chapter 10

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

in ACL statements, using the "any" keyword is equivalent to using a wildcard mask of what value?

255.255.255.255

What IEEE standard includes an encryption key generation and management scheme known as TKIP?

802.11i

What feature of Windows Server allows for agentless authentication?

AD (Active Directory)

What software might be installed on a device in order to authenticate it to the network?

Agent

Which NGFW feature allows a network admin to restrict traffic generated by a specific game?

Application awareness

What aspect of AAA is responsible for determining what a user can and cannot do with network resources?

Authorization

in order to prevent ports that are serving network hosts from being considered as best paths, what should be enabled to block BPDUs?

BPDU Guard

A stateless firewall inspects each incoming packet to determine whether it belongs to a currently active connection.

False

Of the three methods of access control (RBAC, DAC, and MAC), RBAC is the least secure of the options.

False

The Spanning Tree Protocol operates at the Network layer of the OSI model.

False

When utilizing Kerberos, an access granting ticket is the same as a key.

False

Enforcing a virtual security perimeter using a client's geographic location is known by what term?

Geofencing

The Group Policy utility can be opened by typing what name into a Run box?

Gpedit.msc

on a line system, which command allows you to modify settings used by the built-in packet filtering firewall?

Iptables

When using Kerberos, what is the purpose of a ticket?

It is a temporary set of credentials that a client uses to prove to other servers that its identity has been validated

The Wired Equivalent Privacy standard had what significant disadvantage?

It used a shared encryption key for all clients, and the key might never change.

Active Directory and 389 Directory Server are both compatible with which directory access protocol?

LDAP

At what layer of the OSI model do proxy servers operate?

Layer 7

In regards to the use of local authentication, what statement is accurate?

Local authentication is network and server failure tolerant.

You have been tasked with the configuration of a Juniper switch, and have been told to restrict the number of MAC addresses allowed in the MAC address table. What command should you use?

Mac-Limit

Which legacy authentication protocol requires mutual authentication?

Microsoft Challenge Handshake Authentication Protocol, version 2 (MS-CHAPv2)

When using Spanning Tree Protocol, which port on non-root bridges can forward traffic toward the root bridge?

Only one root port, which is the bridge's port that is closest to the root bridge, can forward.

Which of the following terms is used to describe the configuration of a port to copy all traffic passing through the switch to the device at the other end of the port?

Port mirroring

Which adaptation of EAP utilizes EAP-MSCHAPv2 inside of an encrypted TLS tunnel?

Protected EAP (PEAP)

By far the most popular AAA service, what open-source service runs in the Application layer and can use UDP or TCP in the Transport layer?

RADIUS

Which encryption standard was originally utilized with WPA's TKIP?

Rivest Cipher 4 (RC4)

when you g spanning tree protocol, what is the first step in selecting paths through a network?

STP must first select the root bridge, or master bridge

Which protocol designed to replace STP operates at Layer 3 of the OSI model?

Shortest Path Bridged (SPB)

In Open System Authentication, how does authentication occur?

The client "authenticates" using only the SSID name. In other words, no real authentication occurs.

By default, Active Directory is configured to use the Kerberos protocol, but can be configured to use LDAP or a combination of LDAP and Kerberos.

True

Proxy servers and ACLs on network devices are examples of non-security devices with security features, while firewalls and IDS/IPS systems are the network's specialized security devices.

True

The PEAP standard creates an encrypted TLS tunnel between the supplicant and the server before proceeding with the usual EAP process.

True

The storm-control command is a type of flood guard that is available on most major network switch vendor platforms.

True

The supplicant is an EAP entity responsible for requesting authentication, such as a smartphone or laptop.

True

What scenario might be ideal for the use of root guard in configuring a switch?

You wish to prevent switches beyond a certain port from becoming the root bridge, but still wish to use STP.

Which of the following is not one of the three AAA services provided by RADIUS and TACACS+?

access control

Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address?

access-list acl_2 permit http any any

What kind of firewall blocks traffic based on application data contained within the packets?

content filtering firewall

what kind of firewall can block designated types of traffic based on application data contained within packets?

content-filtering firewall

When using a host-based intrusion detection system, what additional feature might be available to alert the system of any changes made to files that shouldn't change?

file integrity monitoring (FIM)

what is a SIEM (security information and event management) system utilized for?

it is a system used to evaluate data from security devices and generate alerts

which of the following is an example of proxy server software?

squid

Which command on an Arista switch would require an SNMP notification when too many devices try to connect to a port?

switchport port-security

what is not a variable that a network access control list can filter traffic with?

the operating system used by the source or destination device

Which of the following features is common to both an NGFW and traditional firewalls?

user authentication

What statement correctly describes a stateless firewall?

A stateless firewall manages each incoming packet as a stand-alone entity, without regard to currently active connections.

What statement regarding role-based access control is accurate?

RBAC allows a network administrator to base privileges and permissions around a detailed description of a user's roles or jobs.

What descendant of the Spanning Tree Protocol is defined by the IEEE 802.1W standard, and can detect as well as correct for link failures in milliseconds?

Rapid Spanning Tree Protocol (RSTP)

User access to network resources falls into one of these two categories: 1) the privilege or right to execute, install, and uninstall software, and 2) permission to read, modify, create, or delete data files and folders.

True

You have been asked by your superior to configure all Cisco network switches to allow only acceptable MAC addresses through switch access ports. How is this accomplished?

Use the switchport port-security command to enable MAC filtering


Ensembles d'études connexes

Financial Management FIN 3400 Chapter 1

View Set

A Level Philosophy Metaphysics of the Mind AQA

View Set

Lecture 8 - Dropdown Menus, Library Items, Templates

View Set

CNA 101 - Module 10 - Basic Router Configuration

View Set