Practice Questions
Your company purchases a new bridge that filters packets based on the MAC address of the destination computer. On which layer of the OSI model is this device functioning?
Data Link The bridge is operating at the Data Link layer.
Haley configures a website using Windows Server 2016 default values. What are the HTTP port and SSL port settings?
80 for HTTP; 443 for SSL The default TCP port setting for HTTP is 80. You can change that setting to another TCP setting that is not in use, but users will have to know they must request the non-default setting, or they will be unable to connect. The SSL port number is 443 and is only used with secure socket layers for encryption.
You connect your computer to a wireless network available at the local library. You find that you can access all the websites you want on the internet except for two. What might be causing the problem?
A proxy server is blocking access to the websites. A proxy server can be configured to block internet access based on website or URL. Many schools and public networks use proxy servers to prevent access to websites with objectionable content. Ports 80 and 443 are used by HTTP to retrieve all web content. If a firewall were blocking these ports, access would be denied to all websites. Port forwarding directs incoming connections to a host on the private network. Port triggering dynamically opens firewall ports based on applications that initiate contact from the private network.
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
ACL When you configure a router as a firewall, you configure the access control list (ACL) with statements that identify traffic characteristics, such as the direction of traffic (inbound or outbound), the source or destination IP address, and the port number. ACL statements include an action to either allow or deny the traffic specified by the ACL statement. IPsec is a protocol for encrypting packets. RDP and VNC are remote desktop protocols used for remotely accessing a computer's desktop. PPP is a protocol for establishing a remote access connection over a dial-up link.
You are configuring a network firewall to allow SMTP outbound email traffic and POP3 inbound email traffic. Which of the following TCP/IP ports should you open on the firewall? (Select two.)
110 25 The simple mail transfer protocol (SMTP) uses TCP/IP port 25. The post office protocol version 3 (POP3) uses TCP/IP port 110. The file transfer protocol (FTP) uses TCP/IP Port 21. The internet message access protocol (IMAP) uses TCP/IP port 143. TCP/IP port 443 is used by the secure sockets layer (SSL) protocol.
You have recently installed a new Windows Server 2016 system. To ensure the accuracy of the system time, you have loaded an application that synchronizes the hardware clock on the server with an external time source on the internet. Now, you must configure the firewall on your network to allow time synchronization traffic through. Which of the following ports are you most likely to open on the firewall?
123 TCP/IP port 123 is assigned to the network time protocol (NTP). NTP is used to communicate time synchronization information between systems on a network. The hypertext transfer protocol (HTTP) uses TCP/IP port 80. HTTP is the protocol used to send requests to a web server and retrieve web pages from a web server. TCP/IP port 119 is used by the network news transfer protocol (NNTP). NNTP is used to access and retrieve messages from newsgroups. TCP/IP port 110 is used by the post office protocol version 3 (POP3). POP3 is used to download email from mail servers.
Which port number is used by SNMP?
161 The simple network management protocol (SNMP) uses port 161. The other listed ports are used by the following protocols: SMTP uses port 25 POP3 uses port 110 NNTP uses port 119 IMAP4 uses port 143
Which port does Telnet use?
23 Telnet uses port 23.
To increase security on your company's internal network, the administrator has disabled as many ports as possible. Now, though you can browse the internet, you are unable to perform secure credit card transactions. Which port needs to be enabled to allow secure transactions?
443 To perform secure transactions, SSL on port 443 needs to be enabled.
You want to maintain tight security on your internal network, so you restrict access to the network through certain port numbers. If you want to allow users to continue to use DNS, which port should you enable?
53 The DNS service uses port 53.
Match each layer of the TCP/IP model on the left with the corresponding layer of the OSI model on the right. Each option on the left can be used more than once.
Application - Application, Presentation, Session Host to Host - Transport Internet - Network Network Access - Data Link
Match the networking function or device on the left with its associated OSI model layer on the right.
Application - HTTP Presentation - ASCII Session - Session ID number Transport - Port numbers Network - Router Data Link - Switch Physical - Modem
You provide internet access for a local school. You want to control internet access by user and prevent access to specific URLs. Which type of firewall should you install?
Application level An application-level gateway is a firewall that is capable of filtering by information contained within the data portion of a packet. An application-level gateway can filter by user, group, and data (for example, URLs within an HTTP request). One example of an application-level gateway is a proxy server. Proxies can be configured to restrict access by user or by website. A packet filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. A circuit-level proxy, or circuit-level gateway, makes decisions about which traffic to allow based on virtual circuits or sessions. An intrusion prevention system (IPS) looks for network attacks and takes appropriate actions to stop or reduce the effects of those attacks.
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
Circuit-level A circuit-level proxy, or circuit-level gateway, makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level gateway: Operates at OSI Layer 5 (Session layer). Keeps a table of known connections and sessions. Packets directed to known sessions are accepted. Verifies that packets are properly sequenced. Ensures that the TCP three-way handshake process occurs only when appropriate. Does not filter packets; rather, it allows or denies sessions. A packet filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. An Application level gateway is a firewall that is capable of filtering by information contained within the data portion of a packet, such as URLs within an HTTP request. A VPN concentrator is a device that is used to establish remote access VPN connections.
When designing a firewall, what is the recommended approach for opening and closing ports?
Close all ports; open only ports required by applications inside the DMZ. When designing a firewall, the recommended practice is to close all ports and then only open the ports that allow the traffic that you want inside the DMZ or the private network. Ports 20, 21, 53, 80, and 443 are common ports that are opened, but the exact ports you will open depend on the services provided inside the DMZ.
Which of the following tasks is associated with the Session layer?
Connection establishment Connection establishment is controlled through Session layer protocols.
What is the basic purpose of the OSI Physical layer?
Coordinates rules for transmitting bits. The OSI Physical layer coordinates rules for transmitting bits.
Which firewall implementation creates a buffer network that can be used to host email or web servers?
DMZ A demilitarized zone (DMZ), also called a screened subnet, is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the internet). Web servers and email servers can be placed in this buffer network so that they can be accessed from the internet. Firewalls use access control lists (ACLs) to manage incoming or outgoing traffic. A perimeter firewall sits on the edge of a private network and filters all incoming and outgoing requests. A host-based firewall is used to protect a single device.
A switch is associated with which OSI model layer?
Data Link Switches are associated with the Data Link layer of the OSI model. Switches examine the device address in the packet and forward messages directly to that device.
In the output of the netstat command, you notice that a remote system has made a connection to your Windows Server 2016 system using TCP/IP port 21. Which of the following actions is the remote system most likely performing?
Downloading a file TCP/IP port 21 is assigned to the file transfer protocol (FTP). A system connected on this port is most likely downloading a file from an FTP server application hosted on the system. Downloading email can be achieved via a number of protocols, including the simple mail transfer protocol (SMTP), the post office protocol version 3 (POP3) and the internet message access protocol version 4 (IMAP4). SMTP uses TCP/IP port 25, while POP3 uses TCP/IP port 110, and IMAP4 uses TCP/IP port 143. Web pages are downloaded using the hypertext transfer protocol (HTTP) on TCP/IP port 80. Name resolution requests use the domain name service (DNS) protocol on TCP/IP port 53.
In the OSI model, which of the following functions are performed at the Presentation layer? (Select two.)
Encrypt and compress data Specify data format (such as file formats) The Presentation layer encrypts data, changes and converts character sets, and compresses data. File formats (such as .jpg, .wmv, and .wav) are part of the Presentation layer. The Application layer provides network services. The Session layer maintains separate client connections through session IDs and maintains those sessions. Flow control and error detection are provided at both the Transport layer and the Data Link layer. Frame transmission occurs at the Physical layer.
You want to allow users to download files from a server running the TCP/IP protocol. You want to require user authentication to gain access to specific directories on the server. Which TCP/IP protocol should you implement to provide this capability?
FTP You should implement the file transfer protocol (FTP). It enables file transfers and supports user authentication. The trivial file transfer protocol (TFTP) enables file transfer, but does not support user authentication.
Which protocol is used on the World Wide Web to transmit web pages to web browsers?
HTTP Web servers and browsers use or hypertext transfer protocol (HTTP) , to transmit web pages on the internet. This protocol is often confused with hypertext markup language (HTML), which is used to create web content.
Which protocol is used to securely browse a website?
HTTPS HTTPS is a secure form of HTTP that uses SSL to encrypt data before it is transmitted. HTTP is used by web browsers and web servers to exchange files (such as web pages) through the World Wide Web and intranets. SSH is used for secure remote management. UDP is a data transport control protocol that does not include error correction or detection mechanisms. SIP is a protocol used by Voice over IP (VoIP) to set up and terminate phone calls. ARP is used to find the IP address of a device with a known MAC address.
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?
Host-based firewall A host-based firewall inspects traffic received by a host. Use a host-based firewall to protect your computer from attacks when there is no network-based firewall, such as when you connect to the internet from a public location. A network-based firewall inspects traffic as it flows between networks. For example, you can install a network-based firewall on the edge of your private network that connects to the internet to protect your data from attacks from internet hosts. A VPN concentrator is a device connected to the edge of a private network that is used for remote access VPN connections. Remote clients establish a VPN connection to the VPN concentrator and are granted access to the private network. A proxy server is an Application layer firewall that acts as an intermediary between a secure private network and the public. Access to the public network from the private network goes through the proxy server.
Which of the following devices operates at the OSI model Layer 1?
Hub A hub operates at OSI model Layer 1 (Physical layer). It regenerates electrical signals and sends those signals out all hub ports without regard to the upper-layer data. A switch operates at the OSI model Layer 2 (Data Link layer). It reads the MAC address to make frame forwarding decisions. A router and a firewall operate at OSI model Layer 3 (Network layer).
Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery?
ICMP The internet control message protocol (ICMP) allows hosts to exchange messages to indicate a packet's status as it travels through the network.
Which of the following protocols stores email on the mail server and allows users to access messages from various client devices without having to download the emails?
IMAP4 IMAP4 allows a mail server to store messages users can access from various locations using various client devices. A POP3 server requires the user to download his or her email. SMTP allows a user to send email to a server. The NTP protocol synchronizes the clocks of all computers on a network.
You are asked to recommend an email retrieval protocol for a company's sales team. The sales team needs to access email from various locations and possibly different computers. The sales team does not want to worry about transferring email messages or files back and forth between these computers. Which email protocol is designed for this purpose?
IMAP4 The internet message access protocol version 4 (IMAP) is an email retrieval protocol designed to enable users to access their email from various locations without transferring messages or files back and forth between computers. Messages remain on the remote mail server and are not automatically downloaded to a client system. POP3 is an email retrieval protocol that downloads and then deletes messages from a mail server. POP3 is well suited for reading email offline, but you must go online when you want to receive and send new messages. Once your new messages have been downloaded to your computer, you can log off to read them. This option is often used when email is received over a dial-up connection.
You have a router that is configured as a firewall. The router is a Layer 3 device only. Which of the following does the router use for identifying allowed or denied packets?
IP Addresses A router acting as a firewall at Layer 3 is capable of making forwarding decisions based on the IP address. The MAC address is associated with OSI model layer 2. Switches and wireless access points use MAC addresses to control access. The session ID is used by a circuit-level gateway, and username and password are used by Application layer firewalls.
Which of the following are included as part of Data Link layer specifications? (Select two.)
Identifying physical network devices. Controlling how messages are propagated through the network. The Data Link layer controls device identification on networks, as well as how messages travel through the network (the logical topology).
In the OSI model, which of the following functions are performed at the Application layer? (Select all that apply.)
Integrating network functionality into the host operating system Enabling communication between network clients and services The Application layer enables network services and integrates network functionality into the host operating system. Applications actually run above the OSI Application layer. Conversation identification is accomplished at the Session layer through connection or transaction ID numbers. Data translation is performed at the Presentation layer.
At which of the following OSI layers does a router operate?
Layer 3 A router operates at Layer 3, or the Network layer.
Which of the following are functions of the MAC sublayer? (Select two.)
Letting devices on the network have access to the LAN Defining a unique hardware address for each device on the network The MAC sublayer defines a unique MAC or data-link address for each device on the network. This address is usually assigned by the manufacturer. The MAC sublayer also provides devices with access to the network media.
The UDP transport protocol provides which of the following features? (Select all that apply.)
Low overhead Connectionless datagram services UDP is a connectionless protocol used by applications that need low overhead and do not require guaranteed delivery.
The Data Link Layer of the OSI model is comprised of two sublayers. What are they? (Select two.)
MAC LLC The Data Link layer is split into the following sublayers: -The Logical Link Control (LLC) Sublayer, which provides the operating system link to the device driver. -The Media Access Control (MAC) Sublayer, which translates generic network requests into device-specific terms.
Which of the following functions are performed at the Physical layer of the OSI model?
Moving data across network cables The Physical layer is concerned with how to transmit data and how to connect network hosts.
You have a large TCP/IP network and want to keep a host's real time clock synchronized. What protocol should you use?
NTP The network time protocol (NTP) lets you keep clocks synchronized.
At which OSI layer does a router operate to forward network messages?
Network A router uses the logical network address specified at the Network layer to forward messages to the appropriate LAN segment. A bridge, on the other hand, uses the MAC address and works at the Data Link layer.
Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?
Network-based firewall A demilitarized zone (DMZ) is a buffer network, or subnet, that sits between the private network and an untrusted network, such as the internet. To create a DMZ, use two network-based firewall devices, one connected to the public network, and one connected to the private network. A host-based firewall inspects traffic received by a host. Use a host-based firewall to protect your network from attacks when there is no network-based firewall, such as when you connect to the internet from a public location. A VPN concentrator is a device that is used to establish remote access VPN connections. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A passive IDS monitors, logs, and detects security breaches, but takes no action to stop or prevent attacks. An active IDS (also called an intrusion protection system, or IPS) performs the functions of an IDS, but can also react when security breaches occur.
You manage a small network at work. Users use workstations connected to your network. No portable computers are allowed. As part of your security plan, you would like to scan all users' emails. You want to scan the emails and prevent any e-mails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?
Network-based firewall A network-based firewall inspects traffic as it flows between networks. For example, you can install a network-based firewall on the edge of your private network that connects to the internet and scans all incoming emails. Scanning emails as they arrive at your email server allows you to centralize management and stop malicious emails before they arrive at client computers. A demilitarized zone (DMZ), also called a screened subnet, is a buffer network, or subnet, that sits between the private network and an untrusted network, such as the internet. SMTP is an email protocol used by email servers for sending mail.
After blocking a number of ports to secure your server, you are unable to send email. To allow email service, which of the following needs to be done?
Open port 25 to allow SMTP service The simple mail transfer protocol (SMTP) uses TCP port 25 and is responsible for sending email. If port 25 is blocked, users will not be able to send email, but they could receive email using port 110 and the POP3 protocol. SNMP is used to monitor network traffic. POP3 uses port 110 and is used to retrieve email from a mail server.
Which of the following TCP/IP protocols do email clients use to download messages from a remote mail server?
POP3 The POP3 protocol is part of the TCP/IP protocol suite. It is used to retrieve email from a remote server to a local client over a TCP/IP connection. SNMP is a protocol used to monitor network traffic. SMTP is a TCP/IP protocol used to send email. FTP is used to transfer files.
Which of the following is a firewall function?
Packet filtering Firewalls often filter packets by checking each packet against a set of administrator-defined criteria. If the packet is not accepted, it is simply dropped.
Match the firewall type on the right with the OSI layer at which it operates. Packet filtering firewall, circuit level proxy, application level gateway, routed firewall, and transparent firewall.
Packet filtering firewall - OSI Layer 3 Circuit level proxy - OSI Layer 5 Application level gateway - OSI Layer 7 Routed firewall - OSI Layer 3 Transparent firewall - OSI Layer 2
At which layer of the OSI model do hubs operate?
Physical Hubs operate at Layer 1, or the Physical layer of the OSI model.
During TCP/IP communications between two network hosts, information is encapsulated on the sending host and decapsulated on the receiving host using the OSI model. Match the information format on the left with the appropriate layer of the OSI model on the right. (Not all layers have a matching information format.)
Physical Layer - Bits Data Link Layer - Frames Network Layer - Packets Transport Layer - Segments Encapsulation is the process of breaking a message into packets, adding control and other information, and transmitting the message through the transmission media. The following is the five-step data encapsulation/decapsulation process used by the OSI model: Upper layers prepare the data to be sent through the network. The Transport layer breaks the data into pieces called segments, adding sequencing and control information. The Network layer converts the segments into packets, adding logical network and device addresses. The Data Link layer converts the packets into frames, adding physical device addressing information. The Physical layer converts the frames into bits for transmission across the transmission media.
You have just installed a packet filtering firewall on your network. Which options will you be able to set on your firewall? (Select all that apply.)
Port number Source address of a packet Destination address of a packet Firewalls allow you to filter by IP address and port number.
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Put the database server on the private network. Put the web server inside the DMZ. Publicly accessible resources (servers) are placed inside the DMZ. Examples of publicly accessible resources include web, FTP, and email servers. Devices that should not be accessible to public users are placed on the private network. If you have a public server that communicates with another server, such as a database server, and that server should not have direct contact with public hosts, place the server on the private network and allow only traffic from the public server to cross the inner firewall.
Which of the following functions are performed by the OSI Transport layer? (Select three.)
Reliable message delivery End-to-end flow control Data segmentation and reassembly The Transport layer is responsible for breaking upper-layer data into segments and allowing reliable communications through end-to-end flow control, error detection, and error correction. Message transmission through media is performed at the Physical layer. Media access, logical topology, and device identification occurs at the Data Link layer. Path identification and selection is a function of the Network layer. Data formatting is performed at the Presentation layer.
In the OSI model, what is the primary function of the Network layer?
Routes messages between networks The Network layer is responsible for routing messages between networks.
What protocol sends email to a mail server?
SMTP SMTP sends email to a mail server.
Your company has just acquired another company in the same city. You need to integrate the two email systems so that messages can be exchanged between the email servers. Currently, each network uses an email package from a different vendor. Which TCP/IP protocol will enable message exchange between systems?
SMTP The simple mail transfer protocol (SMTP) specifies how messages are exchanged between email servers. Email clients use POP3 and IMAP4 to download email messages from email servers. FTP is a file transfer protocol. ICMP is used in ping and traceroute to communicate network information.
Which of the following network services or protocols uses TCP/IP port 22?
SSH The Secure Shell (SSH) service uses TCP/IP port 22. SSH is a terminal emulation program similar to Telnet, which provides secure authenticated sessions on a remote system. It is most commonly associated with Unix and Linux systems. The trivial file transfer protocol (TFTP) is a connectionless service for downloading files from a remote system. TFTP uses TCP/IP port 69. The network news transfer protocol (NNTP) is used to access and download messages from newsgroup servers. NNTP uses TCP/IP port 119. The internet message access protocol version 4 (IMAP4) is used to download email from remote servers. IMAP 4 uses TCP/IP port 143.
You are monitoring network traffic on your network, and you see traffic between two network hosts on port 1720. What is the source of this network traffic?
Someone is using voice over IP (VoIP) to make a telephone call. Someone on the network is using voice over IP (VoIP) to make a telephone call. Some VoIP implementations use the H.323 protocol to set up, maintain, tear down, and redirect calls. H.323 uses port 1720. The DNS protocol sends name resolution requests to a DNS server on port 53. In a man-in-the-middle attack, a legitimate communication session between two network hosts is intercepted and possibly modified by an attacker. The FTP protocol uses ports 20 and 21 to transfer files between two network hosts.
Which of the following are characteristics of a circuit-level gateway? (Select two.)
Stateful Filters by session A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level proxy is considered a stateful firewall because it keeps track of the state of a session. Packet filtering firewalls are stateless and filter by on IP address and port number. Application-level gateways filter by the application layer data, which might include data such as URLs within an HTTP request.
Which of the following are characteristics of a packet filtering firewall? (Select two.)
Stateless Filters IP addresses, not ports A packet filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols. A packet filtering firewall is considered a stateless firewall because it examines each packet and uses rules to accept or reject each packet without considering whether the packet is part of a valid and active session.
Which of the following are true about routed firewalls? (Select two.)
Supports multiple interfaces. Counts as a router hop. In a routed firewall, the firewall is also a Layer 3 router. In fact, many hardware routers include firewall functionality. Transmitting data through this type of firewall counts as a router hop. A routed firewall usually supports multiple interfaces, each connected to a different network segment. A transparent firewall (which is also called a virtual firewall) works differently. It operates at Layer 2 and is not seen as a router hop by connected devices. Both the internal and external interfaces on a transparent firewall connect to the same network segment. Because it is not a router, you can easily introduce a transparent firewall into an existing network.
Which of the following devices operates at the OSI model Layer 2?
Switch
Which of the following devices operate at OSI model Layer 2? (Select two.)
Switch Network interface card A network interface card and a switch operate at Layer 2 (Data Link) of the OSI model. Layer 2 includes protocols that define the MAC address. The MAC address is burned into the network interface card, and a switch uses the MAC address to make forwarding decisions. A hub or a repeater operate at Layer 1; they regenerate a signal without looking at Layer 2 or Layer 3 information. A router operates at Layer 3, using the IP address to make forwarding decisions. A firewall operates at Layer 3 or higher, using packet or data contents to make filtering decisions.
Which of the following devices operate at the Data Link layer of the OSI model? (Select three.)
Switches Network interface cards (NICs) Bridges Network interface cards (NICs), bridges, and switches all operate at the OSI Data Link layer. They use the physical device address (MAC address) to identify packets. Hubs and repeaters operate at the Physical layer--they simply repeat packets without regard to addresses. Routers function at the Network layer--they examine the logical device and network address to perform routing tasks.
Which of the following protocols includes extensive error checking to ensure that a transmission is sent and received without mistakes?
TCP The TCP protocol includes error checking.
You are an application developer, and you are writing a program for exchanging video files through a TCP/IP network. You need to select a transport protocol that will guarantee delivery. Which TCP/IP protocol provides this capability?
TCP Write the application to use the transmission control protocol (TCP). TCP guarantees delivery through error checking and acknowledgments.
Which protocols and port numbers are used by DHCP? (Select two.)
TCP 67 UDP 67 The dynamic host configuration protocol (DHCP) uses port 67 for both the TCP and UDP protocols. TFTP uses UDP port 69, and NTP uses UDP port 123.
Which of the following is a file transfer protocol that uses UDP?
TFTP The trivial file transfer protocol (TFTP) uses UDP. The file transfer protocol (FTP) is a file transfer protocol, but uses TCP instead of UDP. HTTP is the hypertext transfer file. It is used for web browsing and is not considered a file transfer protocol. SMTP and POP3 are email transfer protocols. NTP is a service that provides network time.
Which of the following network services or protocols uses port 69?
TFTP The trivial file transfer protocol (TFTP) uses UDP/IP port 69. TFTP is a connectionless service for downloading files from a remote system. It is often used for downloading firmware to networking devices. The network news transfer protocol (NNTP) is used to access and download messages from newsgroup servers. NNTP uses TCP/IP port 119. The simple mail transfer protocol (SMTP) is used to send and receive email. SMTP uses TCP/IP port 25. The post office protocol version 3 (POP3) is used to download email from a remote system. POP3 uses TCP/IP port 110.
You are an administrator for a large company. You are setting up a computer at a worker's home so he can telecommute while he recovers from surgery. You want to connect to the UNIX server at the office to update his account information. Which utility should you use to accomplish this task?
Telnet Telnet allows you to perform terminal emulation, which means you can gain access to a host from a remote location and work as if you were at the actual host.
You administer a web server on your network. The computer has multiple IP addresses. They are 192.168.23.8 to 192.168.23.17. The name of the computer is www.westsim.com. You configured the website as follows: IP address: 192.168.23.8 HTTP Port: 1030 SSL Port: 443 Users complain that they can't connect to the website when they type www.westsim.com. What is the most likely source of the problem?
The HTTP port should be changed to 80. The default HTTP port for the web is 80. You can change the default port; however, port 80 is the default port used by web browsers to make a connection to a web server. If you change the default port, the users must specify the correct port number, or they won't be able to connect to the server.
You are monitoring network traffic on your network, and you see traffic between two network hosts on port 2427. Which kind of network traffic uses this port?
The MGCP protocol is generating traffic, which VoIP uses to send voice data over a network. Someone on the network is using voice over IP (VoIP) to make a telephone call. Some VoIP implementations use the media gateway control protocol (MGCP) to set up, maintain, tear down, and redirect calls. MGCP uses port 2427. The DHCP protocol is used to automatically assign IP addresses to network hosts and utilizes IP ports 67 and 68. A ping of death attack utilizes an oversized ICMP echo request packet to crash a target system. The SSH protocol is used to remotely access another network host and uses port 22.
A small startup company has hired you to harden their new network. Because funds are limited, you have decided to implement a unified threat management (UTM) device that provides multiple security features in a single network appliance: Firewall VPN Anti-spam Antivirus You join the UTM device to the company's Active Directory domain. The company's traveling sales force will use the VPN functionality provided by the UTM device to connect to the internal company network from hotel and airport public Wi-Fi networks. Which weaknesses exist in this implementation?
The UTM represents a single point of failure. By combining several services into one appliance, UTM devices make managing network security less expensive and complex. However, they also introduce a single point of failure—if the UTM fails, then network security is lost. Additionally, UTM devices aren't as robust as other devices made for a specific use. Therefore, UTM devices are best suited for: Offices where space limits don't allow multiple security appliances. Satellite offices that need to be managed remotely. Configuration changes need to be made on only one device, rather than multiple devices. Smaller businesses that wouldn't benefit from the robust features provided by specific security appliances. Joining the UTM device to the Active Directory domain is the best practice because it simplifies authentication management. Using a VPN connection while accessing a public Wi-Fi network is a good practice because it provides an extra layer of security. Since this organization is a small startup, combining anti-spam and anti-virus functions on the same device is an acceptable practice.
You are monitoring network traffic on your network. You see a large amount of traffic between a Windows workstation and a Windows server on the following ports: 137 138 139 What is the source of this network traffic?
The workstation is using NetBIOS to access shared resources on the server. The workstation is using NetBIOS to access shared resources on the server, such as shared folders and printers. The NetBIOS protocol uses three ports: 137, 138, 139 Email clients use the POP (port 110) or IMAP (port 143) protocols to access messages on an email server. The NTP protocol (port 123) is used to synchronize time between network hosts. A denial of service (DoS) attack utilizes characteristics of the TCP or ICMP protocols to flood a network host with so much traffic that it can't respond to network requests.
Which OSI model layer is responsible for guaranteeing reliable message delivery?
Transport The Transport layer is responsible for connection services that provide reliable message delivery through error detection and correction mechanisms. Specifically, the TCP protocol provides these services. The Application layer integrates network functionality into the host operating system and enables network services. The Session layer's primary function is managing the sessions in which data is transferred. The Data Link layer defines the rules and procedures for hosts as they access the Physical layer.
Which protocol and port number is used by TFTP?
UDP 69 The trivial file transfer protocol (TFTP) uses UDP port 69. TFTP is a faster alternative to FTP. TFTP uses UDP instead of TCP to reduce the overhead of sending packets. FTP uses TCP ports 20 and 21. DHCP uses port 67.
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?
Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ. A demilitarized zone (DMZ), also called a screened subnet, is a buffer network (or subnet) that sits between the private network and an untrusted network, such as the internet. A common configuration uses two firewalls, one connected to the public network, and one connected to the private network. Publicly accessible resources (servers) are placed inside the screened subnet. Examples of publicly accessible resources include web, FTP, or email servers. Private resources that are not accessible from the internet are placed behind the DMZ (behind the inner firewall). Placing the web server inside the private network would mean opening ports in the firewall leading to the private network, which could expose other devices to attack. Placing the web server outside of the firewall would leave it unprotected.
You are configuring a firewall to allow access to a server hosted on the demilitarized zone of your network. You open TCP/IP ports 80, 25, 110, and 143. Assuming that no other ports on the firewall need to be configured to provide access, which applications are most likely to be hosted on the server?
Web server and email server TCP/IP port 80 is associated with accessing web pages from a web server using the hypertext transfer protocol (HTTP). Email can be accessed using a number of protocols, including the simple mail transfer protocol (SMTP), the post office protocol version 3 (POP3) and the internet message access protocol version 4 (IMAP4). SMTP uses TCP/IP port 25, while POP3 uses TCP/IP port 110, and IMAP4 uses TCP/IP port 143. Domain name service (DNS) traffic uses TCP/IP port 53. Newsgroup servers are accessed using the network news transfer (NNTP) protocol on TCP/IP port 119. Dynamic host configuration protocol (DHCP) traffic uses the BOOTP protocol on TCP/IP ports 67 and 68.