Chapter9
63) IPsec is a(n) ________ layer standard. A) physical B) data link C) internet D) All of the above
C
34) Clients normally get their IP addresses from ________. A) DNS servers B) DHCP servers C) directory servers D) identity servers
B
37) DHCP ________ are configurable parameters that determine which subnets the DHCP server will serve. A) ranges B) scopes C) spans D) domains
B
81) If a host to be able to communicate via IPv4 and IPv6, it is said to ________. A) be bilingual B) have a dual stack C) be IPv6 ready D) be fully compliant
B
82) Today, it is problematic to have ________. A) only a single IPv4 stack B) only a single IPv6 stack C) a dual stack D) All of the above
B
58) In MPLS, the packet travels along the ________. A) route B) data link C) label-switched path D) MPLS path
C
89) A step in creating an EUI-64 is dividing a 48-bit MAC address in half and inserting ________ in the center. A) the interface ID B) the subnet ID C) fffe D) 0000
C
90) To configure itself, a client PC running IPv6 can configure itself using ________. A) DHCP B) stateless autoconfiguration C) Both A and B D) Neither A nor B
C
95) The router advertisement protocol may ________. A) give the client a routing prefix B) give the client a subnet ID C) Both A and B D) Neither A nor B
C
24) ".UK" is a generic top-level domain.
FALSE
33) Which of the following are usually given dynamic IP addresses? A) Clients. B) Servers. C) Both A and B D) Neither A nor B
A
46) In SNMP, the ________ creates commands. A) manager B) agent C) Both A and B D) Neither A nor B
A
54) In SNMP, companies are often reluctant to use ________ commands because of security dangers. A) Get B) Set C) Neither A nor B
A
55) SNMPv1 uses ________ for authentication. A) community names B) digital certificates and digital signatures C) a different password for each manager-agent pair D) All of the above
A
84) The routing prefix in IPv6 is like the ________ part in an IPv4 address. A) network B) subnet C) host D) Both A and B
A
88) The IEEE calls 64-bit interface addresses ________. A) Extended Unique Identifiers B) Interface IDs C) Both A and B
A
98) In stateless autoconfiguration, providing the address of DNS servers is ________. A) unnecessary B) mandatory C) optional D) impossible
A
30) Servers are normally given ________ IP addresses. A) well-known B) static C) dynamic D) None of the above
B
39) In SNMP, the manager communicates directly with a(n) ________. A) managed device B) agent C) Both A and B D) Neither A nor B
B
4) In IP subnet planning, you need to have at least 130 subnets. How large should your subnet part be? A) 6 B) 7 C) 8 D) None of the above
B
48) In SNMP, the ________ creates responses. A) manager B) agent C) Both A and B D) Neither A nor B
B
50) In SNMP, the ________ creates traps. A) manager B) agent C) Both A and B D) Neither A nor B
B
103) The neighbor advertisement protocol message was created to give the ________ address of the host sending the message. A) IPv6 B) IPv4 C) Both A and B D) Neither A nor B
A
11) NAT enhances security by preventing ________. A) sniffers from learning internal IP addresses B) encryption C) Both A and B D) Neither A nor B
A
79) Which is less expensive to implement? A) SSL/TLS. B) IPsec. C) Both cost about the same to implement.
A
74) Client PCs must have digital certificates in ________. A) transport mode B) tunnel mode C) Both A and B D) Neither A nor B
A
78) Which of the following standards provides for central management? A) IPsec. B) SSL/TLS. C) Both A and B D) Neither A nor B
A
102) In DNS servers, the IPv6 address of a host is contained in the ________ record. A) IPv6 B) IPv4+ C) A D) None of the above
D
28) How many DNS root servers are there? A) 1. B) 2. C) 10. D) 13.
D
27) In the Domain Name System, there is a single root server.
FALSE
31) Servers are normally given dynamic IP addresses.
FALSE
40) In SNMP, the manager communicates directly with the managed device.
FALSE
41) In SNMP, "object" is another name for "managed device."
FALSE
10) NAT provides security.
TRUE
9) NAT operates transparently to the two hosts.
TRUE
99) IPv6 has a number of known security weaknesses.
TRUE
15) Which of the following is a private IP address range? A) 10.x.x.x. B) 128.171.x.x. C) Both A and B D) Neither A nor B
A
26) The highest-level DNS servers are called ________. A) root servers B) top-level servers C) Both A and B D) Neither A nor B
A
57) In MPLS, the interface to send the packet back out will be decided ________. A) during the router's routing process B) before the packet arrives C) on the basis of the previous packet going to the packet's IP address. D) None of the above
A
70) The main limit of IPsec tunnel mode protection compared to transport mode protection in IPsec is ________. A) protection over only part of the route B) higher cost C) Both A and B D) Neither A nor B
A
19) ________ is a general naming system for the Internet. A) NAT B) DNS C) Both A and B D) Neither A nor B
B
21) ".com" is a ________. A) root domain B) top-level domain C) second-level domain D) None of the above
B
22) ".edu" is a ________. A) root domain B) top-level domain C) second-level domain D) None of the above
B
25) Corporations most wish to have ________ domain names. A) top-level B) second-level C) third-level D) None of the above
B
51) In SNMP, the manager can create ________. A) traps B) GET commands C) Both A and B D) Neither A nor B
B
53) A(n) ________ is a message sent by an agent to let the manager know about a condition the agent has detected. Select the name used in the SNMP standard. A) command B) trap C) alarm D) All of the above
B
60) Label-switching routers base their decisions on a packet's ________. A) IP address B) label number C) Both A and B D) Neither A nor B
B
61) In MPLS, the ________ adds the label to the packet. A) source host B) first label-switching router C) Both A and B D) Neither A nor B
B
65) IPsec protects ________ layer messages. A) data link B) application C) Both A and B D) Neither A nor B
B
68) In tunnel mode, IPsec provides protection ________. A) all the way between the two hosts B) only between the IPsec servers C) Both A and B D) Neither A nor B
B
7) ________ is the processing of presenting external IP addresses that are different from internal IP addresses used within the firm. A) DNS B) NAT C) DHCP D) None of the above
B
72) Which mode of IPsec is more expensive? A) Transport mode. B) Tunnel mode. C) Both A and B are equally expensive.
B
73) The main disadvantage of transport mode protection compared to tunnel mode protection in IP is ________. A) that it provides protection over only part of the route B) higher cost C) Both A and B D) Neither A nor B
B
8) In NAT, the ________ creates new external source IP addresses and port numbers. A) router B) firewall C) source host D) destination host
B
80) Which has stronger security? A) SSL/TLS. B) IPsec. C) Both have about equal security.
B
85) If the subnet ID in an IPv6 address is 32 bits, how long is the routing prefix? A) 16 bits. B) 32 bits. C) 64 bits. D) We cannot say.
B
86) The part of an IPv6 global unicast address that designates the host is called the ________. A) host part B) interface ID C) routing prefix D) We cannot say.
B
87) In an IPv6 global unicast address, the interface ID is ________ bits long. A) less than 32 B) 64 C) 128 D) We cannot say.
B
93) Access to a router is needed to create a ________. A) link local IPv6 address B) global unicast IPv6 address C) Both A and B D) Neither A nor B
B
94) The router advertisement protocol may ________. A) give the client an IPv6 address B) forbid the use of stateless autoconfiguration C) Both A and B D) Neither A nor B
B
101) Stateless autoconfiguration can be used to ________. A) change all subnet IDs in a network B) change all routing prefixes in a network C) Both A and B D) Neither A nor B
C
14) Which of the following can be used within a firm? A) Private IP addresses. B) Public IP addresses. C) Both A and B D) Neither A nor B
C
16) Which of the following is true about NAT? A) It can enhance security. B) It presents problems for some protocols. C) Both A and B D) Neither A nor B
C
18) The domain name system ________. A) is a way to find a host's IP addresses if your computer only knows the host's host name B) is a general naming system for the Internet C) Both A and B D) Neither A nor B
C
29) A company receives its domain name from ________. A) the IETF B) its ISP C) a domain registrar D) None of the above
C
43) The management information base (MIB) is a(n) ________. A) schema B) actual database C) Either A or B D) Neither A nor B
C
45) Which of the following would be an SNMP object? A) Number of rows in routing table. B) System uptime (since last reboot). C) Both A and B D) Neither A nor B
C
56) SNMPv3 uses ________ for authentication. A) community names B) digital certificates and digital signatures C) a different password for each manager-agent pair D) All of the above
C
62) Label-switching routers provide ________. A) lower cost B) the ability to do traffic engineering C) Both A and B D) Neither A nor B
C
75) IPsec is used for ________ VPNs. A) remote-access B) site-to-site C) Both A and B D) Neither A nor B
C
83) Which is not one of the three parts of a public IPv6 unicast address? A) Subnet ID. B) Routing prefix. C) Host part. D) All of the above ARE parts in a public IPv6 unicast address.
C
96) Stateless autoconfiguration makes more sense for ________. A) single-stack IPv4 hosts B) single-stack IPv6 hosts C) dual-stack hosts D) It makes equal sense for all of the above.
C
20) In DNS, a group of resources under the control of an organization is called a ________. A) network B) subnet C) scope D) domain
D
3) If your subnet part is 8 bits long, you can have ________ subnets. A) 64 B) 128 C) 256 D) None of the above
D
35) ________ servers provide ________ IP addresses to clients. A) DNS, static B) DNS, dynamic C) DHCP, static D) DHCP, dynamic
D
38) Which of the above is NOT an element in a network management system? A) The manager. B) Agents. C) Objects. D) All of the above ARE elements in network management systems.
D
5) Your firm has an 8-bit network part and an 8-bit subnet part. How many hosts can you have? A) 8 B) 16 C) 254 D) 65,534
D
6) You have a 20-bit network part and a 4-bit subnet part. How many hosts can you have per subnet? A) 14 B) 16 C) 256 D) None of the above
D
77) In IPsec, agreements about how security will be done are called ________. A) tranches B) security contracts C) service-level agreements D) security associations
D
1) In IP subnet planning, having a large subnet part allows more hosts per subnet.
FALSE
17) NAT works automatically with all protocols.
FALSE
44) Human interface functionality is defined by the SNMP standard.
FALSE
47) In SNMP, the agent can create commands.
FALSE
49) In SNMP, the manager creates both commands and responses.
FALSE
64) IPsec operates at the data link layer.
FALSE
67) To be protected by IPsec, applications must be IPsec-aware.
FALSE
69) In tunnel mode, IPsec provides protection all the way between the two hosts.
FALSE
97) Stateless autoconfiguration will give an IPv6 host most or all of the configuration information it needs to operate effectively.
FALSE
100) Stateless autoconfiguration can be used to change all routing prefixes and subnet IDs in a network.
TRUE
12) NAT can multiply the number of IP addresses available to the firm by over a thousand.
TRUE
13) Private IP address ranges are only used within a firm.
TRUE
2) When the subnet part is made larger, the host part must be smaller.
TRUE
23) ".edu" is a generic top-level domain.
TRUE
32) Servers have static IP addresses so that clients can find them easily.
TRUE
36) Clients can send a DHCP request message to multiple DHCP servers.
TRUE
42) In SNMP, the time-to-live value for a router interface is the value for an object.
TRUE
52) In SNMP, Set commands tell the agent to change a parameter on the managed device.
TRUE
59) Label-switching routers do NOT look at the IP address of each arriving packet.
TRUE
66) IPsec protects all layers above the internet layer.
TRUE
71) In transport mode, IPsec provides security over the internal networks.
TRUE
76) IPsec is used for site-to-site VPNs.
TRUE
91) The first stage in IPv6 stateless autoconfiguration is to create an address that can only be used on the host's single network.
TRUE
92) After creating a link local IPv6 address, a host doing IPv6 stateless autoconfiguration should use the neighbor discovery protocol.
TRUE