Meyers CompTIA Network+ Certification (N10-007): Test 2 - Results Flashcards
The boss has just read an article about zero-day attacks and rushes into your office in a panic, demanding to know what you’ll do to save the company network. What security technique would best protect against such attacks?
The best defense against zero-day attacks is to implement effective security policies.
Incorrect Answers:
Because a zero-day attack exploits previously unknown software vulnerabilities, updating virus definitions and keeping your software patched wouldn’t help at all.
By definition, there’s no patch out yet for the zero-day exploit!
User awareness will help because many zero-day attacks come through users accessing dodgy Web sites, but a good security policy that includes properly implemented firewalls and restrictions on access to those sites offers the best protection.
A website just changed its IP address, and a user is unable to reach it by typing the site’s domain name into their browser. What command can the user run to make the computer learn the website’s new IP address?
Correct Answer:
Ipconfig /flushdns will clear the DNS cache and force the computer to perform a fresh DNS lookup to get the current IP address of a domain name host.
Incorrect Answers:
Ipconfig /all displays most of the TCP/IP settings within a host but makes no changes.
/updatednscache and /dnsupdate are invalid Ipconfig switches.
An office would like to set up an unsecured wireless network for its customers in their lounge area. Customers should be allowed to access the Internet, but should not have access to the office’s internal network resources. Which firewall configuration can accomplish this?
Correct Answer:
Among other things, packet filtering controls access to IP-addressed devices.
Incorrect Answers:
NAT enables private IP addressed devices to access the public Internet.
Stateful inspection confirms the integrity of connections.
Port security controls the types of activities that stations engage in.
Network technician Jan is assigned to install a wireless router in a company’s public common area. The company wants visitors to the company to be able to connect to the wireless network with minimal security, but they should not be able to connect to the private internal network. Which of the following firewall rules would BEST accomplish this?
Correct Answer:
Packet filtering on the wireless access point. Packet filtering on the WAP can enable inbound and outbound traffic to the Internet, but it can block traffic to and from the internal network.
Incorrect Answers:
Content filtering prevents access to sites based on keywords on the site.
Allowing wireless traffic just enables the use of the WAP.
Blocking traffic from wireless access point may be right or wrong, depending on the location of the “blockage.” In any case, it’s not the best answer.
Troubleshooting networks add which elements to the general troubleshooting model? (Choose three.)
Correct Answers:
Using the network model as a starting place to troubleshoot network issues is an effective approach and can be performed using a top-to-bottom, bottom-to-top, or most likely layer to least likely layer (divide-and-conquer) methodology.
Incorrect Answer:
Troubleshooting from the outsides to the insides of a network model would be poor troubleshooting, plus there is no such approach.
What does QoS provide?
Correct Answer:
QoS enables the prioritization of different traffic types with bandwidth approaches a connection’s maximum capacity.
Incorrect Answers:
QoS does not increase the speed of data flow.
QoS is not a firewall - it reduces the bandwidth of some traffic type(s) when total traffic load is high.
QoS does not perform traffic redirection.
What Windows utility enables you to query information from the DNS server and change how your system uses DNS?
Nslookup is a handy, but rather complex utility that runs from the command-line and is used to both query various information from a DNS server and change how your system uses DNS.
Incorrect Answers:
The Arp command displays the contents of the ARP cache on the local machine.
Nbtstat will display the contents of the NetBIOS name cache.
Tracert will trace and display the path taken by a packet to the destination host.
In terms of network security, what is the purpose of hashing?
Correct Answer:
Hashing verifies data integrity by generating a unique value for a given chunk of data.
Incorrect Answers:
Hashing does not encrypt or decrypt data.
Hash is an excellent side dish with eggs, but this has no value when it comes to network security.
Which statement is true of inter-VLAN routing?
Correct Answer:
Inter-VLAN routing is implemented within switches to enable communication between VLANs.
Incorrect Answers:
Because of Inter-VLAN routing, external routers are not required to connect VLANs.
VLANs do not natively encrypt or decrypt traffic.
VPNs, not VLANs, enable remote networks to connect over a public network.
Which statement is not true of IPv6 addresses?
Correct Answer:
IPv4 and IPv6 are not automatically translated back and forth.
Incorrect Answers:
Windows and other operating systems randomize outbound IPv6 traffic to improve privacy.
EUI-64 addressing can be traced back to the source computer.
All IPv6 addresses (except for link-local addresses) are global addresses - equivalent to public IPv4 addresses.
A network tech suspects a wiring issue in a work area. Which element does she not need to check?
Correct Answer:
The connection from the router to the ISP does not exist in the work area. It is found in the equipment room.
Incorrect Answers:
Verifying link lights, workstation configuration, and NIC function of the computer in the work area are all valid things to check for a possible failure of structured cabling in the work area.
Which of the following is not a normal Windows log?
Correct Answer:
Windows does not log network events.
Incorrect Answers:
The application log notes events around launching, using, and closing applications.
The security log tracks events related to logging in, password changes, and the like.
The setup log tracks events regarding the Windows installation and updates.
The System log tracks events related to the Windows bootup process.
The forwarded events log receives logged events from other Windows computers.
Stan tells you that he cannot get on the network. You know the link light on the NIC is green and you know the cable is good. He seems to be the only one on the network having this problem. What command line utility and address do you use to run an internal test?
Correct Answer:
Don’t let the link light and good cable fool you. The NIC could still be bad. Pinging the loopback address (127.0.0.1) runs an internal test to verify that the NIC and TCP/IP is working.
Incorrect Answers:
Pinging anything else won’t tell you if your NIC is working correctly.
Every day at the office, we play Counter-Strike Source over the Internet (only during lunch hour, of course). Today, however, there is a lot of lag in the action–our mutual connection is bogged down somewhere. What could I use in Windows to find out where the bottleneck is occurring?
Correct Answer:
In Windows, the Tracert command shows the path a packet takes from one host to another, including how long it takes for each hop.
Incorrect Answers:
Traceroute has the same function but is only available in UNIX and Linux.
Ping will only confirm that we can connect to the other systems, and the ARP command will only give us a list of the IP addresses that have recently been resolved to MAC addresses.
Which of the following is not an element of a route metric?
Correct Answer:
The physical distance between routers is not considered when defining a metric.
Incorrect Answers:
Maximum Transfer Unit (MTU) size, cost, and bandwidth are all metric considerations (not listed but worthy of note are hop count and latency, which are also metric considerations).
