10 & 11 LS_Security & Securing TCP/IP

(MMv2C11Q18): Which one of the following statements best describes Authentication? what a person accessing data can do with that data. the act of verifying you are who you say you are. the process of guaranteeing that data is as originally sent and that it came from the source from which you think it should have come. the act of being able to access resources

the act of verifying you are who you say you are.

(LS Authentication Q06): You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL.Which method would you use to get a certificate for the server? Run a third-party tool to generate a certificate. Obtain a certificate from a public PKI Have the server generate its own certificate. Create your own internal PKI to issue certificates.

Obtain a certificate from a public PKI Computers must trust the CA that issues a certificate. For computers that are used on the Internet and accessible to public users, obtain a certificate from a public CA such as VeriSign. By default, most computers trust well known public CAs.Use a private PKI to issue certificates to computers and users within your own organization. You configure computers to trust your own PKI, so certificates issued by your internal CAs are automatically trusted. A certificate generated by a server is called a self signed certificate. A self signed certificate provides no proof of identity because any other server can claim to be that server just by issuing itself a certificate.

(LS Authentication Q04): Which of the following is a mechanism for granting and validating certificates? PKI Kerberos RADIUS AAA

PKI Certificates are obtained from a Public Key Infrastructure (PKI). A PKI is a system that provides for a trusted third party to vouch for user identities. A PKI is made up of Certification Authorities (CAs), also called certificate authorities. A CA is an entity trusted to issue, store, and revoke certificates.Both RADIUS and TACACS + are protocols used for centralized authentication, authorization, and accounting used with remote access. Kerberos is an authentication and authorization method that uses tickets.

(LS VPNs Q07): you want to use a protocol that can encapsulate other LAN protocols and carry the data securely over an IP network. Which of the following protocols is suitable for this task? PPTP SLIP PPP NetBEUI

PPTP

(LS VPNs Q03): Which of the following protocols can your portable computer use to connect to your company's network via a virtual tunnel through the Internet? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). PPTP L2TP PPPoE ICA VNC

PPTP L2TP Either PPTP (Point-to-Point Tunneling Protocol) or L2TP ( Layer 2 Tunneling Protocol) protocols will let you access your company's network through a public networks such as the Internet.PPPoE is used for connecting to the Internet through an Ethernet connection to include authentication and accounting. VNC and ICA are remote desktop protocol is used for remote administration or remote access of devices.

(MMv2C11Q06): Emily wants to remotely and securely enter commands to be run at a remote server. What application should she use? Telnet SSH SFTP RSA

SSH Secure Shell (SSH) is a secure version of Telnet that allows users to securely enter commands to be run on a remote server.

(MMv2C11Q20): Which of the following is a secure replacement for Telnet? SSH TLS Kerberos AH

SSH Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, leaving them open for interception. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet.

(LS Authentication Q02): When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system? Ticket Coupon Voucher Hashkey

Ticket The tokens used in Kerberos authentication are known as tickets. These tickets perform a number of functions including notifying the network service of the user who has been granted access, and authenticating the identity of the person when they attempt to use that network service.The terms coupon and voucher are not associated with Kerberos, or any other commonly implemented network authentication system. The term hashkey is sometimes used to describe a value that has been derived from some piece of data, when that value is then used to access a service. However, the term hashkey is not associated with Kerberos.

(LS Authentication Q08): Which of the following are used when implementing Kerberos for authentication and authorization? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). PPPoE Time Server PPP Ticket granting server RADIUS or TACACS + server

Time Server Ticket granting server Kerberos grants tickets (also called a security token) to authenticated users and to authorized resources. A ticket granting server (TGS) grants tickets that are valid for specific resources on specific servers. Kerberos requires that all servers within the process have synchronized clocks to validate tickets, so a centralized Time Server or other method for time synchronization is required.Both RADIUS and TACACS + are protocols used for centralized authentication, authorization, and accounting used with remote access. PPP and PPPoE are protocols used for remote access connections.

(MMv2C11Q05): What helps to protect credit card numbers during online purchases? (Select two.) Certificates TLS SCP NTP

Certificates TLS

(LS Detect / Prevent Q04): Which of the following functions can a port scanner provide? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). Testing virus definition design for false positives. Determining which ports are open on a firewall. Auditing IPSec encryption algorithm configuration. Discovering unadvertised servers

Determining which ports are open on a firewall. Discovering unadvertised servers Port scanners can determine which TCP/UDP ports are open on a firewall and identify servers that may be unauthorized or running in a test environment. Many port scanners provide additional information, including the host operating system and version, of any detected servers. Hackers use port scanners to gather valuable information about a target and system administrators should use the same tools for proactive penetration testing and to ensure compliance with all corporate security policies

(LS Switch Scty Q07): Which of the following best describes the concept of a virtual LAN? Devices in separate networks ( i.e. different network addresses) logically grouped as if they were in the same network. Devices connected by a transmission medium other than cable (i.e. microwave, radio transmissions) Devices on different networks that can receive multicast packets. Devices on the same network logically grouped as if they were on separate networks Devices connected through the Internet that can communicate without using a network address

Devices on the same network logically grouped as if they were on separate networks A virtual LAN is created by identifying a subnet of devices on the same network, and logically identifying them as if they were on separate networks. You should think of the VLANs as a subdivision of a LAN.

(LS Authentication Q03): You have been contracted by a firm to implement a new remote access solution based on a Windows Server 2003 system. The customer wants to purchase and install a smartcard system to provide a high level of security to the implementation.Which of the following authentication protocols are you most likely to recommend to the client? PPP MS-CHAP EAP CHAP

EAP Of the protocols listed, only EAP provides support for smart card authentication.Both the Challenge Handshake Protocol (CHAP) and the Microsoft Challenge Handshake Protocol (MS-CHAP) use a three way handshake to authenticate users. During this handshake process, a hash value is created, compared and then use to authenticate the connection. These protocols do not support the use of smart cards. The Point-to-Point Protocol (PPP) is a remote access protocol that uses usernames and passwords for authentication. It also does not support the use of smart cards.

(LS Authentication Q05): You want to implement an authentication method that uses public and private key pairs. Which authentication method should you use? PKI MS-CHAP v2 IPSec EAP

EAP Public and private key pairs are used by certificates for authentication and encryption. Extensible Authentication Protocol (EAP) allows the client and server to negotiate the characteristics of authentication. EAP is used to allow authentication using smart cards, biometrics (user physical characteristics), and certificate-based authentication.MS-CHAP is Microsoft's proprietary method used for remote access connections. MS-CHAP uses a three way handshake (challenge/response) to perform authentication using a hash form of a shared secret (password). A Public Key Infrastructure (PKI) is a system of certificate authorities that issue certificates, but is not a mechanism used for authentication. IPSec is a tunneling protocol used for VPN connections that provides encryption and a weak form of authentication using certificates, but it is not used specifically for authentication

(LS Secure Protocols Q08): Which of the following or improvements to SNMP that are included with SNMP version 3? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). Encryption of SNMP messages. Hashing of the community name. Authentication for agents and managers. Use of SFTP for transferring SNMP data

Encryption of SNMP messages. Authentication for agents and managers. SNMP version 3 adds the following improvements for security:* Authentication for agents and managers.* Encryption of SNMP information.* Message integrity to ensure that data is not altered in transit.

(MMv2C11Q13): Which authentication protocol is broadly used on wireless networks? 802.1X PPP PAP MS-CHAP

802.1X

(LS Authentication Q09): You want to increase the security of your network by allowing only authenticated users to be able to access network devices through a switch.Which of the following should you implement? Port security. Spanning tree. IPSec. 802.1x

802.1x

(MMv2C11Q07): Which of the following would be a hash function definition? A complex function A PKI function A one-way function A systematic function

A one-way function A hash function is by definition a one-way function. A hash function H is a transformation that takes a variable-size input m and returns a fixed-size string, which is called the hash value. The key point in hashing is that it is a one way function, and you cannot convert the hash value back to its original value.

(LS VPNs Q04): IPSec is implemented through two separate protocols. What are these protocols called? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). SSL EPS AH L2TP ESP

AH ESP IPSec is implemented through two separate protocols: IP Authentication Header (AH), and IPSec Encapsulating Security Payload (ESP). IPSec AH provides authentication and non-repudiation services to verify that the sender is genuine, and that the data has not been modified in transit. IPSec ESP provides data encryption services for the data within the packet.SSL and EPS are not protocols associated with IPSec.

(LS Authentication Q01): Which of following authentication protocols used as a three-way handshake to authenticate users to the network? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). CHAP MS-CHAP EAP PAP

CHAP MSCHAP Both the Challenge Handshake Protocol (CHAP) and the Microsoft Challenge Handshake Protocol (MS-CHAP) use a three way handshake to authenticate users. During this handshake process, a hash value is created, compared and then use to authenticate the connection.The Password Authentication Protocol (PAP) uses a username and password combination to authenticate users. PAP is considered insecure because it transmits the username and password information in clear text. Extensible Authentication Protocol (EAP) supports a number of authentication methods including smart cards and digital certificates.

(MMv2C11Q19): Which statement best describes an asymmetric-key algorithm? An asymmetric-key algorithm uses a public key to encrypt data and a different public key to decrypt the same data. An asymmetric-key algorithm uses a private key to encrypt data and a public key to decrypt the same data. An asymmetric-key algorithm uses one key to encrypt data and the same key to decrypt the same data. An asymmetric-key algorithm uses one key to encrypt data and a different key to decrypt the same data.

An asymmetric-key algorithm uses one key to encrypt data and a different key to decrypt the same data. The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys - a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key.

(LS Detect / Prevent Q03): What is the most common form of host-based IDS that employ signature or pattern matching detection methods? Antivirus software. Motion detectors. Honey pots. Firewalls

Antivirus software

(MMv2C11Q03): A public and private key pair is an example of what? Symmetric-key algorithm Asymmetric-key algorithm Certificate RADIUS

Asymmetric-key algorithm A public/private key pair is an example of an asymmetric-key algorithm because one key encrypts while a totally different key decrypts. Symmetric key algorithm uses a single secret key to both encrypt and decypt.

(MMv2C11Q12): AES is considered as which type of cipher? Block Forwarding Stream Asymmetric

Block AES is a block cipher. Block ciphers can be contrasted with stream ciphers; a stream cipher operates on individual digits one at a time, and the transformation varies during the encryption. The distinction between the two types is not always clear-cut: a block cipher, when used in certain modes of operation, acts effectively as a stream cipher

(LS Authentication Q10): Which of the following applications typically use 802.1x authentication? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). Controlling access through a switch. Authenticating VPN users to the Internet. Controlling access through a wireless access point. Controlling access through a router. Authenticating remote access clients

Controlling access through a switch. Controlling access through a wireless access point. 802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. 802.1x is used for Port authentication on switches and authentication to wireless access points .802.1x requires an authentication server for validating user credentials. This server is typically a RADIUS server.Remote access authentication is handled by remote access servers or a combination of remote access servers and a RADIUS server for centralized authentication. VPN connections can be controlled by remote access servers or by special devices called a VPN concentrator.

(LS Switch Scty Q11): Which of the following do switches and wireless access points use to control access through the device? Session filtering. MAC filtering. Port number filtering. IP address filtering

MAC Filtering Both switches and wireless access points are Layer 2 devices, meaning they use the MAC address for making forwarding decisions. Both devices typically include some form of security that restricts access based on the MAC address.Routers and firewalls operate at Layer 3, and can use the IP address or port number for filtering decisions. A circuit level gateway is a firewall that can make forwarding decisions based on the session information.

(MMv2C11Q02): Which of the following are popular cryptographic hashing functions? (Select two.) MD5 SHA RADIUS TACACS+

MD5 SHA

(LS Secure Protocols Q06): Which of the following is a secure alternative to RCP? HTTPS FTPS SNMP RSH TFTP

FTPS RCP is used for file transfers but is unsecured. FTP over SSL (FTPS) uses SSL to secure FTP traffic for file transfer. Secure Copy Protocol (SCP) is a secure form of RCP.HTTPS is the secure alternative for HTTP for web browsing. RSH is a secure method for remote administration. SNMP is used for network administration, and earlier versions are not secure.

(LS Detect / Prevent Q10): As a security precaution, you have implemented IPSec that is used between any two devices on your network. IPSec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.What solution should you implement? Port scanner. Network-based IDS. Protocol analyzer. Host-based IDS. VPN concentrator

Host-based IDS. A host-based IDS is installed on a single host and monitors all traffic coming into that host. A host-based IDS can analyze encrypted traffic, because the host operating system decrypts the traffic as it is received. Hence this is the only possible solution to this question.A network-based IDS is a dedicated device installed on the network. It analyzes all traffic on the network. It cannot analyze encrypted traffic because the packet contents are encrypted such that only the recipient can read the package contentsA protocol analyzer examines packets on the network, but cannot look at the contents of encrypted packets. A port scanner probes a device to identify open protocol ports. A VPN concentrator is a device that is used to establish remote access VPN connections.

(LS Detect / Prevent Q05): What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet? Biometric system. Security alarm. Firewall. IDS

IDS An IDS is a security mechanism which can be used to detect attacks originating on the Internet or from within an internal trusted subnet.A firewall is only able to filter traffic crossing through its interfaces, thus it is unlikely to detect attacks within trusted areas that are not being filtered. A security alarm is a form of physical intrusion detection, thus it is not suited for detecting electronic or online attacks. Biometric systems are a form of authentication mechanism, and they are not a detection mechanism.

(LS Detect / Prevent Q02): Which of the following devices can monitor a network and detect potential security attacks? Proxy DNS Server CSU/DSU IDS Load Balancer

IDS An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity.A proxy server is a type of firewall that can filter based on upper layer data. A CSU/DSU is a device that converts the signal received from the WAN provider into a signal that can be used by equipment at the customer site. A DNS server provides IP address to host name resolution. Load-balancing configures a group of servers in a logical group (called a server farm). Incoming requests to the group are distributed to individual members within the group.

(LS Detect / Prevent Q01): Which of the following devices is capable of detecting and responding to security threats? Multilayer switch. DNS server. IDS IPS

IPS An intrusion prevention system (IPS) can detect and respond to security events. An IPS differs from IDS, in that it can respond to, and not just detect, security threats.A DNS server provides IP address to host name resolution. A multilayer switch users an ASIC module to switch packets based on packet or data content instead of using the CPU and software.

(LS Detect / Prevent Q08): You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack.What tool should you use? IPS Port Scanner IDS Packet Sniffer

IPS Use an intrusion prevention system (IPS) to both detect and respond to attacks. An intrusion detection system (IDS) can detect attacks and send notifications, but cannot respond to attacks. (Make sure you can distinguish the difference between IPS and IDS.)Use a port scanner to check for open ports on a system or a firewall. Use a packet sniffer to examine packets on the network.

(LS VPNs Q05): Which of the following network layer protocols provides authentication and encryption services for IP based network traffic? SSL TCP L2TP IPSec

IPSec IPSec is a security implementation that provides security for all other TCP/IP-based protocols that operate above the network layer. IPSec provides authentication through a protocol called IPSec Authentication Header (AH) and encryption services for a protocol called IPSec Encapsulation Security Payloads (ESP).The Transmission Control Protocol (TCP) is a transport layer connection oriented protocol that provides data encryption services. It is not a secure protocol, and relies on other measures, such as IPSec, to provide security. The Secure Sockets Layer (SSL) is an application layer protocol that is designed to secure network traffic from certain other protocols, such as Hypertext Transfer Protocol (HTTP) and Post Office Protocol version 3 (POP3). It does not provide security for protocols lower in the TCP/ IP protocol stack such as TCP and UDP. The Layer 2 Tunneling Protocol (L2TP) is a protocol used to encapsulate Point-to-Point Protocol (PPP) traffic.

(LS Secure Protocols Q07): You have been using SNMP on your network for monitoring and management. You are concerned about the security of this configuration.What should you do? Implement version 3 of SNMP Combine SNMP with SSL implement a RADIUS solution Use SSH instead of SNMP

Implement version 3 of SNMP Simple Network Management Protocol (SNMP) is a protocol designed for managing complex networks. SNMP lets network hosts exchange configuration and status information. The original version of SNMP has several vulnerabilities. For added security, implement version 3 of SNMP.SSH allows for secure interactive control of remote systems, but does not provide the same features as SNMP. RADIUS is used to control remote access authentication, authorization, and accounting from a centralized server

(MMv2C11Q04): Which authentication protocol is time sensitive and is the default authentication protocol on Windows domains? PPP MS-CHAP IPSec Kerberos

Kerberos

(LS Authentication Q11): Which of the following is a feature of MS-CHAP v2 that is not included in CHAP? Three-way handshake. Certificate-based authentication. Mutual authentication. Hashed shared secret

Mutual authentication. MS-CHAP v2 allows for mutual authentication, where the server authenticates to the client. Both CHAP and MS-CHAP use a three-way hand shake process for authenticating users with user names and passwords. The password (or shared secret) value is hashed, and the hash, not the hash secret, is sent for authentication.

(MMv2C11Q09): Which term describes the process of guaranteeing that data that is received is in fact the data that was sent-and that it came from the presumed source? Authentication Authorization Encryption Nonrepudiation

Nonrepudiation

(MMv2C11Q14): Digital signatures and certificates help which aspect of computer security? Accounting Authentication Authorization Nonrepudiation

Nonrepudiation Digital signatures help with nonrepudiation because they guarantee the sender's identity.

(LS Detect / Prevent Q06): You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services.Which tool should you use? IPS Port Scanner System logs IDS Packet Sniffer

Port Scanner Use a port scanner to check for open ports on a system or a firewall. Compare the list of open ports with the list of ports allowed by your network design and security policy. Typically, a port is open when a service starts or is configured on a device. Open ports for unused services expose the server to attacks directed towards that port. Use a packet sniffer to examine packets on the network. With a packet sniffer, you can identify packets directed towards a specific port, but you won't be able to tell if those ports are open. Examine system logs to look for events that have happened on a system, which might include a service starting, but would not likely reflect open ports.An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A passive IDS monitors, logs, and detects security breaches but takes no action to stop or prevent the attack. And active IDS (also called an intrusion protection system or IPS) performs the functions of an IDS, but can also react when security breaches occur.

(LS Switch Scty Q08): You manage a network that uses switches. In the lobby of your building there are three RJ-45 ports connected to a switch.You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network.What feature should you configure? Mirroring. Port authentication. VLANs. Spanning tree. Bonding

Port authentication. Use port authentication to prevent unauthorized access through switch ports. Port authentication is provided by the 802.1x protocol, and allows only authenticated devices to connect to the LAN through the switch. Authentication uses user names and passwords, smart cards, and other identification methods.* When a device first connects, the port is set to an authorized state. Ports in unauthorized states can only be used for 802.1x authentication traffic.* After the server authenticates the device or the user, the switch port is placed in an authorized state, and access to other LAN devices is allowed.With a VLAN you assign each port to a VLAN. If the ports in the lobby were assigned to one VLAN, you could control the type of access through the switch for those ports, but could not modify the access based on user. Using a VLAN, both visitors and employees would have the same access to those ports.Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on a switch and is used to select a single path between any two switches. Mirroring sends traffic from all switch ports to a switch port that you designate as the mirrored port. Bonding allows multiple switch ports to be used at the same time to reach a specific destination.

(LS Switch Scty Q10): Which type of device is required to implement port authentication through a switch? Proxy server. Layer 3 switch. Router. RADIUS Server

RADIUS Server Port authentication is provided by the 802.1x protocol, and allows only authenticated devices to connect to the LAN through the switch. 801.1x requires a RADIUS server (also called and AAA server) to validate the authentication credentials.A router or a Layer 3 switch is required to enable communication between VLANs. A proxy server controls access based on URL or other upper layer information.

(MMv2C11Q11): What is the difference between RADIUS and TACACS+? RADIUS is authentication control for Windows networks while TACACS+ is authentication control for UNIX/Linux networks. RADIUS is an implementation of authentication control while TACACS+ is an implementation of authorization control. RADIUS is a generic name for authentication control, and there are implementations for Windows, UNIX, and Linux servers. TACACS+ is authentication control for Cisco routers and switches. RADIUS supports encryption, TACACS+ does not and is therefore less desirable in a network.

RADIUS is a generic name for authentication control, and there are implementations for Windows, UNIX, and Linux servers. TACACS+ is authentication control for Cisco routers and switches.

(MMv2C11Q15): Which authorization model grants privileges based on the group membership of network users? MAC DAC RBAC GAC

RBAC Role-based access control (RBAC) grants privileges based on a user's group membership.

(LS Secure Protocols Q04): As network administrator you are asked to recommend a secure method of transferring data between hosts on the network. Which of the following protocols would you recommend? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). SCP TDP FTP RCP SFTP

SCP SFTP The Secure File Transfer Protocol (SFTP) is a file transfer protocol that uses Secure Shells (SSH) to secure data transfers. SSH ensures that SFTP transmissions use encrypted commands and data which prevent data from being transmitted over the network in clear text.The Secure Copy (SCP) Protocol is associated with UNIX/Linux. Like SFTP, SCP relies on SSH to ensure that data and passwords are not transmitted over the network in clear text.The Remote Copy Protocol (RCP) and the File Transfer Protocol (FTP) are used to transfer files between computers however, both are insecure protocols and transmit data over the network in clear text. Data and passwords sent over the network in clear text are in danger of being tampered or read during transmission making them inappropriate for many network applications.

(MMv2C11Q08): What must you include in order to have a PKI infrastructure? Web server Web of trust Root authority Unsigned certificate

Root authority

(LS Switch Scty Q04): You manage a network with two switches. These switches are connected together through their Gigabit Ethernet uplink ports.You define VLAN1 and VLAN2 on each switch. A device on the first switch in VLAN1 needs to communicate with a device on the second switch which is VLAN2What should you configure to allow communication between these two devices through the switches? Spanning tree. Routing. Trunking. PoE Mirroring

Routing. In a typical configuration with multiple VLANs and a single or multiple switches, workstations and one VLAN will not be able to communicate with workstations in other VLANs. To enable inter-VLAN communication, you'll need to use a router (or a Layer 3 switch).Trunking is used to configure switch ports to carry VLAN traffic between switches, or between a router and a switch. If you configured a single router to connect to the switch with a single physical interface, you would have to configure trunking on that interface in addition to configuring routing, however trucking by itself would not enable the two devices to communicate.Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on a switch and is used to select a single path between any two switches. Mirroring sends traffic from all switch ports to a switch port that you designate as the mirrored port. Power over Ethernet (PoE) supplies power to end devices through the RJ45 Ethernet switch port.

(LS VPNs Q06): You want to allow traveling users to connect to your private network through the Internet. Users will connect from various locations including airports, hotels, and public access points such as coffee shops and libraries. As such, you won't be able to configure the firewalls that might be controlling access to the Internet in these locations.Which of the following protocols would be most likely to be allowed through the widest number of firewalls? PPPoE SSL IPSec PPTP L2TP

SSL Ports must be opened in firewalls to allow VPN protocols. For this reason, using SSL for the VPN often works through firewalls when other solutions do not because SSL uses port 443; a port that is often already open in order to allow HTTPS traffic. In addition, some NAT solutions do not work well with VPN connections.PPTP uses port 1723; L2TP uses port 1701 and 500; and IPSec uses UDP port 500 for the key negotiation protocol (IKE).PPP over Ethernet (PPPoE) is used for connections that have an "always on" state, such as DSL or fiber optic running Ethernet. PPPoE is a modification of PPP that allows for negotiation of additional parameters that are typically not present on a regular Ethernet network. ISPs typically implement PPPoE to control and monitor Internet access over broadband links.

(LS Secure Protocols Q01): Which of the following protocols are often added to other for recalls to provide secure transmission of data? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). SSL HTTPS TLS SMTP SNMP

SSL TLS Both Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols that are used with other protocols to air security. In addition, Secure Shell (SSH) can be used to add security when using un-secure protocols.HTTPS is the secure form of HTTP that uses SSL. SMTP is used for sending e-mail. SNMP is a network management protocol.

(MMv2C11Q01): Justin wants his team to be able to send him encrypted e-mails.What should he do? Send to each team member his private key. Send to each team member his public key. Ask each team member for their private key. Ask each team member for their public key.

Send to each team member his public key. Justin should send to each team member a copy of his public key. He can then decrypt the messages with his private key. This is known as asymmetric key encryption which is using both a public key to encrypt and a private key to decrypt.

(LS Detect / Prevent Q11): Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities that are listed in the database? Anomaly analysis based. Heuristics-based. Stateful inspection-based. Signature-based

Signature-based A signature-based or a pattern matching based IDS is a detection system which searches for intrusion or attack attempts by recognizing patterns that are listed in the database.A heuristics-based IDS is able to perform some level of intelligent statistical analysis of traffic to detect attacks. Anomaly analysis based IDS looks for changes to the normal patterns of traffic. Stateful inspection-based IDS searches for attacks by inspecting packet contents and being able to associate one packet with another; it looks for attacks in overall data streams rather than individual packets.

(LS Switch Scty Q05): When configuring VLANs on a switch, what is used in order to identify VLAN membership of a device? IP Address Hostname Switch port MAC address

Switch Port VLAN membership is configured by assigning a switch port to a VLAN. A switch can have multiple VLANs configured on it, but each switch port can only be a member of a single VLAN. All devices connected to a switch port are members of the same VLAN.

(MMv2C11Q10): If you saw some traffic running on TCP port 49, what AAA standard would you know was running? PPP RADIUS MS-CHAP TACACS+

TACACS+

(MMv2C11Q17): Which of the following more robust protocols replaced SSL? FTPS TLS RADIUS EAP

TLS

(LS Detect / Prevent Q07): What actions can a typical Passive Intrusion Detection System (IDS) take when it detects an attack? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). The IDS logs all pertinent data about the intrusion. The IDS configuration is change dynamically and the source IP address is banned. An alert is generated and delivered via e-mail, the console, or an SNMP trap. LAN side clients are halted and removed from the domain

The IDS logs all pertinent data about the intrusion. An alert is generated and delivered via e-mail, the console, or an SNMP trap. The main functions of a passive IDS are to log suspicious activity and generate alerts if the attack is deemed to be severe. Additional functionality can be achieved by using a more advanced type of IDS, called an active IDS. An active IDS can automate responses that may include dynamic policy adjustment and reconfiguration of supporting network devices to block the offending traffic.

(LS VPNs Q01): A VPN is used primarily for which of the following purposes? To allow the use of network attached printers. To allow remote systems to save on long-distance charges. To support the distribution of public Web documents. To support secured communications over and the trusted network.

To support secured communications over and the trusted network. A VPN (virtual private network) is used primarily to support secure communications over an untrusted network. A VPN can be used over a local network, across a WAN connection, over the Internet, and even between a client and a server over a dial-up connection through the Internet. All of the other items listed in this question are benefits or capabilities of our secondary to this primary purpose.

(LS Switch Scty Q06): When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch? Group of answer choices Any port not assigned to a VLAN. Trunk ports. Each port can only be a member of a single VLAN. Gigabit and a higher Ethernet ports. Uplink ports

Trunk ports A trunk port is a member of all VLANs defined on a switch, and carry traffic between the switches. When trunking is used, frames that are sent over a trunk port are tagged by the first switch with the VLAN ID so that the receiving switch knows to which VLAN the frame belongs. Typically, uplink ports (that are faster than the other switch ports) are used for trunk ports, although any port can be designated as a trunking port.On an unconfigured switch, ports are members of a default VLAN (often designated VLAN 1). When you remove the VLAN membership of a port, it is reassigned back to the default VLAN, therefore the port is always a member of one VLAN.

(LS Switch Scty Q03): You manage a network with two switches. These switches are connected together through their Gigabit Ethernet uplink ports.You define VLAN1 and VLAN2 on each switch. A device on the first switch in VLAN1 needs to communicate with a device on the second switch also in VLAN1What should you configure to allow communication between these two devices through the switches? Bonding. Layer 3 switching. Spanning tree. Trunking

Trunking A trunk port is used to connect to switches together:* Typically, Gigabit Ethernet ports are used for trunk ports, although any port can be a trunking port,* A trunk port is a member of all the LANs, and carries traffic between the switches.,* When trunking is used, frames that are sent over a trunk port are tagged with the VLAN ID so that the receiving switch knows to which VLAN the frame belongs,* The trunking protocol describes the format that switches use for tagging frames within the VLAN ID.* VLAN tagging is also used for frames that travel between switches on the same trunk ports.Use a Layer 3 switch or a router to enable devices in different VLANs to communicate with each other.Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on each switch and is used to select a single path between any two switches. Bonding allows multiple switch ports to be used at the same time to reach a specific destination.

(MMv2C11Q16): Which of the following statements best defines symmetric key encryption? Uses both a public and private key Uses two public keys Uses on a single secret key Uses two different secret keys

Uses on a single secret key Symmetric-key algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance. Hence it depends on a single secret key.

(LS Switch Scty Q12): You run a small network for your business that has a single router connected to the Internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch.What should you use for this situation? VPN Spanning Tree Expanding Tree VLAN Port Security

VLAN Define VLANs on the switch. With a VLAN a port on the switch is associated with a VLAN. Only devices connected to ports that are members of the same VLAN can communicate with each other. Routers are used to allow communications between VLANs if necessary.Use virtual private networks (VPNs) to connect two host securely through an unsecured network such as the Internet. VPN tunneling protocols protect data as it travels through the unsecured network. Spanning tree is a switch feature that allows for redundant paths between switchers. Port security is a method of requiring authentication before a network connection is allowed.

(LS Switch Scty Q02): Which switch features are typically used with VoIP? (Select two answers only. You must have both answers correct for credit. There is no partial credit for this question). Mirroring Spanning Tree VLAN PoE

VLAN PoE When configuring Voice over IP (VoIP), switches with Power over Ethernet (PoE) capabilities provide power to the VoIP phone through an Ethernet cable, the same cable that is used for transmitting data signals. Virtual LANs (VLANs) are often used to distinguish voice traffic from data traffic, so that Quality of Service (QoS) measures can be applied to traffic that is part of the voice VLAN.Bonding allows multiple switch ports to be used at the same time to reach a specific destination. Spanning tree is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. The spanning tree protocol runs on a switch and is used to select a single path between any two switches. Mirroring sends traffic from all switch ports to a switch port that you designate as the mirrored port.

(LS Switch Scty Q13): Your company is a small startup company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access.You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request or have implemented? VPN Port Security Spanning Tree Base Security VLANs

VLANs Define VLANs on the switch. With a VLAN a port on the switch is associated with a VLAN. Only devices connected to ports that are members of the same VLAN can communicate with each other. Routers are used to allow communications between VLANs if necessary.Use virtual private networks (VPNs) to connect two host securely through an unsecured network such as the Internet. VPN tunneling protocols protect data as it travels through the unsecured network. Spanning tree is a switch feature that allows for redundant paths between switchers. Port security is a method of requiring authentication before a network connection is allowed.

(LS Switch Scty Q09): You manage a network that uses a single switch. All ports within your building connect through this single switch.In the lobby of your building there are three RJ-45 ports connected to the switch. You want to allow visitors to plug into the ports to gain Internet access, but they should not have access to any of the devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access.Which feature should you implement? VLANs NAT Port Authentication DMZ

VLANs Use VLANs to segregate hosts based on switch ports. You could define to VLANs: one for employees connected throughout the building, and the other for the ports in the lobby. The ports in the lobby would have only Internet access, while devices connected to ports in the rest of the building could communicate with other devices within the same VLAN.You would use port authentication to control access to the network based on things such as username and password. Port authentication would allow or deny access, but would not restrict access once authenticated, or provide any type of access is not authenticated.A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between the private network and an un-trusted network (such as the Internet). Network Address Translation (NAT) modifies the IP addresses in packets as they travel from one network (such as a private network) to another network ( such as the Internet). NAT allows you to connect a private network to the Internet without obtaining registered addresses for every host. Hosts on the private network share the registered IP addresses of the NAT device.

(LS VPNs Q02): You have a group of salesmen who would like to access your private network through the Internet while they are traveling. You want to control access to the private network through a single server.Which solution should you implement? RADIUS DMZ VPN concentrator IPS IDS

VPN concentrator With a remote access VPN, a server on the edge of a network (called a VPN concentrator) is configured to accept VPN connections from individual hosts. Hosts that are allowed to connect using the VPN connection are granted access to resources on the VPN server or the private network.A demilitarized zone (DMZ) also called a screened subnet, is a buffer network (or subnet) that sits between the private network and an un-trusted network (such as the Internet). A RADIUS server is used to centralize authentication, authorization, and accounting for multiple remote access servers. However, clients still connect to individual remote access servers.And intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A passive IDS monitors, logs, and detects security breaches but takes no action to stop or prevent the attack. And active IDS (also called an intrusion protection system or IPS) performs the functions of an IDS, but can only react when security breaches occur.