Term
| An SSL VPN is a ?????? that works ??????. This means that ??????. |
|
Definition
| An SSL VPN is a VPN format that works within a web browser. This means that a separate dedicated VPN client is not needed. |
|
|
Term
| Both an SSL VPN and VPN use ?????? to ?????? and ??????. |
|
Definition
| Both an SSL VPN and VPN use tunneling to encapsulate and encrypt data. |
|
|
Term
| An Internal VPN would be used for ??????. Common implementations involve ??????. |
|
Definition
| An Internal VPN would be used for connecting sections of a network. Common implementations involve connecting remote offices to a corporate headquarters. |
|
|
Term
| VPN concentrator is a device that ??????. VPN concentrators are usually ??????. They offer ??????, ??????, and ??????. |
|
Definition
| VPN concentrator is a device that incorporates advanced encryption and authentication methods to handle a large number of VPN tunnels. VPN concentrators are usually specifically geared towards secure remote access or site-to-site VPNs. They offer high performance, high availability, and very good scalability. |
|
|
Term
What type of virtual private network (VPN) implementation involves providing secure remote access to individual users via dial-up, Integrated Services Digital Network (ISDN), digital subscriber line (DSL), or a cable modem?
Extranet VPNs
Intranet VPNs
Access VPNs
Secure Sockets Layer (SSL) VPNs
|
|
Definition
The Correct Answer: Access VPNs
Access VPNs are used to provide tunneling services to individual users through common subscriber lines such as cable, dial-up, or ISDN.
|
|
|
Term
Access VPNs are used to 1 to 2 through 3 such as 4 , 5, or 6. |
|
Definition
| Access VPNs are used to (1) provide tunneling services to (2) individual users through (3) common subscriber lines such as (4) cable, (5) dial-up, or (6) ISDN. |
|
|
Term
| Intranet VPNs are used to ??????. |
|
Definition
| Intranet VPNs are used to connect different sections of a corporate network. |
|
|
Term
Extranet VPNs connect ?????? that ?????? for ??????. |
|
Definition
| Extranet VPNs connect networks that belong to different companies for the purposes of sharing resources. |
|
|
Term
| SSL VPNs are just ?????? that ??????, and ??????. |
|
Definition
| SSL VPNs are just a form of VPNs that operate through a web browser, and do not require the installation of a separate client. |
|
|
Term
What is the general term for a device or software that is capable of translating one network protocol to another?
Modulator, router, switch or gateway
|
|
Definition
The correct answer is gateway.
|
|
|
Term
A device or piece of software that translates one network protocol to another is referred to as a ???.
|
|
Definition
| A device or piece of software that translates one network protocol to another is referred to as a gateway. Gateways connect incompatible systems by taking an incoming packet, stripping off the lower-level encapsulation of the original protocol, and re-encapsulating the packet with a new protocol. |
|
|
Term
| Gateways connect incompatible systems by (1), (2), and (3). |
|
Definition
Gateways connect incompatible systems by
(1)taking an incoming packet,
(2)stripping off the lower-level encapsulation of the original protocol and
(3) re-encapsulating the packet with a new protocol. |
|
|
Term
| A (1) is capable of performing gateway functions by converting Ethernet packets to Token Ring. However, not every (2) is a (3). |
|
Definition
| A router is capable of performing gateway functions by converting Ethernet packets to Token Ring. However, not every gateway is a router. |
|
|
Term
| A modulator (1) for the purposes of (2). |
|
Definition
A modulator
(1)converts the signal of a device for the purposes of
(2)transmission. |
|
|
Term
A ?????? converts the signal of a device for the purposes of transmission.
|
|
Definition
| A modulator converts the signal of a device for the purposes of transmission. |
|
|
Term
| TACACS is capable of providing process-wide encryption for ??????, not just ??????. TACACS uses ?????? instead of ?????? and supports ??????. |
|
Definition
| TACACS is capable of providing process-wide encryption for authentication, not just password encryption. TACACS uses TCP instead of UDP and supports multiple protocols. |
|
|
Term
| TACACS+ (does/does not) supports multifactor authentication, and is considered (more/less) secure and (more/less) scalable than RADIUS because it (accepts/does not accept) login request(s) and (does/does not) authenticate(s) the access credentials of the user. |
|
Definition
| TACACS+ supports multifactor authentication, and is considered more secure and more scalable than RADIUS because it accepts login requests and authenticates the access credentials of the user. |
|
|
Term
| TACACS+ (is/is not) compatible with TACACS because it (uses/does not use) an advanced version of the algorithm. |
|
Definition
| TACACS+ is not compatible with TACACS because it uses an advanced version of the algorithm. |
|
|
Term
| Network controller: definition |
|
Definition
| A Network Controller is a hardware component that helps connect a computer to a network. |
|
|
Term
Terminal Access Controller Access Control System (TACACS) and TACACS Plus (TACACS+) are
(1) that provide (2) and (3) for (4). |
|
Definition
Terminal Access Controller Access Control System (TACACS) and TACACS Plus (TACACS+) are
authentication protocols that provide
centralized authentication and
authorization services for
remote users. |
|
|
Term
| (RADIUS/TACACS) includes process-wide encryption for authentication, while (RADIUS/TACACS) encrypts only passwords. |
|
Definition
| TACACS includes process-wide encryption for authentication, while RADIUS encrypts only passwords. |
|
|
Term
| TACACS uses (UDP/TCP) instead of (UDP/TCP) and supports (only one/multiple) protocols. |
|
Definition
| TACACS uses TCP instead of UDP and supports multiple protocols. |
|
|
Term
What functionality does a Remote Access Service (RAS) server provide?
Traffic metering and Quality of Service (QoS) services
Stateful packet inspection services
Standardized and centralized authentication services
Client virtual private network (VPN) connection and traffic routing services
|
|
Definition
the correct answer is Client virtual private network (VPN) connection and traffic routing services.
A RAS server is a combination dial-up and VPN server that can accept multiple client connections. It can also terminate client VPN tunnels and route client traffic into the private network. |
|
|
Term
| True or false: TACACS+ is open standard |
|
Definition
TACACS+, which is open standard,
uses TCP port 49 and also supports multifactor authentication. TACACS+ is considered more secure and more scalable than RADIUS because it accepts login requests and authenticates the access credentials of the user. TACACS+ is not compatible with TACACS because it uses an advanced version of the TACACS algorithm. |
|
|
Term
| A RAS server is a combination (1) and (2) that can (3). It can also (4) and (5) into (6). |
|
Definition
A RAS server is a combination
(1) dial-up and
(2) VPN server
that can
that can (3) accept multiple client connections.
It can also
(4) terminate client VPN tunnels
and
(5) route client traffic
into
(6) the private network. |
|
|
Term
|
Definition
|
|
Term
| TACACS (supports/does not support) multifactor authentication |
|
Definition
supports multifactor authentication.
|
|
|
Term
| (RADIUS/TACACS+) is considered more secure and more scalable than (RADIUS/TACACS+) because it accepts login requests and authenticates the access credentials of the user. |
|
Definition
| TACACS+ is considered more secure and more scalable than RADIUS because it accepts login requests and authenticates the access credentials of the user. |
|
|
Term
| TACACS+ is not compatible with TACACS because it uses ?????? of the ??????. |
|
Definition
| (RADIUS/TACACS+) is not compatible with TACACS because it uses an advanced version of the TACACS algorithm. |
|
|
Term
| Cut-through switching definition |
|
Definition
an operating mode in which the switch forwards a data packet as soon as it
receives it, without performing any error checking or packet processing. |
|
|
Term
| Content switches are capable of (1) by (2), and understand (3) and (4). |
|
Definition
Content switches are
(1) capable of making intelligent decisions about data by (2) analyzing data packets in real time, and understand (3) the criticality and (4) type of the request. |
|
|
Term
| A multilayer switch operates at (1) of (2). Content switches are sometimes considered to be another type of (3), but the term (4) generally refers to switches that perform only (5) at (6). |
|
Definition
A multilayer switch operates at
(1) Layers 2 and 3 of
(2) the OSI model. Content switches are sometimes considered to be another type of
(3) multilayer switch, but the term
(4) “multilayer switch” generally refers to switches that perform only
(5) limited routing functions at
(6) Layers 2 and 3. |
|
|
Term
| A managed switch is simply a switch that can be (1), and does not relate specifically to a switch that (2). |
|
Definition
| A managed switch is simply a switch that can be configured by the user, and does not relate specifically to a switch that operates at Layers 4 through 7. |
|
|
Term
| IPSec in 1 is often used with 2. IPSec uses 3 or 4 to provide 5. |
|
Definition
| IPSec in Tunnel mode is often used with Layer Two Tunneling Protocol (L2TP). IPSec uses DES or 3DES encryption to provide data confidentiality. |
|
|
Term
| What is the MPPE encryption method? |
|
Definition
A method of encrypting data transferred across Point-to-Point Protocol (PPP)-based dial-up connections or Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) connections. |
|
|
Term
3 characteristics of the MPPE encryption method
It is often used with ???
It requires the use of ??? or ???
It uses ??? for ??? |
|
Definition
| It is often used with Point-to-Point Tunneling Protocol (PPTP). It requires the use of Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) or MS-CHAPv2. It uses Extensible Authentication Protocol (EAP) remote authentication. |
|
|
Term
| In most VPNs, data encryption is accomplished by either ??? or ???. |
|
Definition
|
|
Term
A device or piece of software that translates one network protocol to another is referred to as
|
|
Definition
|
|
Term
| Gateways connect incompatible systems by (1), (2), and (3). |
|
Definition
Gateways connect incompatible systems by
(1) taking an incoming packet,
(2) stripping off the lower-level encapsulation of the original protocol, and
(3) re-encapsulating the packet with a new protocol. |
|
|
Term
A router is capable of performing gateway functions by
???.
Every gateway is a router/Not every gateway is a router. |
|
Definition
| A router is capable of performing gateway functions by converting Ethernet packets to Token Ring. However, not every gateway is a router. |
|
|
Term
|
Definition
| A modulator converts the signal of a device for the purposes of transmission. |
|
|
Term
Which type of router is designed to collect data from end-user locations and redistribute them to an enterprise location such as a company's headquarters?
Dual-band routers
Access routers
Distribution routers
Core routers
|
|
Definition
|
|
Term
| Distribution routers (1) from (2) and (3). Their capabilities are (4) those of regular access routers. |
|
Definition
Distribution routers
(1) collect data from
(2) multiple access routers and
(3) redistribute them to an enterprise location. Their capabilities are
(4) greater than those of regular access routers. |
|
|
Term
| Access routers are (1) that are (2). |
|
Definition
Access routers are
(1) common inexpensive routers that are
(2) generally located at customer sites. |
|
|
Term
| Core routers are (1) that are located at (2). They connect multiple (3) located (4). |
|
Definition
Core routers are
(1) powerful routers that are located at
(2) the center of network backbones. They connect multiple
(3) distribution routers located
(4) in different buildings. |
|
|
Term
| A dual-band router is simply one that (1). These are often used in (2). |
|
Definition
A dual-band router is simply one that
(1) operates on two different frequencies (such as 2.4 GHz and 5.0 GHz). These are often used in
(2) Small Office/Home Office (SOHO) environments. |
|
|
Term
Which type of virtual private network (VPN) connection model is implemented such that each node on the network is connected to a remote network that may be separated by public or other unsecured networks?
Host-to-host
Client-to-site
Host-to-site
Site-to-site
|
|
Definition
|
|
Term
In a (1) connection model, each node on the network is connected to a remote network, which may be separated by public or other unsecured networks. (1) VPNs may be either open or closed. |
|
Definition
In a site-to-site connection model, each node on the network is connected to a remote network, which may be separated by public or other unsecured networks. Site-to-site VPNs may be either open or closed. |
|
|
Term
Site-to-site VPNs may be
- open
- closed
- either open or closed
|
|
Definition
| Site-to-site VPNs may be either open or closed. |
|
|
Term
| In the host-to-site VPN connection model also, there are (1)—(2) and (3). In the case of an (2), the path between the (4) and the (5) is (6). In the case of a (3), the path between the (4) & (5) is (7). |
|
Definition
| In the host-to-site VPN connection model also, there are two types of networks—open and closed. In the case of an open VPN, the path between the end node and the IPSec gateway is not secured. In the case of a closed VPN, the path between the end node and the IPSec gateway is secured. |
|
|
Term
In the host-to-host VPN connection model, rather than (1), a (2) makes a (3) to another (2). This can be used either internally or on the Internet. Where this is most common is when one (4) needs a (3) to another (4). Typically the tunneling protocol for host-to-host VPNs is (6). |
|
Definition
Host-to-host: In the host-to-host VPN connection model, rather than connecting to another network, a single computer makes a secure connection to another single computer. This can be used either internally or on the Internet. Where this is most common is when one server needs a secure connection to another server. Typically the tunneling protocol for host-to-host VPNs is IPSEC. |
|
|
Term
What problem with using the Password Authentication Protocol (PAP) protocol was addressed with the Challenge-Handshake Authentication Protocol (CHAP)?
The PAP authentication method sends client IDs and passwords as cleartext.
The PAP authentication method does not require the client to identify itself.
The PAP authentication method supports only basic password encryption that can be easily decoded.
The PAP authentication method can only be used for communications with non-Microsoft servers.
|
|
Definition
The PAP authentication method sends client IDs and passwords as cleartext. |
|
|
Term
| ??? is a remote-access authentication method that sends client IDs and passwords as cleartext. It is typically used when a remote client connects to a non-Windows PPP server that does not support password encryption. |
|
Definition
| Password Authentication Protocol (PAP) |
|
|
Term
| PAP is a (1) that sends (2) as (3). It is typically used when a (4) connects to a (5) that (6). |
|
Definition
PAP is a
(1) remote-access authentication method
that sends
(2) client IDs and passwords as
(3) cleartext.
It is typically used when a
(4) remote client connects to a
(5) non-Windows PPP server that
(6) does not support password encryption. |
|
|
Term
| The ??? addresses this problem of PAP sending client IDs and passwords via cleartext by using a combination of (1) and a (2) in which the (3) is (4). |
|
Definition
| The CHAP addresses this problem by using a combination of Message Digest 5 (MD5) hashing and a challenge-response mechanism in which the password is encrypted. |
|
|
Term
What is the goal of a packet shaper?
To index data in order to provide faster responses to requests for that data.
To distribute work evenly across networked servers for increased processing efficiency.
To delay traffic such that each packet complies with the relevant traffic contract.
To provide server uptime of as close to 100 percent as possible.
|
|
Definition
To delay traffic such that each packet complies with the relevant traffic contract. |
|
|
Term
| A packet shaper is a form of ?. |
|
Definition
|
|
Term
| The goal of traffic shaping is to (1) such that (2) with the (3). This is common in (4) in which traffic must/must not (5). |
|
Definition
| The goal of traffic shaping is to delay metered traffic such that each packet complies with the relevant traffic contract. This is common in Quality of Service (QoS) implementations in which traffic must not exceed the administratively defined rate. |
|
|
Term
| Distributing work evenly across servers for processing efficiency is the goal of ?. |
|
Definition
|
|
Term
| the goal of load balancing is . |
|
Definition
| Distributing work evenly across servers for processing efficiency |
|
|
Term
| Proving server uptime of as close to 100 percent as possible is the goal of ?. |
|
Definition
|
|
Term
|
Definition
| Providing faster responses to future requests |
|
|
Term
Which protocols provide authentication services? Choose the best three answers.
PPTP, RADIUS, HTTP
MS-CHAP, RADIUS, TACACS
L2TP, MS-CHAP, PPTP
|
|
Definition
|
|
Term
MS-CHAP is a Microsoft extension of CHAP that is specifically designed for
|
|
Definition
authenticating remote
Windows workstations. |
|
|
Term
| RADIUS is a protocol that (1) to provide (2) for (3) |
|
Definition
RADIUS is a protocol that
(1) enables a server to
(2) provide standardized, centralized authentication
for
(3) remote users. |
|
|
Term
| TACACS (and TACACS+) are (1) that provide (2) and (3) for (4). |
|
Definition
TACACS (and TACACS+) are
(1) authentication protocols that provide
(2) centralized authentication and
(3) authorization services for
(4) remote users. |
|
|
Term
| Both PPTP and L2TP are (1) that increase (2) through (3). |
|
Definition
Both PPTP and L2TP are
(1) tunneling protocols that increase
(2) traffic security through
(3) data encryption. |
|
|
Term
| Both (1)and (2) are tunneling protocols that increase traffic security through data encryption. |
|
Definition
| Both PPTP and L2TP are tunneling protocols that increase traffic security through data encryption. |
|
|
Term
| The HyperText Transfer Protocol (HTTP) is a network protocol that works on the (1) layer (Layer ?) of the OSI model and the (2) layer of the TCP/IP model to provide web services. HTTP uses port 80 for communicating with web clients and servers and runs on the (3) protocol. |
|
Definition
| The HyperText Transfer Protocol (HTTP) is a network protocol that works on the Application layer (Layer 7) of the OSI model and the Application layer of the TCP/IP model to provide web services. HTTP uses port 80 for communicating with web clients and servers and runs on TCP. |
|
|
Term
Which type of virtual private network (VPN) connection model is implemented such that each node on the network is connected to a remote network that may be separated by public or other unsecured networks?
Site-to-site
Host-to-site
Host-to-host
Client-to-site
|
|
Definition
|
|
Term
| In store-and-forward switching, the switch (1) and (2). This is the (3) type of switching mode, since the switch must (4). |
|
Definition
In store-and-forward switching, the switch
(1) calculates the CRC value for the packet's data and
(2) compares it to the value included in the packet.
This is the
(3) slowest type of switching mode, since the switch must (4) receive the entire frame before the first bit of the frame is forwarded. |
|
|
Term
A switch listens to the transmissions of all of the nodes plugged into its ports. It learns the MAC addresses of each of the nodes and puts those MAC addresses into a table
in memory. The table associates each MAC address with the port that it is plugged into. This table is
called a ??? or ???. |
|
Definition
| MAC table or a content addressable memory (CAM) table |
|
|
Term
| A ??? would be useful for managing credentials and authenticating users. |
|
Definition
|
|
Term
A domain controller would be useful for
|
|
Definition
| managing credentials and authenticating users. |
|
|
Term
| An IDS monitors the (1) for (2) and (3). The goal is to (4). |
|
Definition
An IDS monitors the
(1) security infrastructure for
(2) signs of attacks in progress
and
(3) automates the intrusion detection process. The goal is to (4) alert administrators to possible security threats. |
|
|
Term
| Virtual Network Computing (VNC) is a (1). A VNC (2) on a (3) can (4) to (5) and vice-versa. |
|
Definition
Virtual Network Computing (VNC) is a
(1) platform-independent desktop sharing system. A VNC (2) viewer on a
(3) Linux system can
(4) connect to
(5) a VNC server on a Microsoft system
and vice-versa. |
|
|
Term
| ??? is used specifically for Microsoft's Remote Desktop system. |
|
Definition
|
|
Term
RDP is used specifically for
|
|
Definition
| Microsoft's Remote Desktop system. |
|
|
Term
| The Citrix ICA protocol is a (1) used by (2) and (3) as an add-on to (4). |
|
Definition
The Citrix ICA protocol is a
remote terminal protocol used by
Citrix WinFrame and
Citrix Presentation Server software
as an add-on to
Microsoft Terminal Services. |
|
|
Term
| Current X Window systems are based on the (1) and normally used on (2) to (3). |
|
Definition
| Current X Window systems are based on the X11 protocol and normally used on UNIX- and Linux-based systems to display local applications. |
|
|
Term
What type of attack renders a device so damaged that it has to be reloaded or reimaged as if it were a new piece of hardware entering the network?
A smurf attack.
A boot sector virus.
A Network Time Protocol (NTP) flood.
A permanent Denial of Service (DoS) attack. |
|
Definition
A permanent Denial of Service (DoS) attack.
A permanent DoS attack often requires reimaging or reinstalling the operating system and all configurations due to the low-level hack that has taken place. Often, the system’s firmware has been removed or replaced with a damaged one. |
|
|
Term
Which could cause an unexpected traffic spike on your network that would require more investigation?
A signal that a primary switch has failed over to its backup.
A normal burst of activity associated with backups.
A preliminary Distributed Denial of Service (DDoS) attack.
A jabbering network card on an errant system. |
|
Definition
A preliminary Distributed Denial of Service (DDoS) attack.
A traffic spike could mean that an attacker is testing your response to a traffic spike prior to a coordinated attack. |
|
|
Term
Distributed Denial of Service (DDoS) attacks involve what technique?
Social engineering.
Providing legitimate content but with malicious intent.
Overloading a system’s network interface card (NIC) with malformed traffic.
Attempting to enter or extract information from a database. |
|
Definition
| A DDoS attack is performed using legitimate traffic against a system or systems with malicious intent. |
|
|
Term
What is the term used for a website that becomes unavailable due to a sudden increase in popularity resulting from, for example, a hot news story?
Accidental Distributed Denial of Service (DDoS)
Network Time Protocol (NTP) vandalism
Unintentional Denial of Service (DoS)
Advanced Persistent Denial of Service (DoS |
|
Definition
An unintentional DoS is one that is the result of a sudden, unexpected, non-malicious traffic spike that effectively mimics an intentional DoS attack.
A Friendly DOS attack is a situation where a website ends up denied because of a sudden enormous spike in popularity. This can happen when an extremely popular website posts a prominent link to a second, less well-prepared site, for example, as part of a news story. |
|
|
Term
Packet and protocol abuse takes advantage of what major problem with TCP/IP protocols?
No guaranteed packet delivery.
No built-in security.
TCP port numbers are well-known.
The software is open source. |
|
Definition
| Most of the original protocols from the TCP/IP stack that are still used have no built-in security and can be abused in some way. |
|
|
Term
| A reflective attack is a type of ? attack. |
|
Definition
| A reflective attack is a type of DDoS attack. |
|
|
Term
Address Resolution Protocol (ARP)-related attacks can only be exploited from one location. What is that location?
A router’s command line.
Locally, inside a network.
A failed switch.
The Internet. |
|
Definition
A router’s command line.
An attacker with the intent of using ARP-related security flaws will first have to gain access to the target network. |
|
|
Term
Reflective attacks are effective because of what significant aspect?
The speed of the attack, since it isn't a sustained onslaught.
The exploit is easy to execute against the reflector and the target.
The attacker’s origin is hidden to the reflector and to the target.
Because of the attacker’s ability to repeat the process indefinitely. |
|
Definition
The attacker’s origin is hidden to the reflector and to the target.
When combined with spoofed IP addresses, the response to this type of amplified attack will go to the attacker’s true victim, not the attacker. The victim will not know who originated the attack. |
|
|
Term
An attack is the
A threat is a |
|
Definition
| An attack is the act of exploiting vulnerability on a system, a service, or a network. A threat is a potential cause of an incident that may result in harm to systems and the organization. |
|
|
Term
| The purpose of a DDoS attack is to |
|
Definition
| The purpose of a DDoS attack is to deny access to a service or to make the service unusable by its users. |
|
|
Term
Media Access Control (MAC) flooding is what type of technique that is aimed at network switches?
Overscan attack
Twitching
Man-in-the-middle attack
Address Resolution Protocol (ARP) cache poisoning |
|
Definition
Address Resolution Protocol (ARP) cache poisoning
MAC flooding is an ARP cache poisoning technique aimed at network switches. |
|
|
Term
What type of attack involves forging IP addresses?
Smurfing
Spoofing
Grokking
ARPing |
|
Definition
Spoofing
An IP spoofing attack is a type of software attack where an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote system. |
|
|
Term
What does the third stage of the CompTIA Network+ Troubleshooting model require you to do?
It requires you to test your theories.
It requires you to write up a report for management.
It requires you to escalate to a security group.
It requires you to separate users from their workstations during advanced troubleshooting. |
|
Definition
It requires you to test your theories.
The third stage states: Test the theory to determine the cause. By testing your theory, you confirm it, revise it, or escalate the issue. |
|
|
Term
You set up a new server, patch it, and install several applications on it, and then turn it over to production. In a few days, it gets hacked. After investigating, you find that it was running an old version of a web service that led to the hack. What should you have done differently to prevent this hack?
Searched harder for security patches.
Scanned the system for unnecessary services.
Hardened the system with a firewall.
Denied the request to set up the new server until you’d done better research on its use. |
|
Definition
Scanned the system for unnecessary services.
After setting up a new server, you should always check for extraneous services by performing an external port scan. Some legitimate software can install services that you aren’t aware of and they go unpatched and unnoticed until they’re hacked. |
|
|
Term
Why are insider threats and malicious employees so harmful to a system or network?
Due to single sign-on (SSO) capabilities and internal trust.
Unlimited bandwidth and access.
Low security and externally focused prevention.
Internal security is lacking in most companies. |
|
Definition
Unlimited bandwidth and access.
All of the options are at least partially correct or feasible, but a malicious employee with unlimited local area network (LAN)-grade bandwidth and the potential for some administrative access creates a lethal combination for systems and networks. |
|
|
Term
Port security is very important to overall network security. What should you do to increase a server’s network security?
Disable open ports that are open by default and provide limited functionality.
Unplug the server’s production network cable until the server is ready for production.
Install a firewall and set up a DENY ALL rule.
Install antivirus software on the system immediately. |
|
Definition
Disable open ports that are open by default and provide limited functionality.
You should disable any open ports that provide limited functionality or that the system’s users won’t explicitly use in production. |
|
|
Term
Normally, virtual local area network (VLAN) traffic is logically and securely separated from other VLAN traffic, but there is a method to access traffic on other VLANs. What is this method?
VLAN hijacking
VLAN bumping
VLAN hopping
VLAN-in-the-middle |
|
Definition
VLAN hopping
VLAN hopping is a method where an attacking host on a VLAN gains access to traffic on other VLANs that would normally not be accessible. |
|
|
Term
|
Definition
| a method where an attacking host on a VLAN gains access to traffic on other VLANs that would normally not be accessible. |
|
|
Term
| ? is a method where an attacking host on a VLAN gains access to traffic on other VLANs that would normally not be accessible. |
|
Definition
|
|
Term
When you arrived at work, you found that you couldn’t log on to your Windows domain. You received a message that you’ve made too many attempts and that you should contact your administrator. During the day, this happens several more times. What should you do?
Run a network packet sniff to investigate.
Set up a security camera.
Contact security.
Turn off your computer. |
|
Definition
Contact security.
You can’t assume that it’s a hack attempt, but you should contact security and have that team check to make sure. It could be that you have a drive mapping that’s attempting to connect to a remote system after you’ve reset your password and you are getting locked out of the domain. |
|
|
Term
What are programs such as Aircrack and NetStumbler used for?
Sniffing network traffic.
Locating vulnerable wireless access points.
Grabbing passwords from Telnet and File Transfer Protocol (FTP) sessions.
Brute force password attacks. |
|
Definition
Locating vulnerable wireless access points.
Aircrack and NetStumbler are used in war driving to locate vulnerable wireless access points. |
|
|
Term
| Why is SNMP an unsecure protocol? |
|
Definition
| SNMP is an unsecure protocol because its authentication is passed in cleartext. |
|
|
Term
What is meant by “questioning the obvious” that is mentioned in the second stage of the CompTIA Network+ Troubleshooting model?
It means that you should always look for viruses as the obvious cause.
It means look for the easy answers first.
It refers to asking users what they did wrong.
It means asking if there’s been a network hack or breach. |
|
Definition
It means look for the easy answers first.
The phrase “questioning the obvious” means that you should investigate the basic problems first and ask those questions, such as “Is it plugged in?”, “Is it on?”, and “How many users are affected?”. |
|
|
Term
A Zero day attack is an attack that 1.
In this situation developers have 2.
It is called a "zero day" because 3 |
|
Definition
A Zero day attack is an attack that
1 - exploits a previously unknown vulnerability in an application or operating system.
In this situation developers have
2 - not had time to address the vulnerability and patch it.
It is called a "zero day" because
3 - the developer has had zero days to fix the flaw. |
|
|
Term
| In the terms war driving and war chalking, “war” stands for what? |
|
Definition
|
|
Term
What are the fifth, sixth, and seventh stages of the CompTIA Network+ Troubleshooting model?
Test, escalate, document
Implement, verify, document
Implement, test, document
Test, implement, escalate |
|
Definition
Implement, verify, document
The fifth, sixth, and seventh stages, in order, are: implement, verify, document |
|
|
Term
What is wrong with storing user credentials in plaintext if they’re stored in a secure database?
They take up more space than encrypted credentials.
There’s only a problem if the data is extracted using non-secure protocols.
They’re easy to extract and read from the database.
They require administrative access to INSERT and SELECT from a database and that’s a security violation. |
|
Definition
They’re easy to extract and read from the database.
If information is stored in plaintext in a database, even a highly secure one, it’s still in plaintext and can be easily read. |
|
|
Term
|
Definition
| a computer security exploit, a method of attacking networked resources on a Virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. |
|
|
Term
Which type of attack involves stealing an active session cookie?
Aircracking
Session hijacking
Session reflecting
Cookie cutting |
|
Definition
Session hijacking
A session hijacking attack is a type of man-in-the-middle attack that involves exploiting a session to obtain unauthorized access to an organization's network or services. It involves stealing an active session cookie that is used to authenticate a user to a server and controlling the session. |
|
|
Term
One method of securing networks is to use access lists. Which of the following access list types is a list of systems that you cannot connect to from within a protected network?
Whitelisted
Banned
Blacklisted
Restricted |
|
Definition
Blacklisted
Sites that you may not connect to from within your corporate network have been blacklisted due to their harmful or inappropriate content. |
|
|
Term
What happens to Address Resolution Protocol (ARP) packets with invalid IP-to-Media Access Control (MAC) address bindings that fail the inspection?
They’re passed to a private virtual local area network (VLAN) for further inspection.
They’re logged.
They’re returned to the sender.
They’re dropped. |
|
Definition
They’re dropped.
ARP packets with invalid IP-to-MAC address bindings that fail the inspection are dropped. |
|
|
Term
What is the problem with using Challenge Handshake Authentication Protocol (CHAP) as an authentication protocol?
Its use of the message digest 5 (MD5) hash algorithm for security.
Its open source code has been modified too widely from the original CHAP that it’s now considered to be malware.
It caches passwords prior to encryption, which makes it non-secure.
It sends passwords in plaintext. |
|
Definition
Its use of the message digest 5 (MD5) hash algorithm for security.
CHAP uses a combination of MD5 hashing and a challenge-response mechanism, and authenticates without sending passwords as plaintext over the network. The security of the MD5 hash function is severely compromised. |
|
|
Term
How is multifactor authentication different than two-factor authentication?
In multifactor authentication, you have to know and submit three passwords.
In multifactor authentication, the factors are randomly chosen knowledge factors.
Multifactor authentication schemes are never used on financially oriented websites.
Multifactor authentication requires biometric authentication. |
|
Definition
In multifactor authentication, the factors are randomly chosen knowledge factors.
Multifactor authentication is any authentication scheme that requires validation of at least two of the possible authentication factors. It can be any combination of who you are, what you have, and what you know. |
|
|
Term
What is the purpose of using a cryptographic hash algorithm or function?
To convert encrypted documents into human-readable or plaintext.
To replace Challenge Handshake Authentication Protocol (CHAP) as an authentication protocol.
To create a more efficient user authentication scheme that doesn’t use passwords.
To encrypt plaintext passwords. |
|
Definition
To encrypt plaintext passwords.
The purpose of cryptographic hash functions is to encrypt passwords or other messages so that they can be transmitted securely over potentially non-secure channels. |
|
|
Term
Which protocol would you use to securely copy files from your computer to a remote server?
Rate Control Protocol (RCP)
Secure Sockets Layer (SSL)
Secure File Transfer Protocol (SFTP)
Spanning Tree Protocol (STP) |
|
Definition
| SFTP is the secure method for copying files between computer systems. |
|
|
Term
You have ten computers in virtual local area network (VLAN) 10, but only six of those computers can communicate with each other. What is likely the problem?
VLAN assignments on four of the systems are incorrect.
Media Access Control (MAC) address filtering is turned on and the four systems have to be added to the filter.
VLAN filtering is turned on and four systems have been banned.
The switch’s VLAN is misconfigured. |
|
Definition
VLAN assignments on four of the systems are incorrect.
The four systems have misconfigured VLAN settings. Change all those system VLAN setting to match the other six. |
|
|
Term
What is the primary difference between the Transport Layer Security (TLS) protocol and the Tunneled Transport Layer Security (TTLS) protocol?
A verified client system Media Access Control (MAC) address.
The requirement for an eight-character or longer password.
Randomly generated password keys on the client and on the server.
The requirement for a user certificate. |
|
Definition
The requirement for a user certificate.
TLS is a security protocol that protects sensitive communication from being eavesdropped and tampered with. TTLS is an Extensible Authentication Protocol (EAP) that extends TLS by providing authentication that is as strong as TLS, but it does not require that each user be issued a certificate. Instead, only the authentication servers are issued certificates. |
|
|
Term
At which layer of the TCP/IP protocol stack does IP filtering operate?
Layer 2
Layer 3
Layer 4
Layer 1 |
|
Definition
Layer 2
IP filtering operates mainly at Layer 2 of the TCP/IP protocol stack and is generally performed by a screening router, although other network devices can also perform IP filtering. |
|
|
Term
Which of the following methods hardens the security on the network to allow only clients with specific IP or Media Access Control (MAC) addresses to have access to the network?
IP snooping
IP spoofing
Dynamic Host Configuration Protocol (DHCP) spoofing
Dynamic Host Configuration Protocol (DHCP) snooping |
|
Definition
Dynamic Host Configuration Protocol (DHCP) snooping
DHCP snooping uses information from the DHCP server to track the physical location of hosts, ensure that hosts only use the IP addresses assigned to them, and ensure that only authorized DHCP servers are accessible. |
|
|
Term
What are the two significant disadvantages of Application-layer gateways?
High processing overhead and price.
Difficult initial configuration setup and speed.
Extreme space requirements for logs and difficult initial setup.
Price and extreme space requirements for logs. |
|
Definition
High processing overhead and price
An Application-layer gateway is a very powerful feature, but it comes at a cost. The processing overhead incurred in analyzing every individual packet passing through the filter is extremely resource intensive. In addition, Application-layer gateways are typically expensive. |
|
|
Term
How do you connect a network-based firewall to your network?
Internet>Firewall>Router>Switch
Internet>Demilitarized Zone (DMZ)>Router>Firewall>Switch
Internet>Router>Firewall>Switch
Internet>Router>Switch>Firewall |
|
Definition
Internet>Router>Firewall>Switch
The correct configuration is Internet>Router>Firewall>Switch. This configuration forces all Internet traffic through the firewall. |
|
|
Term
You find that several users on your network have out-of-date systems that can cause outages for all users. Your plan of action is to get them patched as soon as possible with minimal effort. How do you do this?
Assign their systems to a quarantine network.
Push patches to their systems via control agents.
Deny their network access until they’re patched.
Disconnect their systems from the network and patch manually. |
|
Definition
Assign their systems to a quarantine network.
The least-effort solution would be to assign those systems to a quarantine network that only has access to patching servers until they’re fully patched and rescanned for security problems. |
|
|
Term
What’s the name of the network boundary between your company and the Internet?
Quarantine network
Persistent Agent
Non-Persistent Agent
Edge network |
|
Definition
Edge Network
An edge network is a network located on the periphery of a centralized network. It is the one where an organization's network actually connects to the Internet or to a provider’s carrier network.
Persistent and Non-Persistent Agents
A persistent agent is a piece of software that installs on the client device, and can respond continuously to queries from the NAC about the device’s health. It stays on the device until uninstalled.
A non-persistent agent, also known as a dissolvable agent, is one that is installed on demand and then removed after it is used. The agent installs, responds to NAC queries to check the health of the device, authenticates the device, and then disappears when the session is over.
There is also an “agentless” approach. This uses a device’s Active Directory domain membership to verify health. Services that already exist on any Microsoft operating system as used to perfrom the task. You have to enable the services before you can use them. |
|
|
Term
For area security in the case of a single system breach, simply doing what can secure the system until forensics can be completed?
Locking down the data center.
Informing users to discontinue using that system until the investigation is complete.
Assigning a system administrator to watch over the system.
Moving the system to a secure location. |
|
Definition
Moving the system to a secure location
The main point here is to isolate the system from other users so that the system remains as it was found after the breach. |
|
|
Term
Why during a forensic investigation is a legal hold issued?
If litigation is reasonably anticipated.
If there’s a discrepancy in the evidence (evidence spoliation).
If the investigation requires more than ten days to complete.
If the chain of custody has been breached or mishandled. |
|
Definition
If litigation is reasonably anticipated.
A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. |
|
|
Term
Enterprise mode Wi-Fi Protected Access II (WPA2) uses what authentication type and a unique encryption key for every client when they log on to the network?
802.3a
802.1x
802.3
802.3at |
|
Definition
802.1x
Both WPA and WPA2 have a Personal and Enterprise mode. Personal mode uses a preshared key (PSK) that all clients use for encryption. Enterprise mode uses 802.1x authentication and a unique encryption key for every client when they log on to the network.
802.1x
A standard for securing networks by implementing EAP as the authentication protocol over either a wired or wireless Ethernet LAN, rather than the more traditional implementation of EAP over PPP.
802.2 standard
An IEEE standard used to address the need for MAC-sub-layer addressing in bridges.
802.3 standard
An IEEE standard used to standardize Ethernet and expand it to include a wide range of cable media.
802.3af standard
An IEEE standard used to describe Power over Ethernet (PoE) technology. |
|
|
Term
If you conduct a network security assessment by collecting data on security agents such as antivirus and personal firewalls and Windows Registry settings, what is this type of assessment known as?
A complete network sniff and sweep
Policy Assessment
Network Inventory Scan
Posture Assessment |
|
Definition
Posture Assessment
Sometimes, authorization in Network Access Control (NAC) can be done using a compliance check. This process is called posture assessment. In this process, a network's security is assessed based on the security applications that are running on the network. These might include such things as Windows registry settings or the presence of security agents such as antivirus or a personal firewall. |
|
|
Term
Identify the second step in the basic forensic process.
Begin documentation of the incident.
Secure the area of the incident.
Report the forensic findings.
Preserve the chain of custody for any evidence collected. |
|
Definition
The second step is to secure the area to preserve the scene of the incident.
Do you have a flash card on all the steps in the basic forensic process? |
|
|
Term
What does stage two of the CompTIA Network+ Troubleshooting model involve?
Establishing a baseline
The CompTIA Network+ troubleshooting model
The OSI model
The Logic model |
|
Definition
The OSI model
You should use the OSI model from top to bottom and from bottom to top to divide and conquer a problem. |
|
|
Term
You want to provide Internet access, but nothing else to visitors of your place of business. To that end, you will set up what kind of wireless network to accommodate them?
Ad hoc network
Bluetooth network
Guest network
Secure corporate domain network |
|
Definition
Guest network
A guest network is a subset of an organization's network that is designed for temporary use by visitors. Typically, guest network provide full Internet connectivity while severely restricting access to the internal intranet. This helps keep an organization's internal information private, and helps avoid spreading any malware that visitors may have on their systems. |
|
|
Term
| What is an ad hoc network |
|
Definition
| An ad-hoc network is a local area network (LAN) that is built spontaneously as devices connect. Instead of relying on a base station to coordinate the flow of messages to each node in the network, the individual network nodes forward packets to and from each other |
|
|
Term
Participants in a forensic investigation perform what is known as eDiscovery. What does eDiscovery entail?
Checking logs from servers, routers, and switches.
Scanning the filesystem for traces of information related to the breach.
Submitting electronically stored information.
Tracing connections to electronically discover the breach |
|
Definition
Submitting electronically stored information.
Electronic discovery, also known as eDiscovery, is the electronic aspect of identifying, collecting and producing electronically stored information (ESI) in response to a request in a law suit or investigation. ESI includes, but is not limited to, emails, documents, presentations, databases, voicemail, audio and video files, social media, and web sites. The nature of the incident and the investigation will determine what information will be ESI. |
|
|
Term
Your remote users need a method of connecting to the central network for access to network resources. What is the solution for such a need?
A proxy server setup to allow access to restricted network resources.
An edge network with access control.
A cloud-based file repository.
A Point-to-Point Protocol (PPP) dialup solution. |
|
Definition
Edge Networks
An edge network is a network located on the periphery of a centralized network. It is the one where an organization's network actually connects to the Internet, or to a provider’s carrier network. It is the least secure of all the organization's networks. It is physically located on the customer’s premises, and is a a link between the provider’s dmarc and the organization's router. Providers too can have an edge network, where they connect to other providers. Most edge devices are routers or firewalls.
Edge Networks and Access Control
Access control starts at the edge network. A VPN server, or even a firewall itself, can accept client VPN connections at the edge. These clients and their users have to pass some sort of access control to authenticate, and the client may also have to prove its health before the connection is accepted. If there is no VPN connection, the firewall will still have a lot of access control rules to filter out undesirable or uninvited traffic. |
|
|
Term
The first stage of the CompTIA Network+ troubleshooting model includes tasks such as gathering information, duplicating the problem, and questioning users. What is the formal description for this stage?
Identify the problem
Examine the evidence
Document the problem
Problem Induction |
|
Definition
Identify the problem
The first stage in the troubleshooting process is to identify the problem. To do that, you have to work through several problem identification steps. |
|
|
Term
How many stages are there in the CompTIA Network+ troubleshooting model?
Six
Seven
Ten
Five |
|
Definition
There are seven stages in the CompTIA Network+ troubleshooting model. Some of the stages are composed of multiple parts.
The Network+ Troubleshooting Model
There are seven stages in the CompTIA Network+ troubleshooting model.
1. Identify the problem. This stage includes:
Gathering information
Duplicating the problem, if possible
Questioning users to gain experiential information
Identifying the symptoms
Determining if anything has changed
Approaching multiple problems individually
2. Establish a theory of probable cause. This stage includes:
Questioning the obvious
Considering multiple approaches, such as examining the OSI model from top to bottom and bottom to top and dividing and conquering
3. Test the theory to determine the cause.
a. When the theory is confirmed, determine the next steps to resolve the problem
b. If the theory is not confirmed, establish a new theory or escalate the issue
4. Establish a plan of action to resolve the problem, while identifying the potential effects of your plan.
5. Implement the solution, or escalate the issue.
6. Verify full system functionality and, if applicable, implement preventative measures.
7. Document your findings, actions, and the outcomes. |
|
|
Term
What are the fifth, sixth, and seventh stages of the CompTIA Network+ Troubleshooting model?
Implement, verify, document
Implement, test, document
Test, escalate, document
Test, implement, escalate |
|
Definition
Implement, verify, document
The fifth, sixth, and seventh stages, in order, are: implement, verify, document |
|
|
Term
According to the fourth stage of CompTIA Network+ Troubleshooting model, what two things must you do in the troubleshooting process?
Establish a baseline and evaluate your previous steps.
Establish how much damage has been done and turn in your findings.
Establish a plan of action and implement the plan to resolve the problem.
Establish a plan of action and identify potential effects of the plan. |
|
Definition
| Establish a plan of action and identify potential effects of the plan |
|
|
Term
What does the third stage of the CompTIA Network+ Troubleshooting model require you to do?
It requires you to separate users from their workstations during advanced troubleshooting.
It requires you to escalate to a security group.
It requires you to test your theories.
It requires you to write up a report for management. |
|
Definition
| The third stage states: Test the theory to determine the cause. By testing your theory, you confirm it, revise it, or escalate the issue. |
|
|
Term
What task does the sixth stage of the CompTIA Network+ Troubleshooting model include?
Report your findings to security personnel.
Implement preventative measures.
Notify human resources if the incident was “employee caused.”
Escalate the problem to more skilled technicians. |
|
Definition
Implement preventative measures.
Stage six is: Verify full system functionality and, if applicable, implement preventative measures. |
|
|
Term
Which command displays a list of network connections, services, and statuses?
Iostat
ps -ef
Netstat
Vmstat |
|
Definition
| The netstat, or network status command, displays a list of network services, connection information, and statuses. |
|
|
Term
What is the default number of maximum hops in a traceroute/tracert?
32
30
64
128 |
|
Definition
30
The maximum default number of hops for a traceroute or tracert is 30. You can specify a higher number using a command line switch and the number of hops you wish to use for the trace. |
|
|
Term
How could you find a MAC address lookup table?
In netstat’s output
In the arp cache
In the pathping data
In the /etc/hosts file |
|
Definition
In the ARP cache
The Address Resolution Protocol (ARP) cache is a table used for maintaining the correlation between each MAC address and its corresponding IP address. |
|
|
Term
How is the NBTSTAT utility unique?
It displays NetBIOS information that isn’t available with other Transmission Control Protocol/Internet Protocol (TCP/IP) utilities.
It displays a summary of network connectivity statistics.
It combines the Address Resolution Protocol (ARP) cache with ping data for advanced diagnostics.
It caches IP, MAC address, and routing information for all hosts within a subnet. |
|
Definition
It displays NetBIOS information that isn’t available with other Transmission Control Protocol/Internet Protocol (TCP/IP) utilities.
The NBTSTAT command is a Windows command that displays information that isn’t available with other TCP/IP utilities. |
|
|
Term
What is the value of pathping for network troubleshooting?
It can identify servers that aren’t responding to pings due to packet loss.
It tests link speed of router and switch ports along the network path.
It uses ping to test connectivity.
It can isolate a router or subnet with latency issues. |
|
Definition
It can isolate a router or subnet with latency issues.
The pathping command’s value is in its capability of identifying routers or subnets with latency problems by displaying packet loss data. |
|
|
Term
If an nslookup command returns information that includes a non-authoritative answer, what does that mean?
It means that a DNS server processed a query for you that required no credentials or authentication.
It means that the answer comes from a DNS server that isn’t authoritative for that domain.
It means that you can’t trust the information as accurate or reliable.
It refers to your ability to query a domain authoritatively (with permission) or non-authoritatively (anonymously). |
|
Definition
It means that the answer comes from a DNS server that isn’t authoritative for that domain.
A non-authoritative response means that the DNS server that gave you the answer is not the source Domain Name System (DNS) server for that domain. The answer is accurate, reliable, and trustworthy. |
|
|
Term
Which device would you use to determine whether a cable meets specific International organization for Standardization (ISO) or Telecommunications Industry Association (TIA) standards?
Certification tester
Qualification tester
Network cable certifier
Wireless tester |
|
Definition
Certification Tester
You would use a certification tester to check the cable for adherence to ISO or TIA standards.
A wireless tester, or a WiFi analyzer, is a Wi-Fi spectrum analyzer used to detect devices and points of interference, as well as analyze and troubleshoot network issues on a WLAN or other wireless networks. Like network analyzers, wireless testers give an overview of the health of a WLAN in one central location, enabling technicians to troubleshoot problems efficiently. |
|
|
Term
The Linux ping6 command is the equivalent to which command in the Windows operating system?
ping -t
ping -w
ping -6
ping –s 6 |
|
Definition
| The Linux ping6 command is equivalent to the Windows ping -6 command. |
|
|
Term
Which Linux command is analogous to pathping?
traceroute
netstat
pingpath
mtr |
|
Definition
mtr
The mtr command in Linux is equivalent to the pathping command, having the functionality of both the ping and the traceroute commands. |
|
|
Term
The pathping command is exclusive to which operating system?
Windows
Linux
Mac OS X
FreeBSD |
|
Definition
Windows
The pathping command is exclusive to the Windows operating system. It is also a TCP/IP command that provides information about latency and packet loss on a network. |
|
|
Term
Which of the following statements is true?
To check router throughput speeds, you can use the ping –trace command
To check Secure Shell (SSH) daemon connectivity, you use the ping –SSL command
To use ping outside of your own network is restricted by corporate policy
To use ping with IP version 6 (IPv6) addresses, you use the ping -6 command |
|
Definition
To use ping with IP version 6 (IPv6) addresses, you use the ping -6 command
The true statement is, “To use ping with IPv6 addresses, you use the ping –6 command.” |
|
|
Term
The command pathping combines the functionality of what other two commands?
ping, tracert
ping, path
ping, netstat
ping, find |
|
Definition
ping, tracert
The pathping command combines the functionality of ping and tracert. |
|
|
Term
Which one of the following commands is the Linux equivalent of the ipconfig command?
netstat -an
ipconfig -link
ifconfig
ipptool |
|
Definition
ifconfig
The ifconfig command in Linux is analogous to the ipconfig command. |
|
|
Term
What information does the output of the ipconfig command provide you?
The primary IP address of the system
The IP address of the local system and all scanned remote systems on the same network segment
Network information for each network adapter
Network information for wired network adapters only |
|
Definition
| The ipconfig command provides you with network information for each network adapter. It also displays connection-specific DNS suffix, IP address, subnet mask, and default gateway information. Must be run from a command line. To display additional information about a computer's IP configuration, use the commandipconfig /all Supported on all Windows server systems and client systems. |
|
|
Term
Which of the following is not a type of certifier?
A Local Area Network (LAN) tester
A network cable certifier
A qualification tester
A line tester |
|
Definition
A line tester
A line tester is not a certifier. A line tester only tests for end-to-end connectivity, but not transmission quality. |
|
|
Term
What can you assume is the problem if the network drop/connection at the user’s desk tests good, the switch port tests good, and the computer’s network interface controller (NIC) tests good?
That there might be a virus on the computer.
The line tester device has failed.
The cable is incorrectly configured.
That you haven’t tested every link in the path. |
|
Definition
The cable is incorrectly configured.
It’s likely that the cable has been wired incorrectly. You should cut off both T-connectors and try again, paying close attention to the wiring sequence. |
|
|
Term
You have a user who has just received a new computer, but has no connectivity. You have checked the computer on another network connection and it works. You checked the switch, but there is no link light at the switch. Which device would you use to troubleshoot further?
A Wi-Fi analyzer
An ohm meter
A light meter
A line tester |
|
Definition
A line tester
The line tester will tell you if the cable has end-to-end connectivity.
Light Meters, also known as Optical power meters, are devices used to measure the power in an optical signal. A typical light meter consists of a calibrated sensor, measuring amplifier, and display. The sensor primarily consists of a photodiode selected for the appropriate range of wavelengths and power levels. The display will show the measured optical power and set wavelength. A traditional light meter responds to a broad spectrum of light, and the user sets the wavelength to test. If there are other spurious wavelengths present, then wrong readings can result. |
|
|
Term
When using a protocol analyzer, which OSI model layer can you NOT gather information from?
Data Link
Transport
Physical
Application |
|
Definition
Application
A protocol analyzer, or a network analyzer, is diagnostic software that can examine and display data packets that are being transmitted over a network. It can examine packets from protocols that operate in the Physical, Data Link, Network, and Transport layers of the OSI model. |
|
|
Term
Which device would you use to check the cable’s integrity before rebuilding it?
Cable certifier
Multimeter
Light meter
Inline ping device |
|
Definition
cable certifier
A cable certifier will test your cable for functionality and tell you if it is a straight-through or a crossover.
A multimeter, also known as a volt/ohm meter, is an electronic measuring instrument that takes electrical measurements such as voltage, current, and resistance. |
|
|
Term
What is the value of the ping command?
To check for host DNS entries.
To check routing tables for errors.
To check for open TCP ports on a remote host.
To check basic network connectivity. |
|
Definition
To check basic network connectivity.
The ping command checks basic network connectivity. It cannot tell you if the host is capable of accepting remote commands nor its status. |
|
|
Term
| The pathping command’s value is in its capability to do what? |
|
Definition
| The pathping command’s value is in its capability to of identifying routers or subnets with latency problems by displaying packet loss data. |
|
|
Term
A tone generator sends an electrical signal through a pair of unshielded twisted pair (UTP) wires. What does a toner probe do?
It emits a series of encrypted tones that are decrypted on the other end of the wire.
It emits a tone when it detects a signal in a pair of wires.
It emits a tone when it detects viruses in signal transmissions.
It sends echo tones through a pair of wires as an audible ping. |
|
Definition
It emits a tone when it detects a signal in a pair of wires.
The toner probe emits a tone when it detects a signal in a pair of wires. It’s used to trace and locate voice, audio, and video signals on a network. |
|
|
Term
The toner probe emits a tone when it 1.
It’s used to 2. |
|
Definition
| The toner probe emits a tone when it detects a signal in a pair of wires. It’s used to trace and locate voice, audio, and video signals on a network. |
|
|
Term
A website that displays information that is used to verify routing between providers is known by what name?
Routing shop
Speed test site
Loopback interface site
Looking glass site |
|
Definition
Looking Glass Site
A Looking Glass site is a web server that allows external users to get a look at routing and network behavior as it originates from the remote network. A looking glass site accesses a remote router and performs commands allowing a view of the IP and BGP route tables. The information is then presented to the user. Looking Glasses sites are used for verifying routing between providers, and for verifying that routes are propagating correctly across the Internet. |
|
|
Term
A Looking Glass site is a 1
A looking glass site accesses a 2 and 3 allowing a view of the 4.
Looking Glasses sites are used for 5 |
|
Definition
A Looking Glass site is a web server that allows external users to get a look at routing and network behavior as it originates from the remote network.
A looking glass site accesses a remote router and performs commands allowing a view of the IP and BGP route tables.
Looking Glasses sites are used for verifying routing between providers, and for verifying that routes are propagating correctly across the Internet. |
|
|
Term
What is meant by the term “overlapping channel”?
The channels between whole numbered channels, such as 1.5, 2.5, etc.
Wi-Fi channels other than 1, 6, and 11 in the U.S.
Devices such as cordless phones and other devices overlapping channels with Wi-Fi access points
Wi-Fi signals that overlap each other because of wireless access point density |
|
Definition
Wi-Fi channels other than 1, 6, and 11 in the U.S.
Channels 1, 6, and 11 are far enough apart that they don’t overlap. If you select channel 2, for example, channel 1 overlaps with it and your performance is decreased. There’s usually a two to three channel overlap in Wi-Fi signals; therefore, it’s generally safe to use channels 1, 6, and 11 in the U.S.
Congested/overlapping channels
Interference from neighboring wireless networks that are on the same channel; mismatched channels will prevent connectivity; congested network channels. |
|
|
Term
What is the identifying symptom of attenuation?
Slow responses from the network
Intermittent connectivity issues
Complete loss of signal
High latency |
|
Definition
Slow responses from the network
Attenuation occurs when there is a degradation of signal strength, which results in slow responses from the network. |
|
|
Term
A split pair is among the most difficult to diagnose of wiring errors. What should you look for when testing a cable?
Over-reported bandwidth readings
Loopback
Impedance
Excessive cross-talk |
|
Definition
Excessive cross-talk
Having the tester look for excessive crosstalk usually detects a split pair. You have to use a certifier device to detect a split pair because a simple line tester isn’t sufficient for the job. |
|
|
Term
Which of the following factors would not interfere with wireless signals?
Metal studs
Acoustic ceiling tiles
Fluorescent light ballasts
Concrete walls |
|
Definition
Acoustic ceiling tiles
Acoustic ceiling tiles would have no ill effect on wireless signals to or from a wireless access point. The others have varying effects depending on distance, density, and other environmental and structural factors. |
|
|
Term
What is the best definition of device saturation?
When the attenuation value has peaked
When the percent utilization value is close to 100
When wait times are at their maximums for all services
At maximum transmission distance |
|
Definition
When the percent utilization value is close to 100
A device is said to be saturated or has reached saturation when its percent utilization is close to 100. |
|
|
Term
What is the primary function of a Gigabit interface converters (GBICs) or an small form factor pluggable (SFP)?
To comply with the new 802.x standard.
To act as a primary network interface for new cabling schemas.
To increase the wavelengths used for device connection to avoid interference.
To convert electrical signals into optical signals and vice versa. |
|
Definition
To convert electrical signals into optical signals and vice versa.
The primary function of a GBIC or an SFP is to convert electrical signals into optical signals and vice versa. |
|
|
Term
What is the major advantage of small form factor pluggable (SFP) transceivers over Gigabit interface converters (GBICs)?
Ease of installation
Signal transmission distance
Higher port density
Cost |
|
Definition
Higher port density
SFPs are similar to GBICs in their architecture, but they allow higher port density than GBICs. |
|
|
Term
What is a resolution to fix a particular area of the network suffering significant signal loss caused by near-end cross-talk?
Remove any electrical interference such as wires crossing fluorescent light ballasts.
Replace the switch or replace the hub with a switch.
Correct any crossed or crushed wires and verify termination.
Place a signal booster into the network. |
|
Definition
Correct any crossed or crushed wires and verify termination.
Test with cable testers from both ends of the cable and correct any crossed or crushed wires. Verify that the cable is terminated properly and that the twists in the pairs of wires are maintained |
|
|
Term
A user’s computer is functioning normally in all respects except that it cannot connect to the wireless access point and browse the Internet. Identify a basic parameter to check in troubleshooting the problem.
Firewall exception for wireless connectivity
The Service Set Identifier (SSID)
The Domain Name System (DNS) server settings
Interference by original equipment manufacturer (OEM) speakers |
|
Definition
The Service Set Identifier (SSID)
A mismatched or incorrect SSID is likely the first parameter to check if the user’s computer is functioning normally in all other respects. |
|
|
Term
What is another term for a short in a network cable
A loopback
A mismatch
A cut
A fault |
|
Definition
A cut
When a cable is cut, it is shorted. Often the short involves bare wire coming in contact with other conductive surfaces. |
|
|
Term
You attempt to connect one end of an Ethernet cable to a switch, but the switch will not recognize the connection. What is likely the problem?
A faulty switch port
Interference from close proximity devices
TX/RX reversed
A short or break in the cable |
|
Definition
TX/RX reversed
It’s likely that the TX and RX are reversed due to incorrect wiring layout, perhaps resulting in a straight-through cable. |
|
|
Term
What is yet another term for a short in a network cable?
An open
A tear
A glitch
A scratch |
|
Definition
An open
Cable and network professionals will sometimes refer to shorts as opens, referring to the fact that the electrical signal loop is open.
previous |
|
|
Term
What is the identifying symptom of attenuation?
Complete loss of signal
Slow responses from the network
High latency
Intermittent connectivity issues |
|
Definition
Slow responses from the network
Attenuation occurs when there is a degradation of signal strength, which results in slow responses from the network. |
|
|
Term
You are checking a particular area of your network and note significant signal loss. What could be the problem?
Near-end cross-talk
Attenuation
Collisions
Shorts |
|
Definition
Near End Cross Talk
This behavior is associated with near-end cross-talk, near the terminating connector. |
|
|
Term
When designing a wireless network, you should consult a scale drawing of the workspaces to be covered by wireless connectivity. Why should you examine a scale drawing of the workspace?
To calculate the cost of securing the wireless network.
To determine adequate wireless access point coverage.
To get an idea of where accessible electrical outlets are located.
To place wireless access points in spill-free zones. |
|
Definition
To determine adequate wireless access point coverage.
You need to examine the scale workspace drawing to determine where to place wireless access points to ensure adequate coverage. |
|
|
Term
If you need to upgrade your network to gigabit speeds but do not want to replace a lot of different components, which hardware solution could you use?
Gigabit interface converters (GBICs)
ThinNet transceivers
ThickNet transceivers
Attachment Unit Interfaces (AUIs) |
|
Definition
Gigabit interface converters (GBICs)
The GBIC is used as an interface for high-speed networking and to upgrade the network, without needing to replace all components in the motherboards. |
|
|
Term
What should you look for on a network if your primary wireless access point mysteriously begins to experience interference?
An errant switch
MIMO
A rogue access point
A mobile phone |
|
Definition
A rogue access point
RF interference can be caused by a number of devices, but you should search for rogue access points.
Multiple input, multiple output (MIMO) uses multiplexing to increase wireless network range and bandwidth. |
|
|
Term
Radio Frequency Interference (RFI) is a type of what electrical phenomenon that disrupts electrical signal transmission?
Discharge
Noise
Short
Cross-talk |
|
Definition
Noise
RFI is a type of noise that is caused by electrical radiation or induction that disrupts electrical signals and transmissions. |
|
|
Term
What is another term for a short in a network cable?
A loopback
A mismatch
A fault
A cut |
|
Definition
A cut
When a cable is cut, it is shorted. Often the short involves bare wire coming in contact with other conductive surfaces. |
|
|
Term
You have installed a new server on your network and plugged it into an available network cable. Everything checks out as working, yet you cannot connect to the rest of the network.
What two things do you check first?
NIC drivers; default gateway address
NIC speed and duplex settings; Virtual Local Area Network (VLAN) ID
NIC speed and duplex settings; switch port speed and duplex settings
NIC speed; NIC link lights |
|
Definition
NIC speed and duplex settings; switch port speed and duplex settings
You should check the network interface controller’s speed and duplex settings and the corresponding switch port’s speed and duplex settings to be sure that they match. |
|
|
Term
A user’s computer hardware and software both check out as good. The network cable has end-to-end connectivity. Speed and duplexing have been verified. Where would you look next for the problem?
Check the computer’s system time in BIOS and in the operating system
Check the availability of a BIOS update for the computer
The IP configuration information from running ipconfig /all
The Virtual Local Area Network (VLAN) ID on the switch port |
|
Definition
The Virtual Local Area Network (VLAN) ID on the switch port
Check the VLAN ID configuration on the switch port. |
|
|
Term
A user reports that she is able to contact her network printers and a file server located on her floor, but she is unable to browse the Internet or to connect to a remote system on another floor. What is likely her problem?
Incorrect or missing default gateway
Incorrect subnet mask
Incorrect IP address
No more DHCP-allocated addresses are available for her system |
|
Definition
Incorrect or missing default gateway
The user can operate on her own subnet, which means that it’s her default gateway that’s missing or incorrect. The default gateway is only important for traversing the nearest router, which is the default gateway. |
|
|
Term
A user is attempting to open an application that requires a connection to a server for functionality; however, she receives an error message that the application cannot connect to the server. She tells you that this happens sporadically. What do you investigate to find the problem’s source?
Check the server’s utilization to see if it’s overloaded.
Check the cable integrity between the user and the server.
Check the status of required updates on the computer.
Check the version of her client software. |
|
Definition
Check the server’s utilization to see if it’s overloaded.
Sporadic problems are the most difficult to diagnose, but this one is probably an overutilized server. |
|
|
Term
A new user reports that he cannot connect to the network. You check the computer, his patch cable, and the switch port, and all are fine. Although the port shows no light, it tests as good. What do you check next?
Check the network drop.
Check with security to learn if the user’s credentials are functional.
Disable/enable the user’s network interface controller (NIC) several times and then try again.
Use a Degaussing unit to rid the computer of any static electricity. |
|
Definition
Check the network drop.
The network drop might be disconnected, not patched, or incorrectly wired. |
|
|
Term
Which network interface controller (NIC) team mode provides the safest configuration in case of a failure?
Active-passive
Active-bonded
Active-reactive
Active-active |
|
Definition
Active-passive
The active-passive mode is the safest in case of a failure because it will fail to the passive NIC. You will have the same single NIC bandwidth, but with the safety factor of a “hot spare” NIC. |
|
|
Term
What are the possible states of a network interface controller (NIC) team?
Active-passive or active-bonded
Active-active or active-disabled
Active-active or active-reactive
Active-active or active-passive |
|
Definition
Active-active or active-passive
The two generally recognized modes or configurations are active-active and active-passive. Active-passive is sometimes referred to as active-standby. |
|
|
Term
You connect one switch to another switch via a fiber cable, but the switches do not recognize the connection. What is the likely cause of the problem?
The switch fiber ports are bad or damaged
Bad connectors
Improper termination
TX/RX reversed |
|
Definition
TX/RX reversed
The most likely case is that the TX/RX have been improperly crossed. |
|
|
Term
How can a wavelength mismatch occur?
One or both ends of a fiber cable are incorrectly terminated.
The wavelength is distorted by a bend or minor break in a cable.
The physical layer module, such as an small form factor pluggable (SFP), doesn’t support multiple wavelengths.
The provisioned value for wavelength does not match the supported wavelength. |
|
Definition
| A wavelength mismatch can occur when the provisioned value for wavelength does not match the supported wavelength. |
|
|
Term
| A wavelength mismatch can occur when |
|
Definition
| the provisioned value for wavelength does not match the supported wavelength. |
|
|
Term
A user’s computer checks out as functional, but cannot get a good network connection. What do you test next?
Reboot the computer and enter the Basic Input/Output System (BIOS) settings to be sure that the onboard network interface controller (NIC) is enabled.
Run a full spectrum diagnostic on the computer to check for viruses and other malware.
Check to see if a power cycle will reset the system.
Check the network cable for end-to-end connectivity with a cable tester. |
|
Definition
Check the network cable for end-to-end connectivity with a cable tester.
Since the system itself, including hardware, checks out, then you should check the network cable. |
|
|
Term
In troubleshooting fiber cable connections, other than physical damage, what physical problems can a fiber cable have that hinders signal transmission?
Mislabeling
Too much shielding
Improper termination
Excessive bends |
|
Definition
Excessive bends
Fiber cable has a bend radius limitation that when exceeded can cause less than optimal or no signal transmission. Other than cuts or other actual damage, look for bent cables. |
|
|
Term
In a network interface controller (NIC) team configuration, which of the two modes provides the greater bandwidth?
Active-passive
Active-bonded
Active-reactive
Active-active |
|
Definition
Active-active
Active-active mode provides the system with the highest possible bandwidth for a NIC team. |
|
|
Term
A user receives a notification on his desktop that reads, “The system has detected an IP address conflict with another system on the network. The local interface has been disabled. More details are available in the system event log. Consult your network administrator to resolve the conflict.” The user contacts you, the network administrator, to resolve the problem. What do you do?
Run ipconfig /flushdns on the user’s computer
Run ipconfig /renew on the user’s computer
Run ipconfig /all on the user’s computer
Run ipconfig /setclassid * on the user’s computer |
|
Definition
Run ipconfig /renew on the user’s computer
You should run ipconfig /renew on the user’s computer to request a new IP address from the Dynamic Host Configuration Protocol (DHCP) server. |
|
|
Term
Using the previous scenario, how would you remedy the problem?
Install the NIC driver and allow the NIC to request an IP address.
Replace the defective motherboard.
Power off the system, install a new Basic Input/Output System (BIOS), boot to BIOS, and disable the onboard NIC.
Connect to Windows Updates on the system to find the correct driver |
|
Definition
Install the NIC driver and allow the NIC to request an IP address.
The resolution is to install the appropriate network interface controller (NIC) driver via the support disk or the support partition from the manufacturer. Alternatively, go to another computer, connect to the system manufacturer’s support website and download the latest driver, transfer it to the user’s computer, and install it. |
|
|
Term
Using the previous scenario, how else would you troubleshoot this problem if your other efforts produce no resolution?
Ping the application server and check the response time.
Check the user’s credentials on the remote server to ensure that they’re valid and active.
Check all switches between the user and the application server for errors.
Check the user’s firewall settings for port denial. |
|
Definition
Check all switches between the user and the application server for errors.
This problem could also be caused by Ethernet errors on a switch. A careful check of errors and collisions might provide some insight. |
|
|
Term
Your fiber cable has no physical damage and you are sure that the connections are clean and free of debris, but there is still no signal. You have also checked the hardware on both ends and found it to be good. What could be the problem?
The cable has been spliced too many times
Insufficient polishing on the fiber ends
Mismatched connectors
Internal anomalies with the glass fiber |
|
Definition
Mismatched connectors
The most probable cause is mismatched connectors. Inspect both ends of the cable and be sure that all connectors are appropriate for the application and that they match. |
|
|
Term
What is the problem with a so-called maximum transmission unit (MTU) black hole?
It creates a significant security problem by simply dropping messages.
A router’s utilization will hit 100 percent due to the number of discards.
The “change size” message is never received by the sending device.
It creates a broadcast storm of Internet Control Message Protocol (ICMP) messages. |
|
Definition
The “change size” message is never received by the sending device.
In case of a mismatch of the MTU, the Transmission Control Protocol/Internet Protocol (TCP/IP) connection handshake does not occur between the devices (routers) and the connection cannot be established. For black holes, the router receives a packet that is larger than the size of the MTU and it sends an ICMP message saying to change the size, but the message is never received. |
|
|
Term
What is the major problem with denying Internet Control Message Protocol (ICMP) on your firewall in order to prevent ICMP-related attacks?
It disables network drive mapping for Windows computers.
You can’t use ping to troubleshoot your network.
It prevents legitimate machine to machine pings.
It creates more Address Resolution Protocol (ARP) traffic |
|
Definition
You can’t use ping to troubleshoot your network.
The problem with disabling ICMP on your network is that you’ll also disable your ability to ping hosts to check for connectivity. |
|
|
Term
Using the previous scenario, you have created an allow rule for Transmission Control Protocol (TCP) port 3333 to server1, but the test fails. What could not be the problem with your firewall rule?
You’ve exceeded the maximum number of rules in your firewall.
Server1 isn’t listening on port 3333.
You’ve created a deny rule instead of an allow rule.
There is a conflicting firewall block rule that took precedence. |
|
Definition
You’ve exceeded the maximum number of rules in your firewall.
It is unlikely that you could reach the firewall rule limit, which in most cases is 1,000 or more on lower end firewalls. If you find that you are exceeding the limit, rewrite rules to include ranges instead of individual ports. |
|
|
Term
How do you stop a network Denial of Service (DoS) attack?
Deny or drop all incoming traffic to your network.
You can’t; you have to wait for it to stop.
Reboot external routers and gateways.
Launch a counter attack aimed at the source. |
|
Definition
You can’t; you have to wait for it to stop.
A DoS attack has an obvious symptom but usually no quick solution. Most DoS attacks are network-based, where the network is being flooded with traffic. The only fix for a network-based DoS attack is to wait for it to stop. |
|
|
Term
Which of the following is an example of a method to compromise a system in order to gain unauthorized access inside a network?
Mass mailer
Logic bomb
Boot sector virus
Trojan horse |
|
Definition
Trojan Horse
Trojan horse malware is used to gain access to a system inside a network to exploit vulnerabilities in systems, to steal data, or to disrupt network functions. Other listed attacks generally don’t include an ”outside to inside” style attack the way a Trojan horse does. |
|
|
Term
Active Directory groups can be very confusing to implement correctly. What is the possible harm of group mishandling and sprawl?
Empty groups are a hacker’s best friend because of the lack of security
The complexity makes it easier for hackers to compromise
Users may accidentally gain unnecessary privileges
Security logging and auditing is limited to Domain global groups, which may lead to missing security violations |
|
Definition
Users may accidentally gain unnecessary privileges
Users may gain privileges from other group memberships that they do not need. A user account compromise might expose systems and services that the user has no idea that he or she has access to. |
|
|
Term
During a normal patching session, you find that one of your systems will not shut down when it is time for it to reboot. What do you suspect has happened?
A hacker currently has control of the system and is preventing it from being rebooted.
A boot sector virus has infected the system.
Nothing; this is normal behavior.
A malware program is keeping processes alive. |
|
Definition
A malware program is keeping processes alive.
Some malware programs will hold services active to prevent reboots. Often the only way to fix those systems is to perform a power off and safe recovery to remove the malware. |
|
|
Term
Network studies and surveys assert that a majority of malicious attacks actually originate inside corporate walls, not from the outside. Assuming that is true, what can you do to detect and prevent system and service compromises caused by employees?
Use Host-based Intrusion Detection Systems (HIDSs) for monitoring.
Educate your employees on the negative effects of malicious behavior.
Manually audit every computer on the network for malicious tools.
Use group policies to prevent users from installing network tools onto their workstations. |
|
Definition
Use Host-based Intrusion Detection Systems (HIDSs) for monitoring.
The best solution is to use a HIDS to monitor and audit user traffic. Automate the monitoring as much as possible to prevent activity from being overlooked. |
|
|
Term
What do hackers look for when scanning hosts on a network?
Windows systems
Firewalls and antivirus programs
Apache web servers
Open Transmission Control Protocol (TCP) ports |
|
Definition
Open Transmission Control Protocol (TCP) ports
A hacker will scan hosts to find open TCP ports. By identifying hosts with open TCP ports, it is a simple task to identify the services running on those open ports to check vulnerabilities to attacks. |
|
|
Term
A common practice among IT personnel is to set up what service or access that is a strict violation of security protocol?
A secure tunnel
Service IDs with administrator privilege
An administrative backdoor
Root or administrator |
|
Definition
An administrative backdoor
IT administrators will often set up administrative backdoors so if the normal channels get hacked or compromised, they’ll still have access to the system(s) through this backdoor route. |
|
|
Term
Identify a solution for monitoring malicious Internet Control Message Protocol (ICMP) traffic on your network.
A network intrusion detection system (NIDS)
An active detection/denial system for malicious ICMP traffic
A continuously running protocol analyzer
An access control list (ACL |
|
Definition
A network intrusion detection system (NIDS)
A NIDS will monitor and alert on malicious ICMP traffic. You have to identify what type of ICMP is allowed into and out of your network for this to be effective. |
|
|
Term
If you observe the following two error messages when reviewing Terminal Access Controller Access Control System (TACACS) log entries, what would you suspect if the message is repeated many times in a row?
err tamd[6695]: pam_tacplus: unable to obtain username
err tamd[6695]: pam_tacplus: auth failed: Login incorrect
There is a service attempting to login and failing, probably due to a changed password
Someone is attempting to guess usernames and passwords
You have a user who can’t remember the assigned username/password combination
There is something wrong with the TACACS authentication engine |
|
Definition
Someone is attempting to guess usernames and passwords
It’s likely that a hacker is attempting to guess usernames and passwords to gain authenticated access to a system. Further investigation is recommended. |
|
|
Term
How can you prevent banner grabbing to increase your overall security?
Configure services to drop banner requests.
Configure confusing or incorrect banner information.
Log all banner requests for future analysis.
Banner requests are of no security consequence or threat. |
|
Definition
Configure services to drop banner requests.
Banner grabbing is one of the easiest ways to fingerprint an OS or an application/service. In many cases you can configure the service (web server, email server, etc.) to not respond to clients with any banner. Firewalls can also be configured to block banners. |
|
|
Term
You find that one of your systems has been compromised by a rootkit. What is your best course of action to remedy the infection?
Use a rootkit remover program.
Restore the critical system files from backup.
Perform a clean reinstall of the operating system .
Patch the system so that no further attacks can take place. |
|
Definition
Perform a clean reinstall of the operating system .
A clean reinstall from original installation media is the only sure method of ridding a system of a rootkit compromise. There’s no way to know what has changed or when the changes occurred, so restoring from an assumed good backup is not the answer. Patching is a pre-rootkit preventative measure, and using a remover program probably won’t clear the system of all changes. |
|
|
Term
Why are firewall problems so difficult to troubleshoot?
Each firewall is different in the way it handles allow and deny rules.
Rules that apply to domain, private, and public networks can be confusing.
Some firewalls are inherently permissive.
Restrictive firewall rules are difficult to navigate due to their numbers. |
|
Definition
Each firewall is different in the way it handles allow and deny rules.
Some firewalls are permissive and some are very restrictive and everything in between the two extremes. Also firewalls are different in how they process rules—some process in a top-down fashion, while others have certain types of rules that take precedence over others. |
|
|
Term
How do you recognize an IP spoofing attack?
A huge amount of email is being generated from a single system
Computer systems randomly reboot although there’s no power loss or other systemic problems
A system’s primary services, such as network browsing and remote connections, fail
Traffic from an external source that has an internal address |
|
Definition
Traffic from an external source that has an internal address
An IP spoofing attack is a type of software attack where an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote system. One sign of an IP spoofing attack is a network packet from an external source that appears to have an internal source address. |
|
|
Term
Using the previous scenario, you have created an allow rule for Transmission Control Protocol (TCP) port 3333 to server1, but the test fails. What could not be the problem with your firewall rule?
Server1 isn’t listening on port 3333.
You’ve exceeded the maximum number of rules in your firewall.
There is a conflicting firewall block rule that took precedence.
You’ve created a deny rule instead of an allow rule. |
|
Definition
You’ve exceeded the maximum number of rules in your firewall.
It is unlikely that you could reach the firewall rule limit, which in most cases is 1,000 or more on lower end firewalls. If you find that you are exceeding the limit, rewrite rules to include ranges instead of individual ports. |
|
|
Term
If users report Terminal Access Controller Access Control System (TACACS) login failures, where should you look to find the root cause?
The BIG-IP log files
In the access control list (ACL)
In the user’s bash history file
In the failed system’s TEMP directory |
|
Definition
The BIG-IP log files
If the TACACS servers are available on the network, but fail to authenticate users, you may need to review the BIG-IP log files for relevant TACACS messages. |
|
|
Term
Identify a method of working around Address Resolution Protocol’s (ARP’s) inherent security problems.
Set up strict guidelines for the use of ARP commands on your network
Identify and classify internal ARP traffic as allowed and disallow all external ARP traffic
Use software that checks the accuracy of the ARP table
Deny ARP traffic in firewalls |
|
Definition
Use software that checks the accuracy of the ARP table
There are only two ways to defeat ARP’s inherent problems: hard-code ARP to IP mappings or use software that regularly checks the accuracy of the ARP table. |
|
|
Term
To troubleshoot Terminal Access Controller Access Control System (TACACS) sessions, which utility should you turn to for assistance?
Tcpdump
Ifconfig
Ipconfig
tracert or traceroute |
|
Definition
Tcpdump
Begin a packet trace using the tcpdump utility. Once you’ve captured a sufficient amount of traffic, analyze the packet capture (PCAP) file in a packet analysis program. |
|
|
Term
Which simple practice can prevent many, if not most, successful compromises in a company?
Least privilege security policy and settings
Using Network Intrusion Detection Systems (NIDS)
Employee training and education
The use of high end corporate firewalls |
|
Definition
Least privilege security policy and settings
Returning to a practice of least privilege can prevent a large number of system and service compromises. The practice consists of only granting the privileges that are absolutely required to perform a task, function, or job. The practice applies to users as well as service IDs. |
|
|
Term
You have blocked a vulnerable Transmission Control Protocol (TCP) port on your network—3333, for example—and you want to test your firewall’s rule for it. What simple command would you use to test the port block from outside the firewall to server1?
http://server1:3333
vnc server1:3333
telnet server1 3333
ssh server1 3333 |
|
Definition
telnet server1 3333
The simple telnet command will attempt to connect to port 3333 on server1. If successful, the screen goes blank and will accept port commands; otherwise, the connection either is refused or dropped. |
|
|
Term
If you are using a wireless WAN, what is your biggest problem to troubleshoot?
The size of your Local Area Network (LAN)
Routing
Interference
Domain Name System (DNS) services |
|
Definition
Interference
Interference is the biggest problem to troubleshoot. There are many factors that can reduce reliability and signal strength over a wireless connection, but interference from physical obstacles, power lines, and other wireless signals are constant issues to resolve. |
|
|
Term
Identify a quick test for Domain Name System (DNS) connectivity.
Use tracert to check connections between your network and the DNS server.
Use an Address Resolution Protocol (ARP) reverse lookup with a system’s IP address.
Perform an nslookup using a system’s or a site’s name.
Use nslookup with a system’s IP address. |
|
Definition
Perform an nslookup using a system’s or a site’s name.
Perform an nslookup using a site’s name or system’s name. If you get a positive response, then DNS is working. If you receive an error, but are successful using the IP address, you have a DNS server problem. |
|
|
Term
You have performed exhaustive tests for a WAN connectivity problem up to the interface between your network and the provider’s network, and now it is time to engage the provider to do some research. The provider’s first step prior to sending out a technician is to perform what physical test?
Have you reboot your router several times.
Require you to pass some test data through the lines .
Recite a checklist of items that you should have investigated.
Test the line up to the smart jack. |
|
Definition
Test the line up to the smart jack.
The provider will perform a remote test to the smart jack where its equipment ends and yours begins. |
|
|
Term
If your office and network are located near the end of a transmission link, the signal can become quite weak. If your signal is not powerful enough, your provider will generally install what type of device to boost the signal?
A repeater
A demarc
A smart jack
A loopback |
|
Definition
A repeater
A repeater will boost the signal so that the provider can deliver a usable signal to your network. |
|
|
Term
Identify one workaround for the count-to-infinity problem.
The seed routing method
The zone routing method
The split horizon method
The distance-vector routing method |
|
Definition
The split horizon method
One workaround to the count-to-infinity problem is the split horizon method, where a router does not include any routes to the router from which it discovered its own location in its broadcasts. |
|
|
Term
What is a Fair Access Policy?
It’s a bandwidth cap by time period
It’s a limitless usage account on some networks
It’s a law that guarantees fair access to Internet resources
It’s a corporate policy to describe employee access to the Internet |
|
Definition
It’s a bandwidth cap by time period
A Fair Access Policy is a usage-based billing that caps the amount of bandwidth used per period of time based on what you pay the provider. It can also refer to bandwidth speed limitation or throttling. |
|
|
Term
If you suddenly lose Wide Area Network (WAN) connectivity, which device would you investigate first for the problem?
The Internet-connected router
Your default gateway
The load balancer
Your network segment’s switch |
|
Definition
The Internet-connected router
Your Internet-connected router is probably the source of the problem locally. |
|
|
Term
What is the hardware unit that interfaces your network to your provider’s network?
Demarc
Switch
Channel Service Unit/Data Service Unit (CSU/DSU)
Router |
|
Definition
Channel Service Unit/Data Service Unit (CSU/DSU)
The CSU/DSU is the piece of hardware that interfaces your network to your provider’s network. It is installed at your site and is often owned by the provider. |
|
|
Term
If you think that you have interface errors on a router, which command would you use to check for errors that are currently occurring on the interface?
show config
set interface
show interface
enable |
|
Definition
show interface
The command show interface will show you what’s going on at the time you issue the command. |
|
|
Term
Which router command would you use to see interface errors in real time, as they occur?
show interface
debug interface
load config
enable |
|
Definition
| Use the debug interface to show you what’s happening in real time while it happens so that you can track incoming and outgoing traffic. |
|
|
Term
Identify one of the major drawbacks with satellite WAN communications for data.
Interference
Price
Throttling
Speed |
|
Definition
Interference
Satellite Wide Area Network (WAN) links suffer interference as much as any other wireless transmissions. Weather conditions affect it the most via clouds, dust, and humidity. Other factors can also affect transmission quality such as buildings, trees, and other obstructions. |
|
|
Term
What protocol enables multiple routers on a LAN to work together sharing a single virtual IP address?
Virtual Router Redundancy Protocol (VRRP)
Enhanced Interior Gateway Routing Protocol (EIGRP)
Interior Gateway Routing Protocol (IGRP)
Routing Information Protocol (RIP) |
|
Definition
Virtual Router Redundancy Protocol (VRRP)
A virtual router is a software-based routing framework that enables the host computer to act as a hardware router over a LAN. The VRRP advertises a virtual router as the default gateway, which is backed by a group of physical routers that provide redundancy in case one fails. This helps you increase the availability of your networks. |
|
|
Term
| the count-to-infinity problem. |
|
Definition
The core of the count-to-infinity problem is that if A tells B that it has a path somewhere, there is no way for B to know if the path has B as a part of it. To see the problem clearly, imagine a subnet connected like A–B–C–D–E–F, and let the metric between the routers be "number of jumps". Now suppose that A is taken offline. In the vector-update-process B notices that the route to A, which was distance 1, is down – B does not receive the vector update from A. The problem is, B also gets an update from C, and C is still not aware of the fact that A is down – so it tells B that A is only two jumps from C (C to B to A), which is false. Since B doesn't know that the path from C to A is through itself (B), it updates its table with the new value "B to A = 2 + 1". Later on, B forwards the update to C and due to the fact that A is reachable through B (From C point of view), C decides to update its table to "C to A = 3 + 1". This slowly propagates through the network until it reaches infinity (in which case the algorithm corrects itself, due to the relaxation property of Bellman–Ford). |
|
|
Term
If your provider’s Domain Name System (DNS) services are not working, which of your systems will be affected?
Only those that use static IP addressing that refer to the provider’s DNS servers
Only the Internet-connected router’s DNS will be affected
Only those that use Dynamic Host Configuration Protocol (DHCP)
Those that use the provider’s DNS servers, whether DHCP or static IP |
|
Definition
Those that use the provider’s DNS servers, whether DHCP or static IP
Any system on your network that uses your provider’s DNS services will be affected by the outage, whether they have static IP addresses or those assigned by a DHCP server. |
|
|
Term
Identify another workaround method for the count-to-infinity problem.
Seed routing
IP Routing Information Protocol (RIP)
Poison reverse
Reverse split horizon |
|
Definition
Poison reverse
Another workaround to the count-to-infinity problem is called a poison reverse. Unlike in split horizon, routers using poison reverse broadcast routes back to the router from which they calculated their location. Instead of giving a true hop count, to discourage use of the route, the router broadcasts a hop count of 16 as a warning not to use the value specified and as an intimation that the route was learned from router 1 |
|
|
Term
How can you tell if the Wide Area Network (WAN) connectivity problem is on your side or your provider’s?
Check your router’s connection logs.
Call the provider and check to see if there’s a general outage.
Check connectivity to your router from inside your Local Area Network (LAN).
Check your Internet-connected router’s cable. |
|
Definition
Check your router’s connection logs.
If you check your router’s connection logs, you can see if the router’s authentication is failing or if there’s some other problem with the connection that shows up in the logs. Calling your provider will only work if there’s not a general communications outage with your provider. |
|
|
Term
You need to cover an outdoor corporate courtyard area with high bandwidth Wi-Fi. Which Institute of Electrical and Electronics Engineers (IEEE) standard will you use when looking for wireless access points to cover it?
802.11a
802.11g
802.11b
802.11ac |
|
Definition
| 802.11ac covers a large area (35 meters or more) and at a very high bandwidth (up to 1 Gbps) making it the clear—but more expensive—choice for such an application. |
|
|
Term
Identify a significant technological advantage of an HDMI Ethernet Channel (Ethernet over HDMI) versus separate HDMI and Ethernet?
A single IP-enabled device performs multiple functions
Fewer cables to deal with when using devices
Lower cost for Internet-accessible services
Faster Internet access for IP-enabled devices |
|
Definition
A single IP-enabled device performs multiple functions
While it’s true that you’ll have fewer cables to deal with because HDMI and Ethernet are combined into a single cable, the significant advantage from a technology standpoint is that you can have a single IP-enabled device perform multiple functions. For example, an IP-enabled TV removes the need for video players, streaming devices, stereo systems, and other individual entertainment devices. |
|
|
Term
Which Institute of Electrical and Electronics Engineers (IEEE) standard wireless router or access point is widely deployed for home and home office use?
802.11a/g
802.11a/b
802.11b/g
802.11ac/b |
|
Definition
802.11b/g
802.11b/g is a widely deployed wireless router for home use because of its coverage and its compatibility with most devices. |
|
|
Term
What is the practical length limit of a CAT7 Ethernet cable?
300 feet
100 feet
300 meters
100 meters |
|
Definition
100 meters
The practical length limit is 100 meters or 328 feet. |
|
|
Term
Which standard cable type could you deploy, at a minimum, if you require a 100 Mbps data rate?
CAT3
CAT2
CAT5
CAT4 |
|
Definition
CAT5
CAT5 cable is Fast Ethernet and is rated for 100 Mbps throughput. |
|
|
Term
Which of the following is the cabling standard that defines specifications such as the minimum bend radius for twisted pair cables and the maximum untwist value for CAT6a cable termination?
568C
568B
568A
567 |
|
Definition
568C
568C defines the standards for commercial building cabling. It recognizes CAT6a as a media type. It also defines the minimum bend radius for both shielded and unshielded twisted pair cables. In addition, it specifies the maximum untwist value for CAT6a cable termination. |
|
|
Term
You’re debating which type (category) of cable to run in your server room. You require 1 Gbps throughput, good shielding, and a high signaling rate. Which cable category would you select?
CAT5e
CAT6
CAT5
CAT6a |
|
Definition
CAT6a
CAT6 provides all your required features for a cable standard.
Why the waht you need to know section doesn't say 6a i don't know but I think the a in 6a refers to shielding |
|
|
Term
What is the correct wiring scheme for the current T568B wiring standard?
White green, blue, white orange, green, white blue, orange, white brown, brown
White green, green, white orange, blue, white blue, orange, white brown, brown
White orange, orange, white green, blue, white blue, green, white brown, brown
White orange, orange, white blue, blue, white green, green, white brown, brown |
|
Definition
White orange, orange, white green, blue, white blue, green, white brown, brown
The correct wiring scheme for the T568B standard is white orange, orange, white green, blue, white blue, green, white brown, brown. |
|
|
Term
Which of the following technology designations is considered to be Fast Ethernet?
10Base-2
10Base-T
1000Base-TX
100Base-TX |
|
Definition
100Base-TX
100Base-TX is Fast Ethernet. |
|
|
Term
If you’re looking for an inexpensive Wi-Fi coverage solution at good data rate speeds, which Institute of Electrical and Electronics Engineers (IEEE) standard device should you seriously consider?
802.11ac
802.11n
802.11a
802.11g |
|
Definition
802.11n
802.11n features good coverage within 70 meters, compatibility with 5 GHz and 2.4 GHz devices, and transmission speeds of 150 Mbps or more. |
|
|
Term
In Time-Division Multiplexing (TDM), a communication channel is divided into what?
CPU slices
Synchronous zones
Discrete time slots
Timed simplex signals |
|
Definition
Discrete time slots
In TDM, a communication channel is divided into discrete time slots. Each node on a network is assigned a time slot, and each sender is given exclusive access to the medium for a specific period of time. |
|
|
Term
A system administrator has just granted you access to a database server and he asks you to ping the server at 192.168.1.150. Which Open Systems Interconnection (OSI) layer is he asking you to use?
Layer 3
Layer 4
Layer 2
Layer 1 |
|
Definition
| Layer 3 is the Network layer and ping operates on this layer. |
|
|
Term
| Ping operates @ layer ?, the ? layer |
|
Definition
| Layer 3 is the Network layer and ping operates on this layer. |
|
|
Term
What is another term for full duplex communication?
Unidirectional
Half duplex squared
Bi-directional
Simplex |
|
Definition
Bi-directional
Full duplex mode is also called bi-directional transmission. If someone speaks about duplex transmissions, they are likely referring to full duplex mode. |
|
|
Term
Adding delivery information to and removing delivery information from data through each layer of the Open Systems Interconnection (OSI) model is known as what?
Compression/decompression
Encasement/decasement
Encryption/decryption
Encapsulation/de-encapsulation |
|
Definition
Encapsulation/de-encapsulation
Encapsulation is the process of adding delivery information to the actual data transmitted on each layer. Encapsulation takes place on the transmission end as data is passed down the layers. At the receiving end, the reverse process of removing the added information is done as data passes to the next higher layer, which is de-encapsulation. The added information is called a header if it is before the data or a trailer if it is added after the data. |
|
|
Term
Although we depict IP version 4 (IPv4) addresses in base 10 numbers, such as 192.168.1.100, IPv4 addresses are actually what number type?
Binary
128 bit
Octal
Hexadecimal |
|
Definition
Binary
An IPv4 address is shown and discussed in decimal or base 10 numbers for convenience, but are actually binary. |
|
|
Term
The help desk technician and the network technician successfully work with you to connect to the network. The network technician asks you what your IP address is. Which Open Systems Interconnection (OSI) layer includes your IP address?
Layer 1
Layer 4
Layer 3
Layer 2 |
|
Definition
Layer 3
Layer 3 is the Network layer and IP addresses are part of this layer. |
|
|
Term
You scan the network for a wireless access point until you locate one. Which Open Systems Interconnection (OSI) layer is a Wi-Fi part of?
Layer 1
Layer 7
Layer 3
Layer 6 |
|
Definition
Layer 1
Layer 1 is the Physical layer and also includes wireless communications. |
|
|
Term
An Ethernet frame contains two addresses. What are they?
Source computer MAC address and destination computer MAC address
Source computer IP address and destination computer MAC address
Source computer MAC address and destination computer IP address
Source computer IP address and destination computer IP address |
|
Definition
| Source computer MAC address and destination computer MAC address |
|
|
Term
A coworker asks you for the port number for MySQL. You tell them it is 3306. Which Open Systems Interconnection (OSI) layer did you discuss with your coworker?
Layer 3
Layer 6
Layer 4
Layer 5 |
|
Definition
Layer 5
Layer 5 is the Session layer and Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports are both a part of this layer. This layer is also referred to as the port layer. |
|
|
Term
An Ethernet signal collision is most likely to occur during which transmission phase?
The preamble
Frame check sequence (FCS)
Cyclic redundancy check (CRC)
Payload data transmission |
|
Definition
The preamble
If two nodes transmit at the same time, a collision has occurred. The collision is most likely to occur during the preamble. |
|
|
Term
Describe half duplex communication.
It is one-way communication, such as radio or television.
It is one-way communication, but at half the maximum speed.
It is two-way communication, but at half the maximum speed.
It is full-speed, two-way communication, but in only one direction at a time. |
|
Definition
It is full-speed, two-way communication, but in only one direction at a time.
The half duplex mode of communication permits two-way communications, but in only one direction at a time. When one device sends, the other must receive; then the devices can switch roles to transfer information in the other direction. Half duplex mode can use the full bandwidth of the medium because the transmission takes place in only one direction at a time. |
|
|
Term
Simplex communication is what type of directional transmission?
Pass-through
Unencrypted
One-way
Encapsulated |
|
Definition
| The simplex mode of communication is the one-way transmission of information. |
|
|
Term
You call a help desk technician to assist you in connecting your computer to the corporate network. She asks you to check the link light on your network interface card (NIC). Which Open Systems Interconnection (OSI) layer is she asking you to examine?
Layer 3
Layer 2
Layer 1
Layer 4 |
|
Definition
Layer 2
Layer 2 is the Data Link layer and NICs are part of this layer. |
|
|
Term
What are the five characteristics of an analog signal?
Cycle, phase, signal, ground, and wavelength
Amplitude, cycle, resonance, ground, and wavelength
Amplitude, voltage, charge, ground, and wavelength
Amplitude, frequency, phase, cycle, and wavelength |
|
Definition
Amplitude, frequency, phase, cycle, and wavelength
The five characteristics of an analog signal are amplitude, cycle, frequency, phase, and wavelength. |
|
|
Term
You can determine how optimizations will affect your network by collecting a network traffic sample. How do you determine sample size?
You should only collect during regular business hours.
You have to collect during peak hours each day to capture enough relevant data for analysis.
You have to collect for 24 hours.
You have to collect a sample that is representative of network traffic. |
|
Definition
You have to collect a sample that is representative of network traffic.
The answer will be different for every network or network segment. Some preliminary captures will give you a better view of what is representative traffic. You have to collect a sample that is large enough to provide a representative cross-section of your network’s traffic. |
|
|
Term
What kind of technique is multiplexing?
Encryption
Encapsulation
Modulation
Compression |
|
Definition
Modulation
Modulation is a form of multiplexing, which is a controlled media access method where a central device combines signals from multiple nodes and transmits the combined signal across a medium. |
|
|
Term
To update your website, you have to use File Transfer Protocol (FTP) to transfer your files to the server. Which Open Systems Interconnection (OSI) layer do you use to FTP your files?
Layer 7
Layer 6
Layer 2
Layer 4 |
|
Definition
| Layer 7 is the Application layer and FTP operates on this layer. |
|
|
Term
Your manager advises you to enable Windows Firewall because viruses, worms, and other types of malware have plagued other users. Which layer is he asking you to work with?
Layer 6
Layer 7
Layer 4
Layer 3 |
|
Definition
| Layer 4 is the Transport layer and firewalls are part of this layer. |
|
|
Term
Which term is used for the measure of the number of bits transmitted per a unit of time?
Bandwidth
Collision rate
Baud rate
Bit rate |
|
Definition
Bit rate
The bit rate is a measure of the number of bits that are transmitted per a unit of time. The bit rate is usually measured in bits per second. |
|
|
Term
A friend of yours tells you about a new website that he wants you to see. Which Open Systems Interconnection (OSI) layer are they asking you to examine?
Layer 7
Layer 6
Layer 5
Layer 4 |
|
Definition
Layer 7
Layer 7 is the Application layer and HTTP operates on this layer. |
|
|
Term
The network technician hands you a new network cable and asks you to connect your computer to the network drop behind your desk using it. With which Open Systems Interconnection (OSI) layer are you working on?
Layer 3
Layer 2
Layer 1
Layer 4 |
|
Definition
Layer 1
Layer 1 is the Physical layer, which is where network cabling belongs. |
|
|
Term
Thinking of baseband versus broadband, baseband signals are sent via direct current (DC) over which type of channel?
Dual, multiplexed
Single, multiplexed
Dual, unmultiplexed
Single, unmultiplexed |
|
Definition
Single, unmultiplexed
A baseband transmission is a technique in which digital signals are sent via DC pulses over a single, unmultiplexed signal channel. |
|
|
Term
What is the minimum length (in bytes) of the payload (data) Ethernet frame field?
64
8
46
32 |
|
Definition
46
The payload of the frame (or the information being sent) must be a minimum of 46 bytes long. If the length of data is less than 46 bytes, the data field must be extended by adding a filler to increase the length to a minimum of 46 bytes. |
|
|
Term
A colleague sends you an email with a meeting notice attached. Which Open Systems Interconnection (OSI) layer is this email connected to?
Layer 5
Layer 7
Layer 2
Layer 6 |
|
Definition
Layer 7
Layer 7 is the Application layer and email protocols all operate at this layer. |
|
|
Term
Thinking of baseband versus broadband, baseband signals are sent via direct current (DC) over which type of channel?
Dual, multiplexed
Single, unmultiplexed
Dual, unmultiplexed
Single, multiplexed |
|
Definition
Single, unmultiplexed
A baseband transmission is a technique in which digital signals are sent via DC pulses over a single, unmultiplexed signal channel. |
|
|
Term
Which term is used for the measure of the number of bits transmitted per a unit of time?
Collision rate
Bit rate
Bandwidth
Baud rate |
|
Definition
Bit rate
The bit rate is a measure of the number of bits that are transmitted per a unit of time. The bit rate is usually measured in bits per second. |
|
|
Term
Under what condition would a baud rate and a bit rate be equal?
At 2 bits per symbol
At 8 bits per symbol
At 1,200 bits per symbol
At one bit per symbol |
|
Definition
At one bit per symbol
The bit rate and baud rate are equal at one bit per symbol. |
|
|
Term
When it comes to electrical power systems, power supplies, and anything with voltage, which rule supersedes all other electrical safety rules?
As long as you’re careful, you can install, test, and maintain electric power equipment.
Only a professional electrician should install, test, and maintain electric power equipment.
Use anti-static mats and shoe covers when working with live electrical lines.
Always ground yourself prior to working on electrical equipment. |
|
Definition
Only a professional electrician should install, test, and maintain electric power equipment.
Only a professional electrician should install, test, and maintain electric power equipment. Network technicians can safely install and test low-power communication circuits in network cabling. |
|
|
Term
A network policy may also contain specific use information concerning which of the following?
Bags, purses, and backpacks entering or leaving the facility
Cable locks, overhead bins, locking cabinets, and desks
Removable drives, instant messaging, and wireless devices
Peripheral equipment such as mice, keyboards, monitors, and docking stations |
|
Definition
Removable drives, instant messaging, and wireless devices
Policies may also include specific information about security and network functions, such as the use of removable drives and other detachable media, instant messaging, wireless devices, the Internet, backup storage, network monitoring procedures, and vendor agreements. |
|
|
Term
Since both corporate security policies and network policies contain security information, identify one significant feature of the network policy that the security policy does NOT contain.
Appropriate procedures for logging onto network equipment
Network equipment password policies, expiration dates, and retry limits
Instructions on how to load balance, failover, and restart primary network equipment
Appropriate methods to maintain, upgrade, and troubleshoot network equipment |
|
Definition
Appropriate methods to maintain, upgrade, and troubleshoot network equipment
A network policy is a formalized statement or set of statements that defines network functions and establishes expectations for users, management, and IT personnel. It describes in detail the Acceptable Use Policies of network equipment for an organization, including the appropriate methods to maintain, upgrade, and troubleshoot the network. |
|
|
Term
What is the purpose of grounding when working with electric power or powered equipment?
Grounding stops the electricity from entering your body by shorting the circuit back into the grid.
Grounding acts as a return point for current.
Grounding completes a circuit so that when you’re working, it passes through you without causing harm.
Grounding directs high voltages safely away from humans and into the ground. |
|
Definition
Grounding directs high voltages safely away from humans and into the ground.
Grounding is a safety precaution that is meant to direct current safely away from humans and into the ground. |
|
|
Term
You decide to hire several contract programmers from a local firm. You have verified citizenship, identification, and other legal matters before allowing the contractors to enter the premises for work. Before the contractors begin work, what should you present to each one individually and have them sign?
Corporate Security Policy
Consent to Monitoring Policy
Acceptable Use Policy
Non-disclosure agreement |
|
Definition
Corporate Security Policy
You should have each contractor read and sign the Corporate Security Policy and explain each section to them. |
|
|
Term
Identify an additional reason for executing a rollback process for a change.
You decide that the change process is too complex.
You did not receive all approvals for the change until one hour before your change.
You realize that you are not fully prepared for the change process.
You have gone outside the prescribed change window. |
|
Definition
You have gone outside the prescribed change window.
Generally, if your change takes you outside of the prescribed change window, you have to roll back the change and start the change process again to modify the window (the time required to process a change). |
|
|
Term
Which one of the following is the proper definition of change management?
A systematic way of approving and executing change to ensure maximum security, stability, and availability of information technology services.
A method that defines rules of engagement, training, and management of changes that satisfy security requirements throughout an organization.
A system of procedures that, when followed, allow an organization to effect changes during business hours, but still comply with federal regulations.
A collection of procedures and rules for carrying out changes in various environments without disrupting workflow. |
|
Definition
A systematic way of approving and executing change to ensure maximum security, stability, and availability of information technology services.
Change management is a systematic method of approving and executing change to ensure maximum security, stability, and availability of information technology services. |
|
|
Term
A corporate security policy should include, as a primary component, a definition and description of an organization’s physical and intellectual assets and the employee’s responsibilities when viewing, creating, or disposing of those resources. What is this major piece of the security policy known as?
Unacceptable Use Policy
Consent to Monitoring Policy
Corporate Privacy Policy
Acceptable Use Policy |
|
Definition
Acceptable Use Policy
This is the Acceptable Use Policy and it should be one of the first, if not the first, items in the security policy document. |
|
|
Term
How many stages are there in the change management process?
19
7
12
6 |
|
Definition
| There are seven stages in the change management process. |
|
|
Term
You’ve hired several contractors to assist your staff with a new support contract that you’ve recently won. After having them sign several required corporate documents, you then present them with your new contract’s SOW and SLA documents. What do these two acronyms (SOW and SLA) stand for?
Standards of Work; Security Level Agreement
Statement of Work; Service Level Agreement
Standards of Work; System Level Access
Statement of Work; Security Level Agreement |
|
Definition
Statement of Work; Service Level Agreement
The SOW is the Statement of Work and the SLA is the Service Level Agreement. |
|
|
Term
What is the industry standard data center rack width?
16 inches
24 inches
19 inches
32 inches |
|
Definition
19 inches
The 19-inch rack format is the industry standard. |
|
|
Term
In your effort to maintain some sense of order to your network cabling, which simple practice do you employ?
Using color-coded cables
Cable toning
Port labeling
Using a custom naming convention |
|
Definition
Port labeling
Port labeling is a simple practice that will help keep your connections in order. |
|
|
Term
Where are a company’s intermediate distribution frames (IDFs) usually located?
Any or all floors in a secure closet
At a local distribution office or point-of-presence (POP)
On the building’s roof in a weatherproof box
In a central wiring closet in the geographic center of the building |
|
Definition
Any or all floors in a secure closet
The locations vary, but IDFs are usually situated in a wiring closet on each floor or in each major section of a large single-story structure. IDFs are always kept in locked rooms or in secure locations. |
|
|
Term
Identify the networking peripheral that’s used to support and organize cables in a network.
Cable wrap
Cable trough
Cable tray
Cable channel |
|
Definition
Cable tray
The cable tray helps support and organize network cables and is present in office furniture and other areas where cable management is important for safety and visual aesthetics. |
|
|
Term
What is a patch panel used for?
It is a connection point for drop and patch cables.
To fix broken cables.
It is a standard networking tool used to organize cables and connectors.
It is a central distribution frame for all network connections going into and out of a data center. |
|
Definition
It is a connection point for drop and patch cables.
A patch panel is a connection point for drop and patch cables. Typically, a patch panel has one or more rows of RJ-45 or other connectors. Drop cables are connected to the connectors. Cables run between the connectors to connect drop cables, as needed. |
|
|
Term
If you were installing eight, 2U servers into a rack, which type would you use: two-post or four-post?
Two-post for 2U servers
It depends on where you’re installing them; Europe or the United States
It depends on required air flow and accessibility
Four-post, due to the weight of the individual servers |
|
Definition
Four-post, due to the weight of the individual servers
2U servers are sufficiently heavy to require four-post rack installation. |
|
|
Term
How would you solve the problem of measuring temperature, humidity, and air flow around your rack-mounted servers?
Relying on server Basic Input/Output System (BIOS) monitoring for feedback
Rack monitoring
Requiring thermometers, barometers, and anemometers strategically placed throughout the data center
Performing a twice-daily physical check |
|
Definition
Rack monitoring
Rack monitoring sensors are used to monitor environmental conditions to help maintain constant conditions. |
|
|
Term
Where is a company’s main distribution frame (MDF) usually located?
The first floor, basement, or car park in a secure closet
Outside the building in a radio shack
At a local distribution office or point-of-presence (POP)
Outside the building in a small 3’x3’ telecommunications box |
|
Definition
The first floor, basement, or car park in a secure closet
The location for the MDF can vary in large buildings, but the correct location is either on the ground floor or in the basement or car park. Older-style buildings and flats may have an MDF located on an external wall. Quite often, the MDF in larger buildings is securely locked in a communications room and requires a building manager for access. |
|
|
Term
Where should you place an uninterruptible power supply (UPS)?
As close to the protected equipment as possible.
As far away from the protected equipment as possible to minimize interference.
Near the protected equipment, but out of the way.
In a separate, shielded room or closet. |
|
Definition
Near the protected equipment, but out of the way.
Equipment such as a UPS should always be placed as near as practical to the protected device or circuitry, but out of the way so that regular work is not impeded. |
|
|
Term
What’s the difference between the uses for two-post racks versus the uses for four-post racks?
Four-post racks are the new industry standard rack mount.
Railed two-post racks are the industry standard in the United States.
Two-post racks are designed for lightweight equipment.
Two-post racks are a European standard mount. |
|
Definition
Two-post racks are designed for lightweight equipment.
Two-post racks are designed for lightweight equipment and four-post racks are designed for heavier equipment. |
|
|
Term
If you were installing eight, 2U servers into a rack, which type would you use: two-post or four-post?
Two-post for 2U servers
It depends on where you’re installing them; Europe or the United States
Four-post, due to the weight of the individual servers
It depends on required air flow and accessibility |
|
Definition
Four-post, due to the weight of the individual servers
2U servers are sufficiently heavy to require four-post rack installation. |
|
|
Term
You are also replacing Telnet with the Secure Shell (SSH) protocol. Which port do you need to deny and which do you need to open to complete this transition?
21, 23
22, 21
23, 53
23, 22 |
|
Definition
23, 22
Telnet uses port 23 and SSH uses port 22; therefore, you would deny 23 and allow 22. |
|
|
Term
Identify the major difference between the Session Initiation Protocol (SIP) and the Real-Time Transport Protocol (RTP).
SIP doesn’t transport data.
SIP is newer and more Internet-friendly.
SIP is a standalone protocol.
SIP is a Voice over IP (VoIP) protocol. |
|
Definition
SIP doesn’t transport data.
SIP initiates, modifies, and terminates a session. It is a signaling protocol for multimedia communication sessions. SIP must work with other protocols because it is responsible only for the signaling portion of a communication session. |
|
|
Term
Which one of the following is considered to be a competing Voice over IP (VoIP) protocol with the H.323 suite?
Media Gateway Control Protocol (MGCP)
H.248
Real-Time Transport Protocol (RTP)
Session Initiation Protocol (SIP) |
|
Definition
Media Gateway Control Protocol (MGCP)
MGCP was developed by Cisco as an alternative to H.323. |
|
|
Term
Some members of your staff suggest using one of the network booting protocols so that they can relieve some of the company’s desktop support costs. You agree, but have to allow the protocol through the firewall for it to function. Which protocol and port do you allow?
Trivial File Transfer Protocol (TFTP), 69
Secure File Transfer Protocol (SFTP), 22
File Transfer Protocol (FTP), 21
Remote Desktop Protocol (RDP), 3389 |
|
Definition
Trivial File Transfer Protocol
Trivial File Transfer Protocol (TFTP) uses port 69. |
|
|
Term
Which protocol is analogous to Post Office Protocol (POP)?
Simple Network Management Protocol (SNMP)
Internet Message Access Protocol (IMAP)
Simple Mail Transfer Protocol (SMTP)
Transmission Control Protocol (TCP) |
|
Definition
Internet Message Access Protocol (IMAP)
IMAP is analogous to POP in that they are both used to transfer email from an email server. |
|
|
Term
Identify the Internet Message Access Protocol (IMAP)-specific feature that Post Office Protocol (POP) doesn’t possess?
Users can download email messages to their local computers.
IMAP is an inbound email protocol.
Users can read email using client software.
Users can access folders other than their mailbox. |
|
Definition
Users can access folders other than their mailbox.
Unlike POP3, IMAP4 enables users to access folders other than their mailbox. |
|
|
Term
What is the major advantage of Internet Message Access Protocol (IMAP) over Post Office Protocol (POP)?
IMAP was developed at Stanford University.
IMAP can be left on a server, making it easier to access them from multiple computers or devices.
IMAP can handle both incoming and outgoing messages.
IMAP is a Transmission Control Protocol (TCP) and therefore is more efficient than POP. |
|
Definition
IMAP can be left on a server, making it easier to access them from multiple computers or devices.
IMAP has the advantage of being able to retain messages on the email server, making it easier to use multiple devices that keep email in sync with each other. |
|
|
Term
Simple Mail Transfer Protocol (SMTP) is used for email but is directional in its function. What is the SMTP port number and the direction of email flow that it covers?
110; outbound
25; outbound
25; inbound
110; inbound |
|
Definition
25; outbound
SMTP operates on port 25 in the outbound direction. |
|
|
Term
If you want Windows systems to browse freely across different network segments, you have to allow which protocol through your internal firewall?
Server Message Block (SMB)
Network Basic Input/Output System (NetBIOS)
Transmission Control Protocol (TCP)
Remote Desktop Protocol (RDP) |
|
Definition
Server Message Block (SMB)
SMB is the protocol Windows systems use to browse other systems and shared resources. |
|
|
Term
Windows systems use which protocol to locate and connect to other Windows servers and services on a network?
Simple Network Management Protocol (SNMP)
Remote Desktop Protocol (RDP)
Network Basic Input/Output System (NetBIOS)
Session Initiation Protocol (SIP) |
|
Definition
Network Basic Input/Output System (NetBIOS)
In a Transmission Control Protocol/Internet Protocol (TCP/IP) network, NetBIOS clients, such as Windows systems, use NetBIOS over TCP/IP to connect to servers, and then issue SMB commands to complete tasks such as accessing shared files and printers. |
|
|
Term
Which statement regarding Terminal Access Controller Access Control System Plus (TACACS+) is accurate?
It supports multifactor authentication.
It uses User Datagram Protocol (UDP) as opposed to Transmission Control Protocol (TCP).
It encrypts only passwords, rather than the entire authentication process.
It is backwards-compatible with TACACS. |
|
Definition
It supports multifactor authentication.
TACACS is capable of providing process-wide encryption for authentication, not just password encryption. TACACS uses TCP instead of UDP and supports multiple protocols.
TACACS+ supports multifactor authentication, and is considered more secure and more scalable than RADIUS because it accepts login requests and authenticates the access credentials of the user.
TACACS+ is not compatible with TACACS because it uses an advanced version of the algorithm.
A Network Controller is a hardware component that helps connect a computer to a network. |
|
|
Term
How does the Secure Socket Layer virtual private network (SSL VPN) format differ from the ordinary VPN?
It connects sections of a corporate network.
It works through a web browser.
It requires the installation of a separate client.
It uses tunneling to encapsulate and encrypt data. |
|
Definition
It works through a web browser.
An SSL VPN is a VPN format that works within a web browser. This means that a separate dedicated VPN client is not needed.
Both an SSL VPN and VPN use tunneling to encapsulate and encrypt data.
An Internal VPN would be used for connecting sections of a network. Common implementations involve connecting remote offices to a corporate headquarters. |
|
|
Term
Which of the following is a characteristic of the IP Security (IPSec) encryption method, as opposed to Microsoft Point-to-Point Encryption (MPPE)?
It is often used with Point-to-Point Tunneling Protocol (PPTP).
It requires the use of Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) or MS-CHAPv2.
It uses Data Encryption Standard (DES) or Triple DES (3DES) encryption.
It uses Extensible Authentication Protocol (EAP) remote authentication. |
|
Definition
It uses Data Encryption Standard (DES) or Triple DES (3DES) encryption.
IPSec in Tunnel mode is often used with Layer Two Tunneling Protocol (L2TP). IPSec uses DES or 3DES encryption to provide data confidentiality.
The remaining features listed are characteristics of the MPPE encryption method. |
|
|
Term
Which type of switches primarily work on Layers 4 and 7 of the OSI model, and are thus often referred to as 4-7 switches?
Content switches
Managed switches
Multilayer switches
Cut-through switches |
|
Definition
Content switches
Content switches are capable of making intelligent decisions about data by analyzing data packets in real time, and understand the criticality and type of the request.
Cut-through switching is an operating mode in which the switch forwards a data packet as soon as it
receives it, without performing any error checking or packet processing.
A multilayer switch operates at Layers 2 and 3 of the OSI model. Content switches are sometimes considered to be another type of multilayer switch, but the term “multilayer switch” generally refers to switches that perform only limited routing functions at Layers 2 and 3.
A managed switch is simply a switch that can be configured by the user, and does not relate specifically to a switch that operates at Layers 4 through 7. |
|
|
Term
Which remote control protocol supports a platform-independent desktop sharing system, and is available for almost any operating system?
Independent Computing Architecture (ICA)
Remote Desktop Protocol (RDP)
Virtual Network Computing (VNC)
X Window System |
|
Definition
VNC is a platform-independent desktop sharing system. A VNC viewer on a Linux system can connect to a VNC server on a Microsoft system and vice-versa.
RDP is used specifically for Microsoft's Remote Desktop system.
The Citrix ICA protocol is a remote terminal protocol used by Citrix WinFrame and Citrix Presentation Server software as an add-on to Microsoft Terminal Services.
Current X Window systems are based on the X11 protocol and normally used on UNIX- and Linux-based systems to display local applications. |
|
|
Term
If a web proxy is capable of content filtering, what can you configure it to do?
Generate reports on users' Internet activity.
Evaluate and deny specific types of Internet traffic.
Provide access to the internal network for remote clients.
Grant or deny Internet access based on user names or group membership. |
|
Definition
Grant or deny Internet access based on user names or group membership.
Content filtering is the ability to assess the content of websites based on words or word combinations, and block content that is deemed undesirable.
User security is a feature that allows administrators to grant or deny Internet access based on user names or group membership.
Auditing is a feature that allows administrators to generate reports on users' Internet activity.
Remote access services provide access to the internal network for remote clients. |
|
|
Term
What network feature enables a permanent translation entry that maps a protocol port on a gateway to an IP address and protocol port on a private local area network (LAN)?
Port Address Translation (PAT)
Network Address Translation (NAT)
Port forwarding
Website caching |
|
Definition
Port forwarding
Port forwarding (also referred to as port mapping) enables a permanent translation entry that maps a protocol port on a gateway to an IP address and protocol port on a private LAN.
Website caching enables web proxies to cache web data for clients locally for improved response time.
NAT conceals internal addressing schemes from external networks.
PAT is a subset of dynamic NAT functionality that maps either one or more unregistered addresses to a single registered address using multiple ports. |
|
|
Term
| Port forwarding (also referred to as port ?) enables a ? |
|
Definition
| permanent translation entry that maps a protocol port on a gateway to an IP address and protocol port on a private LAN. |
|
|
Term
| ? conceals internal addressing schemes from external networks. |
|
Definition
| NAT conceals internal addressing schemes from external networks. |
|
|
Term
|
Definition
| subset of dynamic NAT functionality that maps either one or more unregistered addresses to a single registered address using multiple ports. |
|
|
Term
Which type of Domain Name System (DNS) record maps an IP address to the host name for the purpose of reverse lookup?
Pointer (PTR)
IPv6 address (AAAA)
Mail Exchanger (MX)
Canonical name (CNAME) |
|
Definition
The PTR DNS record type maps an IP address to the host name for the purpose of reverse lookup.
The CNAME DNS record type maps multiple canonical names (aliases) to an A record.
The AAAA DNS record maps a host name to its IP address using a 128-bit IPv6 address.
The MX DNS record maps a domain name to an email server list. |
|
|
Term
| The PTR DNS record type does what? |
|
Definition
| maps an IP address to the host name for the purpose of reverse lookup. |
|
|
Term
| The CNAME DNS record type does what? |
|
Definition
| maps multiple canonical names (aliases) to an A record. |
|
|
Term
| The AAAA DNS record does what? |
|
Definition
| maps a host name to its IP address using a 128-bit IPv6 address. |
|
|
Term
| The MX DNS record does what? |
|
Definition
| maps a domain name to an email server list. |
|
|
Term
|
Definition
| the range of IP addresses that the client may be assigned. |
|
|
Term
What are Dynamic Host Configuration Protocol (DHCP) reservations based on?
The number of clients currently connected.
The client’s lease time.
The client’s MAC address.
The client’s IP address. |
|
Definition
| The client’s MAC address. |
|
|
Term
Which option is an example of a top-level domain?
.edu
www
http:
certmaster.com |
|
Definition
The top-level domain is at the top of the DNS hierarchy, and is the closest to the root level. Examples of top-level domains are listed in the following table:
|
Top-Level Domain
|
Entity Type
|
|
.com
|
Commerce
|
|
.edu
|
Education
|
|
.gov
|
Government/Administration
|
|
.net
|
Network
|
|
.org
|
Organization
|
|
|
|
Term
In what way does an Authoritative Name Server (ANS) differ from a default Domain Name System (DNS) server?
It is capable of resolving recursive queries from clients.
It is capable of performing domain name resolution.
It possesses an actual copy of the records for a zone, rather than caching a lookup.
It has the ability of mapping a host name to its IP address using either a 32-bit IPv4 or 128-bit IPv6 address. |
|
Definition
It possesses an actual copy of the records for a zone, rather than caching a lookup.
An ANS is a DNS server that possesses an actual copy of the records for a zone, as opposed to just caching a lookup from another DNS server. Its key function is delegation, which means that part of a domain is delegated to other DNS servers. |
|
|
Term
A port is a 1
A socket is a 2
A protocol is an 3 |
|
Definition
A port is a number that represents a process running on a network. Both clients and servers use port numbers to identify themselves.
A socket is a port that is in use.
A protocol is an agreed-upon format of data transmission between two devices. |
|
|
Term
Which method of providing Internet connectivity is contention-based?
Cable
Leased line
Dedicated line
Dial-up |
|
Definition
Cable
Cable Internet access requires the installation of a cable television connection and a cable modem to provide users with high-speed Internet access. Cable is a contention-based medium, which means that bandwidth is impacted by the number of nodes within the group. If a lot of people are using the Internet at the same time, speed is usually affected.
Dial-up offers a slower method of Internet access over a public switched telephone network (PSTN).
Dedicated lines and leased lines are basically the same thing. Since a dedicated line is used by only a single user, bandwidth is fixed and is not impacted by other users in the area. |
|
|
Term
What benefit does frame relay offer?
It can guarantee Quality of Service (QoS) for a particular virtual channel before the connection is established.
It uses labels on any combination of Layer 2 and Layer 3 headers to ensure faster switching of data.
It allows transmission of data over a shared network medium and bandwidth using virtual circuits.
It carries both voice and data over digital phone lines or public switched telephone network (PSTN) wires. |
|
Definition
It allows transmission of data over a shared network medium and bandwidth using virtual circuits.
Frame Relay is a Wide Area Network (WAN) protocol that allows transmission of data over a shared network medium and bandwidth using virtual circuits.
Multiprotocol Label Switching (MPLS) is a framework of networking functions that uses labels on any combination of Layer 2 and Layer 3 headers.
Integrated Services for Digital Network (ISDN) uses digital channels for data transmission over conventional telephone lines.
Asynchronous Transfer Mode (ATM) is a cell-switching network technology. Unlike frame relay, it can guarantee QoS for a particular virtual channel. |
|
|
Term
What does the Optical Carrier x (OCx) standard specify?
The Layer 1 and Layer 2 standards for wireless local area networks (LANs).
The standard for delivering voice and data over digital phone lines.
The bandwidth for fiber optic transmissions.
The protocol for satellite transmissions. |
|
Definition
The bandwidth for fiber optic transmissions.
The OCx standard specifies the bandwidth for fiber optic transmissions. OCx specifications correspond to the data rates of Synchronous Optical Network (SONET). A single OC channel corresponds to a data rate of 51.84 Mbps. As more channels are added, the throughput increases in proportion. |
|
|
Term
In what way does Coarse Wavelength Division Multiplexing (CWDM) differ from Dense Wavelength Division Multiplexing (DWDM)?
The medium over which the signal is carried.
The Layer of the OSI model at which it functions.
The spacing of wavelengths and the number of channels carried.
The data transmission protocols that can be transmitted. |
|
Definition
The spacing of wavelengths and the number of channels carried.
CWDM and DWDM differ in the spacing of the wavelengths, number of channels, and the ability to amplify the multiplexed signals in the optical space.
The medium is the same for each. They both transmit data over optical fiber.
They also both operate at Layer 1 of the OSI model.
Data from different protocols and technologies such as IP, Synchronous Optical Networking (SONET), and Asynchronous Transfer Mode (ATM) can all travel simultaneously within an optical fiber over both CWDM and DWDM. |
|
|
Term
Which statement is the most accurate description of Integrated Services for Digital Network (ISDN)?
It is a high-performance, multi-service switching technology that is used in packet data networks.
It is a Metropolitan Area Network (MAN) that uses Ethernet standards.
It is a digital circuit switching technology that carries both voice and data over digital phone lines.
It is a multiplexing technology that uses light wavelengths to transmit data. |
|
Definition
It is a digital circuit switching technology that carries both voice and data over digital phone lines.
ISDN uses digital channels for data transmission over conventional telephone lines. However, unlike telephone signaling, ISDN signals are not converted to analog.
Metro-Ethernet is a metropolitan area network that uses Ethernet standards.
Multiprotocol Label Switching (MPLS) is a high-performance, multi-service switching technology that is used in packet data networks.
Dense Wavelength Division Multiplexing (DWDM) is a multiplexing technology that uses light wavelengths to transmit data. |
|
|
Term
Which technology enables network transmissions by working at both Layer 2 and Layer 3 of the OSI model?
Multiprotocol Label Switching (MPLS)
Point-to-Point Protocol (PPP)
Asynchronous Transfer Mode (ATM)
Frame Relay |
|
Definition
Multiprotocol Label Switching (MPLS)
MPLS is a framework of networking functions that uses labels on any combination of Layer 2 and Layer 3 headers. The router reads the label and forwards the packet to its neighbor as opposed to performing a network address lookup in its routing table.
MPLS can travel over PPP, Frame Relay, or ATM, which are each at Layer 2 of the OSI model. The labels created by MPLS are read and rewritten at Layer 3. |
|
|
Term
What is the U.S. version of the standard for synchronous data transport over a fiber optic cable?
Synchronous Optical Network (SONET)
Synchronous Digital Hierarchy (SDH)
802.11
Ethernet |
|
Definition
Synchronous Optical Network (SONET)
SONET is the standard for synchronous data transport over a fiber optic cable. It is the U.S. version of the standard published by ANSI.
SDH is the European version of the standard.
802.11 is a standard that describes Layer 1 and Layer 2 specifications for wireless local area networks (LANs).
Ethernet is a set of networking technologies and media access methods specified for LANs. |
|
|
Term
What telecommunication technology provides wireless broadband access over long distances?
Synchronous Optical Networking (SONET)
WiMAX
Integrated Services for Digital Network (ISDN)
Metro-Ethernet |
|
Definition
WiMAX
WiMAX is a packet-based wireless telecommunication technology that provides wireless broadband access over long distances.
SONET is a standard for data transport over a fiber optic cable.
Typical Metro-Ethernet implementations feature a star network or mesh network topology with servers or routers interconnected through cable or fiber optic media.
ISDN carries both voice and data over conventional telephone lines. |
|
|
Term
Which type of Internet communications infrastructure is not well suited for real-time applications?
A leased subscriber line
Broadband Internet access
Cable Internet access
Satellite Internet access |
|
Definition
Satellite Internet access
Satellite Internet access provides for long-range, global wide area network (WAN) transmissions. Because of the great distances the signal must be transmitted, latency tends to be relatively high. Weather can also adversely affect satellite communications.
The other types of high-speed Internet access, which include cable, broadband, and leased subscriber lines, are each more dependable for real-time communications since their signal transmissions are typically shorter and are not as susceptible to bad weather. |
|
|
Term
Which of the following is not among the advantages of using frame relay?
It offers facilities like that of a leased line, but at a significantly lower cost.
It prevents traffic bursts and enables easy Quality of Service (QoS) implementation.
It can be easily configured to combine traffic from different networking protocols.
It can carry non-IP traffic. |
|
Definition
It prevents traffic bursts and enables easy Quality of Service (QoS) implementation.
Frame relay delivers increased performance with reduced network complexity and offers a pay-as-you-go structure. However, the bursty nature of traffic in a Frame Relay cloud, along with the use of variable-length frames, makes it difficult to provide QoS. |
|
|
Term
What is the maximum transmission speed of a Category 6 (CAT6) Ethernet cable?
10 Gbps
1 Gbps
10 Mbps
100 Mbps |
|
Definition
1 Gbps
.A CAT6 Ethernet cable is capable of providing Gigabit Ethernet, and can therefore reach speeds of 1 Gbps.
The maximum speed of other Ethernet cable categories is described in the following table.
|
Category
|
Maximum Speed
|
|
1
|
1 Mbps
|
|
2
|
4 Mbps
|
|
3
|
10 Mbps
|
|
4
|
16 Mbps
|
|
5
|
100 Mbps
|
|
5e
|
1 Gbps
|
|
6
|
1 Gbps
|
|
6a
|
1 Gbps
|
|
7
|
10 Gbps
|
|
|
|
Term
What would an F connector be used for?
Sending information between two devices by using serial transmission
Connecting a cable TV and FM antenna cables
Terminating a coaxial cable
Allowing broadband transmission over domestic power lines |
|
Definition
A coax connector type is a 75-ohm cable used to connect cable TV and FM antenna cables.
A BNC connector type is a cable connector used to terminate a coaxial cable.
A serial cable is a type of bounded network media that transfers information between two devices by using serial transmission.
Broadband over power lines (BPL) is a technology that allows broadband transmission over domestic power lines. |
|
|
Term
Which connector would NOT be found at the end of a serial cable?
DB-25
RS-232
RJ-11
DB-9 |
|
Definition
A serial cable is a type of bounded network media that transfers information between two devices by using serial transmission. These cables typically use an RS-232 (also referred to as DB-9) connector, but can also use a DB-25 connector.
An RJ-11 connector is a twisted pair connector that is used with Category 1 cables in telephone system connections, and is not suitable for network connectivity. |
|
|
Term
Which type of fiber optic connector has a straight, ceramic center pin and bayonet lug lockdown, and is used to connect multimode fibers?
Local Connector (LC) connector
Straight Tip (ST) connector
Standard Connector (SC) connector
Ferrule Connector (FC) connector |
|
Definition
Straight Tip (ST) connector
ST connectors have a straight, ceramic center pin and bayonet lug lockdown. They are often used in network patch panels.
An SC uses box-shaped connectors that snap into a Receptacle, and is used with a singlemode fiber.
An LC uses an RJ-45–type latching and can be used to transition installations from twisted pair copper cabling to fiber.
An FC uses a heavy duty ferrule in the center for more mechanical stability than SMA or ST connectors. |
|
|
Term
| ? have a straight, ceramic center pin and bayonet lug lockdown. They are often used in network patch panels. |
|
Definition
| ST connectors have a straight, ceramic center pin and bayonet lug lockdown. They are often used in network patch panels. |
|
|
Term
| ST connectors have a 1 and 2 3. They are often used in 4 |
|
Definition
| ST connectors have a straight, ceramic center pin and bayonet lug lockdown. They are often used in network patch panels. |
|
|
Term
| An ? uses box-shaped connectors that snap into a Receptacle, and is used with a singlemode fiber. |
|
Definition
|
|
Term
| An SC uses 1 connectors that 2, and is used with 3. |
|
Definition
1- box-shaped connectors that
2- snap into a Receptacle,
3- singlemode fiber. |
|
|
Term
| An ? uses an RJ-45–type latching and can be used to transition installations from twisted pair copper cabling to fiber. |
|
Definition
|
|
Term
| An LC type connector uses an 1 latching and can be used to 2 from 3 to 4. |
|
Definition
| An LC uses an RJ-45–type latching and can be used to transition installations from twisted pair copper cabling to fiber. |
|
|
Term
| An ? uses a heavy duty ferrule in the center for more mechanical stability than SMA or ST connectors. |
|
Definition
| An FC type connector uses a heavy duty ferrule in the center for more mechanical stability than SMA or ST connectors. |
|
|
Term
| An FC uses a 1 in the 2 for more 3 than SMA or ST connectors. |
|
Definition
An FC uses a
1- heavy duty ferrule in the
2- center for more
3- mechanical stability than SMA or ST connectors. |
|
|
Term
Which statement is the most accurate description of a Mechanical Transfer Registered Jack (MT-RJ) fiber optic connector?
It features a tubular structure made of ceramic or metal that supports the fiber.
It is typically used where environmental factors necessitate a waterproof connection.
It is a compact snap-to-lock connector used with multimode fiber.
It is a screw-on type connector with a tapered sleeve that is fixed against guided rings. |
|
Definition
It is a compact snap-to-lock connector used with multimode fiber.
MT-RJ, also known as Fiber Jack, is a compact snap-to-lock connector used with multimode fiber. It is similar in size to an RJ-45 connector.
A biconic connector is a screw-on type connector with a tapered sleeve that is fixed against guided rings.
A subminiature (SMA) connector is similar to a Straight Tip (ST) connector and is typically used where water or other environmental factors necessitate a waterproof connection, unlike a bayonet-style connector.
A Ferrule Connector (FC) is a tubular structure made of ceramic or metal that supports the fiber. |
|
|
Term
| A ? is a device that terminates cables and enables connections with other devices. |
|
Definition
| A distribution frame is a device that terminates cables and enables connections with other devices. |
|
|
Term
| A distribution frame is a device that 1 and 2. |
|
Definition
| A distribution frame is a device that terminates cables and enables connections with other devices. |
|
|
Term
A punch down tool is used to 1
A circuit tester is an 2
A butt set, also known as a 3, is a 4. |
|
Definition
A punch down tool is used to connect cable wires directly to a patch panel or punch down block.
A circuit tester is an electrical instrument that allows you to determine whether or not current is passing through the circuit.
A butt set, also known as a lineman's test set, is a special type of telephone handset used by telecom technicians when installing and testing local lines. |
|
|
Term
A cable certifier can 1 and determine whether a cable is 2. It can also check if 3 and determine 4.
A multimeter is a tool that allows you to 5. |
|
Definition
|
|
Term
Which type of networking cable does not support data transfer, and is instead used to connect a computer to a router's console port?
Patch cable
Rollover cable
Straight-through cable
Crossover cable |
|
Definition
Rollover cable
In a rollover cable, one end of the cable is wired exactly the opposite of the other end of the cable, going from one to eight on end A and from eight to one on end B. Instead of allowing data transfer, they provide an interface for programmers to connect to and adjust the router's configuration.
A straight-through cable is used to connect unlike devices, such as computers, to hubs or switches. These cables are also known as patch cables.
A crossover cable is used to connect like devices, such as computer to computer, switch to switch, or router to router. |
|
|
Term
If a home user connects his laptop, desktop, and printer to a router to allow for wireless access throughout his home, what type of network has he just established?
A Wireless Personal Area Network (WPAN)
A Metropolitan Area Network (MAN)
A Storage Area Network (SAN)
A Wireless Local Area Network (WLAN) |
|
Definition
A Wireless Local Area Network (WLAN)
A WLAN is a self-contained network of two or more computers connected using a wireless connection. It is very common is SOHO environments that typically involve a small number of computers and often a printer or two.
A WPAN connects wireless devices in close proximity but not through a Wireless Access Point (WAP), such as a router.
A MAN covers an area equivalent to a city or a municipality.
A SAN is a high-speed data transfer network that provides access to consolidated block-level storage. |
|
|
Term
How can devices in a Wireless Personal Area Network (WPAN) communicate with each other?
Router
Bluetooth
Hotspot |
|
Definition
Bluetooth
A Wireless Personal Area Network (WPAN) is a variation of Personal Area Network (PAN) that connects wireless devices in close proximity but not through a Wireless Access Point (WAP). Infrared and Bluetooth are technologies used for connecting devices in a WPAN.
A hotspot is a location that offers Internet/Wi-Fi access over a WLAN.
A router is a common example of a Wireless Access Point. |
|
|
Term
In which typical topology do nodes receive the data transmitted all at the same time, regardless of the physical bus layout of the network?
Logical star topology
Logical bus topology
Logical mesh topology
Logical ring topology |
|
Definition
Logical bus topology
In a physical star-logical bus topology, even though nodes connect to a central switch and resemble a star, data appears to flow in a single, continuous stream from the sending node to all other nodes through the switch. Nodes receive the data transmitted all at the same time, regardless of the physical wiring layout of the network. |
|
|
Term
What is the key difference between a Supervisory Control and Data Acquisition (SCADA) system and a Distributed Control System (DCS)?
A SCADA only facilitates communication in close-proximity systems, whereas a DCS is for globally dispersed systems.
A SCADA is centralized in nature, whereas a DCS is not.
A SCADA involves the use of Programmable Logic Controllers (PLCs), whereas a DCS does not.
A SCADA is a type of Industrial Control System (ICS), whereas a DCS is not. |
|
Definition
A SCADA is centralized in nature, whereas a DCS is not.
SCADA systems are used in situations where sites are at great geographical distances from one another. A SCADA control center monitors and manages remote sites by collecting and processing data and then sending supervisory commands to the remote station's control devices.
In DCSs, as the name suggests, control is not as centralized as in a SCADA system. In most instances, each main process is broken down into a series of sub-processes, each of which is assigned an acceptable tolerance level.
Both SCADA systems and DCSs can use PLCs. |
|
|
Term
Which type of wireless technology uses radio frequency (RF)-based media in the 2.4 GHz spectrum to facilitate short-range wireless communication between devices, and does not need line-of-sight to make connections?
Infrared
Bluetooth
Microwave
Radio |
|
Definition
Bluetooth
Bluetooth is a wireless technology that uses the 2.4 GHz spectrum to establish a connection between two devices that are typically only 30 meters apart. Up to eight Bluetooth devices can be connected to each other at a point in time. Bluetooth establishes a link using an RF-based media and does not need line-of-sight to make connections. |
|
|
Term
What is a direct connection between two nodes on a network referred to as?
Point-to-multipoint connection
Multipoint-to-multipoint connection
Point-to-point connection
Logical connection |
|
Definition
Point-to-point connection
Point-to-point connection is a direct connection between two nodes on a network. One node transmits data directly to the other. This communication can happen through both wired or wireless media, provided that there are no obstacles such as interferences hindering the connection.
Point-to-multipoint connections are connections between multiple nodes. Each multipoint connection has more than two endpoints. A signal transmitted by any device on the medium is not private. All
devices that share the medium can detect the signal but they do not receive it unless they are the
recipients. |
|
|
Term
How does a partial mesh topology differ from a full mesh topology?
In a partial mesh topology, a central device is used to facilitate communications between nodes.
In a partial mesh topology, some nodes are not connected to any other nodes.
In a partial mesh topology, only a few nodes have direct links with all the other nodes.
In a partial mesh topology, the characteristics of more than one standard topology are present. |
|
Definition
In a partial mesh topology, only a few nodes have direct links with all the other nodes.
In a full mesh topology, all nodes on the network are directly connected to each other on the network. This means that all computers have dedicated lines to all other computers.
A partial mesh topology is a variant in which only some nodes have direct links to all other nodes. This helps reduce the complexity and cost of a full mesh setup, and also involves fewer redundancies. |
|
|
Term
How many bits in length is an IP version 4 (IPv4) address?
64 bits
32 bits
128 bits
256 bits |
|
Definition
| An IP address is a binary address assigned to a computer so that it can communicate with other computers and devices on a Transmission Control Protocol/Internet Protocol (TCP/IP) network. IPv4 addresses are 32 bits in length, while IPv6 addresses are 128 bits long. |
|
|
Term
What is the decimal equivalent of the binary octet 11100000?
224
192
168
255 |
|
Definition
|
Octet
|
1st bit
|
2nd bit
|
3rd bit
|
4th bit
|
5th bit
|
6th bit
|
7th bit
|
8th bit
|
|
Scientific notation
|
1
|
1
|
1
|
0
|
0
|
0
|
0
|
0
|
|
Decimal notation
|
128
|
64
|
32
|
16
|
8
|
4
|
2
|
1
|
| |
128+64+32 = 224
|
|
|
|
|
|
|
|
|
|
Term
| Class D IP addresses are set aside to support |
|
Definition
|
|
Term
Which type of IP address class provides a large number of network addresses for networks with a small number of nodes per network?
Class E
Class A
Class B
Class C
Class D |
|
Definition
Class C addresses provide a large number of network addresses for networks with a small number of nodes per network. The technical definition of a Class C address is any address in which the first three bits of the first octet are 110.
An example of a Class C IP address is 201.208.120.86. This is a Class C address because the first octet (in this case, 201), is expressed as 11001001 in binary. The first three bits of this octet are 110, which meets the definition of a Class C address.
Class A addresses provide a small number of network addresses for networks with a large number of nodes per network. Used only by extremely large networks, Class A addresses are too expensive for use by most organizations. The technical definition of a Class A address is any address where the first octet (on the left) begins with 0.
Class B addresses provide a balance between the number of network addresses and the number of nodes per network. Most organizations lease Class B addresses for use on networks that connect to the Internet. The technical definition of a Class B address is any address where the first octet (on the left) begins with 10.
Class D addresses are set aside to support multicast transmissions. Any network can use them, regardless of the base network ID. A multicast server assigns a single Class D address to all members of a multicast session. There is no subnet mask. Class D addresses are routable only with special support from routers. The technical definition of a Class D address is any address where the first octet (on the left) begins with 1110.
Class E addresses are set aside for research and experimentation. The technical definition of a Class E address is any address where the first octet (on the left) begins with 1111. |
|
|
Term
| Class A IP addresses provide a 1 for networks with 2. |
|
Definition
| Class A IP addresses provide a small number of network addresses for networks with a large number of nodes per network. |
|
|
Term
| Class B IP addresses provide a 1 between the 2 and the 3. |
|
Definition
| Class B IP addresses provide a balance between the number of network addresses and the number of nodes per network. |
|
|
Term
| Class C IP addresses provide a 1 for networks with a 2. |
|
Definition
| Class C IP addresses provide a large number of network addresses for networks with a small number of nodes per network. |
|
|
Term
What does Teredo tunneling on a Windows OS allow you to do?
Convert IPv4 addresses into IPv6 addresses.
Encapsulate IPv4 packets to be sent across IPv6 networks.
Convert IPv6 addresses into IPv4 addresses.
Encapsulate IPv6 packets to be sent across IPv4 networks. |
|
Definition
Encapsulate IPv6 packets to be sent across IPv4 networks.
In the tunneling process, a data packet is enveloped in a form that is acceptable to the carrier. To make sure the packets can travel across all Internet service providers (ISPs), the client encapsulates the IP version 6 (IPv6) packets into IPv4. This is allowed by Teredo tunneling on Windows operating systems, and by Miredo on Linux and Macintosh operating systems. |
|
|
Term
|
Definition
| nodes contend for access to the same physical medium. This occurs on a logical bus, where the transmission of a single node is heard by all nodes. A collision can happen in this type of situation. |
|
|
Term
|
Definition
| network segment on which broadcasts occur. |
|
|
Term
|
Definition
| logical subset of a larger network, created by an administrator to improve network performance or to provide security. |
|
|
Term
|
Definition
| process by which all nodes are logically separated from each other until there is a need to connect them. |
|
|
Term
Which protocols would allow you to implement distance-vector routing?
Open Shortest Path First (OSPF)
Routing Information Protocol version 2 (RIPv2)
Border Gateway Protocol (BGP)
Intermediate System to Intermediate System (IS-IS) |
|
Definition
Routing Information Protocol version 2 (RIPv2)
RIPv2 and IGRP are both distance-vector routing protocols that calculate the direction and distance between any two points and route packets based on their calculation of the fewest number of hops.
OSPF and IS-IS are both link state routing protocols that attempt to build and maintain a more complex route database with more information about the network.
BGP is considered a hybrid routing protocol that uses both distance-vector and link state routing methods. |
|
|
Term
What routing metric does the maximum transmission unit (MTU) describe?
The number of hops between the source and the destination host.
The time that it takes for the destination host to reply to the pinging server.
The maximum transmission speed permitted between two devices.
The size of the largest protocol data unit that the layer can pass onwards. |
|
Definition
The size of the largest protocol data unit that the layer can pass onwards.
MTU describes the size of the largest protocol data unit that the layer can pass onwards, and is expressed in bytes. The standard MTU of an Ethernet frame is 1,500 bytes, but this can be surpassed in jumbo frames. |
|
|
Term
What are Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Enhanced Interior Gateway Routing Protocol (EIGRP) all examples of?
Autonomous Systems (AS)
Exterior Gateway Protocols (EGPs)
Hybrid Protocols (HP)
Interior Gateway Protocols (IGPs) |
|
Definition
Interior Gateway Protocols (IGPs)
IGPs are protocols that are responsible for exchanging routing information between gateways within an Autonomous System. Examples of IGPs include RIP, OSPF, EIGRP, IS-IS, and IGRP. |
|
|
Term
Which component of a Unified Communications (UC) network is responsible for connecting your private UC network with a public network?
A UC device
A UC server
A UC protocol
A UC gateway |
|
Definition
A UC gateway
A Unified Communications gateway connects your private UC network with a public network. It allows users to connect with the outside world, and also allows mobile users to connect from the outside into the private network.
A Unified Communications server provides the actual services that users will use, such as voice, video, fax, messaging, etc.
A Unified Communications device is the client-side device that allows the user to use unified communications services. These are items such as headsets, webcams, VoIP phones, and so on. |
|
|
Term
Which of the following is an example of real-time Unified Communications technology?
Voicemail
Desktop sharing
Short Message Service (SMS)
Email |
|
Definition
Desktop sharing
Desktop sharing is an example of a real-time Unified Communications technology because it allows for instant, synchronous communication between users. The other formats are considered asynchronous, because a message that is delivered by the sender might not be accessed by the recipient for hours or days. |
|
|
Term
Which option describes an advantage of using static routing as opposed to dynamic routing?
It requires minimal maintenance once the routing table is established by the administrator.
It is capable of detecting network problems and selecting a different routing path on the fly.
It allows you to make changes to the physical topology without causing routing problems.
It does not create network traffic by sending routing table updates to other routers. |
|
Definition
It does not create network traffic by sending routing table updates to other routers.
Static routing is best suited to smaller environments in which the network topology is very unlikely to change. It is also helpful in lower-bandwidth infrastructures, since static routers are not constantly creating traffic by network status updates to other routing devices.
The disadvantages of static routing are notable, though. Static routers cannot dynamically select an alternate route path in the event of a failure. An admin must maintain a static router anytime changes are made to the network. This means that you cannot make changes to the physical network topology without creating routing problems. |
|
|
Term
What is Shortest Path Bridging (SPB)?
A replacement for Spanning Tree Protocol (STP) that simplifies the creation and configuration of networks
An improvement over Routing Information Protocol (RIP) that is designed to be deployed on interior routers within an autonomous system
A hybrid routing protocol used to establish routing between Internet service providers (ISPs)
A proprietary routing protocol by Cisco that supports classful and classless subnet masks |
|
Definition
A replacement for Spanning Tree Protocol (STP) that simplifies the creation and configuration of networks
SPB combines an Ethernet data path with an IS-IS link state control protocol running between Shortest
Path bridges. It is a replacement for STP that simplifies the creation and configuration of networks, while enabling multipath routing.
Border Gateway Protocol (BGP) is a hybrid routing protocol used to establish routing between ISPs.
Interior Gateway Routing Protocol (IGRP) is an improvement over RIP that is designed to be deployed on interior routers within an autonomous system.
Enhanced Interior Gateway Routing Protocol (EIGRP) is a proprietary routing protocol by Cisco that supports classful and classless subnet masks. |
|
|
Term
What parameter is used in data and voice protocols to aid QoS by differentiating the types of payloads contained in the packet being transmitted?
Session Initiation Protocol (SIP)
Differentiated Services Code Point (DSCP)
Session Description Protocol (SDP)
Class of Service (COS) |
|
Definition
Class of Service (COS)
COS is a parameter used in data and voice protocols to differentiate the types of payloads contained in the packet being transmitted. It aids Quality of Service (QoS) by assigning priorities to the data payload or access levels to the telephone call.
DSCP is another component that aids in QoS. It is a field in an IP packet that enables different levels of service to be assigned to network traffic.
SIP is a signaling protocol for multimedia communication sessions that initiates, modifies, and terminates a session.
SDP describes the content of a multimedia communication session. |
|
|
Term
What command would you use in Windows Server 2012 R2 to clear a static routing table of all entries?
route-f
route delete
route -p
route add |
|
Definition
The route-f command would clear a static routing table of all entries.
|
Command
|
Used To
|
|
route print
|
Display the routing table entries.
|
|
route add
|
Add static entries.
|
|
route delete
|
Remove static entries.
|
|
route change
|
Modify an existing route.
|
|
route -p
|
Make the specified route persistent across reboots, when used in conjunction
with the add command.
|
|
route -f
|
Clear a routing table of all entries.
|
|
|
|
Term
What process is used on packet-switched networks to automatically calculate route costs and routing table entries?
Link state routing
Route looping
Distance-vector routing
Static routing |
|
Definition
Distance-vector routing
Distance vector routing is a simple routing protocol used in packet-switched networks that utilizes distance to decide the best packet forwarding path. Distance is typically represented by the hop count.Nov 19, 2005
Distance vector routing definition by The Linux Information ...
www.linfo.org/distance_vector.html |
|
|
Term
What is a virtual switch?
A software-based framework that enables the host computer to act as a hardware router over a LAN.
A software application that enables communication between virtual machine
A virtual machine that runs a network operating system or other server software
A program that virtualizes a physical network interface card |
|
Definition
A software application that enables communication between virtual machines
A virtual switch is a software application that enables communication between virtual machines. It is capable of intelligently directing the communication on a network by checking data packets before moving them on.
A virtual network interface controller (NIC) is a program that virtualizes a physical network interface card.
A virtual server is a virtual machine that runs a network operating system or other server software.
A virtual router is a software-based framework that enables the host computer to act as a hardware router over a Local Area Network (LAN). |
|
|
Term
What type of cable would you need if you wanted to connect unlike devices, such as a computer to a switch?
A straight-through cable
A plenum cable
A rollover cable
A crossover cable |
|
Definition
Straight-through cables (also known as patch cables) are used to connect unlike devices. All wire pairs are in the same order at each end of the cable.
Crossover cables are used to connect like devices, such as device to device, switch to switch, or router to router.
Rollover cables are used to connect a device to a router's console port. In this type of cable, one end of the cable is wired exactly the opposite of the other end of the cable.
A plenum cable is a network cable that is jacketed tightly around conductors to prevent poisonous gas from emanating in the event of a fire. |
|
|
Term
Which of the following are traits of a Fibre Channel Storage Area Network (SAN), rather than an Internet Small Computer System Interface (iSCSI) SAN?
It can be implemented over an existing Ethernet network.
It can reach higher speeds, typically up to 16 Gbps.
It facilitates data transfers by carrying commands over IP networks. |
|
Definition
It can reach higher speeds, typically up to 16 Gbps.
Fibre Channel is a technology for transmitting data between computer devices at data rates of up to
16 Gbps. Optical fiber is not required for Fibre Channel. It works by using coaxial cable and ordinary telephone twisted pair.
iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances by carrying SCSI commands over IP networks. This type of SAN is popular because it does not require an investment in expensive Fibre Channel cabling, and can run along an existing Ethernet network. |
|
|
Term
In which situation would a business likely be interested in an Identity as a Service (IDaaS) infrastructure?
The business would like to rent data center resources rather than purchase and manage its own.
The business would like an alternative to installing software applications on client machines.
The business needs network-based services through the cloud, such as Quality of Service (QoS) management.
The business performs transactions that require authentication, registration, and identity verification. |
|
Definition
The business performs transactions that require authentication, registration, and identity verification.
IDaaS is an authentication infrastructure that you can rent from a service provider, which provides single sign-on capabilities for the cloud. It allows an organization or individual to perform electronic transactions that require identity data managed by a service provider.
A business seeking an alternative to installing software applications on client machines should consider Software as a Service (SaaS).
A business seeking to rent data center resources rather than purchase and manage its own should consider Infrastructure as a Service (IaaS).
A business that needs network-based services through the cloud (such as monitoring and QoS management) should consider Network as a Service (NaaS). |
|
|
Term
How do jumbo frames increase network performance?
They increase the payload beyond the typical Ethernet maximum transmission unit (MTU).
They allow for data to be transferred in smaller, more efficient packets.
They allow packets to be sent without headers, resulting in less network processing.
They allow a complete data transmission to occur over one single, large frame. |
|
Definition
They increase the payload beyond the typical Ethernet maximum transmission unit (MTU).
A jumbo frame is an Ethernet frame with a payload greater than the standard MTU of 1,500 bytes. Jumbo frames can be as large as 9,000 bytes, and are used on Local Area Networks (LANs) that support at least 1 Gbps.
Jumbo frames still use the same headers as typical Ethernet frames. They are more efficient because more data is sent within the data portion of the frame, resulting in fewer overall frames that need to be processed at the network level. |
|
|
Term
Which of the following are characteristics of a virtual firewall running in bridge mode?
It allows the host computer to act as a hardware router.
The firewall does not actively participate in routing the traffic.
It resides in the core hypervisor kernel of the host machine. |
|
Definition
The firewall does not actively participate in routing the traffic.
A virtual firewall can operate in different modes, which provide different services. A virtual firewall operating in bridge mode does not actively participate in routing the traffic, and also does not require any IP routing changes or subnetting to be inserted into place.
A virtual firewall operating in hypervisor mode resides in the core hypervisor kernel and monitors the virtual host machine's incoming and outgoing traffic.
A virtual firewall does not allow the host computer to act as a hardware router. A virtual router would be needed for this. |
|
|
Term
Stumbling a Wi-Fi network involves using which type of tool?
A port scanning application.
A wireless survey application.
A MAC address spoofing application.
A wireless performance logger application. |
|
Definition
A wireless survey application.
Stumbling a wireless network requires a surveying application to identify wireless services. |
|
|
Term
To set up a simple, logfile-based device monitoring system on your network, what would you use?
OpenLDAP
Windows Events
Syslog
LogWatch |
|
Definition
Syslog
Syslog is a simple, easy to set up logfile-based monitoring system that collects data from many types of devices via the syslog agent that is already present on most operating systems and networked devices. |
|
|
Term
For SNMP to work, you must have what feature installed or enabled on each network element?
The syslog service.
A management agent.
A firewall.
The appropriate SDK for the host operating system. |
|
Definition
A management agent.
SNMP requires that the management agent feature to be installed or enabled on each network element to be monitored. |
|
|
Term
The Management Information Base (MIB) is best understood as what type of structure?
An RDBMS (relational database).
A top-down hierarchical tree.
A read-only text file.
A readable and writeable CSV file. |
|
Definition
A top-down hierarchical tree.
The MIB is a database that has a top-down hierarchical structure. |
|
|
Term
If you want to report on the overall availability of your network’s services to management, where would you look?
From a central workstation, using a command such as rup.
Using the ping command from a management workstation.
The management station’s availability statistics page or dashboard.
At the command line of each operating system, using a command such as uptime. |
|
Definition
The management station’s availability statistics page or dashboard.
Your management software will have an availability page or a dashboard from which you can readily read your individual and overall availability numbers. |
|
|
Term
You notice a high number of pings on your network and you suspect that it might be the beginning of a denial-of-service attack. Which command line tool can you use to quickly capture network information and packet flow?
arp
tcpdump
ifconfig
netstat |
|
Definition
tcpdump
Tcpdump is a packet capture tool that allows you to intercept and capture packets passing through a network interface. It will help to monitor the packet flow, packet flow responses, packet drop, and ARP information. |
|
|
Term
Which of the following would be the best choice for your management station software?
OpenStack
OpenUPS
OpenNMS
OpenVMS |
|
Definition
OpenNMS
OpenNMS is free, open source network management software that uses SNMP traps to generate alerts and notifications for your network devices. |
|
|
Term
You don’t find a rogue service on your first network sweep. What can you do to increase your chances of finding the service on a subsequent sweep?
Increase the scanner’s signal-to-noise ratio.
Limit the port range to all ports under 1024.
Extend the upper end of port range to 65535.
Adjust the scanner to perform a slower sweep. |
|
Definition
Extend the upper end of port range to 65535.
Users who don’t want to be found in a typical sweep will configure a port above 1024 hoping that a standard sweep will miss the rogue port. |
|
|
Term
Name the three essential components required to implement SNMP on your network.
Network-connected devices, SNMP agents, and a management station
Complete operating systems, SNMP agents, and a private network
Network-connected devices, SNMP-enabled routers, and a Class A network
SNMP software, vendor-supplied OIDs, and a management workstation |
|
Definition
Network-connected devices, SNMP agents, and a management station
An SNMP-managed network consists of three key components: network-connected devices, SNMP agents, and a management station. |
|
|
Term
By identifying your network’s top talkers and top listeners, you’re taking the first steps toward what network management technique?
Traffic manipulation
Traffic contention
Traffic shaping
Traffic policing |
|
Definition
Traffic shaping
Traffic or packet shaping identifies the types of traffic on your network and allows you to set up traffic profiles to modulate traffic depending on its type and destination. One of the first steps taken toward creating profiles through traffic shaping is the task of identifying your network’s top talkers and top listeners. |
|
|
Term
You suspect that some of your users are using a lot of network bandwidth by running programs such as BitTorrent. How can you minimize their effect on your network’s valuable data transmissions?
By banning the standard BitTorrent port.
By throttling all incoming traffic to your network.
By implementing traffic profiles.
By implementing a network intrusion detection system. |
|
Definition
By implementing traffic profiles.
Identifying the different types of traffic on your network and shaping the network through the use of traffic profiles is the most effective method of limiting bandwidth for non-business or low-priority traffic. |
|
|
Term
What is NMAP?
It is an open source port scanner.
It is an open source port replicator
It is a website mapping application.
It is an open source firewall application. |
|
Definition
It is an open source port scanner.
NMAP is an open source port scanner. Its use by anyone other than network or security personnel is often prohibited due to the amount of information provided on its targets (servers). |
|
|
Term
What is the SNMP command line utility that allows you to display a list of all results based on a single OID?
snmpread
snmpwalk
snmptrap
snmpget |
|
Definition
snmpwalk
The snmpwalk command line utility displays a list of all results that lie within the subtree rooted on the specified OID. Snmpwalk can also be used to display a single object if an exact instance of an OID is specified. |
|
|
Term
Active monitoring, in contrast to passive monitoring (collecting network data), entails doing what on your network?
Sending spoofed ARP messages onto the network.
Injecting test traffic to measure performance.
Simulating a SYN flood attack.
Creating pseudo devices on a network. |
|
Definition
Injecting test traffic to measure performance.
Active monitoring is the injecting of safe test traffic onto a network to conduct performance tests. Passive monitoring is the collection of existing traffic for further analysis. |
|
|
Term
How do you set up a syslog agent on the Windows operating system?
Enable the syslog service that’s disabled by default.
Download and install a third-party agent.
Use the Syslog Compatibility Mode in Windows Events.
Uncomment the syslog daemon entry under C:\Windows\System32\etc\services and start the service. |
|
Definition
Download and install a third-party agent.
Syslog is not a native Windows application, even in Windows Server 2012. You’ll have to download and install the syslog agent for Windows operating systems. |
|
|
Term
In the message STATUS_BUFFER_OVERFLOW (Malformed Packet), does the malformed packet imply that a system is under attack?
No, the application or service needs to be cache flushed.
No, because it isn’t an actual buffer overflow error.
Yes, and you should investigate all packets with the same destination.
Yes, the application should be checked for malware. |
|
Definition
No, because it isn’t an actual buffer overflow error.
No, because the error—although misleading—doesn’t refer to a buffer overflow. It is, however, an application bug and is easily reproducible. |
|
|
Term
How would you isolate the malformed packet(s)?
Use an SMB2 filter in the network capture.
Continue collecting data until the error appears again.
Scroll through the network capture file until the entry is located.
Filter the network capture for a malformed packet. |
|
Definition
Use an SMB2 filter in the network capture.
To find related errors, filter the capture for SMB2 and read through the errors until you find the malformed packet entry. |
|
|
Term
What does the message STATUS_BUFFER_OVERFLOW (Malformed Packet) mean?
The application buffer was too small.
There were too many buffers in the application.
Event logs are too small to continue collecting data.
A buffer overflow has occurred in an application. |
|
Definition
The application buffer was too small.
This message is misleading. It doesn’t actually mean that a buffer overflow has occurred. It means that the buffer passed by the application was too small to hold all the requested data. Its name should really be STATUS_BUFFER_OVERFLOW_PREVENTED or STATUS_INSUFFICIENT_BUFFER. |
|
|
Term
What does the message “No Gbic” mean for switch ports Gi1/1 and Gi1/2?
The link status is down.
There are no cables plugged into the Gbic ports.
The Gbic modules are missing on those ports.
Those ports are non-gigabit speed capable. |
|
Definition
The Gbic modules are missing on those ports.
The Gbic modules are missing from those two ports. |
|
|
Term
Identify a tool used to collect network performance data.
The UNIX netstat command
HP’s LoadRunner
The UNIX vmstat command
Windows Performance Monitor |
|
Definition
Windows Performance Monitor
The Windows Performance Monitor can be used to collect network performance data. |
|
|
Term
What information should you include in your network diagrams?
Location and routing information for network devices.
Wiring schematics and location data for network devices.
Network device operating system revision numbers and routing information.
Names and functions for all network nodes, including servers. |
|
Definition
Location and routing information for network devices.
Also known as network maps, network diagrams provide location and routing information for network devices. |
|
|
Term
Why is it important to keep vendor documentation?
It acts as a proof of purchase for your equipment.
It contains best practices for configuring the equipment for your network.
It provides learning resources for new network administrators.
It contains contact information, support site, and maintenance information. |
|
Definition
It contains contact information, support site, and maintenance information.
Vendor documentation contains contact information, support site information, and maintenance details. |
|
|
Term
Why should you implement a Network Access Control (NAC) solution?
So that only authorized personnel are allowed access to network resources.
To be sure that there are no viruses on any new devices connecting to the network.
To identify and prevent hackers and hacked devices access to the network.
To be sure devices are secured before gaining access to the network. |
|
Definition
To be sure devices are secured before gaining access to the network.
While all of the answers are valid for network access, NAC generally refers to device access begin allowed or denied based on specific criteria, such as having antivirus software installed, having a firewall enabled, or preventing jailbroken devices from accessing the network. |
|
|
Term
Identify two essential logical network diagram components.
Wiring schematics and network equipment
Device FQDNs and cabling diagrams
Routing topology and node trust relationships
Cabling diagrams and floor locations of equipment |
|
Definition
Routing topology and node trust relationships
Logical network diagrams contain routing topology and node trust relationships. Additionally, they contain node IP addresses, device FQDNs, and application types. |
|
|
Term
For companies that employ SCADA systems to gather data remotely into a central computer, network administrators have begun to isolate these networks. Identify two components of these isolated networks.
A firewall and a network policy.
A firewall and a network segment.
A firewall and a honeypot.
A firewall and a smart switch. |
|
Definition
A firewall and a network segment.
Network administrators are separating SCADA systems into their own network segments known as security zones, where, among an array of hardware and software security, firewalls are implemented. |
|
|
Term
Why does a system’s firmware need to be updated?
To test new features.
To prevent boot sector viruses.
To satisfy vendor agreements and maintain warranties.
To provide hardware enhancements and fixes. |
|
Definition
To provide hardware enhancements and fixes.
Firmware updates fix minor problems or bugs and also offer hardware enhancements. They should be applied cautiously and after testing on non-production systems. |
|
|
Term
Why do some compliance authorities insist on network segmentation?
Because of the heightened threat of network attacks.
To reduce the amount of Internet traffic flowing out of the protected systems.
To raise the cost of doing business in certain key market areas.
Because of the need for heightened security for sensitive data. |
|
Definition
Because of the need for heightened security for sensitive data.
The PCI Security Standards Council, for example, requires network segmentation for PCI systems. This is to guarantee that external attacks can’t traverse into PCI systems and vice versa. |
|
|
Term
What single practice ensures that, in the case of a disastrous patch event, your system can be successfully restored to working order?
Having a solid backout plan.
Creating a system and configuration backup.
Using virtual machines rather than physical machines.
Creating and maintaining a good patch policy. |
|
Definition
Creating a system and configuration backup.
In case of a patch event failure that renders your system inoperable and non-repairable, you should be sure to have system backups and configuration backups to quickly restore the system to production. |
|
|
Term
Vendors often supply driver updates for their products. How do you know which you should apply and which you should ignore?
You should always apply vendor-supplied driver updates.
Vendor-supplied drivers should only be applied under extreme circumstances.
If an update fixes a problem you have or supplies a feature you need, then apply it.
Vendor-supplied drivers should be applied if warranties or service contracts demand it. |
|
Definition
If an update fixes a problem you have or supplies a feature you need, then apply it.
Vendor-supplied driver updates are generally safe to install, but there’s always a risk. You should evaluate them for fixing problems that you have or for features that you need. |
|
|
Term
Why should testing labs be isolated with a network segment?
They have unlimited Internet access.
Their bandwidth usage is too high to mix with production traffic.
Their lack of security control makes it necessary.
They are outside of corporate firewalls. |
|
Definition
Their lack of security control makes it necessary.
Most testing labs are far outside the control of security, so segmentation is necessary to ensure the safety of the rest of the network. |
|
|
Term
What are two reasons to segment a network?
To boost performance and to better limit rogue services.
To make it easier to gather network protocol data and to limit user interaction.
To lower the number of collisions per host and to enhance security.
To boost performance and enhance security. |
|
Definition
To boost performance and enhance security.
The two main reasons why network administrators segment networks are to boost network performance and to enhance security. |
|
|
Term
| Port mirroring definition |
|
Definition
What is Port Mirroring?
- Definition from Techopedia
https://www.techopedia.com/definition/16134/port-mirroring
Port mirroring is a method of copying and sending network packets transmitted as input from a port to another port of a monitoring computer/switch/device. It is a network monitoring technique implemented on network switches and similar devices. |
|
|
Term
After you’ve made some basic configuration changes to the router, how do you test its connectivity with the rest of the network or to the Internet?
Check the link lights on the router.
Use ping or nslookup to other hosts or sites.
Clear the router’s ARP cache.
Perform a network sniff to see router traffic. |
|
Definition
Use ping or nslookup to other hosts or sites.
The standard method is to ping or nslookup other network hosts or Internet sites. |
|
|
Term
VLAN tagging is also known as what?
VLAN frame filtering
VLAN identification
Frame naming
Frame tagging |
|
Definition
| VLAN tagging, also known as frame tagging, is a method developed by Cisco to help identify packets traveling through trunk links. |
|
|
Term
What is the IEEE standard designation for the Spanning Tree Protocol (STP)?
801.1d
802.1d
802.3d
802.d |
|
Definition
802.1d
The IEEE standard for STP is 802.1d. |
|
|
Term
| Managed switches allow administrators to create ??? within the network. |
|
Definition
|
|
Term
| A VLAN is a 1 2 of 3 on the 4. |
|
Definition
A VLAN is a
1 - logical
2 - grouping of
3 - ports on the
4 - switch. |
|
|
Term
| Port mirroring is useful as a 1 when you need to 2 going to a 3 with minimal impact on the network performance. |
|
Definition
| Port mirroring is useful as a diagnostic tool when you need to monitor all traffic going to a particular port or node with minimal impact on the network performance. |
|
|
Term
| Power over Ethernet (PoE or PoE+) is typically deployed where |
|
Definition
| running electrical power is inconvenient or impossible, such as under the eave of a house. |
|
|
Term
| Two restrictions that dictate which type of switch and its features you select are 1 & 2. |
|
Definition
| Two restrictions that dictate which type of switch and its features you select are your budget and the number of users the switch must support. |
|
|
Term
| The ? standard describes PoE. |
|
Definition
The 802.3af standard describes PoE.
Power over Ethernet (PoE) technology enables networks to deliver electrical power and standard data over Ethernet cabling, with up to 15.4 W of DC power supplied to each powered device and with 12.95 W being assured due to power dissipation during delivery? |
|
|
Term
Identify a restriction on the placement (physical location) of your switch.
Switch to node cable length.
Access to a data center rack.
Adequate cooling for the electrical components.
Sufficient lighting so that the cable technicians can run cables more easily. |
|
Definition
Switch to node cable length.
You need to place the switch or switches in a reasonable location so that you don’t exceed the maximum cable length from the switch to distant nodes. |
|
|
Term
How do network devices figure out which VLAN specific frames belong to?
The IEEE 802.1q trunk link protocol addresses this issue.
The IEEE 802.11b, q, and n protocols address this issue.
Port Address Translation (PAT) configurations carry this information.
Network Address Translation (NAT) configurations carry the information. |
|
Definition
The IEEE 802.1q trunk link protocol addresses this issue.
IEEE 802.1q is the most commonly used trunk link protocol to address this issue. 802.1q inserts a special tag in the Ethernet header identifying the VLAN for that frame. The switch at the other end of the trunk link will read that tag and forward the frame to the appropriate VLAN. |
|
|
Term
What is the most common in-band remote-management hardware device?
Network switch
Network console
Network portal
Network adapter |
|
Definition
Network switch
Unlike out-of-band connection, in-band connection is available only when the server is initialized and functioning properly. In-band connection relies on operating-system network drivers to establish computer connections. The most common in-band remote-management hardware device is the network adapter. Analog modems and Integrated Services Digital Network (ISDN) adapters are also classified as network adapters. |
|
|
Term
| Network administrators typically use out of band management when ? |
|
Definition
| standard connectivity isn’t available. |
|
|
Term
What is the relationship between VLANs and IP address pools?
Each VLAN typically gets its own subnet of addresses.
VLAN assignment and IP address pools must be created simultaneously.
Assigning an IP address pool to a VLAN decreases the number of available addresses by 16 addresses.
IP address pools must be created prior to creating VLANs. |
|
Definition
Each VLAN typically gets its own subnet of addresses.
The common practice is to assign each VLAN its own set of IP addresses (IP subnet). |
|
|
Term
What is a default gateway?
It’s the uplink port address of your local switch.
It is your network’s border router’s external address.
It’s the switch to which your computer is connected.
It is your network segment’s first hop or router. |
|
Definition
It is your network segment’s first hop or router.
A default gateway is your network segment’s router, also known as the first hop. |
|
|
Term
Trunking is also known by which term?
Port address translation
Link aggregation
Weighted load balancing
Port consolidation |
|
Definition
Link aggregation
Trunking is also known as link aggregation, port teaming, EtherChannel, and NIC bonding, among other names. |
|
|
Term
| four other names for trunking include |
|
Definition
| Trunking is also known as link aggregation, port teaming, EtherChannel, and NIC bonding, among other names. |
|
|
Term
If you want to manage wireless connections so that no single network segment is overloaded with traffic, what can you implement as a solution?
VPNs
VLANs
VLAN pooling
ICPs |
|
Definition
VLAN pooling
VLAN pooling is a mechanism whereby wireless access points can choose from among several different available VLANs to assign incoming client connections. This strategy distributes and load balances wireless client traffic among multiple VLANs so that no single network segment is overwhelmed by too many wireless client connections. |
|
|
Term
What is the preferred topology for a SOHO network?
Ring
Mesh
Ad hoc
Infrastructure |
|
Definition
Infrastructure
The SOHO network, like any LAN or WAN, benefits greatly from an infrastructure topology because of its stability and permanence. |
|
|
Term
The term “goodput” has the same meaning as what term?
Channel capacity
Network bandwidth
UDP
Application-level throughput |
|
Definition
Application-level throughput
Goodput is the application-level throughput, i.e. the number of useful informational bits delivered by the network to a certain destination per unit of time. |
|
|
Term
What is a heat map?
It’s a survey of wireless signals and strength.
It’s a bandwidth density map for a wired LAN.
It’s a diagnostic map to identify “hot” spots of network bottlenecks.
It’s a survey of equipment temperature in a data center. |
|
Definition
It’s a survey of wireless signals and strength.
A heat map is a site survey of wireless signals and their strengths. |
|
|
Term
| What describes a range of frequencies transmitting at low power, rather than a single frequency transmitting at high power? |
|
Definition
A channel.
The 802.11 b and g specifications define 14 channels within the ISM 2.4 GHz band. Each channel is comprised of a range of frequencies transmitting at low power, rather than a single frequency transmitting at high power. |
|
|
Term
What is Lightweight Access Point Protocol (LWAPP) used for?
It’s a wireless device management protocol.
It’s used as a machine-to-machine (M2M) protocol to enable load balancing.
It connects wireless access points together to create a wireless access cloud.
It’s the equivalent of Lightweight Directory Access Protocol (LDAP) for wireless networks. |
|
Definition
It’s a wireless device management protocol.
LWAPP is a protocol that controls multiple Wi-Fi wireless access points. This can reduce the amount of time spent on configuring, monitoring, or troubleshooting a large network. |
|
|
Term
Generally speaking, what is the node limit for a Small Office/Home Office (SOHO) network?
8
16
10
24 |
|
Definition
10
A SOHO network is a small network that can comprise up to 10 nodes. SOHO networks can either be wired or wireless. The upper limit of 10 nodes is the generally accepted limit, but you might encounter SOHO networks that include more than 10 nodes. |
|
|
Term
What is a wireless bridge used for?
Connecting two wired networks.
Creating a new SSID for broadcast.
Boosting weak wireless signals.
Raising the 2.4 GHz band to 2.8 GHz or higher. |
|
Definition
Connecting two wired networks.
A wireless bridge can be used to connect two wired networks using a wireless connection. A wireless bridge receives the signal from your wireless router and sends it out to other wired devices. The wireless bridge needs to be within range of the wireless router's signal and also within cable length of the other wired devices. |
|
|
Term
The use of VLAN pooling on your network means you’re attempting to accomplish what for your users?
Create an adequate number of incoming connections.
Extend the range of the wireless network.
Provide enough outgoing bandwidth to accommodate all users.
Create a bridged network between buildings on a campus. |
|
Definition
Create an adequate number of incoming connections.
VLAN pooling is a mechanism whereby wireless access points can choose among several different available VLANs to assign to incoming client connections. This strategy distributes and load balances wireless client traffic among multiple VLANs so that no single network segment is overwhelmed by too many wireless client connections. |
|
|
Term
What is one significant advantage that 2.4 GHz networks have over 5.0 GHz networks?
Speed
Bandwidth
Interference
Range |
|
Definition
Range
2.4 GHz has the distinct advantage of a greater range than 5.0 GHz. The higher the frequency of a wireless signal, the shorter its range. |
|
|
Term
Critical nodes and servers should always have what kind of hot backup as a failsafe?
Dual network interface cards (NICs) and dual fans.
A Redundant Array of Independent Disks (RAID) system for data.
A redundant or mirrored node.
A tape backup drive or library. |
|
Definition
A redundant or mirrored node.
Critical systems should have a redundant system as a failover node in case the primary fails. |
|
|
Term
| Why is an Network Time Protocol (NTP) amplified Distributed Denial of Service (DDoS) attack the most effective against a target? |
|
Definition
| It generates a huge amount of traffic against a target |
|
|
Term
What flaw in electronic equipment allows nearby eavesdroppers to capture signals to reconstruct into usable data?
Resonance
Signal-to-noise ratio
Radio frequency emanation
Feedback |
|
Definition
Radio frequency emanation
Radio frequency emanation is a feature or flaw of electronic equipment that allows the equipment to emit unintentional radio signals that can be picked up with eavesdropping equipment and reconstructed into usable data. |
|
|
Term
Which of the following is an example of war driving?
Supplying a moving rogue wireless access point to unsuspecting users.
Searching for wireless networks using a mobile phone.
Using special software to grab all available IP addresses from a public Wi-Fi Dynamic Host Configuration Protocol (DHCP) server.
Attempting to hack mobile devices while in traffic. |
|
Definition
Searching for wireless networks using a mobile phone.
The act of searching for instances of wireless networks using wireless tracking devices such as tablets, mobile phones, or laptops is called war driving. |
|
|
Term
| IP filtering operates mainly at Layer ? of the TCP/IP protocol stack and is generally performed by a ?, although ? can also perform IP filtering. |
|
Definition
| IP filtering operates mainly at Layer 2 of the TCP/IP protocol stack and is generally performed by a screening router, although other network devices can also perform IP filtering. |
|
|
Term
What is the summary of the substantive evidence in a forensic investigation known as?
Casualty report
Forensic report
Damage report
Forensic summary |
|
Definition
Forensic report
A forensic report simply and succinctly summarizes the substantive evidence. It typically contains several sections to help the reader understand not only what was found (or not found) by the investigator, but also to detail the steps performed to acquire and analyze the data. |
|
|
Term
When discussing electromagnetic interference (EMI) that disrupts a signal, what factor decreases as the transmission distance increases?
The magnetic flux ratio
The signal-to-noise ratio
Signal strength
Attenuation |
|
Definition
The signal-to-noise ratio
EMI disrupts the signal. The signal-to-noise ratio decreases as the transmitting distance increases.
Signal strength can be lost when the signal encounters objects such as concrete walls, window film, or metal studs. |
|
|
Term
Identify a factor that you would not consider in wireless access point placement.
Coverage area
Physical obstacles
The number of users
Device visibility |
|
Definition
Device visibility
When determining the placement of wireless access points, you would not consider whether the users could see the wireless access point. |
|
|
Term
Active Directory groups can be very confusing to implement correctly. What is the possible harm of group mishandling and sprawl?
Security logging and auditing is limited to Domain global groups, which may lead to missing security violations
Empty groups are a hacker’s best friend because of the lack of security
The complexity makes it easier for hackers to compromise
Users may accidentally gain unnecessary privileges |
|
Definition
Users may accidentally gain unnecessary privileges
Users may gain privileges from other group memberships that they do not need. A user account compromise might expose systems and services that the user has no idea that he or she has access to. |
|
|
Term
You receive an alert that an application server system has crashed, rebooted, and now is exhibiting unusual behavior. Under further investigation, you find that there is an unusual network connection with an origin external to your network that attempts to connect to other systems inside your network. The system you are investigating was likely compromised by which one of the following attacks?
Mass mailer
Adware
Boot sector virus
Buffer Overflow |
|
Definition
Buffer Overflow
The symptoms described point to a buffer overflow. Buffer overflows take advantage of programming weaknesses in applications and in operating systems. The best prevention techniques are to maintain patching and to use generally accepted programming practices. |
|
|
Term
What is the minimum length (in bytes) of the payload (data) Ethernet frame field?
64
8
32
46 |
|
Definition
46
The payload of the frame (or the information being sent) must be a minimum of 46 bytes long. If the length of data is less than 46 bytes, the data field must be extended by adding a filler to increase the length to a minimum of 46 bytes. |
|
|
Term
An IP version 4 (IPv4) address is four decimal numbers separated by dots. Each of the four decimal numbers is known individually by what term?
Octet
Quintet
Dectet
Quartet |
|
Definition
Octet
The dotted decimal notation consists of four decimal numbers separated by three dots. Each decimal number is called an octet and represents eight binary bits. |
|
|
Term
| NICs are part of the ? layer. |
|
Definition
| NICs are part of the Data Link layer. |
|
|
Term
| FTP operates on the ? layer |
|
Definition
|
|
Term
| Firewalls are part of the ? Layer |
|
Definition
|
|
Term
| Layer ? also includes wireless communications. |
|
Definition
| Layer 1 is the Physical layer and also includes wireless communications. |
|
|
Term
What is the primary difference between Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)?
TCP is connection-oriented and UDP is connectionless.
TCP doesn’t require an acknowledgement (ACK), whereas UDP does.
TCP is the faster of the two protocols.
TCP is inherently secure and UDP is inherently non-secure. |
|
Definition
TCP is connection-oriented and UDP is connectionless.
TCP is an example of a connection-oriented transport protocol and UDP is an example of a connectionless protocol. |
|
|
