CIS-345 chapter4
50. What is MAC address spoofing?
MAC address spoofing is the impersonation of an MAC address by an attacker. On a network where access is limited to certain devices based on their MAC address, an attacker can spoof an approved device's MAC address and gain access to the network. This is a relatively easy attack to carry out, which is why MAC address filtering is not considered a reliable way to control access to a network.
17. Which of the following is not a task handled by a router? a. A router forwards broadcasts over the network. b. A router can reroute traffic if the path of first choice is down but a second path is available. c. A router can interpret Layer 3 and often Layer 4 addressing. d. A router can connect dissimilar networks.
A
22. What happens when a router receives a packet with a TTL of 0? a. The router drops the packet and sends an ICMP TTL expired message back to the host. b. The router attempts to forward the traffic on a local network. c. The router resets the TTL to 128. d. The router marks the packet as corrupted and forwards it to the next hop.
A
24. What is routing protocol convergence time defined as? a. It is the time it takes for the protocol to recognize the best path in the event of a network change. b. It is the time it takes for the protocol to recognize that a change has occurred. c. It is the amount of time it takes after initial configuration of the protocol for all routes to become known. d. It is the amount of time involved in configuration of the routing protocol.
A
28. What tcpdump command can be used to filter out all traffic except SSH traffic? a. tcpdump port 22 b. tcpdump -p 22 c. tcpdump only ssh d. tcpdump -f +ssh
A
32. You have been tasked with maintaining a network that is jumbo frame enabled. What does this mean? a. The MTU for the network can be as high as 9198 bytes. b. The network is not based on the Ethernet standard. c. Fragmented frames will be consolidated into whole frames before being sent. d. The MTU for the network is set at 65,535 bytes.
A
46. How can a network switch be said to operate at Layer 4 of the OSI model?
A Layer 4 switch is capable of interpreting Layer 4 data. They operate anywhere between Layer 4 and Layer 7 and are also known as content switches or application switches. Among other things, the ability to interpret higher layer data enables switches to perform advanced filtering, keep statistics, and provide security functions. In general, however, a Layer 4 switch is still optimized for fast Layer 2 data handling.
48. ARP tables might contain two different types of entries. What are they, and how are they created?
ARP tables can contain two types of entries: dynamic and static. Dynamic ARP table entries are created when a client makes an ARP request for information that could not be satisfied by data already in the ARP table; once received, the new information is recorded in the table for future reference. Static ARP table entries are those that someone has entered manually using the ARP utility. This ARP utility, accessed via the arp command in both Windows and Linux, provides a way of obtaining information from and manipulating a device's ARP table.
47. What are some of the basic functions of a network router?
Although any one router can be specialized for a variety of tasks, all routers can do the following: * Connect dissimilar networks, such as a LAN and a WAN, which use different types of routing protocols. * Interpret Layer 3 and often Layer 4 addressing and other information (such as quality of service indicators). * Determine the best path for data to follow from point A to point B. The best path is the most efficient route to the message's destination calculated by the router, based upon the information the router has available to it. * Reroute traffic if the path of first choice is down but another path is available.
38. Originally codified by ISO, what does the "intermediate system" in IS-IS (Intermediate System to Intermediate System) stand for? a. The autonomous systems used by an organization. b. An entire network consisting of various network devices. c. The administrative boundaries of an organization. d. An IS-IS capable network router.
D
14. What utility is the equivalent to the pathping command on a Linux system? a. mtr b. tracepath c. traceroute d. hping
A
12. What field in an IPv4 packet informs routers the level of precedence they should apply when processing an incoming packet? a. Differentiated Services (DiffServ) b. Internet header length (IHL) c. Time to Live (TTL) d. Padding
A
13. What command will list only current connections, including IP addresses and port numbers? a. show ip stats b. netstat -n c. netstat -s d. portstat
B
16. In a TCP segment, what field indicates how many bytes the sender can issue to a receiver before acknowledgment is received? a. urgent pointer b. sliding-window c. URG flag d. PSH flag
B
19. You are connected to your network's Cisco router, and need to verify the route table. What command should you enter? a. route print b. show ip route c. route -a d. show route-table
B
21. What is the purpose of the checksum TCP field? a. It specifies special options, such as the maximum segment size a network can handle. b. It allows the receiving node to determine whether the TCP segment became corrupted during transmission. c. It identifies the data segment's position in the stream of data segments being sent. d. It confirms receipt of data via a return message to the sender.
B
29. Which command will produce statistics about each message transmitted by a host, separated according to protocol type? a. ipconfig -s b. netstat -s c. ipstat -a d. netstat -an
B
30. When using the Routing Information Protocol (RIP), what is the maximum number of hops a message can take between its source and its destination before the destination is considered unreachable? a. 8 b. 15 c. 20 d. 32
B
35. By default, what is the MTU size on a typical Ethernet network? a. 1492 bytes b. 1500 bytes c. 1518 bytes d. 1522 bytes
B
39. What statement regarding the differences between the Windows tracert utility and the Linux/UNIX/macOS traceroute utility is accurate? a. Only tracert can send UDP messages for tracing a path. b. By default, the tracert utility uses ICMP echo requests, while traceroute uses UDP datagrams or TCP SYN messages. c. The Windows tracert utility does not place limits on the TTL of repeated trial messages. d. The tracert utility expects an ICMP port unreachable error message as the final reply to a trace.
B
11. What is NOT one of the three characteristics of TCP in its role as a reliable delivery protocol? a. Connection-oriented Protocol b. Sequencing and checksums c. Framing d. Flow Control
C
15. Which statement regarding the Border Gateway Protocol (BGP) is accurate? a. BGP is limited to a single autonomous system. b. BGP is exclusively a distance-vector protocol. c. BGP utilizes TCP for communicating updates. d. BGP is a more advanced version of OSPF.
C
18. The IP connectionless protocol relies on what other protocol to guarantee delivery of data? a. UDP b. ICMP c. TCP d. ARP
C
23. In IPv6, what field is used to indicate what sequence of packets from one source to one or multiple destinations a packet belongs to? a. traffic class b. group ID c. flow label d. traffic exchange
C
27. You have been tasked with the replacement of OSPF with EIGRP throughout your organization, which consists of a mixture of Cisco routers and routers from other vendors. What statement is accurate? a. EIGRP will increase CPU utilization on core routers. b. Increased traffic will result from the switch to EIGRP. c. EIGRP may not be available on non-Cisco routers. d. Convergence time will be increased with EIGRP.
C
33. What IPv6 field is similar to the TTL field in IPv4 packets? a. flow label b. next header c. hop limit d. distance vector
C
36. What routing metric affects a path's potential performance due to delay? a. theoretical bandwidth b. MTU c. latency d. load
C
40. In the event of a duplicate MAC address shared by two hosts on a switched network, what statement is accurate? a. The hosts that share the same MAC addresses will be completely unable to communicate with any other devices. b. The hosts will generate new MAC addresses until the conflict is resolved. c. The hosts will still send and receive traffic, but traffic may not always reach the correct destination. d. The network switch will eventually crash due to being unable to properly forward traffic.
C
20. Which traceroute command will perform a trace using ICMP echo requests instead of UDP datagrams to the host srv1.mycompany.com? a. traceroute -i srv1.mycompany.com b. traceroute -w srv1.mycompany.com c. traceroute -o ICMP srv1.mycompany.com d. traceroute -I srv1.mycompany.com
D
25. Routing protocols that enable routers to communicate beyond neighboring routers, allowing each router to independently map the network, are known as which type of protocols? a. interior gateway protocols b. border gateway protocols c. distance vector protocols d. link-state protocols
D
26. Which routing protocol started as a Cisco proprietary protocol and combines some of the features of a link-state protocol with that of distance-vector protocols? a. IS-IS b. BGP c. OSPF d. EIGRP
D
31. What occurs when a collision happens on a network? a. The collision goes undetected, and data transmission continues. b. The collision will create an error in the network switch, but otherwise, no issues will occur as a result. c. Each node on the network stops transmitting, until manually told to reconnect and transmit. d. Each node on the network waits a random amount of time and then resends the transmission.
D
34. If the VLAN tag is present in an Ethernet frame, what is the maximum frame size? a. 1492 bytes b. 1500 bytes c. 1518 bytes d. 1522 bytes
D
37. Which statement does NOT accurately describe characteristics of the OSPF protocol? a. OSPF maintains a database of other routers' links. b. OSPF has no hop limits on a transmission path. c. OSPF provides low network overhead. d. OSPF requires very little CPU or memory resources.
D
1. UDP provides error checking, but not sequencing.
False
10. The CTRL + S key combination can be used to stop an actively running command.
False
3. IPv4 and IPv6 use the same packet format.
False
4. TCP uses a four-step process called a four-way handshake to establish a TCP connection.
False
7. Routing Information Protocol (RIP) is an interior gateway protocol that uses a link-state algorithm.
False
9. The pathping utility sends 10 pings per hop by default.
False
41. How does IPv6 utilize Neighbor Discovery Protocol to detect neighboring devices?
IPv6 devices use NDP (Neighbor Discovery Protocol) in ICMPv6 messages to automatically detect neighboring devices, and to automatically adjust when neighboring nodes fail or are removed from the network. NDP eliminates the need for ARP and some ICMP functions in IPv6 networks, and is much more resistant to hacking attempts than ARP.
43. How are routing paths determined?
Routing paths are determined in one of two ways: * static routing-A network administrator configures a routing table to direct messages along specific paths between networks. For example, it's common to see a static route between a small business and its ISP. However, static routes can't account for occasional network congestion, failed connections, or device moves, and they require human intervention. * dynamic routing-A router automatically calculates the best path between two networks and accumulates this information in its routing table. If congestion or failures affect the network, a router using dynamic routing can detect the problems and reroute messages through a different path. When a router is added to a network, dynamic routing ensures that the new router's routing tables are updated.
44. What are some examples of routing metrics that can be used to determine the best path for a network?
Some examples of routing metrics used to determine the best path may include: * Hop count, which is the number of network segments crossed * Theoretical bandwidth and actual throughput on a potential path * Delay, or latency, on a potential path, which results in slower performance * Load, which is the traffic or processing burden sustained by a router in the path * MTU, which is the largest IP packet size in bytes allowed by routers in the path without fragmentation (excludes the frame size on the local network) * Routing cost, which is a value assigned to a particular route as judged by the network administrator; the more desirable the path, the lower its cost * Reliability of a potential path, based on historical performance * A network's topology
42. What are the different categories of routers, and how do they compare?
Some of the different categories of routers are as follows: * Core routers, also called interior routers, are located inside networks within the same autonomous system. An AS (autonomous system) is a group of networks, often on the same domain, that are operated by the same organization. An AS is sometimes referred to as a trusted network because the entire domain is under the organization's control. Core routers communicate only with routers within the same AS. * Edge routers, or border routers, connect an autonomous system with an outside network, also called an untrusted network. For example, the router that connects a business with its ISP is an edge router. * Exterior router refers to any router outside the organization's AS, such as a router on the Internet backbone. Sometimes a technician might refer to her own edge router as an exterior router because it communicates with routers outside the AS. But keep in mind that every router communicating over the Internet is an edge router for some organization's AS, even if that organization is a large telecommunications company managing a portion of the Internet backbone.
45. There are several interior gateway protocols, but only one current exterior gateway protocol. What is this protocol, and what characteristics does it have?
The Border Gateway Protocol (BGP) is the only current exterior gateway protocol, and has been dubbed the "protocol of the Internet." Whereas OSPF and IS-IS scouting parties only scout out their home territory, a BGP scouting party can go cross-country. BGP spans multiple autonomous systems and is used by edge and exterior routers on the Internet. Here are some special characteristics of BGP: * path-vector routing protocol-Communicates via BGP-specific messages that travel between routers over TCP sessions. * efficient-Determines best paths based on many different factors. * customizable-Can be configured to follow policies that might, for example, avoid a certain router, or instruct a group of routers to prefer one particular route over other available routes.
49. How is the TTL (Time to Live) field utilized in IPv4?
The TTL field indicates the maximum duration that the packet can remain on the network before it is discarded. Although this field was originally meant to represent units of time, on modern networks it represents the number of times a packet can still be forwarded by a router, or the maximum number of router hops it has remaining.The TTL for packets varies and can be configured; it is usually set at 32 or 64. Each time a packet passes through a router, its TTL is reduced by 1. When a router receives a packet with a TTL equal to 0, it discards that packet and sends a TTL expired message via ICMP back to the source host.
2. IP is an unreliable, connectionless protocol, as it does not establish a session to send its packets.
True
5. The cost of upgrading infrastructure has been a major factor in the slow adoption of IPv6.
True
6. In general, a Layer 3 or Layer 4 switch is still optimized for fast Layer 2 data handling.
True
8. The Border Gateway Protocol is considered to be a hybrid routing protocol.
True