Final
(FINAL Q38) Although it does not indicate the most severe Syslog error condition, which Syslog severity level indicates a condition requiring immediate attention? 4 1 0 11
1 A Syslog level of 1, with a name of "Alert," is a condition requiring immediate attention. A Syslog level of 0, with a name of "Emergency," is the most severe error condition, which renders a system unusable. A Syslog level of 4, with a name of "Warning," is a condition where a specific operation failed to complete successfully. A Syslog level of 7, with a name of "Debugging," provides highly detailed information (for example, information about individual packets), which is typically used for troubleshooting purposes.
(FINAL Q16) What type of cordless phone is most likely to interfere with a wireless LAN (WLAN)? 1.7 MHz DECT 2.4 GHz 900 MHz
2.4 GHz 802.11b and 802.11g WLANs operate in the 2.4 GHz band. Additionally, many 802.11n also operate in the 2.4 GHz band (while some 802.11n networks operate in the 5 GHz band). As a result, 2.4 GHz cordless phones can interfere with WLANs operating in that same band of frequencies. Many early cordless phones operated in the 1.7 MHz band. Later cordless phones operated in the 900 MHz band. Fortunately, neither of these bands interferes with any WLAN standard.However, if you need a modern cordless phone that can coexist in an environment with WLAN devices using the 2.4 GHz band, consider the use of Digital Enhanced Cordless Telecommunications (DECT) cordless phones. While the exact frequencies used by DECT cordless phones can vary based on country, DECT cordless phones do not use the 2.4 GHz band. For example, in the United States, DECT cordless phones use frequencies in the range 1.92 GHz - 1.93 GHz.
(FINAL Q40) The IEEE 802.11g wireless standard has which of the following frequency band / maximum bandwidth parameters? 5 GHz / 54 Mbps 2.4 GHz / 11 Mbps 2.4 GHz / 54 Mbps 2.4 GHz or 5 GHz / > 300 Mbps
2.4 GHz / 54 Mbps The 802.11g standard uses a frequency band of 2.4 GHz and has a maximum bandwidth of 54 Mbps. The 802.11a standard uses a frequency band of 5 GHz and has a maximum bandwidth of 54 Mbps. The 802.11b standard uses a frequency band of 2.4 GHz and has a maximum bandwidth of 11 Mbps. The 802.11n standard can operate using the 2.4 GHz frequency band or the 5 GHz frequency band, or both. The theoretical maximum bandwidth of 802.11n exceeds 300 Mbps.
(FINAL Q26) What is the maximum bandwidth of an 802.11g wireless LAN (WLAN)? 54 Mbps Less than 300 Mbps 2 Mbps 11 Mbps
54 Mbps The 802.11a WLAN standard has a maximum bandwidth of 54 Mbps. The 802.11b WLAN standard has a maximum bandwidth of 11 Mbps. The 802.11g WLAN standard has a maximum bandwidth of 54 Mbps. The 802.11n WLAN standard has a maximum bandwidth greater than 300 Mbps.
(FINAL Q27) What is the maximum range of the IEEE 802.11n wireless standard? 70 m indoors / 250 m outdoors 32 m indoors / 140 m outdoors 20 m indoors / 100 m outdoors 35 m indoors / 120 m outdoors
70 m indoors / 250 m outdoors The maximum range of the IEEE 802.11n standard is 70 m indoors / 250 m outdoors. The maximum range of the original IEEE 802.11 standard is 20 m indoors / 100 m outdoors. The maximum range of the IEEE 802.11a standard is 35 m indoors / 120 outdoors. The maximum range of the IEEE 802.11b and IEEE 802.11g standards is 32 m indoors / 140 outdoors.
(FINAL Q05) Which IEEE standard, supported on some Ethernet switches, requires a user to authenticate themselves before gaining access to the rest of the network? 802.3af 802.1x 802.1q 802.3at
802.1x The IEEE 802.1X standard specifies a method of enforcing user authentication. For example, a PC (that is, the supplicant) that wishes to gain access to a network via an Ethernet switch (that is, the authenticator) must provide appropriate credentials to a RADIUS server (that is, the authentication server). IEEE 802.3af and IEEE 802.3at are both Power over Ethernet (PoE) standards. IEEE 802.1q is an Ethernet trunking standard.
(FINAL Q18) Which of the following best defines an IPS sensor? An IPS sensor receives a copy of traffic being analyzed, can recognize the signature of a well-known attack, and respond appropriately. An IPS sensor defines a set of rules dictating which types of traffic are permitted or denied as that traffic enters or exits a firewall interface. An IPS sensor secures communication between two sites over an untrusted network. An IPS sensor sits in-line with traffic being analyzed, can recognize the signature of a well-known attack, and respond appropriately.
An IPS sensor sits in-line with traffic being analyzed, can recognize the signature of a well-known attack, and respond appropriately. A firewall defines a set of rules dictating which types of traffic are permitted or denied as that traffic enters or exits a firewall interface. A virtual private network (VPN) can secure communication between two sites over an untrusted network. An intrusion prevention system (IPS) sensor sits in-line with traffic being analyzed, can recognize the signature of a well-known attack, and respond appropriately. An intrusion detection system (IDS) sensor receives a copy of traffic being analyzed, can recognize the signature of a well-known attack, and respond appropriately.
(FINAL Q19) Which of the following mechanisms is considered a congestion management tool in QoS? WRED Traffic shaping LFI CBWFQ
CBWFQ LFI is the link-efficiency tool. CBWFQ is congestion management, WRED is congestion avoidance, and traffic shaping is considered policing and shaping.
(FINAL Q25) ISDN is an example of which of these WAN types? Packet switched Leased line Circuit switched Cell switched
Circuit switched ATM is considered a cell switched type of technology. Leased lines are like T1 lines, for example, and ISDN is an example of circuit switched.
(FINAL Q35) Which of the following security attacks occurs when an attacker compromises multiple systems, and those compromised systems, called "zombies," are instructed by the attacker to simultaneously launch an attack against a target system, exhausting that target system's resources? Smurf attack FTP bounce attack DDoS attack DoS attack
DDoS attack A distributed denial-of-service (DDoS) attack can increase the amount of traffic flooded to a target system, as compared to a DoS attack. Specifically, the attacker compromises multiple systems, and those compromised systems, called "zombies," can be instructed by the attacker to simultaneously launch a DDoS attack against a target system.A denial-of-service (DoS) attack occurs when an attacker sends the target system a flood of data or requests that consume the target system's resources.A Smurf attack can use Internet Control Message Protocol (ICMP) traffic, directed to a subnet, to flood a target system with Ping replies.FTP supports a variety of commands for setting up a session and managing file transfers. One of these commands is the PORT command and can, in some cases, be used by an attacker to access a system that would otherwise deny the attacker. This type of attack is called an "FTP bounce" attack.
(FINAL Q11) Which of the following security attacks occurs when an attacker sends a target system a flood of data or requests that consume the target system's resources? DDoS attack DoS attack Smurf attack FTP bounce attack
DoS attack A denial-of-service (DoS) attack occurs when an attacker sends the target system a flood of data or requests that consume the target system's resources.A Smurf attack can use Internet Control Message Protocol (ICMP) traffic, directed to a subnet, to flood a target system with Ping replies. FTP supports a variety of commands for setting up a session and managing file transfers. One of these commands is the PORT command and can, in some cases, be used by an attacker to access a system that would otherwise deny the attacker. This type of attack is called an "FTP bounce" attack. A distributed denial-of-service (DDoS) attack can increase the amount of traffic flooded to a target system, as compared to a DoS attack. Specifically, the attacker compromises multiple systems, and those compromised systems, called "zombies," can be instructed by the attacker to simultaneously launch a DDoS attack against a target system.
(FINAL Q14) Which of the following specifies how authentication is performed by IEEE 802.1X? SSO multifactor authentication TFA EAP
EAP An Extensible Authentication Protocol (EAP) specifies how authentication is performed by IEEE 802.1X. A variety of EAP types exist, for example: Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST), Extensible Authentication Protocol-Message Digest 5 (EAP-MD5), and Extensible Authentication Protocol-Transport Layer Security (EAP-TLS).Two-factor authentication (TFA) requires two types of authentication from a user seeking admission to a network. A user might have to know something (for example, a password) and have something (for example, a specific fingerprint, which can be checked with a biometric authentication device).Similar to two-factor authentication, multifactor authentication requires two or more types of successful authentication before granting access to a network. Single sign-on (SSO) allows a user to authenticate only once in order to gain access to multiple systems, without requiring the user to independently authenticate with each system.
(FINAL Q36) A wireless LAN (WLAN) containing at least two access points (APs) is known as what type of WLAN? ESS SSID IBSS BSS
ESS An Independent Basic Service Set (IBSS) WLAN can be created without the use of an access point (AP). This type of ad hoc WLAN can be useful for temporary connections between wireless devices. For example, you might temporarily interconnect two laptop computers to transfer a few files.A Basic Service Set (BSS) WLAN uses a single AP. BSS WLANs are said to run in infrastructure mode (as opposed to ad hoc mode), because wireless clients connect to an AP, which is typically connected to a wired network infrastructure.An Extended Service Set (ESS) WLAN is a WLAN containing two or more APs. Like a BSS WLAN, ESS WLANs operate in infrastructure mode. This is the correct answer to this questionA Service Set Identifier (SSID) can be thought of as the name of a WLAN. Often, an AP will broadcast the name of a WLAN's SSID, thus allowing wireless devices to see that the WLAN is available.
(FINAL Q45) Which of the following is a primary benefit of a VPN concentrator? It allows a server farm to scale. It hides inside addresses from the public Internet. It allows traffic to travel securely over an untrusted network (for example, the Internet). It reduces bandwidth demand on an IP WAN.
It allows traffic to travel securely over an untrusted network (for example, the Internet). A virtual private network (VPN) can allow traffic to flow securely across an untrusted network, such as the Internet. This security is made possible by technologies such as encryption and hashing algorithms. A proxy server receives requests from inside clients and sends requests, on behalf of those clients, to an outside network (for example, the Internet). Since these requests coming from the proxy server use the proxy server's IP address as the source IP address for packets traveling to the outside network, the inside addresses are hidden. A load balancer allows a server farm to scale, by adding additional servers to a server farm across which the load balancer can distribute incoming requests. A content engine can locally store content from a remote location. This content can be served up to local clients requesting that content, without having to retrieve multiple copies of the same content over an IP WAN. Therefore, depending on traffic patterns, a content engine can significantly reduce bandwidth demands on an IP WAN.
(FINAL Q44) Which of the following user authentication protocols added two-way authentication to an earlier version of the protocol? 802.1X PKI RAS MS-CHAP
MS-CHAP Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) is a Microsoft-enhanced version of CHAP, offering a collection of additional features not present with CHAP, including two-way authentication.IEEE 802.1X is a type of NAC which can permit or deny a wireless or wired LAN client access to a network. The device seeking admission to the network is called the "supplicant." The device to which the supplication connects (either wirelessly or through a wired connection) is called the "authenticator." The device which checks the supplicant's credentials and permits or denies the supplicant to access the network is called an "authentication server." Usually, an authentication server is a RADIUS server. Microsoft Remote Access Server (RAS) is the predecessor to Microsoft Routing and Remote Access Server (RRAS). Both RAS and RRAS are Microsoft Windows Server® features allowing Microsoft Windows clients to remotely access a Microsoft Windows network. Public Key Infrastructure (PKI) uses digital certificates and a certificate authority (CA) to allow secure communication across a public network.
(FINAL Q09) Which of the following remote access technologies is a common Layer 2 protocol offering features such as: multilink interface, looped link detection, error detection, and authentication? PPP ICA RAS RDP
PPP Point-to-Point Protocol (PPP) is a common Layer 2 protocol offering features such as: multilink interface, looped link detection, error detection, and authentication. Independent Computing Architecture (ICA) is a Citrix Systems® proprietary protocol that allows applications running on one platform (for example, Microsoft Windows®) to be seen and controlled from a remote client, independent of the client platform (for example, UNIX).Remote Desktop Protocol (RDP) is a Microsoft protocol that allows a user to view and control the desktop of a remote Microsoft Windows® computer. Microsoft Remote Access Server (RAS) is the predecessor to Microsoft Routing and Remote Access Server (RRAS). RRAS is a Microsoft Windows Server® feature allowing Microsoft Windows® clients to remotely access a Microsoft Windows® network.
(FINAL Q34) Two of the following virtual private network (VPN) protocols do not natively support security. Which one of these two protocols has a Microsoft-proprietary version that has been enhanced to include security features and is in various versions of Microsoft Windows®? TLS PPTP L2TP SSL
PPTP Point-to-Point Tunneling Protocol (PPTP) is an older VPN protocol (which supported the Dial-Up Networking feature in older versions of Microsoft Windows®). Like L2TP and L2F, PPTP lacks native security features. However, Microsoft's versions of PPTP bundled with various versions of Microsoft Windows® were enhanced to offer security features. Secure Sockets Layer (SSL) provides cryptography and reliability for upper layers (that is, Layers 5 - 7) of the OSI Model. SSL, which was introduced in 1995, has largely been replaced by Transport Layer Security (TLS). However, recent versions of SSL (for example, SSL 3.3) have been enhanced to be more comparable with TLS. Both SSL and TLS are able to provide secure web browsing via Hypertext Transfer Protocol Secure (HTTPS).Transport Layer Security (TLS) has largely replaced SSL as the VPN protocol of choice for providing cryptography and reliability to upper layers of the OSI Model. For example, when you securely connect to a website using HTTPS, you are probably using TLS. Layer 2 Tunneling Protocol (L2TP) is a VPN protocol that lacks security features, such as encryption. However, L2TP can still be used for a secure VPN connection if it is combined with another protocol that does provide encryption.
(FINAL Q29) Which two of the following are types of Integrated Services Digital Network (ISDN) circuits? PRI BRI NT1 TE1
PRI BRI ISDN circuits are classified as either a Basic Rate Interface (BRI) circuit or a Primary Rate Interface (PRI) circuit. A BRI circuit contains two 64 kbps B channels and one 16 kbps D channel. A PRI circuit is an ISDN circuit built on a T1 or E1 circuit. Recall that a T1 circuit has 24 channels. Therefore, if a PRI circuit is built on a T1 circuit, the ISDN PRI circuit has 23 B channels and one 64 kbps D channel. The 24th channel in the T1 circuit is used as the ISDN D channel (that is, the channel used to carry the Q.921 and Q.931 signaling protocols, which are used to setup, maintain, and tear down connections).A TE1 is a device (such as an ISDN phone) that natively supports ISDN. An NT1 is a device that interconnects a 4-wire ISDN circuit with a 2-wire ISDN circuit.
(FINAL Q39) Which of the following is a technology that allows a company to use development resources owned and maintained by a service provider? SaaS HaaS PaaS NaaS
PaaS Platform as a Service (PaaS) is a technology that allows a company to use computing platforms owned and maintained by a service provider. For example, instead of a company purchasing a web server, they could provision a web server platform from a service provider. An application service provider (ASP) provides application software access to subscribers. This service is sometimes called Software as a Service (SaaS).Hardware as a Service (HaaS) is a service where a company leases hardware components, and those components get upgraded over time. Network as a Service (NaaS) is a technology that allows a service provider to offer networking services to customers. As a result, the customers have access to network services without having the ongoing maintenance responsibilities associated with those services.
(FINAL Q30) Identify the Simple Network Management Protocol (SNMP) component that is an unsolicited message sent from an SNMP managed device to provide a notification about a significant event occurring on that managed device. SNMP manager SNMP trap MIB SNMP agent
SNMP trap An SNMP trap message is an unsolicited message sent from a managed device to an SNMP manager, which can be used to notify the SNMP manager about a significant event that occurred on the managed device.An SNMP agent is a piece of software which runs on a managed device (for example, a server, router, or switch).An SNMP manager runs a network management application. This SNMP manager is sometimes referred to as a Network Management System (NMS).Information about a managed device's resources and activity is defined by a series of objects.The structure of these management objects is defined by a managed device's Management Information Base (MIB).
(FINAL Q22) While an IPsec tunnel is being established, which of the following acts as an agreement between the two IPsec peers about the cryptographic parameters to be used in the ISAKMP session? Secure sockets layer (SSL) Security association (SA) Diffie-Helman (DH) Perfect forward secrecy (PFS)
Security association (SA) Diffie-Hellman (DH) securely establishes a shared secret key over an unsecured medium.However, a security association (SA) is an agreement between the two IPsec peers about the cryptographic parameters to be used in an Internet Security Association and Key Management Protocol (ISAKMP) session. An ISAKMP session is a secure session within which parameters for an IPsec session are negotiated. Perfect forward secrecy (PFS) makes sure that a session key will remain secure, even if one of the private keys used to derive the session key becomes compromised.Secure sockets layer (SSL) provides cryptography and reliability for upper layers (that is, Layers 5 - 7) of the OSI Model.
(FINAL Q21) Which of the following is a Microsoft Windows log that would report events occurring on the underlying operating system? application security system syslog
System A Microsoft Windows system log lists events generated by the underlying operating system.A Microsoft Windows security log stores information about security-related events, such as failed login attempts.Microsoft Windows application logs contain information about software applications running on the underlying operating system. Syslog is an open standard for logging information about events occurring on a network device.
(FINAL Q41) Which of the following remote access security technologies is a TCP-based protocol used to communicate with an AAA server and encrypts an entire authentication packet, rather than just the password? RADIUS TACACS+ CHAP Kerberos
TACACS+ Terminal Access Controller Access-Control System Plus (TACACS+) is a TCP-based protocol used to communicate with an AAA server. Unlike Remote Authentication Dial-In User Service (RADIUS), TACACS+ encrypts an entire authentication packet, rather than just the password. TACACS+ does offer accounting features, but they are not as robust as the accounting features found in RADIUS. Also, unlike RADIUS, TACACS+ is a Cisco-proprietary protocol.Challenge-Handshake Authentication Protocol (CHAP) performs a one-way authentication for a remote access connection. However, authentication is performed through a three-way handshake (that is, challenge, response, and acceptance messages) between a server and a client. The three-way handshake allows a client to be authenticated without sending credential information across a network.RADIUS is a UDP-based protocol used to communicate with an AAA server. Unlike TACACS+, RADIUS does not encrypt an entire authentication packet, but only the password. However, RADIUS does offer more robust accounting features than TACACS+. Also, RADIUS is a standards-based protocol, while TACACS+ is a Cisco-proprietary protocol. Kerberos is a client-server authentication protocol, which supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party (that is, a Key Distribution Center) that hands out tickets that are used instead of a username and password combination.
(FINAL Q42) If you want to buffer excess traffic and send it later, what traffic conditioning technology should you consider? Traffic shaping Traffic policing Congestion avoidance Congestion management
Traffic shaping Traffic shaping seeks to buffer excess traffic and send it later. Policing will drop the excess traffic by default. Congestion management and avoidance are not link conditioners.
(FINAL Q15) Which of the following approaches to wireless LAN (WLAN) security uses AES for encryption? WPA WEP WPA2 WPA Enterprise
WPA2 A WLAN using Wired Equivalent Privacy (WEP) has an AP configured with a static WEP key. Wireless clients needing to associate with an AP are configured with an identical key (making this a pre-shared key (PSK) approach to security). Also, WEP uses RC4 as its encryption algorithm. RC4 uses a 24-bit initialization vector (that is, an IV), which is a string of characters added to the transmitted data, such that the same plain text data frame will never appear as the same WEP-encrypted data frame. However, the IV is transmitted in clear text. So, if a malicious user, using packet capture software, captures enough packets having the same WEP key, and since the malicious user can see the IV in clear text, they can use a mathematical algorithm to determine the static WEP key.The Wi-Fi Alliance (a non-profit organization formed to certify interoperability of wireless devices) developed their own security standard, WPA, to address the weaknesses of WEP. WPA uses Temporal Key Integrity Protocol (TKIP) for enhanced encryption. While TKIP does rely on an initialization vector, the IV is expanded from WEP's 24-bit IV to a 48-bit IV. Also, broadcast key rotation can be used, which causes a key to change so quickly, an eavesdropper would not have time to exploit a derived key. TKIP leverages Message Integrity Check (MIC), which is sometimes referred to as Message Integrity Code (MIC). MIC can confirm that data was not modified in transit. In 2004, the IEEE 802.11i standard was approved, and required stronger algorithms for encryption and integrity checking than those seen in previous WLAN security protocols such as WEP and WPA.The requirements set forth in the IEEE 802.11i standard are implemented in the Wi-Fi Alliance's WPA version 2 (WPA2) security standard. WPA2 uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for integrity checking and Advanced Encryption Standard (AES) for encryption. Both WPA and WPA2 can optionally operate in enterprise mode, where users are authenticated against an authentication server's database, rather than a client being configured with a PSK.
(FINAL Q37) Which two of the following are wireless broadband technologies? WiMAX ISDN ATM HSPA+
WiMAX HSPA+ Worldwide Interoperability for Microwave Access (WiMAX) provides wireless broadband access to fixed locations (as an alternative to technologies such as DSL) and mobile devices. Depending on the WiMAX service provider, WiMAX coverage areas could encompass entire cities or small countries.Like WiMAX, Evolved High-Speed Packet Access (HSPA+) is a technology offering wireless broadband service. The maximum data rate for HSPA+ is 84 Mbps.Asynchronous Transfer Mode (ATM) and Integrated Services Digital Network (ISDN), however, are wired broadband technologies.
(FINAL Q06) Which of the following security threats can infect a system or propagate to other systems without any intervention from an end user? Trojan horse Keylogger Virus Worm
Worm A worm can infect a system or propagate to other systems without any intervention from an end user. A keylogger is a program that runs in the background of a computer and logs keystrokes made by a user. Therefore, after a user enters a password, the password is stored in the log created by the keylogger. An attacker can then retrieve the log of keystrokes to determine the user's password.A virus is a piece of code (for example, a program or a script) that infects a system, because an end-user executed a program.A Trojan horse is a program, which appears to be for one purpose (for example, a game), but secretly performs another task (for example, collecting a list of contacts from an end-user's e-mail program).
(FINAL Q03) In a wireless LAN (WLAN), what might cause a "multipath" problem? mismatched wireless security standards a cordless phone a metal file cabinet mismatched SSIDs
a metal file cabinet In electromagnetic theory, radio waves cannot propagate through a perfect conductor. So, while metal filing cabinets and large appliances are not perfect conductors, they are sufficient to cause degradation of a WLAN signal. For example, a WLAN signal might hit a large air conditioning unit, causing the radio waves to be reflected and scattered in multiple directions. Not only does this limit the range of the WLAN signal, but radio waves carrying data might travel over different paths. This multipath issue can cause data corruption. While a cordless phone (operating in the 2.4 GHz band) might cause interference in a WLAN, it would not contribute to a multipath problem. While mismatched wireless security standards or a mismatched Service Set Identifier (SSID) could prevent a wireless client from associating with a wireless access point (AP), those issues would not result in a multipath problem.
(FINAL Q04) Identify the quality of service (QoS) mechanism that can compress the Layer 3 and Layer 4 headers of a voice over IP packet. cRTP policing traffic shaping LFI
cRTP Link Fragmentation and Interleaving (LFI) and RTP Header Compression (cRTP) are both link efficiency mechanisms, which attempt to make a more efficient use of relatively limited WAN bandwidth. LFI can fragment large packets and interleave smaller packets (for example, voice over IP packets) in amongst the fragmented packets. As a result, the smaller packets can exit a slow-speed interface sooner, and not experience excessive delay.CRTP can take the Layer 3 and Layer 4 headers of a Real-time Transport Protocol (RTP) packet (used to carry voice over IP traffic), which total 40 Bytes in size, and compress them down to only two or four Bytes (two Bytes without UDP checksums and four Bytes with UDP checksums). Policing and traffic shaping are both traffic conditioners, each of which can set a bandwidth limit on traffic. However, policing has the ability to drop excess packets, while traffic shaping delays excess traffic.
(FINAL Q20) Refer to the exhibit. Consider the wireless network (WLAN) topology. A wireless client running IEEE 802.1g is having connectivity issues when attempting to roam between access points (APs). What is the most likely issue? channel selection encryption types overlapping coverage area 802.11 standards
channel selection The channel separation between the APs should be at least five channels (with the exception of Channel 14) when using the 2.4 GHz band, and in this example there is only 1 channel of separation. Therefore, the APs can interfere with one another. Both AP-1 and AP-2 use the same encryption type (that is, WPA2), which should not result in a connectivity issue for WLAN clients that provide the appropriate credentials. Since AP-1 uses 802.11n (on the 2.4 GHz band) it can be backwards compatible with 802.11g and 802.11b (which also use the 2.4 GHz band).The overlapping AP coverage areas (called "cells") are adhering to the best practice recommendation of a 10 - 15 percent overlap.
(FINAL Q23) What type of authentication credentials are used by SNMPv2c? SHA username/password community strings MD5
community strings SNMPv1 and SNMPv2c use community strings to gain read-only access or read-write access to a managed device. You can configure a community string for read-only access to a managed device and another community string for a read-write access. While this community string can loosely be thought of as a password, there is not a username password combination used with SNMPv2c. SNMPv3 can use Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1) for authentication.
(FINAL Q32) Queuing is an another name for which of the following quality of service (QoS) functions? congestion management congestion avoidance classification marking
congestion management When a device, such as a switch or a router, receives traffic faster than it can be transmitted, the device attempts to buffer (that is, store) the extra traffic until bandwidth becomes available. This buffering process is called queuing or congestion management.If an interface's output queue fills to capacity, newly arriving packet are discarded (that is, tail dropped). To prevent this behavior, a congestion avoidance technique called Random Early Detection (RED) can be used. After a queue depth reaches a configurable level (that is, the minimum threshold), RED introduces the possibility of packet discard. If the queue depth continues to increase, the possibility of discard increases until a configurable maximum threshold is reached. After the queue depth has exceeded the maximum threshold, there is a 100 percent probability of packets being discarded.Classification is the process of placing traffic into different categories. Classification does not, however, alter any bits in a frame or packet.Marking alters bits within a frame, cell, or packet to indicate how the network should treat that traffic. Marking alone does not change how the network treats a packet. Other tools (for example, queuing tools) can, however, reference those markings and make decisions based on the markings.
(FINAL Q10) Which of the following is a collection of systems designed to appear as attractive attack targets? Nessus Nmap honey net honey pot
honey net A honey pot acts as a distracter. Specifically, a system designated as a honey pot appears to be an attractive attack target. One school of thought on the use of a honey pot is to place one or more honey pot systems in a network to entice attackers into thinking a system is real. The attackers then use their resources attacking the honey pot, resulting in their leaving the real servers alone.Another use of a honey pot is to use it as a system that is extensively monitored, in order to learn what an attacker is attempting to do on the system. For larger networks, a network administrator might deploy multiple honey pots, which forms a honey net.Tenable Network Security® has a vulnerability scanning product called Nessus® which is available from http://www.tenable.com/products/nessus. A few of the product features include: performing audits on systems without requiring an agent to be installed on the systems, checking system configurations for compliance with an organization's policy, auditing systems for specific content (for example, credit card information or adult content), performing continuous scanning, thus reducing the time required to identify a network vulnerability, and scheduling scans to run once, daily, weekly, or monthly. Nmap is a publicly available network security scanner, which can be downloaded from http://www.insecure.org/nmap. Nmap offers features such as: scanning and sweeping features that identify services running on systems in a specified range of IP addresses, using a stealth approach to scanning and sweeping making the scanning and sweeping less detectable by hosts and IPS technology, and using OS fingerprinting technology to identify an operating system running on a target system (including a percentage of confidence that the OS was correctly detected).
(FINAL Q31) Identify the antenna type, referred to in wireless LAN (WLAN) design, that is a theoretical antenna that radiates an equal amount of power in all directions (in a spherical pattern), and is said to have a gain of 0 dBi. unidirectional isotropic Yagi sector
isotropic Gain is commonly measured using the dBi unit of measure. In this unit of measure, the "dB" stands for decibels, and the "i" stands for isotropic. A decibel, in this context, is a ratio of radiated power to a reference value. In the case of dBi, the reference value is the signal strength (that is, the power) radiated from an isotropic antenna, which represents a theoretical antenna that radiates an equal amount of power in all directions (in a spherical pattern). An isotropic antenna is considered to have a gain of 0 dBi. A unidirectional antenna can focus its power in a specific direction, thus avoiding potential interference with other wireless devices and perhaps reaching greater distances than those possible with an omnidirectional antenna. A Yagi antenna is a type of directional antenna. A sector antenna provides a pie-shaped coverage area.
(FINAL Q07) What wireless LAN (WLAN) issue results from a WLAN's use of CSMA/CA? RSSI channel overlap latency RFI
latency Latency (that is, delay) in wireless networks can increase due to a WLAN's use of Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), which introduces a random delay before transmitting data, in an attempt to avoid collisions. Wireless communication can be interrupted due to radio frequency interference (RFI). Common RFI sources that impact wireless networks include: 2.4 GHz cordless phones, microwave ovens, baby monitors, and game consoles.The Received Signal Strength Indicator (RSSI) value measures the power of a wireless signal. An RSSI value varies based on distance from a wireless antenna and physical objects interfering with line-of-sight communication with a wireless antenna (for example, drywall, metal file cabinets, and elevator shafts). Some wireless networks automatically reduce their wireless transmission rate when an RSSI value drops below a certain value.While overlapping WLAN channels can cause interference and degrade performance, that issue is unrelated to a WLAN's use of CSMA/CA.
(FINAL Q12) Which of the following UNIX commands can be used to invoke a UNIX syntax reference? man dig ifconfig nslookup
man One of the benefits of UNIX is its extensive syntax reference in the form of "manual pages," commonly referred to as "man pages." These man pages can be invoked with the "man" command, followed by the command for which you wish to view a syntax reference.Issued by itself, the "ifconfig" command displays a UNIX host's interfaces along with configuration information about those interfaces, including: MAC address, maximum transmission unit (MTU), IPv4 address, and IPv6 address information. However, beyond just displaying interface information, the "ifconfig" command can also be used to configure interface parameters. For example, an interface's IP address can be configured with the "ifconfig" command.The Microsoft Windows® "nslookup" command is used to resolve a given fully-qualified domain name (FQDN) to its IP address. UNIX has a similar "nslookup" command, which can also be used for FQDN to IP address resolution. Like the "nslookup" command, the "dig" command can be used to resolve FQDNs to IP addresses. Unlike the "nslookup" command, however, the "dig" command is entirely a command line command (that is, "dig" lacks the interactive mode of the "nslookup" command).
(FINAL Q13) From the following list, identify two common sources of interference with a wireless LAN (WLAN). wireless microphones microwave ovens CB radios cordless phones
microwave ovens cordless phones Older microwave ovens, which might lack sufficient shielding, can emit relatively high powered signals in the 2.4 GHz band, resulting in significant interference with WLAN devices operating in the 2.4 GHz band. Several models of cordless phones operate in the 2.4 GHz band and can interfere with WLAN devices. Citizens Band (CB) radio operates at lower frequencies (near 27 MHz) than WLANs. Wireless microphones operate at lower frequencies (typically less than 1 GHz) than WLANs.
(FINAL Q24) Which of the following IDS/IPS detection methods allows an administrator to define what normal traffic patterns are supposed to look like? non-statistical anomaly detection statistical anomaly detection policy-based detection signature-based detection
non-statistical anomaly detection The primary method used to detect and prevent attacks using intrusion detection system (IDS) or intrusion prevention system (IPS) technologies is signature-based. A signature could be a string of bytes, in a certain context, that triggers detection. With a policy-based approach, the IDS/IPS device needs a very specific declaration of the security policy. For example, you could write a network access policy that identified which networks could communicate with other networks. The IDS/IPS device could then recognize out of profile traffic, which did not conform to the policy, and then report that activity. With statistical anomaly detection, an IDS/IPS device watches network traffic patterns over a period of time and dynamically builds a baseline. Then, if traffic patterns significantly vary from the baseline, an alarm can be triggered.Non-statistical anomaly detection allows an administrator to define what normal traffic patterns are supposed to look like and this is the answer to this question.
(FINAL Q43) In a SaaS solution, where are a company's applications hosted? onsite With SaaS, applications are not needed. both onsite and offsite offsite
offsite An application service provider (ASP) provides application software access to subscribers, which are hosted offsite (at the service provider's location). This service is sometimes called Software as a Service (SaaS). SaaS is an alternative to a company locally hosting its applications (that is, hosting applications onsite).
(FINAL Q17) Which of the following security attacks occurs when an attacker uses a packet capture utility to view the contents of packets flowing across a network segment? social engineering attack buffer overflow attack packet sniffing attack man-in-the-middle attack
packet sniffing attack A packet sniffing attack occurs when an attacker uses a packet capture utility to view the contents of packets flowing across a network segment. A buffer overflow attack occurs when an attacker exploits a known vulnerability in an application (for example, an error in an application that allowed that application to write to an area of memory (that is, a buffer) dedicated to a different application), which could cause another application to crash. A man-in-the-middle attack occurs when an attacker causes traffic flowing between two devices on a network to flow through the attacker's device. A social engineering attack occurs when an attacker convinces someone to voluntarily provide information (for example, username and password credentials) to the attacker.
(FINAL Q02) Frame Relay is an example of what WAN connection type? packet switched cell switched dedicated leased line circuit switched
packet switched A packet switched connection is similar to a dedicated leased line, because most packet switched networks are always on. However, unlike a dedicated leased line, packet switched connections allow multiple customers to share a service provider's bandwidth.Frame Relay is an example of a packet switched connection. Asynchronous Transfer Mode (ATM) is often categorized as a packet switched connection. However, to be technically accurate, ATM is a cell switched connection, because ATM uses fixed-length (that is, 53 Byte) cells, as opposed to variable-length frames.A dedicated leased line is a logical connection interconnecting two sites. This logical connection might physically connect through a service provider's facility or a telephone company's central office. The expense of a dedicated leased line is typically higher than other WAN technologies offering similar data rates, because with a dedicated leased line a customer does not have to share bandwidth with other customers. A T1 circuit is an example of a dedicated leased line technology commonly found in North America.A circuit switched connection is a connection that is brought up on as as-needed basis. In fact, a circuit switched connection is analogous to phone call, where you dial a number, and a connection is established based on the number you dial. As an example, Integrated Services Digital Network (ISDN) can operate as a circuit switched connection, bringing up a virtual circuit on-demand.
(FINAL Q33) Which of the following approaches to wireless LAN WLAN) security requires a matching string of characters to be configured on a WLAN client and a WLAN access point (AP)? 802.1X pre-shared key disabling SSID broadcast MAC address filtering
pre-shared key To encrypt transmission between a wireless client and an access point (AP) (in addition to authenticating a wireless client with an AP), both the wireless client and the AP could be preconfigured with a matching string of characters (that is, a pre-shared key (PSK)). The PSK could be used as part of a mathematical algorithm to encrypt traffic, such that if an eavesdropper intercepted the encrypted traffic, they would not be able to decrypt the traffic without knowing the PSK. While using a PSK can be effective in providing security for a small network (for example, a SOHO network), it lacks scalability. For example, in a large corporate environment, a PSK being compromised would necessitate the reconfiguration of all devices configured with that PSK.A Service Set Identifier (SSID) can be broadcast by an AP to let users know the name of a WLAN. For security purposes, an AP might be configured not to broadcast its SSID. However, knowledgeable users could still determine the SSID of an AP by examining captured packets. An AP can be configured with a listing of MAC addresses that are permitted to associate with the AP. If a malicious user attempts to connect via their laptop (whose MAC address is not on the list of trusted MAC addresses), that user is denied access. One drawback to "MAC address filtering" is the administrative overhead required to keep an approved list of MAC addresses up-to-date. Another issue with MAC address filtering is a knowledgeable user could falsify the MAC address of their wireless network card, making their device appear to be an approved device. Rather than having all devices in a WLAN be configured with the same PSK, a more scalable approach is to require each wireless user to authenticate using their own credentials (for example, a username and password). Allowing each user to have their own set of credentials prevents the compromising of one password from impacting the configuration of all wireless devices. IEEE 802.1X is a technology that allows wireless clients to authenticate with an authentication server (typically, a Remote Authentication Dial-In User Service (RADIUS) server).
(FINAL Q08) Which of the following network appliances acts as a relay for packets traveling between a network's clients and the Internet and is not focused on tunneling? proxy server content switch VPN concentrator load balancer
proxy server Some clients are configured to forward their packets, which are seemingly destined for the Internet, to a proxy server. This proxy server receives a client's request, and on behalf of that client (that is, as that client's proxy), the proxy server sends the request out to the Internet. When a reply is received from the Internet, the proxy server forwards the response on to the client. Proxy servers can also act as a content filter. Content filtering restricts clients from accessing certain URLs. For example, many companies use content filtering to prevent their employees from accessing popular social networking sites, in an attempt to prevent a loss of productivity.For companies with a large Internet presence (for example, a search engine company, an on-line book store, or a social networking site), a single server could be overwhelmed with the glut of requests flooding in from the Internet. To alleviate the burden placed on a single server, a content switch (also known as a load balancer) distributes incoming requests across the multiple servers in the server farm, where all of the servers contain the same data.While several router models can terminate a virtual private network (VPN) circuit, a dedicated device, called a VPN concentrator, could be used instead. A VPN concentrator is designed to perform the processor-intensive processes required to terminate multiple VPN tunnels. For example, running encryption algorithms, such as Advanced Encryption Standard (AES), can be very processor intensive.
(FINAL Q01) Refer to the exhibit below. Examine the topology and Telnet sessions. Notice that return Telnet traffic for Session A (which originated on the inside of the network) is permitted to enter the inside network. However, Telnet traffic for Session B (which originated on the outside of the network) is not permitted to enter the inside network.What type of firewall is being used in the topology? (Q1) stateful IPS stateless packet filtering
stateful A stateful firewall inspects traffic leaving an inside network as it goes out to the Internet. Then, when returning traffic from the same session (as identified by source and destination IP addresses and port numbers) attempts to enter the inside network, the stateful firewall permits that traffic. The process of inspecting traffic to identify unique sessions is called "stateful inspection."A packet filtering firewall filters traffic based on a set of rules specifying what traffic is allowed to enter or exit an interface, without inspecting that traffic. Therefore, this type of firewall could be referred to as a "stateless firewall." An intrusion prevention system (IPS) sensor is a device that sits in-line with traffic that it inspects. An IPS sensor can recognize the signature of well-known attacks and respond appropriately to those attacks.
(FINAL Q28) Which of the following wireless LAN (WLAN) security threats involves performing reconnaissance to identify open wireless access points (APs) that could potentially become targets of future attacks? WEP and WPA security cracking warchalking war driving rogue access point
war driving In the days when dial-up modems were popular, malicious users could run a program on their computer to call all phone numbers in a certain number range. Phone numbers that answered with modem tone then became potential targets for later attacks. This type of reconnaissance was known as "war dialing." A modern day variant of war dialing is "war driving," where malicious users drive around looking for unsecured WLANs.Various security standards are available for encrypting WLAN traffic and authenticating a WLAN client with an AP. Two of the less secure standards include Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). While WPA is considered more secure than WEP, utilities are available on the Internet for cracking each of these approaches to wireless security. By collecting enough packets transmitted by a secure AP, these cracking utilities can use mathematical algorithms to determine the pre-shared key (PSK) configured on a wireless AP, with which an associating wireless client must also be configured.Once an open WLAN (or a WLAN whose SSID and authentication credentials are known) is found in a public place, a user might write a symbol on a wall (or some other nearby structure), letting others know the characteristics of the discovered network. This practice, which is a variant of the decades-old practice of hobos leaving symbols as messages to fellow hobos, is called "warchalking."A malicious user could set up their own access point (AP) to which legitimate users could connect. Such an AP is called a rogue access point. That malicious user could then use a packet sniffer to eavesdrop on communication flowing through their access point. To cause unsuspecting users to connect to the rogue access point, the malicious user could configure the rogue access point with the same Service Set Identifier (SSID) used by a legitimate AP. When a rogue access point is configured with the SSID of a legitimate AP, the rogue access point is commonly referred to as an "evil twin."
