Exam 1
In a DNS zone, what type of record holds the name-to-address mapping for IPv6 addresses?
AAAA record
In a domain, the process of allowing a user to sign on to the network from any computer on the network and get access to resources is managed by what service?
Active Directory Domain Services (AD DS)
Which of the following scenarios represents a phishing attempt?
An e-mail was sent to a manager at your company that appeared to be from the company's CTO, asking for access.
What is by far the most popular DNS server software available?
BIND
In order to prevent ports that are serving network hosts from being considered as best paths, what should be enabled to block BPDUs?
BPDU guard
Your supervisor has asked you to configure a new prototype network with a dual stack configuration. What does this mean?
Both IPv4 and IPv6 protocols will be used on the network.
The grouping of multiple servers so that they appear as a single device to the rest of the network is known as which term?
Clustering
When Comcast was found to be interfering with BitTorrent traffic, what method was being used?
Comcast was interjecting TCP segments with the RST (reset) field set.
When dealing with static electricity, what kind of failure caused by static discharge shortens the life of a component, and can cause intermittent errors?
Upset failure
You have been asked by your superior to configure all Cisco network switches to allow only acceptable MAC addresses through switch access ports. How is this accomplished?
Use the switchport port-security command to enable MAC filtering.
What scenario might be ideal for the use of root guard in configuring a switch?
You wish to prevent switches beyond a certain port from becoming the root bridge, but still wish to use STP.
Which of the following scenarios would necessitate the use of a non-disclosure agreement?
Your company needs to prevent a new contractor from sharing information with a potential competitor.
What aspect of AAA is responsible for determining what a user can and cannot do with network resources?
authorization
What kind of firewall can block designated types of traffic based on application data contained within packets?
content-filtering firewall
What type of an attack forces clients off a wireless network, creating a form of Wi-Fi DoS?
deauthentication attack
You are troubleshooting a DNS issue on a Linux system, and need to test the resolution of your domain mycompany.com MX record using Google's DNS server with the IP address of 8.8.8.8. What dig command will accomplish this?
dig @8.8.8.8 mycompany.com MX
Which type of DoS attack involves an attack that is bounced off uninfected computers before being directed at the target?
distributed reflection denial-of-service attack
How often should you require users to change their passwords?
every 60 days
When using DiffServ, what type of forwarding utilizes a minimum departure rate from a given node, which is then assigned to each data stream?
expedited forwarding
When using a host-based intrusion detection system, what additional feature might be available to alert the system of any changes made to files that shouldn't change?
file integrity monitoring (FIM)
In a fire suppression system, what term is used to describe what is typically a foaming chemical, gas, or water that is sprayed everywhere to put out a fire?
fire suppression agent
Enforcing a virtual security perimeter using a client's geographic location is known by what term?
geofencing
The Group Policy utility can be opened by typing what name into a Run box?
gpedit.msc
If multiple honeypots are connected to form a larger network, what term is used to describe the network?
honeynet
On a Linux-based system, what command can be used to display TCP/IP information associated with every interface on the system?
ifconfig -a
Which type of backup scheme only covers data that has changed since the last backup?
incremental backup
What command can you utilize to display TCP/IP configuration information for each network adapter installed?
ipconfig /all
A Windows computer on your network is having issues resolving queries for a specific domain, but not other domains. Other computers on the same network resolve the name just fine. What command can you issue that might fix the problem?
ipconfig /flushdns
On a Linux system, which command allows you to modify settings used by the built-in packet filtering firewall?
iptables
When a device handles electrical signals improperly, usually resulting from a bad NIC, it is referred to by what term below?
jabber
What type of IPv6 address is fe80::8cf1:2c42:ffde:da1c?
local link address
A virus that remains dormant until a specific condition is met, such as the changing of a file or a match of the current date is known as what type of malware?
logic bomb
You have been tasked with the configuration of a Juniper switch, and have been told to restrict the number of MAC addresses allowed in the MAC address table. What command should you use?
mac-limit
An attack that relies on redirected and captured secure transmissions as they occur is known as what type of attack?
man-in-the-middle attack
What term is used to describe the average amount of time that will pass for a device before a failure is expected to occur?
mean time between failures (MTBF)
Once a device has failed, what metric measures the average amount of time to repair?
mean time to repair (MTTR)
What penetration testing tool combines known scanning and exploit techniques to explore potentially new attack routes?
metasploit
VMware's AirWatch and Cisco's Meraki Systems Manager are both examples of what type of software?
mobile device management software
With a FQDN of ftp1.dallas.mycompany.com, what part is the domain name?
mycompany.com
Each managed object on a managed device using SNMP is assigned which of the following?
object identifier (OID)
Which type of uninterruptible power supply uses AC power to continuously charge its battery, while also providing power to devices through the battery?
online UPS
What utility is used to verify that TCP/IP installed, bound to the NIC, configured correctly, and communicating with the network?
ping
When using DHCP for IPv6 (i.e. DHCPv6), what port do clients receive responses on?
port 547
Which of the following terms is used to describe the configuration of a port to copy all traffic passing through the switch to the device at the other end of the port?
port mirroring
The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term?
principle of least privilege
What document addresses the specific concerns related to special access given to administrators and certain support staff?
privileged user agreement
If someone is offered a free gift or service in exchange for private information or access to a computer system, what type of social engineering is taking place
quid pro quo
Packets that are smaller than a medium's minimum packet size are known by what term below?
runts
On a Linux based system, what command can you use to create a hash of a file using SHA-256?
sha256sum
A person posing as an employee strikes up a conversation with a legitimate employee as they walk into a secured area, in an attempt to gain access. What kind of social engineering is this?
tailgating
You are attempting to determine how available your Linux systems are, and need to find the current system uptime. What command should you use?
uptime
What text editor can be used on Linux to view and edit the contents of a configuration file?
vim
What command can be used to check a domain computer's time source from a Command Prompt window?
w32tm /query /source
What is a defining characteristic of a bus topology based network?
Devices are daisy-chained together in a single line.
What makes up the first 6 bits of the 8-bit DiffServ field?
Differentiated Services Code Point (DSCP)
If a host's IPv6 address contains the network adapter's MAC address within the last 64 bits of the IPv6 address, what standard is being used?
EUI-64
An open electrical circuit as a result of a failed circuit breaker is considered to be what type of failure system?
Fail-close
A policy in which all exit doors for a building stay unlocked during a fire is an example of what type of policy?
Fail-open
The Data Link Layer utilizes what name for its protocol data unit (PDU)?
Frame
Which command can be used on a Windows system to create a hash of a file?
Get-FileHash
The Link Aggregation Control Protocol was initially defined by what IEEE standard?
IEEE 802.3ad
What is assigned to each node on a network, which is then used by the Network layer to uniquely identify the node?
IP address
Which of the following statements describes a RAID 0 configuration?
In a RAID 0, data is striped across multiple disks to improve performance.
A snapshot is most similar to which type of backup scheme?
Incremental backup
What Storage Area Network (SAN) protocol runs on top of TCP, and can be used on an existing twisted-pair Ethernet network, while maintaining low cost?
Internet SCSI (iSCSI)
What does the Common Address Redundancy Protocol do?
It allows a pool of computers or interfaces to share the same IP address.
At what point is a packet considered to be a giant?
It becomes a giant when it exceeds the medium's maximum packet size.
How does a line conditioning UPS protect network equipment?
It filters line noise from incoming power.
What does the MX record do in a forward DNS zone?
It identifies the e-mail server to be used for e-mail traffic for the domain.
A differential backup covers what data on a system?
It includes data that has changed since the last full backup
What is the Nmap utility used for?
It is a port scanning utility that can identify open ports on a host.
What is distributed switching?
It is a single distributed vSwitch that can service VMs across multiple hosts.
What is a SIEM (Security Information and Event Management) system utilized for?
It is a system used to evaluate data from security devices and generate alerts.
When using Kerberos, what is the purpose of a ticket?
It is a temporary set of credentials that a client uses to prove to other servers that its identity has been validated.
What statement regarding the Server Message Block protocol is accurate?
It is used by Windows and UNIX-based operating systems to share files.
What is the ARPA domain suffix utilized for?
It is used for reverse DNS queries, and holds PTR records.
A network TAP serves what purpose on a network?
It monitors network throughput at a specific point in the network.
The Wired Equivalent Privacy standard had what significant disadvantage?
It used a shared encryption key for all clients, and the key might never change.
In the TCP/IP model, what layer is considered so simple that it is ignored entirely?
Layer 1- Physical
At what layer of the OSI model does a network switch normally operate?
Layer 2-Data Link
At what layer of the OSI model do the IP, ICMP, and ARP protocols operate?
Layer 3- Network
The TCP and UDP protocols both exist at what layer of the OSI model?
Layer 4- Transport
What layer of the OSI model describes how data between applications is synced and recovered if messages don't arrive intact at the receiving application?
Layer 5-Session
In the TCP/IP model, what layer combines the responsibilities of the Application, Presentation, and Session layers from the OSI model?
Layer 7- Application
HTTP, IMAP4, FTP, and Telnet are all examples of protocols that operate at what layer of the OSI model?
Layer 7-Application
In regards to the use of local authentication, what statement is accurate?
Local authentication is network and server failure tolerant.
The frame header at the Data Link layer includes hardware addresses of the source and destination NICs. What is another name for this address?
MAC (Media Access Control) address
The proper handling procedures for substances such as chemical solvents is typically outlined in which of the following options?
Material Safety Data Sheet (MSDS)
Which legacy authentication protocol requires mutual authentication?
Microsoft Challenge Handshake Authentication Protocol, version 2 (MS-CHAPv2)
Which of the following utilities performs sophisticated vulnerability scans, and can identify unencrypted data such as credit card numbers?
Nessus
What federal agency is charged with safety and health in the workplace?
Occupational Safety and Health Administration (OSHA)
In the DNS hierarchy, where is information about how to find the top-level domain servers held?
On the DNS root servers.
When using Spanning Tree Protocol, which port on non-root bridges can forward traffic toward the root bridge?
Only one root port, which is the bridge's port that is closest to the root bridge, can forward.
Which of the following statements correctly describes the malware characteristic of polymorphism?
Polymorphic malware can change its characteristics every time it is transferred to a new system.
At the Transport layer (4) of the OSI, what is used to find and communicate with a particular application running on a host?
Port numbers
What 3-bit field in a 802.1Q tag is modified to set a frame's Class of Service (CoS)?
Priority Code Point (PCP)
Which adaptation of EAP utilizes EAP-MSCHAPv2 inside of an encrypted TLS tunnel?
Protected EAP (PEAP)
By far the most popular AAA service, what open-source service runs in the Application layer and can use UDP or TCP in the Transport layer?
RADIUS
What statement regarding role-based access control is accurate?
RBAC allows a network administrator to base privileges and permissions around a detailed description of a user's roles or jobs.
What descendant of the Spanning Tree Protocol is defined by the IEEE 802.1W standard, and can detect as well as correct for link failures in milliseconds?
Rapid Spanning Tree Protocol (RSTP)
The Windows Remote Desktop application utilizes what protocol to provide secure, encrypted transmissions?
Remote Desktop Protocol (RDP)
Which encryption standard was originally utilized with WPA's TKIP?
Rivest Cipher 4 (RC4)
What statement regarding the different versions of the SHA hashing algorithm is accurate?
SHA-2 and SHA-3 both support the same hash lengths
Which of the following protocols is used as a signaling protocol for the initial connection between hosts, but does not participate in data transfer during the session?
SIP
What mail protocol is used to send mail messages to a server?
SMTP
What Application layer protocol can be used to monitor and gather information about network traffic and can alert network administrators about adverse conditions that need attention?
SNMP
When using Spanning Tree Protocol, what is the first step in selecting paths through a network?
STP must first select the root bridge, or master bridge.
Which protocol designed to replace STP operates at Layer 3 of the OSI model?
Shortest Path Bridging (SPB)
Which of the following is an example of proxy server software?
Squid
If your network consists of all connected devices connecting to one central device, such as a switch, what type of topology is being used?
Star Topology
Encrypted control of remote computers using the RDP protocol is accomplished using what port number?
TCP 3389
You are setting up a DNS zone and have been asked to create SPF and DKIM records. What type of DNS record will hold this information?
TXT record
What happens when an NMS uses the SNMP walk command?
The NMS uses get requests to move through sequential rows in the MIB database.
In considering the responsibilities of each layer of the OSI model, what statement accurately reflects those of the Presentation layer (6)?
The Presentation layer (6) is responsible for reformatting, compressing, and/or encrypting data in a way that the application on the receiving end can read.
What is the minimal amount of voltage required to damage an electrical component?
10 vots
When using SNMP with TLS, what port do agents receive requests on?
10161
Which of the following is NOT a range of IP addresses recommended for use in private networks?
127.0.0.0 through 127.255.255.255
Which of the following IP addresses would be a loopback IP address?
127.0.0.1
In the classful addressing scheme, what range of network addresses is considered a Class B?
128.0.x.y to 191.255.x.y
Which of the following IPv6 addresses represents a global unicast address?
2000::/3
In ACL statements, using the "any" keyword is equivalent to using a wildcard mask of what value?
255.255.255.255
If you wish to maintain a "4 nines" availability rating, what is the maximum amount of down time you can have per day?
8 seconds
What IEEE standard includes an encryption key generation and management scheme known as TKIP?
802.11i
A highly available server is available what percentage of the time?
99.999%
What statement regarding the use of a network attached storage device is accurate?
A NAS can be easily expanded without interrupting service.
What statement regarding denial-of-service (DoS) attacks is accurate?
A denial-of-service attack prevents legitimate users from accessing normal network resources.
Which of the following statements describes a worm?
A program that runs independently of other software and travels between computers and across networks.
What statement correctly describes a stateless firewall?
A stateless firewall manages each incoming packet as a stand-alone entity, without regard to currently active connections.
How is a posture assessment performed on an organization?
A thorough examination of each aspect of the organization's network is performed to determine how it might be compromised.
In the United States, who is able to activate the Emergency Alert System at the national level?
The President
Which of the following is an example of encapsulation?
The addition of a header to data inherited from the layer above in the OSI model.
In the typical social engineering attack cycle, what occurs at Phase 3?
The attacker exploits an action undertaken by the victim in order to gain access.
In a red team-blue team exercise, what is the purpose of the blue team?
The blue team is charged with the defense of the network.
In Open System Authentication, how does authentication occur?
The client "authenticates" using only the SSID name. In other words, no real authentication occurs.
You are troubleshooting a network issue on a client computer and discover that the network card has an IP address of 169.254.196.200. What does this mean?
The computer is configured to use DHCP, but was unable to lease an address.
In planning for disaster recovery, what is the ultimate goal?
The continuation of business.
How can you determine the manufacturer of a NIC card based on the MAC address?
The first 24 bits, known as the Organizationally Unique Identifier, identify the manufacturer.
What part of a MAC address serves as the extension identifier, or device ID?
The last 24 bits of the MAC address.
When viewing a syslog message, what does a level of 0 indicate?
The message is an emergency situation on the system.
What statement accurately reflects what occurs when a message is too large to transport on a network?
The message is divided into smaller messages called segments (for TCP) or datagrams (for UDP).
What is NOT a variable that an network access control list can filter traffic with?
The operating system used by the source or destination device.
What occurs if a network layer protocol is aware that a packet is larger than the maximum size for its network?
The packet will be divided into smaller packets using fragmentation.
A variant of BYOD, what does CYOD allow employees or students to do?
They can choose a device from a limited number of options.
Which of the following is not one of the disadvantages of peer-to-peer networks?
They centralize user account logins.
How do routers create a broadcast domain boundary?
They do not forward broadcast traffic.
What is the most popular web server application?
Apache
Utilized by China's so-called "Great Firewall", what type of attack can prevent user access to web pages, or even redirect them to illegitimate web pages?
DNS poisoning
Where would restrictions regarding what users can and cannot do while accessing a network's resources be found?
acceptable use policy document
An RFID label on a box is an example of what type of physical security detection method?
asset tracking tagging
What type of door access control is a physical or electronic lock that requires a code in order to open the door?
cipher lock