Chapter_5_Network Infrastructure

Ace your homework & exams now with Quizwiz!

Which parameter is commonly used to identify a wireless network name when a home wireless AP is being configured? > ESS > SSID > ad hoc > BESS

> SSID *

. What are two uses of an access control list? (Choose two.) > ACLs can control which areas a host can access on a network. > ACLs provide a basic level of security for network access. > Standard ACLs can restrict access to specific applications and ports. > ACLs can permit or deny traffic based upon the MAC address originating on the router. > ACLs assist the router in determining the best path to a destination.

> ACLs can control which areas a host can access on a network. * > ACLs provide a basic level of security for network access. * (ACLs can be used for the following:Limit network traffic in order to provide adequate network performance Restrict the delivery of routing updates Provide a basic level of security Filter traffic based on the type of traffic being sent Filter traffic based on IP addressing)

Which wireless parameter refers to the frequency bands used to transmit data to a wireless access point? > SSID > Security mode > Scanning mode > Channel settings

> Channel settings *

Refer to the exhibit. The network "A" contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as "A"? > perimeter security boundary > internal network > DMZ > untrusted network

> DMZ * (A demilitarized zone or DMZ is a network area protected by one or more firewalls. The DMZ typically contains servers that are commonly accessed by external users. A web server is commonly contained in a DMZ.)

What specialized network device is responsible for enforcing access control policies between networks? > Bridge > Switch > Firewall > IDS

> Firewall *

Which device is an intermediary device? > Smart device > PC > Server > Firewall

> Firewall *

Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols? > GRE > IPsec > OSPF > IKE

> GRE * (Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco that encapsulates multiprotocol traffic between remote Cisco routers. GRE does not encrypt data. )

What specialized network device uses signatures to detect patterns in network traffic? > Bridges > Switches > IDS > Firewalls

> IDS * (Intrusion detection systems (IDSs) use a set of rules, referred to as signatures, to identify malicious traffic on the network.)

What are two types of addresses found on network end devices? (Choose two.) > UDP > return > IP > TCP > MAC

> IP * > MAC *

Which protocol provides authentication, integrity, and confidentiality services and is a type of VPN? > MD5 > AES > ESP > IPsec

> IPsec * (IPsec services allow for authentication, integrity, access control, and confidentiality. With IPsec, the information exchanged between remote sites can be encrypted and verified. Both remote-access and site-to-site VPNs can be deployed using IPsec.)

What is a feature of the TACACS+ protocol? > It utilizes UDP to provide more efficient packet transfer. > It hides passwords during transmission using PAP and sends the rest of the packet in plaintext. > It encrypts the entire body of the packet for more secure communications. > It combines authentication and authorization as one process.

> It encrypts the entire body of the packet for more secure communications. * (TACACS+ has the following features:separates authentication and authorization encrypts all communication uses TCP port 49)

Which OSI layer header is rewritten with new addressing information by a router when forwarding between LAN segments? > Layer 2 > Layer 3 > Layer 4 > Layer 7

> Layer 2 * (When a router forwards traffic between LAN segments it encapsulates the Layer 2 frame to determine the Layer 3 path. Once the Layer 3 path is determined, the router encapsulates the Layer 3 packet in a new Layer 2 frame with new Layer 2 addressing infomation for the destination LAN segment.)

What is true concerning physical and logical topologies? > Physical topologies display the IP addressing scheme of each network. > Logical topologies refer to how a network transfers data between devices. > The logical topology is always the same as the physical topology. > Physical topologies are concerned with how a network transfers frames.

> Logical topologies refer to how a network transfers data between devices.* (Physical topologies show the physical interconnection of devices. Logical topologies show the way the network will transfer data between connected nodes.)

Which protocol or service is used to automatically synchronize the software clocks on Cisco routers? > SNMP > NTP > DHCP > DNS

> NTP *

Which network service synchronizes the time across all devices on the network? > NetFlow > Syslog > NTP > SNMP

> NTP * (There are two methods that can be used to set date and time settings on network devices. Manual configuration and automatically using the Network Time Protocol (NTP). NTP keeps the time across all devices synchronized by using a hierarchical system of sources.)

Which two statements are true about NTP servers in an enterprise network? (Choose two.) > NTP servers at stratum 1 are directly connected to an authoritative time source. > NTP servers ensure an accurate time stamp on logging and debugging information. > There can only be one NTP server on an enterprise network. > All NTP servers synchronize directly to a stratum 1 time source. > NTP servers control the mean time between failures (MTBF) for key network devices.

> NTP servers at stratum 1 are directly connected to an authoritative time source. * > NTP servers ensure an accurate time stamp on logging and debugging information. *

Which statement describes a difference between RADIUS and TACACS+? > RADIUS uses TCP, whereas TACACS+ uses UDP. > RADIUS is supported by the Cisco Secure ACS software, whereas TACACS+ is not. > RADIUS encrypts only the password, whereas TACACS+ encrypts all communication. > RADIUS separates authentication and authorization, whereas TACACS+ combines them as one process

> RADIUS encrypts only the password, whereas TACACS+ encrypts all communication. * ( TACACS+ uses TCP, encrypts the entire packet (not just the password), and separates authentication and authorization into two distinct processes. Both protocols are supported by the Cisco Secure ACS software.)

Which network service allows administrators to monitor and manage network devices? > NTP > SNMP > Syslog > NetFlow

> SNMP * (Simple Network Management Protocol) (SNMP is an application layer protocol that allows administrators to manage and monitor devices on the network such as routers, switches, and servers.)

What information does an Ethernet switch examine and use to build its address table? > Source IP address > Destination IP address > Source MAC address > Destination MAC address

> Source MAC address * (An Ethernet switch examines the source MAC address of an incoming frame. If the source MAC address is not in the MAC address table, the switch will add it to the table with the associated ingress Ethernet port.)

What type of physical topology can be created by connecting all Ethernet cables to a central device? > Star > Bus > Ring > Mesh

> Star *

Which device can control and manage a large number of corporate APs? > switch > WLC > router > LWAP

> WLC * (A wireless LAN controller (WLC) can be configured to manage multiple lightweight access points (LWAPs). On the WLC, a network administrator can configure SSIDs, security, IP addressing, and other wireless network parameters in a centralized management environment.)

What is the function of the distribution layer of the three-layer network design model? > aggregating access layer connections > providing high speed connection to the network edge > providing secure access to the Internet > providing direct access to the network

> aggregating access layer connections *

What does the TACACS+ protocol provide in a AAA deployment? > AAA connectivity via UDP > compatibility with previous TACACS protocols > authorization on a per-user or per-group basis > password encryption without encrypting the packet

> authorization on a per-user or per-group basis * (TACACS+ utilizes TCP port 49, provides authorization on a per-user or per-group basis, encrypts the entire packet, and does not provide compa​tibility with previous TACACS protocols.​)

What is a function of a proxy firewall? > uses signatures to detect patterns in network traffic > connects to remote servers on behalf of clients > drops or forwards traffic based on packet header information > filters IP traffic between bridged interfaces

> connects to remote servers on behalf of clients * (Proxy firewalls filter traffic through the application layer of the TPC/IP model and shield client information by connecting to remote servers on behalf of clients.)

A Cisco router is running IOS 15. What are the two routing table entry types that will be added when a network administrator brings an interface up and assigns an IP address to the interface? (Choose two.) > route that is learned via OSPF > route that is learned via EIGRP > route that is manually entered by a network administrator > directly connected interface > local route interface

> directly connected interface * > local route interface *

Which layer of the hierarchical design model is a control boundary between the other layers? > access > network > distribution > core

> distribution * (The three design layers from lowest to highest are access, distribution, and core. The distribution layer commonly provides policy-based connectivity which permits or denies traffic based on predefined parameters. The distribution layer also acts as a control boundary between the access and core layers.)

For which discovery mode will an AP generate the most traffic on a WLAN? > active mode > mixed mode > passive mode > open mode

> passive mode *

Which wireless parameter is used by an access point to broadcast frames that include the SSID? > passive mode > security mode > channel setting > active mode

> passive mode * (The two scanning or probing modes an access point can be placed into are passive or active. In passive mode, the AP advertises the SSID, supported standards, and security settings in broadcast beacon frames. In active mode, the wireless client must be manually configured for the same wireless parameters as the AP has configured.)

Which two features are included by both TACACS+ and RADIUS protocols? (Choose two.) > SIP support > password encryption > 802.1X support > separate authentication and authorization processes > utilization of transport layer protocols

> password encryption * > utilization of transport layer protocols * (Both TACACS+ and RADIUS support password encryption (TACACS+ encrypts all communication) and use Layer 4 protocol (TACACS+ uses TCP and RADIUS uses UDP). TACACS+ supports separation of authentication and authorization processes, while RADIUS combines authentication and authorization as one process. RADIUS supports remote access technology, such as 802.1x and SIP; TACACS+ does not.)

What is the only attribute used by standard access control lists to identify traffic? > source MAC address > protocol type > source IP address > source TCP port

> source IP address * (Standard access control lists can only identify traffic based on the source IPv4 address in the protocol header.)

Which LAN topology requires a central intermediate device to connect end devices? > star > ring > bus > mesh

> star *

Which protocol or service allows network administrators to receive system messages that are provided by network devices? > NTP > NetFlow > SNMP > syslog

> syslog *

What information within a data packet does a router use to make forwarding decisions? > the destination service requested > the destination IP address > the destination host name > the destination MAC address

> the destination IP address * (A Layer 3 device like a router uses a Layer 3 destination IP address to make a forwarding decision.)

What is the role of an IPS? > to detect patterns of malicious traffic by the use of signature files > to filter traffic based on defined rules and connection context > to filter traffic based on Layer 7 information > to enforce access control policies based on packet content

> to detect patterns of malicious traffic by the use of signature files


Related study sets

chapter 1 reviews Anatomy questions

View Set

Cognitive Psychology Exam 4 / Final

View Set

ATI Targeted Med Surg - Cardiovascular

View Set