Practice (3)

Question 1

Which of the following settings is typically not included in an account lockout policy?

Account lockout threshold

Reset account lockout threshold counter

Time allowed between attempts

Answer 1

Time allowed between attempts

Account lockout policies typically do not include a setting that regulates the amount of time allowed between logon attempts. The other options describe settings that are usually included in an account lockout policy. An account lockout threshold setting specifies the number of incorrect logon attempts that are permitted before the account is locked out. An account lockout duration setting specifies the amount of time that an account remains locked out. A reset account lockout threshold counter setting specifies the amount of time before the number of incorrect attempts is reset to zero

Question 2

You have been asked to evaluate the security provided by the cryptographic algorithms in use on your network. Which of the following are not cryptographic algorithms used for file hashing? (Choose all correct answers.)

RC4

MD5

AES

SHA

Answer 2

RC4

AES

Secure Hash Algorithm (SHA) and Message Digest 5 (MD5) are file hashing algorithms, used to test data integrity by calculating a hash value before transmitting a file over the network. After the transmission, the receiving system performs the same calculation. If the values match, then the data is intact. RC4 and Advanced Encryption Standard (AES) are both cryptographic algorithms, but they are not used for file hashing

Question 3

Which of the following are not technical terms associated with Integrated Service Digital Network (ISDN)? (Choose all correct answers.)

2B+D

Primary Rate Interface (PRI)

Digital Subscriber Line (DSL)

Basic Rate Interface (BRI)

T-1

Answer 3

Digital Subscriber Line (DSL)

T-1

Digital Subscriber Line is a wide area networking service that uses the public switched telephone network, but it is not associated with ISDN. A T-1 is a leased telephone line that is also not associated with ISDN. 2B+D is a term for the ISDN Basic Rate Interface (BRI) service. B channels are 64 Kbps circuits that carry user data. A single D channel carries control and synchronization information. Primary Rate Interface is another type of ISDN service that has 23 B channels instead of two

Question 4

You are in the process of troubleshooting a user’s computer that is malfunctioning. Which step of the troubleshooting model involves replacing computer components until you have identified a faulty hardware device?

Establish a plan of action to resolve the problem

Duplicate the problem

Gather information

Verify full system functionality

Test the theory to determine the cause

Document findings, actions, and outcomes

Establish a theory of probable cause

Answer 4

Test the theory to determine the cause

After you have established a theory of probable cause, you can try to test the theory by replacing hardware components one by one until you find the faulty device. All of the other options are steps that come either earlier or later in the troubleshooting process

Question 5

An insider threat is most likely to be detectable by which of the following types of physical security?

Smartcards

Biometrics

Video surveillance

Answer 5

Video surveillance

An insider threat by definition originates with an authorized user. Therefore, smartcards, motion detection, and biometrics will only detect the presence of someone who is authorized to enter sensitive areas. Video surveillance, however, can track the activities of anyone, authorized or not

Question 6

Which of the following message types does a Dynamic Host Configuration Protocol (DHCP) client use to locate a DHCP server?

DHCPREQUEST

DHCPDISCOVER

DHCPOFFER

Answer 6

DHCPDISCOVER

In the DHCP address allocation process, the client begins the transaction by broadcasting DHCPDISCOVER messages to locate DHCP servers. The servers then reply with DHCPOFFER messages containing addresses. Then, the client sends a DHCPREQUEST message to one server accepting an offered address, to which the server replies with a DHCPACK. DHCPRENEW messages are not used during the address allocation process

Question 7

A protocol analyzer is a tool that captures packets from a network and examines their contents. Which of the following Unix/Linux tools is a protocol analyzer?

nmap

tcpdump

pathping

Answer 7

tcpdump

The Unix/Linux tcpdump utility is a protocol analyzer. It is a command-line tool that captures network packets and displays their contents. The iptables, nmap, and pathping utilities cannot capture and analyze packets. iptables manages Unix/Linux kernel firewall rules, nmap is a port scanner, and pathping is a Windows route tracing tool

Question 8

A storage area network (SAN) typically takes the form of a dedicated network used to provide servers with access to hard disk arrays and other storage devices. Which of the following statements about the differences between a SAN and network attached storage (NAS) are true? (Choose all correct answers.)

NAS devices typically provide a filesystem, while SAN devices do not.

NAS provides file-level storage access, whereas a SAN provides block-level storage access.

NAS devices typically contain integrated iSCSI targets.

SAN devices have an operating system, whereas NAS devices do not.

Answer 8

NAS devices typically provide a filesystem, while SAN devices do not.

NAS provides file-level storage access, whereas a SAN provides block-level storage access.

NAS devices are self-contained file servers that connect directly to a standard IP network. A NAS device provides file-level access to its storage devices, and it includes an operating system and a filesystem. NAS devices are typically not iSCSI targets

Question 9

Your supervisor has just informed you that the CIO has hired an outside consultant to perform penetration testing on the company network. Which of the following best describes what you can expect the consultant to do?

Evaluate the security conditions on the network

Create computers or networks that are alluring targets for intruders

Attempt to compromise the network’s security measures

Answer 9

Attempt to compromise the network’s security measures

Penetration testing is when an outside consultant is engaged to attempt an unauthorized access to protected network resources. Testing by an internal administrator familiar with the security barriers would not be a valid test. Although having a consultant examine the network’s security from within can be useful, this is not a penetration test. Computers or networks that are alluring targets for intruders are called honeypots or honeynets. Implementation of a new security protocol can only come after the current security situation has been evaluated

Question 10

Your company is a contractor for the government that regularly works with highly sensitive defense data. To prevent this data from being compromised, the company’s datacenter has various special security measures installed. All of the servers have crimped metal tags holding the cases closed. All of the hardware racks are locked in clear-fronted cabinets. All of the cable runs are installed in transparent conduits. These are all examples of which of the following types of physical security measure?

Geofencing

Port security

Tamper detection

Answer 10

Tamper detection

All of the mechanisms listed are designed to make any attempts to tamper with or physically compromise the hardware devices immediately evident. These mechanisms are therefore various forms of tamper detection. Asset tracking is for locating and identifying hardware. Geofencing is a wireless networking technique for limiting access to a network. Port security refers to network switch ports. These options do not apply to the specified mechanisms

Question 11

In the public key infrastructure (PKI), users and computers are issued a key pair, consisting of public and a private key. Which of the following statements about a public key infrastructure are true? (Choose all correct answers.)

Data encrypted with the public key can only be decrypted using that public key.

Data encrypted with the public key can only be decrypted using the private key.

Data encrypted with the private key can only be decrypted using the public key.

Data encrypted with the private key can only be decrypted using that private key.

Answer 11

Data encrypted with the public key can only be decrypted using the private key.

Data encrypted with the private key can only be decrypted using the public key.

In a PKI, data encrypted with the private key can only be decrypted using the public key. Therefore, anyone receiving data encrypted with the private key can obtain the public key and decrypt it, confirming that the data originated with the private key holder. Because the public key is freely available, anyone can encrypt data using the public key and be certain that only the private key holder can decrypt it

Question 12

Which of the following is the worldwide standard (exclusive of North America) for synchronous data transmissions that defines data rates designated by optical carrier levels, such as OC-3, OC-12, OC-48, and OC-192?

SDH

SONET

ISDN

Answer 12

SDH

The Synchronous Digital Hierarchy (SDH) standard defines a base data transfer rate of 51.84 Mbps, which is multiplied at the various optical carrier levels. An OC-3 connection therefore runs 155.52 Mbps, an OC-12 at 622.08 Mbps, and so forth. SDH is the standard for the entire world, except for the United States and Canada. The North American standard is called Synchronous Optical Networking (SONET). Integrated Services Digital Network (ISDN) is a service that combines voice and data services using the Public Switched Telephone Network (PSTN), and Asynchronous Transfer Mode (ATM) is cell-switched protocol defining a combined voice, data, and video service

Question 13

Your supervisor has given you a Class C network IP address and has asked you to create a network with 8 subnets and 30 hosts per subnet. Which of the following subnet masks will you have to use?

255. 255.255.128
256. 255.255.192
257. 255.255.224

Answer 13

255.255.255.224

To create a network with 8 subnets and 30 hosts per subnet, you must allocate 3 of the 8 bits in the last octet for use as a subnet identifier. This results in a binary value of 11100000 for the last octet in the subnet mask, which converts to a decimal value of 224. Therefore, the correct subnet mask value is 255.255.255.224. Values for the last octet that are lower than 224 would not enable you to create 8 subnets. Values higher than 224 would not enable you to create 30 host addresses

Question 14

You are a consultant working at a client site. The client has supplied you with the SSID and the passphrase for the company’s wireless network so that you can connect to it with your laptop. However, you are unable to establish a connection. Which of the following security measures might be preventing you from connecting your laptop to the network?

Geofencing

MAC filtering

Using WPA2

Answer 14

MAC filtering

MAC filtering takes the form of an access control list (ACL) on the wireless network’s access points, listing the MAC addresses of all the devices that are permitted to access the network. If the MAC address of your laptop is not included in the ACL, you will be unable to connect to the network. Geofencing is intended to prevent users outside the office from accessing the network. You are inside, so this should not be the problem. You have been given the passphrase for the network, so you should be able to configure the WPA2 protocol on your laptop. You have been given the SSID of the network, so you should be able to connect by manually entering it, even if the access points are not broadcasting the SSID

Question 15

You have just finished installing a new Category 5e cable run yourself for the first time. After attaching keystone connectors to both ends of the cable, you mount the office-side connector to a wall plate and mount the datacenter connector into a patch panel. Then you take a patch cable and connect the patch panel port to an open port in one of the network switches. However, the LED on the switch port does not light as it is supposed to. What should you do next?

Check the cable run for wiring faults.

Make sure the switch port is not disabled.

Plug a computer into the wall plate.

Answer 15

Plug a computer into the wall plate.

For the link pulse LED on the switch port to light up, there must be an active connection between the switch and a functioning computer at the other end. Plugging a running computer into the wall plate will enable the Ethernet adapters at both end of the connection to communicate, causing the LED to light. None of the other options will cause the LED to light

Question 16

Devices on a TCP/IP network typically use the Address Resolution Protocol to locate specific destinations on the local network by resolving IP addresses into MAC addresses (also known as hardware addresses). At which layer of the Open Systems Interconnection (OSI) model do these MAC addresses operate?

Physical

Data link

Network

Answer 16

Data link

The Ethernet (or IEEE 802.3) protocol at the data link layer uses MAC addresses to identify computers on the local network. Media access control (MAC) addresses are coded into the firmware of physical network interface adapters by the manufacturer. The physical layer deals with signals and is not involved in addressing. The IP protocol at the network layer has its own addressing system. The transport layer protocols are not involved in addressing

Question 17

ARP poisoning is the deliberate insertion of fraudulent information into the ARP cache stored on computers and switches. Which of the following types of attack can be facilitated by ARP poisoning? (Choose all correct answers.)

Social engineering

Man in the middle

Evil twin

Session hijacking

Answer 17

Man in the middle

Session hijacking

By inserting modified entries into a device’s ARP cache, an attacker can cause traffic to be diverted from the correct destination to a system controlled by the attacker. This can enable the attacker to intercept traffic intended for another destination. In a man-in-the-middle attack, the attacker can read the intercepted traffic and even modify it before sending it on to the correct destination. In a session hijacking attack, the attacker can use the intercepted traffic to obtain authentication information, including passwords. Neither of the other two options is facilitated by ARP poisoning. An evil twin is a fraudulent access point on a wireless network. Social engineering is a form of attack in which an innocent user is persuaded by an attacker to provide sensitive information via email or telephone

Question 18

Recently, your network has been the target of numerous attack attempts. To gather information about the attackers, you have created a server that is designed to function as an enticing target but that does not provide access to any legitimately sensitive services or information. Which of the following is the term used to describe this technique?

Spoofing

Root guard

Honeypot

Answer 18

Honeypot

A honeypot is a computer configured to function as bait for attackers, causing them to waste their time penetrating a resource that provides no significant access. This is also a technique that enables the target to gather information about the attackers. A demilitarized zone (DMZ) is a network segment on which administrators locate servers that must be accessible from the Internet but that are separated from the internal network by a firewall. A root guard provides protection to switch ports. Spoofing is an attack technique in which an intruder modifies packets to assume the appearance of another user or computer

Question 19

You are a consultant working on a new client’s network. The network has been in place for decades, and you are given a diagram supplied by the original installer. The diagram says that the network computers are connected to a device called a multiport repeater. Which of the following devices can also be described as a multiport repeater?

Hub

Bridge

Switch

Answer 19

Hub

A repeater is a physical layer device that regenerates incoming signals and retransmits them. A hub is a type of repeater that receives data through any one of its multiple ports and retransmits the data out through all of its other ports. Bridges and switches are data link layer devices, and routers are network layer devices. None of these three can be described as a multiport repeater

Question 20

When you run a port scanner on a server, which of the following is the result?

A list of the server’s currently running user processes

A list of the computer’s hardware ports that are currently in use

A list of open ports through which the system can be accessed

Answer 20

A list of open ports through which the system can be accessed

A port scanner examines a system for open ports or endpoints that are accessible from the network using the TCP or UDP protocol, which intruders can conceivably exploit to gain access to the system. Port scanners do not list user processes, hardware ports, numbers of packets, or IP addresses

Question 21

Your company has a seven-node failover cluster hosting databases on SQL Server. Each server has three network interface adapters installed in it. Two are standard Gigabit Ethernet adapters that provide the nodes with access to each other and clients with access to the cluster. One is a Fibre Channel adapter that provides the cluster nodes with access to a dedicated network that also hosts a large hard disk array. Which of the following terms describe the networks to which the cluster nodes are connected? (Choose all correct answers.)

SAN

PAN

WAN

MAN

LAN

Answer 21

SAN

LAN

A storage area network (SAN) is a network that is dedicated to carrying traffic between servers and storage devices. SANs can use specialized network protocols, such as Fibre Channel in this case, or standard Gigabit Ethernet. A local area network (LAN) is a connected group of computers, usually inside a single room or building. In this case, the cluster has one LAN connecting the nodes together and another providing other users with access to the cluster. A personal area network (PAN) provides communication among devices associated with a single person, such as smartphones. A wide area network (WAN) is a network that connects devices or networks at different geographic locations. A metropolitan area network (MAN) is a type of WAN that connects devices within a limited geographic area. The cluster is not connected to a PAN, WAN, or MAN

Question 22

A Windows user calls you at the help desk and reports that he can’t connect to any hosts on either the local or a remote network. This is the only report of its kind you have received today. You question the user about the problem and eventually learn that he has made some changes to his workstation’s Internet Protocol (IP) settings. What should you do next?

Check the switches in the datacenter to see if they have logged any error messages.

Verify that the routers on the network are functioning.

Run the ipconfig command on the user’s workstation to view its configuration.

Answer 22

Run the ipconfig command on the user’s workstation to view its configuration.

Since only one user is reporting the problem and he has admitted to making changes to his IP configuration, you should start by checking the workstation configuration using the ipconfig command. If the routers, the switches, or the DNS server were causing the problem, more than one user would be affected, and there would be additional users calling the help desk

Question 23

You are a network administrator attempting to use your workstation on the internal network to remotely control a web server called WebServ1 on the perimeter network. However, the remote desktop client software is unable to establish a connection to the server. You can see all the computers on your local network and on the perimeter network. You try using the ping utility to test the TCP/IP functionality of WebServl, and the ping test is successful. You then call your colleague on the same internal network and have her try to connect to WebServ1 using the same remote access tool. She connects to WebServ1 successfully. Which of the following could be the cause of the problem you are experiencing?

Blocked TCP/UDP ports on the web server

Name resolution failure

Incorrect firewall settings on your workstation

Answer 23

Incorrect firewall settings on your workstation

Because your colleague can connect to WebServ1 successfully, the problem is not an unresponsive service or blocked ports on the server. The problem is not a name resolution failure because you can successfully ping WebServ1 by name. Therefore, of the options listed, the only possible problem must be that the firewall on your workstation is configured to block the remote desktop client’s traffic