Chapter 7

Question 1

At what layer of the OSI model does the IPSec encryption protocol operate?​

a. ​Transport layer
b. ​Application layer
c. ​Network layer
d. ​Physical layer

Answer 1

c. ​Network layer

Question 2

After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel.​
True
False

Answer 2

False

Question 3

An enterprise-wide VPN can include elements of both the client-to-site and site-to-site models.
True
False

Answer 3

True

Question 4

When using a site-to-site VPN, what type of device sits at the edge of the LAN and establishes the connection between sites?​

a. ​VPN transport
b. ​VPN gateway
c. ​VPN proxy
d. ​VPN server

Answer 4

b. ​VPN gateway

Question 5

Digital certificates are issued by organizations known as what term?​

a. ​certification registrars
b. ​certification authorities
c. ​identity verifiers
d. ​certificate exchanges

Answer 5

b. ​certification authorities

Question 6

What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices?

a. ​IaaS
b. ​XaaS
c. ​PaaS
d. ​SaaS

Answer 6

d. ​SaaS

Question 7

The combination of a public key and a private key are known by what term below?

a. ​key team
b. ​key set
c. ​key pair
d. ​key tie

Answer 7

c. ​key pair

Question 8

PPP can support several types of Network layer protocols that might use the connection.​

True
False

Answer 8

True

Question 9

What option below is not an encryption algorithm method that is used by SSH?

a. ​Kerberos
b. ​SHA-2
c. ​RSA
d. ​DES

Answer 9

b. ​SHA-2

Question 10

What protocol below only provides the framework for authenticating clients and servers, but relies on other encryption and authentication schemes to verify the credentials of clients or servers?

a. ​MS-CHAPv2
b. ​EAP
c. ​MS-CHAP
d. ​TKIP

Answer 10

b. ​EAP

Question 11

What protocol below is a Microsoft proprietary protocol first available in Windows Vista?​

a. ​PPTP
b. ​L2TP
c. ​SSTP
d. ​TTLS

Answer 11

c. ​SSTP

Question 12

Windows, UNIX, Linux, and Mac OS clients are all capable of connecting to a VPN using PPTP.
True
False

Answer 12

true

Question 13

The MD5 hashing algorithm is not susceptible to the possibility of hash collisions.​
True
False

Answer 13

True

Question 14

A SecurID key chain fob from RSA security generates a password that changes how often?

a. ​every 30 seconds
b. ​every 70 seconds
c. ​every 20 seconds
d. ​every 60 seconds

Answer 14

d. ​every 60 seconds

Question 15

How often should administrators and network users be required to change their password?

a. 90 days
b. 60 days
c. ​120 days
d. ​180 days

Answer 15

b. 60 days

Question 16

The original version of the Secure Hashing Algorithm (SHA) was developed by the NSA, and used a hash of what length?​

a. ​128 bit
b. ​256 bit
c. ​512 bit
d. ​160 bit

Answer 16

b. ​256 bit

Question 17

What encryption protocol was designed as more of an integrity check for WEP transmissions rather than a sophisticated encryption protocol?​

a. ​Kerberos
b. ​AES
c. ​EAP
d. ​TKIP

Answer 17

d.

Question 18

The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field?​

a. priority​
b. ​encryption
c. ​FCS
d. ​FEC

Answer 18

c. ​FCS

Question 19

An enterprise-wide VPN can include elements of both the client-to-site and site-to-site models. (A) True (B) False

Answer 19

Answer : (A)

Question 20

After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel.​
(A) True
(B) False

Answer 20

Answer : (B)

Question 21

The MD5 hashing algorithm is not susceptible to the possibility of hash collisions.​
(A) True
(B) False

Answer 21

Answer : (B)

Question 22

PPP can support several types of Network layer protocols that might use the connection.​
(A) True
(B) False

Answer 22

Answer : (A)

Question 23

​Windows, UNIX, Linux, and Mac OS clients are all capable of connecting to a VPN using PPTP.
(A) True
(B) False

Answer 23

Answer : (A)

Question 24

Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers?​ 
(A) IaaS​
(B) ​PaaS 
(C) ​SaaS 
(D) ​XaaS

Answer 24

Answer : (A)

Question 25

​What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices? (A) ​IaaS
(B) ​SaaS
(C) ​XaaS
(D) ​PaaS

Answer 25

Answer : (B)

Question 26

​Which of the following is NOT an encryption algorithm used by SSH? 
(A) ​SHA-2 
(B) ​DES 
(C) ​RSA 
(D) ​Kerberos

Answer 26

Answer : (A)

Question 27

​The SSH service listens on what TCP port? 
(A) ​20 
(B) ​21 
C) ​22 
(D) ​23

Answer 27

Answer : (C)

Question 28

The original version of the Secure Hashing Algorithm (SHA) was developed by the NSA, and
used a hash of what length?​
 (A) ​128 bit 
B) ​160 bit 
(C) ​256 bit 
(D) ​512 bit

Answer 28

Answer : (B)

Question 29

​What protocol below only provides the framework for authenticating clients and servers, but relies on other encryption and authentication schemes to verify the credentials of clients or servers? 
(A) ​MS-CHAP 
(B) ​MS-CHAPv2 
(C) ​EAP 
(D) ​TKIP

Answer 29

Answer : (C)

Question 30

When using public and private keys to connect to an SSH server, where must your public key be placed before you can connect?​
(A) ​In an authorization file under your home directory on your computer.
(B) ​In an authorization file on the host where the SSH server is.
C) ​In the /etc/ssh/keys folder.
(D) ​In the /var/run/ssh/public folder.

Answer 30

Answer : (B)

Question 31

What security principle provides proof of delivery and proof of the sender's identity?​ 
(A) ​utility 
(B) ​integrity 
(C) ​availability 
(D) ​non-repudiation

Answer 31

Answer : (D)

Question 32

​The combination of a public key and a private key are known by what term below?
(A) ​key set 
(B) ​key team 
(C) ​key pair 
D) ​key tie

Answer 32

Answer : (C)

Question 33

Digital certificates are issued by organizations known as what term?​ 
(A) ​certification authorities 
(B) ​certification registrars 
(C) ​identity verifiers 
(D) ​certificate exchanges

Answer 33

Answer : (A)

Question 34

​What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission? 
(A) ​L2TP 
(B) ​TLS 
(C) ​IPsec 
(D) ​SSL

Answer 34

Answer : (C)

Question 35

At what layer of the OSI model does the IPsec encryption protocol operate?​ 
(A) ​Physical layer 
(B) ​Network layer 
(C) ​Transport layer 
(D) ​Application layer

Answer 35

Answer : (B)

Question 36

The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field?​ 
(A) priority​
(B) ​FCS 
C) ​FEC 
(D) ​encryption

Answer 36

Answer : (B)

Question 37

When using a site-to-site VPN, what type of device sits at the edge of the LAN and establishes the connection between sites?​ 
(A) ​VPN proxy
 (B) ​VPN server 
(C) ​VPN transport 
(D) ​VPN gateway

Answer 37

Answer : (D)

Question 38

Amazon and Rackspace both utilize what virtualization software below to create their cloud environments?​ 
(A) ​VMware vSphere 
B) ​Oracle VirtualBox 
C) ​Parallels 
(D) ​Citrix Xen

Answer 38

Answer : (D)

Question 39

What protocol below is a Microsoft proprietary protocol first available in Windows Vista?​ 
(A) ​L2TP 
(B) ​PPTP 
(C) ​TTLS (
D) ​SSTP

Answer 39

Answer : (D)

Question 40

What authentication protocol sends authentication information in cleartext without encryption?​
(A) ​PAP 
B) ​MS-CHAP
(C) ​MS-CHAPv2 
D) ​EAP

Answer 40

Answer : (A)

Question 41

​How often should administrators and network users be required to change their password? 
(A) 60 days 
(B) 90 days 
(C) ​120 days 
(D) ​180 days

Answer 41

Answer : (A)

Question 42

What encryption protocol was designed as more of an integrity check for WEP transmissions rather than a sophisticated encryption protocol?​ 
(A) ​Kerberos 
(B) ​TKIP 
(C) ​AES 
(D) ​EAP

Answer 42

Answer : (B)

Question 43

A SecurID key chain fob from RSA security generates a password that changes how often? 
(A) ​every 20 seconds
(B) ​every 30 seconds 
(C) ​every 60 seconds 
(D) ​every 70 seconds

Answer 43

Answer : (C)

Question 44

The _________________ cloud service model provides virtual environments online that can be tailored to the needs of developers.

Answer 44

Answer : Platform as a Service (PaaS)

Question 45

A _________________ is a service that is shared between multiple organizations, but not available publicly.​

Answer 45

Answer : community cloud

Question 46

A variant of TLS is ___________________, which provides authentication like SSL/TLS, but does not require a certificate for each user.​

Answer 46

Answer : Tunneled Transport Layer Security (TTLS)

Question 47

In Kerberos, a temporary set of credentials that a client uses to prove that its identity has been validated is known as a _____________.

Answer 47

Answer : ticket

Question 48

When PPP is used over an Ethernet network, it is known as ________________.​Answer : PPPoE Answer : Point to Point over Ethernet

Answer 48

Answer : PPPoE Answer : Point to Point over Ethernet

Question 49

In which cloud computing service model are hardware services provided virtually, including network infrastructure devices such as virtual servers?

Answer 49

Answer: IaaS (Infrastructure as a Service)

Question 50

Which of the following cloud deployment models would the Internet be considered as an example?

a. Community
b. Private
c. Public
d. Hybrid

Answer 50

Answer: C

Question 51

A ______ is a virtual connection between a client and a remote network, two remote networks, or two remote hosts over the Internet, to remotely provide network resources.

Answer 51

Answer: virtual private network or VPN

Question 52

Which remote access protocol is an earlier protocol that does not support encryption, can carry only IP packets, and works strictly on serial connections?

Answer 52

Answer: SLIP or Serial Line Internet Protocol

Question 53

Most VPN tunneling protocols operate at the _____ layer to encapsulate the VPN frame into a Network packet.

Answer 53

Answer: Data Link

Question 54

Because public key encryption requires the use of two different keys, it is also known as _____ encryption.

Answer 54

Answer: asymmetric

Question 55

Which of the following terms best describe a small file containing verified identification information about the user and the user’s public key?

a. certificate authority
b. private key
c. digital certificate
d. cipher

Answer 55

Answer: C

Question 56

Which type of protocol allows the client and server to introduce themselves to each other and establish terms for how they will exchange data?

a. tunneling
b. handshake
c. VPN
d. file transfer

Answer 56

Answer: B

Question 57

SSH provides little security for establishing a connection and no security for transmitting data.

Answer 57

Answer: False

Question 58

Which cloud computing service model gives software developers access to multiple 
operating systems for testing? 
A. IaaS 
B. PaaS 
C. SaaS 
D. XaaS

Answer 58

Answer: B. PaaS

Question 59

What service in Windows Server 2012 R2 authenticates remote users and computers to the
Windows domain and its corporate network resources?
A. Active Directory
B. Group Policy
C. DirectAccess
D. RAS (Remote Access Service)

Answer 59

Answer: C. DirectAccess

Question 60

Which remote access protocol is used over an Ethernet network? 
A. PPPoE 
B. RAS 
C. PPP 
D. SLIP

Answer 60

Answer: A. PPPoE

Question 61

Which encryption protocol does GRE use to increase the security of its transmissions? 
A. SSL 
B. SFTP 
C. IPsec 
D. SSH

Answer 61

Answer: C. IPsec

Question 62

Which tunneling protocol is accepted and used by multiple vendors? 
A. SSL VPN 
B. L2TP 
C. SSL 
D. SSH

Answer 62

Answer: B. L2TP

Question 63

A hacker runs a program that tries numerous character combinations until it stumbles on the
correct combination and cracks the key. What offensive strategy is this program using?
A. Brute force attack
B. Zero-day exploit
C. CIA triad
D. Endpoint security vulnerability

Answer 63

Answer: A. Brute force attack

Question 64

What is the minimum acceptable key size for today’s security standards? 
A. 8 bytes 
B. 128 bits 
C. 256 bits 
D. 512 bits

Answer 64

Answer: B. 128 bits

Question 65

In public key encryption, which key is used to decrypt the message? 
A. Session key 
B. Private key 
C. Public key 
D. Network key

Answer 65

Answer: B. Private key

Question 66

What feature must be configured on a router to redirect traffic from an insecure port to a
secure one?
A. AAA (authentication, authorization, and accounting)
B. Mutual authentication
C. TGS (Ticket-Granting Service)
D. Port forwarding

Answer 66

Answer: D. Port forwarding

Question 67

Which of the following is NOT one of the three AAA services provided by RADIUS and 
TACACS+? 
A. Authentication 
B. Authorization 
C. Access control 
D. Accounting

Answer 67

Answer: C. Access control

Question 68

Organizations with common interests, such as regulatory requirements, performance
requirements, or data access, might share resources in a __________________.

Answer 68

Answer: community cloud

Question 69

All types of remote access techniques require some type of ________________, which
accepts a remote connection and grants privileges to the network’s resources.

Answer 69

Answer: remote access server (RAS)

Question 70

Which Transport layer protocol does PPTP use? Which Transport layer protocol does L2TP
use?

Answer 70

Answer: TCP, UDP

Question 71

What unique VPN connection characteristic is provided by the conjunction of RRAS and
DirectAccess?

Answer 71

Answer: RRAS and DirectAccess together enable always-on remote connections.

Question 72

What are the two primary encryption techniques used by VPNs today?

Answer 72

Answer: IPsec and SSL

Question 73

When surfing online, you get some strange data on an apparently secure Web site, and you
realize you need to check the legitimacy of the site. What kind of organization issues digital
certificates?

Answer 73

Answer: Certificate authority (CA)

Question 74

Which two protocols are available to create secure transmissions for HTTP sessions?

Answer 74

Answer: SSL and TLS

Question 75

____________________ is used for confidentiality while ___________________ is used for
integrity and authentication.

Answer 75

Answer: Encryption, hashing

Question 76

EAPoL is primarily used with what kind of transmission?

Answer 76

Answer: Wireless

Question 77

What kind of ticket is held by Kerberos’ TGS?

Answer 77

Answer: Ticket-granting ticket (TGT)

Question 78

What does RAS stand for?

a. Remote authentication service
b. Remote access server
c. Remote accounting service
d. Remote addressing server

Answer 78

b. Remote access server

Question 79

Which of the following best describes a modem’s function?

a. To encapsulate Data Link layer protocols as Network layer protocols before transmitting data over the PSTN
b. To separate data into frames as it is transmitted from the computer to the PSTN, and then strip data from frames as it is received from the PSTN
c. To encrypt data as it is transmitted from the computer to the PSTN, and then decrypt data as it is received from the PSTN
d. To convert a source computer’s digital pulses into analog signals for the PSTN, and then convert analog signals back into digital pulses for the destination computer

Answer 79

d. To convert a source computer’s digital pulses into analog signals for the PSTN, and then convert analog signals back into digital pulses for the destination computer

Question 80

What is another common term for Public Switched Telephone Network?

a. Plain old telephone service
b. Basic rate telephone service
c. Limited access telephone service
d. Transcontinental public telephone service

Answer 80

a. Plain old telephone service

Question 81

Which of the following types of dial-up connections would result in the best performance from the client’s perspective?

a. A PPP dial-up connection to an RRAS server that allowed the client to launch an application from the RRAS server
b. A PPTP dial-up connection to an RRAS server that allowed the client to launch an application from another server on the LAN
c. A SLIP dial-up connection to an RRAS server that allowed the client to log on to an application server on the LAN and run an application from that application server
d. A PPTP dial-up connection to an RRAS server that allowed the client to log on to a Citrix terminal server and use ICA to run an application

Answer 81

d. A PPTP dial-up connection to an RRAS server that allowed the client to log on to a Citrix terminal server and use ICA to run an application

Question 82

Why do most remote clients (for example, those that dial in to an RRAS server) use DHCP and not static IP addressing?

a. Because using DHCP allows more efficient use of a limited number of IP addresses
b. Because using DHCP ensures that the client is authorized to access the network
c. Because using DHCP ensures that the client is assigned a valid IP address
d. Because using DHCP allows the client to use the same IP address each time he or she dials in to the LAN

Answer 82

c. Because using DHCP ensures that the client is assigned a valid IP address

Question 83

What does the “T” in PPTP stand for?

a. Tunneling
b. Transmission
c. Transport
d. Telecommunications

Answer 83

a. Tunneling

Question 84

What is one reason an organization might employ a VPN rather than simply allow users to dial directly in to their remote access server?

a. VPNs always provide better performance than direct-dial connections.
b. VPNs allow more users to connect to the LAN simultaneously.
c. VPNs are less expensive for connecting a large number of remote users.
d. VPNs prevent the need for firewalls between access servers and the Internet.

Answer 84

c. VPNs are less expensive for connecting a large number of remote users.

Question 85

In this lab, you connected a workstation to a server using a VPN. Which of the following is true about the VPN connection you created in this lab?

a. It uses physical IP addresses.
b. It uses virtual IP addresses on the workstation end.
c. It uses virtual IP addresses on both ends.
d. It requires a modem for connection

Answer 85

c. It uses virtual IP addresses on both ends.

Question 86

Which of the following transmission methods is most apt to be used by VPN clients?

a. PSTN
b. T-1
c. frame relay
d. SONET

Answer 86

a. PSTN

Question 87

What is the most common public network used with VPNs?
a. ARPANET 
What is the most common public network used with VPNs?
a. ARPANET 
b. The Internet 
c. NetBEUI 
d. AppleTalk 
c. NetBEUI 
d. AppleTalk

Answer 87

b. The Internet

Question 88

Which of the following are reasons you might implement Terminal Services instead of a remote access server? (Choose all that apply.)

a. No modems required with Terminal Services
b. Central configuration and control of applications on the Terminal Server
c. No modems required on clients
d. No need to configure security on the Terminal Server

Answer 88

a. No modems required with Terminal Services

Question 89

What is the difference between configuring a Windows Server 2012 R2 computer to accept Remote Desktop Connection and configuring it to run Terminal Services?

a. Remote Desktop Connection requires additional licensing.
b. Terminal Services requires each client to have a modem.
c. Terminal Services allows no more than two simultaneous connections.
d. Terminal Services allows more than two simultaneous connections

Answer 89

d. Terminal Services allows more than two simultaneous connections

Question 90

What is one way a network administrator can effectively troubleshoot a user’s problem in a Terminal Services session that can’t be done with a remote access server?

a. By speaking with the user over the phone
b. By examining the Terminal Server’s error logs
c. By taking over the user’s session temporarily
d. By rebooting the server

Answer 90

c. By taking over the user’s session temporarily

Question 91

Which of the following is a potential disadvantage of Terminal Services?

a. It requires additional licensing.
b. It requires the client to be running Windows 8.1
c. It requires the client to have a high-speed connection such as a T-1.
d. It requires the server to have a minimum of 1 GB of RAM.

Answer 91

a. It requires additional licensing.