Post Midterm Quiz Questions
The PEAP standard creates an encrypted TLS tunnel between the supplicant and the server before proceeding with the usual EAP process.
True
What is the formula for determining the number of possible hosts on a network?
2^h - 2 = Z
What specifications define the standards for cable broadband?
DOCSIS
When you set private IP address ranges for servers in your cloud, what service model are you using?
IaaS
What kind of software can be used to secure employee-owned devices?
MDM
A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers to collect information from people who make the same typo. What kind of attack is this?
Phishing
Which authorization method will allow Nancy, a custodian, to access the company's email application but not its accounting system?
RBAC
Which routing protocol is limited to 15 hops?
RIPv2
Which of the following is not a benefit of subnetting?
Routers more easily manage IP address spaces that overlap.
Where is a router's hostname stored when you first change the name?
Running-config file
Which WAN service offers active-active load balancing?
SD-WAN
Which principle ensures auditing processes are managed by someone other than the employees whose activities are being audited?
Separation of duties
Which of the following features of a network connection between a switch and server is not improved by link aggregation?
Speed
Which of the following is an example of proxy server software?
Squid
In the typical social engineering attack cycle, what occurs at Phase 3?
The attacker exploits an action undertaken by the victim in order to gain access.
Your roommate has been hogging the bandwidth on your router lately. What feature should you configure on the router to limit the amount of bandwidth his computer can utilize at any one time?
Traffic shaping
Which of the following would an environmental monitoring system not track?
User authentication
Which network type supports long-haul connections between ISPs?
WAN
Which backup site includes a running server that does not have access to the latest backups?
Warm site
A network with 10 bits remaining for the host portion will have how many usable host addresses?
1022
How many bits of a class A IP address are used for host information?
24 bits
What is the binary number 1111 1111 in decimal?
255
A network with a CIDR notation of /26 would have what subnet mask?
255.255.255.192
Which of the following would be assigned an OID?
A switch's interface
Which log type is used to prove who did what and when?
Audit log
Which problem is most likely caused by a damaged cable?
CRC error
Which type of disaster recovery site contains all the equipment you would need to get up and running again after a disaster, and yet would require several weeks to implement?
Cold site
At what OSI layer do VLANs function?
Data link layer
What type of attack relies on spoofing?
Deauth attack
You're playing a game on your Xbox when you suddenly get bumped off your Wi-Fi network. You reconnect and start playing, then get bumped off again. What type of attack is most likely the cause?
Deauth attack
Which VLAN on a switch cannot be renamed or deleted?
Default VLAN
What field in an IPv4 packet is altered to prioritize video streaming traffic over web surfing traffic?
DiffServ
A RAID 5 configuration requires a minimum of two hard disks to operate.
False
A system with an availability of 99.999% can be down for a maximum of 52 minutes per year.
False
Of the three methods of access control (RBAC, DAC, and MAC), RBAC is the least secure of the options.
False
When utilizing Kerberos, an access granting ticket is the same as a key.
False
Which flow control method resends a lost frame along with all frames sent with it?
Go-back-n sliding window
The Link Aggregation Control Protocol was initially defined by what IEEE standard?
IEEE 802.3ad
Which policy ensures messages are discarded when they don't match a specific firewall rule?
Implicit deny
A network TAP serves what purpose on a network?
It provides a mirrored port for monitoring traffic between other ports.
Which protocol balances traffic across multiple links?
LACP
Which device can manage traffic to multiple servers in a cluster so all servers equally share the traffic?
Load balancer
A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use?
NDA
Which security device relies on a TAP or port mirroring?
NIDS
Which of the following is considered a secure protocol?
SSH
You need to securely store handheld radios for your network technicians to take with them when they're troubleshooting problems around your campus network. What's the best way to store these radios so all your techs can get to them and so you can track who has the radios?
Smart locker
What method does a GSM network use to separate data on a channel?
TDMA
Suppose you have a small network with one router, one switch, and a few computers that are grouped into three VLANs. Which of the following statements is false?
Traffic between computers on the same VLAN must go through the router.
Over a long-distance connection, using SSH keys is more secure than using passwords.
True
While troubleshooting a recurring problem on your network, you want to examine the TCP messages being exchanged between a server and a client. Which tool should you use on the server?
Wireshark
Which ACL rule will prevent pings from a host at 192.168.2.100?
access-list acl_2 deny icmp host 192.168.2.100 any
Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address?
access-list acl_2 permit https any any
The ability to insert code into a database field labeled "Name" is an example of a(n) _________.
vulnerability
The following ports were listed as open during a recent port scan. Which one is no longer used except by legacy software and should be closed?
139
What is the network ID of the IP address 192.168.72.149/16?
192.168.0.0
An IP address of 192.168.18.73/28 has what network ID?
192.168.18.64
By default, when using classful addressing, how many bits exist in the host portion of a Class A address?
24
Which cellular generation was the first to offer speeds up to 1 Gbps?
4G
A routing protocol's reliability and priority are rated by what measurement?
AD
Which access control technique is responsible for detection of an intruder who succeeds in accessing a network?
Accounting
Which of the following techniques does not break up a large broadcast domain into smaller broadcast domains?
Adding more layer 2 switches to a network
Which of the following criteria can a packet-filtering firewall not use to determine whether to accept or deny traffic?
Application data
Which firewall type can protect a home network from adult content not suitable for the family's children?
Application layer firewall
Which routing protocol does an edge router use to collect data to build its routing tables for paths across the Internet?
BGP
Which routing protocol runs between your network's edge router and your ISP's edge router?
BGP
Which physical security device works through wireless transmission?
Badge reader
Which virtual network connection type assigns a VM its IP address from the physical network?
Bridged
An attacker guesses an executive's password ("M@nd@lori@n") to a sensitive database after chatting for a while at a club. What kind of password attack did the hacker use?
Brute-force attack
You work in an organization as a network administrator. One of your new clients owns a hotel and has asked you to provide a single Internet connection for every room, but also ensure that the users are not visible to each other. Which technology on the switch will you use to meet the requirements stated in the scenario?
Create Private VLANs
You have configured a new DHCP server and connected it to the network. There is connectivity to the server, but the clients in the network are unable to obtain IP addresses from the server. Which of the following enabled feature on the switch can cause this issue?
DHCP Snooping
Which device would allow an attacker to make network clients use an illegitimate default gateway?
DHCP server
When repairing a coworker's computer, you find some illegal files. What should you do next?
Disconnect the computer from the network and leave it running.
Which type of switch is best used for connections to web servers?
Edge switch
When a router can't determine a path to a message's destination, where does it send the message?
Gateway of last resort
You need to create an access list on your router to filter specific IP addresses and ports. You created entries with permit statements and deny statements. But you forget to add one specific deny statement to filter traffic from host A. How will this traffic be treated?
Host A traffic will be denied because, at the end of every access list, there is an implicit deny statement
When shopping for a new router, what does the MTBF tell you?
How long devices like this one will last on average until the next failure
Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers?
IaaS
What is the first step in improving network security?
Identify risks.
A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company. What kind of attack is this?
Insider threat
What does the Common Address Redundancy Protocol do?
It allows a pool of computers or interfaces to share the same IP address.
At what point is a packet considered to be a giant?
It becomes a giant when it exceeds the medium's maximum packet size.
A differential backup covers what data on a system?
It includes data that has changed since the last full backup.
Active Directory and 389 Directory Server are both compatible with which directory access protocol?
LDAP
Which of these cellular technologies offers the fastest speeds?
LTE-A
What is the lowest layer of the OSI model at which LANs and WANs support the same protocols?
Layer 3
Which of these WAN services is backed by an SLA?
Leased line
You have empty ports on your switches, that is, no connected hosts. Which of the following are best practices to ensure that the empty ports are secure?
Move the ports from the default VLAN to a new, unused VLAN and then disable them
By default, what network connection type is selected when creating a VM in VMware, VirtualBox, or KVM?
NAT mode
With which network connection type does the VM obtain IP addressing information from its host?
NAT mode
What do well-chosen subnets accomplish?
Network documentation is easier to manage.
Which OSI layer is responsible for directing data from one LAN to another?
Network layer
Which of the following attack simulations detect vulnerabilities and attempt to exploit them?
Pen testing Red team-blue team exercise
Which of the following social engineering attack types most likely requires that the attacker have existing knowledge about the victim?
Phishing
Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct to develop your recommendations for the upgrade priorities?
Posture assessment
Which assessment type would most likely discover a security risk related to employee onboarding?
Process assessment
Which device can be used to increase network performance by caching websites?
Proxy server
Which of the following defenses addresses a weakness of IPv6?
RA guard
By far the most popular AAA service, what open-source service runs in the Application layer and can use UDP or TCP in the Transport layer?
RADIUS
Which authentication protocol is optimized for wireless clients?
RADIUS
Which team might ask a user for a password?
Red Team
Which STP bridge serves as the basis for all path calculations?
Root bridge
What does a client present to a network server to access a resource on that server?
Ticket
Which of the following is not a good reason to segment a network?
To increase the number of networking devices on a network
Which type of switch connects all devices in a rack to the rest of the network?
ToR switch
Which port mode on a switch enables that port to manage traffic for multiple VLANs?
Trunk
What virtual, logically defined device operates primarily at the data link layer to pass frames between nodes?
Virtual switch
When is it appropriate to utilize the NAT network connection type?
Whenever the VM does not need to be access at a known address by other network nodes.
What type of an attack forces clients off a wireless network, creating a form of Wi-Fi DoS?
deauthentication attack
When using a host-based intrusion detection system, what additional feature might be available to alert the system of any changes made to files that shouldn't change?
file integrity monitoring (FIM)
An attack that relies on redirected and captured secure transmissions as they occur is known as what type of attack?
man-in-the-middle attack
Which command will output your Windows computer's routing table?
route print
Which bandwidth management technique limits traffic specifically between a single sender and a single receiver?
Flow control
Which of the following is not defined by syslog?
Message security
VMware Player and Linux KVM are both examples of what type of hypervisor?
Type 2 hypervisor
Which assignment technique requires a RADIUS server?
Dynamic VLAN assignment
Which SDN plane moves traffic from switch port to switch port?
Infrastructure plane
A vSwitch (virtual switch) or bridge is a logically defined device that operates at what layer of the OSI model?
Layer 2
At what layer of the OSI model do proxy servers operate?
Layer 7
What kind of device can monitor a connection at the demarc but cannot interpret data?
Smartjack
What kind of route is created when a network administrator configures a router to use a specific path between nodes?
Static route
In a red team-blue team exercise, what is the purpose of the blue team?
The blue team is charged with the defense of the network.
Which hexadecimal block in an IPv6 address is used for the Subnet ID?
The fourth one
Which formulas can be used to calculate the magic number?
- 2^h - 256 - the interesting octet
Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this?
Logic bomb
What information in a transmitted message might an IDS use to identify network threats?
Signature
Which power backup method will continually provide power to a server if the power goes out during a thunderstorm?
Online UPS
What is the minimum number of bits that should be borrowed to create 14 subnets?
4 bits
What IEEE standard specifies how VLAN information appears in frames and how switches interpret that information?
802.1Q
Which IEEE standard determines how VLANs work on a network?
802.1Q
You just moved into a rural office space that has telephone service but no cable. Which WAN service could you use without needing to install new wiring to your location?
DSL
Which of the following is not one of the AAA services provided by RADIUS and TACACS+?
Administration
When using Spanning Tree Protocol, what is the first step in selecting paths through a network?
STP must first select the root bridge, or master bridge.
Which SAN connection technology can run over ordinary Ethernet NICs without any special equipment needed?
iSCSI
The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term?
principle of least privilege
What document addresses the specific concerns related to special access given to administrators and certain support staff?
privileged user agreement
Which of the following is the most secure password?
yellowMonthMagneficant
You sent a coworker a .exe file to install an app on their computer. What information should you send your coworker so they can ensure the file has not been tampered with in transit?
Hash of the file
The combination of a public key and a private key are known by what term below?
key pair
An interface that manages traffic from multiple VLANs is known by what term?
trunk port
What information does the switchport port-security command use to restrict access to a switch's interface?
MAC address
Which data link layer flow control method offers the most efficient frame transmission when sending large volumes of data?
Selective repeat sliding window
Given a host IP address of 172.16.1.154 and a subnet mask of 255.255.254.0, what is the network ID for this host?
172.16.0.0
Which two features on a switch or router are integrated into CoPP?
- QoS -ACLs
Which of the following statements is true?
- When streaming a movie, the transmission is sensitive to delays and tolerant of loss. - When sending an email, the transmission is sensitive to loss and tolerant of delays
If a server has a subnet mask of 255.255.255.224, how many bits in its IP address identify the host?
5 bits
What is the greatest number of bits you could borrow from the host portion of a class B subnet mask and still have at least 130 hosts per subnet?
8 bits
Which wired WAN service offers speeds most comparable to the highest satellite Internet speeds in a similar price range?
Cable broadband
Which type of DoS attack orchestrates an attack bounced off uninfected computers?
DRDoS attack
Which legacy authentication protocol requires mutual authentication?
Microsoft Challenge Handshake Authentication Protocol, version 2 (MS-CHAPv2)
Which cloud management technique executes a series of tasks in a workflow?
Orchestration
In a software defined network, what is responsible for controlling the flow of data?
SDN controller
Which of the following versions of SNMP are considered unsecure?
SNMPv1 and SNMPv2c
Who is responsible for the security of hardware on which a public cloud runs?
The cloud provider
In an IPv6 address, what do the first four blocks or 64 bits of the address represent?
The site prefix or global routing prefix.
Which statement regarding the use of a bridged mode vNIC is accurate?
The vNIC will its own IP address on the physical LAN.
A variant of BYOD, what does CYOD allow employees or students to do?
They can choose a device from a limited number of options.
One of your coworkers downloaded several, very large video files for a special project she's working on for a new client. When you run your network monitor later this afternoon, what list will your coworker's computer likely show up on?
Top listeners
Which log type would most likely be used first to investigate the cause of high numbers of dropped packets?
Traffic log
Class of Service utilizes 8 levels of priority, and modifies the PCP field in an 802.1Q tag.
True
Which power device prevents a critical server from losing power, even for an instant?
UPS
What port do SNMP agents listen on?
Port 161