Ch.8

Question 1

a log that can provide details regarding requests for specific files on a system

Answer 1

access log

Question 2

a log that is used to record which user perrformed an action and what that action was

Answer 2

audit log

Question 3

a pay-per-use computing model in which customers pay only for the online computing resources that they need, and the resources can be easily scaled

Answer 3

cloud computing

Question 4

a cloud system that has no computational capabilities but provides remote file storage

Answer 4

cloud storage

Question 5

a cloud that is open only to specific organizations that have common concerns

Answer 5

community cloud

Question 6

a security technique to turn off ports on a network device that are not required

Answer 6

disabling unused interfaces

Question 7

log that documents any unsuccessful events and the most significant successful events

Answer 7

event log

Question 8

a high-speed storage network protocol that can transmit up to 16 gigabits per second

Answer 8

Fibre Channel (FC)

Question 9

a high-speed storage network protocol that encapsulates Fibre Channel frames over Ethernet networks

Answer 9

Fibre Channel over Ethernet (FCoE)

Question 10

an unsecure TCP/IP protocol that is commonly used for transferring files

Answer 10

File Transfer Protocol (FTP)

Question 11

a feature that controls a device’s tolerance for unanswered service requests and helps to prevent a DoS or DDoS attack

Answer 11

flood guard

Question 12

a TCP/IP protocol that uses Secure Sockets Layer or Transport Layer Security to encrypt commands sent over the control port (port 21) in an FTP session

Answer 12

FTP Secure (FTPS)

Question 13

the ability to quickly make new virtual server machines available

Answer 13

host availability

Question 14

the ability to easily expand or contract resources in a virtualized environment

Answer 14

host elasticity

Question 15

a type of virtualization in which an entire operating system environment is simulated

Answer 15

host virtualization

Question 16

a combination of public and private clouds

Answer 16

hybrid cloud

Question 17

a standard that authenticates users on a per-switch port basis by permitting access to valid users but effectively disabling the port if authentication fails

Answer 17

IEEE 802.1X

Question 18

a cloud computing model in which customers have the highest level of control and can deploy and run their own software

Answer 18

Infrastructure as a Service (IaaS)

Question 19

a TCP/IP protocol that is used by devices to communicate updates or error information to other devices

Answer 19

Internet Control Message Protocol (ICMP)

Question 20

the next generation of the IP protocol that addresses weaknesses of IPv4 and provides several significant improvements

Answer 20

Internet Protocol version 6 (IPv6)

Question 21

using a data-based IP network to add digital voice clients and network

Answer 21

IP telephony

Question 22

an IP-based storage networking standard for linking data storage facilities

Answer 22

iSCSI (Internet Small computer System Interface)

Question 23

a record of events that occur

Answer 23

log

Question 24

technique to prevent broadcast storms by using the IEEE 802.1d standard spanning-tree algorithm (STA)

Answer 24

loop protection

Question 25

a security technique to limit the number of media access control (MAC) addresses allowed on a single port

Answer 25

MAC limiting and filtering

Question 26

an older transport protocol used by Microsoft Windows systems for allowing applications on separate computers to communicate over a LAN

Answer 26

netBIOS (Network Basic Input/Output System)

Question 27

the impact of a patch on other software or even hardware

Answer 27

patch compatibility

Question 28

a cloud service in which cosumers can install and run their own specialized applications on the cloud computing network

Answer 28

Platform as a Service (Paas)

Question 29

a cloud that is created and maintained on a private network

Answer 29

private cloud

Question 30

a cloud in which the services and infrastructure are offered to all users with access provided remotely through the Internet

Answer 30

public cloud

Question 31

the process of administration that relies on following procedural and technical rules

Answer 31

rule-based management

Question 32

using a virtual machine to run a suspicious program to determine if it is malware

Answer 32

sandboxing

Question 33

a TCP/IP protocol used mainly on UNIX and LINUX devices that securely transports files by encrypting files and commands

Answer 33

Secure Copy Protocol (SCP)

Question 34

a secure TCP/IP protocol that is used for transporting files by encrypting and compressing all data and commands

Answer 34

Secure FTP (SFTP)

Question 35

testing the existing security configuration

Answer 35

security control testing

Question 36

log that can reveal the types of attacks that are being directed at the network and if any of the attacks were successful

Answer 36

security log

Question 37

a TCP/IP protocol that exchanges management information between networked devices. It allows network administrators to remotely monitor, manage, and configure devices on the network

Answer 37

Simple Network Management Protocol (SNMP)

Question 38

a model of cloud computing in which the vendor provides access to the vendor's software applications running on a cloud infrastructure

Answer 38

Software as a Service (Saas)

Question 39

a dedicated network storage facility that provides access to data storage over a high-speed network

Answer 39

storage area network (SAN)

Question 40

an older TCP/IP protocol and an application used for text-based communication

Answer 40

telnet

Question 41

the most common protocol suite used today for local area networks (LANs) and the Internet

Answer 41

Transmission Control Protocol/Internet Protocol (TCP/IP)

Question 42

a light version of FTP that uses a small amount of memory and has limited functionality

Answer 42

Trivial File Transfer Protocol (TFTP)

Question 43

a means of managing and presenting computer resources by function without regard to their physical layout or location

Answer 43

virtualization

Question 44

Which high-speed storage network protocols used by a SAN is IP-based? a. iSCSI b. FC c. FCoE d. XSAN

Answer 44

a

Question 45

Which Fibre Channel zone is the most restrictive? a. FC hard zone b. FC soft zone c. FC port zone d. FC interface zone

Answer 45

a

Question 46

An attacker can use NetBIOS to determine each of the following EXCEPT _____. a. computer names b. contents of the remote name cache c. list of remote NetBIOS names d. list of resolved names

Answer 46

c

Question 47

Which type of log can provide details regarding requests for specific files on a system? a. event log b. access log c. audit log d. SysFile log

Answer 47

c

Question 48

Which type of cloud is offered to all users? a. hybrid cloud b. private cloud c. public cloud d. community cloud

Answer 48

c

Question 49

Which of these would NOT be valid Internet Control Message Protocol (ICMP) error message? a. Host Unreachable b. Network Unreachable c. Destination Network Unknown d. Router Delay

Answer 49

d

Question 50

Internet Control Message Protocol (ICMP) is used by each of these attacks EXCEPT _____. a. ICMP poisoning b. smurf DoS attack c. ICMP redirect attack d. ping of death

Answer 50

a

Question 51

Which version of Simple Network Management Protocol (SNMP) is considered the most secure? a. SNMPv2 b. SNMPv3 c. SNMPv4 d. SNMPv5

Answer 51

b

Question 52

Which Domain Name System (DNS) attack replaces a fraudulent IP address for a symbolic name? a. DNS replay b. DNS masking c. DNS poisoning d. DNS forwarding

Answer 52

c

Question 53

Which of these is the most secure protocol for transferring files? a. SCP b. SFTP c. FTPS d. FTP

Answer 53

b

Question 54

Each of these is a technique for securing a router EXCEPT _____. a. making all configuration changes remotely b. securing all ports c. setting a strong administrator password d. using a meaningful router name

Answer 54

a

Question 55

Which statement about a flood guard is true? a. It is a separate hardware appliance that is located inside the DMZ b. It prevents DoS or DDoS attacks c. It can be used on either local host systems or network devices d. It protects a router form password intrustions

Answer 55

b

Question 56

Each of these is an entry in a firewall log that should be investigated EXCEPT _____. a. IP addresses that are being rejected and dropped b. successful logins c. suspicious outbound connections d. IP addresses that are being rejected and dropped

Answer 56

b

Question 57

If a group of users must be separated from other users, which is the most secure network design? a. Use a VLAN b. Connect them to different switches and routers c. Use a subnet mask d. It is impossible to separate users on a network.

Answer 57

b

Question 58

Why is loop protection necessary? a. It makes a DMZ more secure b. it denies attackers from launching DDoS attacks c. It prevents a broadcast storm that can cripple a network d. It must be installed before IEEE 802.1d can e implemented

Answer 58

c

Question 59

What does MAC limiting and filtering do? a. It limits devices that can connect to a switch b. It allows only approved wireless devices to connect to a network c. It prevents Address Resolution Protocol spoofing d. It provides security for a router

Answer 59

a

Question 60

In a network using IEEE 802.1x, a supplicant _____. a. must use IEEE 802.11d to connect to the network b. makes a request to the authenticator c. contacts the authentication server directly d. can only be a wireless device

Answer 60

b

Question 61

Which statement is true regarding security for a computer that boots to Apple Mac OS X and then runs a Windows virtual machine? a. The security of the apple Mac OS X completely protects the Windows virtual machine. b. The hypervisor protects both the Apple Mac OS X and Windows operating systems c. The security of the Windows virtual machine completely protects the Apple Mac OS X d. The Windows virtual machine needs its own security

Answer 61

d

Question 62

Which of the following is NOT a security concern of virtualized environments? a. virtual machines must be protected from both the outside world and also from other virtual machines on the same physical computer b. Physical security appliances are not always designed to protect virtual systems c. Virtual servers are less expensive than their physical counterparts d. Live migration can immediately move one virtualized server to another hypervisor

Answer 62

c