SECFND 210-250
A ----- is an access point that has been installed on a secure network without explicit authorization from a system administrator.
rogue AP
A ----- is the logical center of the spanning tree topology.
root bridge
To prevent loops in a network, a reference point for the network must first be defined. This reference point is called a -----.
root bridge
TCAM
Found in multilayer switches and routers ACL, QoS, and other information for upper-layer processing Switches can have multiple TCAMs to boost performance.
Which IP address can be used by a host to establish an IP connection to itself for testing purposes? a. 127.0.0.1 b. 1.1.1.1 c. 0.0.0.0 d. 255.255.255.255
a. 127.0.0.1
Which one of the following options is the Class C private IP range? a. 192.168.0.0-192.168.255.255 b. 172.16.0.0-172.31.255.255 c. 10.0.0.0-10.255.255.255 d. 192.168.1.0-192.168.1.255
a. 192.168.0.0-192.168.255.255
Which two of the following are valid IPv6 addresses? (Choose two.) a. 2001:0:130f::9c0:876a:130b b. 2001::130f::9c0:876a:130b c. 0:1 d. 0:0:0:0:0:0:0:1
a. 2001:0:130f::9c0:876a:130b d. 0:0:0:0:0:0:0:1
Which two of the following options are common DHCP attacks? (Choose two.) a. DHCP starvation b. DHCP tunneling c. rogue DHCP server d. DHCP amplification
a. DHCP starvation c. rogue DHCP server
If a host on a network wants to ping another host on the same network, which three of the following options are required? (Choose three.) a. ICMP echo request and echo reply b. source and destination IP addresses c. source and destination MAC addresses d. source and destination ports e. default gateway MAC address f. default gateway IP address
a. ICMP echo request and echo reply b. source and destination IP addresses c. source and destination MAC addresses
Which one of the following statements is true regarding the CAPWAP tunneling protocol? a. It is used to encapsulate data between the LWAP and the WLC. b. It is used to encapsulate data between different standalone APs. c. It is used to encapsulate data between the standalone AP and the wireless clients. d. It is used to encapsulate data between the LWAP and the wireless clients.
a. It is used to encapsulate data between the LWAP and the WLC.
Which two of the following options are potential problems with a large single broadcast domain? (Choose two.) a. Large amounts of broadcast traffic consume resources. b. All PCs share the same collision domain. c. Layer 3 routing overhead is high. d. It is difficult to apply security policies because there are no boundaries between devices.
a. Large amounts of broadcast traffic consume resources. d. It is difficult to apply security policies because there are no boundaries between devices.
Which layer of the OSI model is responsible for logical addressing and best path selection to endpoint networks? a. Layer 3 b. Layer 1 c. Layer 4 d. Layer 5
a. Layer 3
All ports on the hub share both a single collision domain and a single broadcast domain as the hub or repeater operates at the ----- layer of the OSI model.
physical
bridge
provides the same functionality as a Layer 2 switch
A ----- allows multiple VLANs to share the port connection.
trunk
A ----- is a point-to-point link between an Ethernet switch interface and another networking device, such as a router or a switch.
trunk
DHCP employs a connectionless service model using UDP, and is implemented using the same two UDP port numbers as -----.
BOOTP
The MAC address tables are commonly called ----- tables because many switches use CAM (a special type of technology) to store the MAC address tables.
CAM - content-addressable memory
DHCPINFORM
DHCP client already has an IP address; request more information from the server.
Most common messages that are exchanged between the DHCP server and the client:
DHCPDISCOVER DHCPOFFER DHCPREQUEST DHCPACK
Port 53
DNS
A subnet mask:
Defines the number of bits that represent the network and subnet part of the address Is used by end systems to identify the destination IP address as either local or remote Is used by Layer 3 devices to determine network path
Link-State Protocols
Exchanges information about the whole topology: Each router determines the best paths on its own, using SPF. OSPF and IS-IS
Path Vector Protocols
Exchanges routes as the vector of path and direction: Path = list of different path attributes Direction = next-hop neighbor BGP
Distance Vector Protocols
Exchanges routes as vectors of distance and direction: Distance = metric of links or hop count Direction = next-hop neighbor EIGRP and RIPv2
Port 21
FTP
Port 80
HTTP
DHCPDECLINE
If the DHCP client determines the offered configuration parameters are invalid, it sends this packet to the server, and the client must begin the lease process again.
CAM
MAC address-to-port mappings Layer 2 forwarding decisions
DHCPRELEASE
Message is sent after the client is ready to gibe up the DHCP IP address.
VLSM benefits:
More efficient use of IP addresses Better-defined network hierarchical levels
----- is the process that routers, OSI network layer devices, use to forward data packets between networks or subnetworks.
Routing
Port 161
SNMP
Port 23
Telnet
What are the advantages of subnetting a network?
Smaller networks are easier to manage and map to geographical or functional requirements. Contain the broadcast traffic to the individual subnets to improve performance. More easily apply network security measures at the interconnections between subnets than within a large single network.
----- switch data frames between segments to enable communication within a single network.
Switches
A ----- is a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on several different LAN segments.
VLAN
A ----- is a logical broadcast domain that can span multiple physical LAN segments.
VLAN
A ----- is the physical location where Wi-Fi access to a wireless LAN is available.
Wi-Fi hotspot
BOOTP - Bootstrap Protocol
a host can broadcast a request on the network and get information required from a BOOTP server.
DHCPNAK
a negative acknowledgment from the DHCP server.
Which one of the following options describes the three steps in the TCP three-way handshake? a. 1. SYN; 2. SYN, ACK; 3. ACK b. 1. SYN; 2. ACK; 3. SYN c. 1. SYN; 2. SYN; 3. ACK d. 1. SYN; 2. ACK; 3. ACK
a. 1. SYN; 2. SYN, ACK; 3. ACK
Which three of the following statements are true regarding the router? (Choose three.) a. Longer prefixes are always preferred over shorter ones when forwarding a packet. b. Routers use administrative distance to determine the trustworthiness of the routes c. Routers use routing tables to route between networks. d. Routers populate the routing table by dynamically learning the source IP address of incoming packets e. Routers are considered Layer 2 devices.
a. Longer prefixes are always preferred over shorter ones when forwarding a packet. b. Routers use administrative distance to determine the trustworthiness of the routes c. Routers use routing tables to route between networks.
A host using an IP address from the private IP range needs to connect to a website on the Internet. What function must be performed in order for the device to connect to the web service? a. NAT b. ACL c. PBR d. PfR
a. NAT
Which one of the following protocols sends data in cleartext? a. Telnet b. HTTPS c. SSH d. SCP
a. Telnet
Which three of the following are TCP applications? (Choose three.) a. Telnet b. SSH c. ARP d. FTP e. NTP
a. Telnet b. SSH d. FTP
Complete the following sentence: As the data moves down through the layers of the OSI reference model, before passing it down to a lower layer, each OSI layer _____________________. a. adds a header and (if applicable) a trailer b. adds a header after stripping the header added by the previous layer c. adds both a header and a trailer d. adds only a header
a. adds a header and (if applicable) a trailer
The application layer of the TCP/IP model corresponds to which of the following three layers of the OSI model? (Choose three.) a. application b. transport c. session d. presentation e. data link
a. application c. session d. presentation
On which OSI layer or layers does ARP operate? a. between Layer 2 and Layer 3 b. at Layer 2 c. at Layer 3 d. between Layer 1 and Layer 2
a. between Layer 2 and Layer 3
Which one of these source ports does a client dynamically use when it connects to a server that is listening on a well-known port? a. ephemeral b. registered c. well-known d. first available port on the client system
a. ephemeral
A lack of validation of the ARP replies can allow an attacker to successfully execute what type of attack? a. man in the middle b. rogue DHCP server c. DNS spoofing d. replay
a. man in the middle
The main interface of Wireshark consists of what three components? (Choose three.) a. packet list b. packet details c. packet bytes d. interface statistics e. protocol hierarchy
a. packet list b. packet details c. packet bytes
To capture traffic that is not destined for the local machine, in which mode must the network card must be placed? a. promiscuous b. transparent c. not attached d. managed e. bypass
a. promiscuous
Which three of the following fields are found in a TCP segment? (Choose three.) a. source port b. window size c. source IP address d. payload length e. checksum
a. source port b. window size e. checksum
How can the established keyword in an ACL entry be used? a. to permit only the returning TCP packets from an already existing TCP connection, and deny the initial TCP packet of a new session from an untrusted network b. to permit both the initial TCP packet of a new session and the returning TCP packets from an existing TCP connection c. to permit only the initial TCP packet of a new session d. to change a router into a true stateful firewall controlling the access on a session-by-session basis
a. to permit only the returning TCP packets from an already existing TCP connection, and deny the initial TCP packet of a new session from an untrusted network
hub
acts as a Layer 1 repeater device
In the address 172.16.55.87 /20, what does the /20 indicate? a. the subnet can accommodate 20 hosts per network b. /20 is the prefix length: the first 20 bits are the network address; the remaining 12 bits are the host portion c. this subnet is the 20th usable range d. this IP address is the 20th usable IP in the range
b. /20 is the prefix length: the first 20 bits are the network address; the remaining 12 bits are the host portion
Which two of the following IP addresses belong to the private address range? (Choose two.) a. 127.0.0.1 b. 10.3.8.248 c. 172.17.39.9 d. 192.167.5.5 e. 198.162.252.45
b. 10.3.8.248 c. 172.17.39.9
Using the default network mask, which two of the following are valid host addresses? (Choose 2.) a. 10.0.0.0 b. 192.168.10.1 c. 172.16.255.255 d. 10.10.10.10
b. 192.168.10.1 d. 10.10.10.10
What is the maximum value that can be represented in any octet of an IP address or subnet mask? a. 126 b. 255 c. 256 d. 128
b. 255
How many bits does an IPv4 address have? a. 16 b. 32 c. 48 d. 64
b. 32
Which one of the following options is the type of request that is sent by a host to discover the MAC address belonging to an IP address? a. ping request b. ARP request c. RARP request d. DCHP request e. BOOTP request
b. ARP request
For TCP connection establishment, which one of the following statements is true? a. Only the sender generates a sequence number. b. Both the sender and receiver generate sequence numbers. c. The sequence numbers for both the sender and the receiver must match. d. Only the receiver generates a sequence number.
b. Both the sender and receiver generate sequence numbers.
The IP address 191.168.0.252 belongs to which class of IP address? a. Class A b. Class B c. Class C d. unclassified
b. Class B
To what class of IP address does the address 172.16.1.10 belong? a. Class A address b. Class B address c. Class D address d. Class C address
b. Class B address
During the DHCP initializing state (when a client first boots up), which two DHCP messages are always sent as broadcasts? (Choose two.) a. DHCPOFFER b. DHCPDISCOVER c. DHCPREQUEST d. DHCPACK
b. DHCPDISCOVER c. DHCPREQUEST
Which four of the following are interior gateway routing protocols? (Choose four.) a. BGP b. EIGRP c. GRE d. HSRP e. IS-IS f. OSPF g. RIP
b. EIGRP e. IS-IS f. OSPF g. RIP
Which ICMP message type is sent by the router if an IP packet TTL field reaches zero? a. Destination Unreachable b. ICMP Time-Exceeded c. Echo Reply d. Echo Request
b. ICMP Time-Exceeded
When encapsulating data using the OSI model as a reference, the MAC address of the sending and receiving hosts is identified at which layer? a. Layer 7 b. Layer 2 c. Layer 4 d. Layer 3
b. Layer 2
Which one of the following options is the main purpose for using spanning tree protocol? a. Layer 2 routing protocol b. Layer 2 loop prevention protocol c. Layer 2 frame speed double verification protocol d. Layer 3 routing protocol
b. Layer 2 loop prevention protocol
In which one of the following layers of the OSI model does the router primarily operate? a. Layer 2 b. Layer 3 c. Layer 4 d. Layer 7
b. Layer 3
At which layer of the OSI model does UDP operate? a. Layer 2 b. Layer 4 c. Layer 1 d. Layer 5
b. Layer 4
Which two of the following statements are true regarding standalone and lightweight access points? (Choose two.) a. Lightweight access points are self-contained, each offering one or more fully functional BSSs. b. Standalone access points can be configured one-by-one and offer complete functionality by themselves. c. Lightweight access points rely on a central wireless LAN controller to retrieve their configurations. d. Lightweight access points are also known as autonomous access points.
b. Standalone access points can be configured one-by-one and offer complete functionality by themselves. c. Lightweight access points rely on a central wireless LAN controller to retrieve their configurations.
Which two of the following are UDP applications? (Choose two.) a. SMTP b. TFTP c. FTP d. SNMP
b. TFTP d. SNMP
In a TCP header, which field identifies the number of bytes that the device is willing to accept? a. TTL field b. Window field c. TOS field d. Source IP address field
b. Window field
Which one of the following OSI layers defines how data is formatted for transmission and how data accesses the physical layer? a. physical b. data link c. presentation d. transport
b. data link
When data is sent from one host to another host, the sending host must package up the data. What is this packaging-up process called? a. packaging b. encapsulation c. containerization d. encoding
b. encapsulation
Which one of the following devices operates strictly at the physical layer? a. switches b. hubs c. routers d. bridges
b. hubs
Which one of the following types of routing protocol is OSPF? a. advanced distance vector b. link state c. distance vector d. path vector
b. link state
RFC 1918 specifies a set of IP addresses that are reserved for what type of networks? a. loopback b. private c. public d. broadcast
b. private
What is used by a router to make traffic forwarding decisions at Layer 3? a. MAC address table b. routing table c. DSCP mutation table d. QoS information in the TCAM
b. routing table
Which field in the IP header represents the sender's logical address? a. destination MAC address field b. source IP address field c. destination IP address field d. source MAC address field
b. source IP address field
On a Cisco Catalyst switch, which type of Layer 3 interface can be configured for any VLAN that exists on the Layer 3 switch? a. bridged virtual interface (BVI) b. switched virtual interface (SVI) c. loopback interface d. routed virtual interface (RVI)
b. switched virtual interface (SVI)
Which field in the IP header is decremented by every router it passes through? a. the TOS field b. the TTL field c. the Options field d. the Control bits field
b. the TTL field
Which one of the following options is the mechanism that identifies the separation point of network addressing and host addressing? a. the dotted decimal notation b. the subnet mask c. the wildcard mask d. the partial mask
b. the subnet mask
Which two of the following options are layers of the TCP/IP model? (Choose two.) a. presentation b. transport c. internet d. session e. data link
b. transport c. internet
UDP has which two of the following characteristics? (Choose two.) a. operates at Layer 3 of the OSI model b. uses IP protocol number 17 c. connection oriented to provide reliability d. UDP header contains the sequence number field e. does not guarantee data delivery
b. uses IP protocol number 17 e. does not guarantee data delivery
A ----- is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer.
broadcast domain
A ----- is the set of all devices that will receive broadcast frames originating from any device within the set.
broadcast domain
What is the length of the IPv6 addresses in bits? a. 48 b. 64 c. 128 d. 256
c. 128
What range of IP addresses are usually assigned to hosts that fail to obtain an IP address via DHCP? a. 0.0/8 b. 127.0/8 c. 169.254/16 d. 192.168.0/24
c. 169.254/16
Which one of the following subnet masks is equivalent to the /26 prefix? a. 255.255.192.0 b. 255.255.255.128 c. 255.255.255.192 d. 255.255.255.248
c. 255.255.255.192
What is the maximum number of hosts that a network with a subnet mask of /26 can have? a. 54 b. 56 c. 62 d. 64
c. 62
What is the maximum number of hosts that a Class B network can have? a. 254 b. 32,766 c. 65,534 d. 16,777,214
c. 65,534
What is the destination port defined in the DHCP Offer message? a. 69 UDP b. 69 TCP c. 68 UDP d. 68 TCP
c. 68 UDP
Which one of the following options is used to pass VLAN information between two different switches? a. 802.1D b. 802.1W c. 802.1Q d. a routing protocol, such as EIGRP or OSPF e. the spanning tree protocol
c. 802.1Q
Which one of the following protocols is used to automatically assign IP addresses and set TCP/IP stack configuration parameters? a. DNS b. TFTP c. DHCP d. RARP
c. DHCP
What two types of ICMP messages are used by the ping command? (Choose two.) a. Whois Request b. Destination Unreachable c. Echo Request d. Echo Reply
c. Echo Request d. Echo Reply
Which one of the following options must a host on an Ethernet network know about a destination in order to send an Ethernet frame to that destination? a. receiving port number b. IP address c. MAC address d. window size
c. MAC address
Which one of the following statements is true regarding STP? a. STP is used to defend against spoofing attacks. b. STP is used to maintain the VLAN configuration consistency across the Layer 2 network. c. STP is used to prevent loops from being formed when switches or bridges are interconnected via multiple paths across the Layer 2 network. d. STP is used to negotiate whether an interconnection between two switches should be put into access or trunk mode. e. STP is used to detect the loss of bidirectional communication on a link.
c. STP is used to prevent loops from being formed when switches or bridges are interconnected via multiple paths across the Layer 2 network.
Which one of the following protocols is susceptible to a SYN flood attack? a. UDP b. ARP c. TCP d. ICMP
c. TCP
Which one of the following options describes the protocol and port that is used by DNS? a. TCP 53 b. UDP 53 c. UDP 53 and TCP 53 d. any registered port
c. UDP 53 and TCP 53
Which one of the following options best describes a VLAN? a. a virtual routing and forwarding instance b. a logically defined collision domain on one or more switches c. a logically defined broadcast domain on one or more switches d. a routing environment that is logically identified by the port membership
c. a logically defined broadcast domain on one or more switches
Which one of the following options is a valid field in the UDP header? a. window size b. options c. checksum d. reserved
c. checksum
Which two characteristics do a TCP connection have? (Choose two.) a. operates at Layer 3 of the OSI model b. does not provide error checking c. is connection-oriented d. operates in full-duplex mode e. uses IP protocol number 32
c. is connection-oriented d. operates in full-duplex mode
What is the purpose of the switched virtual interface on a multilayer switch? a. enables the switch to perform QoS functions such as CBWFQ, LLQ, and traffic shaping b. allows the multiprotocol switch to load balance traffic across trunk ports c. provides basic Layer 3 functions for the Layer 2 switch ports assigned to a VLAN d. prevents routing and bridge loops by creating broadcast and collision domains
c. provides basic Layer 3 functions for the Layer 2 switch ports assigned to a VLAN
When using tcpdump for packet capture and Wireshark for analysis, what would you configure to reduce the amount of unnecessary data that is captured? a. turn off promiscuous mode on the interface b. turn on promiscuous mode on the interface c. set tcpdump capture filters d. disable the monitor interface mode
c. set tcpdump capture filters
What determines the class of an IP address? a. the number of bits in the host field b. the subnet mask c. the most significant bit (MSB) pattern d. the third octet
c. the most significant bit (MSB) pattern
Which one of the following IP header fields helps prevent routing loops? a. options b. flag c. time to live d. identification
c. time to live
When using DHCP with LWAP devices, which one of the following is option 43 used for? a. to identify the default gateway b. to assign a fallback IP address c. to supply the specific WLAN controllers IP address d. to supply the specific NAME server IP address
c. to supply the specific WLAN controllers IP address
What service does the DNS protocol provide? a. points to a website proxy device b. resolve IP addresses to MAC addresses c. user-friendly hostname resolution to an IP address d. resolves a NetBIOS hostname to a MAC Address
c. user-friendly hostname resolution to an IP address
ARP messages are sent using which Ethertype designation in the frame header? a. 0x2100 b. 0x0800 c. 0x8100 d. 0x0806
d. 0x0806
What is the maximum size of an IP packet in bytes? a. 256 b. 1024 c. 32768 d. 65535
d. 65535
What is the destination port defined in the DHCP Discover message? a. 66 UDP b. 66 TCP c. 67 TCP d. 67 UDP
d. 67 UDP
If a host fails to get an IP address from a DHCP server, which of the following may be true? a. There is no ARP entry for the default gateway. b. The DHCP server's IP address configuration on the host's network adapter is incorrect. c. The DNS is not working. d. All available IP addresses on the DHCP server are already leased out.
d. All available IP addresses on the DHCP server are already leased out.
Which is the best routing protocol to use on the Internet to route between autonomous systems? a. RIP b. EGP c. IS-IS d. BGP
d. BGP
Which one of the following options is the MAC address that a host would use to send broadcast messages if its own MAC address is 0800:0222:2222? a. 0000:0000:0000 b. 0800:0222:FFFF c. 0800:FFFF:FFFF d. FFFF:FFFF:FFFF
d. FFFF:FFFF:FFFF
Which one of the following flags does a host set in the TCP segment to gracefully terminate a TCP connection? a. END b. STOP c. TERM d. FIN
d. FIN
On a multilayer switch, in which table is the QoS information retained? a. CAM b. MAC c. Routing d. TCAM
d. TCAM
Which one of the following commands should you use on a Windows system to examine all the IP to MAC address mappings of the neighboring devices that are on the same network? a. ifconfig b. ipconfig /all c. netstat d. arp -a
d. arp -a
When comparing IPv4 and IPv6 headers, which one of the following options is the field that is new in the IPv6 headers? a. traffic class b. hop limit c. payload length d. flow label
d. flow label
How many messages are exchanged in a DHCP transaction? a. one b. two c. three d. four
d. four
What is the address 127.0.0.1 used for? a. local broadcast b. link local address c. network IP address d. local loopback testing
d. local loopback testing
Which one of the following options is the syntax that Wireshark display filters use? a. BPF b. BSD c. YAML d. proprietary
d. proprietary
Bridges and switches operate at the ----- layer of the OSI model and use data link MAC addresses to differentiate between hosts that are connected to their ports.
data link
Which TCP flag(s) must be set in a packet in order for the packet to match an ACL entry that contains the established keyword? a. SYN only b. ACK only c. RST only d. SYN or ACK e. ACK or RST
e. ACK or RST
When a user opens a web browser to initiate an HTTP connection to the http://www.example.com web server, the first TCP packet that is sent to the web server will have which TCP flag set? a. RST b. URG c. PSH d. ACK e. SYN
e. SYN
Which one of the following tools should you use for packet capture and analysis? a. ping b. traceroute c. netstat d. nmap e. tcpdump
e. tcpdump
For in-depth analysis of the DHCP packets, use the ----- tool.
dhcpdump
switch
forwards Ethernet frames based on the destination MAC address
A ----- is a multiport repeater that takes an electronic signal that has been received from a device on one of its ports, magnifies the signal, and re-transmits that signal out all other ports on the hub, except for the original incoming port.
hub
DHCP
is a standardized network protocol for dynamically distributing IP addresses automatically, and setting other network configuration parameters, such as the subnet mask, default router, and DNS servers.
UDP port number 67
is the destination port of a DHCP server.
The primary function of a DHCP relay agent -----.
is to forward DHCP messages from the local clients to the remote DHCP server
UDP port number 68
is used by the DHCP client.
BSS
is wireless service that is provided by an AP to one or more associated clients.
router
limits broadcast domain
What does the routing process use to determine the most efficient path for forwarding an IP packet?
network routing tables, protocols, and algorithms
TCAM table
stores ACL, QoS, and other information that is generally associated with upper-layer processing. Most switches have multiple TCAMs, such as one for inbound ACLs, one for outbound ACLs, one for QoS, and so on. Multiple TCAMs allow switches to perform different checks in parallel, thus shortening the packet-processing time. Cisco switches perform CAM and TCAM lookups in parallel. This behavior is the reason that Cisco switches do not suffer any performance degradation by enabling QoS or ACL processing.
A ----- segments the hosts within the network.
subnet
A ----- identifies the network-significant portion of an IP address.
subnet mask
CAM table
the primary table that is used to make Layer 2 forwarding decisions. The table is built by recording the source MAC address and inbound port of all incoming frames. When a frame arrives at the switch with a destination MAC address of an entry in the CAM table, the frame is forwarded out through only the port that is associated with that specific MAC address. If no exact match is found, the switch floods the packet out of all ports in the VLAN, except the incoming port.
A ----- is a wireless LAN networking hardware device that allows a Wi-Fi compliant device with a wireless network adaptor to connect to a wired network.
wireless AP
