Exam 2
Due to many vulnerabilities and a short key length, the WPA security standard was replaced with WEP. True or False?
False
NFC tags are very expensive and cannot be purchased blank, requiring them to be pre-loaded. True or False?
False
Only Class B and Class C networks can be subnetted. True or False?
False
What is hashing, and how does it differ from encryption?
Hashing means to transform data through an algorithm that reduces the amount of space needed for the data. It differs from encryption because it can't be decrypted.
What is the difference between an Intrusion Detection System and an Intrusion Protection System?
IDS is a monitoring system, IPS is a control system. IDS only detects if there is an issue but does not alter anything, whereas IPS will prevent delivery if necessary.
What is MAC address spoofing?
MAC address spoofing is a technique which allows you to change a MAC address. Though MAC addresses on a NIC cannot be changed, there is a way to make an OS believe the NIC has a MAC address the user chose. This process, where you mask a MAC address, is MAC address spoofing.
What is vulnerability scanning, and what are the two different types of vulnerability scans?
Vulnerability scanning identifies vulnerabilities in a network, usually by the company itself, not by someone attempting to exploit the vulnerabilities. The two types of it are authenticated and unauthenticated.
Describe how the fiber is run between the campus buildings.
With Multi Mode and Single Mode fiber.
A subnet of 255.255.248.0 can be represented by what CIDR notation? a. /29 b. /18 c. /21 d. /20
c. /21
At what layer of the OSI model do the 802.11 standards vary? a. Network layer b. Transport layer c. Physical layer d. Data link layer
c. Physical layer
What type of device can be used to assess the quality of a wireless signal? a. frequency hopper b. Wi-Fi analyzer c. spectrum analyzer d. channel scanner
c. spectrum analyzer
By default, when using classful addressing, how many bits exist in the host portion of a Class A address? a. 16 b. 8 c. 32 d. 24
d. 24
A network with a CIDR notation of /26 would have what subnet mask? a. 255.255.255.0 b. 255.255.255.224 c. 255.255.255.240 d. 255.255.255.192
d. 255.255.255.192
What scenario describes an evil twin attack? a. An attacker is actively attempting to brute force the PIN of a WPS enabled access point. b. A hacker is utilizing a protocol analyzer on a public Wi-Fi network to discover packet contents. c. A hacker is actively sending wireless probes to discover available wireless networks. d. A malicious access point is configured with the SSID of a non-malicious public access point.
d. A malicious access point is configured with the SSID of a non-malicious public access point.
List and describe the four different locations in which anti-malware can be installed.
host-based- It provides insufficient coverage when a large portion of the network is virtualized network-based- It can provide a formidable layer of defense, but it does nothing to protect the network from the risks of infected files on flash drives/laptops/smartphones cloud-based- It provides scalability, cost efficiency, and and shared resources, but it can be buggy and can be a challenge to ensure the challenge covers the entire network. server-based- It protects important files, but slows your network performance
Name the 7 layers of the OSI model in order. Make sure to number them with 1 being the lowest level.
1. Physical 2. Data link 3. Network 4. Transport 5. Session 6. Presentation 7. Application
What are the three components required to manage access control to a network and its resources?
Accounting, authentication, authorization.
What is a Variable Length Subnet Mask (VLSM), and how is it created?
It allows subnets to be subdivided into smaller groupings until each subnet is about the same size as the necessary IP address space. To create them, you create the largest subnet first, the next largest subnext next, etc.
When configuring a new device, why should changing the administrative credentials be a top priority?
It can be insecure to leave it unchanged.
Why should an access point not always utilize all the power it has for broadcasting wireless signals?
It could cause interference.
Where does the term trunk originate from, and how does it apply to modern networking?
It originated from the telephony field, it refers to an aggregation of logical connections over one physical connection. In modern networking, it's a technique that allows a switch to support traffic belonging to multiple VLANs across the network.
Where is the demark for the campus' network connection?
It was attached to the outside of the Science Center.
When deciding antenna types, why might the use of an omnidirectional antenna be inadvisable?
It would be inadvisable if you wanted the source to communicate with one destination or in a specific area, in which you'd use a unidirectional antenna instead.
In 1993, the IETF devised a shorthand method for identifying network and host bits in an IP address. What is this method, and how do you use it?
It's CIDR, which takes the network ID/a host's IP address and follows it with a forward slash, then the number of bits used for the network ID.
What is multifactor authentication, and what are some examples?
It's an authentication process that requires 2 or more pieces of info. Examples would be facial recognition or fingerprints.
Why should the WPS PIN feature be avoided if possible?
It's insecure and fairly vulnerable to attacks/hacking
How is an acceptable use policy typically used?
It's typically used to explain to users what they can and can't do while accessing the network's resources. It gives detailed information on the various restrictions for employees.
What is the difference between single mode fiber and multimode fiber, and how do they compare?
SMF are narrow, with a core of only 8-10 microns in diameter, while MMF has a core between 50-62.5 microns. Signal traveling is also fairly different with either one, with SMF using a laser-generated light which reflects very little, and thus the light doesn't disperse as the signal travels along the fiber. On the other had, with MMF, many pulses of light generated by LED/laser travel at various angles, which causes the signals to experience greater attenuation. A similarity between the two is that they both transition at an FDP.
What are some of the characteristics of malware that make it difficult to detect?
Some malware is encrypted to prevent detection, some disguise itself as legit programs or replaces part of a program's code with destructive code, some malware are polymorphic (it can change its characteristics every time it's transferred to a new system), and some are time dependent and will only activate on a specific date (ex. logic bombs).
Besides the data network what other networks terminate in the data closets?
Telephone network
What type of fire suppression does the campus use in the data closets? Why does this make sense for the campus?
The closets had sprinklers which could act as a source of fire suppression. They were used because the chance of a fire is fairly low so there isn't a point to getting more expensive fire suppression equipment.
What are the different transceiver types that have made the GBIC obsolete?
The different transceiver types that have made the GBIC obsolete are the SFP, which is more compact, the XFP, which supports up to 10 Gbps, SFP+, which has a maximum transmission speed of 16 Gpbs, QSFP, which puts four channels in a single transceiver which supports data rates up to 40 Gbps, and QSFP+, which supports data rates over 40 Gbps.
What is the hidden node problem, and how can it be mitigated?
The hidden node problem is when a node can't directly communicate with other nodes connected to the AP. RTS/CTS can help.
ARP tables might contain two different types of entries. What are they, and how are they created?
The two different types of entries are static and dynamic ARP table entries. Dynamic ARP table entries are created when a client makes a request for info that couldn't be satisfied by data that was already in the ARP table. It will then receive new info which is recorded in the table for future references. Static ARP table entries are created when someone manually enters them. They provide a way of obtaining info from and manipulating a device's ARP table.
In the server room how are the cables run between racks? Why are they run this way?
They were run with a cable ladder rack. It's more economical and organized.
How does a zero-day exploit differ from a typical exploit?
They're more dangerous than a typical exploit as the vulnerability is exploited before the developer has the opportunity to provide a solution for it.
All wireless signals are carried through the air by electromagnetic waves. True or False?
True
An unmanaged switch can still support the creation of VLANs, provided there is an interface for configuration. True or False?
True
In order to identify the transmissions that belong to each VLAN, a switch will add a tag to Ethernet frames that identifies the port through which they arrive at the switch. True or False?
True
The most secure Wi-Fi communication is made possible by combining a RADIUS server with WPA or WPA2, known as WPA-Enterprise or WPA2-Enterprise, respectively. True or False?
True
What IEEE standard specifies how VLAN information appears in frames and how switches interpret that information? a. 802.1Q b. 802.1c c. 802.1d d. 802.1V
a. 802.1Q
What optional protocol can be used in 802.11 to reserve the medium for one node's use? a. RTS/CTS (Request to Send/Clear to Send) b. RT/FT (Request Time/Fair Time) c. RAR/CTU (Reserve Airtime Request/Clear to Use) d. HA/RA (Hold Airtime/Reserved Airtime)
a. RTS/CTS (Request to Send/Clear to Send)
What is NOT one of the ways in which networks are commonly segmented? a. by device manufacturer b. by departmental boundaries c. by device types d. by geographic location
a. by device manufacturer
Upon connecting to a Wi-Fi network, you're redirected to a login screen and a request to accept terms of service before being connected. What is this an example of? a. captive portal b. guest network profile c. browser hijacking d. WPA2-Enterprise
a. captive portal
When using RFID, what is an ARPT (Active Reader Passive Tag)? a. It is a battery-powered tag actively transmits its credentials at regular time intervals, which can be read remotely. b. It is a tag that is activated by an active reader, and uses power from the reader's radio to power its transmission. c. It is a tag that requires an active reader, but still contains a battery in the tag. d. It is a tag that can be read remotely up to a distance of 50 m, but requires a powerful active reader.
b. It is a tag that is activated by an active reader, and uses power from the reader's radio to power its transmission.
The use of multiple antennas on an access point to issue a signal to one or more receivers is enabled by what 802.11 innovation? a. spread spectrum frequency hopping b. channel bonding c. frame aggregation d. multiple input-multiple output (MIMO)
d. multiple input-multiple output (MIMO)
