CCNA 3 Midterm
Which wildcard mask would permit only hosts from the 10.10.0.0/16 network? -0.0.0.0 -0.0.0.31 -0.0.0.255 -0.0.255.255 -255.255.255.255
-0.0.255.255
Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE? -10.120.160.0 to 10.127.255.255 -10.120.160.0 to 10.120.191.255 -10.120.160.0 to 10.120.168.0 -10.120.160.0 to 10.120.167.255
-10.120.160.0 to 10.120.167.255
A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255. Which two IP addresses will match this ACL statement? (Choose two.) -172.16.15.36 -172.16.16.12 -172.16.31.24 -172.16.0.255 -172.16.65.21
-172.16.15.36 -172.16.0.255
Which wildcard mask would permit all hosts? -0.0.0.0 -0.0.0.31 -0.0.0.255 -0.0.255.255 -255.255.255.255
-255.255.255.255
Which choices provide for the Confidentiality function in the IPsec framework? (Choose three.) -3DES -AES -AH -DH24 -PSK -SEAL -SHA
-3DES -AES -SEAL
How many total ACLs (both IPv4 and IPv6) can be configured on an interface? -0 -1 -2 -4 -8
-4
Which Diffie-Hellman group choices are no longer recommended? -DH groups 1, 2, and 5 -DH groups 14, 15, and 16 -DH groups 19, 20, 21, and 24
-DH groups 1, 2, and 5
What type of VPN enables an enterprise to rapidly scale secure access across the organization? -DMVPN -Remote-access VPN -Site-to-Site VPN -MPLS VPN
-DMVPN
Which service provider fiber-optic technology increases the data-carrying capacity using different wavelengths? -DWDM -SDH -SONET
-DWDM
During this OSPF state, no Hello packets are received. -Down State -Init State -Two-Way State -ExStart State -Exchange State -Loading State -Full State
-Down State
Which is a type of WAN carrier connection that provides redundancy? -Dual-carrier WAN connection -Single-carrier WAN connection
-Dual-carrier WAN connection
Which three statements describe ACL processing of packets? (Choose three.) -A packet that does not match the conditions of any ACE will be forwarded by default. -Each statement is checked only until a match is detected or until the end of the ACE list. -A packet can either be rejected or forwarded as directed by the ACE that is matched. -An implicit 'deny any' rejects any packet that does not match any ACE. -Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made. -A packet that has been denied by one ACE can be permitted by a subsequent ACE.
-Each statement is checked only until a match is detected or until the end of the ACE list. -A packet can either be rejected or forwarded as directed by the ACE that is matched. -An implicit 'deny any' rejects any packet that does not match any ACE.
A customer needs a metropolitan area WAN connection that provides high-speed, dedicated bandwidth between two sites. Which type of WAN connection would best fulfill this need? -Ethernet WAN -circuit-switched network -packet-switched network -MPLS
-Ethernet WAN
Which two WAN connectivity options are packet-switched technologies? (Choose two.) -Ethernet WAN -Frame Relay -ISDN -PSTN
-Ethernet WAN -Frame Relay
Which two commands will configure a standard ACL? (Choose two.) -Router(config)# access-list 20 permit host 192.168.5.5 any any -Router(config)# access-list 35 permit host 172.31.22.7 -Router(config)# access-list 45 permit 192.168.200.4 host -Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0 -Router(config)# access-list 10 permit 10.20.5.0 0.255.255.255 any
-Router(config)# access-list 35 permit host 172.31.22.7 -Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0
Which encryption method uses the same key to encrypt and decrypt data? -Symmetric -Triple DES -Block Cipher -Data Encryption Standard -Asymmetric
-Symmetric
A network administrator wants to examine the active NAT translations on a border router. Which command would perform the task? - Router# Debug ip nat translations - Router# show ip nat statistics - Router# show ip nat translations - Router# clear ip nat translations
- Router# show ip nat translations
Which wildcard mask would permit only host 10.10.10.1? -0.0.0.0 -0.0.0.31 -0.0.0.255 -0.0.255.255 -255.255.255.255
-0.0.0.0
Which wildcard mask would permit all hosts from the 192.168.10.0/24 network? -0.0.0.0 -0.0.0.31 -0.0.0.255 -0.0.255.255 -255.255.255.255
-0.0.0.255
Which two options describe a WAN? (Choose two.) -A WAN is owned and managed by an organization or home user. -A WAN provides networking services over large geographical areas. -WAN services are provided for free. -WANs providers offer low bandwidth speeds over short-distances. -WANs guarantee security between the endpoints.
-A WAN provides networking services over large geographical areas. -WAN services are provided for free.
A small company with 10 employees uses a single LAN to share information between computers. Which type of connection to the Internet would be appropriate for this company? -Virtual Private Networks that would enable the company to connect easily and securely with employees. -private dedicated lines through their local service provider. -A broadband service, such as DSL, through their local service provider. -a dial-up connection that is supplied by their local telephone service provider.
-A broadband service, such as DSL, through their local service provider.
Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality? -ESP -IP protocol 50 -DH -AH
-AH
Which choices are packet encapslation options suported by IPsec? (Choose two.) -AES -AH -DH24 -ESP -PSK -RSA -SHA
-AH -ESP
Which two traditional WAN connectivity options are packet-switched? (Choose two.) -ATM -Frame Relay -ISDN -Leased Lines -PSTN
-ATM -Frame Relay
What is a security feature of using NAT on a network? -Denies all packets that originate from private IP addresses. -Denies all internal hosts from communicating outside their own network. -Allows external IP addresses to be concealed from internal users. -Allows inter IP addresses to be concealed from external users.
-Allows inter IP addresses to be concealed from external users.
Which type of VPN is used to connect a mobile user? -Site-to-site -Remote-access -GRE -IPsec
-Remote-access
What address translation is performed by static NAT? -An inside local address is translated to a specified outside global address. -An inside local address is translated to a specified inside global address. -An inside local address is translated to a specified outside local address. -An outside local address is translated to a specified outside global address.
-An inside local address is translated to a specified inside global address.
Why is NAT not needed in IPv6? -The problems that are induced by NAT applications are solved because the IPv6 header improves packet handling by intermediate routers. -The end-to-end connectivity problems that are cause by NAT are solved because the number of routes increases with the number of nodes that are connected to the internet. -Any host or user can get a public IPv6 network address because the number of available IPv6 addresses is extremely large. -Because IPv6 has integrated security, there is no need to hide the IPv6 addresses of internal networks.
-Any host or user can get a public IPv6 network address because the number of available IPv6 addresses is extremely large.
Which scenario would cause an ACL misconfiguration and deny all traffic? -Apply an ACL that has all 'Deny' ACE statements. -Apply a named ACL to a VTY line. -Apply a standard ACL using the 'ip access-group out' command. -Apply a standard ACL in the inbound direction.
-Apply an ACL that has all 'Deny' ACE statements.
Which IPsec function uses pre-shared passwords, digital certificates, or RSA certificates? -IPsec protocol -Confidentiality -Integrity -Authentication -Diffie-Hellman
-Authentication
Which two devices operate in a similar manner to the voiceband modem but use higher broadband frequencies and transmission speeds. (Choose two.) -Cable Modem -CSU/DSU -DSL Modem -Optical Converter -Voiceband Modem
-Cable Modem -DSL Modem
What type of protocol is GRE? -Security protocol -Passenger protocol -Carrier protocol -Transport protocol
-Carrier protocol
What is one advantage of using NAT at the edge of the network? -Performance is significantly increased because the router does not have to perform as many route lookups. -NAT enables end-to-end IPv4 traceability, making troubleshooting easier. -Changing ISP's is simpler because the devices on the inside network do not have to be configured with new addresses when the outside address changes. -Dynamic NAT allows devices from outside the local network to easily initiate TCP connections to the inside host.
-Changing ISP's is simpler because the devices on the inside network do not have to be configured with new addresses when the outside address changes.
What type of VPN can be established with a web browser using HTTPS? -IPsec -Client-based VPN -Site-to-site VPN -Clientless VPN
-Clientless VPN
The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks? -Confidentiality -Authentication -Nonrepudiation -Diffie-Hellman -integrity
-Confidentiality
Which VPN benefit allows an enterprise to increase the bandwidth for remote sites without necessarily adding more equipment or WAN links? -Cost Savings -Security -Scalability -Compatibility
-Cost Savings
The IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring? -Spyware -Phising -DDos -social engineering -adware
-DDos
Which cyber attack involves a coordinated attack from a botnet of zombie computers? -DDos -MITM -address spoofing -ICMP redirect
-DDos
Which ACL is capable of filtering based on TCP port number? -Extended ACLs -Standard ACLs
-Extended ACLs
Where should an extended ACL be placed? -Extended ACL location is not important. -Extended ACLs should be placed as close to the destination as possible. -Extended ACLs should be placed as close to the source as possible. -Extended ACLs should be located on serial interfaces.
-Extended ACLs should be placed as close to the source as possible.
Which medium do service providers use to transmit data over WAN connections with SONET, SDH, and DWDM? -Fiber optic -Copper -satellite Wi-Fi
-Fiber optic
Which type of WAN network design is the most fault-tolerant? -Dual-homed topology -Fully meshed topology -hub-and-spoke topology -partially meshed topology -point-to-point topology
-Fully meshed topology
What algorithm is used to provide data integrity of a message through the use of a calculated hash value? -HMAC -DH -RSA -AES
-HMAC
Which two types of hackers are typically classified as grey hat hackers? (Choose two.) -Hacktivists -State-sponsored hackers -cyber criminals -vulnerability brokers -script kiddies.
-Hacktivists -vulnerability brokers
Which VPN solutions are typically managed by an enterprise? (Choose three) -MPLS Layer 2 -MPLS Layer 3 -IPsec -SSL -Frame-Relay -DMVPN
-IPsec -SSL -DMVPN
Which two WAN connectivity options are circuit-switched technologies? (Choose two.) -ATM -Ethernet WAN -Frame Relay -ISDN -PSTN
-ISDN -PSTN
What are two tasks to perform when configuring static NAT? (Choose two.) -Define the inside global address on the server. -Identify the participation interfaces as inside or outside interfaces. -Create a mapping between the inside local and inside global addresses. -Configure a NAT pool. -Define the outside global address.
-Identify the participation interfaces as inside or outside interfaces. -Create a mapping between the inside local and inside global addresses.
Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose two.) -Standard ACLs are placed closest to the source, whereas extended ACLs are placed closest to the destination. -If an ACL contains no permit statements, all traffic is denied by default. -If a single ACL is to be applied to multiple interfaces, it must be configured with a unique number for each interface. -The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs. -Multiple ACLs per protocol and per direction can be applied to an interface.
-If an ACL contains no permit statements, all traffic is denied by default. -The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs.
Refer to the exhibit. Into what type of address has the IPv4 address for PC1 been translated (i.e., 209.165.200.226)? -Outside Local -Inside Local -Outside Global -Inside Global
-Inside Global
Refer to the exhibit. What type of NAT address is the IP address of PC1 (i.e., 192.168.10.10)? -Outside Local -Inside Local -Outside Global -Inside Global
-Inside Local
A new corporation needs a data network that must meet certain requirements. The network must provide a low cost connection to sales people dispersed over a large geographical area. Which two types of WAN infrastructure would meet the requirements? (Choose two.) -private infrastructure -Internet -Dedicated -public infrastructure -satellite
-Internet -public infrastructure
What benefit does NAT64 provide? -It allows sites to use private IPv6 addresses and translates them to global IPv6 addresses. -It allows sites to use private IPv4 addresses, and thus hides the internal structure from hosts on public IPv4 networks. -It allows sites to connect multiple IPv4 hosts to the internet via the use of a single public IPv4 address. -It allows sites to connect IPv6 hosts to a IPv4 network by translating the IPv6 addresses to IPv4 addresses.
-It allows sites to connect IPv6 hosts to a IPv4 network by translating the IPv6 addresses to IPv4 addresses.
Which two statements about the WAN OSI Layer 1 are true? (Choose two.) -It describes how data will be encapsulated into a frame. -It describes the electrical, mechanical, and operational components needed to transmit bits. -It includes protocols such as PPP, HDLC, and Ethernet. -It includes protocols such as SDH, SONET, and DWDM.
-It describes the electrical, mechanical, and operational components needed to transmit bits. -It includes protocols such as SDH, SONET, and DWDM.
Which two statements describe a remote access VPN? (Choose two.) -It connects entire networks to each other. -It requires hosts to send TCP/IP traffic through a VPN gateway. -It requires static configuration of the VPN tunnel -It is used to connect individual hosts securely to a company network over the internet. -It may require VPN client software on hosts.
-It is used to connect individual hosts securely to a company network over the internet. -It may require VPN client software on hosts.
Which statement accurately describes dynamic NAT? -It always maps a private IP address to the public IP address. -It provides an automated mapping of inside local to inside global IP addresses. -It provides a mapping of internal host names to IP addresses. -It dynamically provides IP addressing to internal hosts.
-It provides an automated mapping of inside local to inside global IP addresses.
Which VPN type is a service provider managed VPN? -remote access VPN -GRE over IPsec VPN -Layer 3 MPLS VPN -site-to-site VPN
-Layer 3 MPLS VPN
Which traditional WAN connectivity option uses T-Carrier or E-Carrier lines? -ATM -Frame Relay -ISDN -Leased Lines -PSTN
-Leased Lines
Which topology type describes the virtual connection between source to destination? -Cabling topology -Physical topology -Logical topology -Wired topology
-Logical topology
Which choices provide for the Integrity function in the IPsec framework? (Choose two.) -AES -AH -DH24 -MD5 -PSK -SEAL -SHA
-MD5 -SHA
What type of VPN enables an enterprise to emulate an Ethernet multiaccess LAN with remote sites? -DMVPN -Remote-Access VPN -Site-to-site VPN -MLPS VPN
-MLPS VPN
Which is a service provider WAN solution that uses labels to direct the flow of packets through the provider network? -ATM -Cable -DSL -Metro Ethernet -MPLS
-MPLS
Which WAN connectivity option is based on Ethernet LAN technology? -ATM -Cable -DSL -Metro Ethernet -MPLS
-Metro Ethernet
Which two statements accurately describe an advantage or a disadvantage when deploying NAT for IPv4 in a network? (Choose two.) -NAT improves packet handling. -NAT provides a solution to slow down the IPv4 address depletion. -NAT adds authentication capabilities to IPv4. -NAT will impact negatively on switch performance. -NAT introduces problems for some applications that require end-to-end connectivity. -NAT causes routing tables to include more information.
-NAT provides a solution to slow down the IPv4 address depletion. -NAT introduces problems for some applications that require end-to-end connectivity.
Which statement about ACLs is true? -Extended ACLs are numbered 1300-2699 -Named ACLs can be standard or extended -Numbered ACLs is the preferred method to use when configuring ACLs. -Standard ACLs are numbered 1-199
-Named ACLs can be standard or extended
Which two conditions would cause a router to drop a packet? (Choose two.) -No routing table entry exists for the packet destination, but the packet matches a permitted address in an outbound ACL. -No inbound ACL exists on the interface where the packet enters the router. -The ACL that is affecting the packet does not contain at least one deny ACE. -No outbound ACL exists on the interface where the paclet exits the router. -The packet source address does not match the source as permitted in a standard inbound ACE.
-No routing table entry exists for the packet destination, but the packet matches a permitted address in an outbound ACL. -The packet source address does not match the source as permitted in a standard inbound ACE.
Consider the access list command applied outbound on a router serial interface. access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply What is the effect of applying this access list command? -The only traffic denied is echo-replies sourced from the 192.168.10.0/24 network. All other traffic is allowed. -The only traffic denied is ICMP-based traffic. All other traffic is allowed. -Users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination. -No traffic will be allowed outbound on the serial interface.
-No traffic will be allowed outbound on the serial interface.
Which feature describes SSL VPNs? -All IP-Based applications are supported -Only requires a web browser on a host. -Specific devices with specific configurations can connect. -Uses two-way authentication with shared keys or digital certificates.
-Only requires a web browser on a host.
Refer to the exhibit. What type of NAT address is the IP address of the Web Server (i.e., 209.165.201.10)? -Outside Local -Inside Local -Outside Global -Inside Global
-Outside Global
Which version of NAT allows many hosts inside a private network to simultaneously use a single inside global address for connecting to the Internet? -PAT -port forwarding -dynamic NAT -static NAT
-PAT
Which choices are available for the Authentication function in the IPsec framework? (Choose two.) -AES -AH -DH24 -PSK -RSA -SEAL -SHA
-PSK -RSA
What are two common types of circuit-switched WAN technologies? (Choose two.) -PSTN -ISDN -ATM -Frame Relay -DSL
-PSTN -ISDN
Which two traditional WAN connectivity options are circuit-switched? (Choose two.) -ATM -Frame Relay -ISDN -Leased Lines -PSTN
-PSTN -ISDN
Which WAN term defines the point where the subscriber connects to the service providers network. -Customer Premises Equipment (CPE) -Data Communication Equipment (DCE) -Demarcation point -Local Loop -Point-of-Presence (POP)
-Point-of-Presence (POP)
An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL? -R1(config-line)# access-class 1 out -R1(config-line)# access-class 1 in -R1(config-if)# ip access-group 1 in -R1(config-if)# ip access-group 1 out
-R1(config-line)# access-class 1 in
What packets would match the access control list statement that is shown below? access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22 -SSH traffic from the 172.16.0.0 network to any destination network. -any TCP traffic from any host to the 172.16.0.0 network -any TCP traffic from the 172.16.0.0 network to any destination network. -SSH traffic from any source network to the 172.16.0.0 network.
-SSH traffic from the 172.16.0.0 network to any destination network.
Which VPN benefit allows an enterprise to easily add more users to the network? -Cost Savings -Security -Scalability -Compatibility
-Scalability
Which VPN benefit uses advanced encryption and authentication protocols to protect data from unauthorized access? -Cost Savings -Security -Scalability -Compatibility
-Security
Which communication method is used in all WAN connections? -Circuit-Switched -Packet-Switched -Parallel -Serial
-Serial
Which command will verify the number of packets that are permitted or denied by an ACL that restricts SSH access? -Show access-lists -Show ip interface brief -Show running-config -show ip ssh
-Show access-lists
Where should a standard ACL be placed? -Standard ACL location is not important. -Standard ACLs should be placed as close to the destination as possible. -Standard ACLs should be placed a close to the source as possible. -Standard ACLs should be placed on serial interfaces.
-Standard ACLs should be placed as close to the destination as possible.
A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction? -All traffic is denied. -The ACL will analyze traffic after it is routed to the outbound interface. -The ACL does not perform as designed. -All traffic is permitted.
-The ACL does not perform as designed.
When configuring router security, which statement describes the most effective way to use ACLs to control Telnet traffic that is destined to the router itself? -The ACL should be applied to all vty lines in the 'in' direction to prevent an unwanted user from connecting to an unsecured port. -The ACL is applied to the Telnet port with the ip access-group command. -The ACL must be applied to each vty line individually. -Apply the ACL to the vty lines without the 'in' or 'out' option required when applying ACLs to interfaces.
-The ACL should be applied to all vty lines in the 'in' direction to prevent an unwanted user from connecting to an unsecured port.
Consider the configured access list. R1# show access-lists extended IP access list 100 deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet permit ip any any (15 matches) What are two characteristics of this access list? (Choose two.) -A network administrator would not be able to tell if the access list has been applied to an interface or not. -The access list has been applied to an interface. -The 10.1.2.1 device is not allowed to telnet to the 10.1.2.2 device -Only the 10.1.1.2 device can telnet to the router that has the 10.1.1.1 IP address assigned. -Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned. -Any device can telnet to the 10.1.2.1 device
-The access list has been applied to an interface. -Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned.
Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key? -The length of a key does not affect the degree of security. -The shorter the key, the harder it is to break. -The longer the key, the more key possibilities exist. -The length of a key will not vary between encryption algorithms.
-The longer the key, the more key possibilities exist.
When dynamic NAT without overloading is being used, what happens if seven users attempt to access a public server on the Internet when only six addresses are available in the NAT pool? -The request to the server for the seventh user fails. -All users can access the server. -The first user gets disconnected when the seventh user makes the request. -No user can access the server.
-The request to the server for the seventh user fails.
What is a disadvantage of NAT? -The internal hosts have to use a single public IPv4 address for external communications. -The costs of readdressing hosts can be significant for a publicly addressed network. -The router does not need to alter the checksum of the IPv4 packets. -There is no end-to-end addressing.
-There is no end-to-end addressing.
Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown? R1# <output omitted> Standard IP access list 2 10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches) 20 deny any (1 match) -Two devices connected to the router have IP addresses of 192.168.10.x. -Two devices were able to use SSH or Telnet to gain access to the router. -Traffic from on device was not allowed to come into one router port and be routed outbound a different router port. -Traffic from two devices was allowed to enter one router port and be routed outbound to a different router port.
-Two devices were able to use SSH or Telnet to gain access to the router.
What is the recommended technology to use over a public WAN infrastructure when a branch office is connected to the corporate site? -Municipal WI-FI -ATM -ISDN -VPN
-VPN
A company is expanding its business to other countries. All branch offices must remain connected to corporate headquarters at all times. Which network technology is required to support this scenario? -WLAN -MAN -LAN -WAN
-WAN
Which type of network would be used by a company to connect locations across the country? -LAN -SAN -WLAN -WAN
-WAN
Which statement describes a characteristic of a WAN? -All serial links are considered WAN connections. -A WAN provides end-user network connectivity to the campus backbone. -A WAN operates within the same geographic scope of a LAN. but has serial links. -WAN networks are owned by service providers.
-WAN networks are owned by service providers.
What is a characteristic of a WAN? -A WAN is typically owned by an enterprise which wants to interconnect its LANs. -A WAN operates inside the geographic scope of a LAN -WAN services providers include carriers such as a telephone network or satellite service. -WANs always use physical cables to connect LANs.
-WAN services providers include carriers such as a telephone network or satellite service.
Which location is recommended for extended numbered or extended named ACLs? -a location as close to the source of traffic as possible -a location centered between traffic destinations and sources to filter as much traffic as possible. -a location as close to the destination of traffic as possible. -if using the established keyword, a location close to the destination to ensure that return traffic is allowed.
-a location as close to the source of traffic as possible
To which category of security attacks does man-in-the-middle belong? -access -DoS -social engineering -reconnaissance
-access
The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.) -access-list standard VTY permit 10.7.0.0 0.0.0.127 -access-class 5 in -ip access-group 5 in -ip access-group 5 out -access-list 5 permit 10.7.0.0 0.0.0.31 -access-list 5 deny deny
-access-class 5 in -access-list 5 permit 10.7.0.0 0.0.0.31
What single access list statement matches all of the following networks? 192.168.16.0 192.168.17.0 192.168.18.0 192.168.19.0 -access-list 10 permit 192.168.0.0 0.0.0.15.255 -access-list 10 permit 192.168.16.0 0.0.3.255 -access-list 10 permit 192.168.16.0 0.0.15.255 -access-list 10 permit 192.168.0.0 0.0.0.255
-access-list 10 permit 192.168.16.0 0.0.3.255
What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.) -access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1 -access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 0.0.0.0 -access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255 -access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255 -access-list 100 deny ip host 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255 -access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255
-access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255 -access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255
Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300 and destined to host 192.168.30.10? -access-list 101 permit tcp host 192.168.30.10 eq 80 10.1.0.0 0.0.255.255 eq 4300 -access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.30.10 0.0.0.0 eq www -access-list 101 permit tcp any eq 4300 -access-list 101 permit tcp 192.168.30.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255 -access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www
-access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www
What causes a buffer overflow? -sending too much data information to two or more interfaces of the same device, thereby causing dropped packets. -launching a security countermeasure to mitigate a Trojan horse. -downloading and installing too many software updates at one time. -attempting to write more data to a memory location that that location can hold. -sending repeated connections such as Telnet to a particular device, thus denying other data sources.
-attempting to write more data to a memory location that that location can hold.
Which objective of secure communications is achieved by encrypting data? -integrity -availability -confidentiality -authentication
-confidentiality
What three items are components of the CIA triad? (Choose three.) -scalability -confidentiality -integrity -availability -access -intervention
-confidentiality -integrity -availability
To which two layers of the OSI model do WAN technologies provide services? (Choose two.) -presentation layer. -data-link layer -transport layer -network layer -session layer -physical layer
-data-link layer -physical layer
A company has been assigned the 203.0.113.0/27 block of IP addresses by the ISP. The company has over 6000 internal devices. What type of NAT would be most appropriate for the employee workstations of the company? -Dynamic NAT -port forwarding. -dynamic NAT overload using the pool of addresses. -static NAT -PAT off the external router interface.
-dynamic NAT overload using the pool of addresses.
To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface? -time-stamp request -echo request -router advertisement -time-stamp reply -echo reply
-echo reply
Which technique is necessary to ensure a private transfer of data using a VPN? -encryption -virtualization -authorization -scalability
-encryption
Which operator is used in an ACL statement to match packets of a specific application? -established -eq -gt -it
-eq
What specialized network device is responsible for enforcing access control policies between networks? -firewall -switch -IDS -bridge
-firewall
An enterprise has four branches. The headquarters needs full connectivity to all branches. The branches do not need to be connected directly to each other. Which WAN topology is most suitable? -bus -hub and spoke -point-to-point -full mesh -mesh
-hub and spoke
What are the two fundamental Dynamic Multipoint VPN tunnel types? (Choose two.) -site-to-site -hub-to-spoke -client-to-site -spoke-to-spoke -server-to-client
-hub-to-spoke -spoke-to-spoke
Using NAT terminology, what is the address of the source host on a private network as seen from inside the network? -Outside local -inside global -inside local -outside global
-inside local
If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best practice? -permit tcp 172.16.0.0 0.0.0.3.255 any established -permit ip any any -pemrit upd 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmp -permit upd any any range 10000 20000 -deny upd any host 172.16.1.5 eq snmp trap -dent tcp any any eq telnet
-pemrit upd 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmp
An intercity bus company wants to offer constant Internet connectivity to the users traveling on the buses. Which two types of WAN infrastructure would meet the requirements? (Choose two.) -dedicated -private infrastructure -public infrastructure -cellular -circuit-switched
-public infrastructure -cellular
When creating an ACL, which keyword should be used to document and interpret the purpose of the ACL statement on a Cisco device? -eq -established -description -remark
-remark
Which type of VPN may require the Cisco VPN Client software? -SSL VPN -remote access VPN -MPLS VPN -site-to-site VPN
-remote access VPN
Which solution allows workers to telecommute effectively and securely? -remote-access VPN -DSL connection -site-to-site VPN -dial-up connection
-remote-access VPN
Which type of DNS attack involves the cybercriminal compromising a parent domain and creating multiple subdomains to be used during the attacks? -shadowing -cache poisoning -tunneling -amplification and reflection
-shadowing
What is a type of VPN that is generally transparent to the end user? -private -public -remote access -site-to-site
-site-to-site
A cleaner attempts to enter a computer lab but is denied entry by the receptionist because there is no scheduled cleaning for that day. What type of attack was just prevented? -shoulder surfing -war driving -Trojan -phising -social engineering.
-social engineering.
A college student is studying for the Cisco CCENT certification and is visualizing extended access lists. Which three keywords could immediately follow the keywords permit or deny as part of an extended access list? (Choose three.) -ftp -tcp -www -telnet -icmp -upd
-tcp -icmp -upd
What are two reasons a company would use a VPN? (Choose two.) -to test network connections to remote users. -to connect remote users to the network. -to eliminate the need of having a gateway. -to allow suppliers to access the network -to increase bandwidth to the network.
-to connect remote users to the network. -to allow suppliers to access the network
What is the role of an IPS? -to detect patterns of malicious traffic by the use of signature files -to filter traffic based on defined rules and connection context. -to filter traffic based on Layer 7 information. -to enforce access control policies based on packet content.
-to detect patterns of malicious traffic by the use of signature files
In applying an ACL to a router interface, which traffic is designated as outbound? -traffic that is coming from the source IP address into the router. -traffic that is leaving the router and going toward the destination host. -traffic that is going from the destination IP address into the router. -traffic for which the router can find no routing table entry.
-traffic that is leaving the router and going toward the destination host.
What type of malware has the primary objective of spreading across the network? -botnet -Trojan horse -worm -virus
-worm
What is a significant characteristic of virus malware? -A virus can execute independently of the host system -A virus is triggered by an event on the host system. -Once installed on a host system, a virus will automatically propagate itself to other systems. -Virus malware is only distributed over the Internet.
A virus is triggered by an event on the host system.
True or False: The IPsec framework must be updated each time a new standard is developed.
False
True or False? All VPNs securely transmit clear text across the Internet.
False
True or False? The use of NAT makes end-to-end traceability between source and destination easier.
False
True or False? With NAT overload, each inside local IP address is translated to a unique inside global IP address on a one-for-one basis.
False
IPsec can protect traffic in which OSI layers? (Which layers)
Layers 4-7
A company designs its network so that the PCs in the internal network are assigned IP addresses from DHCP servers, and the packets that are sent to the Internet are translated through a NAT-enabled router. What type of NAT enables the router to populate the translation table from a pool of unique public addresses, as the PCs send packets through the router to the Internet? -ARP -static NAT -PAT -dynamic NAT
PAT
True or False? A side effect of NAT is that it hides the inside local IP address of a host from the outside network.
True
True or False? Tunneling protocols such as IPsec do not work well through NAT.
True
Which of the following is an ACL best practice? -always test ACLs on a production network. -Create your ACLs on a production network. -Document the ACLs using a "description" ACL command -Write the ACL before configuring it on a router
Write the ACL before configuring it on a router
What is the correct order in the steps for Link-State operation?
1. Establish Neighbor Adjacencies 2. Exchange Link-State Advertisements 3. Build the topology Table 4. Execute the SPF Algorithm 5. Choose the Best Route
Which of the following is the order of precedence for choosing the router ID?
1. Router ID that is explicitly configured. 2. Highest IPv4 loopback address. 3. Highest active configured IPv4 address.
True or False? In the router ospf process-id command, the process ID value, which can any number between 1 and 65,535, is locally significant. It must be the same on all routers in the OSPF area.
True
Which command, if applied on an OSPF router, would give a Gigabit Ethernet interface a lower cost than a Fast Ethernet interface? -(config-if)# ip ospf cost 100 -(config-router)# auto-cost reference-bandwidth 1000 -(config-if)# ip ospf priority 1 -(config-if)# bandwidth 100
-(config-router)# auto-cost reference-bandwidth 1000
Which wildcard mask would be used to advertise the 192.168.5.96/27 network as part of an OSPF configuration? -0.0.0.32 -255.255.255.253 -0.0.0.31 -255.255.255.224
-0.0.0.31
The OSPF hello timer has been set to 15 seconds on a router in a point-to-point network. By default, what is the dead interval on this router? -30 seconds -15 seconds -45 seconds -60 seconds
-60 seconds
Which network security device contains a secure database of who is authorized to access and manage network devices? -VPN -ASA Firewall -IPS -ESA/WSA -AAA Server
-AAA Server
Which network security device ensures that internal traffic can go out and come back, but external traffic cannot initiate connections to inside hosts? -VPN -ASA Firewall -IPS -ESA/WSA -AAA Server
-ASA Firewall
What type of attack is a password attack? -Reconnaissance -Access -DoS -Social Engineering
-Access
What type of attack is address spoofing? -Reconnaissance -Access -DoS -Social Engineering
-Access
What type of attack is man-in-the-middle? -Reconnaissance -Access -DoS -Social Engineering
-Access
What are the permit or deny statements in an ACL called? -Access control entries -Arbitrary statements -content control entries -control statements
-Access control entries
Which attack being used is when a threat actor creates packets with false source IP address information to either hide the identity of the sender, or to pose as another legitimate user? -Address Spoofing Attack -Amplification and Reflection Attacks -ICMP Attack -MiTM Attack -Session Hijacking
-Address Spoofing Attack
Which of the following OSPF components is associated with the neighbor table? -Dijkstra's algorithm -Link-State database -Routing protocol messages -Adjacency database -Forwarding database
-Adjacency database
Which malware typically displays annoying pop-ups to generate revenue for its author? -Adware -Rootkit -Spyware -Virus -Worm
-Adware
Which attack is being used when threat actors initiate a simultaneous, coordinated attack from multiple source machines? -Address Spoofing Attack -Amplification and Reflection Attacks -ICMP Attack -MiTM Attack -Session Hijacking
-Amplification and Reflection Attacks
Which statement is correct about multiarea OSPF? -OSPF can consolidate a fragmented OSPF area into one large area. -All routers are in one are called the backbone area (area 0) -Arranging routers into areas partitions a large autonomous system in order to lighten the load on routers. -OSPF multiarea increases the frequency of SPF calculation.
-Arranging routers into areas partitions a large autonomous system in order to lighten the load on routers.
Which security term is used to describe anything of value to the organization? It includes people, equipment, resources, and data. -Vulnerability -Exploit -Asset -Risk
-Asset
Which type of hacker is described in the scenario: From my laptop, I transferred $10 million to my bank account using victim account numbers and PINs after viewing recordings of victims entering the numbers. -White Hat -Gray Hat -Black Hat
-Black Hat
Which type of hacker is described in the scenario: I used malware to compromise several corporate systems to steal credit card information. I then sold that information to the highest bidder. -White Hat -Gray Hat -Black Hat
-Black Hat
Which penetration testing tool is used by black hats to reverse engineer binary files when writing exploits? They are also used by white hats when analyzing malware. -Packet Crafting Tools -Rootkit Detectors -Vulnerability Exploitation Tools -Forensic Tools -Debuggers
-Debuggers
Which of the following OSPF components is responsible for computing the cost of each route? -Dijkstra's algorithm -Link-State database -Routing protocol messages -Adjacency database -Forwarding database
-Dijkstra's algorithm
Which network security device filters known and suspicious internet malware sites? -VPN -ASA Firewall -IPS -ESA/WSA -AAA Server
-ESA/WSA
Which penetration testing tool uses algorithm schemes to encode the data, which then prevents access to the data? -Packet Sniffers -Encryption Tools -Vulnerability Exploitation Tools -Forensic Tools -Debuggers
-Encryption Tools
During this OSPF state on point-to-point networks, the routers decide which router initiates the exchange of DBD packets. -Down State -Init State -Two-Way State -ExStart State -Exchange State -Loading State -Full State
-ExStart State
During this OSPF state, routers send each other DBD packets. -Down State -Init State -Two-Way State -ExStart State -Exchange State -Loading State -Full State
-Exchange State
Which security term is used to describe a mechanism that takes advantage of a vulnerability? -Exploit -Threat -Risk -Mitigation
-Exploit
Which penetration testing tool is used by white hat hackers to sniff out any trace of evidence existing in a computer? -Fuzzers to Search Vulnerabilities -Encryption Tools -Packets Sniffers -Forensic Tools -Debuggers
-Forensic Tools
Which of the following OSPF components is associated with the routing table? -Dijkstra's algorithm -Link-State database -Routing protocol messages -Adjacency database -Forwarding database
-Forwarding database
At which OSPF state are neighbor routers converged and able to exchange routing updates? -ExStart -Exchange -Two-Way -Full
-Full
During this OSPF state, routers have converged link-state databases. -Down State -Init State -Two-Way State -ExStart State -Exchange State -Loading State -Full State
-Full State
Which type of hacker is described in the scenario: After hacking into ATM machines remotely using a laptop, I worked with ATM manufacturers to resolve the security vulnerabilities that I discovered. -White Hat -Gray Hat -Black Hat
-Gray Hat
What is the order of packet types used by an OSPF router to establish convergence? -Hello, LSAck, LSU, LSR, DBD -Hello, DBD, LSR, LSU, LSAck -LSU, LSAck, Hello, DBD, LSR -LSAck, Hello DBD, LSU, LSR
-Hello, DBD, LSR, LSU, LSAck
Which attack is being used when threat actors use pings to discover subnets and hosts on a protected network, to generate flood attacks, and to alter host routing tables? -Address Spoofing Attack -Amplification and Reflection Attacks -ICMP Attack -MiTM Attack -Session Hijacking
-ICMP Attack
Which network security device monitors incoming and outgoing traffic looking for malware, network attack signatures, and if it recognizes a threat, it can immediately stop it? -VPN -ASA Firewall -IPS -ESA/WSA -AAA Server
-IPS
Which statement about the operation of a standard ACL is incorrect? -The router extracts the source IPv4 address from the packet header. -The router starts at the top of the ACL and compares the address to each ACE in sequential order. -When a match is made, the ACE either permits or denies the packet, and any remaining ACEs are not analyzed. -If there are no matching ACEs in the ACL, the packet is forwarded because there is an implicit permit ACE automatically applied to all ACLs.
-If there are no matching ACEs in the ACL, the packet is forwarded because there is an implicit permit ACE automatically applied to all ACLs.
An OSPF router enters this state when it has received a Hello packet from a neighbor, containing the sending Router ID. -Down State -Init State -Two-Way State -ExStart State -Exchange State -Loading State -Full State
-Init State
A network administrator has just changed the router ID on a router that is working in an OSPFv2 environment. What should the administrator do to reset the adjacencies and use the new router ID? -Change the OSPFv2 process ID -Change the interface priority -Configure the network statements -Issue the clear ip ospf process privileged mode command
-Issue the clear ip ospf process privileged mode command
Which three statements describe features of the OSPF topology table? (Choose three.) -It is a link-state database that represents the network topology. -After convergence, the table only contains the lowest cost route entries for all known networks. -When converged, all routers in an area have identical topology tables. -The topology table contains feasible successor routes. -Its contents are the result of running the SPF algorithm. The table can be viewed via the show ip ospf database command.
-It is a link-state database that represents the network topology. -When converged, all routers in an area have identical topology tables. The table can be viewed via the show ip ospf database command.
What is a feature of the OSPF routing protocol? -Routers can be grouped into autonomous systems to support a hierarchical system. -OSPF authentication is configured in the same way on IPv4 and IPv6 networks. -It scales well in both small and large networks. -The SPF algorithm chooses the best path based on 30-second updates.
-It scales well in both small and large networks.
Which OSPF packet contains the different types of link-state advertisements? -LSU -LSR -hello -LSAck -DBD
-LSU
Which of the following OSPF components is associated with the topology table? -Dijkstra's algorithm -Link-State database -Routing protocol messages -Adjacency database -Forwarding database
-Link-State database
During this OSPF state, routes are processed using the SPF algorithm. -Down State -Init State -Two-Way State -ExStart State -Exchange State -Loading State -Full State
-Loading State
Which attack is being used when threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication? -Address Spoofing Attack -Amplification and Reflection Attacks -ICMP Attack -MiTM Attack -Session Hijacking
-MiTM Attack
Which security term is used to describe the counter-measure for a potential threat or risk? -Vulnerability -Exploit -Asset -Mitigation
-Mitigation
A router is participating in an OSPFv2 domain. What will always happen if the dead interval expires before the router receives a hello packet from an adjacent DROTHER OSPF router? -OSPF will run a new DR/BDR election -SPF will run and determine which neighbor router is "down". -OSPF will remove that neighbor from the router link-state database. -A new dead interval timer of 4 times the hello interval will start.
-OSPF will remove that neighbor from the router link-state database.
Which penetration testing tool is used to probe and test a firewall's robustness? -Packet Crafting Tools -Encryption Tools -Rootkit Detectors -Forensic Tools -Debuggers
-Packet Crafting Tools
Which malware denies access to the infected computer system and demands payment before the restriction is removed? -Adware -Rootkit -Spyware -Virus -Ransomware
-Ransomware
What type of attack is port scanning? -Reconnaissance -Access -DoS -Social Engineering
-Reconnaissance
Which security term is used to describe the likelihood of a threat to exploit the vulnerability of an asset, with the aim of negatively affecting an organization? -Vulnerability -Exploit -Threat -Risk
-Risk
Which encryption method is a stream cipher and is used to secure web traffic in SSL and TLS? -Rivest Cipher -Triple DES -Symmetric -Block Cipher -Data Encryption Standard
-Rivest Cipher
Which malware is installed on a compromised system and provides privileged access to the threat actor? -Adware -Virus -Spyware -Rootkit -Worm
-Rootkit
Which of the following is used with the Hello Packet to uniquely identify the originating router? -Hello Interval -Router ID -Designated Router ID -Network Mask -Dead Interval
-Router ID
Which attack is being used when threat actors gain access to the physical network, and then use an MiTM attack to capture and manipulate a legitimate user's traffic? -Address Spoofing Attack -Amplification and Reflection Attacks -ICMP Attack -MiTM Attack -Session Hijacking
-Session Hijacking
What type of attack is tailgating? -Reconnaissance -Access -DoS -Social Engineering
-Social Engineering
Which malware is used to gather information about a user and then, without the user's consent, sends the information to another entity? -Adware -Rootkit -Spyware -Virus -Ransomware
-Spyware
Which packet filtering statement is true? -Extended ACLs filter at layer 3 only -Extended ACLs filter at layer 4 only -Standard ACLs filter at layer 3 only -Standard ACLs filter at layer 4 only
-Standard ACLs filter at layer 3 only
Which encryption method encrypts plaintext one byte or one bit at a time? -Rivest Cipher -Software Encryption algorithm -Block Cipher -Data Encryption Standard -Stream Cipher
-Stream Cipher
Which attack exploits the three-way handshake? -TCP reset attack -UDP flood attack -TCP SYN Flood attack -Dos attack -TCP session hijacking
-TCP SYN Flood attack
Two hosts have established a TCP connection and are exchanging data. A threat actor sends a TCP segment with the RST bit set to both hosts informing them to immediately stop using the TCP connection. Which attack is this? -TCP reset attack -UDP flood attack -TCP SYN Flood attack -Dos attack -TCP session hijacking
-TCP reset attack
Which attack is being used when the threat actor spoofs the IP address of one host, predicts the next sequence number, and sends an ACK to the other host? -TCP reset attack -UDP flood attack -TCP SYN Flood attack -Dos attack -TCP session hijacking
-TCP session hijacking
What does the SPF algorithm consider to be the best path to a network? -The path with the least number of hops. -The path that includes the fastest cumulative bandwidth links. -The path that includes the fastest single bandwidth link. -The path with the smallest delays
-The path that includes the fastest cumulative bandwidth links.
What is one use of the router ID in OSPF routing? -The router ID can be used to break a tie in the election process. -The router ID indicates the highest IPv4 address of all routers that are participating in OSPF routing. -The router ID indicates the router priority value. -The router ID identifies the OSPF area.
-The router ID can be used to break a tie in the election process.
Which of the following applies to the router ID? (Choose two) -The router ID cannot be defined by an administrator. -The router ID is not used to determine the BDR -The router ID is used to determine the DR. -The router ID uniquely identifies the router. -The router ID is not required.
-The router ID is used to determine the DR. -The router ID uniquely identifies the router.
What happens immediately after two OSPF routers have exchanged hello packets and have formed a neighbor adjacency? -They request more information about their databases. -They exchange abbreviated lists of their LSDBs. The exchange DBD packets in order to advertise parameters such as hello and dead intervals. -They negotiate the election process if they are on a multiaccess network.
-They exchange abbreviated lists of their LSDBs.
Which security term is used to describe a potential danger to a company's assets, data, or network functionality? -Vulnerability -Exploit -Threat -Mitigation
-Threat
Which encryption method repeats an algorithm process three times and is considered very trustworthy when implemented using very short key lifetimes? -Rivest Cipher -Triple DES -Block Cipher -Data Encryption Standard -Stream Cipher
-Triple DES
Which malware is non-self-replicating type of malware? It often contains malicious code that is designed to look like something else, such as a legitimate application or file. It attacks the device from within. -Adware -Rootkit -Spyware -Trojan Horse -Worm
-Trojan Horse
During this OSPF state on multiaccess networks, the routers elect a Designated Router (DR) and a Backup Designated Router (BDR). -Down State -Init State -Two-Way State -ExStart State -Exchange State -Loading State -Full State
-Two-Way State
Which of the following OSPF packets is responsible for establishing and maintaining adjacency with other OSPF routers? -Type 1: Hello packet -Type 2: DBD packet -Type 3: LSR packet -Type 4: LSU packet -Type 5: LSAck packet
-Type 1: Hello packet
Which of the following OSPF packets contains an abbreviated list of the LSDB of the sending router? -Type 1: Hello packet -Type 2: DBD packet -Type 3: LSR packet -Type 4: LSU packet -Type 5: LSAck packet
-Type 2: DBD packet
Which of the following OSPF packets is used by routers to request more information? -Type 1: Hello packet -Type 2: DBD packet -Type 3: LSR packet -Type 4: LSU packet -Type 5: LSAck packet
-Type 3: LSR packet
Which of the following OSPF packets is used by routers to announce new information? -Type 1: Hello packet -Type 2: DBD packet -Type 3: LSR packet -Type 4: LSU packet -Type 5: LSAck packet
-Type 4: LSU packet
Which of the following OSPF packets is used to confirm receipt of an LSA? -Type 1: Hello packet -Type 2: DBD packet -Type 3: LSR packet -Type 4: LSU packet -Type 5: LSAck packet
-Type 5: LSAck packet
A program sends a flood of UDP packets from a spoofed host to a server on the subnet sweeping through all the known UDP ports looking for closed ports. This will cause the server to reply with an ICMP port unreachable message. Which attack is this? -TCP reset attack -UDP flood attack -TCP SYN Flood attack -Dos attack -TCP session hijacking
-UDP flood attack
Which network security device is used to provide secure services with corporate sites and remote access support for remote users using secure encrypted tunnels? -VPN -ASA Firewall -IPS -ESA/WSA -AAA Server
-VPN
Which security term is used to describe a weakness in a system, or its design, that could be exploited by a threat? -Vulnerability -Exploit -Threat -Risk
-Vulnerability
Which penetration testing tool identifies whether a remote host is susceptible to a security attack? -Packet Sniffers -Encryption tools -Vulnerability Exploitation Tools -Forensic Tools -Debuggers
-Vulnerability Exploitation Tools
Which type of hacker is described in the scenario It is my job to work with technology companies to fix a flaw with DNS. -White Hat -Gray Hat -Black Hat
-White Hat
Which type of hacker is described in the scenario: During my research for security exploits, I stumbled across a security vulnerability on a corporate network that I am authorized to access. -White Hat -Gray Hat -Black Hat
-White Hat
Which type of hacker is described in the scenario: My job is to identify weaknesses in my company's network . -White Hat -Gray Hat -Black Hat
-White Hat
Which malware executes arbitrary code and installs copies of itself in the memory of the infected computer? The main purpose of this malware is to automatically replicate from system to system across the network. -Adware -Rootkit -Spyware -Virus -Worm
-Worm
What is used to create the OSPF neighbor table? -link-state database -adjacency database -routing table -forwarding database.
-adjacency database
A router in an OSPF enterprise network has a default static route that has been configured via the interface that connects to the ISP. Which command would the network administrator apply on this router so that other routers in the OSPF network will use this default route? -redistribute connected -default-information originate -redistribute static subnets -redistribute static
-default-information originate
What function is performed by the OSPF designated router? -summarizing routes between areas. -redistribution of external routes into OSPF. -dissemination of LSAs -maintaining the link-state database
-dissemination of LSAs
What is the first criterion used by OPSF routers to elect a DR? -Highest IP address -Highest MAC address. -highest priority -highest router ID
-highest priority
What is identical on all OSPF routers within a single area? -neighbor table -link-state database -routing table -static routes.
-link-state database
The following three networks are directly connected to an OSPF router; 192.168.0.0/24, 192.168.1.0/24, and 192.168.2.0/24. Which OSPF network command would advertise only the 192.168.1.0 network to neighbors? -router(config-router)# network 192.168.1.0 255.255.255.255 area 0 -router(config-router)# network 192.168.1.0 0.0.0.0 area 0 -router(config-router)# network 192.168.1.0 0.0.0.255 area 0 -router(config-router)# network 192.168.0.0 0.0.15.255 area 0
-router(config-router)# network 192.168.1.0 0.0.0.255 area 0
What does an OSPF area contain? -routers that share the same router ID -routers whose SPF trees are identical -routers that share the same process ID -routers that have the same link-state information in their LSDBs.
-routers that have the same link-state information in their LSDBs.
Which command can be used to view the OSPF hello and dead time intervals? -show io ospf neighbor -show ip protocols -show ip ospf route -show ip ospf interface
-show ip ospf interface
Which command could be used on a router to ensure that an OSPF adjacency is formed with another router? -show ip route -show ip protocols -show ip ospf neighbor -show ip ospf interface -show ip interface brief
-show ip ospf neighbor
Which verification command would identify the specific interfaces on a router that were configured with the passive-interface command? -show ip route eigrp -show ip eigrp neighbors -show ip protocols -show ip interface brief
-show ip protocols
Which three parameters should match in order for a pair of routers to form an adjacency when running OSPFv2? (Choose three.) -subnet mask -OSPFv2 type of network -OSPFv2 process number -hello timer -router ID -interface priority
-subnet mask -OSPFv2 type of network -hello timer
A router with two LAN interfaces, two WAN interfaces, and one configured loopback interface is operating with OSPF as its routing protocol. What does the router OSPF process use to assign the router ID? -the highest IP address on the LAN interfaces -the OSPF area ID that is configured on the interface with the highest IP address. -the highest IP address that is configured on the WAN interfaces -the loopback interface IP address -the IP address of the interface that is configured with priority 0
-the loopback interface IP address
Which criterion is preferred by the router to choose a router ID? -the router-id (rid) command -the IP address of the highest configured loopback interface on the router. -the IP address of the highest active interface on the router. -the IP address of the highest active OSPF- enabled interface.
-the router-id (rid) command
What is a function of OSPF hello packets? -to request specific link-state records from neighbor routers. -to discover neighbors and build adjacencies between them. -to send specifically requested link-state records -to ensure database synchronization between routers,
-to discover neighbors and build adjacencies between them.
What are two reasons for creating an OSPF network with multiple areas? (Choose two.) -to reduce use of memory and processor resources. -to provide areas in the network for the routers that are not running OSPF -to simplify configuration -to reduce SPF calculations -to ensure that an area is used to connect the network to the internet.
-to reduce use of memory and processor resources. -to reduce SPF calculations
What are two features of the OSPF routing protocol? (Choose two.) -uses Dijkstra's algorithm to build the SPF tree -calculates its metric using bandwidth -has an administrative distance of 100 -used primarily as an EGP -automatically summarizes networks at the classful boundaries.
-uses Dijkstra's algorithm to build the SPF tree -calculates its metric using bandwidth