Udemy Net+ Practice Test 4 Flashcards
You are scanning a target as part of a penetration test. You discovered that the network uses Snort configured as a network-based IDS. Which of the following occurs when an alert rule has been matched in Snort during your scan?
- the entire packet wil be evaluated until all of the IDS alert rules have been checked and the packet is allowed to continue its journey
- the packet matching the rule will be dropped and the IDS will continue scanning new packets
- the source IP address will be blocked and it’s connection with the network terminated
- the IDS will send an alert, stop checking the rest of the rules, and allow the packet to continue its journey
the entire packet wil be evaluated until all of the IDS alert rules have been checked and the packet is allowed to continue its journey
OBJ-2.1: If Snort is operating as an IDS, it will not block the connection or drop the packet. Instead, Snort will evaluate the entire packet and check all the alert rules, logging any matches it finds, and then allow it to continue onward to its destination.
Which of the following type of sites might contain a datacenter with equipment, but it is not configured and doesn’t contain any user or customer data yet?
- cloud site
- warm site
- cold site
- hot site
warm site
OBJ-3.3: A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes down. A warm site features an equipped data center but no customer data. A cold site is a backup facility with little or no hardware equipment installed. A cold site is essentially an office space with basic utilities such as power, cooling system, air conditioning, and communication equipment, etc. A hot site is a real-time replication of an existing network environment. All data generated and stored at the primary site is immediately replicated and backed up at the disaster recovery site. A cloud site is a virtual recovery site that allows you to create a recovery version of your organization’s enterprise network in the cloud. Cloud sites are useful when your disaster recovery plan includes migrating to a telework or remote operations environment.
Workers in a company branch office must visit an initial web page and click the “I agree” button before being able to surf the web. Which of the following is this an example of?
- SLA
- AUP
- MOU
- EULA
AUP
Acceptable Use Policy
AUP stands for acceptable use policy. If you’re agreeing to what you can and can’t view, you accept the AUP. MOU is a memo of understanding which typically contains an agreement on certain actions. SLA is a service-level agreement that is usually made between two companies to state what level of service is expected if machines go down, etc., and when they can expect to be back up and running. EULA is an end-user license agreement and is used during the installation of a piece of software.
You are installing a Small Office/Home Office (SOHO) network consisting of a router with 2 ports, a switch with 8 ports, and a hub with 4 ports. The router has one port connected to a cable modem and one port connected to switch port #1. The other 6 ports on the switch each have a desktop computer connected to them. The hub’s first port is connected to switch port #2. Based on the description provided, how many collision domains exist in this network?
- 11
- 8
- 9
- 3
9
router has 2
switch has 8 minus 1 for the port connected to the router
hub has 1 for all ports minus 1 for the port connected to the switch
2+8-1+1-1=9
Which of the following BEST describes how a DHCP reservation works?
- matching a mac address to an IP address within DHCP scope
- leasing a set of reserved IP addresses according to their category
- assigning options to the computers on the network by priority
- letting the network switches assign IP addresses from a reserved pool
match MAC to IP within scope
OBJ-1.6: When the client requests an IP address by sending a message on the network to the DHCP server, the DHCP server will assign an IP from its DHCP scope to the client and reserve it based on its MAC address. DHCP reservations allow the DHCP server to pre-set an IP address to a specific client based on its MAC address. This ensures that the client will always get the same IP address from the DHCP server when it connects to the network. DHCP reservations are usually used with servers or printers on your internal network and are rarely used with end-user or client devices.
You just started work as a network technician at Dion Training. You have been asked to determine if Ethernet0/0 is currently connected using OSPF or EIGRP on one of the network devices. Which of the following commands should you enter within the command line interface?
- show diagnostic
- show interface
- show route
- show config
show route
OBJ-5.3: The “show route” command is used on a Cisco networking device to display the current state of the routing table for a given network device. To determine if Ethernet0/0 is connected using OSPF or EIGRP, you would need to use the “show route” command to display the current status. The “show configuration” command is used on a Cisco networking device to display the device’s current configuration. The “show interface” command is used on a Cisco networking device to display the statistics for a given network interface. The “show diagnostic” command is used on a Cisco networking device to display details about the hardware and software on each node in a networked device.
A technician installs three new switches to a company’s infrastructure. The network technician notices that all the switchport lights at the front of each switch flash rapidly when powered on and connected. After about a minute, the switches return to normal operation. Additionally, there are rapidly flashing amber lights on the switches when they started up the next day. What is happening to the switches?
- they are running through their spanning tree process
- they are connected and detected a loop
- having problems communicating with each other
- they are not functioning properly and need to be disconnected
they are running through their spanning tree process
also note: happens on start up
The switch port lights flashing is indicating that the switch is performing the spanning tree process. The Spanning Tree Protocol (STP) is responsible for identifying links in the network and shutting down the redundant ones, preventing possible network loops. To do so, all switches in the network exchange BPDU messages between them to agree upon the root bridge. When spanning tree protocol is enabled on a switch, the switchports will go through five port states: blocking, listening, learning, forwarding, and disabled to create a loop-free switching environment.
A new piece of malware attempts to exfiltrate user data by hiding the traffic and sending it over a TLS-encrypted outbound traffic over random ports. What technology would be able to detect and block this type of traffic?
- intrusion detection system
- application aware firewall
- stateful packet inspection
- stateless packet inspection
application aware firewall
OBJ-4.2: A web application firewall (WAF) or application-aware firewall would detect both the accessing of random ports and TLS encryption and identify it as suspicious. An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, and TLS connections are created and maintained by applications. A stateless packet inspection firewall allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.). A stateful packet inspection firewall monitors the active sessions and connections on a network. The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules. Neither a stateless nor stateful inspection firewall operates at layer 6 or layer 7, so they cannot inspect TLS connections. An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. An IDS only monitors the traffic on the network, it cannot block traffic.
A technician installs a new piece of hardware and now needs to add the device to the network management tool database. However, when adding the device to the tool using SNMP credentials, the tool cannot successfully interpret the results. Which of the following needs to be added to allow the network management tool to interpret the new device and control it using SNMP?
- walk
- trap
- MIB
- get
MIB
OBJ-3.1: Management Information Base (MIB) is used for managing all entities on a network using Simple Network Management Protocol. It would allow the tool to interpret the information received correctly.
Which cellular technology is compromised of LTE and LTE-A to provide higher data speeds than previous cellular data protocols?
- 4G
- WMN
- 3G
- 5G
4G
OBJ-2.4: 4G cellular technology is made up of LTE and LTA-A. Long Term Evolution (LTE) is a packet data communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks. LTE has a theoretical speed of 150 Mbps and a real-world speed of around 20 Mbps. LTE Advanced (LTE-A) has a theoretical speed of 300 Mbps and a real-world speed of around 40 Mbps. 5G cellular technology is made up of three different types: low-band, mid-band, and high-band mmWave technology. Low-band 5G reaches an average speed of 55 Mbps with a theoretical speed of 150 Mbps. Mid-band 5G reaches an average speed of 150 Mbps with a theoretical speed of 1.5 Gbps. High-band 5G reaches an average speed of 3 Gbps with a theoretical speed of up to 70 Gbps. 3G cellular technology is made up of two different technologies: HSPA+ and EV-DO. HSPA+ (Evolved High-Speed Packet Access) is a 3G standard used for GSM cellular networks and can support up to a theoretical download speed of 168 Mbps and a theoretical upload speed of 34 Mbps. In the real world, though, HSPA+ normally reaches speeds around 20 Mbps. EV-DO (Evolution-Data Optimized) is a 3G standard used for CDMA cellular networks and can support up to 3.1 Mbps downloads. A wireless mesh network (WMN) is a wireless network topology where all nodes, including client stations, can provide forwarding and path discovery to improve coverage and throughput compared to using just fixed access points and extenders.
Which of the following types of agreements is a non-legally binding document used to detail what common actions each party intends to perform?
- NDA
- MOU
- SLA
- AUP
MOU
OBJ-3.2: A memorandum of understanding (MOU) is a non-binding agreement between two or more organizations to detail what common actions they intend to take. A non-disclosure agreement (NDA) is a documented agreement between two parties that define what data is considered confidential and cannot be shared outside of that relationship. An NDA is used to protect an organization’s intellectual property. A service level agreement (SLA) is a documented commitment between a service provider and a client, where the quality, availability, and responsibilities are agreed upon by both parties. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used.
A small office has an Internet connection that drops out at least two times per week. It often takes until the next day for the service provider to come out and fix the issue. What should you create with the service provider to reduce this downtime in the future?
- SLA
- MOU
- AUP
- NDA
SLA
OBJ-3.2: A service level agreement (SLA) is a contract between a service provider (either internal or external) and the end-user that defines the level of service expected from the service provider. SLAs are output-based and their purpose is specifically to define what the customer will receive. If the customer requires faster response times, it should be in the SLA. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restricts how the network, website, or system may be used and sets guidelines as to how it should be used. A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms, and outlines compliance issues. A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share for certain purposes, but wish to restrict access to.
A firewall technician at Dion Training configures a firewall to allow HTTP traffic as follows:
Source IP | Zone | Dest IP | Zone | Port | Action Any | Untrust | Any | DMZ | 80 | Allow
Dion Training is afraid that an attacker might try to send other types of network traffic over port 80 to bypass their security policies. Which of the following should they implement to prevent unauthorized traffic from entering through the firewall?
- Application aware firewall
- stateful packet inspection
- https (ssl/tls)
- stateless packet inspection
Application aware firewall
OBJ-2.1: An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, as opposed to simply using IP addresses and port numbers, by applications by inspecting the data contained within the packets. A stateless packet inspection firewall allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.). A stateful packet inspection firewall monitors the active sessions and connections on a network. The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules. Neither a stateless nor stateful inspection firewall operates at layer 6 or layer 7, so they cannot inspect the contents of the packet to ensure it contains HTTP traffic and not other types of network traffic. HTTPS (SSL/TLS) would allow for an encrypted communication path between the webserver and the client, but this would not prevent an attacker from sending other network protocol data over port 80 and bypassing the firewall rules.
A small law office has a network with three switches (8 ports), one hub (4 ports), and one router (2 ports). Switch 1 (switch port 8) is connected to an interface port (FastEthernet0/0) on the router. Switch 2 (switch port 8) and switch 3 (switch port 8) are connected to Switch 1 (switch ports 1 and 2). The hub has three computers plugged into it on ports 1, 2, and 3. The fourth port on the hub is connected to the router’s other interface port (FastEthernet0/1). Based on the configuration described here, how many broadcast domains are there within this network?
- 2
- 28
- 1
- 16
- 5
2
OBJ-2.1: A broadcast domain is a logical division of a computer network in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment, or it can be bridged to other LAN segments. Routers break up broadcast domains. Therefore there are two broadcast domains in this network - one for each side of the router (the three switches make up one broadcast domain, and the hub makes up the second broadcast domain).
An organization wants to choose an authentication protocol that can be used over an insecure network without implementing additional encryption services. Which of the following protocols should they choose?
- tacacs+
- kerberos
- pap
- radius
kerberos
OBJ-4.1: The Kerberos protocol is designed to send data over insecure networks while using strong encryption to protect the information. RADIUS, TACACS+, and PAP are all protocols that contain known vulnerabilities that would require additional encryption to secure them during the authentication process.