Network+ Flashcards

Question 1

Q

Computers need to know only the IP address of a destination computer in order to communicate
with it across a network.
A. True
B. False

Answer

A

B. False
Explanation: Computers must know both the IP address and MAC address in order to
communicate across a network.

Question 2

Q

The acronym ARP means \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_.
A. Address Reservation Protocol
B. Abbreviated Routing Protocol
C. Addressable Routed Packet
D. Address Resolution Protocol

Answer

A

D. Address Resolution Protocol

Explanation: ARP is the Address Resolution Protocol.

Question 3

Q

ARP is used to find the MAC address of a host when the IP address is known.
A. True
B. False

Answer

A

A. True
Explanation: ARP is used to find the MAC address of a host when the IP address is known.
Another way to say this is that ARP is used to resolve IP Addresses into MAC addresses.

Question 4

Q

An ARP table (or ARP cache) contains a list of known IP address and MAC address relationships.
A. True
B. False

Answer

A

A. True
Explanation: The ARP cache is a table that is kept on computers which contains all the IP address
and MAC address relationships that the computer has learned about. This way if the computer
needs to communicate with a specific IP address it is able to build a Frame with the associated
MAC address as it communicates out onto the network. Otherwise, the computer must first
send out an ARP request to learn the MAC address which it will then place into the ARP cache.

Question 5

Q

The term Malware includes viruses, worms, trojan horses, spyware, adware, ransomware and other
types of malicious software written specifically to harm and infect a host system.
A. True
B. False

Answer

A

A. True
Explanation: The term Malware encompasses all malicious software designed to harm and infect
a host system. If a network node becomes infected with any form of Malware it is called a
“compromised system”. Compromised systems can give away the fact that they are compromised
by generating traffic on the network that is abnormal and otherwise unexplainable.

Question 6

Q

When a server or system is attacked in such a way that it is flooded with traffic and unable to respond
to legitimate requests is referred to as a _______________ attack
A. Session Hijacking
B. Brute Force
C. Main-in-the-middle
D. Denial of Service

Answer

A

D. Denial of Service
Explanation: A Denial of Service (DoS) attack is an attack that overburdens the target with a flood
of traffic/requests until all of its resources are completely tapped out and it becomes unable to
respond to legitimate traffic.

Question 7

Q

Which of the following is a type of man-in-the-middle attack in which the communicating devices on a
company LAN have their layer 2 frames redirected to the attacker who also resides on the same LAN.
A. VLAN Hopping
B. ARP Poisoning
C. Session Hijacking
D. Smurf Attack

Answer

A

B. ARP Poisoning
Explanation: In an ARP Poisoning attack the attacker must be on the same network as the targets.
This is because the attacker uses forged ARP messages to poison the target computer’s ARP
cache with the MAC address of the attacker. After the ARP cache has bee poisoned all future
communications (layer 2 frames) will be sent to the attacker’s computer instead of to the
intended destination.

Question 8

Q

Which of the following types of attacks is a type of Denial of Service attack in which spoofed ICMP
messages are sent as an IP directed broadcast to flood a target host with ICMP traffic?
A. VLAN Hopping
B. ARP Poisoning
C. Session Hijacking
D. Smurf Attack

Answer

A

D. Smurf Attack
Explanation: Smurf attacks were a very common type of attack until router manufacturers started
disabling the IP directed broadcast feature on routers by default. With IP directed broadcast
turned on a simple ping message can be sent through a router and it will enter the network as a
broadcast message in which all the hosts who receive the broadcasted ping would reply to it. In
this case the smurfed victim’s IP address is known and is spoofed (forged) into the ping packets
making it seem like the pings came from the victim. This causes all the hosts that received the IP
directed broadcast ping to reply to the ping sending large amounts of ICMP traffic to the victim
all at the same time effectively taking it offline.

Question 9

Q

End User Awareness training is the worst way for a company to defend against social engineering
attacks.
A. True
B. False

Answer

A

B. False
Explanation: Because people/employees/end users are the targets of social engineering attacks
the best way to defend against them is to make sure users are properly trained in User/Security
Awareness. If users understand the different ways they can be manipulated by social engineering
then they will be more aware of the events when they manifest and much more likely not to fall
for them.

Question 10

Q

One major vulnerability in networks is the usage of unsecure protocols such as Telnet and SNMPv2.
A. True
B. False

Answer

A

A. True
Explanation: Unsecure protocols like Telnet and SNMPv2 send information in clear text and don’t
require password challenges or message digests. In these cases organizations should be sure to
use the secure versions of these protocols such as SSH and SNMPv3.

Question 11

Q

It’s okay to have well known ports such as TCP 80 opened up from the outside of a firewall to the inside
of the network.
A. True
B. False

Answer

A

B. False
Explanation: Unnecessary open TCP ports are a huge vulnerability and the network perimeter
devices such as firewalls must be managed meticulously to make sure the network edge is secure
and there are no ports opened in a such a way that it exposes the internal network to the
Internet.

Question 12

Q

How many bits are in a Byte?
A. 32
B. 8
C. 48
D. 12

Answer

A

B. 8

Explanation: There are 8 bits in a Byte.

Question 13

Q

Select the correct short form of representing the data rate of 1 bit per second
A. 1 MB
B. 1Bps
C. 1 bit
D. 1bps

Answer

A

D. 1bps
Explanation: the short form a bits per second is bps. When you see a lowercase “b” is always
means bits. When you see an upper case “B” is always represents Bytes.

Question 14

Q

Bytes use a lower-case b in the shorthand notation.
A. True
B. False

Answer

A

B. False

Explanation: bits uses the lowercase “b” while Bytes uses the uppercase “B”.

Question 15

Q

An ordinary Frame payload is how many Bytes in length?
A. 1500
B. 9000
C. 1000
D. 500

Answer

A

A. 1500
Explanation: The standard maximum payload of an Ethernet Frame is 1500 Bytes. With
overhead such as the MAC Header, VLAN tag and CRC a standard Frame can exceed 1500 Bytes,
however the actual payload (which contains the data) is still a maximum of1500 Bytes.

Question 16

Q

Frames are created in the Network Interface Card (NIC).
A. True
B. False

Answer

A

A. True
Explanation: The Network Interface Card is where Frames are assembled before being placed
on the network media and disassembled after being retrieved from the network media.

Question 17

Q

How many bits are there in 512 Bytes.
A. 1024b
B. 2048b
C. 4096b
D. 8192b

Answer

A

C. 4096
Explanation: To find the number of bits in a certain number of Bytes simply multiply the number
of Bytes times eight (512 * 8 = 4096). To perform the reverse is to find the number bytes in a
certain number of bits. In that case simply divide the number of bits by eight (4096 bits / 8 = 512
Bytes)

Question 18

Q

A unicast is sent from a single sender to multiple receivers.
A. True
B. False

Answer

A

B. False
Explanation: A Unicast is sent from a single sender to a single receiver while a Multicast is sent
from either a single sender or multiple senders to multiple receivers.

Question 19

Q

What does a MAC Broadcast Address look like in hexadecimal format?
A. FF-FF-FF-FF-FF-FF
B. EE-EE-EE-EE-EE-EE
C. AA-AA-AA-AA-AA-AA
D. 00-00-00-00-00-00

Answer

A

A. FF-FF-FF-FF-FF-FF
Explanation: A MAC address destination of all Fs is a message to all hosts which is also known as
a Broadcast. All Fs in the hexadecimal notation of a MAC address is also the equivalent of all 1s
in the 48 bit binary format( 111111111111111111111111-111111111111111111111111)

Question 20

Q

Routers separate Broadcast Domains.
A. True
B. False

Answer

A

A. True
Explanation: Routers keep broadcast domains separated from each other. One default router
interface (without VLANs) is the equivalent to one broadcast domain or network

Question 21

Q

By default routers pass Broadcast traffic from one network to another network.
A. True
B. False

Answer

A

B. False
Explanation: Routers do not pass Broadcast traffic by default. If routers did pass normal
Broadcast traffic then that Broadcast traffic would have the potential to spread around the
entire global internet without restriction. We can see how this would be a problem! Broadcast
traffic is intended to stay within a local network which is also know as a Broadcast Domain.

Question 22

Q

A software company uses a hosted service to build a web application in the cloud. The hosting
provider maintains all the hardware that the web application is built on and the software
company can simply build their web application without worrying about anything else. This is an
example of ___________.
A. IaaS
B. PaaS
C. SaaS
D. Private Cloud

Answer

A

B. PaaS
Explanation: PaaS (Platform as a Service) providers take care of everything that’s needed to
build software in the cloud so that companies can easily build web applications and other
software in the cloud without needing to maintain any of their own servers and hardware.

Question 23

Q

A company hosts a portion of their network infrastructure in the cloud which it accesses via VPN.
The company is able to move workloads and servers between their on-premise private network
and their network in the cloud creating a Hybrid cloud environment. What type of cloud service is
this referring to?
A. IaaS
B. PaaS
C. SaaS
D. Private Cloud

Answer

A

A. IaaS
Explanation: IaaS (Infrastructure as a Service) providers offer complete network infrastructures
in the cloud where companies can set up their own servers and network storage and only pay
for the resources that are used on a monthly basis.

Question 24

Q

Any type of software that is hosted in the cloud and accessed as a service via the internet by
customers refers to \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_.
A. Hybrid IaaS
B. Private SaaS
C. Hybrid Cloud
D. Public SaaS

Answer

A

D. Public SaaS
Explanation: Public SaaS (Software as a Service) is a software offering that runs in the public
cloud and is accessed by customers over the Internet. Public SaaS is available to anyone who
wishes to use or pay for the software as a monthly recurring service. Some companies build
Private SaaS within their own private cloud which would be a software applications strictly used
by the internal employees and would not be available to the public or accessible via a public
cloud.

Question 25

Q

A virtualized network and network infrastructure that is hosted privately, publicly, or both, but is
shared amongst multipole organizations that have similar interests and compliance requirements
is called a ______________.
A. Private Cloud
B. Public Cloud
C. Community Cloud
D. Hybrid Cloud

Answer

A

C. Community Cloud

Question 26

Q

What is the command used to display the system IP address and MAC address on a Windows
computer?
A. ipconfig
B. ipconfig /all
C. ipconfig /mac
D. ipconfig /ip

Answer

A

B. ipconfig /all
Explanation: From Windows command prompt the “ipconfig /all” command will reveal all of the
IP settings and the MAC address. If only “ipconfig” is used it will only reveal the IP address,
subnet mask, and default gateway.

Question 27

Q

What is the command we can use on any system to test IP reachability status to a network node?
A. arp
B. nslookup
C. netstat
D. ping

Answer

A

D. ping
Explanation: ping is a universal command/application that can be used on any bash terminal or
windows command prompt to test IP reachability status to another node.

Question 28

Q

To check the layer 3 routing hops from a Windows computer to a remote destination which
command can you use?
A. nslookup
B. nbtstat
C. tracert
D. ping

Answer

A

C. tracert
Explanation: From a Windows computer the “tracert” command reports back each individual
layer 3 hop on the way from the source to the destination. On other systems such and MAC OS
X and Linux as well as on routers and switches the command is “traceroute”. Only in Windows is
the command “tracert”.

Question 29

Q

This command is similar to traceroute, but it shows even more statistics about each hop.
A. ping
B. ipconfig
C. pathping
D. tracert

Answer

A

C. pathping
Explanation: In addition to tracing the route from source to destination, “pathping” also
calculates a percentage of packet loss and latency of each hop. Pathping is really a combination
of both the traceroute and ping utilities and the packet loss percentage is gathered by sending
multiple pings to each hop in the path.

Question 30

Q

To check the domain name to ip address resolution from a computer which command can be
used?
A. nslookup
B. nbtstat
C. netstat
D. arp

Answer

A

A. nslookup
Explanation: The “nslookup” command performs a domain name server (DNS) lookup on a
hostname to find the ip address. The same command can be used to perform a reverse lookup
which is done by inputting the ip address after the nslookup command rather than the
hostname.

Question 31

Q

The following protocols allow for command line access to network devices. (choose all that apply)
A. ICMP
B. SSH
C. RDP
D. Telnet

Answer

A

B. (SSH), D. (Telnet)
Explanation: SSH (Secure Shell) and Telnet are both protocols for remote access to the
command line interface of network devices. SSH uses encryption while Telnet does not; all
Telnet traffic is completely clear text. SSH or Telnet could be used to access a remote router,
firewall, or switch to make configuration changes from a remote location.

Question 32

Q

Telnet should be used instead of SSH for security purposes.
A. True
B. False

Answer

A

B. False
Explanation: Using Telnet is a security concern for companies because all communications over
Telnet are in clear text, even usernames and passwords. SSH should be used instead in order to
increase security with remote access to network devices.

Question 33

Q

Which of the following TCP ports are used by SSH. (choose all that apply)
A. 20
B. 21
C. 22
D. 23

Answer

A

C. 22

Explanation: SSH (Secure Shell) uses TCP port 22

Question 34

Q

Which of the following TCP ports are used by Telnet. (choose all that apply)
A. 20
B. 21
C. 22
D. 23

Answer

A

D. 23

Explanation: Telnet uses TCP port 23.

Question 35

Q

\_\_\_\_\_\_\_\_\_\_\_\_\_\_ is the protocol responsible for ping and traceroute.
A. ICMP
B. RDP
C. TFTP
D. Ping

Answer

A

A. ICMP
Explanation: ICMP (Internet Control Message Protocol) is used by applications such as Ping and
Traceroute to produce IP based reachability outputs. With the Ping application in particular the
ICMP Echo and ICMP Echo reply are used to check IP reachability status of a network node.

Question 36

Q

Which of the following TCP ports are used by FTP. (choose all that apply)
A. 20
B. 21
C. 22
D. 23

Answer

A

A. (20), B. (21)
Explanation: FTP (File Transfer Protocol) uses TCP port 20 (FTP data transfer) & 21 (FTP control).
Port 21 use used to manage the FTP sessions and port 20 is the port which the data actually
transfers over during the file transfer.

Question 37

Q

Trivial File Transfer Protocol (TFTP) uses UDP port 69 and is considered to be connectionoriented.
A. True
B. False

Answer

A

B. False
Explanation: TFTP (Trivial File Transfer Protocol) does use UDP port 69, but because it uses UDP
is considered to be connection-less. FTP on the other hand uses TCP and is connection-oriented.

Question 38

Q

Which DNS record needs to be setup to point the outside world to a company’s E-Mail server?
A. An A Record
B. NS Record
C. CNAME
D. MX Record

Answer

A

D. MX Record

Explanation: MX records are Mail Exchanger records which are used for Mail servers.

Question 39

Q

A user is having problems accessing websites. You step in to troubleshoot and you are able to
send pings to the default gateway and out to public internet IP addresses just fine. However,
when you try to ping to a Fully Qualified Domain Name (FQDN) such as www.google.com it does
not go through and says “could not find host www.google.com”. Also, when you attempt to
browse to a website using a web browser you get an error stating the site can’t be reach and the
DNS address could not be found. What is most likely the cause of this problem?
A. The DNS Server is down
B. The user has an incorrect IP address in TCP/IP settings
C. The user has an incorrect DNS server address in TCP/IP settings
D. DHCP Server is down

Answer

A

C. The user has an incorrect DNS server address in TCP/IP settings
Explanation: When an bad DNS entry has been input into the TCP/IP settings of a computer it
will not be able to perform DNS lookups. It will seem to the user as if the connection to the
internet is down, but in reality the computer just can’t perform DNS lookups. To correct this a
valid DNS server should be input into the TCP/IP settings of the computer.

Question 40

Q

The Domain Name System provides translation from Fully Qualified Domain Names (FQDNs) into
IP addresses.
A. True
B. False

Answer

A

A. True
Explanation: The purpose of DNS is to make things like web services and server addresses much
easier to manage. It’s not easy to remember IP addresses (even for techs and engineers) and
also, what if we need the IP addresses to change? Then, everyone would need to remember a
new number! DNS allows us to use names instead of IP addresses and assists with making
management of public and even private servers much easier. With DNS we can always keep the
same names for our websites and servers and simply translate those names into whatever IP
addresses we need to. DNS resolves FQDNs into IP addresses and vice versa.

Question 41

Q

A FQDN (Fully Qualified Domain Name) contains the following levels. (choose all that apply)
A. Root Domain
B. Top-level Domain
C. Second-level Domain
D. Host

Answer

A

A. (Root Domain), B. (Top-level Domain), C. (Second-level Domain), D. (Host)
Explanation: FQDNs are made up of all of the above. For example in the FQDN
www.google.com, www is the Host, .google is the Second-level, .com is the Top-leve, and the
Root Domain is an invisible “.” at the end of the FQDN.

Question 42

Q

This type of service allows once to use a dynamically assigned public IP address with a public DNS
record.
A. SOA
B. DHCP
C. SRV
D. DDNS

Answer

A

D. DDNS
Explanation: DDNS (Dynamic DNS) is a service that allows you to publish a public DNS record
even if you have a dynamically assigned public IP address from your service provider. Most
companies use static IP addresses on their internet gateways and use their own DNS, so in those
situations DDNS is not necessary. However, for home users or SOHO companies that don’t have
a static IP address DDNS is a good option for setting a standard public DNS name that doesn’t
change and will always translate to your public IP address even when it changes.

Question 43

Q

Which of the following is a physical piece of hardware installed on the edge of a network that protects the
network by permitting or denying traffic that attempts to enter or leave it?
A. Host-based firewall
B. Network-based firewall
C. VPN Concentrator
D. Anti-malware

Answer

A

B. Network-based firewall
Explanation: A network-based firewall is a physical hardware device while a host-based firewall is
software that is installed on an individual host computer. Network-based firewalls are able to provide
security for an entire network by being placed in-line at the edge between the private network and the
public internet connection.

Question 44

Q

Which of the following is a list of rules on layer 3 switches, routers and firewalls that is used to permit
and/or deny traffic based on where the traffic is coming from and where it is going to?
A. ACL
B. UTM
C. GRE
D. VPN

Answer

A

A. ACL
Explanation: An ACL (Access Control List) is a list created to match specific criteria such as the protocol
(IP), source address/network, destination address/network, and the TCP/UP port number. Once an ACL is
created it can be applied to an interface on a layer 3 switch, router, or firewall to permit or deny inbound
or outbound traffic that passes through the interface.

Question 45

Q

This type of firewall keeps track of connections that originate from inside the network and go out to the
internet. It tracks the outgoing connection and allows legitimate return traffic to enter the network while
still blocking non-legitimate traffic from the outside.
A. Stateful host-based firewall
B. Stateless network-based firewall
C. Stateless host-based firewall
D. Stateful network-based firewall

Answer

A

D. Stateful network-based firewall
Explanation: Stateful hardware firewalls perform Stateful packet inspection which allows them to keep
track of connections that are leaving the firewall and going out to the internet. The purpose of this is to
allow the return traffic associated with the the outgoing connection as it is legitimate traffic. However,
the firewall will still block other non-legitimate connections that come from the internet. This is different
from Stateless packet inspection as Stateless inspection does not keep track of the outgoing connections
and simple permits or denies traffic based on the criteria found in the ACLs (Access Control Lists) that are
applied to the device.

Question 46

Q

Most modern firewalls are either stateful or stateless, but never both.
A. True
B. False

Answer

A

B. False
Explanation: Most modern firewalls use Access Control Lists for permitting or denying traffic in a
stateless manner and also track connections in a stateful manner. In this way, most modern firewalls use
both stateful and stateless packet inspection.

Question 47

Q

This type of firewall is able to perform deep-packet inspection and inspect traffic that passes through it up
to OSI layer 7.
A. Stateful firewall
B. VPN Concentrator
C. Application aware firewall
D. Stateless firewall

Answer

A

C. Application aware firewall
Explanation: Application aware firewalls (aka context aware firewalls) are able to inspect traffic up to the
Application layer and make decisions based on the context of the layer 7 traffic.

Question 48

Q

UTM firewalls provide multiple security services and in addition to stateless and stateful firewalling can
also provide things like VPN services, Anti-malware and Content Filtering. The term UTM means
___________________.
A. Unmanaged Tactical Monitoring
B. Unlimited Tactical Mitigation
C. Unilateral Trojan Monitoring
D. Unified Threat Management

Answer

A

D. Unified Threat Management
Explanation: Unified Threat Management Firewalls (or UTM Firewalls) include multiple security services
and act as a strong safeguard for many types of network security threats.

Question 49

Q

This type of VPN (Virtual Private Network) connects one location to another location via an encrypted
tunnel over the internet.
A. Host-to-Site VPN
B. PPTP VPN
C. IPSec Site-to-Site VPN
D. Remote VPN

Answer

A

C. IPSec Site-to-Site VPN
Explanation: A Site-to-Site VPN is a VPN tunnel that connects two locations over a private tunnel. VPN
tunnels are encrypted with protocols such as IPSec or SSL to make them secure and viable over the
internet. In some instances a site-to-site VPN can be the primary connection for a location to connect
into the private network, but in other instances a site-to-site VPN may be used as a back-up or alternate
connection to the primary private WAN. Another type of VPN is a Host-to-Site VPN which is also referred
to as a Remote VPN. A Host-to-Site VPN connects a single host into the main network with an encrypted
IPSec or SSL VPN tunnel and is established by using client software on a computer or an SSL vpn webportal.

Question 50

Q

IPSec provides the following encryption algorithms. (choose all that apply)
A. DES
B. 3DES
C. Blowfish
D. AES

Answer

A

A. (DES), B. (3DES), C. (Blowfish), D. (AES).
Explanation: IPSec includes all of the above algorithms by default and IPSec tunnels use the 3DES
algorithm by default. However, most network engineers prefer to use the stronger AES encryption to
encrypt the traffic in IPSec VPN tunnels.

Question 51

Q

A VPN Concentrator is a device that is designed specifically to handle many VPN connections. As it’s sole
function.
A. True
B. False

Question 52

Q

An IDS is a device that is placed on the edge of the network.
A. True
B. False

Answer

A

B. False
Explanation: Firewalls run on the edge of a network whereas IDS and IPS devices run from inside
the network to identify and prevent unauthorized traffic that makes it through the firewall.

Question 53

Q

A \_\_\_\_\_\_\_\_\_\_\_\_\_\_ actively defends a network by both detecting and preventing attacks.
A. Host-based IDS
B. Network-based IDS
C. Host-based IPS
D. Network-based IPS

Answer

A

D. Network-based IPS
Explanation: Switches learn the MAC address of connected hosts and keep them stored in the
MAC address table.

Question 54

Q

The main difference between an IDS and an IPS is that an IDS only performs intrusion detection
and alerting, while an IPS performs detection, alerting, and prevention.
A. True
B. False

Answer

A

A. True
Explanation: An IDS (Intrusion Detection System) only does detection and alerting while an IPS
(Intrusion Prevention System) performs detection, alerting, and also stops attacks.

Question 55

Q

An IPS is only security device needed to actively protect a network.
A. True
B. False

Answer

A

B. False
Explanation: While an IPS is a strong addition to the security of a network it cannot be used
alone. IDS and IPS must be integrated into an overall network security solution that also
includes things like firewalls, anti-malware, secure authentication mechanisms, router and
switch security, secure networking protocols, network access control, and physical security.

Question 56

Q

IP (Internet Protocol) provides a logical addressing scheme.
A. True
B. False

Answer

A

A. True
Explanation: IP addresses are logical addresses that can be easily changed at any time while
MAC addresses are physical addresses that are “burned in” to the NIC hardware of a device.

Question 57

Q

An IPv4 address is comprised of how many binary bits?
A. 8
B. 12
C. 32
D. 48

Answer

A

C. 32

Explanation: IP version 4 addresses are made up of 4 sets of 8 bits equaling a total of 32 bits.

Question 58

Q

An IP address defines that a device is part of a particular network.
A. True
B. False

Answer

A

A. True
Explanation: An IP address determines the IP network that a host or device belongs to and in
combination with a MAC address defines it’s exact location on the network.

Question 59

Q

Internet Protocol is included as part of which protocol stack?
A. Ethernet
B. The OSI Model
C. Broadcast stack
D. TCP/IP

Answer

A

D. TCP/IP
Explanation: The TCP/IP protocol stack includes IP (Internet Protocol). Ethernet is a family of
protocols, works below IP and does not include IP. The OSI Model is not a stack of specific
protocols, but rather a model for interpreting and managing protocols, applications, hardware,
and systems. Broadcast stack is not a real thing and conveys no intended meaning.

Question 60

Q

An IP router is used to route IP Packets from one network to \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_.
A. Another network
B. The OSI Model
C. A Frame
D. An Access Point

Answer

A

A. Another Network
Explanation: Routers look at the destination IP addresses inside IP Packets and reference their
routing tables to make decisions on how to correctly route the IP traffic to the destination
network. In this way IP routers are used to route traffic from one network to another network.

Question 61

Q

IP by itself is a connection-oriented protocol.
A. True
B. False

Answer

A

B. False
Explanation: By itself, IP is connection-less. In order to become connection-oriented it must be
combined with a connection-oriented protocol from the Transport layer of the OSI model such
as TCP.

Question 62

Q

Before being sent out onto the network IP Packets are first encapsulated inside of a\_\_\_\_\_\_\_\_\_\_\_.
A. Datagram
B. Frame
C. LAN
D. IP Packet

Answer

A

B. Frame
Explanation: An IP Packet or Datagram resides at the OSI Network Layer and is encapsulated
inside of a Frame as it moves down to the OSI Data Link Layer. The Frame is then placed on the
physical medium as bits (ones and zeros).

Question 63

Q

The IPv4 Networks 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are examples of what type of
IPv4 addressing?
A. Public
B. Hybrid
C. Private
D. Connection-oriented

Answer

A

C. Private
Explanation: The RFC 1918 network IDs are used for private networks are not routable on the
public internet. These ranges are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

Question 64

Q

To interface with the IPv4 internet what type of IPv4 addressing must be used on the internet
facing device?
A. Public
B. Hybrid
C. Private
D. Connection-oriented

Answer

A

A. Public
Explanation: Public IPv4 networks are assigned to the global internet registries by IANA. These
public networks are routable on the public internet where as the RFC 1918 private network
ranges are not routable on the public internet.

Answer 64

A

C. 32
Explanation: An IPv6 address is represented as eight groups of four hexadecimal digits. Each
group represents 16 bits which is sometimes called a hextet. The groups (or hextets) are
separated by colons. An example of an IPv6 address is:
2001:0BD8:C003:0001:0000:0000:0000:F00C

Answer 65

A

A. 128
Explanation: Each group of four hexadecimal digits in an IPv6 address represents 16 bits. There
are a total of eight groups each separated by a colon. Eight groups multiplied by 16 bits equals
128 total bits.

Answer 66

A

A. True
Explanation: IPv6 was created to allow for more public IP addresses and easier allocation of IP
networks across the globe. IPv6 has the capacity to completely replace IPv6, however it is
merely speculation as to how long that would actually take. As long as there are systems that
still require IPv4 and have not been migrated to IPv6 then IPv4 will still remain. For the
foreseeable future it will be a hybrid IPv4/IPv6 world. However, IPv6 was designed to
supplement and eventually replace IPv4.

Answer 67

A

B. False
Explanation: Unlike IPv4 IPv6 does not use traditional IP Broadcasts. Instead, IPv6 uses improved
Multicasts and a new transmission method called Anycast.

Answer 68

A

D. /64
Explanation: The last 64 bits are the unique IPv6 identifier for the host computer. This portion
of the IPv6 address is called the Interface ID. A /64 mask means the first 64 bits are used for the
Network/subnet and the last 64 bits are used for the host.v

Answer 69

A

D. ::1
Explanation: The full IPv6 loopback address is 0000:0000:0000:0000:0000:0000:0000:0001
which can be abbreviated as 0000:0000:0000:0000:0000:0000:0000:1, or 0:0:0:0:0:0:0:1, or ::1 as
the shortest abbreviation.

Answer 70

A

A. FE80::/64
Explanation: Link-local IPv6 addresses are automatically generated for the network interface
and use a predefined prefix of FE80::/64.

Answer 71

A

A. NAC
Explanation: NAC (Network Access Control) is a network security system that checks every host
as it connects to the network to confirm that it meets the required criteria before allowing it to
fully connect to the production network.

Answer 72

A

C. Network-based
Explanation: Network-based antimalware runs on devices like advanced firewalls or proxy
servers and scans all traffic for malware as the traffic passes through the device. Host-based
antimalware runs directly on a host computer and cloud-based antimalware is centrally via a
cloud-based service. It’s important to note that a combination of all the types of antimalware is
the best way to defend against malware.

Answer 73

A

A. (ARP Inspection), B. (DHCP Snooping), D. (Port Security)
Explanation: Dynamic ARP Inspection allows switches to check ARP request and replies and
drop them if spoofing is detected. DHCP Snooping allows switches to inspect DHCP traffic and
only allow DHCP traffic to pass if it is associated with trusted DHCP servers. Port Security allows
for port-based MAC address security and if an invalid MAC address is connected to a switch port
the switch will shut the port down.

Answer 74

A

B. (SNMPv3), C. (SFTP), E. (IPSec)
Explanation: SNMPv3 is for secure network management traffic, SFTP is for secure file transfers,
and IPSec is for encrypted VPN tunnels. Telnet is a clear text remote terminal application and
SSH should be used instead of Telnet. PPTP is an unencrypted VPN technology and generally
should not be used at all.

Answer 75

A

A. True
Explanation: Multifactor Authentication is a great tool for authentication security. More and
more applications and systems are now using multifactor authentication with two-factor
authentication being the most prevalent.

Answer 76

A

B. False
Explanation: Physical Security is just as important if not more important than the security
features that are available on network devices. However, it’s the combination of both that truly
make an impact on network security. Without physical security people would have free access
to the systems that house our data. It always important to consider the benefit of things that
may seem insignificant such as using locks on equipment racks and restricting access to
communications and equipment rooms

Answer 77

A

B. False
Explanation: In fact, VLANs are one of the best tools we have for creating segmentation in our
network. VLANs can be used to create segmentation down to layer 2 of the OSI model and
allow us to create logically separated areas of the network where we can apply security rules on
a per-VLAN basis.

Answer 78

A

C. ACL
Explanation: Access Control Lists (ACLs) can be applied to any layer 3 interface to add layer 3
security to a network. In the case of VLANs a VLAN interface (aka VLAN gateway) is needed in
order to allow the VLAN to communicate with other networks. When a VLAN interface is
configured as a VLAN Gateway is has no security until an Access Control List is applied to the
VLAN interface.

Answer 79

A

B. False
Explanation: Testing labs are truly great for testing things before implementing them in the live
production network. However, since testing labs are sometimes used for testing systems that
may have malicious data such as malware, a testing lab should never ever be connected to the
live production network. Testing labs should be physically segmented from the production
network so there is no chance that data can get from the Testing Lab into the live production
network.

Answer 80

A

A. DMZ
Explanation: The DMZ (De-Militarized Zone) an area of the network that is segmented away
from the main LAN and sits between the main LAN and the internet. Servers that need
exposure to the internet are placed in the DMZ for security purposes so that the main internal
LAN does not have to be opened up to the wild, wild west of the internet.

Answer 81

A

C. Honeynet
Explanation: Honeynets are networks created specifically for the purpose of inviting and
monitoring malicious attacker activities. Honeynets are always segmented away from the live
production network similar to a DMZ, but with no possible access back to the internal network.

Answer 82

A

A. True
Explanation: Local Area Networks (LANs) are small networks that are local to a house, office, or
small group of buildings. Wide Area Networks (WANs) are the long haul networks that connect
LANs to other LANs. WANs can span across entire cities and countries and therefore cover a
much larger geographic region than LANs do.

Answer 83

A

D. PAN
Explanation: The Personal Are Network (PAN) covers the area around a person, typically uses
shortrange wireless and is the smallest of all the network types.

Answer 84

A

A. Wireless
Explanation: Wireless LANs (WLANs) use WiFi for wireless access to the local network, Wireless
WANs (WWANs)use long haul wireless technology such as cellular to wirelessly connect over
long distances, and Personal Area Networks (PANs) use shortrange wireless such as Bluetooth
to connect peripherals to a host computer

Answer 85

A

B. CAN
Explanation: Campus Area Networks (CANs) describe a networks in which multiple LANs share
the same geographic area and are usually inter-connected via high speed switches. Campus
Area Networks are much larger than regular LANs the term is normally assigned to the swtiched
networks of institutions or college campuses.

Answer 86

A

A. MAN
Explanation: Metropolitan Area Networks (MANs) span across multiple city blocks and even
between cities connecting geographically separated LANs so they can function as one cohesive
network. A good example of a MAN is the network of a local city government.

Answer 87

A

C. WAN
Explanation: Wide Area Networks (WANs) are the long haul networks that connect LANs to
other LANs. WANs can span across entire cities and countries.

Answer 88

A

C. Switch
Explanation: Switches and Hubs are used to connect wired nodes to the network. Switches are
intelligent devices that learn MAC addresses and have better performance than hubs. Therefore
a switch should always be used as the best option over a hub.

Answer 89

A

B. MAC Address
Explanation: Switches learn the MAC address of connected hosts and keep them stored in the
MAC address table.

Answer 90

A

B. Media
Explanation: The connections between devices are collectively referred to as network media
and individually referred to as a network medium.

Answer 91

A

A. Router
Explanation: Routers make decisions to send traffic from one network to another network
based on the destination IP address in the IP packet. The IP address of a host determines which
network it belongs to and using this information the Router can determine which local interface
or neighboring router to route the traffic to.

Answer 92

A

A. Router
Explanation: The device that a host must send traffic to for leaving the local LAN and talking to
another network is referred to as a gateway or a default gateway. Since routers are the devices
that are capable of sending traffic from one network to another network they are also the
default gateway for a LAN.

Answer 93

A

D. Client

Explanation: The hosts or end-user devices on a network are referred to as Clients.

Answer 94

A

A. Wireless Access Point
Explanation: Wireless Access Points, also knowns as WAPs, APs, Access Points, or Wireless APs
are the devices that wireless hosts connect to for access to the network.

Answer 95

A

C. Server
Explanation: Servers are the computers on networks that provide services to Clients. Servers
can reside on the local network (such as local file servers) or on a remote network (such as web
servers that host websites).

Answer 96

A

B. False
Explanation: Switches provide much better performance than that of hubs and should always
be used instead of a hubs. Hubs can still be used, but are rarely seen in larger enterprise
networks due to their poor performance in comparison with switches.

Answer 97

A

A. True
Explanation: Port Forwarding is a useful tool available even on home routers, but also used in
SOHO and corporate environments. Port Forwarding allows for the forwarding of any port on
the outside of a network to a specific IP address and port on the inside of the network. Port
Forwarding can be a security concern and it is always best to use a non-standard port on the
outside and restrict which public IP addresses are able to access the port forwarding rule.

Answer 98

A

B. False
Explanation: It is always necessary to confirm what a port forwarding rule is needed for. In many
cases needs can be met without adding a port forwarding rule, but sometimes they are truly
needed for things like vendor access to a particular device. It’s also best to confirm if it is
needed permanently or just temporarily. It is not good to keep building in lot’s of port
forwarding rules because of the security risk. It’s preferable to use an encrypted VPN tunnel
instead when possible.

Answer 99

A

A. True
Explanation: HTTP port 80 should never be opened directly to the inside of the network. If HTTP
port 80 on the outside is opened to the inside it will likely be attacked. And will most definitely
be attacked if it is allowed from any source. In most networks port 80 is opened to a web server
in the DMZ (De-Militarized Zone) and never to the inside network. Any time we punch holes in
our internet facing router or firewall we must be very security conscious. Be careful with port
forwarding!

Answer 100

A

A. True
Explanation: In order for applications and protocols to use the network they must be attached
to a TCP or UDP port. In this way the port number being used specifies the application or
protocol which uses that specific port.

Answer 101

A

D. 443

Explanation: 443 is the well known port for HTTPS which is Hyper Text Transfer Protocol Secure.

Answer 102

A

A. 80
Explanation: 80 is the well known port for HTTP which is Hyper Text Transfer Protocol without
security.

Answer 103

A

C. Well Known Ports
Explanation: The ports in the range of 0 – 1023 are the Well Known Ports. These are mapped to
specific protocols that are widely used and the port numbers cannot be changed

Answer 104

A

C. 3-way Handshake
Explanation: The 3-way Handshake is how TCP sets up a connection-oriented session. It’s called
a 3-way Handshake because it includes 3 messages that set up the connection: a SYN, a
SYN+ACK, and then an ACK.

Answer 105

A

B. 22
Explanation: Secure Shell is the most popular secure remote terminal session protocol and uses
TCP port 22.

Answer 106

A

C. 23
Explanation: Telnet is the most popular unsecure remote terminal session protocol and uses
TCP port 23. *In most scenarios Telnet should not be used and SSH should be used instead.

Answer 107

A

A. 20

Explanation: FTP uses ports 20 (FTP data transfer) and 21 (FTP control).

Answer 108

A

B. netstat
Explanation: The “netstat” command lists all ports currently open on a computer and the
common switches are –a, -b, -n, -o, and –r.

Answer 109

A

D. Network
Explanation: Layer 3 is the Network Layer which contains functionality such as routing,
protocols such as IP, and devices such as routers.

Answer 110

A

B. False
Explanation: The Physical Layer (layer 1) is where all cables and media are referenced in the OSI
Model. The Data Link Layer is where devices such as Switches operate.

Answer 111

A

D. Layer 4

Explanation: Layer 4 of the OSI Model is the Transport Layer where TCP and UDP operate.

Answer 112

A

B. Layer 2
Explanation: The Data Link Layer is the layer just above the Physical Layer (layer 1). The Data
Links Layer is layer 2 which contains the MAC and LLC sub-layers and is where switches and MAC
addresses reside.

Answer 113

A

A. Network
Explanation: The Network Layer is layer 3 which references logical addressing and the protocols
and devices (such as routers) that make it possible to route traffic from one network to another
network

Answer 114

A

D. Frame
Explanation: Frames represent encapsulation (the packaging of information) at the Data Link
layer. The Frame is the last form of encapsulation before the information is placed onto the
physical medium as ones and zeros.

Answer 115

A

A. Packet
Explanation: When information arrives at the Network Layer (layer 3) it includes logical
addressing added to it such as the source and destination IP address. When this happens we
call it most commonly a Packet, such as an IP Packet. However, it can also be called a datagram if
it’s a connection-less transmission.

Answer 116

A

C. Segment
Explanation: When information arrives at the Transport Layer it includes port based information
to define the protocol or application that the information is for. When information is referenced
with a TCP port number it is called a Segment.

Answer 117

A

B. Bits
Explanation: When information is ready to be placed onto the wired or wireless transmission
medium it is performed by signaling a series of ons and offs similar to a flash light turning on
and then off again in repetition. These ons and offs equate to ones and zeros in the world of
computing and are called bits. This is the reason why we call the information bits when is it at
the physical Layer of the OSI Model (layer 1).

Answer 118

A

A. True
Explanation: Layer 5 – 7 of the OSI Model are the Session Layer, Presentation Layer and
Application Layer respectively. These layers all have the same PDU which is simply called Data.

Answer 119

A

D. All layers
Explanation: Host computers run applications that access network resources. This is the entire
reason why we need networks in the first place – so that an application on a computer can send
data to an application on another computer. So, host computers work at the Application Layer
and process information all the way down the OSI model encapsulating the Data into Segments,
Packets, Frames, and then placing it onto the medium as bits via the network interface card.

Answer 120

A

B. False

Explanation: The TCP/IP Model has only 4 layers while the OSI Model has 7 layers.

Answer 121

A

A. True
Explanation: The layers of the TCP/IP Model correspond to certain layers of the OSI model. Since
there are only 4 layers in the TCP/IP Model some of them will correspond to multiple layers of
the OSI Model. Layer 1 of TCP/IP corresponds to Layers 1 and 2 of the OSI Model. Layer 2 of the
TCP/IP Model corresponds directly to Layer 3 of the OSI Model. Layer 3 of the TCP/IP Model
corresponds directly to layer 4 of the OSI Model. Layer 4 of the TCP/IP Model corresponds to
Layers 5 – 7 of the OSI Model.

Answer 122

A

A. True

Explanation: The TCP/IP Model represents the TCP/IP stack of protocols that already exist.

Answer 123

A

C. Internet Layer
Explanation: The second layer of the TCP/IP Model is the Internet Layer which handles routing
and the IP protocol.

Answer 124

A

B. Link Layer
Explanation: Layer 1 of the TCP/IP Model technically has two names. It can be called either the
Network Interface Layer or the Link Layer.

Answer 125

A

A. Type 1 Hypervisor
Explanation: A Type 1 Hypervisor is called a “Bare Metal” Hypervisor because it is installed
directly onto the bare metal hardware of a system. This means that a Type 1 Hypervisor serves
as the main Operating System running all the hardware and is not installed under a separate
operating system. VMWare vSphere/ESXi, Microsoft Hyper-V and Citrix XenServer are examples
of Type 1 Hypervisors and are used to run virtualization environments inside companies and
data centers. Type 2 Hypervisors are referred to as “Hosted” Hypervisors and are installed
directly under a host Operating System such as Windows, Mac OSX, or Ubuntu. With Type 2
Hypervisors the Hypervisor is an application running within the Host OS.

Answer 126

A

A. True
Explanation: Type 1 Hypervisors are used inside data centers while Type 2 Hypervisors are used
to set up virtual machines on a local computer.

Answer 127

A

C. Virtual NIC
Explanation: Just like regular computers need a physical Network Interface Card to connect to
the network, virtual machines use a virtual Network Interface Card to connect to the network.

Answer 128

A

D. Virtual Switch
Explanation: Virtual Switches are necessary components within a virtualized environment for
connecting virtual machines into the network. Just as you would set up VLANs on a regular
switch, the same can be done with virtual Switches for setting up VLANs inside a virtual
environment.

Answer 129

A

A. (Better use of hardware resources), B. (Power savings and reduced footprint) C. (Recovery), D.
(Flexibility)
Explanation: All of the above are benefits of implementing virtualization.

Answer 130

A

A. (Network Authentication) B. (Client Isolation), C. (Disable SSID Broadcast), D. (MAC Filtering)
Explanation: All the mentioned answers are methods for implementing WLAN Security

Answer 131

A

C. WAP2
Explanation: WPA2 is an enhancement to WPA and uses AES Encryption. WPA2 is the strongest
of the WLAN encryption standards using the strongest available encryption.

Answer 132

A

A. True
Explanation: A Rogue access point is really any access point on a network that has been
connected without approval. Rogue access points and home routers connected to a corporate
network can at time remain unnoticed, cause security breaches and interfere with existing
wireless channels. Rogue APs should always be identified and taken down as fast as possible. An
Evil Twin is the worst-case scenario with Rogue APs as Evil Twins are set up specifically for the
purpose of mimicking a real production network and duping users into connecting to it for the
purpose of intercepting and stealing data.

Brainscape's Knowledge GenomeTM

Network+ Flashcards

Brainscape's Knowledge Genome^TM