Network Security Chapter 6
Which of the following would you set up in a multifunction SOHO router? A. DMZ B. DOS C. OSI D. ARP
DMZ
Which of the following devices would most likely have a DMZ interface? A. Switch B. VoIP phone C. Proxy server D. Firewall
Firewall
Your network uses the subnet mask 255.255.255.224. Which of the following IPv4 addresses are able to communicate with each other? (Select the two best answers.) A. 10.36.36.126 B. 10.36.36.158 C. 10.36.36.166 D. 10.36.36.184 E. 10.36.36.224
10.36.36.166 10.36.36.184
Which of the following is a private IPv4 address? A. 11.16.0.1 B. 127.0.0.1 C. 172.16.0.1 D. 208.0.0.1
172.16.0.1
Which of the following might be included in Microsoft Security Bulletins? A. PHP B. CGI C. CVE D. TLS
CVE
In your organization's network you have VoIP phones and PCs connected to the same switch. Which of the following is the best way to logically separate these device types while still allowing traffic between them via an ACL? A. Install a firewall and connect it to the switch B. Create and define two subnets, configure each device to use a dedicated IP address, and then connect the whole network to a router C. Install a firewall and connect it to a dedicated switch for each type of device D. Create two VLANs on the switch connected to a router
Create two VLANs on the switch connected to a router
Which of the following should be placed between the LAN and the Internet? A. DMZ B. HIDS C. Domain controller D. Extranet
DMZ
A security analyst wants to ensure that all external traffic is able to access an organization's front-end servers but also wants to protect access to internal resources. Which network design element is the best option for the security analyst? A. VLAN B. Virtualization C. DMZ D. Cloud computing
DMZ
You see a network address in the command-line that is composed of a long string of letters and numbers. What protocol is being used? A. IPv4 B. ICMP C. IPv3 D. IPv6
IPv6
You ping a hostname on the network and receive a response including the address 2001:4560:0:2001::6A. What type of address is listed within the response? A. MAC address B. Loopback address C. IPv6 address D. IPv4 address
IPv6 address
Your boss (the IT director) wants to move several internally developed software applications to an alternate environment, supported by a third party, in an effort to reduce the footprint of the server room. Which of the following is the IT director proposing? A. PaaS B. IaaS C. SaaS D. Community cloud
IaaS
You receive complaints about network connectivity being disrupted. You suspect that a user connected both ends of a network cable to two different ports on a switch. What can be done to prevent this? A. Loop protection B. DMZ C. VLAN segregation D. Port forwarding
Loop protection
Which of these hides an entire network of IP addresses? A. SPI B. NAT C. SSH D. FTP
NAT
Which of the following cloud computing services offers easy-to-configure operating systems? A. SaaS B. IaaS C. PaaS D. VM
PaaS
Your organization uses VoIP. Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic? A. NAT B. QoS C. NAC D. Subnetting
QoS
Which of the following statements best describes a static NAT? A. Static NAT uses a one-to-one mapping B. Static NAT uses a many-to-many mapping C. Static NAT uses a one-to-many mapping D. Static NAT uses a many-to-one mapping
Static NAT uses a one-to-one mapping
You want to reduce network traffic on a particular network segment to limit the amount of user visibility. Which of the following is the best device to use in this scenario? A. Switch B. Hub C. Router D. Firewall
Switch
Analyze the following network traffic logs depicting communications between Computer1 and Computer2 on opposite sides of a router. The information was captured by the computer with the IPv4 address 10.254.254.10. Computer1 Computer2[192.168.1.105]------[INSIDE 192.168.1.1 router OUTSIDE 10.254.254.1] -----[10.254.254.10] LOGS7:58:36 SRC 10.254.254.1:3030, DST 10.254.254.10:80, SYN7:58:38 SRC 10.254.254.10:80, DST 10.254.254.1:3030, SYN/ACK7:58:40 SRC 10.254.254.1:3030, DST 10.254.254.10:80, ACK A. The router implements NAT B. The router filters port 80 traffic C. 192.168.1.105 is a web server D. The web server listens on a nonstandard port
The router implements NAT
You are implementing a testing environment for the development team. They use several virtual servers to test their applications. One of these applications requires that the servers communicate with each other. However, to keep this network safe and private, you do not want it to be routable to the firewall. What is the best method to accomplish this? A. Use a virtual switch B. Remove the virtual network from the routing table C. Use a standalone switch D. Create a VLAN without any default gateway
Use a virtual switch
You have been tasked with segmenting internal traffic between layer 2 devices on the LAN. Which of the following network design elements would most likely be used? A. VLAN B. DMZ C. NAT D. Routing
VLAN