Test #2 Flashcards
When the loss of a piece of equipment or link can bring down an entire process, workflow, or even the whole organization, that lost element is called what?
Critical Asset
Critical Node
Single Point of Failure
Redundant Link
Single Point of Failure
A single point of failure may be a server, link, program, or something else. Any individual element that fails and results in loss of functionality of an organizational component constitutes a single point of failure.
The boss has just read an article about zero-day attacks and rushes into your office in a panic, demanding to know what you’ll do to save the company network. What security technique would best protect against such attacks?
Use aggressive patch management.
Keep antivirus definitions updated.
Implement user awareness training.
Implement effective security policies.
Correct Answer:
The best defense against zero-day attacks is to implement effective security policies.
Incorrect Answers:
Because a zero-day attack exploits previously unknown software vulnerabilities, updating virus definitions and keeping your software patched wouldn’t help at all.
By definition, there’s no patch out yet for the zero-day exploit!
User awareness will help because many zero-day attacks come through users accessing dodgy Web sites, but a good security policy that includes properly implemented firewalls and restrictions on access to those sites offers the best protection.
Where does a computer get the MAC address?
It is generated by the frame
The MAC address is another term for the IP address
It is built into the network interface card
The receiving computer applies a MAC address to each inbound frame
Correct Answer:
A unique MAC address is built into every network interface card.
Incorrect Answers:
A frame does not generate a MAC address, but it does contain a source and destination MAC address.
The MAC and IP addresses are different types of addresses.
The receiving computer reads the MAC addresses that are contained within inbound frames. It does not add anything to received frames.
A chain-of-custody document includes what information? (Select Three).
What is/are the ages of the accused.
To whom was evidence passed and when.
When was evidence taken into custody.
What was taken into custody.
What is/are name(s) of the accused.
Correct Answers:
To whom was evidenced passed and when.
When was evidence taken into custody.
What was taken into custody.
Chain of custody is concerned with tracking evidence to avoid loss or tampering. It documents what evidence was taken into custody, when it was collected, and who was it passed on to.
Incorrect Answers:
Names and ages of someone accused are not part of the evidence being tracked in a chain of custody document.
A website just changed its IP address, and a user is unable to reach it by typing the site’s domain name into their browser. What command can the user run to make the computer learn the website’s new IP address?
Ipconfig/flushdns
Ipconfig/updatednscache
Ipconfig/dnsupdate
Ipconfig/all
Correct Answer:
Ipconfig/flushdns.
Ipconfig /flushdns will clear the DNS cache and force the computer to perform a fresh DNS lookup to get the current IP address of a domain name host.
Which of the choices is not a step to perform a man-in-the-middle attack?
Typosquat the DNS
Insert an attack machine between the communicators
Configure the attack machine to spoof the two communicators
Capture/manipulate MIM data
Typosquat the DNS
Correct Answer:
Typosquat the DNS is an invalid mix of two man-in-the-middle types of attacks. Typosquatting is to simply create an Internet resource, such as a website, that is a mis-spelling of a “real” website. DNS poisoning is a method to redirect calls to legitimate resources to go to malicious sites.
Upon notification of a computer crime, a first-responder performs which tasks? (Select Three).
Evaluate the severity of the situation.
Document findings.
Remove power from volatile memory (RAM).
Wipe any hard associated hard drives.
Collect information.
Evaluate the severity of the situation.
Document findings.
Collect information.
Correct Answers:
First responders need to preserve evidence. They must evaluate the situation and take steps to prevent the loss of evidence. To that end, they should evaluate the severity of the situation, collect information, and document their findings.
What challenges do VPNs overcome? (Choose Three).
Connect remote networks across
Allow a host within a private network to connect to a host on the internet that has a VPN client running
Ensure that the data in the tunnel is secure
Assign a private address to travel across the public internet
Connect remote networks across the Internet
Ensure that the data in the tunnel is secure
Assign a private address to travel across the public internet
Correct Answers:
VPNs encapsulate endpoint private addresses within packets that have Internet public addresses.
Most VPNs have the option to encrypt the tunnel.
VPNs can easily support client-to-site or site-to-site connections.
Which is true about using a straight-through or crossover cable when connecting two switches?
Autosensing in the switch will cause the switch port to re-wire itself into a crossover configuration
Straight-through cables can be used to connect modern switches but autosensing sets the switch port to half-duplex, reducing performance by half
The switch will re-wire the cable termination so that it becomes a crossover cable
Straight-through cables cannot be used to connect modern switches
Correct Answer:
Autosensing in the switch will cause the switch port to re-wire itself into a crossover configuration.
SIEM is comprised of which primary elements? (Choose two).
Aggregation
Correlation
Analysis
Reporting
Aggregation
Correlation
Correct Answers:
Aggregation and correlation are the two primary components of security information and event management (SIEM).
A technician has just been hired by a company. What type of documentation should she expect to encounter? (Choose three.)
SLA
Wiring diagram
IDF/MDF diagrams
Inventory
Wiring diagram
IDF/MDF diagrams
Inventory
Correct Answers:
Networks should have their inventory tracked and controlled. IDF and MDF diagrams are very important for maintaining and updating networks and wiring diagrams.
What media access method does 802.11 use?
CSMA/CA
CSMA/CD
CSU/DSU
CIDR
CSMA/CA
Carrier Sense Multiple Access/Collision Avoidance
802.11 uses CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) because there is NO WAY to detect collisions in the world of WIRELESS.
You are the network administrator with 15 users on a network. None of them have been able to connect to the server for the last 30 minutes. You try pinging the workstations from the server, but you can’t ping any of them or the loopback address, even after a reboot. Which of the following statements must be true?
There is a problem with the server NIC.
You need to reboot the DHCP server.
You need to reboot the DNS server.
All users need to reboot their systems.
There is a problem with the server NIC.
Correct Answer:
The main factor in all of this is that the server cannot ping the loopback address. This means that the server’s NIC is not functioning properly. As a result, the server will obviously not be able to ping the workstations.
If nobody on your network can reach any websites using the domain names, what command utility would be good to use to determine the problem?
Nbstat
Nslookup
Telnet
Ping
Ping
Correct Answer:
If no one on the network can reach any websites using the hostnames, try to ping various websites using hostnames and IP addresses. If you can successfully ping the IP addresses but not the hostnames, the problem most likely lies with DNS. If you cannot ping either hostnames or IP addresses, the problem may lie somewhere else on your network, such as the gateway.
What is the purpose of netstat?
Captures frames and packets for later review
Displays all connections to and from a host computer
Shows your computer’s connection(s) to any web server(s)
Graphical utility that charts amount of network data entering and leaving a host
Displays all connections to and from a host computer
Correct Answer:
Netstat is a command-line utility that shows a computer’s network connections.
If a host has the IP address 23.51.126.9, which subnet mask would you use?
- 255.255.255
- 0.0.0
- 255.255.0
- 255.0.0
255.0.0.0
Correct Answer:
Class A IP addresses, with a range of 1.x.x.x to 126.x.x.x, use a default subnet mask of 255.0.0.0.
The primary command-line tool to troubleshoot Windows naming issues is what?
Netstat
Nbtstat
Net
Ipconfig
Nbstat
Correct Answer:
Nbtstat provides information about the NetBIOS naming service that runs in some Windows-based computers.
Which of the following is not a fire rating for network cables?
PVC
Plenum
CAT 6a
Riser
Cat 6a
Correct Answer:
CAT 6A is not a fire rating. It is a performance specification.
Incorrect Answers:
Riser and Plenum cable have similar fire ratings. They burn at very high temperatures and don’t give off toxic fumes.
Even though PVC is not strictly a fire rating, PVC is what most UTP and PVC jackets are made of. It burns at low temperatures and emits chlorinate gas when it burns.
Stan tells you that he cannot get on the network. You know the link light on the NIC is green and you know the cable is good. He seems to be the only one on the network having this problem. What command line utility and address do you use to run an internal test?
Ping the IP address
Ping the loopback address
Ping the broadcast address
Ping the subnet mask address
Ping the loopback address
Correct Answer:
Don’t let the link light and good cable fool you. The NIC could still be bad. Pinging the loopback address (127.0.0.1) runs an internal test to verify that the NIC and TCP/IP is working.
Which statement is true of a NAT router?
NAT routers allow public addresses to exist on the LAN side of the router
All hosts on the LAN side of a NAT router are assigned the same IP address as the public address in the router
NAT routers replace the source IP address with its IP address
The NAT function is performed at the ISP facility
NAT routers replace the source IP address with its IP address.
Correct Answer:
NAT routers replace the source IP address with its IP address and then restore the original IP header when a response comes back so that the results can be sent to the originator.
Network technician Jan is assigned to install a wireless router in a company’s public common area. The company wants visitors to the company to be able to connect to the wireless network with minimal security, but they should not be able to connect to the private internal network. Which of the following firewall rules would BEST accomplish this?
Allow traffic from the wireless access point
Packet filtering on the wireless access point
Content filtering on the wireless access point
Block traffic from the wireless access point
Packet filtering on the wireless access point
Correct Answer:
Packet filtering on the wireless access point. Packet filtering on the WAP can enable inbound and outbound traffic to the Internet, but it can block traffic to and from the internal network.
An office would like to set up an unsecured wireless network for its customers in their lounge area. Customers should be allowed to access the Internet, but should not have access to the office’s internal network resources. Which firewall configuration can accomplish this?
Port security
NAT
Stateful inspection
Packet filtering
Packet filtering
Correct Answer:
Among other things, packet filtering controls access to IP-addressed devices.
Incorrect Answers:
NAT enables private IP addressed devices to access the public Internet.
Stateful inspection confirms the integrity of connections.
Port security controls the types of activities that stations engage in.
Identify two characteristics of logging and analysis utilities. (Select two.)
They can identify the direction and strength of radio-frequency interference.
They can analyze the utilization of network capacity, storage use, CPU load, and other parameters.
They can present results in a graphical format.
They can proactively generate alerts to a pager or email address.
They can analyze the utilization of network capacity, storage use, CPU load, and other parameters.
They can present results in a graphical format.
Correct Answers:
Results can be shown in a pictorial presentation or a variety of graphs for easy interpretation. Some loggers can show and analyze a variety of performance parameters, including network traffic, storage use, CPU load, network errors, and more.
Which networking technology used in LAN’s is described as Fast Ethernet and uses two pairs of cabling for transmitting and receiving?
100BaseFX
100BaseTX
1000BaseT
100BaseT4
100BaseTX
Correct Answer:
100BaseTX is Fast Ethernet, which uses wire pairs 1 & 2 for sending and wire pairs 3 & 6 for receiving.
You are attempting to troubleshoot an issue between two computers that are both connected to a Layer 2 unmanaged switch. Of the following, which is the BEST way to find out if the switch is the problem?
Check to make sure that 802.1d is enabled on the switch
Access the switches configuration screens and set up a log file
Connect both of the PC’s together with a crossover cable
Attach a loopback plug to the switch and monitor the traffic
Connect both of the PC’s together with a crossover cable
Correct Answer:
Get a crossover cable. By taking the switch out of the equation, you will find out if the problem is with the PCs or the switch.
What does QoS provide?
Redirection of low priority traffic to slower router interfaces
Prioritized throughput of different traffic types
Higher performance of selected traffic
Blocking of specific traffic type
Prioritized throughput of different traffic types
Correct Answer:
QoS enables the prioritization of different traffic types with bandwidth approaches a connection’s maximum capacity.