Chapter 10 Quiz
Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used? A. Packet filtering B. Application proxying C. Stateful inspection D. Network address translation
Application proxying
What type of network device normally connects directly to endpoints and uses MAC-based filtering to limit traffic flows? A. Router B. Hub C. Access point D. Switch
Switch
Bob has a high-volume virtual private network (VPN). He would like to use a device that would best handle the required processing power. What type of device should he use? A. Firewall B. Unified threat management (UTM) C. Router D. VPN concentrator
VPN concentrator
Karen would like to use a wireless authentication technology similar to that found in hotels where users are redirected to a webpage when they connect to the network. What technology should she deploy? A. Remote Authentication Dial-In User Service (RADIUS) B. Lightweight Extensible Authentication Protocol (LEAP) C. Captive portal D. Protected Extensible Authentication Protocol (PEAP)
Captive portal
A border router can provide enhanced features to internal networks and help keep subnet traffic separate.
False
A packet-filtering firewall remembers information about the status of a network communication.
False
Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity? A. Wi-Fi B. 3G C. 4G D. Digital subscriber line (DSL)
Wi-Fi
What type of network connects systems over the largest geographic area? A. Wide area network (WAN) B. Metropolitan area network (MAN) C. Local area network (LAN) D. Storage area network (SAN)
Wide area network (WAN)
Network access control (NAC) works on wired and wireless networks.
True
What is the maximum value for any octet in an IPv4 IP address? A. 65 B. 129 C. 255 D. 513
255
A firewall is a basic network security defense tool.
True
Henry is creating a firewall rule that will allow inbound mail to the organization. What TCP port must he allow through the firewall? A. 22 B. 25 C. 53 D. 80
25
Henry's last firewall rule must allow inbound access to a Windows Terminal Server. What port must he allow? A. 143 B. 443 C. 989 D. 3389
3389
Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication? A. 80 B. 143 C. 443 D. 3389
443 HTTP over SSL
The OSI Reference Model is a theoretical model of networking with interchangeable layers.
True
What is NOT a service commonly offered by unified threat management (UTM) devices? A. URL filtering B. Wireless network access C. Malware inspection D. Content inspection
Wireless network access
Another name for a border firewall is a DMZ firewall.
False
The Data Link Layer of the OSI Reference Model is responsible for transmitting information on computers connected to the same local area network (LAN).
True
Implicit deny is when firewalls look at message addresses to determine whether a message is being sent around an unending loop.
False
Internet Control Message Protocol (ICMP) is a method of IP address assignment that uses an alternate, public IP address to hide a system's real IP address.
False
The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network.
False
What type of firewall security feature limits the volume of traffic from individual hosts? A. Loop protection B. Network separation C. Stateful inspection D. Flood guard
Flood guard
Barbara is investigating an attack against her network. She notices that the Internet Control Message Protocol (ICMP) echo replies coming into her network far exceed the ICMP echo requests leaving her network. What type of attack is likely taking place? A. Teardrop B. Land C. Smurf D. Cross-site scripting (XSS)
Smurf
A network protocol governs how networking equipment interacts to deliver data across the network.
True
Internet Small Computer System Interface (iSCSI) is a storage networking standard used to link data storage devices to networks using IP for its transport layer.
True
The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium.
True
The term "router" describes a device that connects two or more networks and selectively interchanges packets of data between them.
True
Val would like to isolate several systems belonging to the product development group from other systems on the network, without adding new hardware. What technology can she use? A. Firewall B. Virtual LAN (VLAN) C. Virtual private network (VPN) D. Transport Layer Security (TLS)
Virtual LAN (VLAN)
Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues? A. Firewall B. Hub C. Switch D. Router
Hub
What protocol is responsible for assigning IP addresses to hosts on most networks? A. Dynamic Host Configuration Protocol (DHCP) B. Transport Layer Security (TLS) C. Virtual LAN (VLAN) D. Simple Mail Transfer Protocol (SMTP)
Dynamic Host Configuration Protocol (DHCP)
What firewall approach is shown in the figure?
Screened subnet
A subnet mask is a partition of a network based on IP addresses.
False
What wireless security technology contains significant flaws and should never be used? A. Wired Equivalent Privacy (WEP) B. Wi-Fi Protected Access (WPA) C. WPA2 D. Remote Authentication Dial-In User Service (RADIUS)
Wired Equivalent Privacy (WEP)
A wireless access point (WAP) is the connection between a wired and wireless network.
True
TCP/IP is a suite of protocols that operates at both the Network and Transport layers of the OSI Reference Model.
True
IP addresses are eight-byte addresses that uniquely identify every device on the network.
False
David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use? A. Internet Small Computer System Interface (iSCSI) B. Fibre Channel (FC) C. Fibre Channel over Ethernet (FCoE) D. Secure Shell (SSH)
Fibre Channel over Ethernet (FCoE)
Hilda is troubleshooting a problem with the encryption of data. At which layer of the OSI Reference Model is she working? A. Application B. Presentation C. Session D. Data Link
Presentation
The three main categories of network security risk are reconnaissance, eavesdropping, and denial of service.
True
