Term
1. What type of device isolates a network by filtering the packets that can enter it?
a) firewall
b) bridge
c) gateway
d) switch |
|
Definition
Answer: a
Difficulty: Easy
Section Reference: Using Dedicated Firewalls to Protect a Network
Explanation: A firewall is a system designed to protect a computer or computer network from network-based attacks. A firewall does this by filtering the data packets traversing the network. |
|
|
Term
2. What seven-layer model is often used to describe networking technologies and services?
a) OSI
b) TCP/IP
c) IPX/SPX
d) DIX |
|
Definition
Answer: a
Difficulty: Easy
Section Reference: Understanding the OSI Model
Explanation: The OSI model is a conceptual model, created by the International Organization for Standardization (ISO) in 1978 and revised in 1984, to describe a network architecture that allows the passage of data between computer systems. Although never fully utilized as model for a protocol, the OSI model is nonetheless the standard for discussing how networking works. |
|
|
Term
3. On which OSI layer do routers function?
a) 1
b) 2
c) 3
d) 4 |
|
Definition
Answer: c
Difficulty: Medium
Section Reference: Network Layer (Layer 3)
Explanation: The Network layer is primarily responsible for routing. This layer defines the mechanisms that allow data to be passed from one network to another. How the data is passed is defined by the routing protocols. As a result, a router is typically known as a Layer 3 device. |
|
|
Term
4. On which OSI layer do TCP and UDP function?
a) 1
b) 2
c) 3
d) 4 |
|
Definition
Answer: d
Difficulty: Medium
Section Reference: Transport Layer (Layer 4)
Explanation: The Transport layer does exactly what its name implies: It provides the mechanisms for carrying data across a network. This layer uses three main mechanisms to accomplish this task: segmentation, service addressing, and error checking. TCP and UDP are Layer 4 protocols. |
|
|
Term
5. What OSI layer do switches and bridges use?
a) 1
b) 2
c) 3
d) 4 |
|
Definition
Answer: b
Difficulty: Easy
Section Reference: Data Link Layer (Layer 2)
Explanation: The Data Link layer (Layer 2) connects the data layer to the physical layer so that data can be transmitted across the network. The Data Link layer handles error detection, error correction, and hardware addressing (that is, the address of a network interface card). Switches and bridges are devices that work with the destination MAC addresses to determine where to forward a packet. |
|
|
Term
6. What port does SMTP use?
a) 21
b) 23
c) 25
d) 443 |
|
Definition
Answer: c
Difficulty: Medium
Section Reference: Looking at Packet Filtering
Explanation: Simple Mail Transfer Protocol (SMTP) is used to relay and deliver email. It uses TCP port 25. |
|
|
Term
7. What port does LDAP use?
a) 25
b) 443
c) 389
d) 3389 |
|
Definition
Answer: c
Difficulty: Hard
Section Reference: Looking at Packet Filtering
Explanation: Lightweight Direct Access Protocol (LDAP) is a common directory service used to locate and access resources on a network. Users TCP port 389. |
|
|
Term
8. What type of firewall filters packets based on IP address and ports?
a) packet-filtering
b) circuit-filtering
c) application-level
d) stateful |
|
Definition
Answer: a
Difficulty: Easy
Section Reference: Looking at Packet Filtering
Explanation: When you configure a packet-filtering firewall rule, you generally use one or more of the following TCP/IP attributes:
• Source IP addresses
• Destination IP addresses
• IP protocol (telnet, ftp, http, https, etc.)
• Source TCP and UDP ports (e.g., the http protocol runs on TCP port 80)
• Destination TCP and UDP ports
• The inbound firewall network interface
• The outbound firewall network interface |
|
|
Term
9. What type of firewall is also known as a proxy server?
a) packet-filtering
b) circuit-filtering
c) application-level
d) stateful |
|
Definition
Answer: c
Difficulty: Medium
Section Reference: Looking at Application-Level Firewalls
Explanation: Application-level firewalls (also known as proxy servers) work by performing a deep inspection of application data as it traverses the firewall. Rules are set by analyzing client requests and application responses, and then by enforcing correct application behavior. Application-level firewalls can block malicious activity, log user activity, provide content filtering, and even protect against spam and viruses. Microsoft Internet Security and Acceleration Server is an example of an application-level firewall. |
|
|
Term
10. What type of firewall looks at the previous conversations to determine if a packet should enter a network?
a) packet-filtering
b) circuit-filtering
c) application-level
d) stateful |
|
Definition
Answer: d
Difficulty: Hard
Section Reference: Looking at Stateful Multilevel Firewalls
Explanation: Stateful inspection takes packet filtering to the next level. In addition to examining the header information of the packets traversing the firewall, a stateful inspection firewall considers other factors when determining whether traffic should be permitted across the firewall. Stateful inspection also determines whether a packet is part of an existing session, and that information can be used to decide whether to permit or deny a packet. |
|
|
Term
11. What Microsoft technology can verify that a client has the newest Windows updates and has an updated antivirus software package before being allowed access to the network?
a) IPSec
b) NAP
c) SCCM
d) SCOM |
|
Definition
Answer: b
Difficulty: Medium
Section Reference: Controlling Access with Network Access Protection (NAP)
Explanation: Recognizing the need for administrators to have more granular control over what systems connect to a network, Microsoft introduced Network Access Protection (NAP) as part of the Windows Server 2008 operating system. NAP is a solution that allows administrators a more powerful way to control access to network resources. NAP’s controls are based on the client computer’s identity and whether that computer complies with the configured network governance policies. |
|
|
Term
12. What technology can you use to isolate a network of servers so that they cannot interact with other servers?
a) bridge
b) switch
c) router
d) VLAN |
|
Definition
Answer: d
Difficulty: Medium
Section Reference: Understanding Virtual LANs
Explanation: Accordingly, virtual LANs (VLANs) were developed as an alternate solution to deploying multiple routers. VLANs are logical network segments used to create separate broadcast domains, but they still allow the devices on the VLAN to communicate at Layer 2 without requiring a router. VLANs are created by switches, and traffic between VLANs is switched rather than routed, which creates a much faster network connection because a routing protocol isn’t needed. Even though the hosts are logically separated, the traffic between them is switched directly as though they were on the same LAN segment. |
|
|
Term
13. What type of device looks at a packet and forwards it based on its destination IP address?
a) bridge
b) switch
c) router
d) VLAN |
|
Definition
Answer: c
Difficulty: Easy
Section Reference: Examining how Routing Works
Explanation: When a router receives a packet that must be forwarded to a destination host, the router has to determine whether it can deliver the packet directly to the destination host, or whether it needs to forward the packet to another router. To make this determination, the router examines the destination network address. |
|
|
Term
14. Which type of routing protocol sends the entire routing table to its neighbors?
a) distance vector
b) link state
c) scalable driven
d) infinity |
|
Definition
Answer: a
Difficulty: Easy
Section Reference: Looking at Routing Protocols
Explanation: Distance vector-based routing protocols require that each router inform its neighbors of its routing table. This is done by sending the entire routing table when the router boots and then resending it at scheduled intervals. Each router takes the updates from its neighboring routers and then updates its own routing table based on this information. RIP is one example of a distance vector-based routing protocol that is supported by Windows Server 2008. |
|
|
Term
15. Which type of system detects unauthorized intruders and then takes action to stop them from proceeding?
a) IDS
b) IPS
c) VLAN
d) NAT |
|
Definition
Answer: b
Difficulty: Medium
Section Reference: Looking at Intrusion Detection and Intrusion Prevention Systems
Explanation: An intrusion prevention system (IPS) is similar to an IDS, except that in addition to detecting and alerting, an IPS can also take action to prevent a breach from occurring. |
|
|
Term
16. What type of server would you install that would be used to trap a hacker?
a) honeypot
b) NAT
c) IPS
d) IDS |
|
Definition
Answer: a
Difficulty: Medium
Section Reference: Looking at Honeypots
Explanation: Honeypots, honey nets, and padded cells are complementary technologies to IDS/IPS deployments. A honeypot is designed to distract hackers from real targets, detect new vulnerabilities and exploits, and learn about the identity of attackers. |
|
|
Term
17. What special area serves as a buffer area between the Internet and the internal network and can be used to hold web servers that are accessed from the Internet?
a) DMZ
b) NAT
c) VLAN
d) PLC |
|
Definition
Answer: a
Difficulty: Medium
Section Reference: Looking at DMZs
Explanation: In computer networking, a demilitarized zone (DMZ) is a firewall configuration used to secure hosts on a network segment. In most DMZs, the hosts on the DMZ are connected behind a firewall that is connected to a public network such as the Internet. Another common configuration is to have the firewall connected to an extranet that has connections to customers, vendors, or business partners. DMZs are designed to provide access to systems without jeopardizing the internal network. |
|
|
Term
18. How many firewalls would you use to create a sandwich DMZ?
a) 1
b) 2
c) 3
d) 4 |
|
Definition
Answer: b
Difficulty: Medium
Section Reference: Looking at DMZs
Explanation: A sandwich DMZ model uses both an outer firewall and an inner firewall. The outer firewall secures the DMZ network segment from the external (insecure) network. Servers that are meant to be accessed from the external network (such as the Internet) have the appropriate rules configured to permit secure access. |
|
|
Term
19. You have several Internet web servers that need to communicate with a SQL server. Where would you place the SQL server?
a) internal network
b) DMZ
c) Internet
d) isolated VLAN |
|
Definition
Answer: a
Difficulty: Medium
Section Reference: Looking at DMZs
Explanation: Web servers are the most common servers found in DMZ networks. Accessed via HTTP over port 80 or HTTPS over port 443 for secure access, web servers are commonly Internet-accessible. However, because the SQL server needs more security, it needs to be placed in the internal network. |
|
|
Term
20. Which of the following servers would you not place on the DMZ?
a) Internet web server
b) email relay servers
c) email mailbox servers
d) proxy servers |
|
Definition
Answer: c
Difficulty: Medium
Section Reference: Looking at DMZs
Explanation: In computer networking, a DMZ is a firewall configuration used to secure hosts on a network segment. You should place Internet web servers, email relay servers, and reverse proxy servers on a DMZ. SQL servers and mailbox servers should be on the internal networks. |
|
|
Term
21. What technology allows a user at home to connect to the corporate network?
a) NAT
b) VPN
c) DMZ
d) PLC |
|
Definition
Answer: b
Difficulty: Medium
Section Reference: Understanding Virtual Private Networks (VPNs)
Explanation: VPN (Virtual Private Network) is a technology that uses encrypted tunnels to create secure connections across public networks such as the Internet. VPNs are commonly used by remote employees for access to the internal network, to create secure network-to-network connections for branch offices or business partner connections, or even to create secure host-to-host connections for additional security and isolation on an internal network. VPNs utilize encryption and authentication to provide confidentiality, integrity, and privacy protection for data. |
|
|
Term
22. Which IPsec protocol provides integrity protection for packet headers, data, and user authentication but does not encrypt the data load?
a) AH
b) ESP
c) IKE
d) LDAP |
|
Definition
Answer: a
Difficulty: Hard
Section Reference: Understanding Internet Protocol Security (IPsec)
Explanation: Authentication Header (AH) provides integrity protection for packet headers, data, and user authentication. It can optionally provide replay protection and access protection. AH cannot encrypt any portion of packets. For AH to work with NAT, the IP protocol number 51 needs to be allowed across the firewall |
|
|
