8-10

At what layer of the OSI model do proxy servers operate? Layer 3 Layer 2 Layer 7 Layer 4

7

feature of Windows Server allows for agentless authentication? AD (Active Directory) ACL (access control list) IDS (intrusion detection system) Network-based firewall

AD (Active Directory)

Which of the following is not one of the three AAA services provided by RADIUS and TACACS+? Authentication Authorization Access control Accounting

Access control

What software might be installed on a device in order to authenticate it to the network? Operating system Security policy NAC (network access control) Agent

Agent

Which of the following features is common to both an NGFW and traditional firewalls? Application Control IDS and/or IPS User awareness User authentication

User authentication

Which formulas can be used to calculate the magic number? Choose two. a. 256 - the interesting octet b. 2 h - 2 c. 2 n d. 2 h

a. 256 - the interesting octet

A. DHCP relay agent b. DHCP server c. Hypervisor d. Virtual router

a. DHCP relay agent

Active Directory and 389 Directory Server are both compatible with which directory access protocol? a. LDAP b. RADIUS c. Kerberos d. AES

a. LDAP

APhishing b. Baiting c. Quid pro quo d. Tailgating

a. Phishing

access-list acl_2 deny tcp any any access-list acl_2 permit http any any access-list acl_2 deny tcp host 2.2.2.2 host 3.3.3.3 eq www access-list acl_2 permit icmp any any

access-list acl_2 permit icmp any any

What is the least number of bits you would need to borrow from the network portion of a Class B subnet mask to get at least 130 hosts per subnet? a. None b. Eight c. Nine d. Ten

b. Eight

A. Principle of least privilege b. Insider threat c. Vulnerability d. Denial of service

b. Insider threat

Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this? a. Ransomware b. Logic bomb c. Virus d. Worm

b. Logic bomb

A. AUP b. NDA c. MDM d. BYOD

b. NDA

What do well-chosen subnets accomplish? a. IP address spaces overlap for easier management. b. Network documentation is easier to manage. c. Routing efficiency is decreased by ensuring IP address spaces are not mathematically related. d. Problems affect the entire network, making them more difficult to pin down

b. Network documentation is easier to manage.

Which of the following is considered a secure protocol? a. FTP b. SSH c. Telnet d. HTTP

b. SSH

What kind of attack simulation detects vulnerabilities and attempts to exploit them? A. Red team-blue team exercise b. Vulnerability scanning c. Security audit d. Penetration testing

b. Vulnerability scanning

Which command on an Arista switch would require an SNMP notification when too many devices try to connect to a port? a. mac-limit b. switchport port-security c. storm-controld. d. shutdown

b. switchport port-security

How many bits of a Class A IP address are used for host information? a. 8 bits b. 16 bits c. 24 bits d. 32 bits

c. 24 bits

2. Which type of DoS attack orchestrates an attack using uninfected computers? a. DDoS (Distributed DoS) attack b. Spoofing attack c. DRDoS (Distributed Reflection DoS) attack d. PDoS (Permanent DoS) attack

c. DRDoS (Distributed Reflection DoS) attack

Which of these attacks is a form of Wi-Fi DoS attack? a. Rogue DHCP server b. FTP bounce c. Deauthentication attack d. Amplified DRDoS attack

c. Deauthentication attack

7. Which hexadecimal block in an IPv6 address is used for the Subnet ID? a. The first one b. The third one 3 c. The fourth one d. The eighth one

c. The fourth one

Which of the following is not a good reason to segment a network? a. To limit access to broadcast domains b. To reduce the demand on bandwidth c. To increase the number of networking devices on a network d. To narrow down the location of problems on a network

c. To increase the number of networking devices on a network

2. What is the formula for determining the number of possible hosts on a network? a. 2 n = Y b. 2 n - 2 = Y c. 2 h = Z d. 2 h - 2 = Z

d. 2 h - 2 = Z

Which IEEE standard determines how VLANs work on a network? a. 802.1x b. 802.11 c. 802.3af d. 802.1Q

d. 802.1Q

Which NGFW feature allows a network admin to restrict traffic generated by a specific game? a. Content filter b. User awareness c. Context awareness d. Application awareness

d. Application awareness

A spoofed DNS record spreads to other DNS servers. What is this attack called? A. ARP poisoning b. DHCP snooping c. MitM attack 3 d. DNS poisoning

d. DNS poisoning

Data breach b. Security audit c. Exploitation d. Posture assessment

d. Posture assessment

Which port mode on a switch enables that port to manage traffic for multiple VLANs? a. Console b. Ethernet c. Access d. Trunk

d. Trunk