Practice (6) Flashcards
You have been asked to locate the computers on a network which the previous consultant has configured with incorrect IPv6 addresses. Which of the following are not correctly formatted IPv6 addresses? (Choose all correct answers.)
fe00: :c955:c944:acdd:3fcb
fe00: :b491:cf79:p493:23ff
2001: 0:44ef68:23eb:99fe:72bec6:ea5f
2001: 0:49e6:39ff:8cf5:6812:ef56
fe00: :b491:cf79:p493:23ff
2001: 0:44ef68:23eb:99fe:72bec6:ea5f
2001: 0:49e6:39ff:8cf5:6812:ef56
Option B contains a nonhexadecimal digit. Option C contains blocks larger than 16 bits. Option D contains only seven 16-bit blocks (and no double colon) instead of the eight required for a 128 bit IPv6 address. The address fe00::c955:c944:acdd:3fcb in Option A is correctly formatted for IPv6, with the double colon replacing three blocks of zeroes. Uncompressed, the address would appear as follows: fe00:0000:0000:0000:c955: c944:acdd:3fcb
During a security evaluation by an outside contractor, you are asked whether your company uses a “fail open” or “fail closed” policy for the datacenter. You don’t know what the contractor means. Which of the following physical security mechanisms can either “fail close” or “fail open”?
Door locks
Motion detectors
Honeypots
Door locks
The terms fail close and fail open refer to the default position of an electric or electronic door lock when there is a power failure. Security is often a trade-off with safety, and in the event that an emergency occurs that results in a power outage, whether secured doors are permanently locked or left permanently open is a critical factor. The terms fail close and fail open do not apply to motion detectors or video cameras. A honeypot is a computer configured to lure potential attackers; it is not a physical security mechanism
Your company is concerned about the possibility of insider threats. Which of the following security measures can you use to monitor the specific activities of authorized individuals within sensitive areas?
Identification badges
Motion detection
Video surveillance
Video surveillance
Video surveillance can monitor the activities of all users in a sensitive area, authorized or not. With properly placed equipment, even specific actions, such as commands typed into a computer, can be monitored. Identification badges, key fobs, and motion detection can indicate the presence of individuals in a sensitive area, but they cannot monitor specific activities
In the public key infrastructure (PKI), users and computers are issued a key pair. Which half of a cryptographic key pair is never transmitted over the network?
The session key
The public key
The private key
The private key
In a PKI, the two halves of a cryptographic key pair are the public key and the private key. The public key is freely available to anyone, but the private key is never transmitted over the network
Which of the following are not examples of multifactor authentication? (Choose all correct answers.)
A system that requires a smart card and a PIN for authentication
A system that uses an external RADIUS server for authentication
A system that requires two passwords for authentication
A system that requires a password and a retinal scan for authentication
A system that uses an external RADIUS server for authentication
A system that requires two passwords for authentication
Multifactor authentication combines two or more authentication methods, and reduces the likelihood that an intruder would be able to successfully impersonate a user during the authentication process. A password and a retinal scan is an example of a multifactor authentication system. A smartcard and a PIN, which is the equivalent of a password, is an example of multifactor authentication because it requires users to supply something they know and something they have. Multifactor authentication refers to the proofs of identity a system requires, not the number of servers used to implement the system. Therefore the use of a RADIUS server does not make for an example of multifactor authentication. A system that requires two passwords is not an example of multifactor authentication, because an attacker can compromise one password as easily as two. A multifactor authentication system requires two different forms of authentication
Which of the following statements best describes symmetric key encryption?
A cryptographic security mechanism that uses public and private keys to encrypt and decrypt data
A cryptographic security mechanism that uses two separate sets of public and private keys to encrypt and decrypt data
A cryptographic security mechanism that uses the same key for both encryption and decryption
A cryptographic security mechanism that uses the same key for both encryption and decryption
Symmetric key encryption uses only one key both to encrypt and decrypt data. Asymmetric key encryption uses public and private keys. Data encrypted with the public key can only be decrypted using the private key. Security mechanisms that use multiple key sets are not defined as symmetric
Which of the following statements about single-mode fiber-optic cable are true?
Multimode cables use an LED light source, while single-mode cables use a laser.
Multimode cables can span longer distances than single-mode cables.
Multimode cables have a smaller core filament than single-mode cables.
Multimode cables have a smaller bend radius than single-mode, making them easier to install.
Multimode fiber-optic cables require a ground, whereas single-mode cables do not.
Multimode cables use an LED light source, while single-mode cables use a laser.
Multimode cables have a smaller bend radius than single-mode, making them easier to install.
Multimode cables use an LED light source and have a smaller bend radius than single-mode cables. Single-mode cables have a smaller core filament and can span longer distances than multimode cables. Fiber-optic cables are not conductors of electricity, so none of them require a ground
A user swipes a smartcard through the reader connected to a laptop and then types a password to log on to the system. Which of the following actions is the user performing?
Accounting
Authorization
Authentication
Authentication
Authentication is the process of confirming a user’s identity. Smartcards and passwords are two of the authentication factors commonly used by network devices. Authorization defines the type of access granted to authenticated users. Accounting and auditing are both methods of tracking and recording a user’s activities on a network, such as when a user logged on and how long they remained connected
Which of the following cabling topologies have never been used by standard Ethernet networks? (Choose all correct answers.)
Bus
Ring
Star
Mesh
Ring
Mesh
Ethernet has never used a ring or mesh topology. The first Ethernet networks used a physical layer implementation commonly known as Thick Ethernet or 10Base5. The network used coaxial cable in a bus topology. Later Ethernet standards use twisted pair or fiber-optic cables in a star topology
Pulling into your company parking lot at lunch time, you notice a person without a company parking sticker on his car working at a laptop. You’ve seen this more than once, and you begin to suspect that unauthorized users are connecting to the company’s wireless access point and gaining access to the network. Which of the following are steps you can take to prevent this from happening in the future? (Choose all correct answers.)
Use Kerberos for authentication
Place the access point in a DMZ
Disable SSID broadcasting
Implement MAC address filtering
Disable SSID broadcasting
Implement MAC address filtering
Disabling SSID broadcasting prevents a wireless network from appearing to clients. The clients must specify the SSID to which they want to connect. MAC address filtering is a form of access control list (ACL) that is maintained in the access point and that contains the addresses of devices that are to be permitted to access the network. Both of these mechanisms make it more difficult for unauthorized devices to connect to the access point. The other two options will not help to prevent unauthorized access. Kerberos is an authentication protocol used by Active Directory, and relocating the access point to a DMZ will not resolve the problem
Traffic shaping is a series of techniques that optimize the allocation of network bandwidth. Which of the following are techniques used in traffic shaping to prevent networks from being overwhelmed by data transmissions? (Choose all correct answers.)
Broadcast storming
Bandwidth throttling
Network address translation
Rate limiting
Bandwidth throttling
Rate limiting
Bandwidth throttling is a traffic shaping technique that prevents specified data streams from transmitting too many packets. Rate limiting is a traffic shaping technique that controls the transmission rate of sending systems. A broadcast storm is a type of network switching loop. Network address translation is a method by which private networks can share registered IP addresses. Neither of these last two is a traffic shaping technique
Multiprotocol switches are devices that perform functions associated with two different layers of the Open Systems Interconnection (OSI) model. Which two of the following layers are often associated with network switching. (Choose all correct answers.)
Application
Presentation
Session
Transport
Network
Data link
Physical
Network
Data link
The primary function of a network switch is to process packets based on their media access control (MAC) addresses, which makes it a data link layer device. However, multiprotocol switches are devices that can also perform routing functions based on IP addresses, which operate at the network layer. Switches are not typically associated with the other layers of the OSI model
You are attempting to connect your new laptop to your company’s wireless network. The wireless access point on the network has an SSID that is not broadcasted and uses WPA2 for security. Which of the following describes what you must do to connect your laptop to the network?
Select the SSID from a list and allow the client to automatically detect the security protocol.
Type the SSID manually and then select WPA2 from the security protocol options provided.
Type the SSID manually and allow the client to automatically detect the security protocol.
Type the SSID manually and then select WPA2 from the security protocol options provided.
An SSID that is not being broadcasted is not detectable by clients, so you must type it in manually. Security protocols are also not detectable, so you must select the WPA2 protocol from the list of options provided on the laptop
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is a media access control mechanism designed to prevent two systems using the same network medium from transmitting at the same time. Which of the following IEEE standards calls for the use of CSMA/CA?
- 3
- 1X
- 11ac
802.11ac
The IEEE 802.11ac standard, like all of the wireless LAN standards in the 802.11 working group, uses CSMA/CA for media access control. The 802.1X standard defines an authentication mechanism and does not require a media access control mechanism. The IEEE 802.3 (Ethernet) standard uses a different mechanism for media access control: Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
A large enterprise network will—at a minimum—have demarcation points for telephone services and a connection to an Internet service provider’s network. In many cases, these services will enter the building in the same equipment room that houses the backbone switch. Which of the following is the term used to describe this wiring nexus?
IDF
RDP
MDF
MDF
The place containing the demarcation points and the backbone switch is called the main distribution frame (MDF). An intermediate distribution frame (IDF) is the location of localized telecommunications equipment such as the interface between the horizontal cabling and the backbone. Mean Time Between Failures (MTBF) and Remote Desktop Protocol (RDP) are not network wiring locations
