Networking+ Midterm Ch 7-9
A community cloud is a service shared between multiple organizations, but not available publicly. A) True B) False
A) True
A drop ceiling could be used by an intruder to gain access to a secured room. A) True B) False
A) True
An enterprise-wide VPN can include elements of both the client-to-site and site-to-site models. A) True B) False
A) True
By default, the native VLAN is the same as the default VLAN. A) True B) False
A) True
Digital certificates are issued, maintained, and validated by an organization called a certificate authority (CA). A) True B) False
A) True
The term malware is derived from a combination of the words malicious and software. A) True B) False
A) True
What term is used to describe a space that is rented at a data center facility by a service provider? A) point of presence (PoP) B) service location (SL) C) central service point (CSP) D) locally exchanged data point (ledp)
A) point of presence (PoP)
An IP address of 192.168.18.73/28 has what network ID? A) 192.168.16.0 B) 192.168.18.64 C) 192.168.18.32 D) 192.168.18.0
B) 192.168.18.64
A network with a CIDR notation of /26 would have what subnet mask? A) 255.255.255.0 B) 255.255.255.192 C) 255.255.255.224 D) 255.255.255.240
B) 255.255.255.192
What IEEE standard specifies how VLAN information appears in frames and how switches interpret that information? A) 802.1c B) 802.1Q C) 802.1V D) 802.1d
B) 802.1Q
A subnet of 255.255.248.0 can be represented by what CIDR notation? A) /18 B) /20 C) /21 D) /29
C) /21
What is the maximum number of host IP addresses that can exist in a Class B network? A) 1022 B) 8190 C) 32,766 D) 65,534
D) 65,534
When using IPv6, what would a /64 network likely be assigned to? A) A regional Internet registry. B) A large Internet service provider. C) A very large organization. D) A smaller organization or business.
D) A smaller organization or business.
Amazon and Rackspace both utilize what virtualization software below to create their cloud environments? A) VMware vSphere B) Oracle VirtualBox C) Parallels D) Citrix Xen
D) Citrix Xen
What statement regarding the SSH (Secure Shell) collection of protocols is accurate? A) SSH provides a graphical view of the remote computer. B) SSH does not protect against DNS spoofing. C) SSH does not protect against IP spoofing. D) SSH supports port forwarding.
D) SSH supports port forwarding.
Which of the following statements regarding IPv6 subnetting is NOT accurate? A) IPv6 addressing uses no classes, and is therefore classless. B) IPv6 does not use subnet masks. C) A single IPv6 subnet is capable of supplying 18,446,744,073,709,551,616 IPv6 addresses. D) The largest IPv6 subnet capable of being created is a /64.
D) The largest IPv6 subnet capable of being created is a /64.
When using a site-to-site VPN, what type of device sits at the edge of the LAN and establishes the connection between sites? A) VPN proxy B) VPN server C) VPN transport D) VPN gateway
D) VPN gateway
An RFID label on a box is an example of what type of physical security detection method? A) motion detection technology B) video surveillance via CCTV C) tamper detection D) asset tracking tagging
D) asset tracking tagging
On certain Cisco products, what command can be used to create and send helper messages that support several types of UDP traffic, including DHCP, TFTP, DNS, and TACACS+? A) ip create helper server B) ip new helper C) set ip helper address D) ip helper-address
D) ip helper-address
What command will set the native VLAN on a Juniper switch port? A) switchport trunk native vlan B) switchport set native vlan C) config native vlan D) set native-vlan-id
D) set native-vlan-id
Which of the following statements describes a worm? A) A program that disguises itself as something useful but actually harms your system. B) A process that runs automatically, without requiring a person to start or stop it. C) A program that runs independently of other software and travels between computers and across networks. D) A program that locks a user's data or computer system until a ransom is paid.
C) A program that runs independently of other software and travels between computers and across networks.
IPv6 addressing does not utilize classful addressing, therefore every IPv6 address is classless. A) True B) False
A) True
In order to identify the transmissions that belong to each VLAN, a switch will add a tag to Ethernet frames that identifies the port through which they arrive at the switch. A) True B) False
A) True
Network segmentation at Layer 2 of the OSI model is accomplished using VLANs. A) True B) False
A) True
Office 365 is an example of an SaaS implementation with a subscription model. A) True B) False
A) True
Only Class B and Class C networks can be subnetted. A) True B) False
A) True
Over a long-distance connection, using SSH keys is more secure than using passwords. A) True B) False
A) True
PPP can support several types of Network layer protocols that might use the connection. A) True B) False
A) True
Sudden unexplained increases in file sizes and unusual error messages with no apparent cause are both potential symptoms of a viral infection. A) True B) False
A) True
The Virtual Network Computing (VNC) application uses the cross-platform remote frame buffer (RFB) protocol. A) True B) False
A) True
The day after Patch Tuesday is informally dubbed Exploit Wednesday. A) True B) False
A) True
What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission? A) L2TP B) TLS C) IPsec D) SSL
C) IPsec
Which of the following terms is commonly used to describe a VLAN configuration in which one router connects to a switch that supports multiple VLANs? A) router-on-a-stick B) branched router C) router overloading D) router-on-a-branch
A) router-on-a-stick
A network with 10 bits remaining for the host portion will have how many usable host addresses? A) 510 B) 1022 C) 2046 D) 4192
B) 1022
What type of door access control is a physical or electronic lock that requires a code in order to open the door? A) key fob lock B) cipher lock C) biometric lock D) encrypted lock
B) cipher lock
Utilized by China's so-called "Great Firewall", what type of attack can prevent user access to web pages, or even redirect them to illegitimate web pages? A) MAC address spoofing B) denial-of-service attack C) DNS poisoning D) rogue DHCP server
B) denial-of-service attack
A virus that remains dormant until a specific condition is met, such as the changing of a file or a match of the current date is known as what type of malware? A) encrypted virus B) logic bomb C) boot sector virus D) worm
B) logic bomb
What penetration testing tool combines known scanning and exploit techniques to explore potentially new attack routes? A) Nessus B) metasploit C) nmap D) Sub7
B) metasploit
The concept of giving employees and contractors only enough access and privileges to do their jobs is known by what term? A) least-risk privilege profile B) principle of least privilege C) minimal access/minimal exposure D) limited liability access
B) principle of least privilege
You are working on a Cisco switch and need to learn what VLANs exist on the switch. Which command will list the current VLANs recognized by the switch? A) get vlans B) show vlan C) list switch-vlans D) show vlandb
B) show vlan
On a Cisco switch, what would the security association identifier be for VLAN 13? A) 1013 B) 5013 C) 100013 D) 1000130
C) 100013
When an 802.1Q tag is added to an Ethernet frame, where is it placed? A) It is inserted between the preamble and the destination address. B) It is inserted between the destination and the source addresses. C) It is inserted between the source address and the Ethernet type field. D) It is appended to the end of the frame.
C) It is inserted between the source address and the Ethernet type field.
By default, what network connection type is selected when creating a VM in VMware, VirtualBox, or KVM? A) host-only mode B) bridged mode C) NAT mode D) lockdown mode
C) NAT mode
In a software defined network, what is responsible for controlling the flow of data? A) flow director B) vRouter C) SDN controller D) SDN switch
C) SDN controller
What is the Nmap utility used for? A) It is used to identify unsecured sensitive data on the network, such as credit cards. B) It is an automated vulnerability and penetration testing framework. C) It is a software firewall that can be used to secure a vulnerable host. D) It is a port scanning utility that can identify open ports on a host.
D) It is a port scanning utility that can identify open ports on a host.
Why is the telnet utility a poor choice for remote access to a device? A) It provides no mechanism for authentication. B) It does not allow for control of a computer remotely. C) It cannot be used over a public WAN connection. D) It provides poor authentication and no encryption.
D) It provides poor authentication and no encryption.
What open-source VPN protocol utilizes OpenSSL for encryption and has the ability to possibly cross firewalls where IPsec might be blocked? A) Layer 2 Tunneling Protocol (L2TP) B) Point-to-Point Tunneling Protocol (PPTP) C) Generic Routing Encapsulation (GRE) D) OpenVPN
D) OpenVPN
Which of the following statements regarding the Point-to-Point (PPP) protocol is NOT accurate? A) PPP can negotiate and establish a connection between two endpoints. B) PPP can utilize an authentication protocol, such as MS-CHAPv2 or EAP to authenticate a client. C) PPP can support several Network layer protocols, such as IP, that might use the connection. D) PPP can support strong encryption, such as AH or ESP.
D) PPP can support strong encryption, such as AH or ESP.
What statement regarding the different versions of the SHA hashing algorithm is accurate? A) SHA-0 is the most secure version of SHA. B) SHA-1 supports a 128-bit hash function. C) SHA-2 only supports a 256-bit hash. D) SHA-2 and SHA-3 both support the same hash lengths.
D) SHA-2 and SHA-3 both support the same hash lengths.
What is NOT a potential disadvantage of utilizing virtualization? A) Multiple virtual machines contending for finite resources can compromise performance. B) Increased complexity and administrative burden can result from the use of virtual machines. C) Licensing costs can be high due to every instance of commercial software requiring a separate license. D) Virtualization software increases the complexity of backups, making creation of usable backups difficult.
D) Virtualization software increases the complexity of backups, making creation of usable backups difficult.
What is NOT one of the ways in which networks are commonly segmented? A) by geographic location B) by departmental boundaries C) by device types D) by device manufacturer
D) by device manufacturer
If multiple honeypots are connected to form a larger network, what term is used to describe the network? A) combolure B) lurenet C) honeycomb D) honeynet
D) honeynet
A person posing as an employee strikes up a conversation with a legitimate employee as they walk into a secured area, in an attempt to gain access. What kind of social engineering is this? A) phishing B) baiting C) quid pro quo D) tailgating
D) tailgating
Given a host IP address of 172.16.1.154 and a subnet mask of 255.255.254.0, what is the network ID for this host? A) 172.16.0.0 B) 172.16.1.0 C) 172.16.2.0 D) 172.0.0.0
A) 172.16.0.0
How many /64 subnets can be created within a /56 prefix? A) 256 B) 512 C) 1024 D) 2048
A) 256
How large is the 802.1Q tag that is added to an Ethernet frame when using VLANs? A) 4 bytes B) 8 bytes C) 12 bytes D) 20 bytes
A) 4 bytes
What type of scenario would be best served by using a Platform as a Service (PaaS) cloud model? A) A group of developers needs access to multiple operating systems and the runtime libraries that the OS provides. B) An organization wishes to gain access to applications through an online user interface, while maintaining compatibility across operating systems. C) An organization needs to have a hosted virtual network infrastructure for their services, which are run on virtual machines. D) A small organization needs to have high availability for their web server.
A) A group of developers needs access to multiple operating systems and the runtime libraries that the OS provides.
How is a posture assessment performed on an organization? A) A thorough examination of each aspect of the organization's network is performed to determine how it might be compromised. B) A third party organization is tasked with attempting to break into the organization and compromise security in order to determine threat vectors. C) A report of data that is subject to special regulation is created, such that the organization is aware of what data needs protection. D) An assessment of how a network will perform under stress is performed to determine if the network throughput is adequate.
A) A thorough examination of each aspect of the organization's network is performed to determine how it might be compromised.
Which of the following virtualization products is an example of a bare-metal hypervisor? A) Citrix XenServer B) VirtualBox C) VMware Player D) Linux KVM
A) Citrix XenServer
Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers? A) IaaS B) PaaS C) SaaS D) XaaS
A) IaaS
Which of the following statements correctly describes the malware characteristic of polymorphism? A) Polymorphic malware can change its characteristics every time it is transferred to a new system. B) Polymorphic malware is designed to activate on a particular date, remaining harmless until that time. C) Polymorphic malware is software that disguises itself as a legitimate program, or replaces a legitimate program's code with destructive code. D) Polymorphic malware utilizes encryption to prevent detection.
A) Polymorphic malware can change its characteristics every time it is transferred to a new system.
Which statement regarding the use of a bridged mode vNIC is accurate? A) The vNIC will its own IP address on the physical LAN. B) The vNIC will be assigned a NAT-ed IP address. C) The vNIC will only be able to communicate across the bridge to the host PC. D) The vNIC will utilize the host PC's IP address.
A) The vNIC will its own IP address on the physical LAN.
A /24 CIDR block is equivalent to a 255.255.255.0 subnet mask. A) True B) False
A) True
Current research indicates that a long, random string of words, such as correct horse battery staple is more secure than a random series of letters, numbers, and symbols that is short enough to be remembered. A) True B) False
A) True
What statement regarding denial-of-service (DoS) attacks is accurate? A) A denial-of-service attack occurs when a MAC address is impersonated on the network. B) A denial-of-service attack prevents legitimate users from accessing normal network resources. C) A denial-of-service attack is generally a result of a disgruntled employee. D) A denial-of-service attack is no longer a major concern due to the increased throughput available on most networks.
B) A denial-of-service attack prevents legitimate users from accessing normal network resources.
Which of the following suggestions can help prevent VLAN hopping attacks on a network? A) Install an additional switch to isolate traffic. B) Disable auto trunking and move native VLANs to unused VLANs. C) Install a router to process the untagged traffic on the VLAN. D) Use MAC address filtering.
B) Disable auto trunking and move native VLANs to unused VLANs.
The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field? A) priority B) FCS C) FEC D) encryption
B) FCS
A Type 2 hypervisor installs on a computer before any OS, and is therefore called a bare-metal hypervisor. A) True B) False
B) False
A hacker, in the original sense of the word, is someone with technical skill and malicious intent. A) True B) False
B) False
A native VLAN mismatch occurs when two access ports that are connected to each other are both tagging traffic with different VLAN IDs. A) True B) False
B) False
After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel. A) True B) False
B) False
All that is needed to provide communication between two VLANs is a DHCP relay agent. A) True B) False
B) False
An unmanaged switch can still support the creation of VLANs, provided there is an interface for configuration. A) True B) False
B) False
Different types of organizations have similar levels of network security risks. A) True B) False
B) False
FTPS (FTP Security or FTP Secure) and SFTP (Secure FTP) are two names for the same protocol. A) True B) False
B) False
It is ideal to use the same password for multiple different applications, provided the password is complex enough. A) True B) False
B) False
Network segmentation decreases both performance and security on a network. A) True B) False
B) False
The HTTPS (HTTP Secure) protocol utilizes the same TCP port as HTTP, port 80. A) True B) False
B) False
The original version of the Secure Hash Algorithm was developed by MIT. A) True B) False
B) False
When using public and private keys to connect to an SSH server from a Linux device, where must your public key be placed before you can connect? A) In an authorization file under your home directory on your computer. B) In an authorization file on the host where the SSH server is. C) In the /etc/ssh/keys folder. D) In the /var/run/ssh/public folder.
B) In an authorization file on the host where the SSH server is.
What does the VLAN Trunk Protocol (VTP) do? A) It shares trunking information amongst switches that participate. B) It shares VLAN database information amongst switches that participate. C) It is the protocol used by a trunk port for establishing a trunk with another switch. D) It is the protocol that defines how VLAN tagging is accomplished in an Ethernet network.
B) It shares VLAN database information amongst switches that participate.
A vSwitch (virtual switch) or bridge is a logically defined device that operates at what layer of the OSI model? A) Layer 1 B) Layer 2 C) Layer 4 D) Layer 7
B) Layer 2
Which of the following utilities performs sophisticated vulnerability scans, and can identify unencrypted data such as credit card numbers? A) Nmap B) Nessus C) Metasploit D) L0phtcrack
B) Nessus
At what layer of the OSI model does the IPsec encryption protocol operate? A) Physical layer B) Network layer C) Transport layer D) Application layer
B) Network layer
With VTP, where is the VLAN database stored? A) On the router responsible for maintaining the VTP database. B) On the switch that is known as the stack master. C) On the switch that is configured as the trunk root. D) On the designated VLAN server for the network.
B) On the switch that is known as the stack master.
What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices? A) IaaS B) SaaS C) XaaS D) PaaS
B) SaaS
If the EUI-64 standard is used, what part of an IPv6 address is affected? A) The first four blocks of the address. B) The last four blocks of the address. C) The middle four blocks of the address. D) All blocks of the address are affected.
B) The last four blocks of the address.
In an IPv6 address, what do the first four blocks or 64 bits of the address represent? A) The usable host portion of the network. B) The site prefix or global routing prefix. C) The broadcast domain for the configured host ID. D) The MAC address of the router assigning the host ID.
B) The site prefix or global routing prefix.
VMware Player and Linux KVM are both examples of what type of hypervisor? A) Type 1 hypervisor B) Type 2 hypervisor C) barebones hypervisor D) bare-metal hypervisor
B) Type 2 hypervisor
When dealing with a Cisco switch, what is NOT one of the pre-established VLANs? A) VLAN 1 B) VLAN 1001 C) VLAN 1003 D) VLAN 1005
B) VLAN 1001
When is it appropriate to utilize the NAT network connection type? A) Only when the VM requires an IP address on the physical LAN. B) Whenever the VM does not need to be access at a known address by other network nodes. C) Only if the VM does not need to communicate with the host PC. D) Only if the VM is intended for VM-to-host communications.
B) Whenever the VM does not need to be access at a known address by other network nodes.
In the typical social engineering attack cycle, what occurs at Phase 3? A) The attacker researches the desired target for clues as to vulnerabilities. B) The attacker builds trust with the target and attempts to gain more information. C) The attacker exploits an action undertaken by the victim in order to gain access. D) The attacker executes an exit strategy in such a way that does not leave evidence or raise suspicion.
C) The attacker exploits an action undertaken by the victim in order to gain access.
In a red team-blue team exercise, what is the purpose of the blue team? A) The blue team is tasked with attacking the network. B) The blue team must observe the actions of the red team. C) The blue team is charged with the defense of the network. D) The blue team consists of regulators that ensure no illegal activity is undertaken.
C) The blue team is charged with the defense of the network.
The combination of a public key and a private key are known by what term below? A) key set B) key team C) key pair D) key tie
C) key pair
An attack that relies on redirected and captured secure transmissions as they occur is known as what type of attack? A) buffer overflow B) session hijacking attack C) man-in-the-middle attack D) banner-grabbing attack
C) man-in-the-middle attack
The use of certificate authorities to associate public keys with certain users is known by what term? A) public-key organization B) certified infrastructure C) public-key infrastructure D) symmetric identification
C) public-key infrastructure
If someone is offered a free gift or service in exchange for private information or access to a computer system, what type of social engineering is taking place? A) phishing B) baiting C) quid pro quo D) tailgating
C) quid pro quo
An interface that manages traffic from multiple VLANs is known by what term? A) access port B) aggregation port C) trunk port D) egress port
C) trunk port
Which of the following scenarios represents a phishing attempt? A) An employee at your company has received a malware-infected file in their e-mail. B) A person posing as an employee tried to access a secured area at your organization. C) A gift was offered to an employee with access to secured information in exchange for details. D) An e-mail was sent to a manager at your company that appeared to be from the company's CTO, asking for access.
D) An e-mail was sent to a manager at your company that appeared to be from the company's CTO, asking for access.
Which statement regarding the IKEv2 tunneling protocol is accurate? A) IKEv2 is an older, Layer 2 protocol developed by Microsoft that encapsulates VPN data frames. B) IKEv2 is based on technology developed by Cisco and standardized by the IETF. C) IKEv2 is an open-source VPN protocol that utilizes OpenSSL for encryption. D) IKEv2 offers fast throughput and good stability when moving between wireless hotspots.
D) IKEv2 offers fast throughput and good stability when moving between wireless hotspots.