Final Exam Study

A high security installation that requires enrants to submit to a retinal scan before the door unlocks is using what type of technology?

Biometrics

What are means of preventing unauthorized individuals from entering a senssitive location, such as a datacenter?

Biometrics, Identification badges, and key fobs

What mechanism for load balancing web servers is able to read the incoming HTTP and HTTPS requests and perform advanced functions based on the information they contain?

Content switches application layer device- so can read

What is the process by which dynamic routing protocols update other routers with routing table information?

Convergence

Which of the following protocols operates at the network layer of the OSI model, but doesn't encapsulate data generated by an upper layer protocol for transmission over the network? a. IP b. UDP c. ARP d. ICMP e. TCP

ICMP (sends operational and erroro mesages)

What DNS resource record is used to implement email security mechanism such as Sender Policy Framework and DomainKey Identified Mail?

MX

What protocol is used to synchronize computer clocks to a time signal provided by a server?

NTP (Network Time Protocol)

Which of the following routing protocols can you use on a TCP/IP internetwork with segments running at different speeds, making hop counts an inaccurate measure of route efficiency?

OSPF is a link state routing protocol, meaning that it doesn't rely solely on hop counts to measure the relative efficiency of a route. EIGRP is a hybrid protocol that can use link state routing.

Which of the following devices can provide authentication services for multiple remote access servers?

RADIUS server. can provide centralized authentication, authorization, and accounting services for multiple remote access servers, using a single set of user accounts

What is the term used to refer to the DNS client mechanism that generates name resolution queries and sends them to DNS servers? a. Resolver b. Authority c. Requestor d. Forwarder

Resolver. The client component of the Domain Name System is called the resolver. Requestor is a generic term for any system issuing requests, and only DNS servers can be authorities or forwarders

SSH was created to be an improvement on the Telnet terminal emulation program. How does it do so?

SSH encrypts passwords and data (Telnet transmits keystrokes in clear text, including usernames and passwords. It is therefore insecure. Secure Shell (SSH) Improves on the performance of Telnet by encrypting the passwords and other data it transmits over the network.

Which web server/browser security protocol was deprecated in 2015 in favor of Transport Layer Security (TLS) and DTLS?

SSL

Biometrics

Something you are

What protocol provides connection-oriented service with guarenteed delivery at the transport layer of the OSI model?

TCP

Which of the following protocols is not used for remote control of computers? a. TFTP b. RDP c. SSH d. Telnet

TFTP Trivial File Transfer Protocol is typically used to download boot image files to computers performing a Preboot Execution Environment (PXE) startup.

What happens when a DNS server receives an iterative name resolution query?

The DNS server responds immediately to the query with the best information it has in its resource records or in its cache or, failing that, with an error message stating that it could not resolve the requested name.

NAT NEtwork address translation

is not a load balancing mechanism like DNS round-robin, content switching, and multilayer switching

True Statements about RIPv1

-broadcasts the entire contents of the routing table every 30 seconds -does not include the subnet mask in its network advertisements

What is the difference when yu specify HTTPS:// in a url instead of HTTP://?

-browser uses a different port number to connect to the server -Security is provided using SSL or TLS -the connection between the web browser and server is encrypted

True about static routing

-manually configured by administrators when change in network occurs -recommended solution for small internet, works with single path to each destination network -not automatically added by routing protocols and don't adapt to changes in the network

Authentication factors

-something you know -something you do -something you are -something you have

How to convert a MAC address to a EUI-64

1. Split the MAC address in half (Ex/ 001F9EFC7AD0 -> 001F9E FC7AD0) 2. Insert FFFE in the middle 3.Change the 7th bit from a 0 to a 1 andconvert it back to hexidecimal

What four components are required for a computer to establish a remote TCP/IP connection?

1. common protocols 2. a physical layer connection 3. TCP/IP configuration 4. Host and remote sftware

What are the RFC 1918 ranges for private IP addresses?

10.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255 192.168.0.0-192.168.255.255

Designated Local loopback IPv4 address

127.0.0.1-127.255.255.255

Whats the range of IP addresses that Automatic Private IP Addressing (APIPA) assigns to DHCP clients that cannot access a DHCP server?

169.254.0.0-169.254.255.255

What is the maximum number of routes that can be included in a single RIP broadcast packet?

25. if there are more than 25 routes in the computer's routing table then RIP must generate additional packets

What is the valid range of numbers for ephemeral client ports used by the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)?

49152-65535

Alice has been instructed to install 100 Windows workstations, and she is working on automating the process by configuring the workstations to use PXE boot. Each workstation therefore must obtain an IP address from a DHCP server and download a boot image file from a TFTP server. Which of the following well known ports must Alice open on the firewall, separating the workstations from the servers? a. 65 b. 66 c. 67 d. 68 e. 69

67 and 68 (DHCP) 69 (TFTP)

What is the default well-known port number for the Hypertext Transfer Protocol (HTTP) used for web client/server communications?

80

How is a subnet created on a TCP/IP network?

A subnet is created by borrowing bits from the host identifier

What DNS resource record is used to resolve a hostname into an IPv6 address?

AAAA

What protocols does IPsec use to secure network traffic?

AH (Authentication header) and ESP (Encapsulating Security Protocol)

Which of the following protocols does IPsecuse to digitally sign packets before transmitting them over the network? a. ESP b. SSL c. AH d. MSCHAP

AH (AuthenticationHeader) ESP provides encryption services for IPsec. SSL is a security protocol the provides encrypted communication between web browsers and servers. MSCHAP is authentication protocol used by remote access services.

Which of the following is not a protocol used to allocate IP address assignments to clients on a network? a. ARP b. RARP c. BOOTP d. DHCP

ARP (Address Resolution Protocol) Resolves existing Ip addresses into data link layer MAC addresses Reserved Address Resolution Protocol (RARP), Bootstrap Protocol (BOOTP), and Dynamic Host Configuration Protocol (DHCP) are all protocols that are designed to allocate I addresses to clients.

What IPV4 addresses can be assigned to a network host?

Any with a subnet mask from Class A, B,or C. With not parts of going above 255

When a user supplies a password to log on to a server, which of the following actions is the user performing? a. Auditing b. Accounting c. Authorization d. Authentication

Authentication - confirms a user's identity

What are equivalent terms for the process of combining the bandwidth of two or more network adapters to increase the overall speed of the connection and provide fault tolerance?

Bonding, link aggregation, port aggregation, and NIC teaming

What service is responsible for issuing certificates to client users and computers?

CA (certificate authority)

IP Classes Subnets and first decimal range

Class A; 255.0.0.0; 1-27 Class B; 255.255.0.0; 28-191 Class C; 255.255.255.0; 192-223 Class D (multicast); none; 224-239 Class E; none; 240-255

Ralph has configured a server called NE6 to function as a web server. he does not want to change the server's existing name, but he wants it to be accessible to clients using the name www. What DNS modification can Ralph make to accomplish this?

Create a new CNAME resource record.

Which of the following technologies enables virtual private network (VPN) clients to connect directly to each other, as well as VPN server at the homesite? a.DMVPN b.MPLS c.VPN Concentrator d. SIP trunk

DMVPN (Dynamic multipoint virtual private network) is a technology that creates a mesh topology between the remote VPN sites, enabling the remote sites to connect directly to each other, rather than to the central VPN server. - A VPN concentrator is a type of router that enables multiple client systems to access a network from remote locations. A Session Initiation Protocol (SIP) Trunk provides a connection between the private and public domains of a unified communications network. Multiprotocol Label Switching (MPLS) is a data transfer mechanism that assigns labels to individual packets and then routes he packets based on those labels.

What are two terms for an area of an enterprise network, separated by firewalls, that contains servers that must be accessible both from the Internet and from the internal network?

DMZ & Perimeter network

Which of the following TCP/IP parameters, configured on an end system, specifies the IP address of a device that performs domain name resolution services? a. WINS Server addresses b. Default Gateway c. DNS server addresses d. Subnet Gateway

DNS server addresses. The DNS server addresses parameter contains the addresses of servers that resolve domain names into IP addresses. WINS provides Network Basic Inpput/output system (NetBIOS) name resolution. The Default Gateway parameter defines the local router to the bused to access other networks

At which layer of the OSI model do the protocols on a typical local area network use MAC addresses to identify other computers on the network?

Data Link

Tru statements about PKI

Data encrypted with a private key can only be decrypted with a public key and vice versa

Which of the follwoing is a security protocol that is specifically designed to protect UDP traffic exchanged by web browsers and servers? a. SSL b. TLS c. SSH d. DTLS

Datagram Transport Layer Security (DTLS) is a protocol that provides the same encryption and other web server/browser security functions as Transport Layer Security (TLS), but for User Datagram Protocol (UDP) traffic. Secure Sockets Layer (SSL) is the original security protocol for web servers and browsers and the predecessor of TLS. SSH is a character based tool that enables users to execute commands on remote computers

What technology enables the IP addresses assigned to clients by a DHCP server to be automatically added to the DNS namespace?

Dynamic DNS

Which of the following technologies enables the IP addresses assigned to clients by a Dynamic Host Configuration Protocol (DHCP) server to be automatically added to the DNS name space? a. Reverse name resolution b. HOSTS c. Automatic allocation d. Dynamic DNS

Dynamic DNS is an addition to DNS standards that eliminates the need for administrators to manually create certain DNS resource records. Automatic allocation is a DHCP process by which IP addresses are permanently assigned to clients. HOSTS is a text-based name resolution method that predates DNS.

Video Surveillance of sensitive areas, such as datacenters, can prevent the following attacks:

Evil twin and Insider threats

What FTP variant transmits authentication passwords over the network in clear text?

FTP

Which of the following is not a protocol used to secure VPN connections? a.PPTP b.IPsec c.FTPS d.L2TP

FTPS

Which of the following is not a protocol used to secure a virtual private network (VPN) connection? a. L2TP b. PPTP c. IPsec d. FTPS

FTPS File Transfer Protocol Secure (FTPS) is a variat of FTP that addssecurity in the form of TLS and SSL protocols. But it isn't used to secure VPN connections

True or False: All of the aggregated Port aggregation provides load balancing

False

When you configure NIC teaming on a server with two network adapters in an active/passive configuration, what service is provided?

Fault tolerance

What is the primary application layer protocol used by the web browsers to communicate with web servers?

HTTP

What prefix must you use in the URL you type into a web browser when the website you want to access has been secured with TLS?

HTTPS://

Which of the following protocols does the Ping utility use to exchange message with another system? a. UDP b. TCP c. ICMP d. IGMP

ICMP (Internet Control Message Protocol) TCP and UDP are transport layer protocols used to carry application layer data. IGMP (Internet Group Management Protocol) is used to create multicast groups

What can an administrator use to monitor a network for abnormal or malicious traffic?

IDS (Intrusion detection systems)

What is the protocol uses the term datagram to describe the data transfer unit it creates?

IP and UDP.Datagram is typically ised by protocols offering connectionless delivery service

What is the tool that integrates DHCP and DNS so that each is aware of the changed made by the other?

IPAM (IP address management) is a system for planning, managing, and monitoring the IP address space for an entire enterprise network.

IPsec

IPsec is a set of security protocols that provide digital signing, encryption, and other services for network transmissions

What organization is responsible for assigning the well-known port numbers used in transport layer protocol headers?

Internet Assigned Numbers Authority (IANA)

In designing a network for a client, Ed has decided to use both internal and external DNS servers. What resources should Ed register with the External DNS server?

Internet web servers and incoming email servers

Which of the following authentication protocols do Windows networks use for Active Directory Domain Services authentication of internal clients? a. WPA2 b. RADIUS c. Kerberos d. EAP-TLS

Kerberos Windows networks that use AD DS authenticate clients using the Kerberos protoco, in part because it never transmits passwords over the network, even in encrypted form. RADIUS is an authentication, authorization, and accounting service for remote users connecting to a network. (Not used for internal clients) WPA2 is a security protocol used by wireless LAN networks. It is nt used for AD DS authentication. EAP-TLS is a remote authentication protocol that AD DS networks do use for internal clients.

What physical security devices can use Passive RFIDs to enable an authorized user to enter a secured area?

Key fob and prox card

What types of traffic are carried by Telnet?

Keystrokes and Display information

What is the primary shortcoming of the File Transfer Protocol (FTP) that is addressed by FTPS and SFTP?

Lack of security FTP does provide authentification capabilities, but passwords are transmitted over the network in clear text, which is an unacceptable security condition. FTPS adds security in the form of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. SFTP adds Secure Shell security.

What IPv6 address type is the functional equivalent of an IPv4 APIPA address?

Link Local

Which of the following terms refers to a routing protocol that does not rely on hop counts to measure the efficiency of routes? a. interior gateway protocol b. edge gateway protocol c. distance vector protocol d.Link state protocol

Link state protocol uses a different type of calculation, usually based on Dijkstra's algorithm.

Which of the following are cryptographic algorithms used for file hashing? a. MD5 b. AES c. RC4 d. SHA

MD5 and SHA Secure Hash Algorithm and Message Digest 5 are file hashing algorithms used to test data integrity by calculating a hash value before transmitting a file over a network. The reciever performs the same calculation to make sure the values match.

Which of the following devices can administrators use to create multiple virtual local area networks (VLANs) and forward traffic between them? a. Virtual router b. Broadband router c. Multilayer switch d. Load Balancer

Multilayer switch A multilayer switch is a network connectivity device that fucntions at both layer 2 and layer 3 of the OSI model. At layer 2 the device functions like a normal switch, providing individual collision domains to each connected node and enabling administrators to creat multiple VLANs. At layer 3, the device also provides routing capabilities by forwarding packets between VLans. Virtual routers, load balancers, and broadband routers are strictly layer 3 devices that can route traffic, but cannot create VLANs.

What service enables computers on a private IPv4 network to access the internet using a registered IP address?

NAT (Network Address Translation)

What DNS resource record type specifies the IP addresses of the authoritative DNS servers for a particular zone?

NS. The Name Server (NS) resource record identifies the authoritative servers for a particular DNS zone.

NAT (Network Address Translation) Operates at which layer of the OSI model?

Network

Which layer of the OSI model is responsible for the logical addressing of end systems and the routing of datagrams on a network?

Network

What two protocols can be used to create a VPN tunnel through the internet?

PPTP and L2TP

Whcich of the following Domain Name System (DNS) resource records is used only for reverse name resolution? a. MX b. AAAA c. CNAME d. PTR

PTR. Like A and AAAA records, Pointer (PTR) records contain hostnamed and IP addresses, but they are used for reverse name resolution -- that is, resolving IP addresses into hostnames. A Mail Exchange (MX) record specifies the mail server that the domain should ise. Canonical name (CNAME) records specify aliases for a given host name. An AAAA resource record maps a hostname to an IPv6 address for name resolution purposes

Which of the following features enables an intrusion detection system (IDS) to monitor all of the traffic on a switched network? a. Stateful packet inspection b. Port mirroring c. trunking d. Service dependent filtering

Port mirroring a feature found in some switches that takes the form of a special port that runs in promiscuous mode. This means that the switch copies all incoming traffic to that port, as well as the dedicated destination ports. Stateful packet inspection is a firewall feature that enables the device to examine network and transport layer header fields, looking for patterns that indicate damaging behaviors. Trunking is a switch feature that enables administrators to create VLANs that span multiple switches

What layer of the OSI model is responsible for translating and formatting information?

Presentation

What TCP/IP routing protocol measures efficiecy of routers by the number of hops between the source and the destination?

RIP (Routing Information Protocol

Which of the following TCP/IP routing protocols does not include the subnet mask within its route update messages, preventing it from supporting subnetting?

RIPv1

Which of the following is NOT a protocol that is typically used to secure communication between web servers and web browsers? a. TLS b.DTLS c.SSL d.SSH

SSH Secure Shell (SSH is a character-based tool that enables users to execute commands on remote computers. It does not provide web server/browser security. Secure Socket Layer (SSL) is a security protocol that provides encrypted communications between web browsers and web servers. Transport Layer Security (TLS) is an updated security protocol that is designed to replace SSL. Datagram Transport Layer Security (DTLS) is a security protocol that provides the same basic functions as TLS, but for User Datagram Protocol Traffic

Which of the following security protocols used to protect traffic exchanged by web browsers and servers was created first? a. SSL b. TLS c. SSH d. DTLS

SSL is the og security protocol for web servers and browsers

What are the two most common types of SSL VPN connections?

SSL portal and SSL Tunnel

Describe the function of a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port number?

TCP ports and UDP ports identify the application protocol or process that generated the information in a datagram.

Which FTP variant is typically used to download boot image files during Preboot Execution Environment (PXE) startup sequences?

TFTP (Trivial File Transfer Protocol) is a simplified version of FTP that does not authenticate clients, so systems booting with PXE can download boot images invisibly after being directed to a TFTP server by the Dynamic Host Configuration Protocol (DHCP)

What was the first TCP/IP terminal emulation program?

Telnet

Which of the following server applications use two well-known port numbers during a typical transaction? a. HTTP b. NTP c. SNMP d. FTP

The File Transport Protocol (FTP) uses two port numbers. It uses the first, port 21, for a control connection that remains open during the entire client/server session. The second port, port 20, is for a data connection that opens only when the protocol is actually transferring a file between the client and the server.

In a public key infrastructure (PKI) which half of a cryptographic key pair is never transmitted over the network?

The private key

What statement about internet access through a proxy server accounts for the security against outside intrusion that a proxy provides?

The proxy server uses a public IP address and the client's computer uses private

In a host-to-host VPN connection, what combination of endpoint devices would most likely be involved?

Two workstations

Which protocol provides connectionless delivery service at the transport layer of the OSI Model?

UDP

What type of security measure can monitor the specific activities of authorized individuals within sensitive areas?

Video Surveillance

On which of the following components can you create VLANs? a. Virtual switch b. Virtual firewall c. Virtual NIC d. Virtual router

Virtual switch (can create VLANs, like a physical switch can create a LAN) Virtual NICs are components of virtual machines and therefore do not provide functions spanning entire networks. Virtual routers function at the network layer and virtual firewalls at the application layer, so neither can host VLANs, which operate at the Data Link layer

Which of the following components does the port number in a transport layer protocol header identify? a. a transport layer protocol b. an application c. a gateway d. a proxy server

an application. The port number in a transport layer protocol header identifies the application that generated the data in the packet or the application that will receive the data

What is the main shortcoming of Telnet?

it is not graphical

Which of the words in the fully qualified domain name (FQDN) www.paris.mydomain.org represents the top most layer in the DNS namespace hierarchy?

org. The top most layer in the DNS hierarchy is represented by org, which is a top-level domain. mydoman is a second-level domain registered by a particular organization. Paris is a subdomain with mydomain, and www is the nameof a particular host in the paris.mydomain.org domain

A load balancer is what type of device?

router forwards traffic with a single IP address to multiple servers in turn

What type of VPN connection is the best solution for connecting a branch office to a corporate headquarters?

site to site