Network Security Chapter 6

Which of the following would you set up in a multifunction SOHO router? A. DMZ B. DOS C. OSI D. ARP

DMZ

Which of the following devices would most likely have a DMZ interface? A. Switch B. VoIP phone C. Proxy server D. Firewall

Firewall

Your network uses the subnet mask 255.255.255.224. Which of the following IPv4 addresses are able to communicate with each other? (Select the two best answers.) A. 10.36.36.126 B. 10.36.36.158 C. 10.36.36.166 D. 10.36.36.184 E. 10.36.36.224

10.36.36.166 10.36.36.184

Which of the following is a private IPv4 address? A. 11.16.0.1 B. 127.0.0.1 C. 172.16.0.1 D. 208.0.0.1

172.16.0.1

Which of the following might be included in Microsoft Security Bulletins? A. PHP B. CGI C. CVE D. TLS

CVE

In your organization's network you have VoIP phones and PCs connected to the same switch. Which of the following is the best way to logically separate these device types while still allowing traffic between them via an ACL? A. Install a firewall and connect it to the switch B. Create and define two subnets, configure each device to use a dedicated IP address, and then connect the whole network to a router C. Install a firewall and connect it to a dedicated switch for each type of device D. Create two VLANs on the switch connected to a router

Create two VLANs on the switch connected to a router

Which of the following should be placed between the LAN and the Internet? A. DMZ B. HIDS C. Domain controller D. Extranet

DMZ

A security analyst wants to ensure that all external traffic is able to access an organization's front-end servers but also wants to protect access to internal resources. Which network design element is the best option for the security analyst? A. VLAN B. Virtualization C. DMZ D. Cloud computing

DMZ

You see a network address in the command-line that is composed of a long string of letters and numbers. What protocol is being used? A. IPv4 B. ICMP C. IPv3 D. IPv6

IPv6

You ping a hostname on the network and receive a response including the address 2001:4560:0:2001::6A. What type of address is listed within the response? A. MAC address B. Loopback address C. IPv6 address D. IPv4 address

IPv6 address

Your boss (the IT director) wants to move several internally developed software applications to an alternate environment, supported by a third party, in an effort to reduce the footprint of the server room. Which of the following is the IT director proposing? A. PaaS B. IaaS C. SaaS D. Community cloud

IaaS

You receive complaints about network connectivity being disrupted. You suspect that a user connected both ends of a network cable to two different ports on a switch. What can be done to prevent this? A. Loop protection B. DMZ C. VLAN segregation D. Port forwarding

Loop protection

Which of these hides an entire network of IP addresses? A. SPI B. NAT C. SSH D. FTP

NAT

Which of the following cloud computing services offers easy-to-configure operating systems? A. SaaS B. IaaS C. PaaS D. VM

PaaS

Your organization uses VoIP. Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic? A. NAT B. QoS C. NAC D. Subnetting

QoS

Which of the following statements best describes a static NAT? A. Static NAT uses a one-to-one mapping B. Static NAT uses a many-to-many mapping C. Static NAT uses a one-to-many mapping D. Static NAT uses a many-to-one mapping

Static NAT uses a one-to-one mapping

You want to reduce network traffic on a particular network segment to limit the amount of user visibility. Which of the following is the best device to use in this scenario? A. Switch B. Hub C. Router D. Firewall

Switch

Analyze the following network traffic logs depicting communications between Computer1 and Computer2 on opposite sides of a router. The information was captured by the computer with the IPv4 address 10.254.254.10. Computer1 Computer2[192.168.1.105]------[INSIDE 192.168.1.1 router OUTSIDE 10.254.254.1] -----[10.254.254.10] LOGS7:58:36 SRC 10.254.254.1:3030, DST 10.254.254.10:80, SYN7:58:38 SRC 10.254.254.10:80, DST 10.254.254.1:3030, SYN/ACK7:58:40 SRC 10.254.254.1:3030, DST 10.254.254.10:80, ACK A. The router implements NAT B. The router filters port 80 traffic C. 192.168.1.105 is a web server D. The web server listens on a nonstandard port

The router implements NAT

You are implementing a testing environment for the development team. They use several virtual servers to test their applications. One of these applications requires that the servers communicate with each other. However, to keep this network safe and private, you do not want it to be routable to the firewall. What is the best method to accomplish this? A. Use a virtual switch B. Remove the virtual network from the routing table C. Use a standalone switch D. Create a VLAN without any default gateway

Use a virtual switch

You have been tasked with segmenting internal traffic between layer 2 devices on the LAN. Which of the following network design elements would most likely be used? A. VLAN B. DMZ C. NAT D. Routing

VLAN