Network CH 10
LDAP
Active Directory and 389 Directory Server are both compatible with which directory access protocol?
Layer 7
At what layer of the OSI model do proxy servers operate?
True
By default, Active Directory is configured to use the Kerberos protocol, but can be configured to use LDAP or a combination of LDAP and Kerberos.
RADIUS
By far the most popular AAA service, what open-source service runs in the Application layer and can use UDP or TCP in the Transport layer?
Geofencing
Enforcing a virtual security perimeter using a client's geographic location is known by what term?
1st true 2nd false
Identify the correct statement for a switch's MAC Address Table. It is possible to have more than one MAC address corresponding to a single port. It is possible to have more than one port corresponding to a single MAC address.
Gpedit.msc
The Group Policy utility can be opened by typing what name into a Run box?
False
The Spanning Tree Protocol operates at the Network layer of the OSI model.
It used a shared encryption key for all clients, and the key might never change
The Wired Equivalent Privacy standard had what significant disadvantage?
True
The storm-control command is a type of flood guard that is available on most major network switch vendor platforms.
BPDU guard
To prevent ports that are serving network hosts from being considered as best paths, what should be enabled to block BPDUs?
True
User access to network resources falls into one of these two categories: 1) the privilege or right to execute, install, and uninstall software, and 2) permission to read, modify, create, or delete data files and folders.
802.11i
What IEEE standard includes an encryption key generation and management scheme known as TKIP?
Ad ( active directory )
What feature of Windows Server allows for agentless authentication?
The operating system used by the source or destination device.
What is NOT a variable that a network access control list can filter traffic with?
Content-filtering firewall
What kind of firewall blocks traffic based on application data contained within the packets?
Content filtering firewall
What kind of firewall can block designated types of traffic based on application data contained within packets?
You wish to prevent switches beyond a certain port from becoming the root bridge, but still wish to use STP
What scenario might be ideal for the use of root guard in configuring a switch?
Agent
What software might be installed on a device to authenticate it to the network?
RBAC allows a network administrator to base privileges and permissions around a detailed description of a user's roles or jobs.
What statement regarding role-based access control is accurate?
It checks the MAC table for the destination system
When a switch receives data on one of its ports, what is the next step does it perform?
It is a temporary set of credentials that a client uses to prove to other servers that its identity has been validated.
When using Kerberos, what is the purpose of a ticket?
STP must first select the root bridge, or master bridge
When using Spanning Tree Protocol, what is the first step in selecting paths through a network?
Only one root port, which is the bridge's port that is closest to the root bridge, can forward.
When using Spanning Tree Protocol, which port on non-root bridges can forward traffic toward the root bridge?
False
When utilizing Kerberos, an access granting ticket is the same as a key.
Application awareness
Which NGFW feature allows a network admin to restrict traffic generated by a specific game?
Switchport port-security
Which command on an Arista switch would require an SNMP notification when too many devices try to connect to a port?
Rivest Cipher 4 (RC4)
Which encryption standard was originally utilized with WPA's TKIP?
access-list acl_2 permit http any any
Which of the following ACL commands would permit web-browsing traffic from any IP address to any IP address?
IP network configuration parameters such as IP addressing, subnet mask, gateway and DNS server to network devices on the network
Which of the following IP network configuration elements a DHCP server, running on Windows Server 2012, can provide to a Windows 10 system? [Choose all that apply.]
Only ipv4 &subnet mask (domain access was depreciated in 2012 onward )
Which of the following IP network configuration elements a DHCP server, running on Windows Server 2012, can provide to a Windows 10 system? [Choose all that apply.]
MTU default is 1500 bytes & The MTU is the largest size an encapsulated frame can have
Which of the following are characteristics of the MTU when applied to IP and Ethernet networks? [Choose all that apply.]
Prevent malformed DHCP traffic & prevent the rogue DHCP servers
Which of the following can be prevented if DHCP snooping is implemented on a switch? [Choose all that apply].
User authentication
Which of the following features is common to both an NGFW and traditional firewalls?
Access control
Which of the following is not one of the three AAA services provided by RADIUS and TACACS+?
VLAN hopping
While examining frames on the network using a packet analyzer, you observe several frames that are double tagged. What kind of attack could a host on the network be performing that may result in this?
Configure VLANs on the switch
Your network comprises of multiple switches and a single router. Currently, all users of finance and marketing on the third floor are connected to a flat switch. You must segregate traffic between your finance and marketing groups. You need to ensure that critical finance information can flow without delay to the finance users and ensure additional level of security. What should you do?
Host based firewall
Your organization's network has multiple layers of security devices. When you attempt to connect to a service on the Internet. However, you receive a security message from the operating system stating that this service is blocked on your workstation. What could be the probable cause?
A stateless firewall manages each incoming packet as a stand-alone entity, without regard to currently active connections.
stateless firewall