CIS 4840-Chapter 10
When an SSL/TLS gateway is used, the client will have only a single SSL/TLS connection. A) True. B) False.
A) True.
SNMPv1 uses ________ for authentication. A) community names B) digital certificates and digital signatures C) a different password for each manager-agent pair D) All of the above.
A) community names
Which of the following would be an SNMP object? A) A router. B) A default time to live value. C) Both A and B D) Neither A nor B
B) A default time to live value.
Clients normally get their IP addresses from ________. A) DNS servers B) DHCP servers C) directory servers D) identity servers
B) DHCP servers
Client PCs need additional software to use basic SSL/TLS functions. A) True. B) False.
B) False
DHCP servers update the configuration information they store automatically. A) True. B) False.
B) False
Clients can send a DHCP request message to multiple DHCP servers. A) True. B) False.
B) False.
Human interface functionality is defined by the SNMP standard. A) True. B) False.
B) False.
IPsec operates at the data link layer. A) True. B) False.
B) False.
In SNMP, "object" is another name for "managed device." A) True. B) False.
B) False.
In SNMP, the agent can create commands. A) True. B) False.
B) False.
In SNMP, the manager communicates directly with the managed device. A) True. B) False.
B) False.
In SNMP, the manager creates both commands and responses. A) True. B) False.
B) False.
In the Domain Name System, there is a single root server. A) True. B) False.
B) False.
In tunnel mode, IPsec provides protection all the way between the two hosts. A) True. B) False.
B) False.
NAT works automatically with all protocols. A) True. B) False.
B) False.
SSL/TLS is very expensive to implement because special configuration must be done on the client PC. A) True. B) False.
B) False.
SSL/TLS offers stronger security than IPsec. A) True. B) False.
B) False.
To be protected by IPsec, applications must be IPsec-aware. A) True. B) False.
B) False.
Which of the following can be centrally managed? A) SSL/TLS. B) IPsec. C) Both A and B D) Neither A nor B
B) IPsec.
Which of the following has stronger security? A) SSL/TLS. B) IPsec. C) Both A and B D) Neither A nor B
B) IPsec.
Which of the following provides transparent protection to applications? A) SSL/TLS. B) IPsec. C) Both A and B D) Neither A nor B
B) IPsec.
________ is the processing of presenting external IP addresses that are different from internal IP addresses used within the firm. A) DNS B) NAT C) DHCP D) None of the above
B) NAT
In SNMP, companies are often reluctant to use ________ commands because of security dangers. A) Get B) Set C) Neither A nor B
B) Set
In SNMP, the ________ creates traps. A) manager B) agent C) Both A and B D) Neither A nor B
B) agent
In SNMP, the manager communicates directly with a(n) ________. A) managed device B) agent C) Both A and B D) Neither A nor B
B) agent
IPsec protects ________ layer messages. A) data link B) application C) Both A and B D) Neither A nor B
B) application
IPsec is a(n) ________ layer standard. A) physical B) data link C) internet D) All of the above.
C) internet
In IP subnet planning, you need to have at least 130 subnets. How large should your subnet part be? A) 6. B) 8. C) 14. D) 16. E) None of the above
B) 8.
________ is a general naming system for the Internet. A) NAT B) DNS C) Both A and B D) Neither A nor B
B) DNS
In SSL/TLS gateways, which of the following requires webification? A) HTTP. B) Database. C) Both A and B D) Neither A nor B
B) Database.
In SNMP, the manager can create ________. A) traps B) GET commands C) Both A and B D) Neither A nor B
B) GET commands
In NAT, the ________ creates new external source IP addresses and port numbers. A) router B) firewall C) source host D) destination host
B) firewall
Servers are normally given ________ IP addresses. A) well-known B) static C) dynamic D) None of the above.
B) static
A(n) ________ is a message sent by an agent to let the manager know about a condition the agent has detected. Select the name used in the SNMP standard. A) command B) trap C) alarm D) notice E) All of the above.
B) trap
How many DNS root servers are there? A) 1. B) 2. C) 10. D) 13. E) DNS does not use root servers.
D) 13.
Your firm has an 8-bit network part and an 8-bit subnet part. How many hosts can you have? A) 8. B) 16. C) 254. D) 65,534.
D) 65,534.
Which of the following is NOT an element in a network management system? A) The manager. B) The agent. C) The object. D) All of the above ARE elements in network management systems.
D) All of the above ARE elements in network management systems
A client connects to an SSL/TLS gateway to use three internal site webservers simultaneously. How many SSL/TLS connections must the browser manage? A) 2. B) 3. C) 4. D) None of the above.
D) None of the above.
In DNS, a group of resources under the control of an organization is called a ________. A) network B) subnet C) scope D) domain
D) domain
Servers have static IP addresses so that clients can find them easily. A) True. B) False.
A) True.
Which of the following is a private IP address range? A) 10.x.x.x B) 128.171.x.x C) Both A and B D) Neither A nor B
A) 10.x.x.x
Which of the following is usually given dynamic IP addresses? A) Clients. B) Servers. C) Both A and B D) Neither A nor B
A) Clients
Which of the following tends to require the installation of digital certificates on many client PCs? A) SSL/TLS. B) IPsec. C) Both A and B D) Neither A nor B
A) SSL/TLS.
Which mode of IPsec is more expensive? A) Transport mode. B) Tunnel mode. C) Both A and B are equally expensive.
A) Transport mode.
In SNMP, the time-to-live value for a router interface is the value for an object. A) True. B) False.
A) True
Private IP address ranges are only used within a firm. A) True. B) False.
A) True
A company may have many AD domains. A) True. B) False.
A) True.
Active Directory is Microsoft's directory server product. A) True. B) False.
A) True.
IPsec is used for site-to-site VPNs. A) True. B) False.
A) True.
IPsec offers transparent protection. A) True. B) False.
A) True.
IPsec protects all layers above the internet layer. A) True. B) False.
A) True.
In SNMP, Set commands tell the agent to change a parameter on the managed device. A) True. B) False.
A) True.
In SNMP, the ________ creates commands. A) manager B) agent C) Both A and B D) Neither A nor B
A) manager
The main limit of tunnel mode protection compared to transport mode protection in IPsec is ________. A) protection over only part of the route B) higher cost C) Both A and B D) Neither A nor B
A) protection over only part of the route
The highest-level DNS servers are called ________. A) root servers B) first-level or top-level servers C) Both A and B D) Neither A nor B
A) root servers
Client PCs must have digital certificates in ________. A) transport mode B) tunnel mode C) Both A and B D) Neither A nor B
A) transport mode
SSL/TLS provides central policy management. A) True. B) False.
B) False.
Servers are normally given dynamic IP addresses. A) True. B) False.
B) False.
In SNMP, the ________ creates responses. A) manager B) agent C) Both A and B D) Neither A nor B
B) agent
If your subnet part is 8 bits long, you can have ________ subnets. A) 8 B) 64 C) 128 D) 256 E) None of the above.
E) None of the above.
NAT provides security. A) True. B) False.
A) True.
SSL/TLS only provides protection to SSL/TLS-aware applications. A) True. B) False.
A) True.
Which of the following can protect all applications? A) IPsec. B) SSL/TLS. C) Both A and B D) Neither A nor B
A) IPsec.
Which of the following is used to query a directory server to get someone's e-mail address? A) LDAP. B) X.500. C) SNMP. D) HTTP.
A) LDAP.
In transport mode, IPsec provides security over the internal networks. A) True. B) False.
A) True.
Most firms have both a primary and secondary DNS server. A) True. B) False.
A) True.
NAT can multiply the number of IP addresses available to the firm by over a thousand. A) True. B) False
A) True.
In AD, there is complete replication between domain controllers ________. A) in the same domain B) in adjacent levels in the domain hierarchy C) throughout the firm D) throughout a forest
A) in the same domain
NAT enhances security by ________. A) preventing sniffers from learning internal IP addresses B) providing message integrity C) Both A and B D) Neither A nor B
A) preventing sniffers from learning internal IP addresses
The main disadvantage of transport mode protection compared to tunnel mode protection in IP is ________. A) that it provides protection over only part of the route B) higher cost C) Both A and B D) Neither A nor B
B) higher cost
In AD, there is partial replication between domain controllers ________. A) in the same domain B) in different domains at adjacent levels in the domain hierarchy C) Both A and B D) Neither A nor B
B) in different domains at adjacent levels in the domain hierarchy
An AD domain ________ A) must have only a single domain controller B) may have multiple domain controllers C) must be organized as a tree D) None of the above.
B) may have multiple domain controllers
In tunnel mode, IPsec provides protection ________. A) all the way between the two hosts B) only between the IPsec servers C) Both A and B D) Neither A nor B
B) only between the IPsec servers
DHCP ________ are configurable parameters that determine which subnets the DHCP server will serve. A) ranges B) scopes C) spans
B) scopes
Corporations most wish to have ________ domain names. A) first-level B) second-level C) third-level D) None of the above.
B) second-level
You have a 20-bit network part and a 4-bit subnet part. How many hosts can you have per subnet? A) 14. B) 16. C) 254. D) 256. E) None of the above.
C) 254.
IPsec is used for ________ VPNs. A) remote-access B) site-to-site C) Both A and B D) Neither A nor B
C) Both A and B
The MIB is a(n) ________. A) schema B) actual database C) Both A and B D) Neither A nor B
C) Both A and B
The domain name system ________. A) is a way to find a host's IP addresses if your computer only knows the host's host name B) is a general naming system for the Internet C) Both A and B D) Neither A nor B
C) Both A and B
Which of the following can be used within a firm? A) Private IP addresses. B) Public IP addresses. C) Both A and B D) Neither A nor B
C) Both A and B
Which of the following is true about NAT? A) It can enhance security. B) It presents problems for some protocols. C) Both A and B D) Neither A nor B
C) Both A and B
Which of the following would be an SNMP object? A) Number of rows in routing table. B) System uptime (since last reboot). C) Both A and B D) Neither A nor B
C) Both A and B
________ is a benefit provided by NAT. A) Transparency B) Security C) Both A and B D) Neither A nor B
C) Both A and B
Which of the following has good authentication? A) SNMPv1. B) SNMPv2. C) SNMPv3. D) SNMPv4. E) All of the above
C) SNMPv3.
SNMPv3 uses ________ for authentication. A) community names B) digital certificates and digital signatures C) a different password for each manager-agent pair D) All of the above.
C) a different password for each manager-agent pair
Directory servers organize information in a ________. A) ring B) mesh C) hierarchy D) relational database E) Any of the above can be used.
D) relational database
________ servers provide ________ IP addresses to clients. A) DNS, static B) DNS, dynamic C) DHCP, static D) DHCP, dynamic
DHCP, dynamic