Dion Exam 5 Flashcards
At which of the following OSI layer does QoS operate?
Layer 7
Layer 3
Layer 1
Layer 5
Layer 3
Overall explanation
OBJ-2.2: Quality of Service (QoS) occurs at both Layer 2 and Layer 3 of the OSI Model. Layer 2 Quality of Service (QoS) allows for traffic prioritization and bandwidth management to minimize network delay using Cost of Service (CoS) classification, and DSCP marking under the 802.1p standard. Layer 3 Quality of Service (QoS) allows for managing the quality of network connections through its packet routing decisions.
Which of the following protocols is considered an external routing protocol?
BGP
OSPF
RIP
EIGRP
BGP
Overall explanation
OBJ-2.2: Border Gateway Protocol is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet. The Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) designed to distribute routing information within an Autonomous System (AS). Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) designed as a link-state routing protocol and is based on the Shortest Path First (SPF) algorithm. Enhanced Interior Gateway Routing Protocol (EIGRP) is an Interior Gateway Protocol (IGP) designed as an advanced distance-vector routing protocol used on a computer network for automating routing decisions and configuration.
You have just moved into a new apartment and need to get internet service installed. Your landlord has stated that you cannot drill any holes to install new cables into the apartment. Luckily, your apartment already has cable TV installed. Which of the following technologies should you utilize to get your internet installed in your apartment?
DOCSIS modem
Wireless router
DSL modem
Satellite modem
DOCSIS modem
Overall explanation
OBJ-1.2: DOCSIS (Data Over Cable Service Interface Specification) is an international telecommunications standard that permits the addition of high-bandwidth data transfer to an existing cable television system. Many cable television operators employ it to provide Internet access over their existing hybrid fiber-coaxial (HFC) infrastructure. Most people today call these cable modems, but technically, they are DOCSIS modems.
Which of the following layers within software-defined networking determines how to route a data packet on the network?
Infrastructure layer
Application layer
Management plane
Control layer
Control layer
Overall explanation
OBJ-1.7: The control layer uses the information from applications to decide how to route a data packet on the network and to make decisions about how traffic should be prioritized, how it should be secured, and where it should be forwarded to. The application layer focuses on the communication resource requests or information about the network. The infrastructure layer contains the physical networking devices that receive information from the control layer about where to move the data and then perform those movements. The management plane is used to monitor traffic conditions, the status of the network, and allows network administrators to oversee the network and gain insight into its operations.
You are connecting a new IPv6 device to your network, but your routers only support IPv4 protocols. Which of the following IP addressing solutions would solve this challenge?
Teredo tunneling
Private
Classless
APIPA
Teredo tunneling
Overall explanation
OBJ-1.4: Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet but have no native connection to an IPv6 network. A private IP address is an IP address reserved for internal use behind a router or other Network Address Translation (NAT) devices, apart from the public. Private IP addresses provide an entirely separate set of addresses that still allow access to a network without taking up a public IP address space. Automatic Private IP Addressing (APIPA) is a feature in operating systems (such as Windows) that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn’t reachable. Classless IP addressing solutions allow for the use of subnets that are smaller than the classful subnets associated with Class A, Class B, or Class C networks.
Susan, an executive at Dion Training, will be traveling to Italy for a conference next week. She is worried about remaining connected to the internet while overseas and plans to use the WiFi in her hotel room and the local coffee shop with her laptop. Which of the following should she purchase and configure before leaving for Italy to ensure her communications remain secure regardless of where she is connecting from?
Local SIM card for her smartphone
International data roaming plan on her cellphone
VPN
Local mobile hotspot
VPN
Overall explanation
OBJ-4.4: While WiFi is available almost everywhere these days, it is not safe to use it without first configuring and using a VPN. A Virtual Private Network (VPN) connects the components and resources of two (private) networks over another (public) network. This utilizes an encryption tunnel to protect data being transferred to and from her laptop to the Dion Training servers and other websites. The other options are all focused on connecting her cellphone but would still not be considered safe without a VPN being utilized. A local mobile hotspot should be used to provide internet connectivity to the laptop (if she uses this instead of the hotel and coffee shop WiFi). Still, for best security, it should also use a VPN when using this connection.
Which of the following IEEE specifications describes the use of the spanning tree protocol (STP)?
Your answer is incorrect
802.3ad
802.1x
802.3af
802.1d
802.1d
Overall explanation
OBJ-2.3: The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks to prevent bridge loops and the broadcast storms that result from them. STP is defined in the IEEE 802.1d standard. Link Aggregation Control Protocol or LACP is one element of an IEEE specification (802.3ad) that provides guidance on the practice of link aggregation for data connections. The IEEE 802.1x standard is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network. This defines port security. The user’s identity is determined based on their credentials or certificate, which is confirmed by the RADIUS server. Power over Ethernet (POE) is a technology that lets network cables carry electrical power. POE is defined in the IEEE 802.3af.
Which of the following ports should a client use to automatically request an IP address from the server?
67
69
25
123
67
Overall explanation
OBJ-1.5: The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. Network Time Protocol (NTP) uses port 123 and is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Trivial File Transfer Protocol (TFTP) uses port 69 and is a simple lockstep File Transfer Protocol that allows a client to get a file from or put a file onto a remote host. The Simple Mail Transfer Protocol (SMTP) uses port 25 and is an internet standard communication protocol for electronic mail transmission.
Your company has just installed a new web server that will allow inbound connections over port 80 from the internet while not accepting any connections from the internal network. You have been asked where to place the web server in the network architecture and configure the ACL rule to support the requirements. The current network architecture is segmented using a triple-homed firewall to create the following three zones:
ZONE INTERFACE, IP address
PUBLIC, eth0, 66.13.24.16/30
DMZ, eth1, 172.16.1.1/24
PRIVATE, eth2, 192.168.1.1/24
Based on the requirements and current network architecture above, where should you install the webserver and how should you configure it?
Put the server in the DMZ with an inbound rule from eth1 to eth0 that allows port 80 traffic to the server’s IP
Put the server in the PUBLIC zone with an inbound rule from eth0 to eth1 that allows port 80 traffic to the server’s IP
Put the server in the PRIVATE zone with an inbound rule from eth0 to eth1 that allows port 80 traffic to the server’s IP
Put the server in the DMZ with an inbound rule from eth0 to eth1 that allows port 80 traffic to the server’s IP
Put the server in the DMZ with an inbound rule from eth0 to eth1 that allows port 80 traffic to the server’s IP
Overall explanation
OBJ-4.3: The web server should be placed into the DMZ, assigned an IP address in the 172.16.1.1/24 network, and create an inbound permit rule for port 80 in the ACL. Since the web server needs to be accessed from the internet (PUBLIC), you must configure the permit rule from eth0 (PUBLIC) to eth1 (DMZ). The web server should not be placed into the intranet (PRIVATE), since this will contain all our internal network clients and they should be blocked from accessing this web server according to the question. Most firewalls utilize an implicit deny policy, so all other ports from the eth0 will be blocked and all ports from eth2. If an implicit deny policy is not enabled, you can explicitly block those other ports using a deny rule within the ACLs.
A network technician needs to install a server to authenticate remote users before accessing corporate network resources when working from home. Which kind of server should the network technician implement?
DNSSEC
VLAN
PPP
RAS
RAS
Overall explanation
OBJ-4.4: A remote access server (RAS) or remote desktop gateway is a type of server that provides a suite of services to connect users to a network or the Internet remotely. The Domain Name System Security Extensions (DNSSEC) is a suite of extension specifications by the Internet Engineering Task Force for securing data exchanged in the Domain Name System in Internet Protocol networks. Point-to-Point Protocol (PPP) is a TCP/IP protocol that is used to connect one computer system to another. Computers use PPP to communicate over the telephone network or the Internet. A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).
A technician added memory to a router, but the router refuses to recognize the new memory module. The router is then powered down, and the technician relocates all of the memory to different modules. On startup, the router does not boot and displays memory errors. Which of the following is the MOST likely cause of this issue?
ESD
VTP
Driver update
CMOS
ESD
Overall explanation
OBJ-5.5: The most likely cause is that the memory chips are faulty because they have suffered from electrostatic discharge (ESD) during the chips’ installation and movement. This question references a concept covered in-depth in your A+ curriculum but is considered fair game on the Network+ exam. It is also covered under the objectives for hardware failure on the Network+ exam and the objective for safety procedures.
You have been asked to recommend a capability to monitor all of the traffic entering and leaving the corporate network’s default gateway. Additionally, the company’s CIO requests to block certain content types before it leaves the network based on operational priorities. Which of the following solution should you recommend to meet these requirements?
Install a NIPS on the internal interface and a firewall on the external interface of the router
Installation of a NIPS on both the internal and external interfaces of the router
Install a firewall on the router’s internal interface and a NIDS on the router’s external interface
Configure IP filtering on the internal and external interfaces of the router
Install a NIPS on the internal interface and a firewall on the external interface of the router
Overall explanation
OBJ-2.1: Due to the requirements provided, you should install a NIPS on the gateway router’s internal interface and a firewall on the external interface of the gateway router. The firewall on the external interface will allow the bulk of the malicious inbound traffic to be filtered before reaching the network. Then, the NIPS can be used to inspect the traffic entering the network and provide protection for the network using signature-based or behavior-based analysis. A NIPS is less powerful than a firewall and could easily “fail open” if it is overcome with traffic by being placed on the external interface. The NIPS installed on the internal interface would also allow various content types to be quickly blocked using custom signatures developed by the security team. We wouldn’t want to place the NIPS on the external interface in the correct choice for the same reasons. We also wouldn’t choose to install a NIPS on both the internal and external connections. IP filtering on both interfaces of the router will not provide the ability to monitor the traffic or to block traffic based on content type. Finally, we would not want to rely on a NIDS on the external interface alone since it can only monitor and not provide the content blocking capabilities needed.
A project manager is tasked with the planning of a new network installation. The customer requires that everything discussed in the meetings is installed and configured when a network engineer arrives onsite. Which document should the project manager provide the customer?
Security Policy
Acceptable Use Policy
Statement of Work
Service Level Agreement
Statement of Work
Overall explanation
OBJ-3.2: A Statement of Work (SOW) is a document that outlines all the work that is to be performed, as well as the agreed-upon deliverables and timelines. A service-level agreement (SLA) is a written agreement that qualitatively and quantitatively specifies the service committed by a vendor to a customer. Security policy is a definition of what it means to be secure for a system, organization, or other entity. For an organization, it addresses the constraints on the behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys, and walls. An acceptable use policy, acceptable usage policy, or fair use policy, is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used.
Which of the following ports are used to provide secure remote connection sessions over the Internet?
22
23
25
80
22
Overall explanation
OBJ-1.5: Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Telnet uses port 23 to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection, but sends its data in plaintext making it an insecure protocol. The Simple Mail Transfer Protocol (SMTP) uses port 25 and is an internet standard communication protocol for electronic mail transmission. The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer.
You received an incident response report indicating a piece of malware was introduced into the company’s network through a remote workstation connected to the company’s servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?
NAC
MAC filtering
ACL
SPF
NAC
Overall explanation
OBJ-4.1: Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology (such as anti-virus, host intrusion prevention, and vulnerability assessment), user or system authentication, and network security enforcement. When a remote workstation connects to the network, NAC will place it into a segmented portion of the network (sandbox), scan it for malware and validate its security controls, and then based on the results of those scans, either connect it to the company’s networks or place the workstation into a separate quarantined portion of the network for further remediation. An access control list (ACL) is a network traffic filter that can control incoming or outgoing traffic. An ACL alone would not have prevented this issue. MAC Filtering refers to a security access control method whereby the MAC address assigned to each network card is used to determine access to the network. MAC filtering operates at layer 2 and is easy to bypass. Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during email delivery.
