Network+ 8th Edition Chapter 9, Ch.7 Quiz CTS1134, Chapter 7, Ch 8 Network, Ch 8, Networking Quiz: Ch. 08
How often should administrators and network users be required to change their password?
60 days
How many subnets can a /48 site prefix support?
65,536
How many subnets can a /48 site prefix support?
65,536 subnets
What IEEE standard specifies how VLAN information appears in frames and how switches interpret that information?
802.1Q
20. Which of the following statements describes a worm? a. A program that disguises itself as something useful but actually harms your system. b. A process that runs automatically, without requiring a person to start or stop it. c. A program that runs independently of other software and travels between computers and across networks. d. A program that locks a user's data or computer system until a ransom is paid.
A program that runs independently of other software and travels between computers and across networks.
When using IPv6, what would a /64 network likely be assigned to?
A smaller organization or business
When using IPv6, what would a /64 network likely be assigned to?
A smaller organization or business.
13. How is a posture assessment performed on an organization? a. A thorough examination of each aspect of the organization's network is performed to determine how it might be compromised. b. A third party organization is tasked with attempting to break into the organization and compromise security in order to determine threat vectors. c. A report of data that is subject to special regulation is created, such that the organization is aware of what data needs protection. d. An assessment of how a network will perform under stress is performed to determine if the network throughput is adequate.
A thorough examination of each aspect of the organization's network is performed to determine how it might be compromised.
Amazon and Rackspace both utilize what virtualization software below to create their cloud environments?
Citrix Xen
Amazon and Rackspace both utilize what virtualization software to create their cloud environments?
Citrix Xen
Which of the following virtualization products is an example of a bare-metal hypervisor?
Citrix XenServer
A _________________ is a service that is shared between multiple organizations, but not available publicly.
Community Cloud
In the contest of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques. In add, it also encrypts the entire IP packed for added security.
ESP
The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field?
FCS
Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers?
IaaS
A service model in which hardware services are provided virtually, including network infrastructure devices such as virtual servers.
Iaas
Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers?
Iaas
What does the VLAN Trunk Protocol (VTP) do?
It shares VLAN database information amongst switches that participate.
What does the VLAN trunk protocol(VTP) do?
It shares VLAN database information amongst switches that participate.
In Kerberos terminology, the server issues keys to clients during initial client authentication.
KDC
A vSwitch (virtual switch) or bridge is a logically defined device that operates at what layer of the OSI model?
Layer 2
Subtracting an interesting octet value from 256 yields what number?
Magic number
Which of the following statements regarding IPv6 subnetting is NOT accurate?
The largest IPv6 subnet capable of being created is a /64.
If the EUI-64 standard is used, what part of an IPv6 address is affected?
The last four blocks of the address.
In an IPv6 address, what do the first four blocks or 64 bits of the address represent?
The site prefix or global routing prefix.
Which statement regarding the use of a bridged mode vNIC is accurate?
The vNIC will its own IP address on the physical LAN.
2. A variant of BYOD, what does CYOD allow employees or students to do? a. They can supply their own software on a computer or mobile device. b. They can supply their choice of cloud application or storage. c. They can choose a device from a limited number of options. d. They can use whatever devices they wish to bring.
They can choose a device from a limited number of options.
In Kerberos, a temporary set of credentials that a client uses to prove that its identity has been validated is known as a _____________.
Ticket
Which file transfer protocol has no authentication or security for transferring files, uses UDP, and requires very little memory to use?
Trivial FTP (TFTP)
A /24 CIDR is equivalent to a 255.255.255.0 subnet mask
True
An enterprise-wide VPN can include elements of both the client-to-site and site-to-site models. T?F
True
IPv6 addressing does not utilize classful addressing, therefore every IPv6 address is classless.
True
In order to identify the transmissions that belong to each VLAN, a switch will add a tag to Ethernet frames that identifies the port through which they arrive at the switch.
True
Network segmentation at Layer 2 of the OSI model is accomplished using VLANs.
True
PPP can support several types of Network layer protocols that might use the connection. T/F
True
The Virtual Network Computing (VNC) application uses the cross-platform remote frame buffer (RFB) protocol. T/F
True
Windows, UNIX, Linux, and Mac OS clients are all capable of connecting to a VPN using PPTP. T/F
True
Regarding VNC (Virtual Network Computing or Virtual Network Connection), what statement is accurate?
VNC is open source, allowing companies to develop their own software based on VNC
What is NOT a potential disadvantage of utilizing virtualization?
Virtualization software increases the complexity of backups, making creation of usable backups difficult.
When is it appropriate to utilize the NAT network connection type?
Whenever the VM does not need to be access at a known address by other network nodes.
14. What penetration testing tool combines known scanning and exploit techniques to explore potentially new attack routes? a. Nessus b. metasploit c. nmap d. Sub7
metasploit
7. VMware's AirWatch and Cisco's Meraki Systems Manager are both examples of what type of software? a. mobile device management software b. software defined network software c. virtual device management software d. cloud network management software
mobile device management software
What security principle provides proof of delivery and proof of the sender's identity?
non-repudiation
What term is used to describe a space that is rented at a data center facility by a service provider?
point of presence (PoP)
The use of certificate authorities to associate public keys with certain users is known by what term?
public-key infrastructure
Which of the following terms is commonly used to describe a VLAN configuration in which one router interface connects to a switch and serves as the gateway for multiple VLANs?
router-on-a-stick
You are working on a Cisco switch and need to learn what VLANs exist on the switch. Which command will list the current VLANs recognized by the switch?
show vlan
In order to generate a public and private key for use with SSH, what command line utility should you use?
ssh-keygen
25. A person posing as an employee strikes up a conversation with a legitimate employee as they walk into a secured area, in an attempt to gain access. What kind of social engineering is this? a. phishing b. baiting c. quid pro quo d. tailgating
tailgating
If the EU-64 standard is used, what part of an IPv6 address is affected?
the last four blocks of the address
Describe the three way handshake process as used by CHAP
the server sends the client a randomly generated string of characters. The client sends a new string inresponse to theserver while the server concatenates the users password with a challenge and created it own string.
IPv6 addressing does not utilize classful addressing, therefore every IPv6 address is classless.
true
In order to identify the transmissions that belong to each VLAN, a switch will add a tag to Ethernet frames that identifies the VLAN through which they arrive at the switch.
true
An interface that manages traffic from multiple VLANs is known by what term?
trunk port
A subnet of 255.255.248.0 can be represented by what CIDR notation?
/21
Given a host IP address of 172.16.1.154 and a subnet mask of 255.255.254.0, what is the network ID for this host?
172.16.0.0
An IP address of 192.168.18.73/28 has what network ID?
192.168.18.64
The SSH service listens on what TCP port?
22
By default, when using classful addressing, how many bits exist in the host portion of a Class A address?
24
How many /64 subnets can be created within a /56 prefix?
255
A network with a CIDR notation of /26 would have what subnet mask?
255.255.255.192
What two key lengths are the most popular for the SHA-2 hashing algorithm?
256 and 512
How large is the 802.1Q tag that is added to an Ethernet frame when using VLANs?
4 bytes
What is the maximum number of host IP addresses that can exist in a Class B network?
65,534
12. Which of the following utilities performs sophisticated vulnerability scans, and can identify unencrypted data such as credit card numbers? a. Nmap b. Nessus c. Metasploit d. L0phtcrack
Nessus
At what layer of the OSI model does the IPSec encryption protocol operate?
Network layer
At what layer of the OSI model does the IPsec encryption protocol operate?
Network layer
With VTP, where is the VLAN database stored?
On the switch that is known as the stack master, configured as a VTP server.
With VTP, where is the VLAN database stored?
On the switch that is known as the stack master.
What open-source VPN protocol utilizes OpenSSL for encryption and has the ability to possibly cross firewalls where IPsec might be blocked?
OpenVPN
What authentication protocol sends authentication information in cleartext without encryption?
PAP
Which of the following statements regarding the Point-to-Point (PPP) protocol is NOT accurate?
PPP can support strong encryption, such as AH or ESP.
What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices?
SaaS
What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices?
Saas
A Layer 2 communications protocol that enables a workstation to connect to a server using a serial connection such as dial-up or DSL. It can support multiple Network layer protocols and can encrypt transmissions.
TKIP
An encryption key generation and management scheme used by 802.11i
TKIP
A community cloud is a service shared between multiple organizations, but not available publicly. T/F
True
An enterprise-wide VPN can include elements of both the client-to-site and site-to-site models. T/F
True
Digital certificates are issued, maintained, and validated by an organization called a certificate authority (CA). T/F
True
Office 365 is an example of an SaaS implementation with a subscription model. T/F
True
PPP can support several types of Network layer protocols that might use the connection
True
PPP can support several types of Network layer protocols that might use the connection. T/F
True
VMware Player and Linux KVM are both examples of what type of hypervisor?
Type 2 hypervisor
When dealing with a Cisco switch, what is NOT one of the pre-established VLANs?
VLAN 1001
16. What type of door access control is a physical or electronic lock that requires a code in order to open the door? a. key fob lock b. cipher lock c. biometric lock d. encrypted lock
cipher lock
The combination of a public key and a private key are known by what term below?
key pair
Subtracting an interesting octet value from 256 yields what number?
magic number
18. The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term? a. least-risk privilege profile b. principle of least privilege c. minimal access/minimal exposure d. limited liability access
principle of least privilege
6. What document addresses the specific concerns related to special access given to administrators and certain support staff? a. non-disclosure agreement b. acceptable use policy c. password policy d. privileged user agreement
privileged user agreement
22. If someone is offered a free gift or service in exchange for private information or access to a computer system, what type of social engineering is taking place? a. phishing b. baiting c. quid pro quo d. tailgating
quid pro quo
Which of the following terms is commonly used to describe a VLAN configuration in which one router connects to a switch that supports multiple VLANs?
router-on-a-stick
What command will set the native VLAN on a Juniper switch port?
set native-vlan-id
21. On a Linux based system, what command can you use to create a hash of a file using SHA-256? a. sha1sum b. md5sum c. sha256sum d. shasum -a 256
sha256sum
A /24 CIDR block (prefix) is equivalent to a 255.255.255.0 subnet mask.
true
A /24 CIDR block is equivalent to a 255.255.255.0 subnet mask.
true
By default, the native VLAN is the same as the default VLAN.
true
Network segmentation at Layer 2 of the OSI model is accomplished using VLANs.
true
When using public and private keys to connect to an SSH server, where must your public key be placed?
In the authorized keys file
Which of the following is NOT a task that a VPN concentrator is responsible for?
A VPN concentrator shuts down established connections with malicious traffic occurs.
What type of scenario would be best served by using a Platform as a Service (PaaS) cloud model?
A group of developers needs access to multiple operating systems and the runtime libraries that the OS provides.
What two different types of encryption can be used by IPSec during data transfer?
AH, ESP
Which of the following suggestions can help prevent VLAN hopping attacks on a network?
Disable auto trunking and move native VLANs to unused VLANs
Which of the following suggestions can help prevent VLAN hopping attacks on a network?
Disable auto trunking and move native VLANs to unused VLANs.
What special enterprise VPN supported by Cisco devices creates VPN tunnels between branch locations as needed rather than requiring constant, static tunnels?
Dynamic Multipoint VPN
What protocol only provides the framework for authenticating clients and servers, but relies on other encryption and authentication schemes to verify the credentials of clients or servers?
EAP
A Type 2 hypervisor installs on a computer before any OS, and is therefore called a bare-metal hypervisor. T/F
False
After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel. T/F
False
After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel. T/F
False
All that is needed to provide communications between two VLANs is a DHCP relay agent
False
FTPS (FTP Security or FTP Secure) and SFTP (Secure FTP) are two names for the same protocol. T/F
False
Network segmentation decreases both performance and security on a network.
False
The HTTPS (HTTP Secure) protocol utilizes the same TCP port as HTTP, port 80. T/F
False
The MD5 hashing algorithm is not susceptible to the possibility of hash collisions. T/F
False
8. Which command can be used on a Windows system to create a hash of a file? a. md5 b. shasum c. Get-FileHash d. Compute-FileHash
Get-FileHash
One of two services in the key management phase of creating a secure IPsec connection. It negotiates the exchange of keys, including authentication of the keys. It uses UDP and usually runs on port 500
IKE
Which statement regarding the IKEv2 tunneling protocol is accurate?
IKEv2 offers fast throughput and good stability when moving between wireless hotspots.
When using public and private keys to connect to an SSH server from a Linux device, where must your public key be placed before you can connect?
In an authorization file on the host where the SSH server is.
19. What is the Nmap utility used for? a. It is used to identify unsecured sensitive data on the network, such as credit cards. b. It is an automated vulnerability and penetration testing framework. c. It is a software firewall that can be used to secure a vulnerable host. d. It is a port scanning utility that can identify open ports on a host.
It is a port scanning utility that can identify open ports on a host.
When an 802.1Q tag is added to an Ethernet frame, where is it placed?
It is inserted between the source address and the Ethernet type field.
Why is the telnet utility a poor choice for remote access to a device?
It provides poor authentication and no encryption.
In the context of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques
KDC
The combination of a public key and a private key are known by what term?
Key Pair
By default, what network connection type is selected when creating a VM in VMware, VirtualBox, or KVM?
NAT mode
An authentication protocol that operates over PPP and also encrypts usernames and passwords for transmission.
CHAP
Digital certificates are issued by organizations known as what term?
Certification authorities
What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission?
IPSec
What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission?
IPsec
When PPP is used over an Ethernet network, it is known as ________________.
PPoe
A service model in which various platforms are provide virtually, enabling developer s to build and test application within virtual, online environments tailored to the specific needs of a project.
Paas
The _________________ cloud service model provides virtual environments online that can be tailored to the needs of developers.
Paas
What are the two AAA services?
RADIUS AND TACACS+
4. In the typical social engineering attack cycle, what occurs at Phase 3? a. The attacker researches the desired target for clues as to vulnerabilities. b. The attacker builds trust with the target and attempts to gain more information. c. The attacker exploits an action undertaken by the victim in order to gain access. d. The attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion.
The attacker exploits an action undertaken by the victim in order to gain access.
5. In a red team-blue team exercise, what is the purpose of the blue team? a. The blue team is tasked with attacking the network. b. The blue team must observe the actions of the red team. c. The blue team is charged with the defense of the network. d. The blue team consists of regulators that ensure no illegal activity is undertaken.
The blue team is charged with the defense of the network.
When using a site-to-site VPN, what type of device sits at the edge of the LAN and establishes the connection between sites?
VPN gateway
An interface that manages traffic from multiple VLANs is known by what term?
aggregation port
15. What type of an attack forces clients off a wireless network, creating a form of Wi-Fi DoS? a. deauthentication attack b. channel hopping attack c. man-in-the-middle attack d. ARP poisoning attack
deauthentication attack
3. Utilized by China's so-called "Great Firewall", what type of attack can prevent user access to web pages, or even redirect them to illegitimate web pages? a. MAC address spoofing b. denial-of-service attack c. DNS poisoning d. rogue DHCP server
denial-of-service attack
A SecurID key chain fob from RSA security generates a password that changes how often?
every 60 seconds
A native VLAN mismatch occurs when two access ports that are connected to each other are both tagging traffic with different VLAN IDs.
false
All that is needed to provide communication between two VLANs is a DHCP relay agent.
false
An unmanaged switch can still support the creation of VLANs, provided there is an interface for configuration.
false
Network segmentation decreases both performance and security on a network.
false
Only Class B and Class C networks can be subnetted.
false
You have been tasked with the creation and design of a network that must support a minimum of 5000 hosts. Which network accomplishes this goal?
10.3.0.0/1
You have been tasked with the creation and design of a network that must support a minimum of 5000 hosts. Which network accomplishes this goal?
10.3.0.0/19
On a Cisco switch, what would the security association identifier be for VLAN 13?
100,013
A network with 10 bits remaining for the host portion will have how many usable host addresses?
1022
The original version of the Secure Hashing Algorithm (SHA) was developed by the NSA, and used a hash of what length?
160
What subnet mask can be used to segment the 172.16.0.0 network to allow for a minimum of 6 subnets while maximizing the number of hosts per subnet?
255.255.224.0
What subnet mask can be used to segment the 172.16.0.0 network to allow for a minimum of 6 subnets while maximizing the number of hosts per subnet?
255.255.248.0
A network with a CIDR notation (prefix) of /26 would have what subnet mask?
255.255.255.192
24. Which of the following statements correctly describes the malware characteristic of polymorphism? a. Polymorphic malware can change its characteristics every time it is transferred to a new system. b. Polymorphic malware is designed to activate on a particular date, remaining harmless until that time. c. Polymorphic malware is software that disguises itself as a legitimate program, or replaces a legitimate program's code with destructive code. d. Polymorphic malware utilizes encryption to prevent detection.
Polymorphic malware can change its characteristics every time it is transferred to a new system.
In a software defined network, what is responsible for controlling the flow of data?
SDN controller
1. What statement regarding the different versions of the SHA hashing algorithm is accurate? a. SHA-0 is the most secure version of SHA. b. SHA-1 supports a 128-bit hash function. c. SHA-2 only supports a 256-bit hash. d. SHA-2 and SHA-3 both support the same hash lengths.
SHA-2 and SHA-3 both support the same hash lengths.
What protocol is a Data Link Layer protocol designed to connect WAN endpoints in a direct connection, such as when a client computer connects to a server at an ISP using a dial-up or DSL connection and modem?
SLIP
What statement regarding the SSH (Secure Shell) collection of protocols is accurate?
SSH supports port forwarding.
What protocol is a Microsoft proprietary protocol first available in Windows Vista?
SSTP
A service model in which applications are provided through an online user interface and are compatible with a multitude of devices and operating systems.
Saas
You are working on a Cisco switch and need to learn what VLANs exist on the switch. Which command will list the current VLANs recognized by the switch?
Show vlan
What encryption protocol was designed as more of an integrity check for WEP transmissions rather than a sophisticated encryption protocol?
TKIP
A variant of TLS is ___________________, which provides authentication like SSL/TLS, but does not require a certificate for each user.
TTLS
Which of the following statements regarding IPv6 subnetting is NOT accurate?
The largest IPv6 subnet capable of being created is /64
23. Which of the following scenarios would necessitate the use of a non-disclosure agreement? a. Your company wishes to educate users on the proper use of the network. b. Your company needs to prevent a new contractor from sharing information with a potential competitor. c. Your company needs to impose password restrictions on new users in the network. d. Your company would like to allow employees to bring their own devices.
Your company needs to prevent a new contractor from sharing information with a potential competitor.
In an IPv6 address, what do the first four blocks or 64 bits of the address represent?
a site prefix or global routing prefix
17. Where would restrictions regarding what users can and cannot do while accessing a network's resources be found? a. acceptable use policy document b. terms of service document c. license restrictions document d. non-disclosure agreement document
acceptable use policy document
11. An RFID label on a box is an example of what type of physical security detection method? a. motion detection technology b. video surveillance via CCTV c. tamper detection d. asset tracking tagging
asset tracking tagging
What is NOT one of the ways in which networks are commonly segmented?
by device manufacturer
What are the three tenets of the CIA triad, and how do they provide assurances that data will be protected?
confidentiality, integrity, availability
SHA-2 is an encryption algorithm method that is used by SSH. t/f
false
The key management phase of IPSec is reliant on which two services ?
internet security association and key management protocol IKE
On certain Cisco products, what command can be used to create and send helper messages that support several types of UDP traffic, including DHCP, TFTP, DNS, and TACACS+?
ip helper-address
Describe the TLS/SSL handshake process as initiated by a web client accessing a secure website.
it allows the client and server to introduce themselves to each other and establishes terms for how they will securely exchange data.
How is GRE used by the PPP protocol
it encapsulates point to point protocol frames
10. A virus that remains dormant until a specific condition is met, such as the changing of a file or a match of the current date is known as what type of malware? a. encrypted virus b. logic bomb c. boot sector virus d. worm
logic bomb
9. An attack that relies on redirected and captured secure transmissions as they occur is known as what type of attack? a. buffer overflow b. session hijacking attack c. man-in-the-middle attack d. banner-grabbing attack
man-in-the-middle attack