Post Midterm Quiz Questions

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The PEAP standard creates an encrypted TLS tunnel between the supplicant and the server before proceeding with the usual EAP process.

True

What is the formula for determining the number of possible hosts on a network?

2^h - 2 = Z

What specifications define the standards for cable broadband?

DOCSIS

When you set private IP address ranges for servers in your cloud, what service model are you using?

IaaS

What kind of software can be used to secure employee-owned devices?

MDM

A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers to collect information from people who make the same typo. What kind of attack is this?

Phishing

Which authorization method will allow Nancy, a custodian, to access the company's email application but not its accounting system?

RBAC

Which routing protocol is limited to 15 hops?

RIPv2

Which of the following is not a benefit of subnetting?

Routers more easily manage IP address spaces that overlap.

Where is a router's hostname stored when you first change the name?

Running-config file

Which WAN service offers active-active load balancing?

SD-WAN

Which principle ensures auditing processes are managed by someone other than the employees whose activities are being audited?

Separation of duties

Which of the following features of a network connection between a switch and server is not improved by link aggregation?

Speed

Which of the following is an example of proxy server software?

Squid

In the typical social engineering attack cycle, what occurs at Phase 3?

The attacker exploits an action undertaken by the victim in order to gain access.

Your roommate has been hogging the bandwidth on your router lately. What feature should you configure on the router to limit the amount of bandwidth his computer can utilize at any one time?

Traffic shaping

Which of the following would an environmental monitoring system not track?

User authentication

Which network type supports long-haul connections between ISPs?

WAN

Which backup site includes a running server that does not have access to the latest backups?

Warm site

A network with 10 bits remaining for the host portion will have how many usable host addresses?

1022

How many bits of a class A IP address are used for host information?

24 bits

What is the binary number 1111 1111 in decimal?

255

A network with a CIDR notation of /26 would have what subnet mask?

255.255.255.192

Which of the following would be assigned an OID?

A switch's interface

Which log type is used to prove who did what and when?

Audit log

Which problem is most likely caused by a damaged cable?

CRC error

Which type of disaster recovery site contains all the equipment you would need to get up and running again after a disaster, and yet would require several weeks to implement?

Cold site

At what OSI layer do VLANs function?

Data link layer

What type of attack relies on spoofing?

Deauth attack

You're playing a game on your Xbox when you suddenly get bumped off your Wi-Fi network. You reconnect and start playing, then get bumped off again. What type of attack is most likely the cause?

Deauth attack

Which VLAN on a switch cannot be renamed or deleted?

Default VLAN

What field in an IPv4 packet is altered to prioritize video streaming traffic over web surfing traffic?

DiffServ

A RAID 5 configuration requires a minimum of two hard disks to operate.

False

A system with an availability of 99.999% can be down for a maximum of 52 minutes per year.

False

Of the three methods of access control (RBAC, DAC, and MAC), RBAC is the least secure of the options.

False

When utilizing Kerberos, an access granting ticket is the same as a key.

False

Which flow control method resends a lost frame along with all frames sent with it?

Go-back-n sliding window

The Link Aggregation Control Protocol was initially defined by what IEEE standard?

IEEE 802.3ad

Which policy ensures messages are discarded when they don't match a specific firewall rule?

Implicit deny

A network TAP serves what purpose on a network?

It provides a mirrored port for monitoring traffic between other ports.

Which protocol balances traffic across multiple links?

LACP

Which device can manage traffic to multiple servers in a cluster so all servers equally share the traffic?

Load balancer

A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use?

NDA

Which security device relies on a TAP or port mirroring?

NIDS

Which of the following is considered a secure protocol?

SSH

You need to securely store handheld radios for your network technicians to take with them when they're troubleshooting problems around your campus network. What's the best way to store these radios so all your techs can get to them and so you can track who has the radios?

Smart locker

What method does a GSM network use to separate data on a channel?

TDMA

Suppose you have a small network with one router, one switch, and a few computers that are grouped into three VLANs. Which of the following statements is false?

Traffic between computers on the same VLAN must go through the router.

Over a long-distance connection, using SSH keys is more secure than using passwords.

True

While troubleshooting a recurring problem on your network, you want to examine the TCP messages being exchanged between a server and a client. Which tool should you use on the server?

Wireshark

Which ACL rule will prevent pings from a host at 192.168.2.100?

access-list acl_2 deny icmp host 192.168.2.100 any

Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address?

access-list acl_2 permit https any any

The ability to insert code into a database field labeled "Name" is an example of a(n) _________.

vulnerability

The following ports were listed as open during a recent port scan. Which one is no longer used except by legacy software and should be closed?

139

What is the network ID of the IP address 192.168.72.149/16?

192.168.0.0

An IP address of 192.168.18.73/28 has what network ID?

192.168.18.64

By default, when using classful addressing, how many bits exist in the host portion of a Class A address?

24

Which cellular generation was the first to offer speeds up to 1 Gbps?

4G

A routing protocol's reliability and priority are rated by what measurement?

AD

Which access control technique is responsible for detection of an intruder who succeeds in accessing a network?

Accounting

Which of the following techniques does not break up a large broadcast domain into smaller broadcast domains?

Adding more layer 2 switches to a network

Which of the following criteria can a packet-filtering firewall not use to determine whether to accept or deny traffic?

Application data

Which firewall type can protect a home network from adult content not suitable for the family's children?

Application layer firewall

Which routing protocol does an edge router use to collect data to build its routing tables for paths across the Internet?

BGP

Which routing protocol runs between your network's edge router and your ISP's edge router?

BGP

Which physical security device works through wireless transmission?

Badge reader

Which virtual network connection type assigns a VM its IP address from the physical network?

Bridged

An attacker guesses an executive's password ("M@nd@lori@n") to a sensitive database after chatting for a while at a club. What kind of password attack did the hacker use?

Brute-force attack

You work in an organization as a network administrator. One of your new clients owns a hotel and has asked you to provide a single Internet connection for every room, but also ensure that the users are not visible to each other. Which technology on the switch will you use to meet the requirements stated in the scenario?

Create Private VLANs

You have configured a new DHCP server and connected it to the network. There is connectivity to the server, but the clients in the network are unable to obtain IP addresses from the server. Which of the following enabled feature on the switch can cause this issue?

DHCP Snooping

Which device would allow an attacker to make network clients use an illegitimate default gateway?

DHCP server

When repairing a coworker's computer, you find some illegal files. What should you do next?

Disconnect the computer from the network and leave it running.

Which type of switch is best used for connections to web servers?

Edge switch

When a router can't determine a path to a message's destination, where does it send the message?

Gateway of last resort

You need to create an access list on your router to filter specific IP addresses and ports. You created entries with permit statements and deny statements. But you forget to add one specific deny statement to filter traffic from host A. How will this traffic be treated?

Host A traffic will be denied because, at the end of every access list, there is an implicit deny statement

When shopping for a new router, what does the MTBF tell you?

How long devices like this one will last on average until the next failure

Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers?

IaaS

What is the first step in improving network security?

Identify risks.

A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company. What kind of attack is this?

Insider threat

What does the Common Address Redundancy Protocol do?

It allows a pool of computers or interfaces to share the same IP address.

At what point is a packet considered to be a giant?

It becomes a giant when it exceeds the medium's maximum packet size.

A differential backup covers what data on a system?

It includes data that has changed since the last full backup.

Active Directory and 389 Directory Server are both compatible with which directory access protocol?

LDAP

Which of these cellular technologies offers the fastest speeds?

LTE-A

What is the lowest layer of the OSI model at which LANs and WANs support the same protocols?

Layer 3

Which of these WAN services is backed by an SLA?

Leased line

You have empty ports on your switches, that is, no connected hosts. Which of the following are best practices to ensure that the empty ports are secure?

Move the ports from the default VLAN to a new, unused VLAN and then disable them

By default, what network connection type is selected when creating a VM in VMware, VirtualBox, or KVM?

NAT mode

With which network connection type does the VM obtain IP addressing information from its host?

NAT mode

What do well-chosen subnets accomplish?

Network documentation is easier to manage.

Which OSI layer is responsible for directing data from one LAN to another?

Network layer

Which of the following attack simulations detect vulnerabilities and attempt to exploit them?

Pen testing Red team-blue team exercise

Which of the following social engineering attack types most likely requires that the attacker have existing knowledge about the victim?

Phishing

Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct to develop your recommendations for the upgrade priorities?

Posture assessment

Which assessment type would most likely discover a security risk related to employee onboarding?

Process assessment

Which device can be used to increase network performance by caching websites?

Proxy server

Which of the following defenses addresses a weakness of IPv6?

RA guard

By far the most popular AAA service, what open-source service runs in the Application layer and can use UDP or TCP in the Transport layer?

RADIUS

Which authentication protocol is optimized for wireless clients?

RADIUS

Which team might ask a user for a password?

Red Team

Which STP bridge serves as the basis for all path calculations?

Root bridge

What does a client present to a network server to access a resource on that server?

Ticket

Which of the following is not a good reason to segment a network?

To increase the number of networking devices on a network

Which type of switch connects all devices in a rack to the rest of the network?

ToR switch

Which port mode on a switch enables that port to manage traffic for multiple VLANs?

Trunk

What virtual, logically defined device operates primarily at the data link layer to pass frames between nodes?

Virtual switch

When is it appropriate to utilize the NAT network connection type?

Whenever the VM does not need to be access at a known address by other network nodes.

What type of an attack forces clients off a wireless network, creating a form of Wi-Fi DoS?

deauthentication attack

When using a host-based intrusion detection system, what additional feature might be available to alert the system of any changes made to files that shouldn't change?

file integrity monitoring (FIM)

An attack that relies on redirected and captured secure transmissions as they occur is known as what type of attack?

man-in-the-middle attack

Which command will output your Windows computer's routing table?

route print

Which bandwidth management technique limits traffic specifically between a single sender and a single receiver?

Flow control

Which of the following is not defined by syslog?

Message security

VMware Player and Linux KVM are both examples of what type of hypervisor?

Type 2 hypervisor

Which assignment technique requires a RADIUS server?

Dynamic VLAN assignment

Which SDN plane moves traffic from switch port to switch port?

Infrastructure plane

A vSwitch (virtual switch) or bridge is a logically defined device that operates at what layer of the OSI model?

Layer 2

At what layer of the OSI model do proxy servers operate?

Layer 7

What kind of device can monitor a connection at the demarc but cannot interpret data?

Smartjack

What kind of route is created when a network administrator configures a router to use a specific path between nodes?

Static route

In a red team-blue team exercise, what is the purpose of the blue team?

The blue team is charged with the defense of the network.

Which hexadecimal block in an IPv6 address is used for the Subnet ID?

The fourth one

Which formulas can be used to calculate the magic number?

- 2^h - 256 - the interesting octet

Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this?

Logic bomb

What information in a transmitted message might an IDS use to identify network threats?

Signature

Which power backup method will continually provide power to a server if the power goes out during a thunderstorm?

Online UPS

What is the minimum number of bits that should be borrowed to create 14 subnets?

4 bits

What IEEE standard specifies how VLAN information appears in frames and how switches interpret that information?

802.1Q

Which IEEE standard determines how VLANs work on a network?

802.1Q

You just moved into a rural office space that has telephone service but no cable. Which WAN service could you use without needing to install new wiring to your location?

DSL

Which of the following is not one of the AAA services provided by RADIUS and TACACS+?

Administration

When using Spanning Tree Protocol, what is the first step in selecting paths through a network?

STP must first select the root bridge, or master bridge.

Which SAN connection technology can run over ordinary Ethernet NICs without any special equipment needed?

iSCSI

The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term?

principle of least privilege

What document addresses the specific concerns related to special access given to administrators and certain support staff?

privileged user agreement

Which of the following is the most secure password?

yellowMonthMagneficant

You sent a coworker a .exe file to install an app on their computer. What information should you send your coworker so they can ensure the file has not been tampered with in transit?

Hash of the file

The combination of a public key and a private key are known by what term below?

key pair

An interface that manages traffic from multiple VLANs is known by what term?

trunk port

What information does the switchport port-security command use to restrict access to a switch's interface?

MAC address

Which data link layer flow control method offers the most efficient frame transmission when sending large volumes of data?

Selective repeat sliding window

Given a host IP address of 172.16.1.154 and a subnet mask of 255.255.254.0, what is the network ID for this host?

172.16.0.0

Which two features on a switch or router are integrated into CoPP?

- QoS -ACLs

Which of the following statements is true?

- When streaming a movie, the transmission is sensitive to delays and tolerant of loss. - When sending an email, the transmission is sensitive to loss and tolerant of delays

If a server has a subnet mask of 255.255.255.224, how many bits in its IP address identify the host?

5 bits

What is the greatest number of bits you could borrow from the host portion of a class B subnet mask and still have at least 130 hosts per subnet?

8 bits

Which wired WAN service offers speeds most comparable to the highest satellite Internet speeds in a similar price range?

Cable broadband

Which type of DoS attack orchestrates an attack bounced off uninfected computers?

DRDoS attack

Which legacy authentication protocol requires mutual authentication?

Microsoft Challenge Handshake Authentication Protocol, version 2 (MS-CHAPv2)

Which cloud management technique executes a series of tasks in a workflow?

Orchestration

In a software defined network, what is responsible for controlling the flow of data?

SDN controller

Which of the following versions of SNMP are considered unsecure?

SNMPv1 and SNMPv2c

Who is responsible for the security of hardware on which a public cloud runs?

The cloud provider

In an IPv6 address, what do the first four blocks or 64 bits of the address represent?

The site prefix or global routing prefix.

Which statement regarding the use of a bridged mode vNIC is accurate?

The vNIC will its own IP address on the physical LAN.

A variant of BYOD, what does CYOD allow employees or students to do?

They can choose a device from a limited number of options.

One of your coworkers downloaded several, very large video files for a special project she's working on for a new client. When you run your network monitor later this afternoon, what list will your coworker's computer likely show up on?

Top listeners

Which log type would most likely be used first to investigate the cause of high numbers of dropped packets?

Traffic log

Class of Service utilizes 8 levels of priority, and modifies the PCP field in an 802.1Q tag.

True

Which power device prevents a critical server from losing power, even for an instant?

UPS

What port do SNMP agents listen on?

Port 161


Ensembles d'études connexes

psychology vocabulary chapter 5-sensory adaptation

View Set

Pharm Chapter 33: Targeted Therapies to Treat Cancer

View Set

LearnSmart Chp. 14 Biotechnology and Genomics

View Set