SSCP (3)
Which of the following is used to find the Media Access Control address (MAC) that matches with a known Internet Protocol (IP) address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP).
A. Address Resolution Protocol (ARP).
Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided? A. Data Link B. Transport C. Presentation D. Application
A. Data Link
What layer of the OSI/ISO model does Point-to-point tunneling protocol (PPTP) work at? A. Data link layer B. Transport layer C. Session layer D. Network layer
A. Data link layer
Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs? A. A known-plaintext attack B. A known-algorithm attack C. A chosen-ciphertext attack D. A chosen-plaintext attack
A. A known-plaintext attack
Which of the following binds a subject name to a public key value? A. A public-key certificate B. A public key infrastructure C. A secret key infrastructure D. A private key certificate
A. A public-key certificate
In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols? A. Transport layer B. Application layer C. Physical layer D. Network layer
A. Transport layer
Which of the following is an example of a connectionless communication protocol? A. UDP B. X.25 C. Packet switching D. TCP
A. UDP
Which layer of the DoD TCP/IP model controls the communication flow between hosts? A. Internet layer B. Host-to-host transport layer C. Application layer D. Network access layer
B. Host-to-host transport layer
The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.
B. ICMP.
What is the proper term to refer to a single unit of IP data? A. IP segment. B. IP datagram. C. IP frame. D. IP fragment.
B. IP datagram.
Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system? A. TCP sequence number attack B. IP spoofing attack C. Piggybacking attack D. Teardrop attack
B. IP spoofing attack
What is the maximum key size for the RC5 algorithm? A. 128 bits B. 256 bits C. 1024 bits D. 2040 bits
D. 2040 bits
What key size is used by the Clipper Chip? A. 40 bits B. 56 bits C. 64 bits D. 80 bits
D. 80 bits
Which of the following IEEE standards defines the token ring media access method? A. 802.3 B. 802.11 C. 802.5 D. 802.2
D. 802.2
You are running a packet sniffer on a network and see a packet containing a long string of "0x90 0x90 0x90 0x90...." in the middle of it traveling to an x86-based machine as a target. This could be indicative of what activity being attempted? A. Over-subscription of the traffic on a backbone. B. A source quench packet. C. A FIN scan. D. A buffer overflow attack.
D. A buffer overflow attack.
What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility? A. DS-0 B. DS-1 C. DS-2 D. DS-3
B. DS-1
What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity? A. A digital envelope B. A cryptographic hash C. A Message Authentication Code D. A digital signature
D. A digital signature
Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later? A. Steganography B. Digital watermarking C. Digital enveloping D. Digital signature
B. Digital watermarking
Which of the following would best describe a Concealment cipher? A. Permutation is used, meaning that letters are scrambled. B. Every X number of words within a text, is a part of the real message. C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks. D. Hiding data in another message so that the very existence of the data is concealed.
B. Every X number of words within a text, is a part of the real message.
Communications and network security relates to transmission of which of the following? A. voice B. voice and multimedia C. data and multimedia D. voice, data and multimedia
B. voice and multimedia
Which of the following media is MOST resistant to tapping? A. microwave. B. twisted pair. C. coaxial cable. D. fiber optic.
D. fiber optic.
Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 10.0.42.5 B. 11.0.42.5 C. 12.0.42.5 D. 13.0.42.5
A. 10.0.42.5
Which port does the Post Office Protocol Version 3 (POP3) make use of? A. 110 B. 109 C. 139 D. 119
A. 110
How many rounds are used by DES? A. 16 B. 32 C. 64 D. 48
A. 16
Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 192.168.42.5 B. 192.166.42.5 C. 192.175.42.5 D. 192.1.42.5
A. 192.168.42.5
How long are IPv4 addresses? A. 32 bits long. B. 64 bits long. C. 128 bits long. D. 16 bits long.
A. 32 bits long.
What is the main difference between a Smurf and a Fraggle attack? A. A Smurf attack is ICMP-based and a Fraggle attack is UDP-based. B. A Smurf attack is UDP-based and a Fraggle attack is TCP-based. C. Smurf attack packets cannot be spoofed. D. A Smurf attack is UDP-based and a Fraggle attack is ICMP-based.
A. A Smurf attack is ICMP-based and a Fraggle attack is UDP-based.
Which of the following methods of providing telecommunications continuity involves the use of an alternative media? A. Alternative routing B. Diverse routing C. Long haul network diversity D. Last mile circuit protection
A. Alternative routing
FTP, TFTP, SNMP, and SMTP are provided at what level of the Open Systems Interconnect (OSI) Reference Model? A. Application B. Network C. Presentation D. Transport
A. Application
The basic language of modems and dial-up remote access systems is: A. Asynchronous Communication. B. Synchronous Communication. C. Asynchronous Interaction. D. Synchronous Interaction.
A. Asynchronous Communication.
Which of the following is a LAN transmission method? A. Broadcast B. Carrier-sense multiple access with collision detection (CSMA/CD) C. Token ring D. Fiber Distributed Data Interface (FDDI)
A. Broadcast
What is NOT an authentication method within IKE and IPsec? A. CHAP B. Pre shared key C. certificate based authentication D. Public key authentication
A. CHAP
Which of the following access methods is used by Ethernet? A. CSMA/CD. B. CSU/DSU. C. TCP/IP. D. FIFO.
A. CSMA/CD.
Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards? A. Category 5e UTP B. Category 2 UTP C. Category 3 UTP D. Category 1e UTP
A. Category 5e UTP
You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals. One day you receive a laptop and are part of a two man team responsible for examining it together. However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch. What critical step in forensic evidence have you forgotten? A. Chain of custody B. Locking the laptop in your desk C. Making a disk image for examination D. Cracking the admin password with chntpw
A. Chain of custody
This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I ? A. Chosen-Ciphertext attack B. Ciphertext-only attack C. Plaintext Only Attack D. Adaptive-Chosen-Plaintext attack
A. Chosen-Ciphertext attack
Which of the following prevents, detects, and corrects errors so that the integrity, availability, and confidentiality of transactions over networks may be maintained? A. Communications security management and techniques B. Information security management and techniques C. Client security management and techniques D. Server security management and techniques
A. Communications security management and techniques
Which of the following is best provided by symmetric cryptography? A. Confidentiality B. Integrity C. Availability D. Non-repudiation
A. Confidentiality
What enables users to validate each other's certificate when they are certified under different certification hierarchies? A. Cross-certification B. Multiple certificates C. Redundant certification authorities D. Root certification authorities
A. Cross-certification
Which of the following is the most secure form of triple-DES encryption? A. DES-EDE3 B. DES-EDE1 C. DES-EEE4 D. DES-EDE2
A. DES-EDE3
Domain Name Service is a distributed database system that is used to map: A. Domain Name to IP addresses. B. MAC addresses to domain names. C. MAC Address to IP addresses. D. IP addresses to MAC Addresses.
A. Domain Name to IP addresses.
Which of the following is unlike the other three choices presented? A. El Gamal B. Teardrop C. Buffer Overflow D. Smurf
A. El Gamal
Which of the following is NOT an advantage that TACACS+ has over TACACS? A. Event logging B. Use of two-factor password authentication C. User has the ability to change his password D. Ability for security tokens to be resynchronized
A. Event logging
When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this: 0101 0001 Plain text 0111 0011 Key stream 0010 0010 Output What is this cryptographic operation called? A. Exclusive-OR B. Bit Swapping C. Logical-NOR D. Decryption
A. Exclusive-OR
Which of the following is a token-passing scheme like token ring that also has a second ring that remains dormant until an error condition is detected on the primary ring? A. Fiber Distributed Data Interface (FDDI). B. Ethernet C. Fast Ethernet D. Broadband
A. Fiber Distributed Data Interface (FDDI).
Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length? A. Fiber Optic cable B. Coaxial cable C. Twisted Pair cable D. Axial cable
A. Fiber Optic cable
Which xDSL flavor delivers both downstream and upstream speeds of 1.544 Mbps over two copper twisted pairs? A. HDSL B. SDSL C. ADSL D. VDSL
A. HDSL
All hosts on an IP network have a logical ID called a(n): A. IP address. B. MAC address. C. TCP address. D. Datagram address.
A. IP address.
Which of the following answers is described as a random value used in cryptographic algorithms to ensure that patterns are not created during the encryption process? A. IV - Initialization Vector B. Stream Cipher C. OTP - One Time Pad D. Ciphertext
A. IV - Initialization Vector
What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)? A. Internet Key Exchange (IKE) B. Secure Key Exchange Mechanism C. Oakley D. Internet Security Association and Key Management Protocol
A. Internet Key Exchange (IKE)
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations? A. Internet Key exchange (IKE) B. Security Association Authentication Protocol (SAAP) C. Simple Key-management for Internet Protocols (SKIP) D. Key Exchange Algorithm (KEA)
A. Internet Key exchange (IKE)
What is a limitation of TCP Wrappers? A. It cannot control access to running UDP services. B. It stops packets before they reach the application layer, thus confusing some proxy servers. C. The hosts. access control system requires a complicated directory tree. D. They are too expensive.
A. It cannot control access to running UDP services.
Which of the following is NOT a property of a one-way hash function? A. It converts a message of a fixed length into a message digest of arbitrary length. B. It is computationally infeasible to construct two different messages with the same digest. C. It converts a message of arbitrary length into a message digest of a fixed length. D. Given a digest value, it is computationally infeasible to find the corresponding message.
A. It converts a message of a fixed length into a message digest of arbitrary length.
What is NOT true about a one-way hashing function? A. It provides authentication of the message B. A hash cannot be reverse to get the message used to create the hash C. The results of a one-way hash is a message digest D. It provides integrity of the message
A. It provides authentication of the message
What is defined as the rules for communicating between computers on a Local Area Network (LAN)? A. LAN Media Access methods B. LAN topologies C. LAN transmission methods D. Contention Access Control
A. LAN Media Access methods
Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender? A. Message Authentication Code - MAC B. PAM - Pluggable Authentication Module C. NAM - Negative Acknowledgement Message D. Digital Signature Certificate
A. Message Authentication Code - MAC
Which of the following OSI layers provides routing and related services? A. Network Layer B. Presentation Layer C. Session Layer D. Physical Layer
A. Network Layer
In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the: A. Network or Transport Layer. B. Application Layer. C. Inspection Layer. D. Data Link Layer.
A. Network or Transport Layer.
Application Layer Firewalls operate at the: A. OSI protocol Layer seven, the Application Layer. B. OSI protocol Layer six, the Presentation Layer. C. OSI protocol Layer five, the Session Layer. D. OSI protocol Layer four, the Transport Layer.
A. OSI protocol Layer seven, the Application Layer.
Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part? A. One Time Pad (OTP) B. One time Cryptopad (OTC) C. Cryptanalysis D. Pretty Good Privacy (PGP)
A. One Time Pad (OTP)
Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for: A. Peer Authentication B. Peer Identification C. Server Authentication D. Name Resolution
A. Peer Authentication
Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key. A. Private / Public B. Public / Private C. Symmetric / Asymmetric D. Private / Symmetric
A. Private / Public
An application layer firewall is also called a: A. Proxy B. A Presentation Layer Gateway. C. A Session Layer Gateway. D. A Transport Layer Gateway.
A. Proxy
What protocol is used on the Local Area Network (LAN) to obtain an IP address from it's known MAC address? A. Reverse address resolution protocol (RARP) B. Address resolution protocol (ARP) C. Data link layer D. Network address translation (NAT)
A. Reverse address resolution protocol (RARP)
What works as an E-mail message transfer agent? A. SMTP B. SNMP C. S-RPC D. S/MIME
A. SMTP
Which of the following security-focused protocols has confidentiality services operating at a layer different from the others? A. Secure HTTP (S-HTTP) B. FTP Secure (FTPS) C. Secure socket layer (SSL) D. Sequenced Packet Exchange (SPX)
A. Secure HTTP (S-HTTP)
How would an IP spoofing attack be best classified? A. Session hijacking attack B. Passive attack C. Fragmentation attack D. Sniffing attack
A. Session hijacking attack
Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer in a network. Within which OSI/ISO layer is RPC implemented? A. Session layer B. Transport layer C. Data link layer D. Network layer
A. Session layer
Which OSI/ISO layer does a SOCKS server operate at? A. Session layer B. Transport layer C. Network layer D. Data link layer
A. Session layer
Which of the following is true related to network sniffing? A. Sniffers allow an attacker to monitor data passing across a network. B. Sniffers alter the source address of a computer to disguise and exploit weak authentication methods. C. Sniffers take over network connections. D. Sniffers send IP fragments to a system that overlap with each other.
A. Sniffers allow an attacker to monitor data passing across a network.
Which type of firewall can be used to track connectionless protocols such as UDP and RPC? A. Stateful inspection firewalls B. Packet filtering firewalls C. Application level firewalls D. Circuit level firewalls
A. Stateful inspection firewalls
Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? A. Steganography B. ADS - Alternate Data Streams C. Encryption D. NTFS ADS
A. Steganography
Which of the following is more suitable for a hardware implementation? A. Stream ciphers B. Block ciphers C. Cipher block chaining D. Electronic code book
A. Stream ciphers
Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other? A. Symmetric Key Cryptography B. PKI - Public Key Infrastructure C. Diffie-Hellman D. DSS - Digital Signature Standard
A. Symmetric Key Cryptography
Which of the following remote access authentication systems is the most robust? A. TACACS+ B. RADIUS C. PAP D. TACACS
A. TACACS+
Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)? A. TCP is connection-oriented, UDP is not. B. UDP provides for Error Correction, TCP does not. C. UDP is useful for longer messages, rather than TCP. D. TCP does not guarantee delivery of data, while UDP does guarantee data delivery.
A. TCP is connection-oriented, UDP is not.
The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.
A. TCP.
Which type of attack consists of modifying the length and fragmentation offset fields in sequential IP packets? A. Teardrop attack B. Smurf attack C. SYN attack D. Buffer overflow attack
A. Teardrop attack
Unshielded Twisted Pair (UTP) cables comes in several categories. The categories are based on: A. The level of performance B. How thick the shielding is. C. The length of the cable D. The diameter of the copper.
A. The level of performance
What is a TFTP server most useful for? A. Transferring configurations to and from network devices. B. Transferring files to web servers. C. Terminal access to network devices. D. Terminal access to file servers.
A. Transferring configurations to and from network devices.
Which protocol of the TCP/IP suite addresses reliable data transport? A. Transmission control protocol (TCP) B. User datagram protocol (UDP) C. Internet protocol (IP) D. Internet control message protocol (ICMP)
A. Transmission control protocol (TCP)
In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP provided? A. Transport B. Network C. Presentation D. Application
A. Transport
Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol model? A. User datagram protocol (UDP) B. Internet protocol (IP) C. Internet Group Management Protocol (IGMP) D. Internet control message protocol (ICMP)
A. User datagram protocol (UDP)
Which xDSL flavour can deliver up to 52 Mbps downstream over a single copper twisted pair? A. VDSL B. SDSL C. HDSL D. ADSL
A. VDSL
Secure Sockets Layer (SSL) is very heavily used for protecting which of the following? A. Web transactions. B. EDI transactions. C. Telnet transactions. D. Electronic Payment transactions.
A. Web transactions.
Which of the following standards is concerned with message handling? A. X.400 B. X.500 C. X.509 D. X.800
A. X.400
A Wide Area Network (WAN) is basically everything outside of: A. a Local Area Network (LAN). B. a Campus Area Network (CAN). C. a Metropolitan Area Network (MAN). D. the Internet.
A. a Local Area Network (LAN).
Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic? A. a firewall. B. dial-up. C. passwords. D. fiber optics.
A. a firewall.
The general philosophy for DMZ's is that: A. any system on the DMZ can be compromised because it's accessible from the Internet. B. any system on the DMZ cannot be compromised because it's not accessible from the Internet. C. some systems on the DMZ can be compromised because they are accessible from the Internet. D. any system on the DMZ cannot be compromised because it's by definition 100 percent safe and not accessible from the Internet.
A. any system on the DMZ can be compromised because it's accessible from the Internet.
Address Resolution Protocol (ARP) interrogates the network by sending out a? A. broadcast. B. multicast. C. unicast. D. semicast.
A. broadcast.
Secure Shell (SSH) is a strong method of performing: A. client authentication B. server authentication C. host authentication D. guest authentication
A. client authentication
The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use. A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields
A. computing in Galois fields
A Packet Filtering Firewall system is considered a: A. first generation firewall. B. second generation firewall. C. third generation firewall. D. fourth generation firewall.
A. first generation firewall.
Unshielded Twisted Pair cabling is a: A. four-pair wire medium that is used in a variety of networks. B. three-pair wire medium that is used in a variety of networks. C. two-pair wire medium that is used in a variety of networks. D. one-pair wire medium that is used in a variety of networks.
A. four-pair wire medium that is used in a variety of networks.
Packet Filtering Firewalls examines both the source and destination address of the: A. incoming and outgoing data packets B. outgoing data packets only C. Incoming Data packets only D. user data packet
A. incoming and outgoing data packets
A circuit level proxy is ___________________ when compared to an application level proxy. A. lower in processing overhead. B. more difficult to maintain. C. more secure. D. slower.
A. lower in processing overhead.
A proxy can control which services (FTP and so on) are used by a workstation , and also aids in protecting the network from outsiders who may be trying to get information about the: A. network's design B. user base C. operating system design D. net BIOS' design
A. network's design
Packet Filtering Firewalls can also enable access for: A. only authorized application port or service numbers. B. only unauthorized application port or service numbers. C. only authorized application port or ex-service numbers. D. only authorized application port or service integers.
A. only authorized application port or service numbers.
What is the role of IKE within the IPsec protocol? A. peer authentication and key exchange B. data encryption C. data signature D. enforcing quality of service
A. peer authentication and key exchange
Each data packet is assigned the IP address of the sender and the IP address of the: A. recipient. B. host. C. node. D. network.
A. recipient.
A DMZ is located: A. right behind your first Internet facing firewall B. right in front of your first Internet facing firewall C. right behind your first network active firewall D. right behind your first network passive Internet http firewall
A. right behind your first Internet facing firewall
A DMZ is also known as a A. screened subnet B. three legged firewall C. a place to attract hackers D. bastion host
A. screened subnet
A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is: A. server cluster B. client cluster C. guest cluster D. host cluster
A. server cluster
If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a: A. server farm B. client farm C. cluster farm D. host farm
A. server farm
A server cluster looks like a: A. single server from the user's point of view B. dual server from the user's point of view C. triple server from the user's point of view D. quardle server from the user's point of view
A. single server from the user's point of view
In the UTP category rating, the tighter the wind: A. the higher the rating and its resistance against interference and crosstalk. B. the slower the rating and its resistance against interference and attenuation. C. the shorter the rating and its resistance against interference and attenuation. D. the longer the rating and its resistance against interference and attenuation.
A. the higher the rating and its resistance against interference and crosstalk.
Network cabling comes in three flavors, they are: A. twisted pair, coaxial, and fiber optic. B. tagged pair, coaxial, and fiber optic. C. trusted pair, coaxial, and fiber optic. D. twisted pair, control, and fiber optic.
A. twisted pair, coaxial, and fiber optic.
What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable? A. 80 meters B. 100 meters C. 185 meters D. 500 meters
B. 100 meters
What is the key size of the International Data Encryption Algorithm (IDEA)? A. 64 bits B. 128 bits C. 160 bits D. 192 bits
B. 128 bits
The Data Encryption Algorithm performs how many rounds of substitution and permutation? A. 4 B. 16 C. 54 D. 64
B. 16
The standard server port number for HTTP is which of the following? A. 81 B. 80 C. 8080 D. 8180
B. 80
Which of the following is true of network security? A. A firewall is a not a necessity in today's connected world. B. A firewall is a necessity in today's connected world. C. A whitewall is a necessity in today's connected world. D. A black firewall is a necessity in today's connected world.
B. A firewall is a necessity in today's connected world.
Which of the following statements pertaining to stream ciphers is correct? A. A stream cipher is a type of asymmetric encryption algorithm. B. A stream cipher generates what is called a keystream. C. A stream cipher is slower than a block cipher. D. A stream cipher is not appropriate for hardware-based encryption.
B. A stream cipher generates what is called a keystream.
What protocol is used to match an IP address to the appropriate hardware address of the packet's destination so it can be sent? A. Routing tables B. Address resolution protocol (ARP) C. Reverse address resolution protocol (RARP) D. Internet Control Message Protocol (ICMP)
B. Address resolution protocol (ARP)
What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate? A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate
B. An attribute certificate
What is the name of the third party authority that vouches for the binding between the data items in a digital certificate? A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority
B. Certification authority
Which of the following is NOT a VPN communications protocol standard? A. Point-to-point tunneling protocol (PPTP) B. Challenge Handshake Authentication Protocol (CHAP) C. Layer 2 tunneling protocol (L2TP) D. IP Security
B. Challenge Handshake Authentication Protocol (CHAP)
Which of the following is the biggest concern with firewall security? A. Internal hackers B. Complex configuration rules leading to misconfiguration C. Buffer overflows D. Distributed denial of service (DDOS) attacks
B. Complex configuration rules leading to misconfiguration
In stateful inspection firewalls, packets are: A. Inspected at only one layer of the Open System Interconnection (OSI) model B. Inspected at all Open System Interconnection (OSI) layers C. Decapsulated at all Open Systems Interconnect (OSI) layers. D. Encapsulated at all Open Systems Interconnect (OSI) layers.
B. Inspected at all Open System Interconnection (OSI) layers
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism? A. OAKLEY B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. IPsec Key exchange (IKE)
B. Internet Security Association and Key Management Protocol (ISAKMP)
What is the main characteristic of a bastion host? A. It is located on the internal network. B. It is a hardened computer implementation C. It is a firewall. D. It does packet filtering.
B. It is a hardened computer implementation
What is defined as the manner in which the network devices are organized to facilitate communications? A. LAN transmission methods B. LAN topologies C. LAN transmission protocols D. LAN media access methods
B. LAN topologies
What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database? A. Level 1/Class 1 B. Level 2/Class 2 C. Level 3/Class 3 D. Level 4/Class 4
B. Level 2/Class 2
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission? A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundancy Check (CRC) D. Secure Hash Standard (SHS)
B. Message Authentication Code (MAC)
Which of the following is a telecommunication device that translates data from digital to analog form and back to digital? A. Multiplexer B. Modem C. Protocol converter D. Concentrator
B. Modem
Which of the following devices enables more than one signal to be sent out simultaneously over one physical circuit? A. Router B. Multiplexer C. Channel service unit/Data service unit (CSU/DSU) D. Wan switch
B. Multiplexer
In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the best choice below. A. Network Address Translation B. Network Address Hijacking C. Network Address Supernetting D. Network Address Sniffing
B. Network Address Hijacking
The communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together refers to: A. Netware Architecture. B. Network Architecture. C. WAN Architecture. D. Multiprotocol Architecture.
B. Network Architecture.
ICMP and IGMP belong to which layer of the OSI model? A. Datagram Layer. B. Network Layer. C. Transport Layer. D. Data Link Layer.
B. Network Layer.
Which of the following is the simplest type of firewall? A. Stateful packet filtering firewall B. Packet filtering firewall C. Dual-homed host firewall D. Application gateway
B. Packet filtering firewall
Which of the following is best at defeating frequency analysis? A. Substitution cipher B. Polyalphabetic cipher C. Transposition cipher D. Ceasar Cipher
B. Polyalphabetic cipher
Which of the following are REGISTERED PORTS as defined by IANA ? A. Ports 128 to 255 B. Ports 1024 to 49151 C. Ports 1025 to 65535 D. Ports 1024 to 32767
B. Ports 1024 to 49151
Which of the following algorithms is a stream cipher? A. RC2 B. RC4 C. RC5 D. RC6
B. RC4
Which of the following is not a one-way hashing algorithm? A. MD2 B. RC4 C. SHA-1 D. HAVAL
B. RC4
Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks? A. Monitoring and auditing for such activity B. Require user authentication C. Making sure only necessary phone numbers are made public D. Using completely different numbers for voice and data accesses
B. Require user authentication
When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP).
B. Reverse Address Resolution Protocol (RARP).
Which of the following is not an encryption algorithm? A. Skipjack B. SHA-1 C. Twofish D. DEA
B. SHA-1
Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces? A. ISDN B. SLIP C. xDSL D. T1
B. SLIP
What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests? A. Ping of death attack B. SYN attack C. Smurf attack D. Buffer overflow attack
B. SYN attack
Which of the following is the most secure firewall implementation? A. Dual-homed host firewalls B. Screened-subnet firewalls C. Screened-host firewalls D. Packet-filtering firewalls
B. Screened-subnet firewalls
As per RFC 1122, which of the following is not a defined layer in the DoD TCP/IP protocol model? A. Application layer B. Session layer C. Internet layer D. Link/Network Access Layer
B. Session layer
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis? A. Internet Security Association and Key Management Protocol (ISAKMP) B. Simple Key-management for Internet Protocols (SKIP) C. Diffie-Hellman Key Distribution Protocol D. IPsec Key exchange (IKE)
B. Simple Key-management for Internet Protocols (SKIP)
What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets? A. SYN Flood attack B. Smurf attack C. Ping of Death attack D. Denial of Service (DOS) attack
B. Smurf attack
Which type of attack involves impersonating a user or a system? A. Smurfing attack B. Spoofing attack C. Spamming attack D. Sniffing attack
B. Spoofing attack
Which communication method is characterized by very high speed transmission rates that are governed by electronic clock timing signals? A. Asynchronous Communication. B. Synchronous Communication. C. Automatic Communication. D. Full duplex Communication.
B. Synchronous Communication.
Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request? A. ICMP B. TCP C. UDP D. IP
B. TCP
Good security is built on which of the following concept? A. The concept of a pass-through device that only allows certain traffic in and out B. The Concept of defense in depth C. The Concept of Preventative controls D. The Concept of Defensive Controls
B. The Concept of defense in depth
Which of the following statements pertaining to Secure Sockets Layer (SSL) is false? A. The SSL protocol was developed by Netscape to secure Internet client-server transactions. B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates. C. Web pages using the SSL protocol start with HTTPS D. SSL can be used with applications such as Telnet, FTP and email protocols.
B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates.
In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. Both client and server B. The client's browser C. The web server D. The merchant's Certificate Server
B. The client's browser
What is also known as 10Base5? A. Thinnet B. Thicknet C. ARCnet D. UTP
B. Thicknet
In a Public Key Infrastructure, how are public keys published? A. They are sent via e-mail. B. Through digital certificates. C. They are sent by owners. D. They are not published.
B. Through digital certificates.
Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet? A. Authentication mode B. Tunnel mode C. Transport mode D. Safe mode
B. Tunnel mode
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics? A. Standard model for network communications B. Used to gain information from network devices such as count of packets received and routing tables C. Enables dissimilar networks to communicate D. Defines 7 protocol layers (a.k.a. protocol stack)
B. Used to gain information from network devices such as count of packets received and routing tables
Which of the following offers security to wireless communications? A. S-WAP B. WTLS C. WSP D. WDP
B. WTLS
Which of the following statements pertaining to key management is incorrect? A. The more a key is used, the shorter its lifetime should be. B. When not using the full keyspace, the key should be extremely random. C. Keys should be backed up or escrowed in case of emergencies. D. A key's lifetime should correspond with the sensitivity of the data it is protecting.
B. When not using the full keyspace, the key should be extremely random.
What is the 802.11 standard related to? A. Public Key Infrastructure (PKI) B. Wireless network communications C. Packet-switching technology D. The OSI/ISO model
B. Wireless network communications
Which of the following DoD Model layer provides non-repudiation services? A. network layer. B. application layer. C. transport layer. D. data link layer.
B. application layer.
A common way to create fault tolerance with leased lines is to group several T1s together with an inverse multiplexer placed: A. at one end of the connection. B. at both ends of the connection. C. somewhere between both end points. D. in the middle of the connection.
B. at both ends of the connection.
Communications devices must operate: A. at different speeds to communicate. B. at the same speed to communicate. C. at varying speeds to interact. D. at high speed to interact.
B. at the same speed to communicate.
Asynchronous Communication transfers data by sending: A. bits of data sequentially B. bits of data sequentially in irregular timing patterns C. bits of data in sync with a heartbeat or clock D. bits of data simultaneously
B. bits of data sequentially in irregular timing patterns
Why are coaxial cables called "coaxial"? A. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. B. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis C. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another two concentric physical channels, both running along the same axis. D. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running perpendicular and along the different axis
B. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis
In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices? A. new loop B. local loop C. loopback D. indigenous loop
B. local loop
Which one of the following is usually not a benefit resulting from the use of firewalls? A. reduces the risks of external threats from malicious hackers. B. prevents the spread of viruses. C. reduces the threat level on internal system. D. allows centralized management and control of services.
B. prevents the spread of viruses.
Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 172.12.42.5 B. 172.140.42.5 C. 172.31.42.5 D. 172.15.42.5
C. 172.31.42.5
How many layers are defined within the US Department of Defense (DoD) TCP/IP Model? A. 7 B. 5 C. 4 D. 3
C. 4
A packet containing a long string of NOP's followed by a command is usually indicative of what? A. A syn scan. B. A half-port scan. C. A buffer overflow attack. D. A packet destined for the network's broadcast address.
C. A buffer overflow attack.
Which of the following would best define a digital envelope? A. A message that is encrypted and signed with a digital certificate. B. A message that is signed with a secret key and encrypted with the sender's private key. C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver. D. A message that is encrypted with the recipient's public key and signed with the sender's private key.
C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.
Which xDSL flavor, appropriate for home or small offices, delivers more bandwidth downstream than upstream and over longer distance? A. VDSL B. SDSL C. ADSL D. HDSL
C. ADSL
Which of the following statements pertaining to packet switching is incorrect? A. Most data sent today uses digital signals over network employing packet switching. B. Messages are divided into packets. C. All packets from a message travel through the same route. D. Each network node or point examines each packet for routing.
C. All packets from a message travel through the same route.
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? A. Certificate revocation list B. Certificate revocation tree C. Authority revocation list D. Untrusted certificate list
C. Authority revocation list
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack
C. Birthday attack
Which of the following was not designed to be a proprietary encryption algorithm? A. RC2 B. RC4 C. Blowfish D. Skipjack
C. Blowfish
Which of the following concerning the Rijndael block cipher algorithm is false? A. The design of Rijndael was strongly influenced by the design of the block cipher Square. B. A total of 25 combinations of key length and block length are possible C. Both block size and key length can be extended to multiples of 64 bits. D. The cipher has a variable block length and key length.
C. Both block size and key length can be extended to multiples of 64 bits.
Which of the following networking devices allows the connection of two or more homogeneous LANs in a simple way where they forward the traffic based on the MAC address?. A. Gateways B. Routers C. Bridges D. Firewalls
C. Bridges
What is called the access protection system that limits connections by calling back the number of a previously authorized location? A. Sendback systems B. Callback forward systems C. Callback systems D. Sendback forward systems
C. Callback systems
What type of cable is used with 100Base-TX Fast Ethernet? A. Fiber-optic cable B. Category 3 or 4 unshielded twisted-pair (UTP). C. Category 5 unshielded twisted-pair (UTP). D. RG-58 cable.
C. Category 5 unshielded twisted-pair (UTP).
The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of: A. Confidentiality, Integrity, and Entity (C.I.E.). B. Confidentiality, Integrity, and Authenticity (C.I.A.). C. Confidentiality, Integrity, and Availability (C.I.A.). D. Confidentiality, Integrity, and Liability (C.I.L.).
C. Confidentiality, Integrity, and Availability (C.I.A.).
Which of the following does NOT concern itself with key management? A. Internet Security Association Key Management Protocol (ISAKMP) B. Diffie-Hellman (DH) C. Cryptology (CRYPTO) D. Key Exchange Algorithm (KEA)
C. Cryptology (CRYPTO)
What ISO/OSI layer do switches primarily operate at? Do take note that this question makes reference to a plain vanilla switch and not one of the smart switches that is available on the market today. A. Physical layer B. Network layer C. Data link layer D. Session layer
C. Data link layer
Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel? A. Transport layer B. Network layer C. Data link layer D. Physical layer
C. Data link layer
Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of? A. Transport layer B. Network layer C. Data link layer D. Physical layer
C. Data link layer
A code, as is pertains to cryptography: A. Is a generic term for encryption. B. Is specific to substitution ciphers. C. Deals with linguistic units. D. Is specific to transposition ciphers.
C. Deals with linguistic units.
What is used to bind a document to its creation at a particular time? A. Network Time Protocol (NTP) B. Digital Signature C. Digital Timestamp D. Certification Authority (CA)
C. Digital Timestamp
When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass: A. packet filtering B. CIrcuit level proxy C. Dynamic packet filtering D. Application level proxy
C. Dynamic packet filtering
What is the proper term to refer to a single unit of Ethernet data at the link layer of the DoD TCP model ? A. Ethernet Segment. B. Ethernet Datagram. C. Ethernet Frame. D. Ethernet Packet.
C. Ethernet Frame.
Which of the following LAN topologies offers the highest availability? A. Bus topology B. Tree topology C. Full mesh topology D. Partial mesh topology
C. Full mesh topology
Which layer of the DoD TCP/IP Model ensures error-free delivery and packet sequencing? A. Internet layer B. Network access layer C. Host-to-host D. Application layer
C. Host-to-host
Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model? A. S/MIME and SSH B. TLS and SSL C. IPsec and L2TP D. PKCS#10 and X.509
C. IPsec and L2TP
Which of the following statements pertaining to link encryption is false? A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
C. Information stays encrypted from one end of its journey to the other.
A one-way hash provides which of the following? A. Confidentiality B. Availability C. Integrity D. Authentication
C. Integrity
Which of the following statements is most accurate regarding a digital signature? A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.
C. It allows the recipient of data to prove the source and integrity of data.
Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false? A. It can be used for voice B. it can be used for data C. It carries various sizes of packets D. It can be used for video
C. It carries various sizes of packets
What is the main characteristic of a multi-homed host? A. It is placed between two routers or firewalls. B. It allows IP routing. C. It has multiple network interfaces, each connected to separate networks. D. It operates at multiple layers.
C. It has multiple network interfaces, each connected to separate networks.
The Diffie-Hellman algorithm is used for: A. Encryption B. Digital signature C. Key agreement D. Non-repudiation
C. Key agreement
Which of the following statements pertaining to VPN protocol standards is false? A. L2TP is a combination of PPTP and L2F. B. L2TP and PPTP were designed for single point-to-point client to server communication. C. L2TP operates at the network layer. D. PPTP uses native PPP authentication and encryption services.
C. L2TP operates at the network layer.
One of the following statements about the differences between PPTP and L2TP is NOT true A. PPTP can run only on top of IP networks. B. PPTP is an encryption protocol and L2TP is not. C. L2TP works well with all firewalls and network devices that perform NAT. D. L2TP supports AAA servers
C. L2TP works well with all firewalls and network devices that perform NAT.
Which OSI/ISO layer is responsible for determining the best route for data to be transferred? A. Session layer B. Physical layer C. Network layer D. Transport layer
C. Network layer
Which layer defines how packets are routed between end systems? A. Session layer B. Transport layer C. Network layer D. Data link layer
C. Network layer
Which of the following statements pertaining to block ciphers is incorrect? A. It operates on fixed-size blocks of plaintext. B. It is more suitable for software than hardware implementations. C. Plain text is encrypted with a public key and decrypted with a private key. D. Some Block ciphers can operate internally as a stream.
C. Plain text is encrypted with a public key and decrypted with a private key.
Which of the following are WELL KNOWN PORTS assigned by the IANA? A. Ports 0 to 255 B. Ports 0 to 1024 C. Ports 0 to 1023 D. Ports 0 to 127
C. Ports 0 to 1023
Which of the following encryption algorithms does not deal with discrete logarithms? A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve
C. RSA
Which of the following is a device that is used to regenerate or replicate the received signals? A. Bridge B. Router C. Repeater D. Brouter
C. Repeater
Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number? A. IP spoofing attack B. SYN flood attack C. TCP sequence number attack D. Smurf attack
C. TCP sequence number attack
Which of the following can prevent hijacking of a web session? A. RSA B. SET C. SSL D. PPP
C. SSL
In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session between a client and a server? A. Peer-to-peer authentication B. Only server authentication (optional) C. Server authentication (mandatory) and client authentication (optional) D. Role based authentication scheme
C. Server authentication (mandatory) and client authentication (optional)
Which of the following is NOT a known type of Message Authentication Code (MAC)? A. Keyed-hash message authentication code (HMAC) B. DES-CBC C. Signature-based MAC (SMAC) D. Universal Hashing Based MAC (UMAC)
C. Signature-based MAC (SMAC)
Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers? A. Provides Limited security services B. Has no built in Key distribution C. Speed D. Large number of keys are needed
C. Speed
What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It is sometimes referred to as "what each must bring" and joined together when getting access or decrypting a file. Each of which does not reveal the other? A. Dual control B. Separation of duties C. Split knowledge D. Need to know
C. Split knowledge
Telnet and rlogin use which protocol? A. UDP. B. SNMP. C. TCP. D. IGP.
C. TCP.
Which of the following protocols suite does the Internet use? A. IP/UDP/TCP B. IP/UDP/ICMP/TCP C. TCP/IP D. IMAP/SMTP/POP3
C. TCP/IP
In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class B network? A. The first bit of the IP address would be set to zero. B. The first bit of the IP address would be set to one and the second bit set to zero. C. The first two bits of the IP address would be set to one, and the third bit set to zero. D. The first three bits of the IP address would be set to one.
C. The first two bits of the IP address would be set to one, and the third bit set to zero.
Which of the following statements pertaining to message digests is incorrect? A. The original file cannot be created from the message digest. B. Two different files should not have the same message digest. C. The message digest should be calculated using at least 128 bytes of the file. D. Messages digests are usually of fixed size.
C. The message digest should be calculated using at least 128 bytes of the file.
Which of the following is true about link encryption? A. Each entity has a common key with the destination node. B. Encrypted messages are only decrypted by the final node. C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. D. Only secure nodes are used in this type of transmission.
C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.
Which of the following was designed as a more fault-tolerant topology than Ethernet, and very resilient when properly implemented? A. Token Link. B. Token system. C. Token Ring. D. Duplicate ring.
C. Token Ring.
Which of the following layers provides end-to-end data transfer service? A. Network Layer. B. Data Link Layer. C. Transport Layer. D. Presentation Layer.
C. Transport Layer
Which of the following is an advantage that UDP has over TCP? A. UDP is connection-oriented whereas TCP is not. B. UDP is more reliable than TCP. C. UDP is faster than TCP. D. UDP makes a better effort to deliver packets.
C. UDP is faster than TCP.
The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.
C. UDP.
Frame relay uses a public switched network to provide: A. Local Area Network (LAN) connectivity. B. Metropolitan Area Network (MAN) connectivity. C. Wide Area Network (WAN) connectivity. D. World Area Network (WAN) connectivity.
C. Wide Area Network (WAN) connectivity.
A proxy is considered a: A. first generation firewall. B. third generation firewall. C. second generation firewall. D. fourth generation firewall.
C. second generation firewall.
What is a decrease in amplitude as a signal propagates along a transmission medium best known as? A. Crosstalk B. Noise C. Delay distortion D. Attenuation
D. Attenuation
A variation of the application layer firewall is called a: A. Current Level Firewall. B. Cache Level Firewall. C. Session Level Firewall. D. Circuit Level Firewall.
D. Circuit Level Firewall.
Which of the following would be used to detect and correct errors so that integrity and confidentiality of transactions over networks may be maintained while preventing unauthorize interception of the traffic? A. Information security B. Server security C. Client security D. Communications security
D. Communications security
Cryptography does NOT help in: A. Detecting fraudulent insertion. B. Detecting fraudulent deletion. C. Detecting fraudulent modification. D. Detecting fraudulent disclosure.
D. Detecting fraudulent disclosure.
Which of the following transmission media would NOT be affected by cross talk or interference? A. Copper cable B. Radio System C. Satellite radiolink D. Fiber optic cables
D. Fiber optic cables
Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model? A. Bridge B. Repeater C. Router D. Gateway
D. Gateway
Secure Shell (SSH-2) supports authentication, compression, confidentiality, and integrity, SSH is commonly used as a secure alternative to all of the following protocols below except: A. telnet B. rlogin C. RSH D. HTTPS
D. HTTPS
Which of the following does NOT use token-passing? A. ARCnet B. FDDI C. Token-ring D. IEEE 802.3
D. IEEE 802.3
The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.
D. IGMP.
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)
D. Internet Key Exchange (IKE)
Which layer of the TCP/IP protocol model would best correspond to the OSI/ISO model's network layer? A. Network access layer B. Application layer C. Host-to-host transport layer D. Internet layer
D. Internet layer
Which of the following is less likely to be used today in creating a Virtual Private Network? A. L2TP B. PPTP C. IPSec D. L2F
D. L2F
Upon which of the following ISO/OSI layers does network address translation operate? A. Transport layer B. Session layer C. Data link layer D. Network layer
D. Network layer
What layer of the ISO/OSI model do routers normally operate at? A. Data link layer B. Session layer C. Transport layer D. Network layer
D. Network layer
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? A. Diffie-Hellman Key Exchange Protocol B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY
D. OAKLEY
Which of the following elements of telecommunications is not used in assuring confidentiality? A. Network security protocols B. Network authentication services C. Data encryption services D. Passwords
D. Passwords
Which of the following is not an example of a block cipher? A. Skipjack B. IDEA C. Blowfish D. RC4
D. RC4
Which of the following service is not provided by a public key infrastructure (PKI)? A. Access control B. Integrity C. Authentication D. Reliability
D. Reliability
What type of attack involves IP spoofing, ICMP ECHO and a bounce site? A. IP spoofing attack B. Teardrop attack C. SYN attack D. Smurf attack
D. Smurf attack
You have been tasked to develop an effective information classification program. Which one of the following steps should be performed first? A. Establish procedures for periodically reviewing the classification and ownership B. Specify the security controls required for each classification level C. Identify the data custodian who will be responsible for maintaining the security level of data D. Specify the criteria that will determine how data is classified
D. Specify the criteria that will determine how data is classified
How do you distinguish between a bridge and a router? A. A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to. B. "Bridge" and "router" are synonyms for equipment used to join two networks. C. The bridge is a specific type of router used to connect a LAN to the global Internet. D. The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer.
D. The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer.
Which of the following protects Kerberos against replay attacks? A. Tokens B. Passwords C. Cryptography D. Time stamps
D. Time stamps
Which of the following mechanisms was created to overcome the problem of collisions that occur on wired networks when traffic is simultaneously transmitted from different nodes? A. Carrier sense multiple access with collision avoidance (CSMA/CA) B. Carrier sense multiple access with collision detection (CSMA/CD) C. Polling D. Token-passing
D. Token-passing
Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the: A. Transport Layer Security (TLS) Internet Protocol. B. Transport Layer Security (TLS) Data Protocol. C. Transport Layer Security (TLS) Link Protocol. D. Transport Layer Security (TLS) Handshake Protocol.
D. Transport Layer Security (TLS) Handshake Protocol.
Which OSI/ISO layers are TCP and UDP implemented at? A. Application layer B. Presentation layer C. Session layer D. Transport layer
D. Transport layer
Which cable technology refers to the CAT3 and CAT5 categories? A. Coaxial cables B. Fiber Optic cables C. Axial cables D. Twisted Pair cables
D. Twisted Pair cables
Cryptography does not concern itself with which of the following choices? A. Availability B. Integrity C. Confidentiality D. Validation
D. Validation
What can a packet filtering firewall also be called? A. a scanning router B. a shielding router C. a sniffing router D. a screening router
D. a screening router
Proxies works by transferring a copy of each accepted data packet from one network to another, thereby masking the: A. data's payload B. data's details C. data's owner D. data's origin
D. data's origin
Organizations should consider which of the following first before allowing external access to their LANs via the Internet? A. plan for implementing workstation locking mechanisms. B. plan for protecting the modem pool. C. plan for providing the user with his account usage information. D. plan for considering proper authentication options.
D. plan for considering proper authentication options.
Secure Shell (SSH-2) provides all the following services except: A. secure remote login B. command execution C. port forwarding D. user authentication
D. user authentication