Chapter 3

Question 1

In a sniffing attack the attackers often use a:

Answer 1

protocol analyzer to capture data sent over a network. After capturing the data, attackers can easily read the data within the protocol analyzer when it has been sent in cleartext

Question 2

A denial-of-service (DoS) attack is a:

Answer 2

service attack from a single source that attempts to disrupt the services provided by another system.

Question 3

A distributed denial-of-server (DDoS) attack includes:

Answer 3

multiple computers attacking a single targer

Question 4

A poisoning attack attempts to:

Answer 4

corrupt the data stored in cache for temporary access to with different data

Question 5

Transmission Control Protocol (TCP) provides:

Answer 5

connection-oriented traffic (guaranteed delivery)

Question 6

Transmission Control Protocol (TCP) uses:

Answer 6

a three-way handshake process

Question 7

The TCP three-way handshake process is:

Answer 7

the client sends a SYN (synchronize) packet

the server responds with a SYN/ACK (synchronize/acknowledge) packet

the client completes the third part of the handshake with an ACK packet to establish the connection

Question 8

User Datagram Protocol (UDP) provides:

Answer 8

connectionless sessions (W/O a three-way handshake)

Question 9

The Internet Protocol (IP) identifies:

Answer 9

hosts in a TCP/IP network and delivers traffic from one host to another using IP addresses

Question 10

Internet Control Message Protocol (ICMP) is used for:

Answer 10

testing basic connectivity and includes tools such as ping, pathping, and tracert

Question 11

Many DoS attacks use:

Answer 11

ICMP

Question 12

Because of how often ICMP is used in attacks:

Answer 12

it has become common to block ICMP at firewalls and routers, which disables a ping response

Question 13

Blocking ICMP prevents:

Answer 13

attackers from discovering devices in a network

Question 14

Address Resolution Protocol (ARP) resolves:

Answer 14

IPv4 addresses to media access control (MAC) addresses.

Question 15

Media Access Controls (MACs) are also called:

Answer 15

physical addresses, or hardware addresses

Question 16

Once a packet gets to a destination network it uses:

Answer 16

the MAC address to get it to the correct host

Question 17

TCP/IP uses the:

Answer 17

IP address to get a packet to a destination network

Question 18

Address Resolution Protocol (ARP) poisoning attacks use:

Answer 18

ARP packets to give clients false hardware address updates and attackers use it to redirect or interrupt network traffic

Question 19

Neighbor Discovery Protocol (NDP) performs:

Answer 19

autoconfiguration of device IPv6 addresses and discovers other IPv6 devices on the network such as the address of the default gateway

Question 20

UDP is commonly used instead of TCP as the underlying protocol with:

Answer 20

voice and video streaming

Question 21

The Real-time Transport Protocol (RTP) delivers:

Answer 21

audio and video over IP networks. This includes VoIP, communications, streaming media, video teleconferencing applications, and devices using web-based push-to-talk features

Question 22

The Secure Real-time Transport Protocol (SRTP) provides:

Answer 22

encryption, message authentication, and integrity for RTP

Question 23

Secure Real-time Transport Protocol (SRTP) helps:

Answer 23

protect the confidentiality of data from these attacks while also ensuring the integrity of the data transmissions.

Question 24

Secure Real-time Transport Protocol (SRTP) protects against:

Answer 24

replay attacks

Question 25

Secure Real-time Transport Protocol (SRTP) can be used for both:

Answer 25

unicast transmissions (such as one person calling another)

multicast transmissions where one person sends traffic to multiple recipients

Question 26

In a replay attack:

Answer 26

an attacker captures data sent between two entities, modifies it, and then attempts to impersonate one of the parties by replaying the data

Question 27

Data-in-transit is:

Answer 27

any traffic sent over a network

Question 28

File Transfer Protocol (FTP):

Answer 28

uploads and downloads large files to and from an FTP server

Question 29

By default, File Transfer Protocol (FTP):

Answer 29

transmits data in cleartext, making it easy for an attacker to capture and read FTP data with a protocol analyzer

Question 30

File Transfer Protocol (FTP) active mode uses:

Answer 30

TCP port 21 for control signals

TCP 20 for data

Question 31

File Transfer Protocol (FTP) passive mode (also known as PASV) uses:

Answer 31

TCP port 21 for control signals

a random TCP port for data

Question 32

If File Transfer Protocol (FTP) traffic is going through a firewall:

Answer 32

the random port is often blocked, so it is best to disable PASV in FTP clients

Question 33

Trivial File Transfer Protocol (TFTP) uses:

Answer 33

UDP port 69 and is used to transfer smaller amounts of data, such as when communicating with network devices

Question 34

Most administrators commonly disable Trivial File Transfer Protocol (TFTP) because:

Answer 34

TFTP is not an essential protocol on most networks

Question 35

Secure Shell (SSH) encrypts:

Answer 35

traffic in transit and can be used to encrypt other protocols such as FTP

Question 36

Telnet sends:

Answer 36

traffic over the network in cleartext

Question 37

Administrators commonly use:

Answer 37

Secure Shell (SSH) to remotely administer systems

Question 38

Secure Copy (SCP) is based:

Answer 38

on SSH and is used to copy encrypted files over a network

Question 39

The Secure Sockets Layer (SSL) protocol was:

Answer 39

the primary method used to secure HTTP traffic as HTTPS

Question 40

Secure Sockets Layer (SSL) can also encrypt:

Answer 40

other types of traffic, such as SMTP and Lightweight Directory Access Protocol (LDAP)

Question 41

Secure Sockets Layer (SSL) is not recommended for use because:

Answer 41

it has been compromised

Question 42

The Transport Layer Security (TLS) protocol is:

Answer 42

the designated replacement for SSL and should be used instead of SSL

Question 43

Many protocols that support Transport Layer Security use:

Answer 43

STARTTLS

Question 44

STARTTLS is:

Answer 44

a command used to upgrade an unencrypted connection on the same port as TLS

Question 45

Internet Protocol security (IPsec) is used to:

Answer 45

encrypt IP traffic.

Question 46

Internet Protocol security (IPsec) uses:

Answer 46

Tunnel mode to protect virtual private network (VPN) traffic and it also encapsulates and encrypts IP packet payloads

the Internet Key Exchange (IKE) over UDP port 500 to create a security association for the VPN

Question 47

IPsec includes two main components:

Answer 47

Authentication Header (AH), identified by protocol ID number 51

Encapsulating Security Payload (ESP), identified by protocol ID number 50

Question 48

Secure File Transfer Protocol (SFTP) is:

Answer 48

a secure implementation of FTP

an extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format

Question 49

SFTP transmit:

Answer 49

data using TCP port 22

Question 50

File Transfer Protocol Secure (FTPS) is:

Answer 50

an extension of FTP and uses TLS to encrypt FTP traffic

Question 51

What ports does FTPS use?

Answer 51

some implementations of FTPS use TCP ports 989 and 990

However, TLS can also encrypt the traffic over the ports used by FTP (20 and 21)

Question 52

A team at Google discovered a serious vulnerability with SSL that they nicknamed:

Answer 52

the POODLE attack (Padding Oracle on Downgraded Legacy Encryption)

Question 53

Some common use cases related to email are:

Answer 53

send and receive email

send and receive secure email

manage email folders

Question 54

Some common use cases for internal employees related to the web are:

Answer 54

to provide access to the Internet

provide secure access to the Internet

Question 55

For organizations who host web servers the common use case is:

Answer 55

to provide access to web servers by external clients

Question 56

Some common protocols used for email and web include:

Answer 56

Simple Mail Transfer Protocol (SMTP)

Post Office Protocol v3 (POP3) and Secure POP

Internet Message Access Protocol version 4 (IMAP4) and Secure IMAP

Hypertext Transfer Protocol (HTTP)

Hypertext Transfer Protocol Secure (HTTPS)

Question 57

Simple Mail Transfer Protocol (SMTP) transfers:

Answer 57

emails between clients and SMTP servers

Question 58

What ports do SMTP use?

Answer 58

TCP port 25

unofficially port 465 with SSL and port 587 with TLS

Question 59

It is recommended the SMTP use:

Answer 59

STARTTLS to initialize a secure connection

Question 60

Post Office Protocol v3 (POP3) transfers:

Answer 60

emails from servers down to clients

Question 61

What port does POP3 use?

Answer 61

TCP port 110

Question 62

Secure POP3 encrypts:

Answer 62

the transmission with SSL or TLS

Question 63

What port does Secure POP3 use?

Answer 63

TCP port 995

Question 64

STARTTLS recommends you create a secure connection for POP3 on port:

Answer 64

110

Question 65

Internet Message Access Protocol version 4 (IMAP4) is used:

Answer 65

to store email on an email server

Question 66

Internet Message Access Protocol version 4 (IMAP4) allows:

Answer 66

a user to organize and manage email in folders on the server

Question 67

Hypertext Transfer Protocol (HTTP) transmits:

Answer 67

web traffic on the Internet and in intranets

Question 68

Web servers use HTTP to:

Answer 68

transmit web pages to clients’ web browsers

Question 69

HTTP uses which port?

Answer 69

TCP port 80

Question 70

Hypertext Markup Language (HTML) is:

Answer 70

the common language used to display the web pages

Question 71

Hypertext Transfer Protocol Secure (HTTPS):

Answer 71

encrypts web traffic to ensure it is secure while in transmit

Question 72

HTTPS is encrypted with either:

Answer 72

SSL or TLS

Question 73

What port does HTTPS use?

Answer 73

TCP port 443

Question 74

Network operating systems commonly use a:

Answer 74

directory service to streamline management and implement security

Question 75

Microsoft Active Directory Domain Services (AD DS) provides:

Answer 75

the means for administrators to create user objects for each authorized user and computer objects for each authorized computer

Question 76

Many Linux administrators use Netcat when:

Answer 76

connecting to remote systems for administration, and secure the Netcat transmissions with SSH

Question 77

Administrators and clients often use Remote Desktop Protocol (RDP) to:

Answer 77

connect to other systems from remote location.

Question 78

Remote Desktop Protocol (RDP) uses which ports?

Answer 78

TCP 3389 (most common)

UDP 3389

Question 79

A common reason why users are unable to connect to systems with RDP is that:

Answer 79

port 3389 is blocked on a host-based or network firewall

Question 80

Kerberos requires all systems to be:

Answer 80

synchronized and be within five minutes of each other

Question 81

Network Time Protocol (NTP) is:

Answer 81

the most commonly used protocol for time synchronization, allowing systems to synchronize their time to within tens of milliseconds

Question 82

What is the difference between NTP and SNTP?

Answer 82

NTP uses complex algorithms and queries multiple time servers to identify the most accurate time.

SNTP does not

Question 83

Network address allocation refers to:

Answer 83

allocating IP addresses to hosts within your network

Question 84

Most networks use Dynamic Host Configuration Protocol (DHCP) to:

Answer 84

dynamically assign IP addresses to hosts

assign other TCP/IP information, such as subnet masks, default gateways, DNS server addresses, and much more

Question 85

IPv4 uses:

Answer 85

32-bit IP addresses expressed in dotted decimal format

Question 86

All Internet IP addresses are:

Answer 86

public IP addresses

Question 87

All internal IP addresses are:

Answer 87

private IP addresses

Question 88

Public IP addresses are:

Answer 88

tightly controlled

Question 89

You can’t just use any public IP address you must either:

Answer 89

purchase or rent it

Question 90

Internet Service Providers (ISPs) purchase:

Answer 90

entire ranges of IP addresses and issue them to customers

Question 91

Routers on the Internet include:

Answer 91

rules to drop any traffic that is coming from or going to a private IP address, so you cannot allocate private IP addresses on the Internet

Question 92

RFC 1918 specifies the following private address ranges:

Answer 92

(10. x.y.z.) 10.0.0.0 through 10.255.255.255
(172. 16.y.z-172.31.y.z.) 172.16.0.0 through 172.31.255.255
(192. 168.y.z.) 192.168.0.0 through 192.168.255.255

Question 93

The Internet Assigned Numbers Authority (IANA) assigned:

Answer 93

the last block of IPv4 addresses in February 2011

Question 94

The Internet Engineering Task Force (IETF) created:

Answer 94

IPv6, which provides a significantly larger address space than IPv4

Question 95

IPv6 uses:

Answer 95

128-bit IP addresses expressed in hexadecimal format

Question 96

Each hexadecimal character is composed of:

Answer 96

4 bits

Question 97

IPv6 are only allocated:

Answer 97

within private networks and not assigned to systems on the Internet

Question 98

Unique local addresses start with the prefix of:

Answer 98

fc00

Question 99

The primary purpose of Domain Name System (DNS) is:

Answer 99

for domain name resolution

Question 100

Domain Name System (DNS) resolves:

Answer 100

host names to IP addresses

Question 101

When the DNS server queries other DNS servers, it:

Answer 101

puts the answer in its cache so that it doesn’t have to do the same query again

Question 102

When clients receive answers from DNS servers, they:

Answer 102

store the answer in their cache so that they don’t have to repeat the query

Question 103

DNS servers host data in zones, which you can think of as:

Answer 103

databases

Question 104

DNS zones include:

Answer 104

A

AAAA

PTR

MX

CNAME

SOA

Question 105

DNS zone A:

Answer 105

is also called a host record

this record holds the host name and IPv4 address and is the most commonly used record in a DNS server

Question 106

In a DNS zone a DNS client queries:

Answer 106

DNS with the name using a forward lookup request and DNS responds with the IPv4 address from this record

Question 107

DNS zone AAAA record holds:

Answer 107

the host name and IPv6 address

Question 108

DNS zone PTR:

Answer 108

also called a pointer record

is the opposite of an A record

Question 109

In a DNS zone PTR a DNS client queries:

Answer 109

DNS with the IP address and responds with the name

Question 110

DNS zone MX:

Answer 110

is also called mail exchange or mail exchanger

Question 111

A DNS zone MS record:

Answer 111

identifies a mail server used for email

is linked to the A record or AAAA record of a mail server

Question 112

DNS zone CNAME:

Answer 112

is also called canonical name, or alias

allows a single system to have multiple names associated with a single IP address

Question 113

The start of authority (SOA) record includes:

Answer 113

information about the DNS zone and some of its settings

Question 114

DNS clients use the Time to Live (TTL) setting to:

Answer 114

determine how long to cache DNS results

Question 115

Time to Live (TTL) times are:

Answer 115

in seconds and lower times cause clients to renew the records more often

Question 116

Most DNS servers on the Internet run:

Answer 116

Berkeley Internet Name Domain (BIND) software and run on Unix or Linux servers

Question 117

Internal networks can use BIND, but in Microsoft networks, DNS servers commonly use:

Answer 117

the Microsoft DNS software

Question 118

Occasionally, DNS servers share information with each other in a process known as a:

Answer 118

zone transfer

Question 119

In most cases, a zone transfer only:

Answer 119

includes a small number of updated records

Question 120

DNS servers use what port for zone transfers?

Answer 120

TCP port 53

Question 121

DNS servers use what port for name resolution queries?

Answer 121

UDP port 53

Question 122

DNS poisoning or DNS cache poisoning occurs when:

Answer 122

attackers modify the DNS cache with a bogus IP address

Question 123

One of the primary methods of preventing DNS cache poisoning is with:

Answer 123

Domain Name System Security Extensions (DNSSEC)

Question 124

Domain Name System Security Extensions (DNSSEC) is:

Answer 124

a suite of extensions to DNS that provides validation for DNS responses

Question 125

Domain Name System Security Extensions (DNSSEC) adds:

Answer 125

a digital signature to each record that provides data integrity

Question 126

If a DNS server receives a Domain Name System Security Extensions (DNSSEC)-enabled response with digitally signed records:

Answer 126

the DNS server knows that the response is valid

Question 127

Technicians use the nslookup (name server lookup) command to:

Answer 127

troubleshoot problems related to DNS

verify that a DNS server can resolve specific host names or fully qualified domain names (FQDNs) to IP addresses

Question 128

A fully qualified domain name (FQDN) includes:

Answer 128

the host name and the domain name

Question 129

The dig command-line tool has:

Answer 129

replaced the nslookup tool on Linux systems

Question 130

You can use the dig command to:

Answer 130

query DNS servers to verify that the DNS server is reachable and to verify that the DNS server can resolve names to IP addresses

Question 131

Ports are:

Answer 131

logical numbers used by TCP/IP to identify what server or application should handle data received by a system

Question 132

Both TCP and UDP use:

Answer 132

ports with a total of 65,536 (0 to 65,635)

Question 133

Administrators open ports on:

Answer 133

firewalls and routers to allow the associated protocol into or out of a network

Question 134

The Internet Assigned Numbers Authority (IANA) divided the ports into three ranges, as follows:

Answer 134

Well-known ports: 0-1023

Registered ports: 1024-49,151

Dynamic and private ports 49,152-65,535

Question 135

Well-known ports:

Answer 135

0-1023

commonly used protocols

Question 136

Registered ports:

Answer 136

1034-49,151

are for companies as a convenience to the IT community

can be used by a single company for a proprietary use or multiple companies for a specific standard

Question 137

Dynamic and private ports:

Answer 137

49,152-65,535

are available for use by any applications who commonly use these ports to temporarily map an application to a port. These temporary port mappings are often called ephemeral ports, indicating that they are short lived

Question 138

Combining the IP Address and the Port description:

Answer 138

At any moment, a computer could be receiving dozens of packets

Each of theses packets includes a destination IP address and a destination port

TCP/IP uses the IP address to get the packet to the computer

The computer then uses the port number to get the packet to the correct service, protocol, or application that can process it

Question 139

The server’s IP address is used to:

Answer 139

get the requesting packet from your computer to the server. The server gets the response packets back to your computer using your IP address

Question 140

Popular web servers on the Internet include:

Answer 140

Apache and Internet Information Services (IIS)

Question 141

Apache is:

Answer 141

free and runs on Unix, Linux, and Microsoft systems

Question 142

Internet Information Services (IIS) is included in:

Answer 142

Microsoft Server products

Question 143

When the web server received a packet with a destination port of 80:

Answer 143

the server sends the packet to the web server application (Apaches or IIS) that processes it and sends back a response

Question 144

TCP/IP works with the client OS to:

Answer 144

maintain a table of client-side ports. This table associates port numbers with different applications that are expecting return traffic

Question 145

Client-side ports start at:

Answer 145

port 49,152 and increment up to 65,535

Question 146

Client Ports description

Answer 146

When you use your web browser to request a page from a site, your system will record an unused client port number such as 49,152 in an internal table to handle the return traffic

When the web server returns the web page, it includes the client port as a destination port

When the client receives web page packets with a destination port of 49,152, it sends these packets to the web browser application

The browser processes the packets and displays the page

Question 147

Ports and protocol numbers are:

Answer 147

not the same thing

Question 148

Many protocols aren’t identified by:

Answer 148

the port number

Question 149

Any device with an IP address is a:

Answer 149

host, client, or node

Question 150

A common use case for a switch is:

Answer 150

to connect hosts together within a network

Question 151

A common use case for a router is to:

Answer 151

connect multiple networks together to create larger and larger networks

Question 152

The primary methods IPv4 uses when addressing TCP/IP traffic are:

Answer 152

Unicast

Broadcast

Question 153

Unicast traffic is:

Answer 153

one-to-one traffic

Question 154

Broadcast traffic is:

Answer 154

one-to-all traffic

Question 155

A switch can:

Answer 155

learn which computers are attached to each of its physical ports. It then uses this knowledge to create internal switched connections when two computers communicate with each other

Question 156

What is a security benefit of a switch?

Answer 156

If an attacker installs a protocol analyzer on a computer attached to another port, the protocol analyzer would not capture unicast traffic going to other ports. Unlike a hub where the unicast traffic goes to all ports on a hub

Question 157

Port security limits:

Answer 157

the computers that can connect to physical ports on a switch

Question 158

At the most basic level of port security, administrators can:

Answer 158

disable unused ports

Question 159

MAC address filtering is another example of:

Answer 159

port security

Question 160

In MAC address filtering you can manually:

Answer 160

configure each port to accept traffic only from a specific MAC address

Question 161

Using the monitoring port of a switch allows you to see:

Answer 161

all traffic in or out of the switch

Question 162

Physical security protects a switch by:

Answer 162

keeping it in a secure area such as in a locked wiring closet

Question 163

A switching loop or bridge loop problem occurs when:

Answer 163

a user connects two ports of a switch together with a cable.

the switch then continuously sends and resends unicast transmissions through the switch. This disables the switch and degrades performance of the overall network

Question 164

What do many network administrators have installed and enabled for loop prevention?

Answer 164

Spanning Tree Protocol (STP)

Rapid STP (RSTP)

Question 165

A MAC flood attack attempts to:

Answer 165

overload a switch with different MAC addresses with each physical port

Question 166

In a MAC flood attack, an attacker:

Answer 166

sends a large amount of traffic with spoofed MAC addresses to the same port

Question 167

At some point in a MAC flood attack, the switch:

Answer 167

runs out of memory to store all the MAC addresses and enters a fail-open state. The switch begins to operate as a simple hub

Question 168

A flood guard protects against:

Answer 168

MAC flood attacks by limiting the amount of memory used to store MAC addresses for each port or setting the maximum number of MACs supports by a port

Question 169

A flood guard typically sends a:

Answer 169

Simple Network Management Protocol (SNMP) trap or error message in response to the alert

Question 170

A flood guard can either:

Answer 170

disable the port or restrict updates for the port

Question 171

A router connects:

Answer 171

multiple network segments together into a single network and routes traffic between the segments

Question 172

Because routers don’t pass broadcasts, they:

Answer 172

effectively reduce traffic on any single segment

Question 173

Segments separated by routers are sometimes referred to as:

Answer 173

broadcast domains

Question 174

If a network has too many computers on a single segment, broadcasts can result in:

Answer 174

excessive collisions and reduce network performance

Question 175

Most routers are:

Answer 175

physical devices, and physical routers are the most efficient

Question 176

Other than physical routers, it’s possible to add:

Answer 176

routing software to computers with more than one NIC

Question 177

Access control lists (ACLs) are:

Answer 177

rules implemented on a router (and on firewalls) to identify what traffic is allowed and what traffic is denied

Question 178

Router ACLs provide:

Answer 178

basic packet filtering

Question 179

Router ACLs filter packets based on:

Answer 179

IP addresses

ports

some protocols, such as ICMP or IPsec, based on the protocol identifiers

Question 180

What are some protocol identifiers?

Answer 180

IP addresses and networks

Logical Ports

Protocol numbers

Question 181

Implicit deny indicates:

Answer 181

that all traffic that isn’t explicitly allowed is implicitly denied

Question 182

Implicit deny is:

Answer 182

the last rule in the ACL

Some devices automatically apply the implicit deny rule as the last rule

Other devices require an administrator to place the rule at the end of the ACL manually

Question 183

Syntax of an implicit deny rule varies on different systems, but it might be something like:

Answer 183

DENY ANY ANY

DENY ALL ALL

Question 184

Attackers often use spoofing to:

Answer 184

impersonate or masquerade as someone or something else

Question 185

In the context of routers, an attacker will spoof:

Answer 185

the source IP address by replacing the actual source IP address with a different one

Question 186

You can implement antispoofing on a router by:

Answer 186

modifying the access list to allow or block IP addresses

Question 187

A network bridge connects:

Answer 187

multiple networks together and can be used instead of a router in some situations

Question 188

A bridge directs traffic based on:

Answer 188

the destination MAC address

Question 189

An aggregation switch connects:

Answer 189

multiple switches together in a network and then connects to the router to reduce the number of ports used in the router

Question 190

Aggregate simply means that:

Answer 190

you are creating something larger from smaller elements

Question 191

If you replace the bridge with a switch, the switch is an:

Answer 191

aggregation switch

Question 192

A firewall filters:

Answer 192

incoming and outgoing traffic for a single host or between networks

Question 193

A firewall can ensure:

Answer 193

only specific types of traffic are allowed into a network or host, and only specific types of traffic are allowed out of a network or host

Question 194

Host-based firewall monitors:

Answer 194

traffic going in and out of a single host, such as a server or a workstation, and can prevent intrusions into the computer via the NIC

Question 195

Personal firewalls provide:

Answer 195

valuable protection for systems against unwanted intrusions

Question 196

It’s especially important to use personal firewalls when:

Answer 196

accessing the Internet in a public place

Question 197

Connecting to a public Wi-Fi hot spot without the personal firewall enabled is:

Answer 197

risky, and never recommended

Question 198

An application-based firewall is:

Answer 198

typically software running on a system

Question 199

A network-based firewall would have:

Answer 199

two or more network interface cards (NICs) and all traffic passes through the firewall.

Question 200

Stateless firewalls use:

Answer 200

rules implemented as ACLs to identify allowed and blocked traffic

Question 201

Although rules within ACLs look a little different depending on what hardware you’re using, they generally take the following format:

Answer 201

Permission Protocol Source Destination Port

Permission (you’ll typically see this as PERMIT or ALLOW)

Protocol (you’ll typically see TCP or UDP)

Source (traffic comes from a source IP address)

Destination (traffic is addressed to a destination IP address)

Port or protocol (you’ll typically see the well-known port such as port 80 for HTTP)

Question 202

Stateful firewall inspects:

Answer 202

traffic and makes decisions based on the context, or state, of the traffic

Question 203

Stateful firewall keeps track of:

Answer 203

established sessions and inspects traffic based on its state within a session.

Question 204

A common security issue with stateless firewalls is:

Answer 204

misconfigured ACLs

Question 205

A web application firewall (WAF) is:

Answer 205

a firewall specifically designed to protect a web application, which is commonly hosted on a web server

Question 206

A web application fire can be a:

Answer 206

stand-alone appliance, or software added to another device

Question 207

Most networks have Internet connectivity, but it’s rare to connect a network directly to the Internet. Two terms that are relevant here are:

Answer 207

Intranet

Extranet

Question 208

An intranet is:

Answer 208

an internal network people use to communicate and share content with each other

Question 209

An extranet is:

Answer 209

part of a network that can be accessed by authorized entities from outside the network

Question 210

A demilitarized zone (DMZ) is a:

Answer 210

buffered zone between a private network and the Internet

Question 211

A demilitarized zone (DMZ) provides a:

Answer 211

layer of protection for these Internet-facing servers, while allowing clients to connect to them

Question 212

Network Address Translation (NAT) is a:

Answer 212

protocol that translates public IP addresses to private IP addresses and private addresses back to public

Question 213

What is Port Address Translation (PAT)?

Answer 213

a commonly used form of NAT is network address and port translation

Question 214

Some of the benefits of Network Address Translation (NAT) include:

Answer 214

Public IP addresses don’t need to be purchased for all clients

NAT hides internal computers from the Internet

Static NAT

Dynamic NAT

Question 215

Static NAT uses:

Answer 215

a single public IP address in a one-to-one mapping. It maps a private IP address with a single public IP address

Question 216

Dynamic NAT uses:

Answer 216

multiple public IP addresses in a one-to-many mapping.

Question 217

Network segregation provides:

Answer 217

basic separation

Question 218

Network segmentation refers to:

Answer 218

putting traffic on different segments

Question 219

Network isolation indicates:

Answer 219

the systems are completely separate

Question 220

Physical isolation ensures:

Answer 220

that a network isn’t connected to any other network

Question 221

Supervisory control and data acquisition (SCADA) systems are typically:

Answer 221

industrial control systems within a large facilities such as power plants or water treatment facilities

Question 222

An airgap is:

Answer 222

a metaphor for physical isolation, indicating that there is a gap of air between an isolated system and other systems

Question 223

Administrators use subnetting to:

Answer 223

divide larger IP address ranges into smaller ranges

Question 224

A Layer 2 switch uses:

Answer 224

the destination MAC address within packets to determine the destination port

Question 225

A Layer 2 switch forwards:

Answer 225

broadcast traffic to all ports on the switch

Question 226

A Layer 3 switch mimics:

Answer 226

the behavior of a router and allows network administrators to create virtual local area network (VLAN)

Question 227

A virtual local area network (VLAN) uses:

Answer 227

a switch to group several different computers into a virtual network

Question 228

A single Layer 3 switch can create:

Answer 228

multiple VLANs to separate the computers based on logical needs rather than physical location

Question 229

A media gateway is a:

Answer 229

device that converts data from the format used on one network to the format used on another network

Question 230

Many networks use proxy servers to:

Answer 230

forward requests for services (such as HTTP or HTTPS) from clients

Question 231

Proxy servers can:

Answer 231

improve performance by caching content and some proxy servers can restrict user’s access to inappropriate web sites by filtering content

Question 232

The proxy server increases:

Answer 232

the performance of Internet requests by caching each result received from the Internet

Question 233

Cache simply means:

Answer 233

“temporary storage”

Question 234

Cache could be:

Answer 234

a dedicated area of RAM, or, in some situations, it could be an area on a high-performance disk subsystem

Question 235

A transparent proxy will:

Answer 235

accept and forward request without modifying them

Question 236

A nontransparent proxy server can:

Answer 236

modify or filter requests

Question 237

A URL filter examines:

Answer 237

the requested URL and chooses to allow the request or deny the request

Question 238

A reverse proxy accepts:

Answer 238

requests from the Internet, typically for a single web server

Question 239

The reverse proxy server can be used for:

Answer 239

a single web server or a web farm of multiple servers

Question 240

When used with a web farm a reverse proxy server can act as a:

Answer 240

load balancer

Question 241

You would place the load balancer in the:

Answer 241

DMZ to accept the requests and it then forwards the requests to different servers in the web farm using a load-balancing algorithm

Question 242

An application proxy is used for:

Answer 242

specific applications and it accepts requests, forwards the requests to the appropriate server, and then sends the response to the original requestor

Question 243

Unified threat management (UTM) is a:

Answer 243

single solution that combines multiple security controls

Question 244

The overall goal of Unified threat management (UTM) is:

Answer 244

to provide better security, while also simplifying management requirements

Question 245

A United threat management (UTM) device will reduce:

Answer 245

the workload of administrators without sacrificing security

Question 246

A United threat management (UTM) security appliances combine:

Answer 246

the features of multiple security solutions into a single appliance

Question 247

A United threat management (UTM) security appliances include multiple capabilities, including:

Answer 247

URL filtering

Malware inspection

Content inspection

DDoS mitigator

Question 248

Content inspection includes:

Answer 248

a combination of different content filters

can also include a spam filter to inspect incoming email and reject spam

can also block specific types of transmissions, such as streaming audio and video, and specific types of files such as Zip files

Question 249

Content inspection monitors:

Answer 249

incoming data streams and attempts to block any malicious content

Question 250

DDoS mitigator attempts tp:

Answer 250

detect DDoS attacks and block them

Question 251

A common security issue with A United threat management (UTM) is:

Answer 251

a misconfigured content filter

Question 252

It’s common to place A United threat management (UTM) appliances at:

Answer 252

the network border, between the Internet and the intranet (or the private network)

Question 253

A mail gateway is a:

Answer 253

server that examines all incoming and outgoing email and attempts to reduce risks associated with email

Question 254

Administrators locate a mail gateway between:

Answer 254

the email server and the Internet and configure it for their purposes

Question 255

Mail gateways often include:

Answer 255

data loss prevention (DLP) capabilities

Question 256

Mail gateways examine:

Answer 256

outgoing email looking for confidential or sensitive information and block them

Question 257

What are the common use cases that you can implement with switches:

Answer 257

Prevent switching loops

Block flood attacks

Prevent unauthorized users from connecting to unused ports

Provide increased segmentation of user computers

Question 258

Simple Network Management Protocol version 3 (SNMPv3) monitors:

Answer 258

and manages network devices, such as routers or switches

Question 259

Simple Network Management Protocol version 3 (SNMPv3) modifies:

Answer 259

the configuration of the devices or have network devices report status back to a central network management system

Question 260

What are the common use cases that you can implement with routers:

Answer 260

Prevent IP address spoofing

Provide secure management of routers