on the same hardware. Virtualization would not be the best choice here because it would limit the number of users who could access the application suite. In addition, the performance of the virtual machine would decline as more users simultaneously access the application suite. Platform as a Service (PaaS) is not the best choice here. PaaS is a platform that provides not only a deployment platform but also a value added solution stack and an application development platform. It provides customers with an operating system that is easy to configure. It is on-demand computing for customers. Infrastructure as a Service (IaaS) is not the best choice in this situation. IaaS is a platform that provides computer and server infrastructure typically provided as a virtualization environment. The platform would provide the ability for consumers to scale their infrastructure up or down by demand and pay for the resources consumed. This cloud computing model provides the greatest flexibility but requires a greater setup and maintenance overhead than the other cloud computing models. Cloud computing has three main models: SaaS, PaaS, and IaaS. The security control that is lost when using cloud computing is physical control of the data. The main difference between virtualization and cloud computing is location and ownership of the physical components. When virtualization is used, a company uses their own devices to set up a virtual machine. When cloud computing is used, a company pays for access to another company's devices. Other cloud technologies that you need to be familiar with include the following: Private cloud - a cloud infrastructure operated solely for a single organization that can be managed internally or by a third party, and hosted internally or externally Public cloud - when the cloud is rendered over a network that is open for public use Community cloud - shares infrastructure between several organizations from a specific community that can managed internally or by a third party, and hosted internally or externally Hybrid cloud - two or more clouds (private, community, or public) that remain unique entities but are bound together, offering the benefits of multiple deployment models "

"Management of your company wants to allow the departments to share files using some form of File Transfer Protocol (FTP). You need to explain the different FTP deployments. By default, which FTP solution provides the LEAST amount of security? A FTP B FTPS C SFTP D TFTP "

" Answer: TFTP Explanation: The Trivial File Transfer Protocol (TFTP) provides the least amount of security. TFTP provides no authentication or encryption mechanism. TFTP uses port 69, by default. File Transfer Protocol (FTP) is considered more secure than TFTP because it can provide authentication and encryption mechanisms. FTP uses ports 20 and 21, by default. File Transfer Protocol Secure (FTPS) is a more secure version of FTP. FTPS uses the same commands as FTP. FTPS uses Secure Sockets Layer (SSL) for security. FTPS uses ports 989 and 990, by default. Secure File Transfer Protocol (SFTP) is the most secure version of FTP. This version is actually Secure Shell (SSH) with FTP capabilities. FTPS is more widely known than SFTP, but SFTP is more secure. SFTP uses port 22, by default."

"You need to ensure that a single document transmitted from your Web server is encrypted. You need to implement this solution as simply as possible. What should you do? A Use ActiveX. B Use JavaScript. C Use HTTPS. D Use S-HTTP. "

" Answer: Use S-HTTP. Explanation: You should use Secure HTTP (S-HTTP) to encrypt a single document from your Web server. This will allow the two computers to negotiate an encryption connection if this document needs to be transmitted. You should not use ActiveX. ActiveX customizes controls, icons, and other Web-enabled systems to increase their usability. ActiveX components and controls are downloaded to the client. JavaScript is a programming language that allows access to resources on the system running the JavaScript. JavaScript scripts can be downloaded from a Web site and executed. HTTP Secure (HTTPS) is used to encrypt an entire channel using private key encryption. It is used to encrypt all information between two computers. "

"Often the sales people for your company need to connect some wireless devices together without having an access point available. You need to set up their laptops to ensure that this communication is possible. Which communications mode should you use? ad hoc infrastructure transport tunnel "

" Answer: ad hoc Explanation: You should use ad hoc, which is an 802.11b communications mode that enables wireless devices to communicate directly. The 802.11b wireless networking technology is sometimes referred to as WiFi. In infrastructure mode, 802.11b devices must communicate through wireless access points. Transport and tunnel modes are provided by Internet Protocol Security (IPSec) to transmit Internet Protocol (IP) packets securely. "

"Which type of monitoring is most likely to produce a false alert? misuse-detection-based anomaly-based behavior-based signature-based "

" Answer: anomaly-based Explanation: Anomaly-based monitoring is most likely to produce a false alert. With anomaly-based monitoring, alerts occur where there are any deviations from normal behavior. Deviations from normal behavior will normally occur but are not always indications of a possible attack. With this type of monitoring, there is an initial learning period before anomalies can be detected. Once the baselines are established, anomaly-based monitoring can detect anomalies. Sometimes the baseline is established through a manual process. Misuse-detection-based monitoring is the same as signature-based monitoring. Signature-based monitoring is more likely to give you a false sense of security rather than a false alert. Signature-based monitoring relies upon a database that contains the identities of possible attacks. This database is known as the signature database. Signature-based monitoring watches for intrusions that match a known identity or signature. Signature-based monitoring requires that updates be regularly obtained to ensure effectiveness. Behavior-based monitoring is not likely to produce a false alert because you defined non-acceptable behavior. It is more susceptible to giving you a false sense of security. It is only as strong as the behaviors you have defined. If you do not properly define inappropriate behaviors, then attacks can occur. Behavior-based monitoring looks for behavior that is not allowed and acts accordingly. When you define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted, you are using behavior-based monitoring. "

"You have been hired as a company's network administrator. The company's network currently uses statically configured IPv4 addresses. You have been given a list of addresses that are used on the network that include the addresses listed in the options. However, you are sure that some of these addresses are NOT IPv4 addresses. Which addresses are not valid? 192.1.0.1 169.254.0.10 fe80::200:f8ff:fe21:67cf 00-0C-F1-56-98-AD "

" Answer: fe80::200:f8ff:fe21:67cf 00-0C-F1-56-98-AD Explanation: The fe80::200:f8ff:fe21:67cf address is an IPv6 address. The 00-0C-F1-56-98-AD address is a MAC address, which is hard-coded into the network interface card (NIC) by the manufacturer. The 169.254.0.10 and 192.1.0.1 addresses are both valid IPv4 addresses."

"You need to ensure that wireless clients can only communicate with the wireless access point and not with other wireless clients. What should you implement? PEAP LEAP SSID isolation mode "

" Answer: isolation mode Explanation: You should implement isolation mode. This mode ensures that wireless clients can only communicate with the wireless access point and not with other wireless clients. This is also referred to as client isolation mode. Protected Extensible Authentication Protocol (PEAP) is a secure password-based authentication protocol created to simplify secure authentication. Lightweight Extensible Authentication Protocol (LEAP) is an authentication protocol used exclusively by Cisco. Cisco is slowly transitioning from using its proprietary LEAP protocol to using PEAP because LEAP is not as secure as PEAP. A Service Set Identifier (SSID) is a wireless network's name."

"Which type of firewall only examines the packet header information? A stateful firewall B kernel proxy firewall C packet-filtering firewall D application-level proxy firewall "

" Answer: packet-filtering firewall Explanation: A packet-filtering firewall only looks at a data packet to obtain the source and destination addresses and the protocol and port used. This information is then compared to the configured packet-filtering rules to decide if the packet will be dropped or forwarded to its destination. A packet-filtering firewall only examines the packet header information. Packet-filtering firewalls are based on access control lists (ACLs). They are application independent and operate at the Network layer of the OSI model. They cannot keep track of the state of the connection. A stateful firewall usually examines all layers of the packet to compile all the information for the state table. A kernel proxy firewall examines every layer of the packet, including the data payload. An application-level proxy firewall examines the entire packet. "

"Which type of monitoring requires that updates be regularly obtained to ensure effectiveness? network-based anomaly-based behavior-based signature-based "

" Answer: signature-based Explanation: Signature-based monitoring requires that updates be regularly obtained to ensure effectiveness. Signature-based monitoring watches for intrusions that match a known identity or signature when checked against a database that contains the identities of possible attacks. This database is known as the signature database. Network-based monitoring is attached to the network in a place where it can monitor all network traffic. It implements passive and active responses. Passive responses include logging, notification, and shunning. Active responses include terminating processes or sessions, network configuration changes, and deception. Anomaly-based monitoring detects activities that are unusual. With this type of monitoring, there is an initial learning period before anomalies can be detected. Once the baselines are established, anomaly-based monitoring can detect anomalous activities. Sometimes the baseline is established through a manual process. Behavior-based monitoring looks for behavior that is not allowed and acts accordingly. "

"What is the purpose of content inspection? A to distribute the workload across multiple devices B to search for malicious code or behavior C to filter and forward Web content anonymously D to identify and block unwanted messages "

" Answer: to search for malicious code or behavior Explanation: The purpose of content inspection is to search for malicious code or suspicious behavior. The purpose of load balancing is to distribute the workload across multiple devices. Often DNS servers are load balanced to ensure that DNS clients can obtain DNS information as needed. Other services are load balanced as well. Load balancers optimize and distribute data workloads across multiple computers or networks. The purpose of an Internet or Web proxy is to filter and forward Web content anonymously. The purpose of a spam filter is to identify and block unwanted messages. Spam filters should be configured to prevent employees from receiving unsolicited e-mail messages. Another type of hardware that is similar to a spam filter is an all-in-one security appliance. This device filters all types of malicious, wasteful, or otherwise unwanted traffic. Many all-in-one security appliances include a component that performs content inspection and malware inspection. These appliances usually also include a URL filter feature that allows administrators to block and allow certain Web sites. For example, the URL filter in an all-in-one security appliance could be configured to restrict access to peer-to-peer file sharing Web sites. "

" You must configure the routers on your network to ensure that appropriate communication is allowed between the subnetworks. Your configuration must allow multiple protocols to communicate across the routers. Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column on the right to match the protocol with the correct default port. Missing Image"

" Explanation: The protocols given use these default ports: Port 21 - FTP Port 110 - POP3 Port 143 - IMAP Port 443 - HTTPS Port 3389 - RDP FTP also uses port 20, but it was not listed in this scenario."

"You are responsible for managing security for a network that supports multiple protocols. You need to understand the purpose of each of the protocols that are implemented on the network. Match each description with the protocol that it BEST fits. Missing Image"

" Explanation: The protocols should be matched with the descriptions in the following manner: IPSec - A tunneling protocol that provides secure authentication and data encryption SNMP - A network management protocol that allows communication between network devices and the management console SFTP - A file transferring protocol that uses SSH for security FTPS - A file transferring protocol that uses SSL for security"

"You are configuring a wireless access point in the network shown in the following exhibit: The access point must use the most secure encryption method with RADIUS. You need to configure the Security section of the access point. Match the options on the left with the settings given on the right. Not all options will be used. Missing Image"

" Explanation: The wireless access point settings should be matched in the following manner: Security Mode - WPA2 Enterprise Encryption - AES RADIUS Server - 192.168.0.4 RADIUS Port - 1812 WPA2-Enterprise is the strongest security mode. The AES encryption standard is stronger than the TKIP encryption protocol. AES is a symmetric-key standard, formerly called Rijndael, based on CCMP encryption. TKIP is the default standard used with the WPA security mode. The AAA server is the Remote Authentication Dial In User Service (RADIUS) server, so you should use its IP address and port for the RADIUS server configuration. You should not use any MAC addresses in the security configuration. MAC addresses are used to configure MAC filtering. "

"A server is located on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall? A 20 B 80 C 110 D 443 "

"Answer: 20 Explanation: FTP uses ports 20 and 21 by default, so port 20 should be opened on the Internet side of the demilitarized zone (DMZ) firewall to enable the server to provide FTP services. The firewall will then allow FTP traffic through, but no other port traffic will be allowed to enter the DMZ. Only necessary ports should be opened on the Internet side of a DMZ firewall in order to limit hackers' abilities to access the internal network. Port 80 is used by Hypertext Transfer Protocol (HTTP) to transfer Web pages. Port 110 is used by the Post Office Protocol (POP), and port 443 is used by Secure Sockets Layer (SSL). "

"Your company management has recently purchased a RADIUS server. This RADIUS server will be used by remote employees to connect to internal resources. You need to ensure that multiple client computers, including Windows Vista and Windows 7, are able to connect to the RADIUS server in a secure manner. What should you deploy? A flood guard B 802.1x C unified threat management D VLAN "

"Answer: 802.1x Explanation: You should deploy 802.1x to allow remote employees to connect to internal resources via a RADIUS server. Implementing 802.1x would allow a company to reduce the exposure of sensitive systems to unmanaged devices on internal networks. 802.1x can also be used on wired networks to segment traffic intended for the wireless access point. For example, if a company has several conference rooms with wired network jacks that are used by both employees needing access to internal resources and guests needing access to the Internet only, you should implement 802.1x and VLANs. 802.1x is an good solution if you need to make sure that only devices authorized to access the network would be permitted to log in and utilize resources. Flood guards are devices that protect against Denial of Service (DoS) attacks. Unified threat management devices are devices that integrate a traditional firewall with network firewalling, intrusion prevention, antivirus (AV), anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting. A virtual LAN (VLAN) is a virtual subnetwork that is configured using a switch. This allows administrators to isolate network clients on their own subnetwork. Any remote employees that are allowed to access local resources should be given specialized security training. This training should include guidelines on the types of network that they can use. For example, remote users should NEVER access a corporate VPN or other resources over an unsecure wireless network. Accessing a VPN over open wireless can result in major security issues. "

"Your organization purchases a set of offices adjacent to your current office. You need to broaden the area to which a wireless access point (AP) can transmit. What should you do? A Maximize the power level setting. B Relocate the AP. C Adjust the power level setting slightly higher. D Change the channel used by the AP. "

"Answer: Adjust the power level setting slightly higher. Explanation: You should adjust the power level setting for the AP to a slightly higher setting. After changing the power level setting, you should reboot the AP. The only way to gain more coverage for an AP is to increase the power level. You should not maximize the power level setting. This might create an area that is larger than you intended. You should not relocate the AP. While this will alter the area covered by the AP, it will not actually make the area any larger and may actually prevent coverage in areas that were covered in the previous location. You should not change the channel used by the AP. This is what you should do if you find that two wireless APs are interfering with each other because they use the same channel."

"Which statement is NOT a characteristic of a network-based intrusion detection system (NIDS)? A An NIDS monitors real-time traffic. B An NIDS analyzes encrypted information. C An NIDS analyzes network packets for intrusion. D An NIDS does not monitor individual workstations in a network. "

"Answer: An NIDS analyzes encrypted information. Explanation: The primary disadvantage of an NIDS is its inability to analyze encrypted information. For example, the packets that traverse through a Virtual Private Network (VPN) tunnel cannot be analyzed by the NIDS. An NIDS would most likely be used to detect, but not react to, behavior on the network. An NIDS can monitor either a complete network or some portions of a segregated network. It remains passive while acquiring the network data. For example, an intrusion detection system (IDS) can monitor real-time traffic on the internal network or a de-militarized zone (DMZ). In a DMZ, public servers, such as e-mail, DNS, and FTP servers, are hosted by an organization to segregate these public servers from the internal network. An NIDS monitors real-time traffic over the network, captures the packets, and analyzes them either through a signature database or against the normal traffic pattern behavior to ensure that there are no intrusion attempts or malicious threats. NIDS finds extensive commercial implementation in most organizations. An NIDS can help identify smurf attacks. NIDS does not monitor specific workstations. A host-based IDS (HIDS) monitors individual workstations on a network. An intrusion detection agent should be installed on each individual workstation of a network segment to monitor any security breach attempt on a host. "

"Your company has decided to deploy a new wireless network at a branch office. This branch office is located in a busy commercial district. Management has asked you to fully assess the external vulnerabilities of the wireless network before it is deployed. Which three conditions should you assess? (Choose three.) A Number of users B Antenna selection C Antenna placement D Access point power E Speed of connection F Captive portals "

"Answer: Antenna selection Antenna placement Access point power Explanation: Antenna selection (such as the use of directional versus omnidirectional antennas) plays an important role in protecting a wireless network. Using a directional antenna can limit the area that is covered by the antenna. Antenna placement will also have an effect on the vulnerabilities of a wireless system. Antennas should be placed as far away from exterior walls as possible. Otherwise, the signal will go outside the building. This allows anyone outside the building to attach to your network. That is why RADIUS and other technologies are required for wireless networks. The power of the access points should be adjusted to a level that is just strong enough for the operation of the network, but not so strong that signals escape to the outside of the building. You should reduce power levels for better security to ensure that the signal does not extend beyond its needed range. The number of users and the speed of the connection will not cause external vulnerabilities to a wireless system. The number of user addresses is, however, a cause of external vulnerabilities. Captive portals are a type of wireless access point that only permits Internet access to authenticated users. While an organization may want to deploy this solution, it is not necessary to assess this as an external vulnerability. You should ensure that any wireless network that you deploy is properly protected from unauthorized users. Usually this just involves deploying the network using the WPA or WPA2 protocol. If you use WEP, unauthorized users can easily gain access to your network. You should also be careful as to which internal resources are connected to the wireless network without deploying the appropriate security hardware, such as a firewall."

"You have been hired as a security consultant by a new small business. The business owner wants to implement a secure Web site. You suggest that the Web pages be secured using SSL. Which protocol should be used? A HTTPS B L2TP C PPTP D SPX "

"Answer: HTTPS Explanation: Hypertext Transfer Protocol Secure (HTTPS) should be used because it securely transmits Web pages over Secure Sockets Layer (SSL). HTTPS operates over port 443 by default. Sequenced Packet Exchange (SPX) is the connection-oriented transport protocol provided on Internetwork Packet Exchange (IPX)/SPX networks. Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) create secure tunnels through the public Internet. PPTP operates over port 1723 by default. L2TP operates over port 1701 by default. "

"You work for a company that installs networks for small businesses. During a recent deployment, you configure a network to use the Internet Protocol Security (IPSec) protocol. The business owner asks you to explain why this protocol is being used. Which three are valid reasons for using this protocol? (Choose three.) A IPSec can work in either tunnel mode or transport mode. B IPSec uses Encapsulation Security Payload (ESP) and Authentication Header (AH) as security protocols for encapsulation. C The IPSec framework uses L2TP as the encryption protocol. D The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions. E IPSec ensures availability of information as a part of the CIA triad. "

"Answer: IPSec can work in either tunnel mode or transport mode. IPSec uses Encapsulation Security Payload (ESP) and Authentication Header (AH) as security protocols for encapsulation. The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions. Explanation: Internet Protocol Security (IPSec) can operate in either tunnel mode or transport mode. In transport mode, only the message part of a packet (the payload) is encrypted by Encapsulating Security Payload (ESP). In IPSec tunnel mode, the entire packet including the packet header and the routing information is encrypted. IPSec tunnel mode provides a higher level of security than transport mode. Either of the two modes can be used to secure either gateway-to-gateway or host-to-gateway communication. If used in gateway-to-host communication, the gateway must act as the host. IPSec uses ESP and Authentication Header (AH) as security protocols. AH provides the authentication mechanism, and ESP provides encryption, confidentiality, and message integrity. IPSec sets up a secure channel that uses a strong encryption and authentication method between two network devices, such as routers, VPN concentrators, and firewalls. IPSec can provide security between any two network devices running IPSec, but its chief implementation is in securing virtual private network (VPN) communications. IPSec provides security by protecting against traffic analysis and replay attacks. IPSec is primarily implemented for data communication between applications that transfer data in plain text. IPSec secures the network device against attacks through encryption and encapsulation. The IPSec does not use the L2TP protocol to encrypt messages. L2TP is used for secure communication in VPN networks and is a hybrid of L2F and PPTP. IPSec ensures integrity and confidentiality of IP transmissions, but cannot ensure availability of the information. "

"Your company currently uses IPv4 addresses on its network. You need to convince your organization to start using IPv6 addresses. Which two reasons for changing should you give management? (Choose two.) A It has 4 billion available addresses B It has 340 undecillion available addresses C It uses 32-bit addresses D It uses 128-bit addresses "

"Answer: It has 340 undecillion available addresses It uses 128-bit addresses Explanation: IPv6 uses 128-bit IP addresses and allows for the use of 340 undecillion addresses. An IPv6 address uses a mixture of numbers and alphanumeric characters. IPv4 uses 32-bit addresses and allows for the use of 4 billion addresses. Internet Protocol (IP) is one of the protocols included in the Transmission Control Protocol/Internet Protocol (TCP/IP). "

"You are implementing a new VPN for your organization. You need to use an encrypted tunneling protocol that protects transmitted traffic and supports the transmission of multiple protocols. Which protocol should you use? A HTTP B HTTPS C FTP D L2TP over IPSec "

"Answer: L2TP over IPSec Explanation: You should use Layer 2 Tunneling Protocol (L2TP) over IPSec. When you implement L2TP over IPSec, it encrypts transmitted traffic on virtual private network (VPN) connections. L2TP supports multiple protocols, such as Transmission Control Protocol (TCP), Internet Protocol (IP), Internetwork Packet Exchange (IPX), and Systems Network Architecture (SNA). L2TP is based on two older tunneling protocols: Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F). Hypertext Transfer Protocol (HTTP) transmits information in clear text. Hypertext Transfer Protocol Secure (HTTPS) uses Secure Sockets Layer (SSL) to encrypt HTTP traffic. HTTPS only supports the encryption of HTTP traffic. File Transfer Protocol (FTP) transmits data in clear text. HTTP uses port 80, and HTTPS uses port 443."

"During maintenance, you often discover invalid devices connected to your wireless network. You need to ensure that only valid corporate devices can connect to the network. What should you configure to increase the security of this wireless network? A SSID broadcast B war driving C rogue access points D MAC filtering "

"Answer: MAC filtering Explanation: To increase the security of this wireless network, you should configure Media Access Control (MAC) filtering. With this filtering, the MAC address of each network interface card (NIC) that attempts to connect to the network is checked. Only MAC addresses that are specifically allowed connection are granted connection. When configuring MAC filtering, you should set up an access control list (ACL). Some access points also allow you to configure MAC filtering for those addresses that should be denied access. But always keep in mind that the MAC addresses will need to be entered manually. MAC filtering is easily vulnerable to spoofing because MAC address information is sent unencrypted. An attacker then discovers the address and impersonates an approved device. If a user is able to connect to a wireless network using one mobile device but not another, the most likely cause is that MAC filtering is enabled. MAC filtering can be used to both allow access and deny access. The following examples are both types of entries on a router: PERMIT 0A:1:FA:B1:03:37 and DENY 01:33:7F:AB:10:AB. A service-set identifier (SSID) broadcast actually decreases security in a wireless network. If the SSID is broadcast, any wireless NICs in the proximity can locate the network. If you disable SSID broadcast, you increase the security of your network, and users will have to type the SSID to connect. However, it does not prevent invalid devices from connecting to the network. War driving is a technique used to discover wireless networks. Once intruders locate your wireless network, they attempt to hack into your system. Rogue access points are wireless access points that have been connected to your network without authorization. This decreases the security of your network. A site scan can be used to determine if you have rogue access points. For example, if your company is located in a building with three wireless networks, you have a rogue access point if a quarterly scan showed the following results: CorpPrivate - Connected Channel 1 - 70dbm CorpPublic - Connected Channel 5 - 80dbm CorpResearch - Connected Channel 3 - 75dbm CorpDev - Connected Channel 6 - 95dbm Radio frequency interference (RFI) can cause wireless network problems. It can come from cordless phones, microwaves, and other equipment. For example, if your wireless network is frequently dropping connections, you could have a cordless phone interfering with the wireless access point. "

" At which layer of the OSI model do routers operate? A Session B Network C Physical D Data-link E Transport "

"Answer: Network Explanation: Routers operate at the Network layer (Layer 3) of the OSI networking model. They use source and destination addresses, which are located at the Network layer, to route packets. Switches use MAC addresses, which are located at the Data Link layer, to forward frames. The Data Link layer is Layer 2. The Session layer (Layer 5) starts, maintains, and stops sessions between applications on different network devices. The Physical layer (Layer 1) provides the functions to establish and maintain the physical link between network devices. Repeaters work at the Physical layer. The Transport layer (Layer 4) of the OSI model segments and reassembles data into a data stream and provides reliable and unreliable end-to-end data transmission. Bridges work at the Data Link layer (Layer 2)."

"Your company has decided to deploy a data storage network solution. You have been asked to research the available options and report the results, including deployment cost, performance, and security issues. Which of the following solutions should NOT be included as part of your research? A iSCSI B Fibre Channel C RAID D FCoE "

"Answer: RAID Explanation: RAID is a data storage solution that combines multiple physical drives into a single unit. The drives in the RAID configuration all reside in the same physical computer. iSCSI, Fibre Channel, and Fibre Channel over Ethernet (FCoE) are all data storage network solutions that allow you to link data storage locations. "

"You manage the security for a small corporate network that includes a hub and firewall. You want to provide protection against traffic sniffing. What should you do? Replace the hub with a switch. Replace the hub with a repeater. Implement filters on the hub. Implement access control lists (ACLs) on the hub. "

"Answer: Replace the hub with a switch. Explanation: You should replace the hub with a switch. This will provide some protection against traffic sniffing. In a network that uses hubs, packets are visible to every node on the network. When switches are used, the packets are forwarded only to the host for which the packet is intended because a switch does not forward packets out all of its ports. This prevents the ability of users on the same network from viewing each other's traffic, thereby providing some level of protection against traffic sniffing. Traffic sniffing captures data packets not intended for the sniffer. A network-based intrusion detection system (IDS) can be used to capture packets on a switch. You should not replace the hub with a repeater. A repeater receives a signal and repeats it, thereby ensuring the signal degradation does not occur. A repeater cannot protect against traffic sniffing by itself. You cannot implement filters or ACLs on a hub. Implementing filters and ACLs on switches or routers provides a means whereby traffic is allowed or prevented, and then forwarded to the appropriate node. Applying filters to routers can protect against Internet Protocol (IP) spoofing attacks. "

"One department in your company needs to be able to easily transfer files over a secure connection. All of the files are stored on a UNIX server. You have been asked to suggest a solution. Which protocol should you suggest? FTP SCP SSH Telnet "

"Answer: SCP Explanation: You should suggest that the department use Secure Copy (SCP). This protocol is used on UNIX networks to transfer files over a secure connection and operates at OSI layer 7. SCP uses SSH and operates over port 22 by default. File Transfer Protocol (FTP) is used to transfer files in clear text, which is not secure. FTP also transfers authentication information in clear text. FTP operates over ports 20 and 21 by default. Secure Shell (SSH) enables users to establish secure terminal connections with Unix computers, but does not allow the transfer of files. It requires SCP to transfer files. SSH operates over port 22 by default. Telnet enables users to establish nonsecure clear text terminal connections with UNIX computers. Telnet also transmits authentication information in clear text. Telnet operates over port 23 by default. To enhance network security, you should disable all unnecessary services and protocols on all server and client computers on a network because they pose a risk. "

"Recently, your company's network has been attacked from outside the organization. The attackers then changed the configuration of several network devices. Management has asked you to monitor network devices on a regular basis. Which protocol should you deploy? A SMTP B SNMP C DHCP D DNS "

"Answer: SNMP Explanation: You should deploy Simple Network Management Protocol (SNMP) to monitor network devices and the devices' parameters. It uses port 161 to communicate. SNMP allows an administrator to set device traps. Simple Mail Transfer Protocol (SMTP) is used for e-mail over port 25 by default. Dynamic Host Configuration Protocol (DHCP) is used to dynamically assign IP addresses over ports 67 and 68 by default. Domain Name System (DNS) is used to manage IP address to host name mappings. If a power failure or attack occurs, administrators should have a plan for restoring the servers. In most cases, you should bring your DNS or BIND server up first to ensure that Internet communication is restored and that the other servers can connect to the Internet. "

" A small business owner wants to be able to sell products over the Internet. A security professional suggests the owner should use SSL. Which statement is NOT true of this protocol? A SSL is used to protect Internet transactions. B SSL version 2 provides client-side authentication. C SSL operates at the Network layer of the OSI model. D SSL with TLS supports both server and client authentication. E SSL has two possible session key lengths: 40 bit and 128 bit. "

"Answer: SSL operates at the Network layer of the OSI model. Explanation: The secure sockets layer (SSL) protocol does not operate at the Network layer (Layer 3) of the Open Systems Interconnection (OSI) model. It operates at the Transport layer (Layer 4). It works in conjunction with the Hypertext Transfer Protocol (HTTP) that operates at the Session layer to provide secure HTTP connections. SSL is used to protect Internet transactions. It was developed by Netscape. When SSL is used, the browser address will have the https:// prefix, instead of the http:// prefix. SSL version 2 provides client-side authentication. SSL with TLS supports both server and client authentication. SSL uses public key or symmetric encryption, and provides data encryption and sever authentication. To enable SSL to operate, the server and the client browser must have SSL enabled. SSL has two possible session key lengths: 40 bit and 128 bit. The main advantage of SSL is that SSL supports additional application layer protocols, such as FTP and NNTP. HTTP does not. SSL establishes a secure communication connection between two TCP-based computers. Transport layer security (TLS) is a security protocol that combines SSL and other security protocols. A common implementation of SSL is wireless transport layer security (WTLS) for wireless networks. WTLS transmission is required to traverse both wired and wireless networks. Therefore, the packets that are decrypted at the gateway are required to be re-encrypted with SSL for use over wired networks. This is a security loophole referred to as the Wap Gap security issue. If SSL is being used to encrypt messages that are transmitted over the network, a major concern of the security professional is the networks that the message will travel that the company does not control. Worldwide Internet security achieved a milestone with the signing of certificates associated with SSL. "

"Your company implements an Ethernet network. During a recent analysis, you discover that network throughput capacity has been wasted as a result of the lack of loop protection. What should you deploy to prevent this problem? A STP B TTL C flood guards D network separation "

"Answer: STP Explanation: You should deploy spanning tree protocol (STP). The primary loop protection on an Ethernet network is STP. The problem with looping is the waste of network throughput capacity. STP can help mitigate the risk of Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches. Time To Live (TTL) is the primary loop protection on an IP network. Flood guards are devices that protect against Denial of Service (DoS) attacks. Network separation is a technique that is used to prevent network bridging. Network bridging can cause performance issues in the network. You can employ network separation by using routers or firewalls to implement IP subnets. Often routers or switches are the main network devices on an Ethernet network. Switches are considered more secure than routers. Secure router configuration is a must when routers are deployed. A secure router configuration is one where malicious or unauthorized route changes are prevented. To do this, complete the following steps: Configure the router's administrator password to something unique and secret. Configure the router to ignore all Internet Control Message Protocol (ICMP) type 5 redirect messages. Implement a secure routing protocol that requires authentication and data encryption to exchange route data. Configure the router with the IP addresses of other trusted routers with which routing data can be exchanged. "

"Which tool is an intrusion detection system (IDS)? A Snort B Nessus C Tripwire D Ethereal "

"Answer: Snort Explanation: Snort is an intrusion detection system (IDS). Nessus is a vulnerability assessment tool. Tripwire is a file integrity checker. Ethereal is a network protocol analyzer"

"You need to implement security countermeasures to protect from attacks being implemented against your PBX system via remote maintenance. Which policies provide protection against remote maintenance PBX attacks? (Choose all that apply.) A Turn off the remote maintenance features when not needed. B Use strong authentication on the remote maintenance ports. C Keep PBX terminals in a locked, restricted area. D Replace or disable embedded logins and passwords. "

"Answer: Turn off the remote maintenance features when not needed. Use strong authentication on the remote maintenance ports. Keep PBX terminals in a locked, restricted area. Replace or disable embedded logins and passwords. Explanation: You should implement all of the given policies to provide protection against remote maintenance PBX attacks. You should turn off the remote maintenance features when not needed and implement a policy whereby local interaction is required for remote administration. You should use strong authentication on the remote maintenance ports. This will ensure that authentication traffic cannot be compromised. You should keep PBX terminals in a locked, restricted area. While this is more of a physical security issue, it can also affect remote maintenance attacks. If the physical security of a PBX system is compromised, the attacker can then reconfigure the PBX system to allow remote maintenance. You should replace or disable embedded logins and passwords. These are usually configured by the manufacturer to allow back door access to the system. "

"While performing routine network monitoring for your company, you notice a lot of IPSec traffic. When you report your findings to management, management wants you to explain the high amount of IPSec traffic. What is a common implementation of this protocol that you should mention? A EDI B VPN C SET D SSL "

"Answer: VPN Explanation: Internet Protocol Security (IPSec) is a security standard commonly implemented to create virtual private networks (VPNs). IPSec allows packets to be securely exchanged over the Internet Protocol (IP) at the Network layer (Layer 3) rather than at the Application layer (Layer 7) of the Open Systems Interconnection (OSI) model. The Internet Engineering Task Force (IETF) developed the standard, but Cisco has contributed to its emergence. Cisco routers have support for IPSec built into the product. IPSec supports two encryption modes: transport and tunnel. Transport mode encrypts only the data portion of each packet, but not the header information. Tunnel mode encrypts both the header and the data. For IPSec to work, the sending and receiving devices must share a public key. Exchange Data Interchange (EDI) is a protocol used to exchange business data in a standard format. Secure Electronic Transfer (SET) is used to provide security for credit card transactions. Secure Sockets Layer (SSL) is a security protocol that uses both encryption and authentication to protect data sent in network communications. VPNs are sometimes commonly referred to as tunnels. A VPN essentially consists of a VPN server, authentication, and encryption. The VPN software encrypts the session information, as well as most message information, including File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP) messages. The Data link layer information remains unaltered (Layer 2). The most effective attack against an IPSec-based VPN is a man in the middle attack."

"You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. The solution must be hardware based. Which type of network should you deploy? A a VPN B a VLAN C a DMZ D an extranet "

"Answer: a VLAN Explanation: You should deploy a virtual local area network (VLAN). This type of network can be used to ensure that internal access to other parts of the network is controlled and restricted. A VLAN is usually created using a switch. VLAN segregation protects each individual segment by isolating the segments. VLAN segregation is best used to prevent ARP poisoning attacks across a network. VLANs provide a layer of protection against sniffers, and can decrease broadcast traffic. Creating a VLAN is much simpler than using firewalls or implementing a virtual private network (VPN). A VLAN is a good solution if you need to separate two departments into separate networks. VLAN management is implemented at the switch to configure the VLANs and the nodes that are allowed to participate in a particular VLAN. You can configure a switch to allow only traffic from computers based upon their physical (MAC) address. A VPN is a private network that is implemented over a public network, such as the Internet. A demilitarized zone (DMZ) or screened subnet is a subnet on a LAN that is screened from the private network using firewalls and contains the publicly accessed servers, such as a Web server. An extranet is a secure network connection through the Internet that is designed for business-to-business communications. "

"What is a Web security gateway? A a device the filters all types of unwanted traffic B a device that blocks unwanted messages C a device that tunnels private communication over the Internet D a device that filters Web content "

"Answer: a device that filters Web content Explanation: A Web security gateway is a device that filters Web content. An all-in-one security appliance is a device that filters all types of unwanted traffic. A spam filter is a device that blocks unwanted messages. A VPN concentrator is a device that tunnels private communication over the Internet. "

"What is an embedded firewall? a firewall that is integrated into a router a firewall that is installed on a server operating system a black box device a component that is added to a hardware firewall "

"Answer: a firewall that is integrated into a router Explanation: An embedded firewall is integrated into a router. A software firewall is installed on a server operating system, such as Windows XP or Linux. A hardware firewall is a black box device, which is designed to be deployed on a network with a minimum of configuration and installation effort. An application firewall is an example of a component added to a hardware firewall. An application firewall is designed to filter traffic at the Application layer of the Open Systems Interconnection (OSI) model. "

"Which device is designed to provide the most efficient transmission of traffic that is NOT specifically denied between networks? a hub a router a firewall a repeater "

"Answer: a router Explanation: A router is a device that is designed to transmit all data that is not specifically denied between networks, and to do so in the most efficient manner possible. A router enables connectivity between two or more networks and can connect multiple network segments into one network. A firewall is a mechanism that is designed to deny transmission of data that is not specifically allowed. For example, a firewall can be configured to ensure that messages on a TCP/IP subnet stay local to the subnet. Additionally, a firewall can be used to restrict access to a private network from the Internet. A hub and a repeater are central network connection devices that are designed to transmit data between computers on the same subnet. Hubs and repeaters are not used to transmit data between subnets. "

"Which term is most commonly used to describe equipment that creates a demilitarized zone (DMZ)? router firewall active hub passive hub "

"Answer: firewall Explanation: A firewall is used to create a demilitarized zone (DMZ). A DMZ is a zone located between a company's internal network and the Internet that usually contains publically accessible servers. The DMZ implementation provides an extra security precaution to protect the resources on the company's internal network. Usually two firewalls are used to create a DMZ; one firewall resides between the public network and the DMZ, and another firewall resides between the DMZ and the private network. A router is used to create individual subnetworks on an Ethernet network. Routers operate at the Network layer of the OSI model (layer 3). While a firewall can also be a router, it is referred to as a firewall when it functions to create a DMZ. An active hub is used to connect devices in a star topology. An active hub has circuitry that allows signal regeneration. A passive hub connects devices in a star topology, but it does not provide any signal regeneration. A firewall is classified as a rule-based access control device. Rules are configured on the firewall to allow or deny packets passage from one network to another. The configuration of the rules is one of the biggest concerns for a firewall, because the rules can be very complex. Misconfiguration can easily lead to security breaches. Applying detailed instructions to manage the flow of network traffic at the edge of the network is implemented using firewall rules. These rules can allow or prevent traffic based on port, protocol, MAC address, or direction. A default rule found in a firewall's access control list (ACL) is Deny all. Filters are created according to the company's security policy. To provide maximum file security, firewalls should not run the Network Information System (NIS) file system. Compilers should be deleted from firewalls. "

" You must design the network for your company's new location. Which two considerations are important? (Choose two.) A number of hosts to support B number of domains to support C number of subnetworks needed D number of servers to support E number of Internet interfaces available "

"Answer: number of hosts to support number of subnetworks needed Explanation: When designing a network, you need to know the number of hosts to support and the number of subnetworks needed. These two considerations determine the subnetting scheme that your network requires. The number of domains to support, the number of servers to support, and the number of Internet interfaces available do not affect the network design. "

"Which term is synonymous with protocol analyzing? A packet sniffing B vulnerability testing C port scanning D password cracking "

"Answer: packet sniffing Explanation: Packet sniffing is synonymous with protocol analyzing. Both terms refer to the process of monitoring data transmitted on the network. They can also be called network analyzers. Packet sniffing can occur by installing the software on a network device. However, it can also occur by installing a rogue wireless access point, router, or switch on the network. If any hidden network devices are found, it is most likely the source of a packet sniffing attack. Vulnerability testing is the process of testing a computer or network for known vulnerabilities to discover security holes. Often security administrators perform vulnerability tests to discover security issues. They then use the reports from the tests to implement new security policies to protect against the issues found. Port scanning is the process of scanning TCP/IP ports to discover which network services are being used. Password cracking is the process of testing the strength of passwords. It is also referred to as password checking. "

"Your manager has asked you to improve network security by confining sensitive internal data traffic to computers on a specific subnet using access control lists (ACLs). Where should the ACLs be deployed? A firewalls B hubs C modems D routers "

"Answer: routers Explanation: The ACLs should be deployed on the routers. The ACLs will improve network security by confining sensitive data traffic to computers on a specific subnet. By implementing ACLs and rules, you can ensure that a secure router configuration is implemented, which will protect the routers and the subnets they manage. Firewalls are typically deployed on the public network interfaces. They typically are not involved in any internal traffic. Therefore, deployment ACLs on firewalls would not confine sensitive internal data traffic to computers on a specific subnet. A firewall is classified as a rule-based access control device. Rules are configured on the firewall to allow or deny packet passage from one network to another. Hubs are typically deployed to connect hosts in a network. Active hubs provide signal regeneration, while passive hubs do not. Hubs do not provide the ability to configure ACLs. Modems are typically deployed to provide phone line connections. Modems cannot control internal data traffic. However, they can provide security on the phone line connection. Another valid answer to the question that was not given is a switch. Switches are typically deployed to create virtual local area networks (VLANs). The switch isolates the VLAN from the rest of the network to provide better security for the VLAN. "

"Which type of intrusion detection system (IDS) watches for intrusions that match a known identity? A network-based IDS B anomaly-based IDS C behavior-based IDS D signature-based IDS "

"Answer: signature-based IDS Explanation: A signature-based IDS watches for intrusions that match a known identity or signature. All attack signatures are contained in a signature database. The signature database must be updated for a signature-based IDS to remain effective. A network-based IDS is attached to the network in a place where it can monitor all network traffic. It implements passive and active responses. Passive responses include logging, notification, and shunning. Active responses include terminating processes or sessions, network configuration changes, and deception. An anomaly-based IDS detects activities that are unusual. With this type of IDS, there is an initial learning period before anomalies can be detected. Once the baselines are established, an anomaly-based IDS can detect anomalous activities. Sometimes the baseline is established through a manual process. A behavior-based IDS detects behavior that is not allowed and acts accordingly. An IDS allows a security administrator to identify malicious activity after it has occurred. An intrusion prevention system (IPS) allows a security administrator to prevent malicious activity when it is attempted. "

"You are trying to decide which type of intrusion detection system (IDS) you should deploy to improve network security. Match the IDS description from the left with their appropriate IDS type on the right. Missing Image"

"Explanation: The IDS types should be matched with the descriptions in the following manner: Behavior-based - An IDS that uses a learned activity baseline to identify intrusion attempts Signature-based - An IDS that maintains an attack profile database to identify intrusion attempts Host-based - An IDS that only monitors a single particular device for intrusion attempts Network-based - An IDS that monitors an entire network segment for intrusion attempts Many IDS solutions actually employ multiple types to provide the greatest protection. Keep in mind that an IDS only detects intrusion attempts and employs the configured alerts to ensure that the intrusion attempts is recorded and reported. An intrusion prevention system (IPS) detects the intrusions and carries out steps to prevent the attack from being successful. "

"Match the wireless antenna types on the left with the descriptions given on the right. "

"Explanation: The antennas and their descriptions should be matched in the following manner: Omni - a multi-directional antenna that radiates radio wave power uniformly in all directions in one plane with a radiation pattern shaped like a doughnut Yagi - a directional antenna with high gain and narrow radiation pattern Sector - a directional antenna with a circle measured in degrees of arc radiation pattern Dipole - the earliest, simplest, and most widely used antenna with a radiation pattern shaped like a doughnut"

"Match the descriptions on the left with the cloud deployments on the right. Missing Image"

"Explanation: The cloud deployments should be matched with the descriptions in the following manner: Platform as a Service (PaaS) - Allows organizations to deploy Web servers, databases, and development tools in a cloud Software as a Service (SaaS) - Allows organizations to run applications in a cloud Infrastructure as a Service (IaaS) - Allows organizations to deploy virtual machines, servers, and storage in a cloud "

"Match the descriptions on the left with the network technologies on the right that it BEST matches. Missing image"

"Explanation: The network technologies should be matched with the descriptions in the following way: DMZ - A network that is isolated from other networks using a firewall VLAN - A network that is isolated from other networks using a switch NAT - A transparent firewall solution between networks that allows multiple internal computers to share a single Internet interface and IP address NAC - A network server that ensures that all network devices comply with an organization's security policy "

"You must deploy the appropriate hardware to satisfy the needs of an organization. The organization has a DMZ that must be fully protected from the Internet. The internal network must have an additional layer of security from the DMZ. The internal network contains two subnets (Subnet A and Subnet B) and two VLANs (named Research and Development). You need to deploy a total of four hardware devices. Drag the appropriate device to one of the four locations on the network exhibit. All four locations require a device."

"Explanation: You should deploy two firewalls, one router, and one switch in the network, as shown below: To protect the DMZ, you need to place a firewall between the DMZ and Internet. To protect the internal network, you need to place a firewall between the DMZ and internal network. The router needs to be placed so that it manages the two subnets and is connected to the switch. The switch must be deployed so that it connects to the two VLANs and the router. "

"Your network is configured as shown in the following exhibit: You need to configure the firewall to meet the following requirements: The Research computer should only be allowed to connect to the file server using SCP. The Sales computer should only be allowed to connect to the Web server using HTTPS. No other connections from the server network to the DMZ should be allowed. Move the firewall rules in the list from the left column to the right column, and place them in the correct order, starting with the first item at the top. All firewall rules may or may not be used. "

"Explanation: You should implement the following firewall rules: Source: 192.168.0.2 - Destination: 172.16.0.2 - Port: 22 - TCP - Allow Source: 192.168.0.3 - Destination: 172.16.0.3 - Port: 443 - TCP - Allow Source: 192.168.0.0/16 - Destination: 172.16.0.0/12 - Port: Any - TCP/UDP - Deny The Research computer at 192.168.0.2 can only connect to the file server if they are using the secure copy protocol (SCP). Because SCP operates over a secure shell (SSH) connection, it utilizes the same port as SSH, which is TCP port 22. Therefore, you should configure an Allow rule for the Research source with a destination of 172.16.0.2 over TCP port 22. TCP port 22 also handles secure file transfer protocol (SFTP) traffic and secure logins. UDP port 69 handles trivial file transfer protocol (TFTP). The Sales computer at 192.168.0.3 should only be allowed to connect to the Web server using HTTPS, which operates over TCP port 443. Therefore, you should configure an Allow rule for the source 192.168.0.3 and destination 172.16.0.3 on TCP port 443. No other connections from the server network to the DMZ should be allowed. Therefore, you should configure a Deny rule from the server network, which is 192.168.0.0/16, to the DMZ network at 172.16.0.0/12. TCP and UDP traffic should be denied on all (""any"") ports. TCP port 21 handles file transfer protocol (FTP) traffic. TCP port 80 handles hypertext transfer protocol (HTTP) traffic. Allowing traffic on these ports will not meet the scenario requirements. The first two rules can be configured in any order as long as both of them appear before the third rule. The Deny rule should be configured last to ensure that any of the allowed connections are not denied by the Deny rule. "

You are working with a company that has a Fast Ethernet 100Base-TX network. You will be adding several new network segments to the current network. Which standards apply to this company's network? (Choose three.)

100 Mbps data-transmission rate Two pairs of Category 5 UTP cabling

With an Ethernet 10BaseT network, the maximum cable length between a computer and the hub is:

100 meters

Your network follows the 100BaseTX specifications for Fast Ethernet. What is the maximum cable Segment length allowed?

100 meters

You have been tasked with designing a high-speed Ethernet network. Your client's building already has 150-ohm shielded twisted pair (STP) wiring installed. Due to budget constraints, they have asked you to reuse the testing wiring instead of installing new fiber-optic cabling

1000BaseCX

Which Gigabet Ethernet standards uses multimode fiber-optic cabling and supports network segments up to a maximum of 550 meters long?

1000BaseSX

Which of the following use the CSMA/CD access method?

1000BaseT 10BaseT

Which of the following Ethernet standards uses fiber optic cabling

100BaseFX 1000BaseLX

You would like to implement 10 Gbps Ethernet over a distance of 1 kilometer or greater. Which of the following would be the minimum requirement for the implementation?

100GBaseLR standards single mode fiber

You are looking at implementing several different 10GBase networks. You need to implement the one that offers the longest cable run because of the distances you must cover for your company's network. Which 10GBase specification should you select?

10GBaseER

Which of the following standards is used by SONET?

10GBaseLW

You have been tasked with designing an Ethernet network. Your client needs to implement a very high-speed network backbone between campus buildings; some of which are around 300m apart. Multimode fiber-optic cabling has already been installed between buildings Your client has asked that you use the existing cabling.

10GBaseSR 1000BaseSX

You have been hired as a network administrator. The company wants to implement a 10 Gigabit Ethernet designation for use with a SONET network. Which of the following should you implement?

10GBaseSW

You administer a TCP/IP network that is not subnetted. One of the network hosts has the following IP address: 130.250.0.10 What is the network ID of the network you administer?

130.250.0.0

Management has decided to implement a small private network for guests. The network will consist of Windows 7 computers that will only be able to access the other computers on the private network. You recommend that the small private network use APIPA addresses. Which is the following is a valid APIPA address?

169.254.2.120

You are configuring a new small office home office (SOHO) at a small insurance office. After documenting the network requirements, you decide to use Network Address Translation (NAT) so that only one public address will be needed. You want to use the IANA-designated private IP address range that provides host IP addresses with a maximum of 16 bits. What is a valid host IP address in this range?

192.168.0.1

You are planning a network for an educational campus. Due to the size of the buildings and the distance between them, you have elected to use 10BaseFl hubs, cabling, and network interface cards What is the maximum length for the network cable between a workstation and a hub?

2000meters

You administer your company's network, which is connected to the Internet. A firewall is configured between the company network and the Internet. You want to prevent users on the Internet from using HTTP to connect to computers on the company network. Which well-known TCP port should you block to prevent Internet users from entering the company's network on that port?

80

Your company decides to implement a WLAN for usage by visitors. Management has requested that you implement a WLAN that supports a maximum of 11 Mbps data rate. Which WLAN technology supports this data transmission rate?

802.11b

SCP

A protocol that allows files to be copied over a secure connection

Which IPSec configuration can be used to digitally sign and encapsulate each packet within another packet?

AH protocol in tunnel mode

You need to connect wireless devices to a wired local area network. Which device should you implement?

Access Point

What is the aim of security awareness training?

All employees must understand their security responsibilities.

Platform as a Service (PaaS)

Allows organizations to deploy Web servers, databases, and development tools in a cloud

Infrastructure as a Service (IaaS)

Allows organizations to deploy virtual machines, servers, and storage in a cloud

Software as a Service (SaaS)

Allows organizations to run applications in a cloud

Which statement is NOT a characteristic of a network-based intrusion detection system (NIDS)?

An NIDS analyzes encrypted information

Your company has decided to deploy a new wireless network at a branch office. This branch office is located in a busy commercial district. Management has asked you to fully assess the external vulnerabilities of the wireless network before it is deployed. Which three conditions should you assess?

Antenna selection Antenna placement Access point power

Which protocol is categorized as an Exterior Gateway Protocol (EGP)?

BGP

Your organization has several VLANs implemented on its network. The VLANs operate across several switches. What do all users on a VLAN have in common?

Broadcast domain

The media access control method of all Ethernet is

CSMA/CD

You manage the two-location network shows in the exhibit. workstation and servers at each location connect to a patch panel using behing-the-wall wiring. The patch panel then connects network hosts to one of three 1000BASE-T switches. Routers are implemented at each location to connect the two networks together using a private WAN. The switch ports have auto-MDIX disable.

Cat 6 Straight-through UTP Cat 6 straight-through UTP cat 6 crossover UTP single-mode fiber optic

You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war driving. You need to protect against this type of attack.

Change the default Service Set Identifier (SSID). Disable SSID broadcast. Configure the network to use authenticated access only. Configure the WEP protocol to use a 128-bit key.

You want to create a rollover cable that has an rj-45 connector on both ends. How should you connect the wires within the connectors?

Connect pin 1 with pin 3 and pin 2 to pin 6 and pin 4 to pin 5

You are troubleshooting a workstation that is not communicating with the network. You try a different port within the wiring closet hub, and this seems to fix the problem. What should you do next?

Connect to the network and try to transfer a file.

You want to connect the LAN port on a router to the uplink on a switch. The switch does not support auto-MDI. Which type of cable should you use?

Crossover

Use the exhibit to match the connector type on the left with the corresponding letter on the right

Db-25 db-9 rj45 rj11 lc bnc f-type

You need to deploy 802.1x authentication that supports client-side digital certificates for authentication with access points. Which technology should you deploy?

EAP-TLS

What is the term for a potential problem with some network transmission media, similar to the distortion of audio and video on a television set caused when a small appliance is operated nearby?

EMI

You are installing a known good NIC in a computer, and a spark jumps from your hand to the NIC. You install the NIC and discover that the NIC no longer operates correctly. What has most likely caused the NIC to malfunction?

ESD

Management has recently expressed concern over port security. You have been asked to ensure that all network ports are as secure as possible. Which of the following methods of port security should you implement? (Choose all that apply.)

Ensure that wiring closets are locked. Ensure that TCP and UDP ports are managed properly. Ensure that the MAC address of connected devices are monitored.

Ethernet 100BaseFX networks use what type of cabling

Fiber Optic

You have been called to troubleshoot a workstation problem in the oldest building on your company's corporate campus. The network workstations in that building are unreliable. When the room lights are on, connectivity is lost, but when the room lights are off, the network is functional. Upon arrival, you quickly survey the work environment. You observe the following conditions: Lighting consists mainly of fluorescent lights. Temperature is 65 degrees Fahrenheit (18 degrees Celsius). Humidity is 75%. Employees own space heaters, but they are not using them. Electrical outlets appear outdated. What is most likely causing the loss of connectivity?

Fluorescent lighting in the room

You have been hired as a security consultant by a new small business. The business owner wants to implement a secure Web site. You suggest that the Web pages be secured using SSL. Which protocol should be used?

HTTPS

You have been hired to assess the security needs for an organization that uses several Web technologies. During the assessment, you discover that the organization uses HTTPS, S-HTTP, ActiveX, and JavaScript. You need to rank these technologies based on the level of security they provide. Which of the technologies listed provides the highest level of security?

HTTPS

Which system detects network intrusion attempts and controls intruder access to the network?

IPS

Your organization is trying to increase network security. After a recent security planning meeting, management decides to implement a protocol that digitally signs packet headers and encrypts and encapsulates packets. Which protocol should you implement?

IPsec

You have two Web servers, named WebSrv1 and WebSrv2. You need to configure the Web servers so that they share the Web request load equally. What should you do?

Implement an active/active cluster.

You are aware that any system in the demilitarized zone (DMZ) can be compromised because the DMZ is accessible from the Internet. What should you do to mitigate this risk?

Implement every computer on the DMZ as a bastion host

You install a network analyzer to capture your network's traffic as part of your company's security policy. Later, you examine the captured packets and discover that the only packets that were captured are from Subnet 1. You need to capture packets from all four subnets on your network. Two routers are used on your network. What could you do? (Choose two. Each answer is a complete solution.)

Install the network analyzer on all four subnets. Install a distributed network analyzer.

Your company currently uses IPv4 addresses on its network. You need to convince your organization to start using IPv6 addresses. Which two reasons for changing should you give management?

It has 340 undecillion available addresses It uses 128-bit addresses

You have decided to implement 802.1q. What does this standard do?

It implements VLAN trunking

.What is the purpose of a pointer (PTR) DNS record?

It maps an IP address to a hostname.

A server on your network contains several virtual servers. However, the server contains a single NIC. Which statement MOST likely describes the communication from this server?

It transmits data from multiple IP addresses.

You are implementing a new VPN for your organization. You need to use an encrypted tunneling protocol that protects transmitted traffic and supports the transmission of multiple protocols. Which protocol should you use?

L2TP over IPSec

The DHCP terms and descriptions should be matched in the following manner:

Lease - a single IP address that is being used by a DHCP client Option - a parameter that can be used to assign router, DNS server, and other information to DHCP clients Scope - a range of possible IP addresses that a DHCP server can assign Reservation - an allocation of a single IP address to a MAC address

You are explaining the function of a multi-layer switch to several junior administrators. On which data can multi-layer switches make routing decisions? (Choose all that apply.)

MAC address IP address protocol port number

During maintenance, you often discover invalid devices connected to your wireless network. You need to ensure that only valid corporate devices can connect to the network. What should you configure to increase the security of this wireless network?

MAC filtering

You need to connect a public line coming into your office with the internal network. Which device should you use?

MDF

Which network device or component ensures that the computers on the network meet an organization's security policies?

NAC

Which network entity acts as the interface between a local area network and the Internet using one IP address?

NAT router

At which layer of the OSI model do routers operate?

Network

Which WAN technology offers the highest potential bandwidth?

OC-3

You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA). You want to ensure that no unauthorized wireless access points are established. What should you do?

Periodically complete a site survey.

As a network administrator, you decide to replace a hub on your network with an active hub. At which OSI layer does the new device function?

Physical

What topology is used with 100BaseTX Fast Ethernet networks?

Physical star/logical bus Physical star/logical star

Employees must use a combination photo identification and security key card to enter a company office building. What is a secure method of determining whether an employee who lost a key card should be allowed to enter the office building?

Place digitized photographs of the employees in employee records.

Your company has decided to deploy a data storage network solution. You have been asked to research the available options and report the results, including deployment cost, performance, and security issues. Which of the following solutions should NOT be included as part of your research?

RAID

Which of the following are requirements of the 1000 baseT Ethernet Standards?

RJ-45 Cat 5e Cabling The cable length must be less than or equal to 100m

Which of the following standards is typically used in a rollover cable?

RS-232

You manage the security for a small corporate network that includes a hub and firewall. You want to provide protection against traffic sniffing. What should you do?

Replace the hub with a switch.

Which network devices can you use to connect two or more of the LAN segments together without collisions?

Router Switch Bridge

One department in your company needs to be able to easily transfer files over a secure connection. All of the files are stored on a UNIX server. You have been asked to suggest a solution. Which protocol should you suggest?

SCP

You have been asked to implement a Voice over Internet Protocol (VoIP) on your company's network. Which protocol should you use?

SIP

Recently, your company's network has been attacked from outside the organization. The attackers then changed the configuration of several network devices. Management has asked you to monitor network devices on a regular basis. Which protocol should you deploy?

SNMP

You administer your company's 100BaseTX Ethernet network. TCP/IP is the networking protocol used on the network. You want the routers on the network to send you notices when they have exceeded specified performance thresholds. Which protocol should you use to enable the routers to send the notices?

SNMP

You have recently been hired as a network administrator. After starting your new job, you discover that the network devices are not being monitored on a regular basis. You need to deploy a technology or protocol that will provide this service. Which protocol or technology should you deploy?

SNMP

You need to collect management information on the routers and switches used on your company's network. You decide to use SNMP. What is the name of the software component that runs on a managed device when you deploy this technology?

SNMP agent

Your company has a UNIX computer. Several users have requested remote access to this server. You need to implement a solution that transmits encrypted authentication information over a secure communications channel and transmits data securely during terminal connections with UNIX computers. Which technology should you use?

SSH

A small business owner wants to be able to sell products over the Internet. A security professional suggests the owner should use SSL. Which statement is NOT true of this protocol?

SSL operates at the Network layer of the OSI model

Which of the following connectors is typically used one end of a rollover cable

Serial

Your company is considering using IPv6 instead of IPv4. Which improvements does IPv6 provide over IPv4? (Choose two.)

Some header fields have been dropped or made optional. The IP header options allow more efficient forwarding and less rigid length limits

Which of the following physical topologies are used with Ethernet networks?

Star Bus

You are a network administrator. A user named Wendy uses a computer named Client1. Wendy reports that she cannot connect to other computers on the 100BaseTX Ethernet network that is depicted in the following exhibit: You test Client1 and the other computers connected to Hub A and Hub B, and you determine that only Wendy cannot connect to the network. What is most likely causing the connectivity problem in this scenario?

The NIC in Client1 is defective. The NIC in Client1 is defective.

A user named Luther reports that he cannot log on to the network from his workstation. You attempt to use your administrator credentials to log on to the network from Luther's computer, but you cannot. Both you and Luther can log on to the network from your workstation. Your workstation and Luther's workstation are connected to the same hub. What is most likely causing the connectivity problem on Luther's workstation?

The NIC in Luther's workstation is defective.

You are the network administrator for a corporate network that includes a DNS server, a DHCP server, a file/print server, and a wireless subnet. Computers on the wireless subnet are having trouble connecting to internal resources and to the Internet. Upon troubleshooting the problem, you discover that some of the wireless computers can only access resources on other wireless computers. However, some of the wireless computers can access internal resources and the Internet. What is causing some of the wireless computers to be able to access other wireless computers only?

The computers are configured to operate in ad hoc mode.

A network is connected following IEEE 802.3 specifications. Which of the following best describes when a device can transmit messages?

The device listen to determine if the transmission media is free.

The company network that you administer has four LANs: accounting, receiving, shipping, and development. Each LAN is connected to the other LANs by a router. The user of the computer named LeadDev on the development LAN reports that he cannot connect to a computer named DevServ, which is also on the development LAN. The user of a computer named Shipmaster on the shipping LAN reports that she can connect to the DevServ computer. Which situation is the most likely cause of the connectivity problem?

The network cable is disconnected from the NIC on the LeadDev computer.

While reviewing recent performance reports from your network devices, you notice that there are a high number of corrupt packets reaching a router named Router34. What is most likely happening to them?

The packets are being dropped.

You administer a small 100BaseTX Fast Ethernet network for your company. Users report that the network is responding very slowly to user requests, and you conclude that the NIC in the John1 computer is causing a broadcast storm. What would lead you to this conclusion?

The traffic link light on the NIC in John1 is constantly on.

You need to implement security countermeasures to protect from attacks being implemented against your PBX system via remote maintenance. Which policies provide protection against remote maintenance PBX attacks?

Turn off the remote maintenance features when not needed. Use strong authentication on the remote maintenance ports. Keep PBX terminals in a locked, restricted area. Replace or disable embedded logins and passwords.

What type of cabling is used with 100BaseTX Fast Ethernet networks?

Type 1A STP or category 5 UTP

You need to ensure that a single document transmitted from your Web server is encrypted. What should you do?

Use S-HTTP

Which DSL technology provides the highest data rate?

VDSL

While performing routine network monitoring for your company, you notice a lot of IPSec traffic. When you report your findings to management, management wants you to explain the high amount of IPSec traffic. What is a common implementation of this protocol that you should mention?

VPN

Which device is the BEST solution to protect all traffic on an HTTP/HTTPS server?

Web application firewall

What is the advantage of using wireless bridges over E1/T1 leased lines?

Wireless bridges support higher bandwidth than E1/T1.

You are using DSL to connect to the Internet. You recently set up firewall software to protect your computer's resources from external users. After setting up the firewall software, you can no longer access Web sites by name. What is the problem?

Your firewall software is blocking port 53.

What is a correct description of a honeypot system?

a computer used to entice an attacker

What is a Web security gateway?

a device that filters Web content

Which malicious software relies on other applications to execute and infect the system?

a virus

63. You need to review the syslog on your company's file server. At this time, you only need to review the most urgent issues that are occurring. Which severity level should you examine? a) 0 b) 1 c) 6 d) 7

a) 0

103. You are servicing a Windows 7 computer that is connected to your company's Ethernet network. You need to determine the manufacturer of the computer's NIC. You issue the ipconfig /all command in the command prompt window and record the NIC's MAC address, which is 00-20-AF-D3-03-1B. Which part of the MAC address will help you to determine the NIC's manufacturer? a) 00-20-AF b) 20-AF-D3 c) AF-D3-03 d) D3-03-1B

a) 00-20-AF

14. A company has an 802.11b wireless network deployed to allow mobile devices to connect to the network. Which frequency band is used in this network? a) 2.4 GHz b) 2.9 GHz c) 5 GHz d) 900 MHz

a) 2.4 GHz

57. Your company decides to implement a WLAN for usage by visitors. Management has requested that you implement a WLAN that supports a maximum of 11 Mbps data rate. Which WLAN technology supports this data transmission rate? a) 802.11b b) 802.11a c) 802.11g d) 802.11e

a) 802.11b

36. What is the aim of security awareness training? a) All employees must understand their security responsibilities. b) All employees in the IT department should be able to handle security incidents. c) All employees excluding top management should understand the legal implications of loss of information. d) All employees in the IT department should be able to handle social engineering attacks.

a) All employees must understand their security responsibilities.

90. Which media-access method does the 802.11 standard specify for wireless networks? a) CSMA/CA b) CSMA/CD c) Token-passing d) Demand priority

a) CSMA/CA

99. You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the hackers are using war-driving methods. You need to protect against this type of attack. What should you do? (Choose all that apply.) a) Change the default SSID. b) Disable SSID broadcast. c) Configure the network to use authenticated access only. d) Configure the WEP protocol to use a 128-bit key

a) Change the default SSID. b) Disable SSID broadcast. c) Configure the network to use authenticated access only.

10. You need to configure a remote access server to authenticate remote users with smart cards. Which protocol should you use? a) EAP b) MS-CHAP c) CHAP d) PAP

a) EAP

119. You administer a LAN. You want to encrypt TCP/IP communications on the LAN. The protocol that you use for encryption should be able to encrypt entire data packets, and the protocol should be able to operate in both tunnel mode and transport mode. Which protocol should you use to encrypt data on the network? a) IPSec b) IPX c) Kerberos d) L2TP

a) IPSec

101. Which three statements are true of Internet Protocol Security (IPSec)? (Choose three.) a) IPSec can work in either in tunnel mode or transport mode. b) IPSec uses encapsulation security payload (ESP) and authentication header (AH) as security protocols for encapsulation. c) The IPsec framework uses L2TP as the encryption protocol. d) The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions. e) IPSec ensures availability of information as a part of the CIA triad.

a) IPSec can work in either in tunnel mode or transport mode. b) IPSec uses encapsulation security payload (ESP) and authentication header (AH) as security protocols for encapsulation. d) The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions.

111. Your company has a corporate-wide Windows Server 2008 network using the TCP/IP protocol. Several users are complaining that their computers are getting IP address conflicts. Which action should you perform? a) Implement a DHCP server. b) Increase the TCP window size. c) Manually configure IP addresses on each computer. d) Change the MAC address for each network interface card.

a) Implement a DHCP server.

22. A server on your network contains several virtual servers. However, the server contains a single NIC. Which statement MOST likely describes the communication from this server? a) It transmits data from multiple IP addresses. b) It transmits data from multiple MAC addresses. c) It transmits data using IPv6. d) It transmits data using IPv4.

a) It transmits data from multiple IP addresses.

23. Which fiber-optic connector is roughly half the size of other fiber-optic connectors? a) LC b) SC c) ST d) BNC

a) LC

89. Employees must use a combination photo identification and security key card to enter a company office building. What is a secure method of determining whether an employee who lost a key card should be allowed to enter the office building? a) Place digitized photographs of the employees in employee records. b) Require employees to sign a log book. c) Allow employees to enter the building without a key card. d) Require a second key card to gain access to the company data center.

a) Place digitized photographs of the employees in employee records.

124. Which feature provides varying levels of network bandwidth based on the traffic type? a) QoS b) traffic shaping c) load balancing d) fault tolerance

a) QoS

49. You are a desktop administrator for Nutex Corporation. Your organization uses Ethernet cable to connect network resources. A user reports that he is unable to access network resources on his portable computer. The portable computer is connected to the company's network using an Ethernet cable. When you test the cable using a time domain reflectometer (TDR), the signal returns too soon. What should you do? a) Replace the network cable. b) Reinstall the network adapter. c) Replace the network adapter. d) Re-route the network cable.

a) Replace the network cable.

52. You have been asked to implement a Voice over Internet Protocol (VoIP) on your company's network. Which protocol should you use? a) SIP b) SSH c) TLS d) ARP

a) SIP

7. You are troubleshooting a connectivity problem on an Ethernet network that contains both NetWare and Windows servers. A Windows 7 client cannot connect to the Internet or any network resources. However, other computers on the same subnet as the client can access network resources and the Internet. You issue the ipconfig command at the workstation and find that the IP address is 169.254.184.25 and the subnet mask is 255.255.0.0. This IP network and subnet are different from the IP network and subnet that other computers on the same segment are using. What is the most likely problem? a) The client selected the IP address using APIPA. b) The client obtained the IP address from a NetWare server. c) The client obtained the IP address from a Windows server. d) The client obtained the IP address from a DHCP server it found on the Internet.

a) The client selected the IP address using APIPA.

55. You are the network administrator for a corporate network that includes a DNS server, a DHCP server, a file/print server, and a wireless subnet. Computers on the wireless subnet are having trouble connecting to internal resources and to the Internet. Upon troubleshooting the problem, you discover that some of the wireless computers can only access resources on other wireless computers. However, some of the wireless computers can access internal resources and the Internet. What is causing some of the wireless computers to be able to access other wireless computers only? a) The computers are configured to operate in ad hoc mode. b) The computers are configured to operate in infrastructure mode. c) The computers are configured with static IP addresses. d) The computers are configured with the wrong subnet mask.

a) The computers are configured to operate in ad hoc mode.

123. You are wiring a small office for a client. The client has purchased several 568A and 568B wall jacks and enough 568A wiring cables to attach all devices correctly. You want to configure the network for ease of administration. What should you do? a) Use only the 568A wall jacks. b) Use only the 568B wall jacks. c) Use both the 568A and 568B wall jacks. d) Purchase 568B wiring cables.

a) Use only the 568A wall jacks.

107. Which malicious software relies on other applications to execute and infect the system? a) a virus b) a worm c) a logic bomb d) a Trojan horse

a) a virus

102. Which 802.11b communications mode enables wireless devices to communicate directly with each other? a) ad hoc b) infrastructure c) transport d) tunnel

a) ad hoc

30. What attack is also considered to be a social engineering attack? a) an e-mail hoax b) a logic bomb c) a backdoor d) a Trojan horse

a) an e-mail hoax

20. Management has requested that you document the minimum level of security for all network devices. Which of the following will this provide? a) baselines b) guidelines c) standards d) procedures

a) baselines

76. Which troubleshooting command lets you check an IP connection end-to-end at the Network layer? a) ping b) show c) trace d) telnet

a) ping

70. Which protocol is NOT capable of preventing a man-in-the-middle attack? a) rsh b) SSH c) HTTPS d) IPSec

a) rsh

34. While performing routine network maintenance, you discover that one device on your network is operating in half-duplex mode. All the other devices on your network operate in full-duplex mode. What would this condition cause between the half-duplex device and the other devices? a) slower communication b) faster communication c) no communication d) It would have no effect.

a) slower communication

60. Which attack involves impersonating the identity of another host to gain access to privileged resources that are typically restricted? a) spoofing b) teardrop c) SYN flood d) spamming

a) spoofing

115. You have a subnet that contains a computer with the IP address 172.16.5.2/23. You need to send a message to every computer on the network where that computer resides. Which subnet is that IP address a member of, and what is the broadcast address for that subnet? a) subnet: 172.16.4.0, broadcast: 172.16.5.255 b) subnet: 172.16.5.0, broadcast: 172.16.5.255 c) subnet: 172.16.2.0, broadcast: 172.16.5.255 d) subnet: 172.16.0.0, broadcast: 172.16.7.255

a) subnet: 172.16.4.0, broadcast: 172.16.5.255

110. How many non-overlapping channels are there in 802.11b WLANs used in the United States? a) three b) five c) eight d) eleven

a) three

45. You instruct a user to issues the ipconfig command with the /release and /renew options. In which two situations would it be appropriate to ask a user to do this? (Choose two.) a) when the result of running the ipconfig /all command indicates a 169.254.163.6 address b) when recent scope changes have been made on the DHCP server c) when no IP helper address has been configured on the router between the client and the DHCP server d) when the no ip directed-broadcast command has been issued in the router interface local to the client, and no IP helper address has been configured on the router between the client and the DHCP server

a) when the result of running the ipconfig /all command indicates a 169.254.163.6 address b) when recent scope changes have been made on the DHCP server

Often the sales people for your company need to connect some wireless devices together without having an access point available. You need to set up their laptops to ensure that this communication is possible. Which communications mode should you use?

ad hoc

Which 802.11b communications mode enables wireless devices to communicate directly with each other?

ad hoc

Which policy defines the sensitivity of a company's data?

an information policy

You examine each computer and notice only one of the four computers has a wireless NIC they all have Ethernet NICs

an unmanaged switch and CAT5e cabling

73. You have been hired as a network administrator. The company wants to implement a 10 Gigabit Ethernet designation for use with a SONET network. Which of the following should you implement? a) 10GBaseSR b) 10GBaseSW c) 10GBaseLX4 d) 10GBaseLR

b) 10GBaseSW

79. Management has decided to implement a small private network for guests. The network will consist of Windows 7 computers that will only be able to access the other computers on the private network. You recommend that the small private network use APIPA addresses. Which is the following is a valid APIPA address? a) 10.1.1.131 b) 169.254.2.120 c) 172.16.4.36 d) 192.168.16.45

b) 169.254.2.120

66. Which well-known port is used to forward e-mail on the Internet between e-mail servers? a) 23 b) 25 c) 110 d) 161

b) 25

9. Management has decided to implement a diversity antenna system at its main headquarters. What is the advantage of using this system? a) A diversity antenna system adds more bandwidth. b) A diversity antenna system avoids multipath distortion. c) A diversity antenna system increases the coverage area. d) A diversity antenna system increases the transmission power.

b) A diversity antenna system avoids multipath distortion.

53. Which IPSec configuration can be used to digitally sign and encapsulate each packet within another packet? a) AH protocol in transport mode b) AH protocol in tunnel mode c) ESP protocol in transport mode d) ESP protocol in tunnel mode

b) AH protocol in tunnel mode

87. Your company's network experienced some recent performance issues that you resolved with a lot of effort. After resolving the problem, you decide to start monitoring network performance. You have selected the network performance tool that you will use. What must you do first? a) Determine where the bottlenecks are. b) Capture the baselines. c) Measure the current available bandwidth. d) Examine the logs to determine where to deploy the tool.

b) Capture the baselines.

38. You administer a 100BaseTX Ethernet network that is configured to use the TCP/IP network communications protocol. You have installed a firewall between the network and the Internet. Currently ports 80, 20, and 21 are open on the firewall. You want to allow only SMTP and POP3 communications between the network and the Internet. Which configurations should you make on the firewall? a) Close port 80 only. b) Close ports 20, 21, and 80, and open ports 25 and 110. c) Close ports 20 and 21, and open port 25. d) Close ports 21 and 80, and open port 110.

b) Close ports 20, 21, and 80, and open ports 25 and 110.

37. Which two guidelines should you implement to create the strongest passwords? (Choose two.) a) Ensure that passwords change rarely or never change. b) Configure passwords to change periodically. c) Ensure that passwords are only constructed of only alphanumeric characters. d) Ensure that passwords are at least 15 characters in length. e) Create passwords that contain at least one symbol.

b) Configure passwords to change periodically. e) Create passwords that contain at least one symbol.

32. Your organization has several wireless access points located in the building. Access point usage is based on department membership. Many users report that they are able to see multiple access points. You research this issue and discover that their computers are not connecting to the appropriate access point due to an SSID mismatch. You must ensure that the computers connect to the correct access point if that access point is available. Computers should be able to connect to other access points only if their main access point is down. What should you do? a) Reduce the signal strength on the wireless access points. b) Configure the preferred wireless network on the user's computer. c) Configure MAC filtering on the wireless access points. d) Ensure that the wireless access points in close proximity use different channels.

b) Configure the preferred wireless network on the user's computer.

8. You are the network administrator for an organization whose network uses the Open Shortest Path First (OSPF) routing protocol. Which metric does this protocol use for optimal path calculation? a) MTU b) Cost c) Delay d) Hop count

b) Cost

44. You need to deploy 802.1x authentication that supports client-side digital certificates for authentication with access points. Which technology should you deploy? a) WEP b) EAP-TLS c) EAP-PEAP d) Cisco LEAP

b) EAP-TLS

80. You are troubleshooting a problem in which several users have called the help desk to report problems connecting to parts of the WAN. They were able to access the entire WAN earlier in the day, but when they returned from their lunch breaks they were not able to access parts of the WAN. You have been able to gather information about the problem, duplicate the problem, question the users, and adequately establish the symptoms of the problem. What should you do next? a) Test the result. b) Establish what has changed. c) Select the most probable cause. d) Recognize the potential effects of the solution.

b) Establish what has changed.

106. A user named Mary reports receiving a Service failed to start error message every time she restarts her Windows 7 computer. Which utility should you use to determine which service is failing to start? a) My Computer b) Event Viewer c) Task Manager d) Performance Monitor

b) Event Viewer

68. You use a computer on a TCP/IP network to transfer data through well-known TCP port 80. Which protocol is most likely being used to transfer data? a) FTP b) HTTP c) POP3 d) SMTP

b) HTTP

81. Management has asked you to investigate upgrading your company's network from IPv4 to IPv6. What are valid reasons you should give for performing this upgrade? (Choose two.) a) IPv4 is too slow for Internet traffic. b) IPv4 addresses are being depleted at an increasing rate. c) IPv6 provides approximately 10 times more host addresses than IPv4. d) Routing traffic is increasingly difficult due to the rapid growth of the Internet.

b) IPv4 addresses are being depleted at an increasing rate. d) Routing traffic is increasingly difficult due to the rapid growth of the Internet.

91. You are working to convert a 10BaseT network to a 1000BaseT network. This conversion includes replacing all cabling, network devices, and network interface cards (NICs). Next year, you also have a planned building renovation where departments will be relocated to different areas within the building. However, that renovation should involve minimal network hardware changes. When you start the conversion, you have a hard time determining where each wall plate terminates at the patch panels. You decide to follow better design procedures to make future upgrades or troubleshooting easier and also to ensure that next year's move goes more smoothly. However, your solutions should minimally impact the current network structure. Which best practices should you implement during the conversion? (Choose two.) a) Create a logical network diagram. b) Implement port labeling. c) Implement device naming conventions. d) Implement patch panel labeling. e) Implement an SLA. f) Create a physical network diagram.

b) Implement port labeling. d) Implement patch panel labeling.

104. You are installing a second wireless access point in your office. When you place the second wireless access point, you notice it is experiencing interference intermittently. You want to prevent the interference. Which method would NOT prevent interference? a) Move the new wireless access point. b) Increase the signal strength of the new wireless access point. c) Change the channel used on the new wireless access point. d) Decrease the signal strength of the new wireless access point.

b) Increase the signal strength of the new wireless access point.

40. You decide to implement a DHCP server on your network. What is the purpose of a DHCP scope? a) It is the temporary assignment of an IP address. b) It is the range of IP addresses that a DHCP server can temporarily assign. c) It is an IP address that is set aside for a certain device. d) It is an IP address that cannot be assigned.

b) It is the range of IP addresses that a DHCP server can temporarily assign.

13. You suspect that there is a problem with addressing that allows data to be sent throughout your network. Which addressing method is used at the OSI Network layer to allow this? a) Link-state addressing b) Logical network addressing c) Physical device addressing d) Distance vector addressing

b) Logical network addressing

64. A customer has asked you to deploy a solution based on port numbers that allows multiple computers to share a single IP address. Which addressing technology should you deploy? a) NAT b) PAT c) APIPA d) DHCP

b) PAT

1. You are a network administrator for a company that maintains LANs in Los Angeles and Paris. You want to use PPTP to create a VPN connection between the LAN in Paris and the LAN in Los Angeles. A PPTP server has been configured on each LAN. Which protocol should you use to establish a connection between the PPTP servers? a) HTTP b) PPP c) SLIP d) Telnet

b) PPP

26. What can a company use to allow remote users to access their Windows network remotely if their network is not connected to the Internet? a) SSL b) RAS c) PPTP d) DHCP

b) RAS

19. Your network contains four segments. Which network devices can you use to connect two or more of the LAN segments together? (Choose four.) a) Hub b) Router c) Switch d) Bridge d) Repeater e) Wireless Access Point

b) Router c) Switch d) Bridge e) Wireless Access Point

28. Your organization has both UTP and STP cabling available for wiring a new building. What is the main difference in the physical composition of these cables? a) Wire gauge b) Shielding c) Number of twists in the wires d) Separators between the wire pairs

b) Shielding

77. The company network that you administer has four LANs: accounting, receiving, shipping, and development. Each LAN is connected to the other LANs by a router. The user of the computer named LeadDev on the development LAN reports that he cannot connect to a computer named DevServ, which is also on the development LAN. The user of a computer named Shipmaster on the shipping LAN reports that she can connect to the DevServ computer. Which situation is the most likely cause of the connectivity problem? a) The Shipmaster computer has a faulty NIC. b) The network cable is disconnected from the NIC on the LeadDev computer. c) The router is defective. d) The NIC in the DevServ computer is defective.

b) The network cable is disconnected from the NIC on the LeadDev computer.

2. What is the advantage of using wireless bridges over E1/T1 leased lines? a) Wireless bridges generate less noise than E1/T1 lines. b) Wireless bridges support higher bandwidth than E1/T1. c) Wireless bridges support more distance than E1/T1 lines. d) Wireless bridges support higher reliability than E1/T1 lines.

b) Wireless bridges support higher bandwidth than E1/T1.

18. During a recent network redesign meeting, one team member suggested that you implement a device that operates at both the Data Link layer and the Network layer of the OSI model. Which device operates at both of these layers? a) a bridge b) a brouter c) a hub d) a repeater e) a router

b) a brouter

17. You want to install a device between your company's private network and the Internet that will prevent users on the Internet from transferring HTTP messages into the company's network. Which device should you install? a) a bridge b) a firewall c) a hub d) a router

b) a firewall

98. You have recently been hired by a small company to assess its network security. You need to determine which TCP/IP ports are open on the network. Which tool should you use? a) a packet analyzer b) a port scanner c) a wardialer d) whois

b) a port scanner

56. Which payload is produced by using IPSec in tunnel mode with the AH protocol? a) an encapsulated packet that is encrypted b) an encapsulated packet that is digitally signed c) an unencapsulated packet that is encrypted d) an unencapsulated packet that is digitally signed

b) an encapsulated packet that is digitally signed

117. Which policy defines the sensitivity of a company's data? a) a backup policy b) an information policy c) a security policy d) a use policy

b) an information policy

6. What is typically used to conceal the nature of a social engineering attack? a) encryption b) believable language c) excess bandwidth d) users' good intentions

b) believable language

31. You need to solve a traffic problem occurring on a large Ethernet network. Within this large segment, the accounting department is flooding the network with a high volume of data, which causes the entire network to slow down. Which device is a quick and low-cost solution to isolating the accounting department? a) router b) bridge c) gateway d) repeater

b) bridge

47. You have been asked to ensure that data is scrambled before it goes out onto the network. Which technology should you implement? a) auditing b) encryption c) permissions d) compression

b) encryption

25. Which type of network media is the least susceptible to interference or signal capture? a) coaxial b) fiber-optic c) shielded twisted-pair d) unshielded twisted-pair

b) fiber-optic

112. You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: The VPN gateway should require the use of Internet Protocol Security (IPSec). All remote users must use IPSec to connect to the VPN gateway. No internal hosts should use IPSec. Which IPSec mode should you use? a) host-to-host b) host-to-gateway c) gateway-to-gateway d) This configuration is not possible.

b) host-to-gateway

16. You have changed the IP address scheme for two of your company's networks. In addition, the names of two servers have changed. Which change management documentation should you revise? a) logical network diagram b) physical network diagram c) network baseline d) wiring schematic

b) physical network diagram

54. You administer computers on a Windows network. You suspect a problem with automatic NetBIOS name resolution on a Windows 7 computer on the network. Which command should you use to troubleshoot the name resolution problem? a) the ipconfig /all command b) the nbtstat -r command c) the netstat command d) the tracert dnsname command

b) the nbtstat -r command

118. You are the network administrator for your company. You are in the process of verifying the configuration of the network devices to ensure smooth network connectivity. You want information on the routes taken by packets from a Cisco router so that you are able to identify the network points where packets are being dropped. Which command should you use to accomplish this task in the most efficient manner? a) tracert b) traceroute c) extended ping d) ping

b) traceroute

Your company needs to deploy a wireless network to allow users to connect to the network using mobile devices. You are concerned that the radio signal will cover the amount of area you need. Another technician instructs you to research the angle of radiation of the wireless access point's antenna. Which term is used to refer to this?

beamwidth

You are creating an IDS solution for your company's network. You define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted. Which type of IDS are you using?

behavior-based

You need to implement Spanning Tree Protocol (STP) to prevent network loops when more than one path can be used. Which two devices could you deploy? (Choose two.)

bridges/ switches

125. You are designing a SOHO network for your company. You want to use the Ethernet standard that supports a data transmission rate of 1 Gbps over copper cable. Which Ethernet standard should you use on the network? a) 10BaseT b) 100BaseFX c) 1000BaseCX d) 1000BaseSX

c) 1000BaseCX

46. You are working on the 196.11.200.71/18 client in a network. What is the base network ID for this network? a) 196.0.0.0 b) 196.11.0.0 c) 196.11.192.0 d) 196.11.200.0 e) 196.11.200.71

c) 196.11.192.0

92. You administer your company's network, which is connected to the Internet. A firewall is configured between the company network and the Internet. You want to prevent users on the Internet from using HTTP to connect to computers on the company network. Which well-known TCP port should you block to prevent Internet users from entering the company's network on that port? a) 21 b) 23 c) 80 d) 119

c) 80

65. Which system or device detects network intrusion attempts and controls access to the network for the intruders? a) firewall b) IDS c) IPS d) VPN

c) IPS

33. Your network contains several virtual LANs (VLANs). What is a benefit of using this technology? a) It allows users on a LAN to communicate with remote networks. b) It connects small networks together to form a single large network. c) It allows networks to be segmented logically without being physically rewired. d) It allows users from different segments to communicate with each other.

c) It allows networks to be segmented logically without being physically rewired.

93. What is the purpose of a pointer (PTR) DNS record? a) It maps a hostname to an IPv4 address. b) It maps a hostname to an IPv6 address. c) It maps an IP address to a hostname. d) It maps a domain name to an e-mail server. e) It contains an alias for an existing A record. f) It contains information regarding a particular DNS zone's start of authority.

c) It maps an IP address to a hostname.

29. You have two wireless networks in your building. The wireless networks do not overlap. Both of them use Wi-Fi Protected Access (WPA). You want to ensure that no unauthorized wireless access points are established. What should you do? a) Change the two wireless networks to WPA2. b) Change the two wireless networks to WEP. c) Periodically complete a site survey. d) Disable SSID broadcast for the two wireless networks.

c) Periodically complete a site survey.

15. As a network administrator, you decide to replace a hub on your network with an active hub. At which OSI layer does the new device function? a) Network b) Session c) Physical d) Transport

c) Physical

69. You are your company's network administrator. Recently, several problems have occurred with the industrial systems at the manufacturing facility that resulted in downtime. Management has asked you to implement a network the will allow the facilities managers to remotely monitor and manage ICS equipment in multiple locations. Which infrastructure should you deploy? a) MAN b) PAN c) SCADA d) Medianet

c) SCADA

84. You have been hired as a consultant for the medium-sized business. As part of your duties, you need to make recommendations on changes to the network. You decide that you want to install agents on the network devices to monitor network traffic and record the behavior of network components. You will then use the statistical data that is gathered to make your recommendations. Which standard should you deploy? a) X.25 b) SMTP c) SNMP d) Token Ring

c) SNMP

122. Which connection type allows for connections of up to 44.736 Mbps? a) T1 b) E1 c) T3 d) E3

c) T3

86. You are analyzing communication over your network. You have captured all the packets sent to and from a server on your network. You need to filter the packet capture to only IMAP4 protocol communications. Which port does this protocol use? a) TCP port 25 b) TCP port 110 c) TCP port 143 d) UDP port 25 e) UDP port 110 f) UDP port 143

c) TCP port 143

You are examining the packets captured on your network. You notice some communication between your Cisco router and someone from outside your network. The packets indicate that the communication is occurring over TCP port 23. Which protocol is being used? a) FTP b) SSH c) Telnet d) TFTP

c) Telnet

61. You administer a network for your company. You determine that there is a network connectivity problem on one of the computers on the network. You re-create the problem and determine that the problem is located in the NIC. You establish a theory of probable cause. Which step should you take next to troubleshoot the problem? a) Form a correction plan. b) Implement a correction plan. c) Test the theory. d) Provide feedback to the users of the computer.

c) Test the theory.

88. An employee shows you a Web site that publishes the SSIDs and passwords for private wireless networks in your area. The information on your company's wireless network is included. Of which type of attack is this an example? a) WEP cracking b) war chalking c) WPA cracking d) evil twin

c) WPA cracking

39. You are using DSL to connect to the Internet. You recently set up firewall software to protect your computer's resources from external users. After setting up the firewall software, you can no longer access Web sites by name. What is the problem? a) You do not have a static IP address. b) You have a DHCP server on the network. c) Your firewall software is blocking port 53. d) Your firewall software is blocking port 25.

c) Your firewall software is blocking port 53.

11. You need to determine the length of a network cable. Which device should you use? a) a crossover cable b) a hardware loopback c) a TDR d) a tone generator

c) a TDR (time domain reflectometer)

113. What is ISAKMP? a) a Microsoft protocol that establishes sessions with other computers b) a protocol that encapsulates PPP within Ethernet frames c) a protocol that works with IPSec to establish a secure session d) a Citrix protocol used in application server environments

c) a protocol that works with IPSec to establish a secure session

74. You determine that there is an issue with a router on your network. Your research shows a buffer leak occurs when the code forgets to process a buffer or forgets to free a buffer after it is done with the packet. Which type of utilization issue is present? a) network storage b) network bandwidth c) network device memory d) network device CPU

c) network device memory

116. You are installing the wiring for a small office. You want to connect the fifty computers in the office to the switch. The Cat6 cables that you plan to use have RJ-45 connectors on both ends. Which component should you use? a) 66 block b) 110 block c) patch panel d) demarcation extension

c) patch panel

24. You are working with your support specialists on expanding your company's existing network. You need to determine the actual network interfaces used on all network devices. Which configuration management documentation should you consult? a) wiring schematics b) logical network diagram c) physical network diagram d) network baseline

c) physical network diagram

67. Your Windows 7 computer is located on a TCP/IP network that uses DHCP. You want your computer to release its lease on the TCP/IP configuration that it received from the DHCP server. Which command should you issue to release the configurations? a) the ping command b) the arp command c) the ipconfig command d) the tracert command

c) the ipconfig command

85. You need to verify a network's transmission speed. Which tool should you use? a) connectivity software b) bit-error rate tester c) throughput tester d) loopback plug

c) throughput tester

3. What should you implement to isolate two of the devices that are located on a storage area network (SAN) fabric containing eight devices? a) SAN snapshots b) HBA allocation c) virtual SAN d) VLAN

c) virtual SAN

You need to check for open circuits and short circuits on your network. Which tool should you use?

cable tester

You have implemented an Ethernet CSMA/CD network for your company. Users complain of delays. When you research the issues, you discover that the network has low throughput. What is the most likely cause of delay on this network?

collisions

Which type of virus is specifically designed to take advantage of the extension search order of an operating system?

companion

You have two switches that you need to connect using their uplink ports. The switches do not support auto-MDI Which type of cable should you use?

crossover

You need to transfer data from one laptop to another and would like to use an Ethernet cable. You do not have a hub or a switch.

crossover

121. You are implementing a SOHO network for a small business. The business owner has asked that you implement a 1 gigabit per second (Gbps) network. Which Ethernet standard specifies a data transfer rate of 1 Gbps? a) 10Base2 b) 10BaseT c) 100BaseFX d) 1000BaseT

d) 1000BaseT

58. You are configuring a new small office home office (SOHO) at a small insurance office. After documenting the network requirements, you decide to use Network Address Translation (NAT) so that only one public address will be needed. You want to use the IANA-designated private IP address range that provides host IP addresses with a maximum of 16 bits. What is a valid host IP address in this range? a) 10.251.250.100 b) 11.0.1.0 c) 172.30.250.10 d) 192.168.0.1

d) 192.168.0.1

Which statement is true of a network-based intrusion detection system (NIDS)? a) An NIDS generates a finite number of alarms. b) An NIDS does not analyze real-time information. c) An NIDS is active while gathering data over the network. d) An NIDS cannot detect an intruder who is logged on to a host computer.

d) An NIDS cannot detect an intruder who is logged on to a host computer.

82. Which protocol is categorized as an Exterior Gateway Protocol (EGP)? a) RIP b) IS-IS c) OSPF d) BGP

d) BGP

12. You are troubleshooting a workstation that is not communicating with the network. You try a different port within the wiring closet hub, and this seems to fix the problem. What should you do next? a) Replace all the patch cables. b) Document the problem and the solution. c) Have other users reboot their workstations. d) Connect to the network and try to transfer a file.

d) Connect to the network and try to transfer a file.

108. Which RADIUS implementation was created to deal with Voice over IP (VoIP) and wireless services? a) TACACS b) XTACACS c) TACACS+ d) Diameter

d) Diameter

50. Which term is used to describe the ability to respond to a single point of failure on a network? a) RAID b) Loopback c) Clustering d) Fault tolerance

d) Fault tolerance

27. Which unsecure protocol do Web browsers use to access documents on the World Wide Web? a) IP b) ARP c) FTP d) HTTP

d) HTTP

96. Your network uses a single switch that divides your network into three virtual LANs (VLANs). The devices in each VLAN are connected to a single port on the switch. You plan to implement a second switch on your network. You need to ensure that the VLANs that were originally implemented are spread across both switches. What should you do? a) Create a port-based VLAN on both switches. b) Create a protocol-based VLAN on both switches. c) Create a subnet-based VLAN on both switches. d) Implement frame tagging on both switches.

d) Implement frame tagging on both switches.

94. You have recently discovered that your company is not maintaining system logs as per the adopted company procedures. You need to decide if the company procedures should be modified, or if the system logs should be maintained as per the procedures. Which statement is an accurate reason for following the company procedures? a) Logging provides audit trails, but increases the risk for security violations. b) Logging prevents security violations, but only deals with passive monitoring. c) Logging provides access control by authenticating user credentials. d) Logging helps an administrator to detect security breaches and vulnerable points in a network

d) Logging helps an administrator to detect security breaches and vulnerable points in a network

120. Which WAN technology offers the highest potential bandwidth? a) T3 b) E3 c) FDDI d) OC-3 e) Frame Relay

d) OC-3

42. Which protocol is a dial-up connection protocol that can only transport the IP network communications protocol? a) DLC b) IMAP4 c) PPP d) SLIP

d) SLIP

35. You need to provide terminal emulation and remote login capability for one of the servers on your network. Which Process/Application layer protocol should you use? a) FTP b) TFTP c) SMTP d) Telnet e) Tracert

d) Telnet

78. To improve security, you change your Web server named Web1 to the HTTPS protocol. Shortly after implementing the change, users report that they cannot access any Web sites hosted on Web1 by using their fully qualified domain names (FQDNs). However, they can access other Web sites that are hosted on other Web servers by using their FQDNs. What is causing this problem? a) The DNS server is down. b) HTTPS is not a supported protocol. c) The local area network (LAN) is down. d) The new Web address starts with https instead of http.

d) The new Web address starts with https instead of http.

95. You have been hired as the network administrator. The company's network consists of several subnetworks located in various locations across the southeast United States. You want to deploy switches across the different locations so that you can implement virtual local area networks (VLANs). What is the primary benefit of this implementation? a) Users are grouped by their geographical locations. b) VLANs provide switchless networking using virtual addresses. c) Users in a single geographical location can be micro-segmented. d) Users can be grouped by their work functions, by shared applications or protocols, or by department, regardless of their geographical location.

d) Users can be grouped by their work functions, by shared applications or protocols, or by department, regardless of their geographical location.

97. You have been hired as a network security consultant. The company that hires you has had multiple incidents where their wireless network has been breached by hackers. You find out that they have a RADIUS authentication server that they use for the corporate VPN. You decide to recommend using RADIUS authentication for the wireless network. Which WPA version should you suggest? a) WPA b) WPA2 c) WPA-PSK d) WPA-Enterprise

d) WPA-Enterprise

109. A contractor is unable to connect to your wireless network using his 802.11g wireless adapter. What is the most likely problem? a) You are using an incorrect channel on your network. b) You have an 802.11n network. c) You have an 802.11b network. d) You have an 802.11a network.

d) You have an 802.11a network.

83. You have been asked to research the different firewall types and make recommendations on which type(s) to implement on your company's network. You need to document how the firewalls affect network performance. Which type of firewall most detrimentally affects network performance? a) stateful firewall b) circuit-level proxy firewall c) packet-filtering firewall d) application-level proxy firewall

d) application-level proxy firewall

48. What is the term for the process of collection, analysis, and preservation of evidence? a) law procedure b) evidence chain c) incident handling d) chain of custody

d) chain of custody

72. Which attack involves the use of multiple computers with the purpose of denying legitimate access to a critical server? a) land attack b) Ping of Death attack c) denial-of-service (DoS) attack d) distributed denial-of-service (DDoS) attack

d) distributed denial-of-service (DDoS) attack

105. You are documenting the network layout for your company. You have discovered a firewall that has two network interfaces. Which firewall architecture have you discovered? a) bastion host b) screened host c) screened subnet d) dual-homed firewall

d) dual-homed firewall

5. Your company has decided to implement either a 1000Base-LX or 1000-Base-SX network. Which type of cable should you use? a) UTP b) STP c) coaxial d) fiber optic

d) fiber optic

51. You need to display the current IP configuration of a Windows 7 computer. Which command should you use? a) tracert b) netstat c) winipcfg d) ipconfig

d) ipconfig

41. Your company has recently leased the office next door to the one currently being used. Both offices will be used. The current office has a Cat 6 network installed. The new office has a fiber network installed. You need to connect the networks of the two offices. Which device should you use? a) gateway b) CSU/DSU c) modem d) media converter

d) media converter

100. An eight-port hub receives a signal through port five. That signal is then sent back out through ports one, two, three, four, six, seven, and eight without any signal regeneration. Which type of hub has been described? a) hybrid hub b) active hub c) switching hub d) passive hub

d) passive hub

4. The network you administer is a Fast Ethernet network. Wall outlets are connected to patch panels by 90-meter cables. Patch panels are connected to switches by 5-meter cables. The network uses Category 5 unshielded twisted-pair (CAT 5 UTP) cable. You use a 15-meter patch cable to connect a server named Shipping to a wall outlet. You connect the Shipping computer to the network, start the computer, and properly configure it. However, clients cannot connect to the Shipping server. Clients can connect to other servers on the network. What will most likely solve the connection problem? a) replacing the CAT 5 UTP with CAT 1 UTP b) replacing the CAT 5 UTP with CAT 3 UTP c) replacing the 15-meter patch cable with a 10-meter patch cable d) replacing the 15-meter patch cable with a 3-meter patch cable

d) replacing the 15-meter patch cable with a 3-meter patch cable

21. A hacker has called a company employee and learned the employee's user name and password by posing as a member of corporate technical support. Which type of attack has the company suffered? a) buffer overflow b) denial of service c) brute force d) social engineering

d) social engineering

59. You administer computers on an Ethernet 100BaseTX network, which uses the TCP/IP network communications protocol. The network uses an unsubnetted Class A IP address range. A computer on the network named Admin1 has the IP address 12.10.100.3, and a computer on the network named Marketing1 is configured with the IP address 12.10.100.4. Both computers are configured with the subnet mask 255.0.0.0 and the default gateway address 12.10.100.5. The network is connected to the Internet. RemoteWkst is a computer on a remote network that is connected to the Internet. Normally, Marketing1 and Admin1 can connect to RemoteWkst. You recently discovered that Marketing1 can connect to Admin1 and Admin1 can connect to Marketing1, but neither of these computers can connect to RemoteWkst. You suspect that there is a problem with one of the routers between RemoteWkst and the network you administer. Which TCP/IP utility should you use to troubleshoot this connectivity problem? a) the arp utility b) the ipconfig utility c) the nslookup utility d) the tracert utility

d) the tracert utility

114. Which statements describe the purpose of performing site surveys when deploying WLANs? (Choose two.) a) to calculate the hop count to the gateway b) to find out the required Internet bandwidth c) to find out the server processing speed required d) to find the frequency and power settings to be used on access points e) to calculate the number of access points required for the coverage area

d) to find the frequency and power settings to be used on access points e) to calculate the number of access points required for the coverage area

71. Your organization has decided to implement a domain controller on its network. What is the primary purpose of this server? a) to provide fault tolerance for UNIX and Linux Web servers b) to provide fault tolerance for Windows 2000 and Windows NT Web servers c) to provide user authentication for UNIX and Linux server-based systems d) to provide user authentication for Windows 2000, 2003, and 2008 server-based systems

d) to provide user authentication for Windows 2000, 2003, and 2008 server-based systems

62. You must decide the type of identification and authentication that will be used on a new company's network. You must obtain approval on the authentication type from management. What is the most common form of identification and authentication? a) biometrics b) smart cards c) two-factor authentication d) user identification with reusable password

d) user identification with reusable password

Which attack involves the use of multiple computers with the purpose of denying legitimate access to a critical server?

distributed denial-of-service (DDoS) attack

Your company implements a honeypot as intrusion prevention. Management is concerned that this honeypot would be considered entrapment and has asked you to ensure that entrapment does not occur. Which situation should you prevent?

downloads on a honeypot

Which firewall architecture has two network interfaces?

dual-homed firewall

You have been hired as a company's network administrator. The company's network currently uses statically configured IPv4 addresses. You have been given a list of addresses that are used on the network that include the addresses listed in the options. However, you are sure that some of these addresses are NOT IPv4 addresses. Which addresses are not valid?

fe80::200:f8ff:fe21:67cf 00-0C-F1-56-98-AD

Which term is most commonly used to describe equipment that creates a demilitarized zone (DMZ)?

firewall

You have been hired as a new network administrator for your company. In your first week, you discover a device that uses a security policy to filter and examine packets coming into a network to determine whether to forward the packet to its destination. This device is not depicted on the company's network layout diagram. Which device is this?

firewall

Several users report that they are having trouble connecting to the organization's Web site that uses HTTPS. When you research this issue, you discover that the Web client and Web server are not establishing a TCP/IP connection. During which phase of SSL communication is the problem occurring?

handshake

You install a second NIC in your Linux computer. Then, you log on to the computer as root. You want to configure the new NIC with the IP address 192.168.0.1 and the subnet mask 255.255.255.0. Which command should you issue at a command prompt to configure the NIC?

ifconfig eth1 192.168.0.1 netmask 255.255.255.0 up

You need to create a cable that will allow you to get a link light on your network interface card (NIC) when the NIC is not plugged into a hub or switch. Which type of cable should you use?

loopback cable

What is the primary advantage of using a network-based intrusion detection system (NIDS)?

low maintenance

Your company has recently leased the office next door to the one currently being used. Both offices will be used. The current office has a Cat 6 network installed. The new office has a fiber network installed. You need to connect the networks of the two offices. Which device should you use?

media converter

You are using the ipconfig tool to troubleshoot a problem with a wireless host. The results are shown below: Adapter address: 00-10-4B-DE-F5-D8 IP address: 192.168.1.40 Subnet mask: 255.255.255.0 Default gateway: 0.0.0.0 You can access services on the local network from the host, but you cannot access the Internet. What is the most likely cause of the problem?

missing default gateway

You must design the network for your company's new location. Which two considerations are important?

number of hosts to support number of subnetworks needed

Which term is synonymous with protocol analyzing?

packet sniffing

Which type of firewall only examines the packet header information?

packet-filtering firewall

An eight-port hub receives a signal through port five. That signal is then sent back out through ports one, two, three, four, six, seven, and eight without any signal regeneration. Which type of hub has been described?

passive hub

You are working with your support specialists on expanding your company's existing network. You need to determine the actual network interfaces used on all network devices. Which configuration management documentation should you consult?

physical network diagram

A user reports that a legacy system is no longer responding. After researching, a technician reports that the system has been flooded with ICMP packets larger than 65,535 bytes. This is most likely the result of which type of attack?

ping of death

You need to copy the traffic from a single port to a different port, but prevent bidirectional traffic on the port. Which switch feature should you use?

port mirroring

Your organization has responded to a security incident. The breach has been contained, and all systems have been recovered. What should you do last as part of the incident response?

post-mortem review

You have been handed a document that details the steps to take to update the network drivers. Which type of change management document do you have?

procedures

Which network device acts as an Internet gateway, firewall, and Internet caching server for a private network?

proxy server

You have purchased a new router that you need configure. You need to connect a workstation to the router's console port to complete the configuration tasks

rollover

You need to perform some administrative maintenance on a Cisco router. You decide to connect your notebook computer to the console port on the router. Which type of cable should you use?

rollover cable

Your manager has asked you to improve network security by confining sensitive internal data traffic to computers on a specific subnet using access control lists (ACLs). Where should the ACLs be deployed?

routers

What is another term for a demilitarized zone (DMZ)?

screened subnet

Which type of monitoring requires that updates be regularly obtained to ensure effectiveness?

signature-based

Which type of intrusion detection system (IDS) watches for intrusions that match a known identity?

signature-based IDS

You want to implement and Ethernet network at very long distances using fiber optic cables. Which standard and cable type would you choose?

single mode fiber 1000BaseLX

You need to connect a workstation to a switch using a regular port on the switch (not an uplink port) the switch does not support auto-MDI Which type of cable should you use?

straight-through

Your Windows 7 computer is located on a TCP/IP network that uses DHCP. You want your computer to release its lease on the TCP/IP configuration that it received from the DHCP server. Which command should you issue to release the configurations?

the ipconfig command

You administer computers on a Windows network. You suspect a problem with automatic NetBIOS name resolution on a Windows 7 computer on the network. Which command should you use to troubleshoot the name resolution problem?

the nbtstat -r command

You administer computers on an Ethernet 100BaseTX network, which uses the TCP/IP network communications protocol. The network uses an unsubnetted Class A IP address range. A computer on the network named Admin1 has the IP address 12.10.100.3, and a computer on the network named Marketing1 is configured with the IP address 12.10.100.4. Both computers are configured with the subnet mask 255.0.0.0 and the default gateway address 12.10.100.5. The network is connected to the Internet. RemoteWkst is a computer on a remote network that is connected to the Internet. Normally, Marketing1 and Admin1 can connect to RemoteWkst. You recently discovered that Marketing1 can connect to Admin1 and Admin1 can connect to Marketing1, but neither of these computers can connect to RemoteWkst. You suspect that there is a problem with one of the routers between RemoteWkst and the network you administer. Which TCP/IP utility should you use to troubleshoot this connectivity problem?

the tracert utility

You are implementing an 802.11g wireless network in your office. What is the maximum number of wireless access points that you can implement within 30 meters of each other?

three

You need to verify a network's transmission speed. Which tool should you use?

throughput tester

Which statements describe the purpose of performing site surveys when deploying WLANs? (Choose two.)

to find the frequency and power settings to be used on access points to calculate the number of access points required for the coverage area

Your organization has decided to implement a domain controller on its network. What is the primary purpose of this server?

to provide user authentication for Windows 2000, 2003, and 2008 server-based systems

What is the purpose of content inspection?

to search for malicious code or behavior

You want to trace a signal from one end of a 100BaseT UTP cable to the other. Which tool will help you input a test signal that can be traced through the cable?

tone generator

You must decide the type of identification and authentication that will be used on a new company's network. You must obtain approval on the authentication type from management. What is the most common form of identification and authentication?

user identification with reusable password

An employee shows you a Web site that publishes the SSIDs and passwords for private wireless networks in your area. The information on your company's wireless network is included. Of which type of attack is this an example?

war chalking

You have been given a drawing that shows the flow of network communication with symbols to indicate equipment function. Which type of configuration management documentation have you been given?

wiring schematic

Omni Antenna

a multi-directional antenna that radiates radio wave power uniformly in all directions in one plane with a radiation pattern shaped like a doughnut

Which device is designed to provide the most efficient transmission of traffic that is NOT specifically denied between networks?

a router

SSH

A protocol that uses a secure channel to connect a server and a client

"Which system detects network intrusion attempts and controls access to the network for the intruders? A firewall B IDS C IPS D VPN "

" Answer: IPS Explanation: An intrusion prevention system (IPS) detects network intrusion attempts and controls access to the network for the intruders. An IPS is an improvement over an intrusion detection system (IDS) because an IPS actually prevents intrusion. A firewall is a device that is configured to allow or prevent certain communication based on preconfigured filters. A firewall can protect a computer or network from unwanted intrusion using these filters. However, any communication not specifically defined in the filters is either allowed or denied. Firewalls are not used to detect and prevent network intrusion. An IDS only detects the intrusion and logs the intrusion or notifies the appropriate personnel. A virtual private network (VPN) is a private network that users can connect to over a public network. "

"You are aware that any system in the demilitarized zone (DMZ) can be compromised because the DMZ is accessible from the Internet. What should you do to mitigate this risk? A Implement both DMZ firewalls as bastion hosts. B Implement every computer on the DMZ as a bastion host. C Implement the DMZ firewall that connects to the Internet as a bastion host. D Implement the DMZ firewall that connects to the private network as a bastion host"

" Answer: Implement every computer on the DMZ as a bastion host. Explanation: You should implement every computer on the demilitarized zone (DMZ) as a bastion host because any system on the DMZ can be compromised. A bastion host is, in essence, a system that is hardened to resist attacks. A bastion host is not attached to any firewall software. However, every firewall should be hardened like a bastion host. "

"What is a disadvantage of a hardware firewall compared to a software firewall? A It has a fixed number of available interfaces. B It has lower performance capability than a software firewall. C It is easier to make configuration errors than in a software firewall. D It provides decreased security as compared to a software firewall. "

" Answer: It has a fixed number of available interfaces. Explanation: A hardware firewall is purchased with a fixed number of interfaces available. With a software firewall, adding interfaces is as easy as adding and configuring another network interface card (NIC). A hardware firewall outperforms a software firewall. It is easier to make configuration errors in a software firewall, not a hardware firewall. Most hardware firewalls are advertised as ""turn-key"" solutions, meaning software installation and configuration issues are minimal. Hardware firewalls generally provide increased security over software firewalls."

"Which type of firewall is most detrimental to network performance? A. stateful firewall B. circuit-level proxy firewall C. packet-filtering firewall D. application-level proxy firewall "

" Answer: application-level proxy firewall Explanation: An application-level proxy firewall is most detrimental to network performance because it requires more processing per packet. The packet-filtering firewall provides high performance. Stateful and circuit-level proxy firewalls, while slower than packet-filtering firewalls, offer better performance than application-level firewalls. Kernel proxy firewalls offer better performance than application-level firewalls. This type of firewall is a firewall that is built into the operating system kernel. An application-level firewall creates a virtual circuit between the firewall clients. Each protocol has its own dedicated portion of the firewall that is concerned only with how to properly filter that protocol's data. Unlike a circuit-level firewall, an application-level firewall does not examine the IP address and port of the data packet. Often these types of firewalls are implemented as a proxy server. A proxy-based firewall provides greater network isolation than a stateful firewall. A stateful firewall provides greater throughput and performance than a proxy-based firewall. In addition, a stateful firewall provides some dynamic rule configuration with the use of the state table."

"You are responsible for managing your company's virtualization environment. Which feature should NOT be allowed on a virtualization host? A implementing IPsec B browsing the Internet C implementing a firewall D monitoring the event logs"

" Answer: browsing the Internet Explanation: You should not allow browsing the Internet on a virtualization host. This can present a possible security breach through the introduction of spyware or malware. Anything that affects a virtualization host also affects all virtual computers on the host. Virtual servers have the same information security requirements as physical servers. You should implement IPsec, implement a firewall, and monitor the event logs of a virtualization host. IPsec helps by encrypting data as it transmits across the network. Firewalls prevent unauthorized access to a physical or virtual computer. Event logs help administrators to detect when security breaches have occurred or are being attempted. "

"Which job is NOT provided by a network protocol analyzer? A. provide network activity statistics B identify the sources and destinations of communications C detect active viruses or malware on the network D identify the types of traffic on the network "

" Answer: detect active viruses or malware on the network Explanation: A network protocol analyzer, also known as a packet sniffer, does not detect active viruses or malware on the network. Most network protocol analyzers provide the following functions: Provide network activity statistics. Identify the sources and destinations of communications. Identify the types of traffic on the network. Detect unusual level of traffic. Detect specific pattern characteristics. A network protocol analyzer can determine if passwords are being transmitted over the network in clear text. It can also be used to read the contents of any File Transfer Protocol (FTP) packet, including an FTP GET request. WireShark is a commercial network protocol analyzer. A protocol analyzer can be used by a security administrator to identify a problem between two systems that are not communicating properly, although there are other tools that may be used first. "

"Which firewall architecture has two network interfaces? A bastion host B screened host C screened subnet D dual-homed firewall "

" Answer: dual-homed firewall Explanation: A dual-homed firewall has two network interfaces. One interface connects to the public network, usually the Internet. The other interface connects to the private network. The forwarding and routing function should be disabled on the firewall to ensure that network segregation occurs. A bastion host is a computer that resides on a network that is locked down to provide maximum security. These types of hosts reside on the front line in a company's network security systems. The security configuration for this entity is important because it is exposed to un-trusted entities. Any server that resides in a demilitarized zone (DMZ) should be configured as a bastion host. A bastion host has firewall software installed, but can also provide other services. A screened host is a firewall that resides between the router that connects a network to the Internet and the private network. The router acts as a screening device, and the firewall is the screen host. Screened subnet is another term for a demilitarized zone (DMZ). Two firewalls are used in this configuration: one firewall resides between the public network and DMZ, and the other resides between the DMZ and private network."

"A user complains that he is unable to communicate with a remote virtual private network (VPN) using L2TP. You discover that the port this protocol uses is blocked on the routers in your network. You need to open this port to ensure proper communication. Which port number should you open? A 22 B 88 C 1701 D 1723 "

"Answer: 1701 Explanation: You should open port number 1701 because this is the UDP port used by Layer 2 Tunneling Protocol (L2TP). Port number 22 is reserved for Secure Shell (SSH) remote login. Port number 88 is assigned to the Kerberos protocol. Point-to-Point Tunneling Protocol (PPTP) uses UDP and TCP ports number 1723. There are a total of 65,535 ports in the TCP/IP protocol that are vulnerable to attacks. You should know the following commonly used ports and protocols. FTP - ports 20 and 21 SSH, SCP, and SFTP - port 22 Telnet - port 23 SMTP - port 25 TACACS - port 49 DNS server - port 53 DHCP - ports 67 and 68 TFTP - port 69 HTTP - port 80 Kerberos - port 88 POP3 - port 110 NetBIOS - ports 137-139 IMAP4 - port 143 SNMP - port 161 LDAP - port 389 SSL, FTPS, and HTTPS - port 443 SMB - port 445 LDAP with SSL - port 636 Microsoft SQL Server - port 1433 Point-to-Point Tunneling Protocol (PPTP) - port 1723 RDP protocol and Terminal Services - port 3389"

"You need to configure your company's remote access server to authenticate remote users using smart cards. Which protocol should you deploy? A EAP B WEP C WPA D WPA2 "

"Answer: EAP Explanation: You should use the Extensible Authentication Protocol (EAP). By using an EAP authentication protocol, such as EAP-Transport Level Security (EAP-TLS), for authentication, the remote access server can authenticate remote users with smart cards. The other authentication protocols listed do not support authentication using smart cards. WPA2 is stronger than WPA and WEP. WEP uses a 40-bit or 104-bit encryption key that must be manually entered on wireless access points and devices and does not change automatically. WPA uses Temporal Key Integrity Protocol (TKIP) and employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet. WPA2 introduces Counter-Mode/CBC-Mac Protocol (CCMP), a new AES-based encryption mode with strong security. "

"Management has recently expressed concern over port security. You have been asked to ensure that all network ports are as secure as possible. Which of the following methods of port security should you implement? (Choose all that apply.) A Ensure that wiring closets are locked. B Ensure that TCP and UDP ports are managed properly. C Ensure that port knocking is not implemented. D Ensure that the MAC address of connected devices are monitored."

"Answer: Ensure that wiring closets are locked. Ensure that TCP and UDP ports are managed properly. Ensure that the MAC address of connected devices are monitored. Explanation: Port security is implemented on switches to ensure unauthorized devices cannot connect to the network through that port. Valid methods of port security include the following: Ensure wiring closets are locked - This ensures that rogue devices cannot be plugged into your network. Ensure that TCP and UDP ports are managed properly - This ensures that hackers cannot access your network via open TCP or UDP ports. Ensure that the MAC address of connected devices are monitored - This ensures that devices that connect to the network are identified. Media access control (MAC) addresses are used to uniquely identify network devices, including computers. Port knocking does provide some level of port security. The option regarding port knocking is incorrect because it states that you should NOT implement port knocking."

"You must configure the routers on your network to ensure that appropriate communication is allowed between the subnetworks. Your configuration must allow multiple protocols to communicate across the routers. Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column on the right to match the protocol with the correct default port. Missing Image"

"Explanation: The protocols given use these default ports: Port 20 - FTP Port 23 - Telnet Port 25 - SMTP Port 53 - DNS Port 80 - HTTP FTP also uses port 21, but it was not listed in this scenario."

"Which device is the BEST solution to protect all traffic on an HTTP/HTTPS server? A. network-based IDS B. host-based IDS C. network firewall D. Web application firewall"

"Answer: Web application firewall Explanation: The BEST solution to protect all traffic on an HTTP/HTTPS server is a Web application firewall. A Web application firewall can be implemented in hardware or software to protect a Web server from a cross-site scripting attack. A Web application firewall (WAF) provides security at the Application layer (Layer 7) of the OSI model. None of the other solutions provides the same level of security as the Web application firewall. The network firewall would be able to provide some protection, but it provides more services than you really need. In addition, because the network firewall protects the entire network, its performance could be degraded. An intrusion detection system (IDS) does not really secure any devices. By definition, an IDS detects intrusions and sends out alerts when the intrusions occur. Remember that security professionals should always keep a defense-in-depth or layered security approach in mind. Physical security is often considered the first layer of security and includes any mechanisms that protect the physical security of your facility. However, physical security is not enough to completely protect your assets. Once physical security is covered, then perimeter security and internal network security should be assessed. The last three aspects are host security, application security, and data security. Encompassing all of these layers is the personnel you use. Personnel can affect any layer of defense. Training personnel is key to ensuring that security is not compromised. "

"Recently, an IT administrator contacted you regarding a file server. Currently, all users are granted access to all of the files on this server. You have been asked to change the configuration and designate which users can access the files. What should you use to do this? A. a firewall B. a NAT server C an ACL D a proxy server "

"Answer: an ACL Explanation: An access control list (ACL) is a security mechanism used to designate those users who can gain various types of access, such as read, write, and execute access, to resources on a network. An ACL provides security as granular as the file level. The DAC model uses ACL to identify the users who have permissions to a resource. If a user is unable to access remote resources and you have ensured that the firewall is not blocking the user's communication, it could be that the ACL for the resource needs to be checked to ensure that user has the appropriate permission. An ACL is also configured at the remote access server to grant or deny remote access. A firewall allows and denies network access through communications ports. A NAT server presents public Internet Protocol (IP) addresses to the Internet on behalf of computers on a private network. A proxy server can be used to enable hosts to access Internet resources. A proxy server can increase the performance of a network by caching Web pages, which can reduce the amount of time required for clients to access Web pages. A proxy server is often used to cache and filter content. "

"You are creating an IDS solution for your company's network. You define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted. Which type of IDS are you using? A misuse-detection-based B anomaly-based C behavior-based D signature-based"

"Answer: behavior-based Explanation: A behavior-based IDS looks for behavior that is not allowed and acts accordingly. When you define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted, you are using behavior-based monitoring. A misuse-detection-based IDS is the same as signature-based monitoring. A signature-based IDS requires that updates be regularly obtained to ensure effectiveness. Signature-based monitoring watches for intrusions that match a known identity or signature when checked against a database that contains the identities of possible attacks. This database is known as the signature database. An anomaly-based IDS detects any changes or deviations in network traffic. With this type of monitoring, there is an initial learning period before anomalies can be detected. Once the baselines are established, anomaly-based monitoring can detect anomalous behavior. Sometimes the baseline is established through a manual process. Another type of IDS that you need to understand is a heuristic IDS. This type of monitoring uses artificial intelligence (AI) to detect intrusions. "

"Which type of firewall is also referred to as an appliance firewall? A. application B. embedded C. hardware D. software "

"Answer: hardware Explanation: A hardware firewall is also referred to as an appliance firewall. Appliance firewalls are often designed as stand-alone black box solutions that can be plugged in to a network and operated with minimal configuration and maintenance. An application firewall is typically integrated into another type of firewall to filter traffic that is traveling at the Application layer of the Open Systems Interconnection (OSI) model. An embedded firewall is typically implemented as a component of a hardware device, such as a switch or a router. A software firewall is a program that runs within an operating system, such as Linux, Unix, or Windows 2000. Firewalls can be used to create demilitarized zones (DMZs). A DMZ is a network segment placed between an internal network and a public network, such as the Internet. DMZs allow remote access to services while segmenting access to the internal network. Typically, either one or two firewalls are used to create a DMZ. A DMZ with a firewall on each end is typically more secure than a single-firewall DMZ. However, a DMZ implemented with one firewall connected to a public network, a private network and a DMZ segment is cheaper to implement than a DMZ implemented with two firewalls. If you have trouble communicating with a server that is located on a DMZ from the Internet and the internal network, the server probably has an incorrect default gateway address. "

A user complains that he is unable to communicate with a remote virtual private network (VPN) using L2TP. You discover that the port this protocol uses is blocked on the routers in your network. You need to open this port to ensure proper communication. Which port number should you open?

1701

"You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: The VPN gateway should require the use of Internet Protocol Security (IPSec). All remote users must use IPSec to connect to the VPN gateway. No internal hosts should use IPSec. Which IPSec mode should you use? A host-to-host B host-to-gateway C gateway-to-gateway D This configuration is not possible."

"Answer: host-to-gateway Explanation: You should deploy host-to-gateway IPSec mode. In this configuration, the VPN gateway requires the use of IPSec for all remote clients. The remote clients use IPSec to connect to the VPN gateway. IPSec is not used for any communication between the VPN gateway and the internal hosts on behalf of the remote clients. Only the traffic over the Internet uses IPSec. In host-to-host IPSec mode, each host must deploy IPSec. This mode would require that any internal hosts that communicate with the VPN clients would need to deploy IPSec. In gateway-to-gateway IPSec mode, the gateways at each end of the connection provide IPSec functionality. The individual hosts do not. For this reason, the VPN is transparent to the users. This deployment best works when a branch office or partner company needs access to your network. "

"You have been hired by a small company to ensure that their internal network is protected against attacks. You must implement a secure network. As part of this implementation, what should be the default permission position? A explicit allow B implicit allow C explicit deny D implicit deny "

"Answer: implicit deny Explanation: The default permission position in a secure network should be implicit deny. This will ensure that if a user or group does not have an explicit allow permission configured, the access will default to an implicit deny. An implicit deny should be the last rule contained on any firewall because most firewalls do not default to this setting. This firewall rule is often defined with a Drop All statement. On Windows servers, the access control list (ACL) defaults to an implicit deny. None of the other permissions should be the default position in a secure network. An explicit allow is an allowed permission that is configured explicitly for that resource. An implicit allow is an allowed permission that is implied for that resource based on another explicit or implicit permission. An explicit deny is a denied permission that is configured explicitly for that resource. "

"What is the primary advantage of using a network-based intrusion detection system (NIDS)? A no counterattack on the intruder B ability to analyze encrypted information C low maintenance D high throughput of the individual workstations on the network "

"Answer: low maintenance Explanation: The primary advantage of an NIDS is the low maintenance involved in analyzing traffic in the network. An NIDS is easy and economical to manage because the signatures are not configured on all the hosts in a network segment. Configuration usually occurs at a single system, rather than on multiple systems. By contrast, host-based intrusion detection systems (HIDSs) are difficult to configure and monitor because the intrusion detection agent should be installed on each individual workstation of a given network segment. HIDSs are configured to use the operating system audit logs and system logs, while NIDSs actually examine the network packets. Individual hosts do not need real-time monitoring because intrusion is monitored on the network segment on which the NIDS is placed, and not on individual workstations. An NIDS is not capable of analyzing encrypted information. For example, the packets that travel through a Virtual Private network Tunnel (VPN) cannot be analyzed by the NIDS. The lack of this capability is a primary disadvantage of an NIDS. The high throughput of the workstations in a network does not depend on the NIDS installed in the network. Factors such as the processor speed, memory, and bandwidth allocated affect the throughput of workstations. The performance of an NIDS can be affected in a switched network environment because the NIDS will not be able to properly analyze all the traffic that occurs on the network on which it does not reside. An HIDS is not adversely affected by a switched network because it is primarily concerned with monitoring traffic on individual computers. "

"Which network device acts as an Internet gateway, firewall, and Internet caching server for a private network? A. proxy server B. VPN C. IDS D. IPS "

"Answer: proxy server Explanation: A proxy server acts as an Internet gateway, firewall, and Internet caching server for a private network. Hosts on the private network contact the proxy server with an Internet Web site request. The proxy server checks its cache to see if a locally stored copy of the site is available. If not, the proxy server communicates with its Internet connection to retrieve the Web site. The proxy server is virtually invisible to the client and the Internet connection. A proxy server can be configured to allow only outgoing Hypertext Transfer Protocol (HTTP) traffic by configuring which users have permissions to access the Internet via the proxy server. A virtual private network (VPN) is a private network that users can connect to over a public network. Often a VPN is implemented with a firewall to allow remote employees to connect to local resources. A VPN concentrator is the device that creates the VPN. An intrusion detection system (IDS) is a network device that detects network intrusion and either logs the intrusion or contacts the appropriate personnel. An intrusion prevention system (IPS) is a network device that detects network intrusion attempts and prevents the network intrusion. An IPS provides more security than an IDS because it actually provides prevention, not just detection. An Internet gateway can also be referred to as a Web security gateway. Its purpose is to defend against advanced Web attacks at the gateway. Firewalls, IDSs, IPSs, and proxies are often classified as application-aware devices because many of them can be configured to allow or deny traffic based on the application requesting access. "

A server is located on a DMZ segment. The server only provides FTP service, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall?

20

"You have been hired by a law firm to create a demilitarized zone (DMZ) on their network. Which network device should you use to create this type of network? A. a bridge B. a firewall C. a hub d. a route"

"Answer: a firewall Explanation: An administrator can install a firewall on a network to create a demilitarized zone (DMZ). A DMZ separates a public network from a private network. A DMZ can be implemented with one firewall that is connected to the DMZ segment, the private network, and the Internet. A DMZ can also be implemented with two firewalls. In this configuration, one firewall is connected to a private network and a DMZ segment, and the other firewall is connected to the Internet and the DMZ segment. To implement a firewall, you should first develop and implement a firewall policy. When configuring a firewall policy, the default setting should deny all traffic not explicitly allowed. Firewalls implement stateful inspection by inspecting every packet and allowing or denying the packet based on the firewall policy. A bridge is a device that separates a network into distinct collision domains to control network traffic. A network divided by a bridge is considered to be a single network. A hub is a central connection device used on Ethernet networks. A router is a device that is designed to transmit data between networks on a TCP/IP internetwork. Bridges, hubs and routers are not used to create DMZs."

"Your organization deploys two wireless networks in close proximity. The configuration of the two wireless networks is as follows: SSID: Students - 802.11b using channel 1 SSID: Guest - 802.11g using channel 9 You have been asked to deploy a new wireless network for the Research department. This wireless network should only support 802.11g wireless devices and must use a different channel than the other wireless networks. The network should be named Research and should not be advertised. When you open the wireless router's interface, the Basic Wireless Settings screen is configured as follows:"

"Explanation: For this scenario, you should configure the Wireless Network Mode option as follows: Change the Wireless Network Mode setting to G-Only. Change the Wireless Network Name (SSID) setting to Research. Change the Wireless Channel setting to 5. Change the Wireless SSID Broadcast setting to Disable. For the Wireless Network Mode, the scenario specifically stated that you ONLY want to support 802.11g wireless devices on the network. Because the scenario also stated that you must use a non-overlapping channel, you must choose from channels 1, 5, 9, or 13 for an 802.11g network. Because channels 1 and 9 are already in use and channel 13 is not an option on the router, you must use channel 5. Note that 80211b wireless networks have four non-overlapping channels: 1, 6, 11, and 14. Finally, the scenario stated that the network name should not be advertised, which means that the Wireless SSID Broadcast option should be set to Disable. For testing purposes, you should understand how to configure a wireless router. This includes setting the network mode, the SSID name, and the channel used. You should also understand how to enable/disable SSID broadcast and how to configure MAC filtering. Linksys has an online emulator that will allow you to view the different configurable screens for the various models. The link to the online emulator is given in the References section. When you access this site, you first select the model number you want to emulate. Then you will need to select the firmware version. The emulator will allow you to view all of the configurable screens for a Linksys wireless router. We suggest that you spend time familiarizing yourself with wireless configuration settings using this free tool. "

"You are responsible for managing the security for a network that supports multiple protocols. You need to understand the purpose of each of the protocols that are implemented on the network. Match each description with the protocol that it BEST fits. Missing Image"

"Explanation: The protocols should be matched with the descriptions in the following manner: SSH - A protocol that uses a secure channel to connect a server and a client SSL - A protocol that secures messages between the Application and Transport layer SCP - A protocol that allows files to be copied over a secure connection ICMP - A protocol used to test and report on path information between network devices"

A Web server is located on a DMZ segment. The Web server only serves HTTP pages, and there are no other computers on the DMZ segment. You need to configure the DMZ to ensure that communication can occur. Which port should be opened on the Internet side of the DMZ firewall?

80

Your company management has recently purchased a RADIUS server. This RADIUS server will be used by remote employees to connect to internal resources. You need to ensure that multiple client computers, including Windows Vista and Windows 7, are able to connect to the RADIUS server in a secure manner. What should you deploy?

802.1X

SSL

A protocol that secures messages between the Application and Transport layer

ICMP

A protocol used to test and report on path information between network devices

Your organization purchases a set of offices adjacent to your current office. You need to broaden the area to which a wireless access point (AP) can transmit. What should you do

Adjust the power level setting slightly higher.

Recently, an IT administrator contacted you regarding a file server. Currently, all users are granted access to all of the files on this server. You have been asked to change the configuration and designate which users can access the files. What should you use to do this?

an ACL

You work for a company that installs networks for small businesses. During a recent deployment, you configure a network to use the Internet Protocol Security (IPSec) protocol. The business owner asks you to explain why this protocol is being used. Which three are valid reasons for using this protocol?

IPSec can work in either tunnel mode or transport mode. IPSec uses Encapsulation Security Payload (ESP) and Authentication Header (AH) as security protocols for encapsulation. The IPSec framework is used in a virtual private network (VPN) implementation to secure transmissions.

What is a disadvantage of a hardware firewall compared to a software firewall?

It has a fixed number of available interfaces

Management has requested that you ensure all firewalls are securely configured against attacks. You examine one of your company's packet-filtering firewalls. You have configured the following rules on the firewall: • Permit all traffic to and from local hosts. • Permit all inbound TCP connections. • Permit all SSH traffic to linux1.kaplanit.com. • Permit all SMTP traffic to smtp.kaplanit.com. Which rule will most likely result in a security breach?

Permit all inbound TCP connections

Your company implements an Ethernet network. During a recent analysis, you discover that network throughput capacity has been wasted as a result of the lack of loop protection. What should you deploy to prevent this problem?

STP

Which tool is an intrusion detection system (IDS)?

Snort

You company needs to be able to provide employees access to a suite of applications. However, you do not want the employees to install a local copy of the applications. Which method should you use to deploy the suite of applications?

Software as a Service

Management of your company wants to allow the departments to share files using some form of File Transfer Protocol (FTP). You need to explain the different FTP deployments. By default, which FTP solution provides the LEAST amount of security?

TFTP

Which type of monitoring is most likely to produce a false alert?

anomaly-based

Which type of firewall is most detrimental to network performance?

application-level proxy firewall

You are responsible for managing your company's virtualization environment. Which feature should NOT be allowed on a virtualization host?

browsing the Internet

You have been hired by a law firm to create a demilitarized zone (DMZ) on their network. Which network device should you use to create this type of network?

a firewall

What is an embedded firewall?

a firewall that is integrated into a router

You need to implement an independent network within your private LAN. Only users in the Research and Development department should be able to access the independent network. The solution must be hardware based. Which type of network should you deploy?

a VLAN

Sector Antenna

a directional antenna with a circle measured in degrees of arc radiation pattern

Yagi Antenna

a directional antenna with high gain and narrow radiation pattern

Which type of firewall is also referred to as an appliance firewall?

hardware

You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals: • The VPN gateway should require the use of Internet Protocol Security (IPSec). • All remote users must use IPSec to connect to the VPN gateway. • No internal hosts should use IPSec. Which IPSec mode should you use?

host-to-gateway

You have been hired by a small company to ensure that their internal network is protected against attacks. You must implement a secure network. As part of this implementation, what should be the default permission position?

implicit deny

You need to ensure that wireless clients can only communicate with the wireless access point and not with other wireless clients. What should you implement?

isolation mode

Dipole

the earliest, simplest, and most widely used antenna with a radiation pattern shaped like a doughnut