Final Exam (Chapter Quizes)
What port do SNMP agents listen on? - Port 161 - Port 21 - Port 162 - Port 20
Port 161
Which form of SHA was developed by private designers? - SHA-1 - SHA-3 - SHA-224 - SHA-256
SHA-3
Which of the following is not an example of biometric detection? - Iris color patterns - Smart Card - Facial recognition - Fingerprints
Smart Card
Any traffic that is not explicitly permitted in the ACL is __, which is called the ____. - denied, explicit deny rule - rejected, implicit deny rule - rejected, explicit deny rule - denied, implicit deny rule
denied, implicit deny rule
802.11ac and 802.11ax both support all the following except which two bonded channels? (Select two.) - 10 MHz - 20 MHz - 40 MHz - 60 MHz - 80 MHz - 160 MHz - 240 MHz
10 MHz & 240 MHz
Which 802.11 standard functions in both the 2.4-GHz and 5-GHz bands? - 802.11g - 802.11ac - 802.11b - 802.11ax
802.11ax
What was the first 802.11 standard to implement channel bonding? - 802.11n - 802.11ax - 802.11g - 802.11ac
802.11n
Which of these is considered a secure place to store a list of documented network passwords? - The CEO's smartphone - A sticky note under the keyboard - A password manager - The MDF
A password manager
Which Carrier Sense technology is used on wireless networks to reduce collisions? - CSMA/CD - EAPoL - CSMA/CA - SSID
CSMA/CA
A technician from your ISP has arrived to help you troubleshoot a weak WAN connection. To what location do you take them? - IDF - Work area - CEO's office - EF
EF
Which type of identifier allows wireless clients to roam freely from AP to AP? - BSSID - IP address - ESSID - Transmitter address
ESSID
Which function of WPA/WPA2 security ensures data cannot be read in transit? - Message integrity - Authentication - Encryption - Key distribution
Encryption
You just settled in for some study time at the local coffee shop, and you pause long enough to connect your smartphone to the Wi-Fi so you can listen to some music while you study. As you're about to sign in, you realize that you clicked on an SSID called "Free Coffee and Internet." What kind of security trap did you almost fall for? - Guest network - Captive portal - Evil twin - Brute force attack
Evil twin
What causes MOST firewall failures? - Firewall misconfiguration - Defective firewall - Firmware corruption - Malware
Firewall misconfiguration
What feature of a site survey maps the Wi-Fi signals in your location? - Frequency map - Spectral map - Heat map - Channel map
Heat map
What software allows you to define VMs and manage resource allocation and sharing among VMs on a host computer? - Hypervisor - NFV (Network Functions Virtualization) - SDN (software-defined networking) - Terminal emulation
Hypervisor
Which policy ensures messages are discarded when they don't match a specific firewall rule? - Implicit allow - Explicit deny - Explicit allow - Implicit deny
Implicit deny
A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company. What kind of attack is this? - Principle of least privilege - Insider threat - Vulnerability - Denial of service
Insider threat
Active Directory and 389 Directory Server are both compatible with which directory access protocol? - LDAP - RADIUS - Kerberos - AD DS
LDAP
What is the lowest layer of the OSI model at which wired and wireless transmissions share the same protocols? - Layer 4 - Layer 3 - Layer 2 - Layer 1
Layer 3
At what layer of the OSI model do proxy servers operate? - Layer 3 - Layer 2 - Layer 7 - Layer 4
Layer 7
What is the first step of inventory management? - Interview users. - Identify network requirements. - List an administrative account's username and password for each device on a network. - List all components on the network.
List all components on the network.
What information does the switchport port-security command use to restrict access to a switch's interface? - MAC address - Port number - IP address - Broadcast address
MAC address
Which power backup method will continually provide power to a server if the power goes out during a thunderstorm? - Online UPS - Generator - Dual power supplies - Standby UPS
Online UPS
You need to connect a new network printer to a nearby wall jack. What kind of cable should you use? - Fiber-optic cable - Patch cable - Backbone cable - Plenum-rated cable
Patch cable
Which of the following is not a phase in the social engineering attack cycle? - Research. - Building trust. - Penetrate. - Exit.
Penetrate.
A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers to collect information from people who make the same typo. What kind of attack is this? - Phishing - Tailgating - Quid pro quo - Baiting
Phishing
Which two features on a switch or router are integrated into CoPP? Choose two. - ICMP - DHCP - QoS - ACLs
QoS ACLs
Which authorization method will allow Nancy, a custodian, to access the company's email application but not its accounting system? - RBAC - Auditing - DAC - Local authentication
RBAC
Which of the following attack simulations detect vulnerabilities and attempt to exploit them? Choose two. - Red team-blue team exercise - Vulnerability assessment - Security audit - Pen testing
Red team-blue team exercise & Pen testing
What information in a transmitted message might an IDS use to identify network threats? - Signature - FIM - Port mirroring - ACL
Signature
Who is responsible for the security of hardware on which a public cloud runs? - The cloud customer - It depends - Both the cloud customer and the cloud provider - The cloud provider
The cloud provider
When a wireless signal encounters a large obstacle with wide, smooth surfaces, what happens to the signal? The signal reflects and changes direction according to the angle in which it struck the obstacle. - The signal reflects, or bounces back, toward its source. - The signal will be attenuated by the obstacle. - The signal will refract and dissipate
The signal reflects, or bounces back, toward its source.
Which type of switch connects all devices in a rack to the rest of the network? - ToR switch - Spine switch - EoR switch - Core switch
ToR switch
One of your coworkers downloaded several, very large video files for a special project she's working on for a new client. When you run your network monitor later this afternoon, what list will your coworker's computer likely show up on? - Top talkers - Top listeners - Giants - Jabbers
Top listeners
What virtual, logically defined device operates primarily at the data link layer to ss frames between nodes? - Virtual firewall - Virtual switch - Virtual router - Virtual load balancer
Virtual switch
The ability to insert code into a database field labeled "Name" is an example of a(n) ___. - attack. - vulnerability. - breach. - exploit.
vulnerability
Which protocol replaced TKIP for WPA2? - CCMP - WEP - RADIUS - RC4
CCMP
Which one of the following wireless transmission types requires a clear LOS to function? - Bluetooth - NFC - IR - Wi-Fi?
IR
Which authentication protocol is optimized for wireless clients? - RADIUS - Active Directory - TACACS1 - Kerberos
RADIUS
What characteristic of ARP makes it particularly vulnerable to being used in a DoS attack? - ARP performs no authentication. - ARP uses a dynamic port number - ARP broadcasts outside the edge router - ARP is transmitted in cleartext
ARP performs no authentication.
Which access control technique is responsible for detection of an intruder who succeeds in accessing a network? - Authentication - Accounting - Geofencing - Separation of duties
Accounting
Which of the following is not one of the AAA services provided by RADIUS and TACACS+? - Authentication - Authorization - Administration - Accounting
Administration
Which of the following criteria can a packet-filtering firewall not use to determine whether to accept or deny traffic? - Destination IP address - SYN flags - Application data - ICMP message
Application data
Which firewall type can protect a home network from adult content not suitable for the family's children? - Packet-filtering firewall - Host-based firewall - Stateless firewall - Application layer firewall
Application layer firewall
Which log type is used to prove who did what and when? - Traffic log - Audit log - System log - Syslog
Audit log
Which physical security device works through wireless transmission? - Badge reader - Access control vestibule - Cipher lock - Biometrics
Badge reader
Which security device relies on a TAP or port mirroring? - NIDS - HIPS - FIM - HIDS
NIDS
Which of the following defenses addresses a weakness of IPv6? - DHCP snooping - CoPP - DAI - RA guard
RA guard
You're setting up a home network for your neighbor, who is a music teacher. She has students visiting her home regularly for lessons and wants to provide Internet access for their parents while they're waiting on the children. However, she's concerned about keeping her own data private. What wireless feature can you configure on her AP to meet her requests? (Select all that apply.) - Screened network - Wireless client isolation - Guest network - MAC filtering
Wireless client isolation & Guest network
While troubleshooting a recurring problem on your network, you want to examine the TCP messages being exchanged between a server and a client. Which tool should you use on the server? - Spiceworks - Wireshark - iPerf - NetFlow
Wireshark
What type of diagram shows a graphical representation of a network's wired infrastructure? - Rack diagram - Wiring diagram - Network map - Network topology
Wiring diagram
Which of the following wireless technologies does not use the 2.4 GHz band? - Z-Wave - Bluetooth - ZigBee - Wi-Fi
Z-Wave
You've decided to run an Nmap scan on your network. Which apps could you open to perform this task? Choose all that apply. - Zenmap - Microsoft Edge - Command Prompt - PowerShell
Zenmap, Command Prompt, PowerShell
When a vulnerability is exploited before the software developer can provide a solution for it or before the user applies the published solution is known as a ___ attack. - DDoS - Zero-Day - Phishing - Man-in-the-middle
Zero-Day
Which device can manage traffic to multiple servers in a cluster so all servers equally share the traffic? - Router - Firewall - Switch - Load balancer
Load balancer
With which network connection type does the VM obtain IP addressing information from its host? - Bridged mode - Managed mode - NAT mode - Isolation mode
NAT mode
Which term best describes the act of actively searching for a computer's ports by the use of specialized software? - Port searching - Port vulnerabilities - Port reconnaissance - Port scanning
Port scanning
As you're troubleshooting a dead zone in your office, which measurement will help you determine the edges of the dead zone? - RSSI - Channel - EIRP - Band
RSSI
Which type of disaster recovery site contains all the equipment you would need to get up and running again after a disaster, and yet would require several weeks to implement? - Warm site - Standby site - Hot site - Cold site
Cold site
Which device would allow an attacker to make network clients use an illegitimate default gateway? - RA guard - DHCP server - Proxy server - Network-based firewall
DHCP server
Which type of DoS attack orchestrates an attack bounced off uninfected computers?
DRDoS attack
Which type of DoS attack orchestrates an attack bounced off uninfected computers? - FTP bounce - Ransomware - DRDoS attack - PDoS attack
DRDoS attack
What type of attack relies on spoofing? - Deauth attack - Friendly DoS attack - Tailgating - Pen testing
Deauth attack
What field in an IPv4 packet is altered to prioritize video streaming traffic over web surfing traffic? - Traffic Class - Priority Code Point - Time to Live - DiffServ
DiffServ
You sent a coworker a .exe file to install an app on their computer. What information should you send your coworker so they can ensure the file has not been tampered with in transit? - Public encryption key - Hash of the encryption key - Private encryption key - Hash of the file
Hash of the file
When shopping for a new router, what does the MTBF tell you? - How long until that device fails - How much it will cost to repair that device - How long devices like this one will last on average until the next failure - How long it will usually take to repair that device
How long devices like this one will last on average until the next failure
What is the first step in improving network security? - Document next steps. - Identify risks. - Determine which resources might be harmed) - Develop plans for responding to threats.
Identify risks.
Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this? - Ransomware - Logic bomb - Virus - Worm
Logic bomb
A transceiver was recently damaged by a lightning strike during a storm. How might you decide whether the ISP is responsible for replacing this device, or whether your company must foot the bill? - Look at whether the device is located on the ISP's side of the demarc) - Look at the manufacturer information on the device's label. - Look at purchase records for the device to determine when it was acquired) - Look at what kinds of cables are connected to this device.
Look at whether the device is located on the ISP's side of the demarc)
A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use? - AUP - NDA - MDM - BYOD
NDA
What type of document should a company use to restrict project-related information?
NDA
Which cloud management technique executes a series of tasks in a workflow? - Automation - IaC - SLA - Orchestration
Orchestration
Which cloud service model gives software developers access to multiple platforms for testing code? - IaaS - PaaS - SaaS - XaaS
PaaS
Which of the following social engineering attack types most likely requires that the attacker have existing knowledge about the victim? - Tailgating - Shoulder surfing - Piggybacking - Phishing.
Phishing.
Your organization has just approved a special budget for a networksecurity upgrade. What procedure should you conduct to develop your recommendations for the upgrade priorities? -Data breach - Security audit - Exploit - Posture assessment
Posture assessment
Which assessment type would most likely discover a security risk related to employee on-boarding? - Vendor risk assessment - Process assessment - Threat assessment - Posture assessment
Process Assessment
Which device can be used to increase network performance by caching websites? - Firewall - Proxy server - IDS - Security group
Proxy server
You've just completed a survey of the wireless signals traversing the airspace in your company's vicinity, and you've found an unauthorized AP with a very strong signal near the middle of the 100-acre campus. Its SSID is broadcasting the name of a smartphone model. What kind of threat do you need to report to your boss? - Rogue AP - War driving - Evil twin - Hidden node
Rogue AP
Which of the following devices are you likely to find in the MDF? Choose all that apply. - Routers - Switches - Network printer - KVM switch
Routers, Switches, KVM
What command requests the next record in an SNMP log? - SNMP Get Request - SNMP Get Next - SNMP Trap - SNMP Get Response
SNMP Get Next
Which of the following is considered a secure protocol? - FTP - SSH - Telnet - HTTP
SSH
Which principle ensures auditing processes are managed by someone other than the employees whose activities are being audited? - Separation of duties - Principle of least privilege - Shared responsibility model - Defense in depth
Separation of duties
You need to securely store handheld radios for your network technicians to take with them when they're troubleshooting problems around your campus network. What's the best way to store these radios so all your techs can get to them and so you can track who has the radios? - Locking rack - Smart locker - Locking cabinet - Access control vestibule
Smart locker
Which device will let you determine all frequencies within a scanned range that are present in a specific environment, not just Wi-Fi? - Wi-Fi analyzer - Captive portal - Wireless LAN controller - Spectrum analyzer
Spectrum analyzer
Which of the following features of a network connection between a switch and server is not improved by link aggregation? - Bandwidth - Fault tolerance - Speed - Availability
Speed
A neighbor hacks into your secured wireless network on a regular basis, but you didn't give her the password) What loophole was most likely left open? - Guest Network was not established - You are using WPA2 encryption instead of using WEP Encryption - MAC filtering was not enabled -The default password was not changed)
The default password was not changed)
What does a client present to a network server to access a resource on that server? - Principal - Ticket - Ticket-Granting Ticket - Key
Ticket
Your roommate has been hogging the bandwidth on your router lately. What feature should you configure on the router to limit the amount of bandwidth his computer can utilize at any one time? - Power management - Congestion control - Flow control - Traffic shaping
Traffic shaping
What addresses does an 802.11 frame contain that an 802.3 frame does not? (Select all that apply.) MAC address - Transmitter address - IP address - Receiver address - Gateway address
Transmitter address & Receiver address
Which Wi-Fi encryption standard was designed to use AES encryption? - WPA - WPA2 - WEP - WEP2
WPA2
What is the primary difference between how WPA2-Personal and WPA2-Enterprise are implemented on a network? - WPA2-Personal offers a stronger encryption. - WPA2-Personal requires a RADIUS authentication server. - No difference other than the size of the network being used) - WPA2-Enterprise requires a RADIUS authentication server.
WPA2-Enterprise requires a RADIUS authentication server.
Which ACL rule will prevent pings from a host at 192.168.2.100? - access-list acl_2 permit icmp any host 192.168.2.100 - access-list acl_2 deny icmp host 192.168.2.100 any - access-list acl_2 deny tcp host 192.168.2.100 host 192.168.2.1 - access-list acl_2 deny icmp any host 192.168.2.100
access-list acl_2 deny icmp host 192.168.2.100 any
Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address? - access-list acl_2 deny tcp any any - access-list acl_2 permit https any any - access-list acl_2 deny tcp host 2.2.2.2 host 3.3.3.3 eq www - access-list acl_2 permit icmp any any
access-list acl_2 permit https any any
Which off-boarding policy can protect proprietary corporate information if a smartphone is lost? - Remote wipe - Trusted access - OS update requirements - Site survey
emote wipe
To exchange information, two antennas must be tuned to the same ____. (Select all that apply.) - frequency - band- channel - bandwidth
frequency & channel
Although they might engage in illegal activity, the intent of a __ is to educate and assist. - white hat hacker - black hat hacker - red hat hacker - gray hat hacker
gray hat hacker
If you're shopping for a rack switch, what component on the switch tells you it can be mounted to a rack? - AC adapter - Rack ears - Padded feet - Large fans
Rack ears
Which power device prevents a critical server from losing power, even for an instant? - Surge protector - Generator - PDU - UPS
UPS
Which of the following would an environmental monitoring system not track? - Liquid detection - User authentication - Data room lights - UPS voltage
User authentication
Which device converts signals from a campus's analog phone equipment into IP data that can travel over the Internet? - Legacy PBX - VoIP phone - Voice gateway - Dedicated telephone switch
Voice gateway
Which backup site includes a running server that does not have access to the latest backups? - Warm site - Cold site - Hot site - On site
Warm site
Which of the following would be assigned an OID? - An NMS server - A switch's interface - A web server - A UDP port
A switch's interface
When you arrive at work one morning, your inbox is full of messages complaining of a network slowdown. You collect a capture from your network monitor. What documentation can help you determine what has changed? - Anomalous behavior - Operating System Logs - A baseline - None of the above
Baseline
When repairing a coworker's computer, you find some illegal files. What should you do next? - Shut down the computer and unplug it. - Take screenshots on the computer and save them in your own folder. - Disconnect the computer from the network and leave it running. - Delete the files.
Disconnect the computer from the network and leave it running.
Which bandwidth management technique limits traffic specifically between a single sender and a single receiver? - Congestion control - Traffic shaping - Quality of Service - Flow control
Flow control
Which flow control method resends a lost frame along with all frames sent with it? - Selective repeat sliding window - Backpressure - Go-back-n sliding window - Stop-and-wait
Go-back-n sliding window
Why might you want to install two power supplies in a critical server? - to increase the power capabilities of the server - If one power supply fails, the other can take over - to increase the voltage capacity of the server - both a and b are correct
If one power supply fails, the other can take over
Which of the following is not defined by syslog? - Message transmission - Message format - Message handling - Message security
Message security
Which data link layer flow control method offers the most efficient frame transmission when sending large volumes of data? - Go-back-n sliding window - Choke packet - Selective repeat sliding window - Stop-and-wait
Selective repeat sliding window
What are the two main categories of UPSs? (Select 2) - Standby - Shunt - Online - inline
Standby Online
Which log type would most likely be used first to investigate the cause of high numbers of dropped packets? - Traffic log - System log - Jitter log - Audit log
Traffic log
All of the following are congestion control techniques help to prevent network congestion except? - Retransmission policy - acknowledgment policy - bandwidth governance policy - discarding policy
bandwidth governance policy
Which of the following statements is true? Choose two. - When streaming a movie, the transmission is sensitive to loss and tolerant of delays. - When sending an email, the transmission is sensitive to delays and tolerant of loss. - When streaming a movie, the transmission is sensitive to delays and tolerant of loss. - When sending an email, the transmission is sensitive to loss and tolerant of delays.
When streaming a movie, the transmission is sensitive to delays and tolerant of loss. When sending an email, the transmission is sensitive to loss and tolerant of delays.