Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

INFO-6010-(01-01OL)-23F > CHAPTER 4 - Communication and Network Security > Flashcards

CHAPTER 4 - Communication and Network Security Flashcards

1
Q
  1. How does TKIP provide more protection for WLAN environments?
    A. It uses the AES algorithm.
    B. It decreases the IV size and uses the AES algorithm.
    C. It adds more keying material.
    D. It uses MAC and IP filtering.
A

C. The TKIP protocol actually works with WEP by feeding it keying material, which is
data to be used for generating random keystreams. TKIP increases the IV size, ensures it is
random for each packet, and adds the sender’s MAC address to the keying material.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Which of the following is not a characteristic of the IEEE 802.11a standard?
    A. It works in the 5-GHz range.
    B. It uses the OFDM spread spectrum technology.
    C. It provides 52 Mbps in bandwidth.
    D. It covers a smaller distance than 802.11b.
A
  1. C. The IEEE standard 802.11a uses the OFDM spread spectrum technology, works in the
    5-GHz frequency band, and provides bandwidth of up to 54 Mbps. The operating range is
    smaller because it works at a higher frequency.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Why are switched infrastructures safer environments than routed networks?
    A. It is more difficult to sniff traffic since the computers have virtual private connections.
    B. They are just as unsafe as nonswitched environments.
    C. The data link encryption does not permit wiretapping.
    D. Switches are more intelligent than bridges and implement security mechanisms.
A
  1. A. Switched environments use switches to allow different network segments and/or
    systems to communicate. When this communication takes place, a virtual connection is set
    up between the communicating devices. Since it is a dedicated connection, broadcast and
    collision data are not available to other systems, as in an environment that uses only
    bridges and routers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following protocols is considered connection-oriented?
    A. IP
    B. ICMP
    C. UDP
    D. TCP
A
  1. D. TCP is the only connection-oriented protocol listed. A connection-oriented protocol
    provides reliable connectivity and data transmission, while a connectionless protocol
    provides unreliable connections and does not promise or ensure data transmission.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of the following can take place if an attacker can insert tagging values into networkand
    switch-based protocols with the goal of manipulating traffic at the data link layer?
    A. Open relay manipulation
    B. VLAN hopping attack
    C. Hypervisor denial-of-service attack
    D. Smurf attack
A
  1. B. VLAN hopping attacks allow attackers to gain access to traffic in various VLAN
    segments. An attacker can have a system act as though it is a switch. The system
    understands the tagging values being used in the network and the trunking protocols, and
    can insert itself between other VLAN devices and gain access to the traffic going back and
    forth. Attackers can also insert tagging values to manipulate the control of traffic at this
    data link layer.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which of the following proxies cannot make access decisions based upon protocol
    commands?
    A. Application
    B. Packet filtering
    C. Circuit
    D. Stateful
A
  1. C. Application and circuit are the only types of proxy-based firewall solutions listed here.
    The others do not use proxies. Circuit-based proxy firewalls make decisions based on
    header information, not the protocol’s command structure. Application-based proxies are
    the only ones that understand this level of granularity about the individual protocols.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which of the following is a bridge-mode technology that can monitor individual traffic
    links between virtual machines or can be integrated within a hypervisor component?
    A. Orthogonal frequency division
    B. Unified threat management modem
    C. Virtual firewall
    D. Internet Security Association and Key Management Protocol
A
  1. C. Virtual firewalls can be bridge-mode products, which monitor individual traffic links
    between virtual machines, or they can be integrated within the hypervisor. The hypervisor
    is the software component that carries out virtual machine management and oversees guest
    system software execution. If the firewall is embedded within the hypervisor, then it can
    “see” and monitor all the activities taking place within the one system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which of the following shows the layer sequence as layers 2, 5, 7, 4, and 3?
    A. Data link, session, application, transport, and network
    B. Data link, transport, application, session, and network
    C. Network, session, application, network, and transport
    D. Network, transport, application, session, and presentation
A
  1. A. The OSI model is made up of seven layers: application (layer 7), presentation (layer 6),
    session (layer 5), transport (layer 4), network (layer 3), data link (layer 2), and physical
    (layer 1).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which of the following technologies integrates previously independent security solutions
    with the goal of providing simplicity, centralized control, and streamlined processes?
    A. Network convergence
    B. Security as a service
    C. Unified threat management
    D. Integrated convergence management
A
  1. C. It has become very challenging to manage the long laundry list of security solutions
    almost every network needs to have in place. The list includes, but is not limited to,
    firewalls, antimalware, antispam, IDS\IPS, content filtering, data leak prevention, VPN
    capabilities, and continuous monitoring and reporting. Unified threat management (UTM)
    appliance products have been developed that provide all (or many) of these functionalities
    in a single network appliance. The goals of UTM are simplicity, streamlined installation
    and maintenance, centralized control, and the ability to understand a network’s security
    from a holistic point of view.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Metro Ethernet is a MAN protocol that can work in network infrastructures made up of
    access, aggregation, metro, and core layers. Which of the following best describes these
    network infrastructure layers?
    A. The access layer connects the customer’s equipment to a service provider’s aggregation
    network. Aggregation occurs on a core network. The metro layer is the metropolitan
    area network. The core connects different metro networks.
    B. The access layer connects the customer’s equipment to a service provider’s core
    network. Aggregation occurs on a distribution network at the core. The metro layer is
    the metropolitan area network.
    C. The access layer connects the customer’s equipment to a service provider’s aggregation
    network. Aggregation occurs on a distribution network. The metro layer is the
    metropolitan area network. The core connects different access layers.
    D. The access layer connects the customer’s equipment to a service provider’s aggregation
    network. Aggregation occurs on a distribution network. The metro layer is the
    metropolitan area network. The core connects different metro networks.
A
  1. D. The access layer connects the customer’s equipment to a service provider’s aggregation
    network. Aggregation occurs on a distribution network. The metro layer is the metropolitan
    area network. The core connects different metro networks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which of the following provides an incorrect definition of the specific component or
    protocol that makes up IPSec?
    A. Authentication Header protocol provides data integrity, data origin authentication, and
    protection from replay attacks.
    B. Encapsulating Security Payload protocol provides confidentiality, data origin
    authentication, and data integrity.
    C. Internet Security Association and Key Management Protocol provides a framework for
    security association creation and key exchange.
    D. Internet Key Exchange provides authenticated keying material for use with encryption
    algorithms.
A
  1. D. Authentication Header protocol provides data integrity, data origin authentication, and
    protection from replay attacks. Encapsulating Security Payload protocol provides
    confidentiality, data origin authentication, and data integrity. Internet Security Association
    and Key Management Protocol provides a framework for security association creation and
    key exchange. Internet Key Exchange provides authenticated keying material for use with
    ISAKMP.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Systems that are built on the OSI framework are considered open systems. What does this
    mean?
    A. They do not have authentication mechanisms configured by default.
    B. They have interoperability issues.
    C. They are built with internationally accepted protocols and standards so they can easily
    communicate with other systems.
    D. They are built with international protocols and standards so they can choose what types
    of systems they will communicate with.
A
  1. C. An open system is a system that has been developed based on standardized protocols
    and interfaces. Following these standards allows the systems to interoperate more
    effectively with other systems that follow the same standards.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of the following protocols work in the following layers: application, data link,
    network, and transport?
    A. FTP, ARP, TCP, and UDP
    B. FTP, ICMP, IP, and UDP
    C. TFTP, ARP, IP, and UDP
    D. TFTP, RARP, IP, and ICMP
A
  1. C. Different protocols have different functionalities. The OSI model is an attempt to
    describe conceptually where these different functionalities take place in a networking stack.
    The model attempts to draw boxes around reality to help people better understand the
    stack. Each layer has a specific functionality and has several different protocols that can
    live at that layer and carry out that specific functionality. These listed protocols work at
    these associated layers: TFTP (application), ARP (data link), IP (network), and UDP
    (transport).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What takes place at the data link layer?
    A. End-to-end connection
    B. Dialog control
    C. Framing
    D. Data syntax
A

C. The data link layer, in most cases, is the only layer that understands the environment in
which the system is working, whether it be Ethernet, Token Ring, wireless, or a connection
to a WAN link. This layer adds the necessary headers and trailers to the frame. Other
systems on the same type of network using the same technology understand only the
specific header and trailer format used in their data link technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. What takes place at the session layer?
    A. Dialog control
    B. Routing
    C. Packet sequencing
    D. Addressing
A
  1. A. The session layer is responsible for controlling how applications communicate, not how
    computers communicate. Not all applications use protocols that work at the session layer,
    so this layer is not always used in networking functions. A session layer protocol will set
    up the connection to the other application logically and control the dialog going back and
    forth. Session layer protocols allow applications to keep track of the dialog.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which best describes the IP protocol?
    A. A connectionless protocol that deals with dialog establishment, maintenance, and
    destruction
    B. A connectionless protocol that deals with the addressing and routing of packets
    C. A connection-oriented protocol that deals with the addressing and routing of packets
    D. A connection-oriented protocol that deals with sequencing, error detection, and flow
    control
A
  1. B. The IP protocol is connectionless and works at the network layer. It adds source and
    destination addresses to a packet as it goes through its data encapsulation process. IP can
    also make routing decisions based on the destination address.
17
Q
  1. Which of the following is not a characteristic of the Protected Extensible Authentication
    Protocol?
    A. Authentication protocol used in wireless networks and point-to-point connections
    B. Designed to provide authentication for 802.11 WLANs
    C. Designed to support 802.1X port access control and Transport Layer Security
    D. Designed to support password-protected connections
A
  1. D. PEAP is a version of EAP and is an authentication protocol used in wireless networks
    and point-to-point connections. PEAP is designed to provide authentication for 802.11
    WLANs, which support 802.1X port access control and TLS. It is a protocol that
    encapsulates EAP within a potentially encrypted and authenticated TLS tunnel.
18
Q
  1. The ______________ is an IETF-defined signaling protocol, widely used for controlling
    multimedia communication sessions such as voice and video calls over IP.
    A. Session Initiation Protocol
    B. Real-time Transport Protocol
    C. SS7
    D. VoIP
A
  1. A. The Session Initiation Protocol (SIP) is an IETF-defined signaling protocol, widely used
    for controlling multimedia communication sessions such as voice and video calls over IP.
    The protocol can be used for creating, modifying, and terminating two-party (unicast) or
    multiparty (multicast) sessions consisting of one or several media streams.
19
Q
  1. Which of the following is not one of the stages of the DHCP lease process?
    i. Discover
    ii. Offer
    iii. Request
    iv. Acknowledgment
    A. All of them
    B. None of them
    C. i, ii
    D. ii, iii
A
  1. B. The four-step DHCP lease process is
  2. DHCPDISCOVER message: This message is used to request an IP address lease from
    a DHCP server.
  3. DHCPOFFER message: This message is a response to a DHCPDISCOVER message,
    and is sent by one or numerous DHCP servers.
  4. DHCPREQUEST message: The client sends this message to the initial DHCP server
    that responded to its request.
  5. DHCPACK message: This message is sent by the DHCP server to the DHCP client
    and is the process whereby the DHCP server assigns the IP address lease to the DHCP
    client.
20
Q
  1. An effective method to shield networks from unauthenticated DHCP clients is through the
    use of _______________ on network switches.
    A. DHCP snooping
    B. DHCP protection
    C. DHCP shielding
    D. DHCP caching
A
  1. A. DHCP snooping ensures that DHCP servers can assign IP addresses to only selected
    systems, identified by their MAC addresses. Also, advance network switches now have the
    capability to direct clients toward legitimate DHCP servers to get IP addresses and to
    restrict rogue systems from becoming DHCP servers on the network.
21
Q
  1. Which of the following is most likely the issue that Grace’s team experienced when their
    systems went offline?
    A. Three critical systems were connected to a dual-attached station.
    B. Three critical systems were connected to a single-attached station.
    C. The secondary FDDI ring was overwhelmed with traffic and dropped the three critical
    systems.
    D. The FDDI ring is shared in a metropolitan environment and only allows each company
    to have a certain number of systems connected to both rings.
A
  1. B. A single-attachment station (SAS) is attached to only one ring (the primary) through a
    concentrator. If the primary goes down, it is not connected to the backup secondary ring. A
    dual-attachment station (DAS) has two ports and each port provides a connection for both
    the primary and the secondary rings.
22
Q
  1. Which of the following is the best type of fiber that should be implemented in this
    scenario?
    A. Single mode
    B. Multimode
    C. Optical carrier
    D. SONET
A
  1. B. In single mode, a small glass core is used for high-speed data transmission over long
    distances. This scenario specifies campus building-to-building connections, which are
    usually short distances. In multimode, a large glass core is used and is able to carry more
    data than single-mode fibers, though they are best for shorter distances because of their
    higher attenuation levels.
23
Q
  1. Which of the following is the best and most cost-effective countermeasure for Grace’s
    team to put into place?
    A. Network address translation
    B. Disallowing unnecessary ICMP traffic coming from untrusted networks
    C. Application-based proxy firewall
    D. Screened subnet using two firewalls from two different vendors
A
  1. B. The attack description is a smurf attack. In this situation the attacker sends an ICMP
    Echo Request packet with a spoofed source address to a victim’s network broadcast
    address. This means that each system on the victim’s subnet receives an ICMP Echo
    Request packet. Each system then replies to that request with an ICMP Echo Response
    packet to the spoof address provided in the packets—which is the victim’s address. All of
    these response packets go to the victim system and overwhelm it because it is being
    bombarded with packets it does not necessarily know how to process. Filtering out
    unnecessary ICMP traffic is the cheapest solution.
24
Q
  1. Which of the following is most likely taking place to allow spurious packets to gain
    unauthorized access to critical servers?
    A. TCP sequence hijacking is taking place.
    B. Source routing is not restricted.
    C. Fragment attacks are underway.
    D. Attacker is tunneling communication through PPP.
A
  1. B. Source routing means the packet decides how to get to its destination, not the routers in
    between the source and destination computer. Source routing moves a packet throughout a
    network on a predetermined path. To make sure none of this misrouting happens, many
    firewalls are configured to check for source routing information within the packet and deny
    it if it is present.
25
Q
  1. Which of the following best describes the firewall configuration issues Sean’s team
    member is describing?
    A. Clean-up rule, stealth rule
    B. Stealth rule, silent rule
    C. Silent rule, negate rule
    D. Stealth rule, silent rule
A
  1. C. The following describes the different firewall rule types:
    * Silent rule Drops “noisy” traffic without logging it. This reduces log sizes by not
    responding to packets that are deemed unimportant.
    * Stealth rule Disallows access to firewall software from unauthorized systems.
    * Cleanup rule The last rule in the rule base, which drops and logs any traffic that does
    not meet the preceding rules.
    * Negate rule Used instead of the broad and permissive “any rules.” Negate rules provide
    tighter permission rights by specifying what system can be accessed and how.
26
Q
  1. Which of the following best describes why Sean’s team wants to put in the mentioned
    countermeasure for the most commonly attacked systems?
    A. Prevent production system hijacking
    B. Reduce DoS attack effects
    C. Gather statistics during the process of an attack
    D. Increase forensic capabilities
A
  1. B. A tarpit is commonly a piece of software configured to emulate a vulnerable, running
    service. Once the attackers start to send packets to this “service,” the connection to the
    victim system seems to be live and ongoing, but the response from the victim system is
    slow and the connection may time out. Most attacks and scanning activities take place
    through automated tools that require quick responses from their victim systems. If the
    victim systems do not reply or are very slow to reply, the automated tools may not be
    successful because the protocol connection times out. This can reduce the effects of a DoS
    attack.
27
Q
  1. Based upon the information in the scenario, what should the network team implement as it
    pertains to IPv6 tunneling?
    A. Teredo should be configured on IPv6-aware hosts that reside behind the NAT device.
    B. 6to4 should be configured on IPv6-aware hosts that reside behind the NAT device.
    C. Intra-Site Automatic Tunnel Addressing Protocol should be configured on IPv6-aware
    hosts that reside behind the NAT device.
    D. IPv6 should be disabled on all systems.
A
  1. A. Teredo encapsulates IPv6 packets within UDP datagrams with IPv4 addressing. IPv6-
    aware systems behind the NAT device can be used as Teredo tunnel endpoints even if they
    do not have a dedicated public IPv4 address.
28
Q
  1. Which of the following is the best countermeasure for the attack type addressed in the
    scenario?
    A. DNSSEC
    B. IPSec
    C. Split server configurations
    D. Disabling zone transfer
A
  1. A. DNSSEC protects DNS servers from forged DNS information, which is commonly used
    to carry out DNS cache poisoning attacks. If DNSSEC is implemented, then all responses
    that the server receives will be verified through digital signatures. This helps ensure that an
    attacker cannot provide a DNS server with incorrect information, which would point the
    victim to a malicious website.
29
Q
  1. Which of the following technologies should Lance’s team investigate for increased
    authentication efforts?
    A. Challenge Handshake Authentication Protocol
    B. Simple Authentication and Security Layer
    C. IEEE 802.2AB
    D. EAP-SSL
A
  1. B. Simple Authentication and Security Layer is a protocol-independent authentication
    framework. This means that any protocol that knows how to interact with SASL can use its
    various authentication mechanisms without having to actually embed the authentication
    mechanisms within its code.
30
Q
  1. Wireless LAN technologies have gone through different versions over the years to address
    some of the inherent security issues within the original IEEE 802.11 standard. Which of the
    following provides the correct characteristics of Wi-Fi Protected Access 2 (WPA2)?
    A. IEEE 802.1X, WEP, MAC
    B. IEEE 802.1X, EAP, TKIP
    C. IEEE 802.1X, EAP, WEP
    D. IEEE 802.1X, EAP, CCMP
A
  1. D. Wi-Fi Protected Access 2 requires IEEE 802.1X or preshared keys for access control,
    EAP or preshared keys for authentication, and AES algorithm in counter mode with CBCMAC
    Protocol (CCMP) for encryption.
31
Q
  1. Alice wants to send a message to Bob, who is several network hops away from her. What is
    the best approach to protecting the confidentiality of the message?
    A. PPTP
    B. S/MIME
    C. Link encryption
    D. SSH
A
  1. B. Secure Multipurpose Internet Mail Extensions (S/MIME) is a standard for encrypting
    and digitally signing e-mail and for providing secure data transmissions using public key
    infrastructure (PKI).
32
Q
  1. Charlie uses PGP on his Linux-based e-mail client. His friend Dave uses S/MIME on his
    Windows-based e-mail. Charlie is unable to send an encrypted e-mail to Dave. What is the
    likely reason?
    A. PGP and S/MIME are incompatible.
    B. Each has a different secret key.
    C. Each is using a different CA.
    D. There is not enough information to determine the likely reason.
A
  1. A. PGP uses a decentralized web of trust for its PKI, while S/MIME relies on centralized

INFO-6010-(01-01OL)-23F (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions