Systems security
Which of the following service is a distributed database that translate host name to IP address to IP address to host name? A. DNS B. FTP C. SSH D. SMTP
A. DNS NS is a distributed database system used to translate domain names (host names) to IP addresses and vice versa. It provides a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. DNS helps users access websites and other Internet resources by mapping human-readable domain names (e.g., www.example.com) to IP addresses (e.g., 192.0.2.1), allowing computers to locate and communicate with each other over the network
Domain Name Service is a distributed database system that is used to map: A. Domain Name to IP addresses. B. MAC addresses to domain names. C. MAC Address to IP addresses. D. IP addresses to MAC Addresses.
A. Domain Name to IP addresses. The Domain Name System (DNS) is a distributed database system used to translate domain names (such as example.com) into IP addresses (such as 192.0.2.1) and vice versa. It allows users to access websites and other resources using easy-to-remember domain names, while computers on the internet communicate using IP addresses.
Which of the following can be defined as an Internet protocol by which a client workstation can dynamically access a mailbox on a server host to manipulate and retrieve mail messages that the server has received and is holding for the client? A. IMAP4 B. SMTP C. MIME D. PEM
A. IMAP4 IMAP4 (Internet Message Access Protocol version 4) is a protocol that allows a client workstation to dynamically access a mailbox on a server host to manipulate and retrieve mail messages. Unlike POP3 (Post Office Protocol version 3), which typically downloads messages to the client, IMAP4 allows messages to remain on the server and provides more advanced features for managing email remotely.
All hosts on an IP network have a logical ID called a(n): A. IP address. B. MAC address. C. TCP address. D. Datagram address.
A. IP address. All hosts on an IP network have a logical ID called an IP address. This address uniquely identifies each device connected to the network and is used for communication between devices on the network.
Why is Network File System (NFS) used? A. It enables two different types of file systems to interoperate. B. It enables two different types of file systems to share Sun applications. C. It enables two different types of file systems to use IP/IPX. D. It enables two different types of file systems to emulate each other
A. It enables two different types of file systems to interoperate NFS (Network File System) allows different types of file systems to communicate and share files over a network, enabling interoperability between systems with different file system types.
In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. Both client and server B. The client's browser C. The web server D. The merchant's Certificate Server
A. Both client and server In an SSL session, both the client and the server participate in the generation of the master secret. This master secret is then used as a seed to generate the symmetric keys that will be used for encrypting and decrypting data during the session. This process ensures that both parties have a shared secret key for secure communication.
Encapsulating Security Payload (ESP) provides some of the services of Authentication Headers (AH), but it is primarily designed to provide: A. Confidentiality B. Cryptography C. Digital signatures D. Access Control
A. Confidentiality ESP (Encapsulating Security Payload) is primarily designed to provide confidentiality by encrypting the payload of the IP packet. While it can also provide some authentication and integrity services, its main purpose is to ensure that data remains confidential during transmission.
Which of the following was developed as a simple mechanism for allowing simple network terminals to load their operating system from a server over the LAN? A. DHCP B. BootP C. DNS D. ARP
B. BootP BootP (Bootstrap Protocol) was developed to allow diskless workstations or other network devices to obtain an IP address and other network configuration information from a BootP server. This protocol enables devices to boot and load their operating system over the network, facilitating diskless booting. DHCP (Dynamic Host Configuration Protocol) is an extension of BootP, offering additional features and flexibility in IP address allocation and network configuration.
Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control? A. Physical B. Data Link C. Network D. Session
B. Data Link The layer of the OSI/ISO model that handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames
Which of the following is NOT a defined ISO basic task related to network management? A. Fault management B. Accounting resources C. Security management D. Communications management
B. Accounting resources ISO basic tasks related to network management typically include fault management, security management, and communications management. However, accounting resources are not typically considered as one of the core tasks defined by ISO for network management.
What is the primary difference between FTP and TFTP? A. Speed of negotiation B. Authentication C. Ability to automate D. TFTP is used to transfer configuration files to and from network equipment.
B. Authentication the primary difference between FTP (File Transfer Protocol) and TFTP (Trivial File Transfer Protocol) lies in their functionality and features. While both are used for transferring files over a network, TFTP is a simpler protocol compared to FTP. One significant distinction is in authentication.
The communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together refers to: A. Netware Architecture. B. Network Architecture. C. WAN Architecture. D. Multiprotocol Architecture.
B. Network Architecture. Network architecture refers to the design and structure of a network, including its components, protocols, and how they interact to facilitate communication and data exchange. It encompasses various aspects such as hardware, software, protocols, and communication technologies to ensure the seamless operation of the network
Which one of the following is used to provide authentication and confidentiality for e-mail messages? A. Digital signature B. PGP C. IPSEC AH D. MD4
B. PGP PGP (Pretty Good Privacy) is commonly used to provide authentication and confidentiality for email messages. It uses cryptographic techniques such as encryption and digital signatures to ensure that emails remain private and secure during transmission. PGP is widely used for secure communication, particularly in email encryption, where users can encrypt their messages before sending them, ensuring that only the intended recipient can decrypt and read the message.
While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it ́s Integrity Check Value (ICV) the most? A. Key session exchange B. Packet Header Source or Destination address C. VPN cryptographic key size D. Crypotographic algorithm used
B. Packet Header Source or Destination address When using AH (Authentication Header) in IPsec, the integrity check value (ICV) includes various fields from the IP header, including the source and destination addresses. If Network Address Translation (NAT) is applied to these addresses by one of the peers, it can interfere with the integrity verification process because the original addresses in the ICV may not match the translated addresses after NAT. This inconsistency can lead to authentication failures or packet drops, affecting the use of AH and its integrity services. Therefore, the packet header source or destination address is the aspect that affects the use of AH and its ICV the most in scenarios involving NAT.
Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software? A. Stealth viruses B. Polymorphic viruses C. Trojan horses D. Logic bombs
B. Polymorphic viruses Polymorphic viruses are capable of changing their code as they propagate, making it difficult for antivirus software to detect them. This ability to alter their appearance allows polymorphic viruses to evade traditional signature-based detection methods, posing a significant challenge to cybersecurity efforts.
Which communication method is characterized by very high speed transmission rates that are governed by electronic clock timing signals? A. Asynchronous Communication. B. Synchronous Communication. C. Automatic Communication. D. Full duplex Communication.
B. Synchronous Communication. Synchronous communication is characterized by very high-speed transmission rates governed by electronic clock timing signals. In synchronous communication, data is transmitted in synchronized blocks or frames, with each block synchronized to a common clock signal. This ensures that the sender and receiver are in sync, allowing for more efficient and reliable data transmission at high speeds.
Which of the following is NOT true about IPSec Tunnel mode? A. Fundamentally an IP tunnel with encryption and authentication B. Works at the Transport layer of the OSI model C. Have two sets of IP headers D. Established for gateway service
B. Works at the Transport layer of the OSI model IPSec Tunnel mode operates at the IP layer (Network layer in the OSI model), not the Transport layer. It encapsulates the entire original IP packet within a new IP packet, adding an additional IP header for the tunnel. Therefore, statement B is incorrect.
Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of: A. a class A network. B. a class B network. C. a class C network. D. a class D network.
B. a class B network. Before the adoption of classless addressing, IP addresses were divided into three main classes: A, B, and C. The class of an IP address was determined by the value of its first octet. Class B addresses had the first octet in the range 128 to 191. Therefore, the address 128.192.168.16 falls within the range of class B addresses
Question 975 Communications devices must operate: A. at different speeds to communicate. B. at the same speed to communicate. C. at varying speeds to interact. D. at high speed to interact.
B. at the same speed to communicate. they often need to negotiate and agree upon a common speed or data rate. This negotiation ensures that data is transferred at a rate that both devices can support, allowing for reliable and efficient communication.
Which of the following media is MOST resistant to EMI interference? A. microwave B. fiber optic C. twisted pair D. coaxial cable
B. fiber optic Fiber optic cables are the most resistant to electromagnetic interference (EMI) among the options listed. This is because fiber optics transmit data using light signals rather than electrical signals. Since light signals are not affected by electromagnetic fields, fiber optic cables are highly immune to EMI
Layer 4 of the OSI stack is known as: A. the data link layer B. the transport layer C. the network layer D. the presentation layer
B. the transport layer Layer 4 of the OSI stack, the Transport Layer, is responsible for providing reliable data transfer between devices on a network. It ensures that data is delivered error-free, in sequence, and with congestion control if necessary.
Which of the following statements pertaining to packet switching is incorrect? A. Most data sent today uses digital signals over network employing packet switching. B. Messages are divided into packets. C. All packets from a message travel through the same route. D. Each network node or point examines each packet for routing.
C. All packets from a message travel through the same route. In packet switching, packets from a single message can take different routes through the network to reach their destination. This allows for more efficient use of network resources and helps in avoiding congestion.
In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use: A. Screened subnets B. Digital certificates C. An encrypted Virtual Private Network D. Encryption
C. An encrypted Virtual Private Network Using an encrypted Virtual Private Network (VPN) ensures that data transmitted between firewalls over public networks is encrypted, providing both privacy and integrity. VPNs create secure, encrypted tunnels over public networks, such as the internet, allowing secure communication between network devices.
Java is not: A. Object-oriented. B. Distributed. C. Architecture Specific. D. Multithreaded.
C. Architecture Specific. Java is designed to be platform-independent, meaning it is not tied to any specific hardware or architecture. It achieves this through the Java Virtual Machine (JVM), which interprets Java bytecode and executes it on any system that has a compatible JVM installed. Java programs can run on various platforms, including Windows, macOS, Linux, and others, without modification, making it a highly portable programming language.
Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions? A. Because infrared eavesdropping requires more sophisticated equipment. B. Because infrared operates only over short distances. C. Because infrared requires direct line-of-sight paths. D. Because infrared operates at extra-low frequencies (ELF).
C. Because infrared requires direct line-of-sight paths. Infrared communication typically requires direct line-of-sight paths between the transmitter and receiver, meaning that the signal does not propagate well through obstacles like walls or buildings. This characteristic makes it more difficult for potential eavesdroppers to intercept the communication compared to multidirectional radio transmissions, which can travel through obstacles and be intercepted more easily.
Which of the following services relies on UDP? A. FTP B. Telnet C. DNS D. SMTP
C. DNS The Domain Name System (DNS) relies on UDP (User Datagram Protocol) for its communication. DNS queries and responses are typically sent over UDP, as it is a connectionless protocol that provides fast and lightweight communication, suitable for quick exchanges of small amounts of data like DNS queries
Which of the following computer crime is MORE often associated with INSIDERS? A. IP spoofing B. Password sniffing C. Data diddling D. Denial of service (DOS)
C. Data diddling Data diddling refers to unauthorized alterations made to data by individuals who have legitimate access to the system or network. It is a form of computer crime commonly associated with insiders who abuse their privileges to manipulate or modify data for personal gain or malicious intent. This type of attack can be difficult to detect because it often involves subtle changes to data that may go unnoticed initially.
In the context of network enumeration by an outside attacker and possible Distributed Denial of Service (DDoS) attacks, which of the following firewall rules is not appropriate to protect an organization's internal network? A. Allow echo reply outbound B. Allow echo request outbound C. Drop echo request inbound D. Allow echo reply inbound
C. Drop echo request inbound This rule prevents external attackers from sending echo requests to devices within the organization's internal network, thus reducing the risk of network enumeration and potential Distributed Denial of Service (DDoS) attacks.
Which of the following statements pertaining to firewalls is incorrect? A. Firewalls create bottlenecks between the internal and external network. B. Firewalls allow for centralization of security services in machines optimized and dedicated to the task. C. Firewalls protect a network at all layers of the OSI models. D. Firewalls are used to create security checkpoints at the boundaries of private networks.
C. Firewalls protect a network at all layers of the OSI models. While firewalls are an essential component of network security, they typically operate at the network layer (Layer 3) and above, focusing on filtering traffic based on IP addresses, port numbers, and protocols. Firewalls do not typically provide protection at all layers of the OSI model.
What is the main characteristic of a multi-homed host? A. It is placed between two routers or firewalls. B. It allows IP routing. C. It has multiple network interfaces, each connected to separate networks. D. It operates at multiple layers.
C. It has multiple network interfaces, each connected to separate networks. A multi-homed host is a computer system that is equipped with multiple network interfaces, each connected to a different network segment or network. This configuration allows the host to communicate with and participate in multiple networks simultaneously, enabling tasks such as routing, network segmentation, load balancing, and redundancy.
Which of the following was designed to support multiple network types over the same serial link? A. Ethernet B. SLIP C. PPP D. PPTP
C. PPP PPP (Point-to-Point Protocol) was designed to support multiple network types over the same serial link. It is a data link layer protocol used to establish a direct connection between two nodes and encapsulate various network layer protocols, allowing them to be transmitted over a serial link
Crackers today are MOST often motivated by their desire to: A. Help the community in securing their networks. B. Seeing how far their skills will take them. C. Getting recognition for their actions. D. Gaining Money or Financial Gains.
D. Gaining Money or Financial Gains. While some individuals may engage in hacking activities for various reasons such as curiosity or the desire to test their skills (option B), the primary motivation for many crackers today is financial gain. They may seek to profit through various means, including stealing sensitive information for identity theft, conducting ransomware attacks, or selling access to compromised systems on the dark web
Which of the following protocols does not operate at the data link layer (layer 2)? A. PPP B. RARP C. L2F D. ICMP
D. ICMP ICMP (Internet Control Message Protocol) operates at the network layer (layer 3) of the OSI model, not at the data link layer (layer 2). ICMP is primarily used for diagnostic and control purposes, such as error reporting, network management, and testing the reachability of hosts.
The concept of best effort delivery is best associated with? A. TCP B. HTTP C. RSVP D. IP
D. IP Best effort delivery is a principle in networking, particularly associated with the Internet Protocol (IP). It means that the network will attempt to deliver data packets to their destination without any guarantees regarding delivery, order, or reliability. In other words, the network will do its "best effort" to deliver packets, but it does not provide any assurances that they will arrive or arrive in the correct order.
Which of the following protocols' primary function is to send messages between network devices regarding the health of the network? A. Reverse Address Resolution Protocol (RARP). B. Address Resolution Protocol (ARP). C. Internet Protocol (IP). D. Internet Control Message protocol (ICMP).
D. Internet Control Message protocol (ICMP). ICMP (Internet Control Message Protocol) is primarily used to send messages between network devices regarding the health and status of the network. It provides feedback about issues such as network congestion, unreachable hosts, and other network-related problems.
How long are IPv4 addresses? A. 32 bits long. B. 64 bits long. C. 128 bits long. D. 16 bits long.
A. 32 bits long. Pv4 addresses are 32 bits long, divided into four octets. Each octet is represented by an 8-bit binary number, making a total of 32 bits for the entire address.
What can best be defined as a strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network that can be directly accessed from networks on the other side of the firewall? A. A bastion host B. A screened subnet C. A dual-homed host D. A proxy server
A. A bastion host A bastion host is a strongly protected computer that is part of a network protected by a firewall. It is typically the only host or one of only a few hosts in the network that can be directly accessed from networks on the other side of the firewall. Bastion hosts are hardened and configured with enhanced security measures to withstand and repel attacks from external networks.
Which of the following is used to find the Media Access Control address (MAC) that matches with a known Internet Protocol (IP) address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP)
A. Address Resolution Protocol (ARP) Address Resolution Protocol (ARP) is used to find the Media Access Control (MAC) address that matches with a known Internet Protocol (IP) address. It resolves the IP address of a networked device into its corresponding MAC address.
When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP).
A. Address Resolution Protocol (ARP). Address Resolution Protocol (ARP) is used to find the IP address associated with a known Ethernet address when a station communicates on the network for the first time. It maps the known Ethernet address (MAC address) to the corresponding IP address.
What is the greatest danger from DHCP? A. An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients. B. Having multiple clients on the same LAN having the same IP address. C. Having the wrong router used as the default gateway. D. Having the organization's mail server unreachable.
A. An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients. HCP (Dynamic Host Configuration Protocol) is vulnerable to attacks where an unauthorized individual sets up a rogue DHCP server on the network. This rogue server can then assign IP addresses and other network configuration settings to DHCP clients, potentially redirecting traffic, causing network misconfigurations, or even launching more sophisticated attacks. It's a form of DHCP spoofing or DHCP server impersonation, which can lead to various security breaches and compromises
Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model? A. Application Layer. B. Transport Layer. C. Session Layer. D. Network Layer
A. Application Layer. Both Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at the application layer of the OSI model. These protocols provide secure communication for online transactions and data transfer over the internet
The basic language of modems and dial-up remote access systems is: A. Asynchronous Communication. B. Synchronous Communication. C. Asynchronous Interaction. D. Synchronous Interaction.
A. Asynchronous Communication. The basic language of modems and dial-up remote access systems is asynchronous communication. In asynchronous communication, data is sent without a continuous timing signal to synchronize the transmitter and receiver. Instead, each character is framed by start and stop bits to indicate its beginning and end. This allows for flexibility in transmission speed and is commonly used in modem-based communication over telephone lines
What enables a workstation to boot without requiring a hard or floppy disk drive? A. Bootstrap Protocol (BootP). B. Reverse Address Resolution Protocol (RARP). C. Address Resolution Protocol (ARP). D. Classless Inter-Domain Routing (CIDR).
A. Bootstrap Protocol (BootP). BootP enables a workstation to boot without needing a hard or floppy disk drive by obtaining its IP address and booting information from a BootP server on the network.
Which of the following statements is NOT true of IPSec Transport mode? A. It is required for gateways providing access to internal systems B. Set-up when end-point is host or communications terminates at end-points C. If used in gateway-to-host communication, gateway must act as host D. When ESP is used for the security protocol, the hash is only applied to the upper layer protocols contained in the packet
A. It is required for gateways providing access to internal systems In IPSec, Transport mode is typically used for end-to-end communication between two hosts, not gateways providing access to internal systems. Instead, for gateways, Tunnel mode is commonly used to encapsulate and protect entire IP packets. Therefore, statement A is incorrect.
Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is: A. Not possible B. Only possible with key recovery scheme of all user keys C. It is possible only if X509 Version 3 certificates are used D. It is possible only by "brute force" decryption
A. Not possible Scanning and inspecting the content of S/MIME (Secure/Multipurpose Internet Mail Extensions) encrypted emails without further processing is not possible. S/MIME encryption ensures that the content of the email remains confidential and secure, even during transmission. As a result, traditional virus scanning and content inspection methods cannot access the encrypted content without decryption, which typically requires the recipient's private key.
Which of the following protocols operates at the session layer (layer 5)? A. RPC B. IGMP C. LPD D. SPX
A. RPC RPC (Remote Procedure Call) operates at the session layer (layer 5) of the OSI model. It is a protocol that allows a computer program to cause a subroutine or procedure to execute in another address space (commonly on another computer on a shared network) without the programmer explicitly coding the details for this remote interaction.
What works as an E-mail message transfer agent? A. SMTP B. SNMP C. S-RPC D. S/MIME
A. SMTP SMTP (Simple Mail Transfer Protocol) is a communication protocol used for electronic mail transmission. It is the standard protocol for sending and receiving emails across the Internet. SMTP servers, also known as mail transfer agents (MTAs), use SMTP to send outgoing mail and receive incoming mail from other mail servers.
Which of the following should NOT normally be allowed through a firewall? A. SNMP B. SMTP C. HTTP D. SSH
A. SNMP SNMP (Simple Network Management Protocol) is primarily used for network management and monitoring purposes. Allowing SNMP traffic through a firewall could pose a security risk as it provides access to sensitive network information and configurations. Therefore, SNMP traffic is typically restricted or blocked by firewalls to prevent unauthorized access and potential exploitation of network resources. On the other hand, SMTP (Simple Mail Transfer Protocol), HTTP (Hypertext Transfer Protocol), and SSH (Secure Shell) are commonly allowed through firewalls as they facilitate essential communication services like email, web browsing, and secure remote access
The Logical Link Control sub-layer is a part of which of the following? A. The ISO/OSI Data Link layer B. The Reference monitor C. The Transport layer of the TCP/IP stack model D. Change management control
A. The ISO/OSI Data Link layer The Logical Link Control (LLC) sub-layer is a part of the ISO/OSI Data Link layer. It manages communication between devices over a network, providing error control and flow control.
Unshielded Twisted Pair (UTP) cables comes in several categories. The categories are based on: A. The level of performance B. How thick the shielding is. C. The length of the cable D. The diameter of the copper.
A. The level of performance Unshielded Twisted Pair (UTP) cables are categorized based on their performance levels. These categories indicate the cable's ability to transmit data at different speeds and frequencies. Each category has specific standards and specifications for various applications
Which of the following best defines source routing? A. The packets hold the forwarding information so they don't need to let bridges and routers decide what is the best route or way to get to the destination. B. The packets hold source information in a fashion that source address cannot be forged. C. The packets are encapsulated to conceal source information. D. The packets hold information about redundant paths in order to provide a higher reliability.
A. The packets hold the forwarding information so they don't need to let bridges and routers decide what is the best route or way to get to the destination. Source routing is a technique in packet-switched networks where the sender of a packet can specify the route the packet should take through the network to reach its destination. In source routing, the packet contains the forwarding information, allowing it to determine its own path through the network rather than relying on routers or bridges to make routing decisions.
Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks? A. Web Applications B. Intrusion Detection Systems C. Firewalls D. DNS Servers
A. Web Applications Cross-Site Scripting (XSS) attacks primarily target web applications. XSS vulnerabilities occur when an attacker injects malicious scripts into web pages viewed by other users. These scripts can then execute within the context of the victim's browser, potentially allowing the attacker to steal session cookies, manipulate web page content, or perform other malicious actions. XSS attacks can be mitigated through proper input validation and output encoding techniques in web application development.
What is malware that can spread itself over open network connections? A. Worm B. Rootkit C. Adware D. Logic Bomb
A. Worm A worm is a type of malware that can spread itself over open network connections without requiring user intervention. Once a system is infected, the worm can independently replicate and spread to other vulnerable systems on the same network or across the internet. Worms exploit vulnerabilities in network services or operating systems to propagate and may carry payloads that perform various malicious actions, such as data theft, system corruption, or distributed denial-of-service (DDoS) attacks
SMTP can best be described as: A. a host-to-host email protocol. B. an email retrieval protocol. C. a web-based e-mail reading protocol. D. a standard defining the format of e-mail messages.
A. a host-to-host email protocol. SMTP is a protocol used for sending email messages between servers or from a mail client to a mail server for delivery. It handles the transmission of emails over the internet and relies on other protocols like POP3 or IMAP for email retrieval.
Address Resolution Protocol (ARP) interrogates the network by sending out a? A. broadcast. B. multicast. C. unicast. D. semicast.
A. broadcast. It broadcasts a request packet to all devices on the local network, asking which device owns a particular IP address. This allows the sender to determine the MAC address associated with a given IP address.
Unshielded Twisted Pair cabling is a: A. four-pair wire medium that is used in a variety of networks. B. three-pair wire medium that is used in a variety of networks. C. two-pair wire medium that is used in a variety of networks. D. one-pair wire medium that is used in a variety of networks.
A. four-pair wire medium that is used in a variety of networks. Unshielded Twisted Pair (UTP) cabling typically consists of four pairs of twisted wires. This configuration provides better performance, reduces crosstalk, and offers more flexibility in networking applications compared to cables with fewer pairs.
Each data packet is assigned the IP address of the sender and the IP address of the: A. recipient. B. host. C. node. D. network.
A. recipient. In networking, each data packet is assigned the IP address of the sender and the IP address of the recipient. This allows the network to route the packet to its intended destination.
In the UTP category rating, the tighter the wind: A. the higher the rating and its resistance against interference and crosstalk. B. the slower the rating and its resistance against interference and attenuation. C. the shorter the rating and its resistance against interference and attenuation. D. the longer the rating and its resistance against interference and attenuation.
A. the higher the rating and its resistance against interference and crosstalk. In the UTP (Unshielded Twisted Pair) category rating system, a tighter winding of the twisted pairs results in higher category ratings. Higher category ratings indicate better performance in terms of resistance against interference and crosstalk. Therefore, option A is correct.
Another name for a VPN is a: A. tunnel B. one-time password C. pipeline D. bypass
A. tunnel A Virtual Private Network (VPN) establishes a secure, encrypted connection over a public network such as the internet, creating a "tunnel" through which data can be transmitted securely between remote locations.
Network cabling comes in three flavors, they are: A. twisted pair, coaxial, and fiber optic. B. tagged pair, coaxial, and fiber optic. C. trusted pair, coaxial, and fiber optic. D. twisted pair, control, and fiber optic.
A. twisted pair, coaxial, and fiber optic. Network cabling primarily comes in three types: twisted pair, coaxial, and fiber optic. These different types of cables serve various purposes and are suited for different networking environments.
What is an IP routing table? A. A list of IP addresses and corresponding MAC addresses. B. A list of station and network addresses with corresponding gateway IP address. C. A list of host names and corresponding IP addresses. D. A list of current network interfaces on which IP routing is enabled.
B. A list of station and network addresses with corresponding gateway IP address. An IP routing table is a data structure used in networking to store information about the paths to network destinations. It contains a list of network addresses (both local and remote) along with corresponding information about how to reach those networks, including the IP address of the next-hop gateway
All following observations about IPSec are correct except: A. Default Hashing protocols are HMAC-MD5 or HMAC-SHA-1 B. Default Encryption protocol is Cipher Block Chaining mode DES, but other algorithms like ECC (Elliptic curve cryptosystem) can be used C. Support two communication modes - Tunnel mode and Transport mode D. Works only with Secret Key Cryptography
B. Default Encryption protocol is Cipher Block Chaining mode DES, but other algorithms like ECC (Elliptic curve cryptosystem) can be used The default encryption protocol for IPSec is not Cipher Block Chaining (CBC) mode DES. Instead, it typically uses the Encapsulating Security Payload (ESP) protocol, which supports various encryption algorithms such as Triple Data Encryption Standard (3DES) and Advanced Encryption Standard (AES).
What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)? A. It is too complex to manage user access restrictions under TFTP B. Due to the inherent security risks C. It does not offer high level encryption like FTP D. It cannot support the Lightwight Directory Access Protocol (LDAP)
B. Due to the inherent security risks TFTP (Trivial File Transfer Protocol) lacks built-in security features, making it susceptible to various security vulnerabilities and attacks. As a result, many sites opt not to implement TFTP to mitigate these risks and safeguard their network infrastructure and data.
Which of the following rules appearing in an Internet firewall policy is inappropriate? A. Source routing shall be disabled on all firewalls and external routers. B. Firewalls shall be configured to transparently allow all outbound and inbound services. C. Firewalls should fail to a configuration that denies all services, and require a firewall administrator to re-enable services after a firewall has failed. D. Firewalls shall not accept traffic on its external interfaces that appear to be coming from internal network addresses.
B. Firewalls shall be configured to transparently allow all outbound and inbound services. Allowing all outbound and inbound services without restriction can expose the network to various security risks, including unauthorized access, data breaches, and malware infiltration. Firewalls are typically configured to allow only necessary and authorized traffic, blocking all other traffic by default. This helps enforce security policies and protect against potential threats from external sources.
Which of the following is the core of fiber optic cables made of? A. PVC B. Glass fibers C. Kevlar D. Teflon
B. Glass fibers The core of fiber optic cables is primarily made of glass fibers, as they enable the transmission of light signals over long distances with minimal loss
Which of the following statements pertaining to IPSec is incorrect? A. IPSec can help in protecting networks from some of the IP network attacks. B. IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication. C. IPSec protects against man-in-the-middle attacks. D. IPSec protects against spoofing.
B. IPSec provides confidentiality and integrity to information transferred over IP networks IPSec does indeed provide confidentiality and integrity to information transferred over IP networks. However, it achieves this through network layer encryption and authentication, not specifically through transport layer encryption and authentication.
Why does fiber optic communication technology have significant security advantage over other transmission technology? A. Higher data rates can be transmitted. B. Interception of data traffic is more difficult. C. Traffic analysis is prevented by multiplexing. D. Single and double-bit errors are correctable.
B. Interception of data traffic is more difficult. Fiber optic communication technology offers a significant security advantage over other transmission technologies because interception of data traffic is more difficult. Unlike copper cables, which emit electromagnetic signals that can be intercepted, fiber optic cables transmit data using light signals within the cable, making it much harder to tap into the communication line without being detected.
Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)? A. Host-to-host layer B. Internet layer C. Network access layer D. Session layer
B. Internet layer The Internet layer is responsible for routing packets across different networks, regardless of their specific types or topologies. It handles tasks such as logical addressing, packet forwarding, and fragmentation, ensuring that data packets are transmitted reliably from the source to the destination across interconnected networks
What is the main characteristic of a bastion host? A. It is located on the internal network. B. It is a hardened computer implementation C. It is a firewall. D. It does packet filtering.
B. It is a hardened computer implementation A bastion host is a highly secure and fortified computer system that is intentionally placed on a network to withstand attacks from potential intruders. It is typically equipped with multiple layers of security measures, such as intrusion detection systems, access controls, and rigorous software configurations, making it extremely difficult for unauthorized users to gain access or compromise its integrity.
What attack involves the perpetrator sending spoofed packet(s) wich contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host? A. Boink attack B. Land attack C. Teardrop attack D. Smurf attack
B. Land attack is a type of DoS attack where the attacker forges the source IP address and sends packets with SYN flags to the same port as the target host, causing it to crash or become unresponsive.
In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the best choice below. A. Network Address Translation B. Network Address Hijacking C. Network Address Supernetting D. Network Address Sniffing
B. Network Address Hijacking Network address hijacking involves the unauthorized rerouting of data traffic from a legitimate network device to the attacker's personal machine. This diversion allows the attacker to intercept critical resources, including user credentials and passwords, potentially gaining unauthorized access to sensitive systems and information within an organization.
Why is traffic across a packet switched network difficult to monitor? A. Packets are link encrypted by the carrier B. Government regulations forbids monitoring C. Packets can take multiple paths when transmitted D. The network factor is too high
C. Packets can take multiple paths when transmitted In a packet-switched network, data is divided into packets, each of which may take a different path to reach its destination. This dynamic routing capability allows for efficient use of network resources and increases network reliability. However, it also makes it difficult to monitor traffic across the network because packets from the same communication session may follow different paths, making it challenging to reconstruct the complete communication flow by monitoring a single point in the network.
Which of the following firewall rules found on a firewall installed between an organization's internal network and the Internet would present the greatest danger to the internal network? A. Permit all traffic between local hosts. B. Permit all inbound ssh traffic. C. Permit all inbound tcp connections. D. Permit all syslog traffic to log-server.abc.org.
C. Permit all inbound tcp connections allows unrestricted inbound TCP traffic, which could potentially open up various attack vectors to the internal network. However, this rule does not specify the destination or purpose of the connections, so it could include both legitimate and malicious traffic.
Which of the following ports does NOT normally need to be open for a mail server to operate? A. Port 110 B. Port 25 C. Port 119 D. Port 143
C. Port 119 Port 119 is used for Network News Transfer Protocol (NNTP), which is used for accessing Usenet newsgroups. It is not typically associated with mail server operations. The other ports listed are commonly used for mail server functionality: Port 25: Simple Mail Transfer Protocol (SMTP), used for sending email messages. Port 110: Post Office Protocol version 3 (POP3), used for retrieving email messages from a server. Port 143: Internet Message Access Protocol (IMAP), used for accessing email messages stored on a server.
Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address? A. IP Spoofing B. IP subnetting C. Port address translation D. IP Distribution
C. Port address translation Port Address Translation (PAT), also known as Network Address Port Translation (NAPT), is an extension to Network Address Translation (NAT) that allows multiple devices within a local area network (LAN) to share a single public IP address. PAT works by assigning unique port numbers to each connection, thereby enabling multiple devices to be uniquely identified on the public network. This technique helps conserve public IP addresses and is commonly used in home and small office networks.
Which SSL version offers client-side authentication? A. SSL v1 B. SSL v2 C. SSL v3 D. SSL v4
C. SSL v3 SSL (Secure Sockets Layer) versions 3 and later support client-side authentication.
What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account? A. Data fiddling B. Data diddling C. Salami techniques D. Trojan horses
C. Salami techniques Salami techniques involve stealing small amounts of money or data over time in a manner that is unlikely to be noticed. In the scenario described, the employee is surreptitiously diverting small amounts of money from multiple accounts into their own bank account, similar to how thin slices of salami are gradually removed from a larger piece.
The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers? A. Black hats B. White hats C. Script kiddies D. Phreakers
C. Script kiddies Script kiddies are individuals who lack technical expertise but use readily available hacking tools to launch attacks. These tools often automate the process of exploiting vulnerabilities, allowing script kiddies to engage in cyber attacks without needing deep technical knowledge.
Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit? A. Time-division multiplexing B. Asynchronous time-division multiplexing C. Statistical multiplexing D. Frequency division multiplexing
C. Statistical multiplexing Statistical multiplexing is a method of multiplexing data where the available bandwidth is allocated dynamically to the channels with data to transmit, based on their needs at any given time. This allows for more efficient utilization of the communication channel compared to fixed allocation methods like time-division multiplexing or frequency division multiplexing.
What do the ILOVEYOU and Melissa virus attacks have in common? A. They are both denial-of-service (DOS) attacks. B. They have nothing in common. C. They are both masquerading attacks. D. They are both social engineering attacks.
C. They are both masquerading attacks. Both the ILOVEYOU and Melissa virus attacks utilized masquerading techniques. They disguised themselves as legitimate files or emails to deceive users into opening them, thus spreading the malware. Masquerading is a form of social engineering where attackers impersonate legitimate entities or use deceptive tactics to gain the trust of victims.
At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed? A. Network layer B. Session layer C. Transport layer D. Data link layer
C. Transport layer Encrypted authentication between a client software package and a firewall typically occurs at the Transport layer of the OSI/ISO model. Encryption protocols such as SSL/TLS are often used to secure the authentication process during transmission of data, which falls under the responsibility of the Transport layer.
In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm. A. virus B. worm C. Trojan horse. D. trapdoor
C. Trojan horse. A Trojan horse is a type of malware that appears to be a legitimate or useful program but actually contains malicious code. Unlike viruses and worms, Trojan horses do not replicate themselves. Instead, they rely on tricking users into executing them, often by disguising themselves as harmless software or by exploiting vulnerabilities in legitimate programs. Once executed, a Trojan horse can perform various harmful actions, such as stealing sensitive information, compromising system security, or providing unauthorized access to the attacker.
How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE? A. 6 bits B. 12 bits C. 16 bits D. 24 bits
D. 24 bits The first half of a MAC address, known as the Organizationally Unique Identifier (OUI), uniquely identifies the vendor or manufacturer. The OUI consists of 24 bits, which are the first three octets (6 hexadecimal characters) of the MAC address.
Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except: A. Authentication B. Integrity C. Replay resistance and non-repudiations D. Confidentiality
D. Confidentiality Authentication Headers (AH) in IPSec primarily provide authentication, integrity, replay resistance, and non-repudiation services. However, AH does not provide confidentiality; that is the role of the Encapsulating Security Payload (ESP) protocol.
Which of the following is the primary security feature of a proxy server? A. Virus Detection B. URL blocking C. Route blocking D. Content filtering
D. Content filtering A proxy server acts as an intermediary between clients and servers, intercepting requests from clients and forwarding them to servers. One of its primary security features is content filtering, where it can inspect and control the data exchanged between clients and servers based on predefined rules.
What is a packet sniffer? A. It tracks network connections to off-site locations. B. It monitors network traffic for illegal packets. C. It scans network segments for cabling faults. D. It captures network traffic for later analysis.
D. It captures network traffic for later analysis. A packet sniffer, also known as a network analyzer or packet analyzer, is a tool used to capture and analyze data packets as they pass through a network interface. It captures network traffic in real-time or stores it for later analysis. Packet sniffers are commonly used by network administrators and security professionals to troubleshoot network issues, monitor network performance, detect malicious activity, and analyze network behavior.
Which of the following statements pertaining to packet filtering is incorrect? A. It is based on ACLs. B. It is not application dependant. C. It operates at the network layer. D. It keeps track of the state of a connection.
D. It keeps track of the state of a connection. Packet filtering, as a basic form of firewall technology, typically operates at the network layer (Layer 3 of the OSI model) and is based on Access Control Lists (ACLs). It evaluates each packet based on predefined rules and makes filtering decisions without considering the state of the connection.
Which of the following is less likely to be used today in creating a Virtual Private Network? A. L2TP B. PPTP C. IPSec D. L2F
D. L2F Layer 2 Forwarding (L2F) was an early VPN protocol developed by Cisco Systems. It allowed ISPs to operate Virtual Private Networks over the Internet. However, it has been largely replaced by more secure and efficient protocols such as Layer 2 Tunneling Protocol (L2TP) and Internet Protocol Security (IPSec), which offer better encryption and authentication mechanisms. Therefore, L2F is less commonly used today compared to the other options listed.
Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector? A. Using a TACACS+ server. B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. C. Setting modem ring count to at least 5. D. Only attaching modems to non-networked hosts.
D. Only attaching modems to non-networked hosts. By only attaching modems to non-networked hosts, you eliminate the possibility of remote access through a Remote Access Server (RAS) as a hacking vector. This approach ensures that the modems are not accessible via the network, thereby reducing the risk of unauthorized access by external attackers
Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network? A. Inbound packets with Source Routing option set B. Router information exchange protocols C. Inbound packets with an internal address as the source IP address D. Outbound packets with an external destination IP address
D. Outbound packets with an external destination IP address Outbound packets with an external destination IP address should generally not be dropped at a firewall protecting an organization's internal network because these packets are part of normal communication initiated by internal users or systems accessing resources on external networks. Blocking such packets would hinder legitimate outbound communication and could disrupt essential services or functions.
Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect? A. PPTP allow the tunnelling of any protocols that can be carried within PPP. B. PPTP does not provide strong encryption. C. PPTP does not support any token-based authentication method for users. D. PPTP is derived from L2TP.
D. PPTP is derived from L2TP. PPTP is not derived from L2TP. Instead, it is a separate protocol developed by Microsoft and others. It was designed to enable the secure transfer of data over the Internet by creating virtual private networks (VPNs). L2TP (Layer 2 Tunneling Protocol), on the other hand, is a different VPN protocol that combines the best features of PPTP and Cisco's L2F (Layer 2 Forwarding).
At which layer of ISO/OSI does the fiber optics work? A. Network layer B. Transport layer C. Data link layer D. Physical layer
D. Physical layer Fiber optics primarily operate at the physical layer of the OSI model. This layer is responsible for the transmission and reception of raw data bits over a physical medium, such as fiber optic cables, without any regard for the higher-level data structures or protocols. Fiber optic cables transmit data using light signals, making them a key component of the physical layer in networking infrastructure.
Which of the following virus types changes some of its characteristics as it spreads? A. Boot Sector B. Parasitic C. Stealth D. Polymorphic
D. Polymorphic Polymorphic viruses change their characteristics, such as their appearance and internal code, as they spread. This behavior makes them difficult to detect using traditional antivirus signatures, as they can generate numerous variants that evade detection. Polymorphic viruses often employ encryption or other techniques to modify their code each time they infect a new file or system, thereby increasing their chances of evading detection by antivirus software.
Which of the following protocols is designed to send individual messages securely? A. Kerberos B. Secure Electronic Transaction (SET). C. Secure Sockets Layer (SSL). D. Secure HTTP (S-HTTP).
D. Secure HTTP (S-HTTP). Secure HTTP (S-HTTP) is designed specifically for sending individual messages securely.
Which protocol is used to send email? A. File Transfer Protocol (FTP). B. Post Office Protocol (POP). C. Network File System (NFS). D. Simple Mail Transfer Protocol (SMTP)
D. Simple Mail Transfer Protocol (SMTP) SMTP is specifically designed for sending email messages between servers.
Which Network Address Translation (NAT) is the most convenient and secure solution? A. Hiding Network Address Translation B. Port Address Translation C. Dedicated Address Translation D. Static Address Translation
D. Static Address Translation In Static Address Translation, a one-to-one mapping between internal and external IP addresses is established, ensuring consistency and predictability in the network configuration. This method offers a higher level of security because it allows for precise control over the translation process, reducing the risk of unauthorized access.
Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality? A. Network redundancy translation B. Load balancing translation C. Dynamic translation D. Static translation
D. Static translation In static translation mode, a fixed mapping between internal and external IP addresses is established. This offers no inherent protection from hacking attacks because the mapping remains constant, making it easier for attackers to target specific internal hosts. On the other hand, network redundancy, load balancing, and dynamic translation modes involve dynamic allocation of IP addresses, which can provide some level of protection by varying the mapping
Which of the following is NOT a characteristic or shortcoming of packet filtering gateways? A. The source and destination addresses, protocols, and ports contained in the IP packet header are the only information that is available to the router in making a decision whether or not to permit traffic access to an internal network. B. They don't protect against IP or DNS address spoofing. C. They do not support strong user authentication. D. They are appropriate for medium-risk environment.
D. They are appropriate for medium-risk environment. Packet filtering gateways are typically considered suitable for medium-risk environments due to their limitations in providing comprehensive security features compared to more advanced firewall technologies.
Which of the following is the primary reason why a user would choose a dial-up modem connection to the Internet when they have a faster, secure Internet connection through the organization's network? A. To access web sites that blocked by the organization's proxy server. B. To set up public services using the organization's resources. C. To check their personal e-mail. D. To circumvent the organization's security policy.
D. To circumvent the organization's security policy. Choosing a dial-up modem connection to the Internet when a faster and more secure connection is available through the organization's network may indicate an attempt to bypass or circumvent the organization's security policies. This could be for various reasons, such as accessing restricted websites, communicating outside of monitored channels, or engaging in activities that are prohibited by the organization's security policies
Which of the following statements pertaining to link encryption is false? A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted. While link encryption does encrypt the data payload along a specific communication path, it typically does not encrypt the entire packet, including headers, trailers, addresses, and routing data. These components of the packet usually remain unencrypted to allow for proper network routing and operation.
