NETWORKING CHAPTER 6,7,8 (TEST OUT) - Practice Questions
Which of the following are true about reverse proxy? (Select two.) -Handles requests from inside a private network out to the internet. -Sits between a client computer and the internet. -Can perform load balancing, authentication, and caching. -Clients always know they are using reverse proxy. -Handles requests from the internet to a server on a private network.
-Can perform load balancing, authentication, and caching. -Handles requests from the internet to a server on a private network. (6.1.8)
Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all.(Unmanaged switch/Managed switch) -Commonly sold at retail stores. -Provides port security features. -Supports VLANs. -Provides very few configuration options. -Can be configured over a network connection. -Can be configured over a dedicated communication channel.
-Commonly sold at retail stores. (Unmanaged switch) -Provides port security features. (Managed switch) -Supports VLANs. (Managed switch) -Provides very few configuration options. (Unmanaged switch) -Can be configured over a network connection. (Managed switch) -Can be configured over a dedicated communication channel. (Managed switch) 7.1.8
Match each switch management method on the left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all. (In-band management/Out-of-band management) -Competes with normal network traffic for bandwidth. -Uses a dedicated communication channel. -Must be encrypted to protect communications from sniffing. -Does not compete with normal network traffic for bandwidth. -Affected by network outages.
-Competes with normal network traffic for bandwidth. (In-band management) -Uses a dedicated communication channel. (Out-of-band management) -Must be encrypted to protect communications from sniffing (In-band management). -Does not compete with normal network traffic for bandwidth. (Out-of-band management) -Affected by network outages. (In-band management). 7.1.8
Which of the following are true of the IS-IS routing protocol? (Select two.) -It divides large networks into areas. -It uses bandwidth and delay for the metric. -A router is the boundary between one area and another. -It is best suited for small networks. -It supports IPv6 routing. -It is a classful protocol.
-It divides large networks into areas. -It supports IPv6 routing. 7.5.11
Which options are you able to set on a firewall? (Select three.) -Packet source address -Digital signature -Sequence number -Acknowledgement number -Port number -Packet destination address
-Packet source address -Port number -Packet destination address (6.1.8)
Which statements accurately describe the port states of both bridges and switches? (Select two.) -In the learning state, the MAC address table cannot be populated because the port is blocked. -In the learning state, all ports are in a forwarding state. -Ports in a blocked state cannot receive BPDUs. -In the learning state, the MAC address table can be populated, but frames are not forwarded. -Ports in a blocked state still receive BPDUs.
-Ports in a blocked state still receive BPDUs. -In the learning state, the MAC address table can be populated, but frames are not forwarded. 7.2.11
How should you place devices on the network to best protect the servers? (Select two.) -Put the web server on the private network. -Put the database server inside the screened subnet. -Put the database server on the private network. -Put the web server inside the screened subnet. -Put the database server and the web server inside the screened subnet.
-Put the database server on the private network. -Put the web server inside the screened subnet. 6.3.5
You have used firewalls to create a screened subnet. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server to retrieve product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.) -Put the web server inside the screened subnet. -Put the database server on the private network. -Put the web server on the private network. -Put the database server outside the screened subnet.
-Put the web server inside the screened subnet. -Put the web server on the private network. 6.2.13
Which of the following are characteristics of a packet-filtering firewall? (Select two.) -Filters based on sessions -Filters based on URL -Stateful -Stateless -Filters IP address and port
-Stateless -Filters IP address and port 6.2.13
Which of the following are true about routed firewalls? (Select two.) -Operates at Layer 2. -Counts as a router hop -Internal and external interfaces connect to the same network segment. -Supports multiple interfaces. -Easily introduced to an existing network.
-Supports multiple interfaces. -Counts as a router hop 6.2.13
Which of the following are specific to extended Access control lists? (Select two.) -Should be placed as close to the destination as possible. -Use the number ranges 100-199 and 2000-2699. -Are the most used type of ACL. -Are used by route maps and VPN filters. -Identify traffic based on the destination address.
-Use the number ranges 100-199 and 2000-2699. -Are the most used type of ACL. (6.2.13)
Which of the following is NOT one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server? A )192.168.0.1 to 192.168.255.254 B )10.0.0.1 to 10.255.255.254 C )172.16.0.1 to 172.31.255.254 D )169.254.0.1 to 169.254.255.254
169.254.0.1 to 169.254.255.254 (7.6.5)
Which of the following is the open standard for tagging Layer 2 frames? A )RFC1918 B )ARP C )802.1q D )NDP
802.1q 7.2.11
Which of the following must each device's MTU be set to for jumbo frames to transverse the network without risk of fragmentation? A )6,000 B )1,500 C )9,000 D )3,000
9,000 7.3.16
Which of the following BEST describes Ethernet flow control? A )A protocol designed to prevent looping in network traffic. B )A configuration that sends a pause frame to the transmitting device when the receiving device cannot keep up with the volume of data being sent. C )A configuration that allows frames larger than 1,500 bytes to pass through the port without fragmentation. D )A configuration that allows traffic from multiple VLANs on a single port.
A configuration that sends a pause frame to the transmitting device when the receiving device cannot keep up with the volume of data being sent. 7.3.16
Which of the following best describes DHCP scope exhaustion? A )When IP address lease times on a DHCP server are shortened. B )A denial of service from a lack of IP addresses in a DHCP server's pool. C )When an attacker adds a second DHCP server to a network and offers IP addresses to clients wanting to join the network. D )When a DHCP snooping technique is used to drop packets from untrusted DHCP servers.
A denial of service from a lack of IP addresses in a DHCP server's pool. 7.7.5
Your company has an internet connection. You also have a web server and an email server that you want to make available to your internet users, and you want to create a screened subnet for these two servers. Which of the following should you use? A )A network-based firewall B )An IDS C )An IPS D )A host-based firewall
A network-based firewall (6.2.13)
Which of the following is true about a network-based firewall? A ) A network-based firewall is less expensive and easier to use than host-based firewalls. B ) A network-based firewall is installed on a single computer. C ) A network-based firewall is installed at the edge of a private network or network segment. D ) A network-based firewall are considered software firewalls.
A network-based firewall is installed at the edge of a private network or network segment. (6.1.8)
Which of the following do hosts on a private network share if the network utilizes a NAT router? A )A physical MAC address B )A physical IP address C )A virtual IP address D )A virtual MAC address
A physical IP address 7.6.5
How does a proxy server differ from a packet-filtering firewall? A ) A proxy server is used to create a screened subnet, while a packet-filtering firewall can only be used with screened subnets. B ) A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer. C ) A proxy server can prevent unknown network attacks, while a packet-filtering firewall can only prevent known attacks. D ) A proxy server includes filters for the session ID as well as the IP address and port number.
A proxy server operates at the Application layer, while a packet-filtering firewall operates at the Network layer. (6.1.8)
Your Cisco router has three network interfaces configured. S0/1/0 is a WAN interface that is connected to an ISP. F0/0 is connected to an Ethernet LAN segment with a network address of 192.168.1.0/24. F0/1 is connected to an Ethernet LAN segment with a network address of 192.168.2.0/24. You have configured an access control list on this router using the following rules: deny ip 192.168.1.0 0.0.0.255 any deny ip 192.168.2.0 0.0.0.255 any These rules will be applied to the WAN interface on the router. Your goal is to block any IP traffic coming in on the WAN interface that has a spoofed source address that makes it appear to be coming from the two internal networks. However, when you enable the ACL, you find that no traffic is being allowed through the WAN interface. What should you do? A )Apply the access list to the Fa0/1 interface instead of the S0/1/0 interface. B )Add a permit statement to the bottom of the access list. C )Use the out parameter instead of the in parameter within each ACL rule. D )Apply the access list to the Fa0/0 interface instead of the S0/1/0 interface.
Add a permit statement to the bottom of the access list. 6.2.13
Which of the following describes how access control lists can improve network security? A )Which of the following describes how access control lists can improve network security? B )An access control list looks for patterns of traffic between multiple packets and takes action to stop detected attacks. C )An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. D )An access control list filters traffic based on the frame header, such as source or destination MAC address.
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. (6.2.13)
Which of the following BEST describes an ARP spoofing attack? A )An attack where a frame is manipulated to contain two tags. B )An attack in which a switch is flooded with packets, each containing a different source MAC address. C )An attack that changes the source MAC address on frames. D )An attack that associates an attacker's MAC address with the IP address of a victim's device.
An attack that associates an attacker's MAC address with the IP address of a victim's device. 7.4.11
Which of the following is true about an intrusion detection system? A )An intrusion detection system monitors data packets for malicious or unauthorized traffic. B )An intrusion detection system can block malicious activities. C )An intrusion detection system can terminate or restart other processes on the system. D )An intrusion detection system maintains an active security role within the network.
An intrusion detection system monitors data packets for malicious or unauthorized traffic. 6.4.5
Which IDS method defines a baseline of normal network traffic and then looks for anything that falls outside of that baseline? A )Anomaly-based B )Pattern matching C )Misuse detection D )Dictionary recognition
Anomaly-based 6.4.5
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks? A )Kernel proxy B )Circuit proxy C )Multi-homed D )Bastion
Bastion 6.3.5
Which of the following protocols prescribes what to do when a data channel is in use on a half-duplex device? A )ARP B )NDP C )Auto-MDI-X D )CSMA/CD
CSMA/CD 7.2.11
Which of the following does the sudo iptables -F command accomplish? A ) Lists all the current rules. B ) Clears all the current rules. C ) Saves changes to iptables. D ) Drops all incoming traffic.
Clears all the current rules. (6.1.8)
Computers A and B are on the same VLAN and are separated by two switches as shown in the exhibit. Computer A sends a frame to Computer B. Which of the following BEST describes the frame's composition as it travels from A to B? A )Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The VLAN ID remains on the frame through the second switch up to Computer B. B )Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The second switch removes the VLAN ID before forwarding it to Computer B. C )Computer A appends a VLAN ID to the frame. It travels from switch to switch and arrives at Computer B, where it removes the VLAN ID. D )Computer A sends a normal frame. The first switch forwards the frame to the second switch, where the VLAN ID is appended to the frame and forwarded to Computer B.
Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The second switch removes the VLAN ID before forwarding it to Computer B. 7.3.16
You have just connected four switches as shown in the Exhibit. Assuming the default switch configuration, how can you force switch C to become the root bridge? A )Configure a priority number of 61440 for switch C. B )Configure a priority number of 4096 for switch C. C )Remove link cable 6 from the configuration. D )Remove link cables 1 and 6 from the configuration.
Configure a priority number of 4096 for switch C. 7.4.11
What does the ip address dhcp command allow you to do? A )Send the DHCP server address for all connected devices. B )Specify the DHCP relay server for forwarding DHCP packets. C )Configure a switch to obtain an IP address from a DHCP server. D )Configure a switch to act as a DHCP server.
Configure a switch to obtain an IP address from a DHCP server. 7.2.11
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that's connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do? A )Configure port security on the switch. B )Remove the hub and place each library computer on its own access port. C )Create static MAC addresses for each computer and associate each address with a VLAN. D )Create a VLAN for each group of four computers.
Configure port security on the switch. 7.4.11
Which of the following scenarios would typically utilize 802.1x authentication? A )Authenticating remote access clients. B )Authenticating VPN users through the internet. C )Controlling access through a switch. D )Controlling access through a router.
Controlling access through a switch. 7.4.11
Which of the following allows incoming traffic addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private network? A )IP masquerade B )Dynamic NAT C )OSPF D )DNAT
DNAT 7.6.5
Which level of the OSI model does a Layer 2 switch operate at? A )Data Link layer B )Network layer C )Session layer D )Transportation layer
Data Link layer 7.1.8
You have just connected a new computer to your network. The network uses static IP addressing. A )Default gateway B )Subnet mask C )IP address D )DNS server
Default gateway 7.7.5
Which device is NAT typically implemented on? A )AD server B )ISP router C )RADIUS server D )Default gateway router
Default gateway router 7.6.5
Which of the following BEST describes a stateful inspection? A )Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. B )Allows all internal traffic to share a single public IP address when connecting to an outside entity. C )Designed to sit between a host and a web server and communicate with the server on behalf of the host. D )Offers secure connectivity between many entities and uses encryption to provide an effective defense against sniffing.
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. 6.2.13
Which of the following is a method of VLAN hopping? A )ARP spoofing B )MAC flooding C )MAC spoofing D )Double tagging
Double tagging 7.4.11
Which of the following routing protocols is a hybrid that uses a composite number for its metric based on bandwidth and delay? A )OSPF B )BGP C )EIGRP D )RIP
EIGRP 7.5.11
Jake is a network administrator for a hospital. There is medical equipment that relies on having uninterrupted internet connectivity. Which of the following types of routing protocols should Jake focus on to ensure that the hospital's network connectivity remains reliable? A )Exterior dynamic routing protocols B )Distance vector routing protocols C )Link state routing protocols D )Interior dynamic routing protocols
Exterior dynamic routing protocols 7.5.11
Which IDS traffic assessment indicates that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic? A )Positive B )False negative C )Negative D )False positive
False positive 6.4.5
Which of the following chains is used for incoming connections that aren't delivered locally? A ) Output B )Reject C )Drop D )Forward
Forward (6.1.8)
Which of the following is a device that can send and receive data simultaneously? A )Full-duplex B )Unmanaged C )Managed D )Honeypot
Full-duplex 7.1.8
As a security precaution, you've implemented IPsec to work between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement? A )VPN concentrator B )Protocol analyzer C )Host-based IDS D )Network-based IDS E )Port scanner
Host-based IDS 6.4.5
You have been given a laptop to use for work. You connect the laptop to your company network, use the laptop from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use? A ) Proxy server B ) Network-based firewall C ) Host-based firewall D ) VPN concentrator
Host-based firewall (6.1.8)
You're concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use? A )Packet sniffer B )Port scanner C )IPS D )IDS
IPS 6.4.5
Under which of the following circumstances might you implement BGP on your company network and share routes with internet routers? A )If the network has over 15 areas and uses IPv6. B )If the network is connected to the internet using multiple ISPs. C )If the network has over 15 hops. D )If the network is connected to the internet using public addressing.
If the network is connected to the internet using multiple ISPs. 7.5.11
Which of the following is true about an unmanaged switch? A )It supports link aggregation. B )It is capable of VLAN creation. C )It can connect to all devices in a small area. D )It allows port configuration.
It can connect to all devices in a small area. 7.1.8
Which of the following is true about an NIDS? A )It detects malicious or unusual incoming and outgoing traffic in real time. B )It can access encrypted data packets. C )It can monitor changes that you've made to applications and systems. D )It can analyze fragmented packets.
It detects malicious or unusual incoming and outgoing traffic in real time. 6.4.5
Which of the following is true about Network Address Translation? A )It provides end-device to end-device traceability. B )It allows external hosts to initiate communication with internal hosts. C )It supports up to 5,000 concurrent connections. D )It cannot forward DNS requests to the internet.
It supports up to 5,000 concurrent connections. 7.6.5
As a network administrator, you have 10 VLANs on your network that need to communicate with each other. Which of the following network devices is the BEST choice for allowing communication between 10 VLANs? A )Load balancer B )Repeater C )Layer 3 switch D )Layer 2 switch
Layer 3 switch 7.1.8
On your network, you have a VLAN for the sales staff and a VLAN for the production staff. Both need to be able to communicate over the network. Which of the following devices would work BEST for communication between VLANs? A )Load balancer B )Layer 3 switch C )Repeater D )Layer 2 switch
Layer 3 switch 7.1.8
An attacker hides his computer's identity by impersonating another device on a network. Which of the following attacks did the attacker MOST likely perform? A )MAC spoofing attack B )ARP spoofing attack C )DTP attack D )VLAN hopping attack
MAC spoofing attack 7.4.11
Which of the following BEST describes port aggregation? A )Multiple ports linked together and used as a single logical port. B )A priority-based flow control that allows you to prioritize network traffic. C )IEEE network standard 802.3. D )Multiple VLANs traveling through a single port.
Multiple ports linked together and used as a single logical port. 7.3.16
Which of the following is a method that allows you to connect a private network to the internet without obtaining registered addresses for every host? A )BGP B )NAT C )EIGRP D )OSPF
NAT 7.6.5
Which of the following is the protocol used for address resolution when you switch from IPv4 to IPv6? A )CSMA/CD B )Auto-MDIX C )NDP D )ARP
NDP 7.2.11
You are configuring a switch so that you can manage it using PuTTY from the same network segment. On the switch, you enter the following commands: switch#config terminal switch(config)#interface vlan 1 switch(config-if)#ip address 192.168.1.10 255.255.255.0 Will this configuration work? A )No. The ip default-gateway command needs to be set. B )Yes. The switch can now be accessed by PuTTY using the IP address 192.168.1.10. C )No. The switch needs to obtain an IP address from the DHCP server using the ip address dhcp command. D )No. The no shutdown command needs to be entered.
No. The no shutdown command needs to be entered. 7.2.11
What are the main differences between the OSPF and IS-IS routing protocols? A )OSPF requires an area 0, while IS-IS does not. B )OSPF is an IGP routing protocol, while IS-IS is a BGP routing protocol. C )OSPF is a link state protocol, while IS-IS is not. D )OSPF is a classful protocol, while IS-IS is a classless protocol.
OSPF requires an area 0, while IS-IS does not. 7.5.11
Which of the following is required to establish a new network switch and configure its IP address for the first time? A )Out-of-band management B )Client-to-site VPN C )Site-to-site VPN D )In-band management
Out-of-band management 7.1.8
Which of the following methods is best to have when a network goes down? A )Site-to-site VPN B )Client-to-site VPN C )Out-of-band management D )In-band management
Out-of-band management 7.1.8
Which IDS type can alert you to trespassers? A )VMIDS B )NIDS C )HIDS D )PIDS
PIDS 6.4.5
Which of the following is a firewall function? A )FTP hosting B )Encrypting C )Frame filtering D )Packet filtering
Packet filtering 6.2.13
What do you need to configure on a firewall to allow traffic directed to the public resources on the screened subnet? A )FTP B )VPN C )Subnet D )Packet filters
Packet filters 6.3.5
You have a large Power over Ethernet flat screen that you are installing in a conference room that requires 70 watts of power. Which of the following IEEE standards does your PoE switch need to provide power for the flat screen? A )PoE B )PoE+ C )PoE++ Type 4 D )PoE++ Type 3
PoE++ Type 4 7.3.16
Which of the following switch features allows you to configure how the switch's MAC address table is filled? A )Port mirroring B )Port security C )Spanning Tree Protocol D )Auto-negotiation
Port security 7.3.16
What is the main difference between RIP and RIPv2? A )RIP use hop count for the metric, while RIPv2 uses a relative link cost. B )RIP has a limit of 15 hops, while RIPv2 increases the hop count limit. C )RIP is a classful protocol, while RIPv2 is a classless protocol. D )RIP is a distance vector protocol, while RIPv2 is a link state protocol.
RIP is a classful protocol, while RIPv2 is a classless protocol. 7.5.11
Which of the following BEST describes dynamic routing? A )Routing is done within an autonomous system. B )Routing is done between autonomous systems. C )Routing entries are manually added to routing tables. D )Routers learn about networks by sharing routing information with each other.
Routers learn about networks by sharing routing information with each other. 7.5.11
Which of the following uses access control lists (ACLs) to filter packets as a form of security? A )Screened router B )Screened subnet C )Screened-host gateway D )Dual-homed gateway
Screened router 6.3.5
Which of the following can serve as a buffer zone between a private, secured network and an untrusted network? A )Intranet B )Screened subnet C )Extranet D )Padded cell
Screened subnet 6.3.5
Which of the following is another name for a firewall that performs router functions? A )Dual-homed gateway B )Screened-host gateway C )Screened subnet D )Screening router
Screening router 6.3.5
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database? A )Stateful inspection-based IDS B )Signature-based IDS C )Anomaly analysis-based IDS D )Heuristics-based IDS
Signature-based IDS 6.4.5
You manage a single subnet with three switches. The switches are connected to provide redundant paths between themselves. Which feature prevents switching loops and ensures that there is only a single active path between any two switches? A )PoE B )Spanning Tree C )802.1x D )Trunking
Spanning Tree 7.2.11
You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers? A )Overloading B )Dynamic C )Static D )Restricted
Static
Which of the following NAT implementations maps a single private IP address to a single public IP address on the NAT router? A )IP masquerade B )Dynamic NAT C )Static NAT D )Many-to-one NAT
Static NAT
Which of the following has the least default administrative distance? A )OSPF B )External BGP C )RIP D )Static route to an IP address
Static route to an IP address 7.5.11
You have only one physical interface but want to connect two IP networks. Which of the following would allow you to do so? A )The sticky feature B )Virtual IPs C )A loopback address D )Subinterfaces
Subinterfaces 7.5.11
Which of the following is a communication device that connects other network devices through cables and receives and forwards data to a specified destination within a LAN? A )Router B )Access point C )Hub D )Switch
Switch 7.1.8
In which type of device is a MAC address table stored? A )Router B )Switch C )Repeater D )Hub
Switch 7.2.11
Which of the following switch attacks bypasses the normal functions of a router to communicate between VLANs and gain unauthorized access to traffic on another VLAN? A )ARP spoofing B )Dynamic Trunking Protocol attack C )MAC spoofing D )Switch spoofing
Switch spoofing 7.4.11
A switch receives a frame with a destination MAC address that is not found in its MAC address table. What happens next? A )The frame stops at the switch and is not forwarded until the destination MAC address is manually added to the MAC address table. B )The frame is rejected and returned to the source host. C )The frame is replicated and sent to every active port on the switch except the source port. D )The frame is replicated and sent to every active port on the switch.
The frame is replicated and sent to every active port on the switch except the source port. 7.2.11
Which of the following describes the worst possible action by an IDS? A )The system correctly deemed harmless traffic as inoffensive and let it pass. B )The system identified harmless traffic as offensive and generated an alarm. C )The system detected a valid attack and the appropriate alarms and notifications were generated. D )The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts. 6.4.5
In which of the following tables does a NAT router store port numbers and their associated private IP addresses? A )Translation table B )ARP table C )MAC address table D )Routing table
Translation table 7.6.5
You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch in VLAN 1. What should you configure to allow communication between these two devices through the switches? A )Layer 3 switching B )Trunking C )Bonding D )Spanning Tree
Trunking 7.2.11
You have two switches connected together as shown in the following diagram. How many broadcast domains are in the network? A )Zero B )One C )Two D )Four
Two 7.4.11
Which device combines multiple security features, such as anti-spam, load-balancing, and antivirus, into a single network appliance? A ) Next Generation Firewall (NGFW) B ) Unified Threat Management (UTM) C ) Packet-filtering firewall D ) Circuit-level gateway
Unified Threat Management (UTM) (6.1.8)
Which of the following combines several layers of security services and network functions into one piece of hardware? A )Circuit-level gateway B )Unified Threat Management (UTM) C )Intrusion detection system (IDS) D )Firewall
Unified Threat Management (UTM) (6.2.13)
You've just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis? A )Update the signature files. B )Check for backdoors. C )Modify clipping levels. D )Generate a new baseline.
Update the signature files. 6.4.5
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to the internet users. Which solution should you use? A )Use a single firewall. Put the server and the private network behind the firewall. B )Use a single firewall. Put the web server in front of the firewall and the private network behind the firewall. C )Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet. D )Use firewalls to create a screened subnet. Place the web server and the private network inside the screened subnet.
Use firewalls to create a screened subnet. Place the web server inside the screened subnet and the private network behind the screened subnet. 6.3.5
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. Which of the following should you use in this situation? A )Port security B )VLAN C )VPN D )Spanning Tree
VLAN 7.2.11
Which of the following attacks manipulates a switch's auto-negotiation setting to access a virtual local area network that's connected to the same switch as the attacker's virtual local area network? A )MAC spoofing B )VLAN spoofing C )ARP spoofing D )VLAN spoofing
VLAN spoofing 7.4.11
Which of the following is the BEST solution to allow access to private resources from the internet? A )Packet filters B )FTP C )VPN D )Subnet
VPN 6.3.5
For which of the following devices does a voice VLAN prioritize traffic? A )Hub B )Bridge C )Layer 3 switch D )VoIP phone
VoIP phone 7.2.11
A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned both networks. A )Stop and restart the RIP protocol on the router. B )Wait for convergence to take place. C )Stop and restart the RIP protocol on the router. D )Force RIP to perform an immediate update.
Wait for convergence to take place.
Which of the following is true about a firewall? A ) You must manually specify which traffic you want to allow through the firewall. Everything else is blocked. B ) Implicit deny is used to deny permissions to a specific user even when the rest of the user's group is allowed access. C ) Firewalls protect against email spoofing attacks. D ) Host-based firewalls and network-based firewalls can be installed separately, but they cannot be placed together to provide multiple layers of protection.
You must manually specify which traffic you want to allow through the firewall. Everything else is blocked. (6.1.8)
In which of the following situations would you MOST likely implement a screened subnet? A )You want to encrypt data sent between two hosts using the internet. B )You want to protect a public web server from attack. C )You want users to see a single IP address when they access your company network. D )You want to detect and respond to attacks in real time.
You want to protect a public web server from attack. 6.3.5
Which command would you use on a switch to enable management from a remote network? A )no shutdown B )ip address 192.168.10.185 255.255.255.0 C )ip default-gateway 192.168.10.185 D )ip address dhcp
ip default-gateway 192.168.10.185 7.2.11
How many network interfaces does a dual-homed gateway typically have? A )two B )four C )three D )one
three 6.3.5