Networking 4 Exam
Fundamental protocols—including IP and TCP or UDP—offer no built-in security controls.
True
Ipv6 and IPv4 will probably exist side by side for many years
True
The nested model could be used for an IPv6 site that requires one or more "islands" of IPv4 subnets.
True
The transition from IPv4 to IPv6 requires that multiple stages occur in the move from a pure IPv4 environment to one that exclusively uses IPv6.
True
Use of DHCPv6 for address assignment will result in a locally unique host identifier that changes when you move to a different network.
True
When applications are written, they usually call functions in standard libraries that implement network tasks.
True
You do not have to perform IP subnetting in IPv6 because each subnet can support an extremely large number of hosts.
True
ISATAP nodes use the default route of ____ and set that address on their tunneling interface as the next-hop address for the link-local address of the router. ::/0 ff::/0 ::/f /0:ff::
::/0
To transition name resolution services from IPv4 to IPv6 on a mixed network, DNS servers must be configured for dual stack and support both A record for IPv4 nodes and which of the following records for IPv6 nodes? AAAA master domain AA
AAAA
What component of BGP works much like private IP addresses? DMZs ASNs SLAs MTUs
ASNs
An IPv6 tunnel created and destroyed by the protocol when needed, without having an administrator manually involved proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox
automatic tunnel
The ____ node is responsible for reassembling any fragmented packets, removing the IPv4 header encapsulation, and processing the IPv6 packet. encapsulator parser decapsulator gateway
decapsulator
The receiving node at the other end of the tunnel, which is responsible for reassembling any fragmented packets, removing the IPv4 header encapsulation, and processing the IPv6 packet. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List
decapsulator
Which node is responsible for reassembling any fragmented packets, removing the IPv4 header encapsulation, and processing the iPv6 packet? encapsulator parser decapsulator gateway
decapsulator
a set of all the Internet networks that are operated without a default route proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox
default free zone
the route used by a network device to communicate to other devices on a different physical or virtual subnet, leading to the next-hop device, which is typically a router. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List
default route
A(n) ____ consists of creating hashed values for all words in a specialized dictionary of terms, then comparing those values to the hashed values in password files.
dictionary attack
QoS in IPv6 is basically the same as ____ in IPv4. diffserv CMDB FCoE SLA
diffserv
Network layer protocol functionality on hosts is mostly deployed as software in the form of ____. ASICs NICs firmware drivers
drivers
A computer possessing a(n) ____ architecture maintains separate stacks at both the Network and Transport layers. hybrid-layer dual-transport dual-IP-layer dual-stack
dual stack
ISATAP requires all hosts to be which of the following? single stack mon stack home stack dual stack
dual stack
An IPv4/IPv6-capable computer in which each version of IP accesses a separate Transport layer stack. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List
dual stack architecture
The current clear front-runner for most IPv4-to-IPv6 transitions is the ____ method. dual-stack method 6to4 method Teredo method ISATAP method
dual stack method
A network node possessing a(n) ____ architecture has both IPv4 and IPv6 protocols operating in a single Transport layer implementation. dual-stack dual-IP-layer hybrid-layer dual-transport
dual-IP-layer
What type of protocol is implemented at the level of the device's operating system, allowing the device to support both IPv4 and IPv6, either as independent protocols or in a hybrid form? dual-stack dual-architecture hybrid transition
dual-stack
IPv4/IPv6-capable routers that are linked in an IPv4 routing infrastructure can tunnel IPv6 packets between each other by creating a(n) ____ path. router-to-host path end-to-end path host-to-router path host-to-host path
end-to-end path
A(n) ____ reveals a system vulnerability and is often documented, either by the manufacturer or by an attacker. hole exploit break-in attack
exploit
An IPv6 tunnel created and destroyed by the protocol when needed, without having an administrator manually involved. private tunnels configured tunnels self-managed tunnels automatic tunnels
automatic tunnels
A(n) ____ reveals a system vulnerability and is often documented, either by the manufacturer or by an attacker. hole exploit break-in attack
exploit
The collection of IT components in the environment that are disrupted by a single component failure. proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox
failure domain
A ____ is a specially "hardened" software service or software/hardware product that erects a barrier to inspect and control traffic flow between networks. firewall bastion host DMZ boundary router
firewall
____ address autoconfiguration is accomplished via a new version of DHCP known as DHCPv6. stateless autoconfiguration stateful address autoconfiguration aware address autoconfiguration awareless address autoconfiguration
stateful address autoconfiguration
What features of IPv6 enables you to perform minimal configuration on the router so that it advertises the network prefix on the local link? Stateful configuration Source route addressing Stateless autoconfiguration Default route configuration
stateless autoconfiguration
a list of conditions used to define whether an activity has completed successfully or not.
success criteria
Which of the following allows you to reduce the size of the routing table by having one large prefix entry point the way to many smaller ones that share the same next hop? clustering chaining multihoming summarization
summarization
What is the most commonly used exterior gateway protocol? OSPF EIGRP BGP RIP
BGP
____ tunneling requires that an administrator configure the end points of a tunnel. Automatic Dynamic Configured Managed
Configured
Which of the following terms means restricting who may view or use certain resources, including access to bandwidth or a computer, as well as access to information Access control Data origin authentication Connectionless integrity Confidentiality
access control
A ____ is a weak spot or known place of attack on any common operating system, application, or service. back door hole discovery hash
hole
An attempt to snoop inside traffic moving across the Internet to look for unprotected account and password information, or to obtain other sensitive information while it's in transit is called ____. 15 minutes 20 minutes 25 minutes 30 minutes
15 minutes
In how many minutes can any knowledge systems professional with the right toolkit break into just about any system if allowed unsupervised and unrestricted access to the computer on which such a system resides? 15 minutes 20 minutes 25 minutes 30 minutes
15 minutes
What is the first 16 bits of an IPv6 6to4 address?
2002
With IPv6-over-IPv4, when the IPv4 header is created, the protocol field value is set at ____ to indicate that it is an encapsulated IPv6 packet. 37 41 53 61
41
With IPv6-over-IPv4, when the IPv4 header is created, the protocol field value is set at _________ to indicate that it is an encapsulated IPv6 packet. 37 41 53 61
41
The _____ is the node at the sending end of the tunnel, and it is responsible for encapsulating the IPv6 packet in an IPv4 header, then transmitting the packet in the tunnel.
Encapsulator
The node at the sending end of the tunnel, which is responsible for encapsulating the IPv6 packet on an IPv4 header, then transmitting the packet in the tunnel.
Encapsulator
____ and associated tools keep track of the configuration of your network devices and let you know if something changes. DHCPv6 CMDBs OOB gateways IPAMs
CMDBs
____ tunneling requires that an administrator configure the end points of a tunnel. automatic dynamic configured managed
Configured
___________ attacks are DoS attacks that are launched from numerous devices
DDoS
A ____ is an area that's accessible to both outsiders and insiders, but which establishes a buffer area between what's completely inside and outside a network boundary. firewall bastion host DMZ boundary router
DMZ
Which of the following is the ability to verify that the data received did in fact come from the named source? Access control Connectionless integrity Data origin authentication Confidentiality
Data origin authentication
In a(n) _____ attack, a service is inundated with requests, or malformed service requests, which cause a server to hang or freeze, preventing it from responding to input.
DoS
____-related attacks include SYN Flood, broadcast amplification attacks, and buffer overflow. DoS related Brute force related Main in the middle IP service
DoS
Which type of attacks are designed to interrupt or completely disrupt operations of a network device or network communications? trojan horse attacks dictionary attacks DoS attacks Worms
DoS attacks
Which type of attack includes SYN Flood, broadcast amplification attacks, and buffer overflow? DoS-related Brute force-related Man-in-the-middle-related IP service-related
DoS-related
___________ nodes allow a single computer to communicate to both IPv4-only and IPv6-only destination nodes without any tunneling mechanism in most cases, but often some form of tunneling must be deployed.
Dual-architecture-capable
Both dual-IP-layer and dual-stack architecture require IPv6-over-IPv6 tunneling to be effective as a transition mechanism.
False
By default, application services such as DNS, DHCP, and FTP are compatible with the IPv6 address space.
False
Most IPv4 drivers are old, which means that they are full of bugs.
False
Proxy server software permits internal network addresses to be "translated" into public network addresses when packets leave inside networks so only public IP addresses are exposed on the public Internet.
False
Strictly speaking, VPNs use tunneling protocols; therefore, they need to encrypt tunneled traffic.
False
The reasons for which a company is deploying IPv6 should not determine the due dates and project funding.
False
When users from outside the network attach to a service inside the network, they actually attach to the proxy server, which establishes a proxy session into the private side of the network from there.
False
A method of verifying that a string is an IP address and, if so, determining if the address is IPv4 or IPv6. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List
IP address parser
____ are quite popular in legacy IPv4 networks because they solve several issues regarding tracking and assignment of scarce resources and they facilitate DDNS. DHCPv6 CMDBs IPAMs OOB gateways
IPAMs
Which type of device makes access control decisions on the basis of application content rather than by looking at IP addresses or port numbers and can act on a host to deny potentially malicious activity? Firewall IPS IDS Proxy
IPS
SIIT defines a type of Ipv6 address called __________ addresses that can be formatted as ::ffff:0:0:0/96 or ::ffff:0:a.b.c.d. unique hybird address transition address domain address IPv4 translated address
IPv4 translated address
____ addresses are composed of a valid 64-bit unicast address prefix and an IPv4 interface identifier. ISATAP Teredo 6to4 MAC
ISATAP
____ is used to connect dual-stack IPv4/IPv6 devices across IPv4 network infrastructures. FQDN NAT-PT ISATAP NBMA
ISATAP
____ means that one technology can work with another technology
Interoperability
____ is used throughout the industry today to provide translation between private IP addresses and public IP addresses. 6to4 NAT ISATAP Teredo
NAT
Windows Server 2012, Windows Server 2016, Windows 7, and Windows 10 support a TCP/IP implementation that integrates IPv6 and iPv4 in a dual-stack configuration that Microsoft calls which of the following? Update TCP/IP stack Version 2.0 TCP/IP Next Generation TCP/IP stack Advanced TCP/IP
Next Generation TCP/IP stack
An ICMP Echo-based operation used to locate active devices on a network. threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot
PING sweep
A method used by ISATAP nodes to maintain a current list of routes and routers, since ISATAP prevents the use of automatic router discovery dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List
Potential router list
The ____ specification describes two domains, an IPv4 domain and an IPv6 domain, joined by one or more IP/ICMP translators called XLATs. FQDN ISATAP SIIT NAT-PT
SIIT
____ was created as a replacement for NAT-PT, which was originally specified in RFC 2766 and subsequently documented in RFC 4966.
SIIT
____ is a process of borrowing identity information, such as an IP address, domain name, NetBIOS name, or TCP or UDP port numbers to hide or deflect interest in attack activities. Ingress filtering Data authentication Network sniffing Spoofing
Spoofing
____ is unsolicited and unwanted software that takes up stealthy unauthorized and uninvited residence on a computer. SA bundle Spyware Adware Cache
Spyware
If you need to tunnel through NAT, using UDP is a good choice, which could mean using ____. IPSec ISATAP Teredo 6to4
Teredo
Which tunneling method is a good choice if you must tunnel through a NAT using UDP, but a poor choice based on performance issues? 6to4 Teredo ISATAP GRE
Teredo
Which of the following is an IPv6/IPv6 node that is connected to both an IPv4 Internet and an IPv6 Internet using different interfaces? Teredo client Teredo host Teredo relay Teredo server
Teredo server
A stealthy attacker may cover its tracks by deleting log files, or terminating any active direct connections.
True
The process of an ISATAP host communicating with an IPv6 node on an IPv6-capable subnet involves two different connections: a connection between the ISATAP router and the IPv6-capable subnet and which of the following? a router-to-host connection through an ISATAP proxy an ISATAP gateway connection through the ISATAP tunnel a host-to-host tunnel from the ISATAP router to the non-ISATAP router a host-to-router tunnel from the ISATAP node to the ISATAP router
a host to router tunnel from the ISATAP node to the ISATAP router
____ is a type of software that opens the door for a compromised machine to display all kinds of unsolicited and unwanted advertising, often of an unsavory nature. SA bundle Spyware Adware Cache
adware
When deploying IPv6, ____ is perhaps the most critical and difficult task. acquiring IPv6 addreses creatinga computer inventory working with providers application remediation
application remediation
A ____ is an undocumented and illicit point of entry into an operating system or application added by a system's programmers to bypass normal security. back door hole discovery hash
back door
A virtual network infrastructure model describing IPv6 nodes existing in a IPv4 core backbone, such as the Internet, and communicating with each other using a tunneling technology. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List
basic hybrid model
A ____ is a hardened computer specifically designed to resist and oppose illicit or unwanted attempts at entry, and whose job is to guard the boundary between internal and external networks. firewall bastion host DMZ boundary router
bastion host
A(n) ____ refers to a successful attempt to compromise a system's security. discovery exploit break-in gateway
break-in
The process of examine the "footprints" that an attacker leaves behind. threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot
computer forensics
An IPv6 tunnel that an administrator creates manually. proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox
configured tunnel
What is another name for static tunnels? private tunnels configured tunnels automatic tunnels self-managed tunnels
configured tunnels
In networking, a conversation between two end points in which all the packets in the flow have the same source and destination addresses and the same Transport layer headers proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox
flow
IPv6 includes a(n) ____, which is a portion of the IPv6 header used for QoS
flow label
The _____ table holds all Internet address prefixes for the default-free zone
global routing
A manager system in a DDos attack threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot
handler
A computer system deliberately set up to attract, entice, and entrap would-be attackers, often by being made to appear part of a larger network threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot
honeypot
For a ____ tunnel, two IPv6 nodes are linked directly using a tunnel over an IPv4 network infrastructure. host-to-host router-to-router router-to-host host-to-router
host to host
Packets in IPv6 can be very large, such as jumbograms, and fragmentation is done by the ____. routers switches hosts intermediate systems
hosts
A type of bastion host that is usually a terminal server or proxy server that allows administrators to access systems in another network without actually having direct network connectivity proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox
jump box
Which of the following is a proxy server or terminal server that has one interface on the production network for you to access a terminal via Secure Shell SSH or access a virtual desktop jump box bastion host OOB gateway IPAM
jump box
In a(n) ____ attack, the attacker is able to intercept traffic from both parties and either pass the traffic unaltered to the other end of the communication link, or the attacker can forge replies from either side. DoS attack brute force attack man in the middle attack IP service attack
man in the middle attack
A(n) _______ occurs when an organization buys another organization and combines assets
merger and acquisition M&A
In IPv6, ____ is the ability to move from one network to another while retaining an IP address and ongoing sessions. mobility summarization multihoming single-homing
mobility
In IPv6, which of the following is the ability to move from one network to another while retaining an IP address, and ongoing sessions? mobility summarization multihoming single-homing
mobility
Which of the following connections has uplinks to two ore more switches, service providers, or other systems? multihomed connection external connection enterprise connection hub connection
multihomed connection
The ____ network model can be considered an adaptation of the basic hybrid model
nested hybrid
A virtual network infrastructure model describing IPv6-capable networks embedded within a larger core IPv4 LAN and communicating with other IPv6 networks, within and outside the IPv4 LAN, using tunneling technology. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List
nested hybrid network model
A technology that translates an IP address used in one network, such as a private LAN, to a different IP address used in a different network, such as the public internet. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List
network address translation
a route used by a network node to communicate with another network node on the same physical or virtual subnet. dual-stack architecture nested hybrid network model network address translation basic hybrid model IP address parser on-link route decapsulator default route Potential Router List
on link route
An attempt to snoop inside traffic moving across the Internet to look for unprotected account and password information, or to obtain other sensitive information while it's in transit is called ____. brute force attack user impersonation session hijacking packet sniffing
packet sniffing
A(n) ____________ model excludes users from access to resources, by default, and then adds whatever users need access to such resources as exceptions to the general exclusionary rule.
pessimistic security
A special-purpose software tool that cycles through either well0known TCP and UDP port with easy vulnerabilities or all possible TCP and UDP port addresses, looking for open ports that then can be probed for access or exploited for vulnerabilities. threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot
port scanner
Which of the following software programs can attempt to communicate with any IP based system while cycling through all valid TCP and UDP port addresses? agent Trojan port scanner socket
port scanner
The act of moving an IT component from one life cycle stage or environment to the next proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox
promote
An IT component that is not standards based and useable by anyone without license proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox
proprietary
The purpose of ____ is to find out what you have and what is vulnerable. reconnaissance covering-up session hijacking packet sniffing
reconnaissance
A 6to4 ____ is a specialized device that acts as an IPv6/IPv4 router. router relay node/router host/router
relay
Any type of network service that permits users elsewhere on a network to use the network to log on to a system as if they were attached locally while operating remotely. threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot
remote logon service
A ____ is an IT environment isolated from the production environment. sandbox playbox virtual network virtual domain
sandbox
An IT environment that is isolated from the production network for the purpose of testing or containing things that could disrupt service on the production network proprietary jump box Default free zone automatic tunnel failure domain flow configured tunnel promote sandbox
sandbox
A document that represents the concrete manifestation of an organization's requirements for security practices, rules, and procedures threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot
security policy
An IP attack technique whereby an imposter takes over an ongoing communications session between a client and server threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot
session hijacking
Which of the following types of attacks serves the purpose of masquerading as an authorized user in order to gain access to a system? egress filtering session hijacking data authentication network sniffing
session hijacking
In the generic sense, a(n) _____ connection has uplinks to a single switch, service provider, or other system
single-homed
Any activity that represents a potential danger or attack on a system or network threat remote logon service PING sweep computer forensics port scanner handler session hijacking security policy honeypot
threat
The ____ network model can represent a number of hybrid configurations, but it assumes that a site has a variety of different subnets, based on IP version implementation. basic hybrid transition hybrid nested true hybrid
true hybrid
A(n) _______ is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.
vulnerability
