Domain 4 Sybex Flashcards

1
Q

Gary wants to distribute a large file and prefers a peer-to-peer CDN. Which of the following is the most common example of this type of technology?

A. CloudFlare
B. BitTorrent
C. Amazon CloudFront
D. Akamai Edge

A

B. BitTorrent is an example of a peer-to-peer (P2P) content delivery network. It is commonly used for legitimate purposes to distribute large files like Linux ISOs and other freely distributed software packages and files in addition to its less legitimate uses. CloudFlare, CloudFront, and Akamai’s Edge are all hosted CDNs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make?

A. Continue to use LEAP. It provides better security than TKIP for WPA networks.
B. Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported.
C. Continue to use LEAP to avoid authentication issues, but move to WPA2.
D. Use an alternate protocol like PEAP or EAP-TLS, and implement Wired Equivalent Privacy to avoid wireless security issues.

A

B. LEAP, the Lightweight Extensible Authentication Protocol, is a Cisco proprietary protocol designed to handle problems with TKIP. Unfortunately, LEAP has significant security issues as well and should not be used. Any modern hardware should support WPA2 and technologies like PEAP or EAP-TLS. Using WEP, the predecessor to WPA and WPA2, would be a major step back in security for any network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Ben has connected his laptop to his tablet PC using an 802.11ac connection. What wireless network mode has he used to connect these devices?

A. Infrastructure mode
B. Wired extension mode
C. Ad hoc mode
D. Standalone mode

A

C. Ben is using ad hoc mode, which directly connects two clients. It can be easy to confuse this with standalone mode, which connects clients using a wireless access point but not to wired resources like a central network. Infrastructure mode connects endpoints to a central network, not directly to each other. Finally, wired extension mode uses a wireless access point to link wireless clients to a wired network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Selah’s and Nick’s PCs simultaneously send traffic by transmitting at the same time. What network term describes the range of systems on a network that could be affected by this same issue?

A. The subnet
B. The supernet
C. A collision domain
D. A broadcast domain

A

C. A collision domain is the set of systems that could cause a collision if they transmitted at the same time. Systems outside a collision domain cannot cause a collision if they send at the same time. This is important, as the number of systems in a collision domain increases the likelihood of network congestion due to an increase in collisions. A broadcast domain is the set of systems that can receive a broadcast from each other. A subnet is a logical division of a network, while a supernet is made up of two or more networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Sarah is manually reviewing a packet capture of TCP traffic and finds that a system is setting the RST flag in the TCP packets it sends repeatedly during a short period of time. What does this flag mean in the TCP packet header?

A. RST flags mean “Rest.” The server needs traffic to briefly pause.
B. RST flags mean “Relay-set.” The packets will be forwarded to the address set in the packet.
C. RST flags mean “Resume Standard.” Communications will resume in their normal format.
D. RST means “Reset.” The TCP session will be disconnected.

A

D. The RST flag is used to reset or disconnect a session. It can be resumed by restarting the connection via a new three-way handshake.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Gary is deploying a wireless network and wants to deploy the fastest possible wireless technology. Which one of the following wireless networking standards should he use?

A. 802.11a
B. 802.11g
C. 802.11n
D. 802.11ac

A

D. He should choose 802.11ac, which supports theoretical speeds up to 3.4 Gbps. 802.11n supports up to 600 Mbps, 802.11g and 802.11a are only capable of 54 Mbps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Michele wants to replace FTP traffic with a secure replacement. What secure protocol should she select instead?

A. TFTP
B. HFTPS
C. SecFTP
D. SFTP

A

D. Both FTP/S and SFTP are commonly used as replacement insecure FTP services. SFTP offers the advantage of using SSH for transfers, making it easy to use existing firewall rules. TFTP is trivial FTP, an insecure quick transfer method often used to transfer files for network devices, among other uses. HFTPS and SecFTP were made up for this question.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Jake has been told that there is a layer 3 problem with his network. Which of the following is associated with layer 3 in the OSI model?

A. IP addresses
B. TCP and UDP protocols
C. MAC addresses
D. Sending and receiving bits via hardware

A

A. The Network layer, or layer 3, uses IP addresses for logical addressing. TCP and UDP protocols are used at the Transport layer, which is layer 4. Hardware addresses are used at layer 2, the Data Link layer, and sending and receiving bits via hardware is done at the Physical layer (layer 1).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Frank is responsible for ensuring that his organization has reliable, supported network hardware. Which of the following is not a common concern for network administrators as they work to ensure their network continues to be operational?

A. If the devices have vendor support
B. If the devices are under warranty
C. If major devices support redundant power supplies
D. If all devices support redundant power supplies

A

D. Most networks include many edge devices like wireless access points and edge switches. These devices often have a single power supply to balance cost against reliability and will simply be replaced if they fail. More critical devices like routers and core switches are typically equipped with redundant power supplies to ensure that larger segments of the network do not fail if a component fails. Of course, making sure devices are supported so they get updates and that they are under warranty are both common practices for supportable networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Brian is selecting an authentication protocol for a PPP connection. He would like to select an option that encrypts both usernames and passwords and protects against replay using a challenge/response dialog. He would also like to reauthenticate remote systems periodically. Which protocol should he use?

A. PAP
B. CHAP
C. EAP
D. LEAP

A

B. The Challenge-Handshake Authentication Protocol, or CHAP, is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks. LEAP provides reauthentication but was designed for WEP, while PAP sends passwords unencrypted. EAP is extensible and was used for PPP connections, but it doesn’t directly address the listed items.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which one of the following protocols is commonly used to provide back-end authentication services for a VPN?

A. HTTPS
B. RADIUS
C. ESP
D. AH

A

B. The Remote Access Dial In User Service (RADIUS) protocol was originally designed to support dial-up modem connections but is still commonly used for VPN-based authentication. HTTPS is not an authentication protocol. ESP and AH are IPsec protocols but do not provide authentication services for other systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Isaac wants to ensure that his VoIP session initialization is secure. What protocol should he ensure is enabled and required?

A. SVOIP
B. PBSX
C. SIPS
D. SRTP

A

C. SIPS, the secure version of the Session Initialization Protocol for VoIP, adds TLS encryption to keep the session initialization process secure. SVOIP and PBSX are not real protocols, but SRTP is the secure version of RTP, the Real time Transport Protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of firewall design is shown in the diagram?

A. A single-tier firewall
B. A two-tier firewall
C. A three-tier firewall
D. A four-tier firewall

A

B. The firewall in the diagram has two protected zones behind it, making it a two-tier firewall design.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

If the VPN grants remote users the same access to network and system resources as local workstations have, what security issue should Chris raise?

A. VPN users will not be able to access the web server.
B. There is no additional security issue; the VPN concentrator’s logical network location matches the logical network location of the workstations.
C. Web server traffic is not subjected to stateful inspection.
D. VPN users should only connect from managed PCs.

A

D. Remote PCs that connect to a protected network need to comply with security settings and standards that match those required for the internal network. The VPN concentrator logically places remote users in the protected zone behind the firewall, but that means user workstations (and users) must be trusted in the same way that local workstations are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

If Chris wants to stop cross-site scripting attacks against the web server, what is the best device for this purpose, and where should he put it?

A. A firewall, location A
B. An IDS, location A
C. An IPS, location B
D. A WAF, location C

A

C. An intrusion protection system can scan traffic and stop both known and unknown attacks. A web application firewall, or WAF, is also a suitable technology, but placing it at location C would only protect from attacks via the organization’s VPN, which should only be used by trusted users. A firewall typically won’t have the ability to identify and stop cross-site scripting attacks, and IDS systems only monitor and don’t stop attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Susan is deploying a routing protocol that maintains a list of destination networks with metrics that include the distance in hops to them and the direction traffic should be sent to them. What type of protocol is she using?

A. A link-state protocol
B. A link-distance protocol
C. A destination metric protocol
D. A distance-vector protocol

A

D. Distance-vector protocols use metrics including the direction and distance in hops to remote networks to make decisions. A link-state routing protocol considers the shortest distance to a remote network. Destination metric and link-distance protocols don’t exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Ben has configured his network to not broadcast an SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered?

A. Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets.
B. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer.
C. Disabling SSID broadcast prevents issues with beacon frames. The SSID can be recovered by reconstructing the BSSID.
D. Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network.

A

B. Disabling SSID broadcast can help prevent unauthorized personnel from attempting to connect to the network. Since the SSID is still active, it can be discovered by using a wireless sniffer. Encryption keys are not related to SSID broadcast, beacon frames are used to broadcast the SSID, and it is possible to have multiple networks with the same SSID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What network tool can be used to protect the identity of clients while providing Internet access by accepting client requests, altering the source addresses of the requests, mapping requests to clients, and sending the modified requests out to their destination?

A. A switch
B. A proxy
C. A router
D. A firewall

A

B. A proxy is a form of gateway that provides clients with a filtering, caching, or other service that protects their information from remote systems. A router connects networks, while a firewall uses rules to limit traffic permitted through it. A switch is used to connect systems and does not provide these capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Susan wants to secure her communications traffic via multiple internet service providers as it is sent to her company’s second location. What technology should she use to protect the traffic for an always on, always connected link between the sites?

A. FCoE
B. SDWAN
C. A point-to-point IPsec VPN
D. Zigbee

A

C. A point-to-point IPsec VPN can provide a secure, encrypted channel that is established on an ongoing basis between the two sites, ensuring that Susan’s traffic is not exposed along the path that it travels. FCoE is Fibre Channel over Ethernet, a storage protocol. SD-WAN is a software-defined wide area network, and Zigbee is a low-power wireless protocol. None of these addresses Susan’s needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Melissa wants to combine multiple physical networks in her organization in a way that is transparent to users but allows the resources to be allocated as needed for networked services. What type of network should she deploy?

A. iSCSI
B. A virtual network
C. SDWAN
D. A CDN

A

B. A virtual network can be used to combine existing networks or to divide a network into multiple segments. Melissa can use a virtual network to combine existing networks and then use software-defined networking capabilities to allocate and manage network resources. iSCSI is a converged storage protocol. An SD-WAN is a software-defined wide area network, and this question does not specify LAN or WAN technologies. A CDN is a content distribution network and helps with load and denial-of-service attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which email security solution provides two major usage modes: (1) signed messages that provide integrity, sender authentication, and nonrepudiation; and (2) an enveloped message mode that provides integrity, sender authentication, and confidentiality?

A. S/MIME
B. MOSS
C. PEM
D. DKIM

A

A. S/MIME supports both signed messages and a secure envelope method. While the functionality of S/MIME can be replicated with other tools, the secure envelope is an S/MIME-specific concept. MOSS, or MIME Object Security Services, and PEM can also both provide authentication, confidentiality, integrity, and nonrepudiation, while DKIM, or Domain Keys Identified Mail, is a domain validation tool.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

During a security assessment, Jim discovers that the organization he is working with uses a multilayer protocol to handle SCADA systems and recently connected the SCADA network to the rest of the organization’s production network. What concern should he raise about serial data transfers carried via TCP/IP?

A. SCADA devices that are now connected to the network can now be attacked over the network.
B. Serial data over TCP/IP cannot be encrypted.
C. Serial data cannot be carried in TCP packets.
D. TCP/IP’s throughput can allow for easy denial-of-service attacks against serial devices.

A

A. Multilayer protocols like DNP3 allow SCADA and other systems to use TCP/IP-based networks to communicate. Many SCADA devices were never designed to be exposed to a network, and adding them to a potentially insecure network can create significant risks. TLS or other encryption can be used on TCP packets, meaning that even serial data can be protected. Serial data can be carried via TCP packets because TCP packets don’t care about their content; it is simply another payload. Finally, TCP/IP does not have a specific throughput as designed, so issues with throughput are device-level issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Ben provides networking and security services for a small chain of coffee shops. The coffee shop chain wants to provide secure, free wireless for customers. Which of the following is the best option available to Ben to allow customers to connect securely to his wireless network without needing a user account if Ben does not need to worry about protocol support issues?

A. Use WPA2 in PSK mode.
B. Use WPA3 in SAE mode.
C. Use WPA2 in Enterprise mode.
D. Use a captive portal.

A

B. WPA3’s new SAE (simultaneous authentication of equals) mode improves on WPA2’s PSK mode by allowing for secure authentication between clients and the wireless network without enterprise user accounts. If Ben needed to worry about support for WPA3, which may not be available to all systems that may want to connect, he might have to choose WPA2. A captive portal is often used with open guest networks, and Enterprise mode requires user accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Alicia’s company has implemented multifactor authentication using SMS messages to provide a numeric code. What is the primary security concern that Alicia may want to express about this design?

A. SMS messages are not encrypted.
B. SMS messages can be spoofed by senders.
C. SMS messages may be received by more than one phone.
D. SMS messages may be stored on the receiving phone.

A

A. SMS messages are not encrypted, meaning that they could be sniffed and captured. While using two factors is more secure than a single factor, SMS is one of the less secure ways to implement two-factor authentication because of this. SMS messages can be spoofed, can be received by more than one phone, and are typically stored on the recipient’s phone. The primary threat here, however, is the unencrypted message itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What speed and frequency range are used by 802.11n?

A. 5 GHz only
B. 900 MHz and 2.4 GHz
C. 2.4 GHz and 5 GHz
D. 2.4 GHz only

A

C. 802.11n can operate on both the 2.4 and 5 GHz frequency range. The 900 MHz range has frequently been used for phones and non-WiFi wireless networks as well as other amateur radio uses. Knowing that multiple ranges are available and that they may behave differently based on how many access points are in use and whether other devices that may cause interference on that band are in the area can be important for wireless network deployments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4

A

B. ARP and RARP operate at the Data Link layer, the second layer of the OSI model. Both protocols deal with physical hardware addresses, which are used above the Physical layer (layer 1) and below the Network layer (layer 3), thus falling at the Data Link layer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following is a converged protocol that allows storage mounts over TCP, and which is frequently used as a lower-cost alternative to Fibre Channel?

A. MPLS
B. SDN
C. VoIP
D. iSCSI

A

D. iSCSI is a converged protocol that allows location-independent file services over traditional network technologies. It costs less than traditional Fibre Channel. VoIP is Voice over IP, SDN is software-defined networking, and MPLS is Multiprotocol Label Switching, a technology that uses path labels instead of network addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Chris is building an Ethernet network and knows that he needs to span a distance of more than 150 meters with his 1000BaseT network. What network technology should he use to help with this?

A. Install a repeater, a switch, or a concentrator before 100 meters.
B. Use Category 7 cable, which has better shielding for higher speeds.
C. Install a gateway to handle the distance.
D. Use STP cable to handle the longer distance at high speeds.

A

A. A repeater, switch, or concentrator will amplify the signal, ensuring that the 100-meter distance limitation of 1000BaseT is not an issue. A gateway would be useful if network protocols were changing, while Cat7 cable is appropriate for a 10 Gbps network at much shorter distances. STP cable is limited to 155 Mbps and 100 meters, which would leave Chris with network problems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What protocol is the messaging traffic most likely to use based on the diagram?

A. SLACK
B. HTTP
C. SMTP
D. HTTPS

A

B. The use of TCP port 80 indicates that the messaging service is using the HTTP protocol. Slack is a messaging service that runs over HTTPS, which uses port 443. SMTP is an email protocol that uses port 25.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What security concern does sending internal communications from A to B raise?

A. The firewall does not protect system B.
B. System C can see the broadcast traffic from system A to B.
C. It is traveling via an unencrypted protocol.
D. Messaging does not provide nonrepudation.

A

C. HTTP traffic is typically sent via TCP80. Unencrypted HTTP traffic can be easily captured at any point between A and B, meaning that the messaging solution chosen does not provide confidentiality for the organization’s corporate communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

How could Selah’s company best address a desire for secure messaging for users of internal systems A and C?

A. Use a third-party messaging service.
B. Implement and use a locally hosted service.
C. Use HTTPS.
D. Discontinue use of messaging and instead use email, which is more secure.

A

B. If a business need requires messaging, using a local messaging server is the best option. This prevents traffic from traveling to a third-party server and can offer additional benefits such as logging, archiving, and control of security options like the use of encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following drawbacks is a concern when multilayer protocols are allowed?

A. A range of protocols may be used at higher layers.
B. Covert channels are allowed.
C. Filters cannot be bypassed.
D. Encryption can’t be incorporated at multiple layers.

A

B. Multilayer protocols create three primary concerns for security practitioners: they can conceal covert channels (and thus covert channels are allowed), filters can be bypassed by traffic concealed in layered protocols, and the logical boundaries put in place by network segments can be bypassed under some circumstances. Multilayer protocols allow encryption at various layers and support a range of protocols at higher layers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following is not an example of a converged protocol?

A. MIME
B. FCoE
C. iSCSI
D. VoIP

A

A. Fibre Channel over Ethernet (FCoE), Internet Small Computer Systems Interface (iSCSI), and Voice over Internet Protocol (VoIP) are all examples of converged protocols that combine specialized protocols with standard protocols like TCP/IP. MIME, Multipurpose Internet Mail Extensions, is not a converged protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Chris uses a cellular hot spot to provide internet access when he is traveling. If he leaves the hot spot connected to his PC while his PC is on his organization’s corporate network, what security issue might he cause?

A. Traffic may not be routed properly, exposing sensitive data.
B. His system may act as a bridge from the internet to the local network.
C. His system may be a portal for a reflected DDoS attack.
D. Security administrators may not be able to determine his IP address if a security issue occurs.

A

B. When a workstation or other device is connected simultaneously to both a secure network and a nonsecure network like the internet, it may act as a bridge, bypassing the security protections located at the edge of a corporate network. It is unlikely that traffic will be routed improperly leading to the exposure of sensitive data, as traffic headed to internal systems and networks is unlikely to be routed to the external network. Reflected DDoS attacks are used to hide identities rather than to connect through to an internal network, and security administrators of managed systems should be able to determine both the local and wireless IP addresses his system uses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

In her role as an information security professional, Susan has been asked to identify areas where her organization’s wireless network may be accessible even though it isn’t intended to be. What should Susan do to determine where her organization’s wireless network is accessible?

A. A site survey
B. Warwalking
C. Wardriving
D. A design map

A

A. Wardriving and warwalking are both processes used to locate wireless networks, but are not typically as detailed and thorough as a site survey, and design map is a made-up term.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What features can IPsec provide for secure communication?

A. Encryption, access control, nonrepudiation and message authentication
B. Protocol convergence, content distribution, micro-segmentation, and network virtualization
C. Encryption, authorization, nonrepudiation, and message integrity checking
D. Micro-segmentation, network virtualization, encryption, and message authentication

A

A. IPsec, or Internet Protocol Security, can provide encryption, access control, nonrepudiation, and message authentication using public key cryptography. It does not provide authorization, protocol convergence, content distribution, or the other items listed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Casey has been asked to determine if Zigbee network traffic can be secured in transit. What security mechanism does Zigbee use to protect data traffic?

A. 3DES encryption
B. AES encryption
C. ROT13 encryption
D. Blowfish encryption

A

B. Zigbee uses AES to protect network traffic, providing integrity and confidentiality controls. It does not use 3DES, and ROT13 is a simple rotational cipher you might find in a cereal box or secret decoder ring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Sue modifies her MAC address to one that is allowed on a network that uses MAC filtering to provide security. What is the technique Sue used, and what nonsecurity issue could her actions cause?

A. Broadcast domain exploit, address conflict
B. Spoofing, token loss
C. Spoofing, address conflict
D. Sham EUI creation, token loss

A

C. The process of using a fake MAC (Media Access Control) address is called spoofing, and spoofing a MAC address already in use on the network can lead to an address collision, preventing traffic from reaching one or both systems. Tokens are used in token ring networks, which are outdated, and EUI refers to an Extended Unique Identifier, another term for MAC address, but token loss is still not the issue. Broadcast domains refer to the set of machines a host can send traffic to via a broadcast message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Joanna wants to deploy 4G LTE as an out-of-band management solution for devices at remote sites. Which of the following security capabilities is not commonly available from 4G service providers?

A. Encryption capabilities
B. Device-based authentication
C. Dedicated towers and antennas for secure service subscribers
D. SIM-based authentication

A

C. While security features vary from provider to provider, encryption, device-based authentication (for example, using certificates), and SIM-based authentication are all common options for 4G connectivity solutions. Joanna should work with her provider to determine what capabilities are available and assess whether they meet her needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

SMTP, HTTP, and SNMP all occur at what layer of the OSI model?

A. Layer 4
B. Layer 5
C. Layer 6
D. Layer 7

A

D. Application-specific protocols are handled at layer 7, the Application layer of the OSI model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Melissa uses the ping utility to check whether a remote system is up as part of a penetration testing exercise. If she does not want to see her own ping packets, what protocol should she filter out from her packet sniffer’s logs?

A. UDP
B. TCP
C. IP
D. ICMP

A

D. Ping uses ICMP, the Internet Control Message Protocol, to determine whether a system responds and how many hops there are between the originating system and the remote system. Melissa simply needs to filter out ICMP to not see her pings.

42
Q

Selah wants to provide port-based authentication on her network to ensure that clients must authenticate before using the network. What technology is an appropriate solution for this requirement?

A. 802.11a
B. 802.3
C. 802.15.1
D. 802.1x

A

D. 802.1x provides port-based authentication and can be used with technologies like EAP, the Extensible Authentication Protocol. 802.11a is a wireless standard, 802.3 is the standard for Ethernet, and 802.15.1was the original Bluetooth IEEE standard.

43
Q

Ben has deployed a 1000BaseT gigabit network and needs to run a cable across a large building. If Ben is running his link directly from a switch to another switch in that building, what is the maximum distance Ben can cover according to the 1000BaseT specification?.

A. 2 kilometers
B. 500 meters
C. 185 meters
D. 100 meters

A

D. 1000BaseT is capable of a 100-meter run according to its specifications. For longer distances and exterior runs, a fiber-optic cable is typically used in modern networks.

44
Q

What security control does MAC cloning attempt to bypass for wired networks?

A. Port security
B. VLAN hopping
C. 802.1q trunking
D. Etherkiller prevention

A

A. Port security prevents unrecognized or unpermitted systems from connecting to a network port based on their MAC address. Cloning a permitted or legitimate MAC address attempts to bypass this. VLAN hopping and 802.1q trunking attacks attempt to access other subnets by encapsulating packets so they will be unwrapped and directed to the other subnet. Etherkiller prevention is not a security setting or control.

45
Q

The company that Kathleen works for has moved to remote work for most employees and wants to ensure that the multimedia collaboration platform that they use for voice, video, and text-based collaboration is secure. Which of the following security options will provide the best user experience while providing appropriate security for communications?

A. Require software-based VPN to the corporate network for all use of the collaboration platform.
B. Require the use of SIPS and SRTP for all communications.
C. Use TLS for all traffic for the collaboration platform.
D. Deploy secure VPN endpoints to each remote location and use a point-to-point VPN for communications.

A

C. Most modern applications support TLS throughout their communications allowing clients to securely connect to the service and to encrypt communications. VPN, either in software or hardware form, will be more complex and unwieldy. Software-based VPN would be more flexible, and hardware-based VPN would be more expensive and more complex. SIPS and SRTP are appropriate for a VoIP environment, but are not generally a complete solution for a modern multimedia collaboration platform like Microsoft Teams, Zoom, or WebEx.

46
Q

Chris wants to use a low-power, personal area network wireless protocol for a device he is designing. Which of the following wireless protocols is best suited to creating small, low-power devices that can connect to each other at relatively short distances across buildings or rooms?

A. WiFi
B. Zigbee
C. NFC
D. Infrared

A

B. Zigbee is designed for this type of low-power, Internet of Things network, and would be the best option for Chris. Some versions of Bluetooth are designed to operate in low-power mode as well, but Bluetooth isn’t in this list of answers. WiFi requires more power, NFC is very short range and would not work across a building or room, and infrared requires line of sight and is rarely used for that reason.

47
Q

Which of the following options includes standards or protocols that exist in layer 6 of the OSI model?

A. NFS, SQL, and RPC
B. TCP, UDP, and TLS
C. JPEG, ASCII, and MIDI
D. HTTP, FTP, and SMTP

A

C. Layer 6, the Presentation layer, transforms data from the Application layer into formats that other systems can understand by formatting and standardizing the data. That means that standards like JPEG, ASCII, and MIDI are used at the Presentation layer for data. TCP, UDP, and TLS are used at the Transport layer; NFS, SQL, and RPC operate at the Session layer; and HTTP, FTP, and SMTP are Application layer protocols.

48
Q

Cameron is worried about distributed denial-of-service attacks against his company’s primary web application. Which of the following options will provide the most resilience against large-scale DDoS attacks?

A. A CDN
B. Increasing the number of servers in the web application server cluster
C. Contract for DDoS mitigation services via the company’s ISP
D. Increasing the amount of bandwidth available from one or more ISPs

A

A. A content delivery network, or CDN, run by a major provider can handle large-scale DDoS attacks more easily than any of the other solutions. Using DDoS mitigation techniques via an ISP is the next most useful capability, followed by both increases in bandwidth and increases in the number of servers in the web application cluster.

49
Q

There are four common VPN protocols. Which group listed contains all of the common VPN protocols?

A. PPTP, LTP, L2TP, IPsec
B. PPP, L2TP, IPsec, VNC
C. PPTP, L2F, L2TP, IPsec
D. PPTP, L2TP, IPsec, SPAP

A

C. PPTP, L2F, L2TP, and IPsec are the most common VPN protocols. TLS is also used for an increasingly large percentage of VPN connections and may appear at some point in the CISSP exam. PPP is a dial-up protocol, LTP is not a protocol, and SPAP is the Shiva Password Authentication Protocol sometimes used with PPTP.

50
Q

Wayne wants to deploy a secure voice communication network. Which of the following techniques should he consider? (Select all that apply.)

A. Use a dedicated VLAN for VoIP phones and devices.
B. Require the use of SIPS and SRTP.
C. Require the use of VPN for all remote VoIP devices.
D. Implement a VoIP IPS.

A

A, B. Wayne should consider the use of a dedicated VLAN for VoIP devices to help separate them from other networked devices, and he should also require the use of SIPS and SRTP, both secure protocols that will keep his VoIP traffic encrypted. Requiring the use of VPN for all remote VoIP devices is not necessary if SIPS and SRTP are in use, and a specific IPS for VoIP is not a typical deployment in most organizations.

51
Q

Which OSI layer includes electrical specifications, protocols, and interface standards?

A. The Transport layer
B. The Device layer
C. The Physical layer
D. The Data Link layer

A

C. The Physical layer includes electrical specifications, protocols, and standards that allow control of throughput, handling line noise, and a variety of other electrical interface and signaling requirements. The OSI layer doesn’t have a Device layer. The Transport layer connects the Network and Session layers, and the Data Link layer packages packets from the network layer for transmission and receipt by devices operating on the Physical layer.

52
Q

Ben is designing a WiFi network and has been asked to choose the most secure option for the network. Which wireless security standard should he choose?

A. WPA2
B. WPA
C. WEP
D. WPA3

A

D. WPA3, the replacement for WPA2, adds security features including a new mode called simultaneous authentication of equals that replaces the pre-shared key mode from WPA2 with a more secure option. Overall, it provides security improvements, but may not be immediately implemented due to time for hardware and software to fully support it. WPA2 has been the most commonly deployed wireless security standard having replaced WPA and WEP.

53
Q

Kathleen has two primary locations in a town and wants the two environments to appear like the same local network. Each location has a router, switches, and wireless access points deployed to them. What technology would best work to allow her to have the two facilities appear to be on the same network segment?

A. SDWAN
B. VXLAN
C. VMWAN
D. iSCSI

A

B. VXLAN is an encapsulation protocol that carries VLANs across routable networks, making two different network locations appear to be on the same segment despite distance and network differences. SD-WAN is a software-defined wide area network, a way to manage and control wide area network connections. iSCSI is a storage protocol over IP, and VMWAN was made up for this question.

54
Q

Segmentation, sequencing, and error checking all occur at what layer of the OSI model that is associated with SSL, TLS, and UDP?

A. The Transport layer
B. The Network layer
C. The Session layer
D. The Presentation layer

A

A. The Transport layer provides logical connections between devices, including end-to-end transport services to ensure that data is delivered. Transport layer protocols include TCP, UDP, SSL, and TLS.

55
Q

The Windows ipconfig command displays the following information:

BC-5F-F4-7B-4B-7D

What term describes this, and what information can usually be gathered from it?

A. The IP address, the network location of the system
B. The MAC address, the network interface card’s manufacturer
C. The MAC address, the media type in use
D. The IPv6 client ID, the network interface card’s manufacturer

A

B. Machine Access Control (MAC) addresses are the hardware address the machine uses for layer 2 communications. The MAC addresses include an organizationally unique identifier (OUI), which identifies the manufacturer. MAC addresses can be changed, so this is not a guarantee of accuracy, but under normal circumstances you can tell what manufacturer made the device by using the MAC address.

56
Q

Chris has been asked to choose between implementing PEAP and LEAP for wireless authentication. What should he choose, and why?

A. LEAP, because it fixes problems with TKIP, resulting in stronger security
B. PEAP, because it implements CCMP for security
C. LEAP, because it implements EAP-TLS for end-to-end session encryption
D. PEAP, because it can provide a TLS tunnel that encapsulates EAP methods, protecting the entire session

A

D. PEAP provides encryption for EAP methods and can provide authentication. It does not implement CCMP, which was included in the WPA2 standard. LEAP is dangerously insecure and should not be used due to attack tools that have been available since the early 2000s.

57
Q

Ben is troubleshooting a network and discovers that the NAT router he is connected to has the 192.168.x.x subnet as its internal network and that its external IP is 192.168.1.40. What problem is he encountering?

A. 192.168.x.x is a nonroutable network and will not be carried to the internet.
B. 192.168.1.40 is not a valid address because it is reserved by RFC 1918.
C. Double NATing is not possible using the same IP range.
D. The upstream system is unable to de-encapsulate his packets, and he needs to use PAT instead.

A

C. Double NATing isn’t possible with the same IP range; the same IP addresses cannot appear inside and outside a NAT router. RFC 1918 addresses are reserved, but only so they are not used and routable on the internet, and changing to PAT would not fix the issue.

58
Q

What is the default subnet mask for a Class B network?

A. 255.0.0.0
B. 255.255.0.0
C. 255.254.0.0
D. 255.255.255.0

A

B. A Class B network holds 2^16 systems, and its default network mask is 255.255.0.0.

59
Q

Jim’s organization uses a traditional PBX for voice communication. What is the most common security issue that its internal communications are likely to face, and what should he recommend to prevent it?

A. Eavesdropping, encryption
B. Man-in-the-middle attacks, end-to-end encryption
C. Eavesdropping, physical security
D. Wardialing, deploy an IPS

A

C. Traditional private branch exchange (PBX) systems are vulnerable to eavesdropping because voice communications are carried directly over copper wires. Since standard telephones don’t provide encryption (and you’re unlikely to add encrypted phones unless you’re the NSA), physically securing access to the lines and central connection points is the best strategy available.

60
Q

What technical difference separates wireless communication via WiFi and LiFi?

A. LiFi is not susceptible to electromagnetic interference.
B. LiFi cannot be used to deliver broadband speeds.
C. WiFi is not susceptible to electromagnetic interference.
D. WiFi cannot be used to deliver broadband speeds.

A

A. LiFi uses visible and infrared light to transmit data at high speeds. While LiFi deployments are not occurring broadly yet, they have met with initial successes in some real-world applications. LiFi and WiFi can deliver broadband speeds, and WiFi, unlike LiFi, is susceptible to EM interference.

61
Q

Selah’s organization has deployed VoIP phones on the same switches that the desktop PCs are on. What security issue could this create, and what solution would help?

A. VLAN hopping; use physically separate switches.
B. VLAN hopping; use encryption.
C. Caller ID spoofing; MAC filtering.
D. Denial-of-service attacks; use a firewall between networks.

A

A. VLAN hopping between the voice and computer VLANs can be accomplished when devices share the same switch infrastructure. Using physically separate switches can prevent this attack. Encryption won’t help with VLAN hopping because it relies on header data that the switch needs to read (and this is unencrypted), while Caller ID spoofing is an inherent problem with VoIP systems. A denial of service is always a possibility, but it isn’t specifically a VoIP issue and a firewall may not stop the problem if it’s on a port that must be allowed through.

62
Q

Susan wants to use a set of nonroutable IP addresses for the location’s internal network addresses. Using your knowledge of secure network design principles and IP networking, which of the following IP ranges are usable for that purpose? (Select all that apply.)

A. 172.16.0.0/12
B. 192.168.0.0/16
C. 128.192.0.0/24
D. 10.0.0.0/8

A

A, B, D. RFC 1918 defines three address ranges as private (nonroutable) IP address ranges: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Any of these would work, but many organizations use the 192.168.0.0/16 range for smaller sites or opt to carve out sections of the 10.0.0.0/8 range for multiple remote sites.

63
Q

Susan knows that she will need to implement a WiFi network for her customers and wants to gather information about the customers, such as their email address, without having to provide them with a wireless network password or key. What type of solution would provide this combination of features?

A. NAC
B. A captive portal
C. Pre-shared keys
D. WPA3’s SAE mode

A

B. A captive portal is a popular solution that you may be familiar with from hotels and coffee shops. They combine the ability to gather data from customers with an open network, so customer data will not be encrypted. This avoids the need to distribute network passwords but means that customers must ensure their own traffic is encrypted if they are worried about security.

64
Q

With her wireless network set up, Susan moves on to ensuring that her network will remain operational even if disruptions occur. What is the simplest way she can ensure that her network devices, including her router, access points, and network switches, stay on if a brownout or other temporary power issue occurs?

A. Purchase and install a generator with an automatic start.
B. Deploy dual power supplies for all network devices.
C. Install UPS systems to cover all network devices that must remain online.
D. Contract with multiple different power companies for redundant power.

A

C. A UPS system, or uninterruptible power supply, is designed to provide backup power during brief power disruptions ranging from power sags and brownouts to temporary power failures. For a longer outage, Susan will still want a generator or even a secondary power feed from another power grid or provider if possible, but for this specific scenario, a UPS will meet her needs. Dual power supplies help when the concern is losing power from one power supply and would be a great idea for her most critical network devices, but it is rare to have dual power supplies for edge devices like access points or edge switches.

65
Q

Susan wants to provide 10 gigabit network connections to devices in the facility where the new branch will operate. What connectivity options does she have for structured wiring that can meet those speeds? (Select all that apply.)

A. Cat5e
B. Fiber
C. Cat6
D. Coaxial cable

A

B, C. Fiber-optic cable and Cat6 cable can both run at 10 gigabit speeds. Cat5e and coaxial cable are not rated to those speeds.

66
Q

Data streams occur at what three layers of the OSI model?

A. Application, Presentation, and Session
B. Presentation, Session, and Transport
C. Physical, Data Link, and Network
D. Data Link, Network, and Transport

A

A. Data streams are associated with the Application, Presentation, and Session layers. Once they reach the Transport layer, they become segments (TCP) or datagrams (UDP). From there, they are converted to packets at the Network layer, frames at the Data Link layer, and bits at the Physical layer

67
Q

Lucca wants to protect endpoints that are in production use but that are no longer supported and cannot be patched from network attacks. What should he do to best protect these devices?

A. Install a firewall on the device.
B. Disable all services and open ports on the devices.
C. Place a hardware network security device in front of the devices.
D. Unplug the devices from the network because they cannot be properly secured.

A

C. If the devices still need to be in production but cannot be patched, Lucca’s best option is to use a separate security device to protect them. It may be tempting to simply install a firewall on the device or to disable all the services it exposes to the network, but some devices may not have firewall software available, and even if they do, the underlying operating system may have vulnerabilities in its implementation of its network stack or other software that even a firewall could not protect. Unplugging devices that are needed for protection does not resolve the need to keep them online.

68
Q

Selah’s networking team has been asked to identify a technology that will allow them to dynamically change the organization’s network by treating the network like code. What type of architecture should she recommend?

A. A network that follows the 5-4-3 rule
B. A converged network
C. A software-defined network
D. A hypervisor-based network

A

C. Software-defined networking provides a network architecture that can be defined and configured as code or software. This will allow Selah’s team to quickly change the network based on organizational requirements. The 5-4-3 rule is an old design rule for networks that relied on repeaters or hubs. A converged network carries multiple types of traffic like voice, video, and data. A hypervisor-based network may be software defined, but it could also use traditional network devices running as virtual machines.

69
Q

Jason knows that protocols using the OSI model rely on encapsulation as data moves from layer to layer. What is added at each layer as data flows up the OSI layers?

A. Information is added to the header.
B. Information is added to the main body of the data.
C. The data is encrypted with a new secret key.
D. A security envelope that provides perfect forward secrecy

A

A. Encapsulation adds to the header (and sometimes to the footer) of the data provided by the previous layer. The main body of the data is not modified, and encryption may happen but does not always happen.

70
Q

During a troubleshooting process, the support technician that Alyssa is talking to states that the problem is a layer 3 problem. Which of the following possible issues is not a layer 3 problem?

A. A TTL mismatch
B. An MTU mismatch
C. An incorrect ACL
D. A broken network cable

A

D. A broken network cable is a layer 1 problem. If you encounter a problem like this and aren’t sure, look for the answer that has a different situation or set of assumptions. Here you have three questions that occur at the network (layer 3), all of which have software or protocol implications. A broken network cable is a completely different type of issue and should stand out. Be careful, though! The exam is likely to give you two potentially valid answers to choose from, so work to get rid of the two least likely answers and spend your time on the remaining options.

71
Q

During a review of her organization’s network, Angela discovered that it was suffering from broadcast storms and that contractors, guests, and organizational administrative staff were on the same network segment. What design change should Angela recommend?

A. Require encryption for all users.
B. Install a firewall at the network border.
C. Enable spanning tree loop detection.
D. Segment the network based on functional requirements.

A

D. Network segmentation can reduce issues with performance as well as diminish the chance of broadcast storms by limiting the number of systems in a segment. This decreases broadcast traffic visible to each system and can reduce congestion. Segmentation can also help provide security by separating functional groups that don’t need to be able to access each other’s systems. Installing a firewall at the border would only help with inbound and outbound traffic, not cross-network traffic. Spanning tree loop prevention helps prevent loops in Ethernet networks (for example, when you plug a switch into a switch via two ports on each), but it won’t solve broadcast storms that aren’t caused by a loop or security issues. Encryption might help prevent some problems between functional groups, but it won’t stop them from scanning other systems, and it definitely won’t stop a broadcast storm!

72
Q

ICMP, RIP, and network address translation all occur at what layer of the OSI model?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4

A

C. ICMP, RIP, and network address translation all occur at layer 3, the Network layer.

73
Q

Ben is an information security professional at an organization that is replacing its physical servers with cloud-hosted virtual machines. As the organization builds its virtual environment, it is moving toward a hybrid cloud operational model with some systems and services remaining in its local data center and others hosted in the cloud. The following diagram shows the local data center and cloud VPC’s network IP ranges, which you should consider as you answer the questions.

Ben wants to ensure that the instance-to-instance (system-to-system) traffic in his cloud-hosted infrastructure as a service environment is secure. What can he do to fully ensure that the virtualized network traffic is not being captured and analyzed?

A. Prevent the installation of a packet sniffer on all hosts.
B. Disable promiscuous mode for all virtual network interfaces.
C. Disallow the use of any virtual taps.
D. Encrypt all traffic between hosts.

A

D. In an infrastructure as a service (IaaS) environment, the company that provides cloud environment has final control of all the virtual machines and networks. Thus, to protect data, the best option is to encrypt the data. Unfortunately, Ben cannot fully ensure that traffic in his environment is not being captured and must rely on the cloud hosting provider for that assurance. While preventing the installation of packet sniffers and taps and ensuring that promiscuous mode cannot be enabled are useful habits in an environment that you control, this will not provide the same control in a cloud environment.

74
Q

Ben is an information security professional at an organization that is replacing its physical servers with cloud-hosted virtual machines. As the organization builds its virtual environment, it is moving toward a hybrid cloud operational model with some systems and services remaining in its local data center and others hosted in the cloud. The following diagram shows the local data center and cloud VPC’s network IP ranges, which you should consider as you answer the questions.

What issue is most likely to occur due to the subnets configured for the data center and VPC?

A. IP address conflicts
B. Routing loops
C. MAC address conflicts
D. All of the above

A

A. Using the same IP range for an on-site and cloud-hosted data center can be helpful when designing a flat network, but addresses must be carefully managed and allocated even in a space as big as the 10.0.0.0/24 range. If addresses are not properly managed, conflicts may arise that could disrupt production services. MAC address conflicts should not arise unless addresses are manually changed or virtual machines are replicated without changing their MAC addresses. There is nothing in the problem to suggest routing issues.

75
Q

Ben is an information security professional at an organization that is replacing its physical servers with cloud-hosted virtual machines. As the organization builds its virtual environment, it is moving toward a hybrid cloud operational model with some systems and services remaining in its local data center and others hosted in the cloud. The following diagram shows the local data center and cloud VPC’s network IP ranges, which you should consider as you answer the questions.

Ben wants to use multiple internet service providers (ISPs) to connect to his cloud VPC to ensure reliable access and bandwidth. What technology can he use to manage and optimize those connections?

A. FCoE
B. VXLAN
C. SDWAN
D. LiFi

A

C. A software-defined wide area network, or SD-WAN, is commonly used to manage multiple ISPs and other connectivity options to ensure speed, reliability, and bandwidth design goals are all met. Ben can use SD-WAN capabilities to accomplish his goals to make his hybrid cloud environment successful. Fibre Channel over Ethernet (FCoE) is a storage protocol; VXLAN is used for extensible virtual LANs, not WANs; and LiFi uses visible and infrared light to transfer data.

76
Q

WPA2’s Counter Mode Cipher Block Chaining Message Authentication Mode Protocol (CCMP) is based on which common encryption scheme?

A. DES
B. 3DES
C. AES
D. TLS

A

C. WPA2’s CCMP encryption scheme is based on AES. As of the writing of this book, there have not been any practical real-world attacks against WPA2. DES has been successfully broken, and neither 3DES nor TLS is used for WPA2.

77
Q

When a host on an Ethernet network detects a collision and transmits a jam signal, what happens next?

A. The host that transmitted the jam signal is allowed to retransmit while all other hosts pause until that transmission is received successfully.
B. All hosts stop transmitting, and each host waits a random period of time before attempting to transmit again.
C. All hosts stop transmitting, and each host waits a period of time based on how recently it successfully transmitted.
D. Hosts wait for the token to be passed and then resume transmitting data as they pass the token.

A

B. Ethernet networks use Carrier-Sense Multiple Access with Collision Detection (CSMA/CD) technology. When a collision is detected and a jam signal is sent, hosts wait a random period of time before attempting retransmission.

78
Q

Mark is concerned about the physical security of his network cables. What type of network connection would be the hardest to tap without specialized equipment?

A. WiFi
B. Bluetooth
C. Cat5/Cat6 twisted pair
D. Fiber optic

A

D. Fiber-optic cable is the most difficult of the listed types of network to capture data from without specialized equipment. Given access to a fiber-optic cable and specialized equipment to tap it, or with access to the endpoints of a fiber-optic cable and an optical tap, access can still be obtained. In either case, disruption may be observed when the cable is cut, spliced, or disconnected, and many attackers will not have access, skills, or the tools needed to do so. WiFi and Bluetooth traffic can be captured using standard wireless cards and tools, and data carried by twisted-pair Ethernet cables is easily captured using commodity tools.

79
Q

Rich wants to connect his network to a building a half-mile away from his current location. There are trees and terrain features along the way, but a road passes between the trees to the other location. What type of transmission media is best suited to this type of deployment?

A. Ethernet cable with repeaters every 200 to 300 yards
B. A WiFi directional antenna
C. Fiber-optic cable
D. A LiFi system

A

C. Buried fiber-optic cable is best suited to long distances, particularly when there are trees or other obstacles blocking line of sight that may interfere with WiFi or LiFi deployments. Ethernet’s distance limitations mean that repeaters would need to be powered, and there is no description of other structures or power along the path.

80
Q

What challenge is most common for endpoint security system deployments?

A. Compromises
B. The volume of data
C. Monitoring encrypted traffic on the network
D. Handling non-TCP protocols

A

B. Endpoint security solutions face challenges due to the sheer volume of data that they can create. When each workstation is generating data about events, this can be a massive amount of data. Endpoint security solutions should reduce the number of compromises when properly implemented, and they can also help by monitoring traffic after it is decrypted on the local host. Finally, non-TCP protocols are relatively uncommon on modern networks, making this a relatively rare concern for endpoint security system implementations.

81
Q

What type of address is 127.0.0.1?

A. A public IP address
B. An RFC 1918 address
C. An APIPA address
D. A loopback address

A

D. The IP address 127.0.0.1 is a loopback address and will resolve to the local machine. Public addresses are non–RFC 1918, nonreserved addresses. RFC 1918 addresses are reserved and include ranges like 10.x.x.x. An APIPA address is a self-assigned address used when a DHCP server cannot be found.

82
Q

Susan is writing a best practices statement for her organizational users who need to use Bluetooth. She knows that there are many potential security issues with Bluetooth and wants to provide the best advice she can. Which of the following sets of guidance should Susan include?

A. Use Bluetooth’s built-in strong encryption, change the default PIN on your device, turn off discovery mode, and turn off Bluetooth when it’s not in active use.
B. Use Bluetooth only for those activities that are not confidential, change the default PIN on your device, turn off discovery mode, and turn off Bluetooth when it’s not in active use.
C. Use Bluetooth’s built-in strong encryption, use extended (eight digits or longer) Bluetooth PINs, turn off discovery mode, and turn off Bluetooth when it’s not in active use.
D. Use Bluetooth only for those activities that are not confidential, use extended (eight digits or longer) Bluetooth PINs, turn off discovery mode, and turn off Bluetooth when it’s not in active use.

A

B. Since Bluetooth doesn’t provide strong encryption, it should only be used for activities that are not confidential. Bluetooth PINs are four-digit codes that often default to 0000. Turning it off and ensuring that your devices are not in discovery mode can help prevent Bluetooth attacks.

83
Q

What type of networking device is most commonly used to assign endpoint systems to VLANs?

A. Firewall
B. Router
C. Switch
D. Hub

A

C. The assignment of endpoint systems to VLANs is normally performed by a network switch.

84
Q

Steve has been tasked with implementing a network storage protocol over an IP network. What storage-centric converged protocol is he likely to use in his implementation?

A. MPLS
B. FCoE
C. SDN
D. VoIP

A

B. Fibre Channel over Ethernet allows Fibre Channel communications over Ethernet networks, allowing existing high-speed networks to be used to carry storage traffic. This avoids the cost of a custom cable plant for a Fibre Channel implementation. MPLS, or Multiprotocol Label Switching, is used for high-performance networking; VoIP is Voice over IP; and SDN is software-defined networking.

85
Q

Michelle is told that the organization that she is joining uses an SD-WAN controller architecture to manage their WAN connections. What can she assume about how the network is managed and controlled? (Select all that apply.)

A. The network uses predefined rules to optimize performance.
B. The network conducts continuous monitoring to support better performance.
C. The network uses self-learning techniques to respond to changes in the network.
D. All connections are managed by the organization’s primary internet service provider.

A

A, B, C. SD-WAN implementations typically perform all of these functions, combining active data collection via monitoring and response via self-learning and machine intelligence techniques, and then applying predefined rules to take action to make the network perform as desired. SD-WAN does not imply or require that all connections are managed by the organization’s primary internet service provider. In fact, SD-WANs are often used to handle multiple ISPs to allow for failover and redundancy.

86
Q

Which of the following shows the layers of the OSI model in correct order, from layer 1 to layer 7? Place the layers of the OSI model shown here in the appropriate order, from layer 1 to layer 7.

A. Layer 1 = Data Link; Layer 2 = Physical; Layer 3 = Network; Layer 4 = Transport; Layer 5 = Session; Layer 6 = Presentation; Layer 7 = Applications
B. Layer 1 = Physical; Layer 2 = Data Link; Layer 3 = Network; Layer 4 = Transport; Layer 5 = Session; Layer 6 = Presentation; Layer 7 = Applications
C. Layer 1 = Physical; Layer 2 = Data Link; Layer 3 = Network; Layer 4 = Transport; Layer 5 = Session; Layer 6 = Applications; Layer 7 = Presentation
D. Layer 1 = Physical; Layer 2 = Data Link; Layer 3 = Network; Layer 4 = Session; Layer 5 = Transport; Layer 6 = Presentation; Layer 7 = Applications

A

B. The OSI layers in order from layer 1 to layer 7 are as follows:
1. Physical
2. Data Link
3. Network
4. Transport
5. Session
6. Presentation
7. Application

87
Q

Valerie enables port security on the switches on her network. What type of attack is she most likely trying to prevent?

A. IP spoofing
B. MAC aggregation
C. CAM table flooding
D. VLAN hopping

A

C. Valerie is most likely trying to prevent CAM table flooding by preventing large numbers of MAC addresses from being used on a single port. If CAM table flooding is successful, switches will not know where to send traffic and resort to sending all traffic to every port, potentially exposing traffic to attackers. IP spoofing and VLAN hopping are not prevented by port security, which focuses on hardware (MAC) addresses. MAC aggregation was made up for this question.

88
Q

Alaina wants to ensure that systems are compliant with her network security settings before they are allowed on the network and wants to ensure that she can test and validate system settings as possible. What type of NAC system should she deploy?

A. A pre-admit, clientless NAC system
B. A postadmission, client-based NAC system
C. A pre-admit, client-based NAC system
D. A postadmission, clientless NAC system

A

C. A pre-admit, client-based NAC system will test systems before they are allowed on the network using a client that can determine more about a system than a clientless model can. Postadmission tests after clients are already on the network and clientless versions are useful when installing clients isn’t possible for systems.

89
Q

Derek wants to deploy redundant core routers, as shown in the diagram. What model of high availability clustering will provide him with the greatest throughput?

A. Active/active
B. Line interactive
C. Active/passive
D. Nearline

A

A. An active/active pair can use the full throughput capability of both devices, but normal deployment models will design to the maximum throughput of a single device to avoid disruption in the event that one of the pair fails. Active/passive designs can only handle the throughput of a single device and allow the secondary device to remain ready to operate but not passing traffic until it is needed. Line interactive is a term often used to describe UPS systems that filter power instead of passing it through, and near-line is a term used to describe backups that are not online but can be retrieved relatively quickly.

90
Q

Angela needs to choose between the following protocols for secure authentication and doesn’t want to create unneeded technical complexity. Which authentication protocol should she choose and why?

A. EAP, because it provides strong encryption by default
B. LEAP, because it provides frequent reauthentication and changing of WEP keys
C. PEAP, because it provides encryption and doesn’t suffer from the same vulnerabilities that LEAP does
D. EAP-TLS

A

C. Of the three answers, PEAP is the best solution. It encapsulates EAP in a TLS tunnel, providing strong encryption. LEAP is a Cisco proprietary protocol that was originally designed to help deal with problems in WEP. LEAP’s protections have been defeated, making it a poor choice. EAP-TLS is secure but requires client certificates, making it difficult to deploy and manage.

91
Q

What is a frequent concern for systems that require high-performing internet connectivity when satellite internet is the only available option?

A. Security
B. Compatibility with protocols like LiFi
C. Compatibility with protocols like Zigbee
D. Latency

A

D. Most existing satellite internet systems have relatively high latency. Newer low Earth orbit satellites like Starlink appear to provide better latency than higher orbits, but latency and susceptibility to interference from weather are both common concerns for satellite-based systems.

92
Q

What layer of an SDN implementation uses programs to communicate needs for resources via APIs?

A. The data plane
B. The control plane
C. The application plane
D. The monitoring plane

A

C. The application plane of a software-defined network (SDN) is where applications run that use application programming interfaces (APIs) to communicate with the SDN about needed resources. The control plane receives instructions and sends them to the network. The last common plane is the devices themselves.

93
Q

Which of the following is not a drawback of multilayer protocols?

A. They can allow filters and rules to be bypassed.
B. They can operate at higher OSI levels.
C. They can allow covert channels.
D. They can allow network segment boundaries to be bypassed.

A

B. Common drawbacks of multilayer protocols are that they can bypass filters, allow or create covert channels, and allow network segment boundaries to be bypassed. The ability to operate at higher OSI layer levels is normally considered a benefit.

94
Q

Place the following layers of the TCP/IP model in order, starting with the Application layer and moving down the stack.

  1. Application layer
  2. Network Access layer
  3. Internet layer
  4. Transport layer

E. 1, 2, 3, 4
F. 1, 4, 2, 3
G. 1, 4, 3, 2
H. 4, 1, 3, 2

A

C. In order, the layers are: Application layer, Transport layer, Internet layer, and Network Access layer.

95
Q

What is the maximum speed that Category 5e cable is rated for?

A. 5 Mbps
B. 10 Mbps
C. 100 Mbps
D. 1000 Mbps

A

D. Category 5e cable is rated for speeds up to 1000 Mbps. If you need a faster network connection, you can consider Cat6 or higher copper cables or move to fiber where speeds can be much higher.

96
Q

What are two primary advantages that 5G networks have over 4G networks? (Select all that apply.)

A. Anti-jamming features
B. Enhanced subscriber identity protection
C. Mutual authentication capabilities
D. Multifactor authentication

A

B, C. 5G technology includes both a new mutual authentication capability and additional protections for subscriber identities. It does not have specific anti-jamming security features and does not specifically use multifactor authentication.

97
Q

What function does VXLAN perform in a data center environment?

A. It removes limitations due to maximum distance for Ethernet cables.
B. It allows multiple subnets to exist in the same IP space with hosts using the same IP addresses.
C. It tunnels layer 2 connections over a layer 3 network, stretching them across the underlying layer 3 network.
D. All of the above

A

C. VXLAN tunnels layer 2 connections over a layer 3 network, in essence extending a LAN over distances or networks that it might not otherwise function over. It does not remove the distance limitations of Ethernet cables, nor does it allow multiple subnets to use the same IP space—that requires NAT or other technologies that remap addresses to avoid conflicts.

98
Q

Chris is setting up a hotel network and needs to ensure that systems in each room or suite can connect to each other, but systems in other suites or rooms cannot. At the same time, he needs to ensure that all systems in the hotel can reach the internet. What solution should he recommend as the most effective business solution?

A. Per-room VPNs
B. VLANs
C. Port security
D. Firewalls

A

B. VLANs can be used to logically separate groups of network ports while still providing access to an uplink. Per-room VPNs would create significant overhead for support as well as create additional expenses. Port security is used to limit what systems can connect to ports, but it doesn’t provide network security between systems. Finally, while firewalls might work, they would add expense and complexity without adding any benefits over a VLAN solution.

99
Q

During a forensic investigation, Charles is able to determine the Media Access Control (MAC) address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong?

A. The Application layer
B. The Session layer
C. The Physical layer
D. The Data Link layer

A

D. MAC addresses and their organizationally unique identifiers are used at the Data Link layer to identify systems on a network. The Application and Session layers don’t care about physical addresses, while the Physical layer involves electrical connectivity and handling physical interfaces rather than addressing.

100
Q
  1. Mikayla is reviewing her organization’s VoIP environment configuration and finds a diagram that shows the following design. What concern should she express?

A. The voice connection is unencrypted and could be listened to.
B. There are no security issues in this diagram.
C. The session initialization connection is unencrypted and could be viewed.
D. Both the session initialization and voice data connection are unencrypted and could be captured and analyzed.

A

C. This diagram shows the use of SIP instead of SIPS, meaning that the session initialization protocol is not encrypted. Fortunately, the voice data via secure real-time transport protocol, or SRTP is encrypted. Mikayla should look into using SIPS in addition to SRTP.