2 - Telecommunications and Network Security Flashcards
(118 cards)
1
Q
1.Whichprotocolprovidesfull-duplex,connectionoriented,andreliablecommunicationsoveravirtualcircuit?a.TCPb.UDPc.IPd.ICMP
A
A: TCP provides full-duplex, connection oriented, reliable communications over a virtual circuit.
2
Q
2.WhichofthefollowingisnotoneofthefourlayersoftheTCP/IPmodel?a.Applicationb.Sessionc.Internetd.NetworkAccess
A
B: Session is not one of the four layers of the TCP/IP model.
3
Q
3.WhatisusedbybothTCPandUDPtotrackmultiplecommunicationsthatoccuroverthesamenetworkinterfacesimultaneously?a.IPaddressb.MACaddressc.Portaddressd.Applicationorserviceprotocol
A
C: The port address is used by both TCP and UDP to track multiple communication sessions.
4
Q
4.HowislogicalcommunicationaccomplishedbetweenpeerlayersoftheOSImodel?a.Encapsulationb.Remoteprocedurecallsc.Memoryaddressingd.Packetswapping
A
A: Peer layers of the OSI model are able to logically communicate through encapsulation.
5
Q
5.WhichofthefollowingisthecorrectorderoftheOSImodellayersfromlayerseventolayerone?a.Physical,DataLink,Network,Transport,Session,Presentation,Applicationb.Application,Presentation,Session,Transport,Network,DataLink,Physical.c.Physical,Network,Session,Transport,DataLink,Presentation,Applicationd.Application,Presentation,DataLink,Transport,Session,Network,Physical
A
B: The correct order of the layers of the OSI model starting with Layer 7 is Application, Presentation, Session, Transport, Network, Data Link, Physical.
6
Q
6.AtwhatlayeroftheOSImodeldoesUDPoperate?a.Applicationb.Sessionc.Transportd.Network
A
C: UDP operates at the transport layer.
7
Q
7.AtwhatlayeroftheOSImodeldoestheIPprotocoloperate?a.Presentationb.Sessionc.Transportd.Network
A
D: The IP protocol operates at the Network layer.
8
Q
8.WhichofthefollowingisnotatrueorvalidcharacteristicoftheTCPprotocol?a.Connectionlessb.Fullduplexc.Usesacknowledgementsd.Sequencedsegments
A
A: TCP is connection-oriented, not connectionless.
9
Q
9.AtwhatlayeroftheTCP/IPmodelisdatacalledasegment?a.Applicationlayerb.Host-to-HostorTransportlayerc.InternetorNetworklayerd.NetworkAccesslayer
A
B: At the Host-to-Host or Transport layer data is called a segment.
10
Q
10.Theoccurrenceofelectronicsignalsspillingoverfromonewiretoanotherisknownas?a.attenuationb.noisec.crosstalkd.superzaping
A
C: Crosstalk is the occurrence of electronic signals spilling over from one wire to another.
11
Q
11.WhatTCP/IPsub-protocolcanbeusedtotransferfilesbutrequiresnoauthentication?a.Telnetb.BootPc.LPDd.TFTP
A
D: TFTP is used to transfer files but does not use authentication.
12
Q
12.WhichofthefollowingisnotpartoftheTCPhandshakeusedtoinitiateacommunicationsconnection?a.FINb.ACKc.SYNd.SYN/ACK
A
A: FIN is only used to terminate an existing TCP communications link.
13
Q
13.AtwhatlayerisdatalabeledasegmentwithintheTCP/IPmodel?a.Applicationb.Host-to-Hostc.Internetd.NetworkAccess
A
B: The data is labeled a segment in the host-to-host layer of the TCP/IP model.
14
Q
14.Whatistheabstractprotocolmodelthatiswidelyusedasthestandardframeworkfordesigningapplicationsandnetworkprotocols?a.Clark-Wilsonmodelb.OSImodelc.NetBIOSd.MACaddressing
A
B: The OSI model is the abstract protocol model that is widely used as the standard framework for designing applications and network protocols.
15
Q
15.ThethirdlayeroftheOSImodelis?a.Sessionb.Transportc.Networkd.DataLink
A
C: The Network layer is the third layer of the OSI model.
16
Q
16.SSL(securesocketslayer)operatesatwhatleveloftheOSImodel?a.Networkb.Transportc.DataLinkd.Session
A
B: SSL (secure sockets layer) operates at the transport level of the OSI model.
17
Q
17.EthernetisanexampleofwhattypeofLANtransmissionprotocol?a.Broadbandb.CSMAc.CSMA/CAd.CSMA/CD
A
D: Ethernet is a CSMA/CD Carrier-Sense multiple Access with Collision Detection LAN transmission protocol.
18
Q
18.Whattypeoffirewallisabletoself-modifyitstrafficfilters?a.Dynamicpacketfilteringb.Kernelproxyc.Statefulinspectiond.Applicationlevel
A
A: A dynamic packet filtering firewall is able to self-modify its traffic filters.
19
Q
19.LogicalcommunicationbetweenpeerlayersoftheOSImodelaremadepossiblethroughtheuseof?a.encapsulationb.remoteprocedurecallsc.directaddressingd.broadcasts
A
A: Logical communication between peer layers of the OSI model are made possible through the use of encapsulation.
20
Q
20.Whichofthefollowingcannotbeusedtoexchangefiles?a.FTPb.NFSc.TFTPd.Telnet
A
D: Telnet cannot be used to exchange files, rather it is limited to running applications or commands remotely.
21
Q
21.Whichofthefollowingprotocolsisusedfore-mail?a.SMTPb.LPDc.SNMPd.BootP
A
A: SMTP or Simple Mail Transport Protocol is used to transmit e-mail from server to server and from client to server.
22
Q
22.WhatisthelastcommunicationbetweentwosystemsoveraTCP/IPconnectionbeforeactualdatacanbeexchanged?a.FINb.ACKc.SYN/ACKd.SYN
A
B: ACK is the third and final element of the three-way handshake that establishes a communication link between two systems. Once the ACK is received, actual data can be communicated.
23
Q
23.WhichofthefollowingisnotasecurityserviceusedtoprotectOSIcommunications?a.auditingb.authenticationc.dataintegrityd.packetreceiptacknowledgement
A
A: Auditing is not a security service used to protect OSI communications.
24
Q
24.TCPprovidesforallbutwhichofthefollowing?a.full-duplexcommunicationsb.connectionlesscommunicationsc.dataflowmanagementthroughslidingwindowsd.reliablecommunicationvirtualcircuits
A
B: TCP is connection oriented, UDP is connectionless.
25
25. Which of the following uses acknowledgements to ensure that data is delivered to the recipient? a. UDP b. IP c. TCP d. TFTP
C: TCP is a reliable communications protocol since it does not use acknowledgements.
26
26. Which of the following technologies is baseband instead of broadband? a. ATM b. ISDN c. DSL d. Ethernet
D: Ethernet is a baseband communication mechanism.
27
27. The type of network transmission that originates from a single source but is directed toward multiple specific destinations is known as? a. multicast b. broadcast c. unicast d. polling
A: Multicast is a type of network transmission that originates from a single source but is directed toward multiple specific destinations.
28
28. What LAN media access method can be used to connect systems up to 2 km apart, support transmission rates up to 100MBps, is highly resistant to electromagnetic and radio frequency interference, and is often used to connect several different types of networks? a. Gigabit Ethernet b. Fiber Distributed Data Interface (FDDI) c. Copper Distributed Data Interface (CDDI) d. Asynchronous Transfer Mode (ATM)
B: Fiber Distributed Data Interface (FDDI) is a LAN media access method can be used to connect systems up to 2 km apart, support transmission rates up to 100MBps, is highly resistant to electromagnetic and radio frequency interference, but which does not use virtual circuits. FDDI is a two-ring based token-passing media access topology.
29
29. Which of the following is not a valid reason to deploy a network? a. share resources b. enable communications between systems c. increase security d. centralize administration
C: Networks are inherently less secure than stand alone systems. Therefore, deploying a network is a reduction in security, not an improvement.
30
30. What category of twisted pair cabling is rated to support 1Gbps of throughput? a. Cat 1 b. Cat 3 c. Cat 5 d. Cat 7
D: Cat 7 cable is rated for 1Gbps.
31
31. A network engineer creates a single network by connecting the hub of one office floor to another hub on another floor using a heavily insulated CAT5 cable. One office is on the first floor, the other is on the 48th floor. The systems are fully compatible, but communications between the two floors over the network connection is very poor. What is most likely the cause of this? a. attenuation b. noise c. crosstalk d. protocol mismatch
A: Attenuation is the loss of signal strength caused by excessive cable length. This situation is most likely caused by attenuation.
32
32. Why should plenum cable be used when wiring a new secure facility? a. it prevents wire tapping b. it won't produce toxic fumes when burned c. it increases the throughput capacity of the IT infrastructure d. it is less expensive than other alternatives
B: Plenum cable should be used when wiring any facility since it won't produce toxic fumes when burned.
33
33. Which of the following statements is not true regarding asynchronous transmissions? a. receiver must always be in the ready to receive state b. used primarily for small amounts of data c. timed to a clocking mechanism d. often uses stop and start delimiter bits
C: Synchronous transmissions uses a clocking mechanism, asynchronous transmissions do not.
34
34. What type of firewall creates a virtual circuit between the workstation/client system and the server? a. a static packet filtering firewall b. a stateful inspection firewall c. a kernel proxy firewall d. a second generation firewall
D: A second generation firewall (an application level firewall, an application layer gateway, a circuit level firewall, a proxy server) creates a virtual circuit between the workstation/client system and the server.
35
35. Which of the following is not a true statement about third generation firewalls? a. they offer significantly decreased performance b. they are stateful inspection firewalls c. they operate at the network layer d. they examine the state and content of data
A: Third generation firewalls, or stateful inspection firewalls, offer improved performance over first and second generation firewalls.
36
36. A dynamic packet filtering firewall is known as what generation of firewall? a. fifth b. fourth c. third d. second
B: A fourth generation firewall is a dynamic packet filtering firewall.
37
37. What network device is used specifically to safeguard against attenuation? a. hub b. bridge c. repeater d. router
C: A repeater is a network device used specifically to safeguard against attenuation. Repeaters operate at layer 1 of the OSI model.
38
38. Which of the following network devices operates exclusively at layer 3 of the OSI model? a. bridge b. repeater c. switch d. router
D: Routers operate at layer 3 of the OSI model.
39
39. What network device can be used to link two or more networks together even if they use different topologies? a. gateway b. hub c. bridge d. repeater
A: A gateway can link two or more networks together even if they use different topologies.
40
40. Which of the following is not true in regards to a screened-host or sacrificial-host firewall? a. uses packet filtering b. provides network and application layer filtering c. uses a bastion host d. is a first generation firewall
D: A screened-host or sacrificial-host firewall is NOT a first generation firewall
41
41. Which of the following is not a valid name or designation for an application level firewall? a. proxy server b. circuit level firewall c. a dynamic firewall d. second generation firewall
C: An application level firewall or application layer gateway is not a dynamic firewall, it is a static firewall.
42
42. A benefit of using network address translation is? a. proxy services b. private IP addresses c. traffic throttling d. packet filtering
B: NAT allows private IP addresses to be used in a private network and still support communications with the Internet.
43
43. Network address translation can also be referred to as? a. redirection b. traffic routing c. IP masking d. virtual circuits
C: IP masking is another name for NAT. NAT masks the assigned IP address of its internal clients from all external users and services.
44
44. Which of the following is not one of the seven original top level domain names used on the Internet? a. .edu b. .mil c. .org d. .biz
D: .biz is not one of the seven original top-level domain names used on the Internet.
45
45. A host system can be a firewall if all but which of the following are true? a. two NICs are present each in a different network b. the same protocol is used on both networks c. the same network topology is used on both networks d. IP forwarding is disabled
C: The connected networks need not use the same networking topology. As long as the NICs support the correct topology and the networks use the same protocol, a host server can act as a firewall.
46
46. A DMZ or demilitarized zone is used in a networking context for what primary purpose? a. to allow systems in the DMZ to be easily accessed by Internet users b. to provide a means by which a private network can be connected to the Internet c. to enable VPN connections from remote users d. to provide a higher level of security for the private network
D: to provide a higher level of security for the private network
47
47. What networking mechanism is used to allow communications from a private network to the Internet to occur without enabling Internet users to initiate communications or extract internal network configuration information from the interactions? a. network address translation b. router c. firewall d. virtual private networking
A: Network address translation (NAT) allows private network clients to initiate communications with Internet services, but it does not allow Internet users to initiate communicates into the private network nor to extract network configuration information about the private network from any communications intercepted by external users.
48
48. The first packet switching network was? a. Frame relay b. X.25 c. ATM d. SMDS
B: X.25 was the first packet switching network.
49
49. In what mode of a VPN is the data contained in the IP packet encrypted but the header of the IP packet is not encrypted? a. tunnel b. header throughput c. transport d. link hop
C: In a VPN in transport mode the data contained in the IP packet encrypted but the header of the IP packet is not encrypted.
50
50. The country codes or geographic top-level domain names are standardized ________ character names. a. 2 b. 3 c. 4 d. 5
A: The country codes or geographic top-level domain names are standardized 2 character names.
51
51. Synchronous Optical Network (SONET) are commonly used for metropolitan area networks (MAN). SONET offers the benefit of self-healing because of? a. its use of fiber optic cable b. its use of redundant rings c. its use of token passing d. its support of numerous protocol types
B: SONET is self-healing due to its use of redundant rings.
52
52. Which of the following is not true for circuit switching networks? a. uses physical permanent connections from one point to another b. has a single switched communication path c. routes data based on best path available d. is primarily voice oriented
C: Packet switching networks route data based on best path available.
53
53. Which of the following is not true for packet switching networks? a. transmit bursty or inconsistent levels of traffic b. incorporates variable delays in the transmission of data c. is sensitive to the loss of data d. is connection oriented
D: Circuit switching networks are connection oriented. Packet switching networks are connectionless.
54
54. Password Authentication Protocol (PAP) is an authentication mechanism supported by most remote access services. However, why should PAP be avoided? a. wide range of compatibility b. used only by remote access systems c. requires a certificate authority to function d. transmits logon credentials in plain text
D: PAP transmits logon credentials in plain text and therefore provides no security or protection for the username and password. For this reason, PAP should be avoided. Challenge Handshake Authentication Protocol (CHAP) should be used instead.
55
55. What RAID level is basic mirroring? a. RAID 1 b. RAID 3 c. RAID 5 d. RAID 6
A: RAID 1 is basic mirroring.
56
56. Which of the following is not a form of server fault tolerance? a. DNS round robin pointing to duplicate servers b. automated batch dump to an offline server c. a mirrored pair of servers with hot rollover capability d. server clustering
B: Automated remote journaling to an offline server provides for a backup of a server, but it does not offer fault tolerance. If the primary server goes down, there is no means by which the backup server can be quickly and easily brought back online to support the network activities.
57
57. Which of the following is not true in regards to Layer 2 Tunneling Protocol (L2TP)? a. enables a single point to point connection b. operates at the Data Link layer c. supports the encryption of multiple protocols d. uses PPP authentication and encryption services
D: PPTP (Point to Point Tunneling Protocol) uses PPP authentication and encryption services. L2TP uses IPSec.
58
58. Which of the following is not true about IPSec? a. Built into all versions of TCP/IP b. Encrypts and authenticates IP data c. Is used to establish network to network connectivity d. Supports multiple simultaneous tunnels
A: IPSec is built into IPv6, but not the currently used IPv4. However, add-ons by many OSes enable IPSec to be used over IPv4.
59
59. Which of the following is not a valid remote access security method for authenticating connecting users? a. Caller ID b. Digital signatures c. Callback d. Restricted Address
B: Digital signatures is not a valid remote access security method for authenticating connecting users. Digital signatures are used to verify the identity of the source of a transmission, they are not used in the authentication process.
60
60. In order to provide the most secure remote access authentication method for dial-up clients, which of the following mechanisms should you configure and enforce? a. no callback b. callback to a user provided number c. callback to a predetermined number d. multilink callback
C: Using callback to a predetermined number is the most secure option. Ways to attack a predetermined callback is to hack the phone company and hijack a phone number or to use call forwarding at the predetermined number site.
61
61. Which of the following network topologies is the least fault tolerant? a. Ethernet b. FDDI c. Token Ring d. Frame Relay
C: Token Ring is not fault tolerant. Its single ring design is a single point of failure.
62
62. Which of the following is not a backup tape management scheme? a. Grandfather, father, son b. Six-cartridge weekly backup principle c. Pillar of Absolom d. Tower of Hanoi
C: Pillar of Absolom is not a commonly used backup tape management scheme. It is a fake distracter.
63
63. Which of the following backup methods does not reset the archive bit and backs up all data changed since the last full or incremental backup? a. Full b. Daily c. Incremental d. Differential
D: A differential backup does not reset the archive bit. A differential backup is used to backup all new data since the last full, daily, or incremental backup.
64
64. What is always true about using a backup media system for protecting data? a. some amount of data is always lost when the primary source fails b. transfer rates are always faster than normal network connectivity c. the time required to perform backups decreases as the amount of data increases d. the number of backup medias needed to perform a backup decreases as the amount of data increases
A: Some data lost always occurs when the primary source fails because there is always a time lag between the last backup and the failure when data changes have occurred which are not stored on the backup media.
65
65. What is the most common cabling failure for twisted pair cabling? a. termination b. excess cable length c. audio interference d. installation
B: Excess cable length is a common cabling failure for twisted pair cabling.
66
66. What protocol is a replacement for PPTP (Point to Point Tunneling Protocol) as used in VPNs (Virtual Private Networks)? a. CHAP b. L2TP c. PPP d. HDLC
B: L2TP or Layer 2 Tunneling Protocol is the replacement for PPTP in VPNs.
67
67. What network device can be used as a boundary protection and security mechanism? a. bridge b. router c. firewall d. switch
C: A firewall is a network device used as a boundary protection and security mechanism.
68
68. Which of the following is a technology that functions at Layer 1 of the OSI model? a. SMTP b. UDP c. ARP d. Ethernet
D: Ethernet operates at Layer 1 (Physical) of the OSI model.
69
69. Which of the following is not a form of denial of service attack? a. sending a victim large e-mail attachments b. tasking all TCP ports for illegitimate traffic c. submitting a large stream of fragmented IP packets to a system d. attempting to break a logon using a brute force password attack
D: Attempting to break a logon using a brute force password attack is an intrusion attack or a password attack, it is not considered a denial of service attack.
70
70. Which of the following denial of service attacks requires three components (source site, bounce site, and target site) to launch the attack? a. Smurf b. Ping of Death c. SYN flood d. Teardrop
A: A smurf attack requires the three components of a source site, bounce site, and target site to perpetrate its attack. A smurf attack sends a spoofed ping to the broadcast address of a high-volume bounce site that responds with a large flood to the target site.
71
71. What networking device is primarily software and can be used to connect networks that use different topologies? a. gateway b. switch c. router d. bridge
A: A gateway is a networking device that is primarily software and can be used to connect networks that use different topologies.
72
72. What layer of the OSI model provides end-to-end conveyance services and establishes a logical connection between server and client? a. presentation b. transport c. network d. data link
B: The transport layer of the OSI model provides end-to-end conveyance services and establishes a logical connection between server and client.
73
73. Firewalls offer the best control over security and traffic when combined with? a. routers b. bridges c. hubs d. repeaters
A: Firewalls offer the best control over security and traffic when combined with routers. Routers include some access control and traffic filtering capabilities that complement the security features of a firewall.
74
74. Which of the following is unaffected by RFI and EMI? a. coax b. fiber optic c. twisted pair d. shielded twisted pair
B: Fiber optic is the only form of cabling which is resistance to all forms of EMI and RFI.
75
75. The TCP/IP protocol stack or protocol model, unlike the OSI model, contains ______________ layers. a. 8 b. 5 c. 4 d. 7
C: The TCP/IP protocol stack or protocol model contains 4 layers.
76
76. What networking device prevents broadcast storms? a. repeater b. hub c. bridge d. switch
D: Switches block broadcast storms.
77
77. RG58 cabling is also know as? a. ThickNet b. Fiber Optic c. Twisted pair d. ThinNet
D: RG58 cable is also known as ThinNet.
78
78. Cable noise is not caused by? a. Length of cable b. Motors c. Heaters d. Florescent lighting
A: Attenuation is caused by too long of a cable, not noise.
79
79. What is the loss of signal strength caused by the length of the cable? a. Crosstalk b. Attenuation c. Noise d. Encryption
B: The loss of signal strength caused by the length of the cable is attenuation.
80
80. The total number of ports available within TCP/IP for communication sessions is? a. 2 b. 1024 c. 65,536 d. 130,072
D: TCP/IP includes both TCP and UDP, both of which have 65,536 available ports. Thus the total number of ports is 130,072.
81
81. What protocol is used in a diskless workstation environment to initiate the startup process of terminals? a. BootP b. X Windows c. LPD d. TFTP
A: BootP or bootstrap protocol is used in a diskless workstation environment to initiate the startup process of terminals.
82
82. ThinNet cabling is also known as? a. CAT 5 b. RG-58 c. Twisted pair d. Plenum
B: ThinNet coax cabling is also known as RG-58 cabling.
83
83. A CAT 5 cable is able to support network communications up to what speed? a. 10Mbps b. 32Mbps c. 100Mbps d. 512Mbps
C: CAT 5 cable can support speeds up to 100Mbps.
84
84. Which of the following statements is true in regards to broadband communications or connectivity? a. An example of broadband is Ethernet. b. Broadband uses the entire cable to support a single transmission. c. Broadband can carry several channels simultaneously. d. Broadband is usually slower than baseband.
C: Broadband can carry several channels simultaneously.
85
85. Ethernet is an example of which of the following LAN technologies? a. CSMA b. CSMA/CC c. CSMA/CA d. CSMA/CD
D: Ethernet is an example of CSMA/CD (Carrier-Sense Multiple Access, Collision Detection).
86
86. What cabling type is least vulnerable to cross talk and EM interference? a. Fiber optic b. ThinkNet c. 10Base2 d. 100BaseT
A: Fiber optic is least vulnerable to cross talk and EM interference.
87
87. What type of cable has the most problems with crosstalk? a. ThickNet b. Fiber Optic c. Twisted pair d. Shielded copper
C: Twisted pair has the most problems with crosstalk since it is typically not shielded.
88
88. What type or rating of cabling is specifically designed to prevent the production of toxic fumes when burned? a. PVC b. Coax c. Aluminum wrapped d. Plenum
D: Plenum is the cabling type or rating that is design to prevent the release of toxic fumes when burned.
89
89. A digital signal is indicated by which of the following? a. Line voltage being on or off b. Change in the amplitude of a signal c. Change in the frequency of a signal d. A change in the strength of the signal
A: Digital transmission is identified by the line voltage being on or off.
90
90. Which of the following is not true in regards to modems based on asynchronous communications? a. Data can be sent at any time, so the receiver must always be ready to accept incoming signals b. Data is sent only at specified intervals based on a clocking mechanism c. Used for the transmission of small amounts of data d. Start and stop delimiter bits are required
B: This is not true for modem communications, which are asynchronous. This is true of synchronous communications.
91
91. Which of the following can be used to support communications between two networks that employ different topologies? a. Bridge b. Switch c. Repeater d. Gateway
D: A gateway is used to support communications between two networks using different protocols.
92
92. A screened-host firewall is also known as? a. A first generation firewall b. A second generation firewall c. A third generation firewall d. A fourth generation firewall
B: A screened-host firewall is also known as a second generation firewall.
93
93. Which of the following create a single point of failure? a. A network device b. A meshed Ethernet network c. FDDI d. Frame Relay clouds
A: A network device is always a single-point of failure.
94
94. Which of the following network devices is designed to compensate for attenuation? a. Router b. Repeater c. Switch d. Network Interface Card
B: A repeater is designed to compensate for attenuation by strengthening the signal before re-transmitting it.
95
95. Which of the following devices blocks broadcast storms? a. Bridge b. Hub c. Router d. Repeater
C: A router blocks broadcast storms from traveling from one subnet to another.
96
96. Which of the following is not a packet switching system? a. The X.25 network b. The telephone network c. Frame Relay networks d. SMDS networks
B: The telephone network is a circuit switching, not packet switching, network.
97
97. The Tower of Hanoi is a name assigned to what? a. A tape backup rotation scheme b. A fault tolerant RAID configuration c. A scheme for deploying firewalls in a screened tree d. A method for detecting intrusions through access logs
A: The Tower of Hanoi is a tape backup rotation scheme.
98
98. Which of the following describes a Smurf attack? a. Very large e-mail attachments are sent to the victims e-mail address b. Continually polling all possible TCP and UDP ports to prevent legitimate connections c. Sending numerous SYN packets to a server and not replying to the resultant SYN/ACK packets. d. A ping packet with a spoofed address is sent to a broadcast address, this causes a large number of bounced messages to flood the victim
D: This is a Smurf DoS attack.
99
99. What is the primary purpose of a firewall? a. Block virus attacks b. Filter traffic c. Prevent denial of service attacks d. Track user activity
B: The primary purpose of a firewall is to filter traffic based on the requirements of the security policy.
100
100. What type of leased line offers digital signals at up to 44.736Mbps? a. T1 b. E3 c. DS-3 d. OC-1
C: A DS-3 also known as a T3 offers digital signals at up to 44.736Mbps.
101
101. A circuit level firewall is a variation of what type of firewall? a. Dynamic packet filtering firewall b. Screened-host firewall c. Stateful inspection firewall d. Packet level firewall
B: A circuit level gateway is a variation of a screened host firewall.
102
102. Which of the following is not one of the seven original generic top level domain names? a. .web b. .edu c. .gov d. .mil
A: The original seven top level domain names are .com, .edu, .gov, .mil, .net, .org, and .int.
103
103. In what IPSec VPN mode is the original IP packet header encrypted and a new VPN specific header is added? a. Tunnel mode b. Traverse mode c. Transport mode d. Network mode
A: In the IPSec VPN tunnel mode, the original IP packet header encrypted and a new VPN specific header is added.
104
104. Which of the following is not true regarding VPNs? a. VPNs establish a remote access link that allows the remote client to perform the same functions as if it was connected with a normal network cable. b. VPNs offer cheap connection mechanism for geographically distant locations. c. VPNs provide a direct communication pathway between two systems over a public or private network. d. VPNs must always use encryption.
D: VPNs may or may not use encryption. Encryption is not a requirement for a VPN.
105
105. Which of the following is not a characteristic of circuit switching? a. Constant traffic b. Sensitive to loss of the connection c. Voice oriented d. Connectionless
D: Circuit switching is connection oriented.
106
106. A proxy server is a form of what type of firewall? a. Packet filtering b. Stateful inspection c. Application Gateway d. Dynamic Packet Filtering
C: A proxy server is a form of application gateway firewall.
107
107. What type of backup copies only the files that have changed since the last backup and which resets the archive bit? a. Full backup b. Incremental c. Copy d. Differential
B: An incremental backup copies only the files that have changed since the last backup and resets the archive bit.
108
108. Which of the following is not considered a remote access connection type? a. ISDN b. VPN c. HSSI d. DSL
C: HSSI or High Speed Serial Interface is not a remote access connection type, rather it is used to connect a remote access connection device or a router/switch to a computer system.
109
109. Both PPTP and L2TP VPN protocols operate at what layer of the OSI model? a. Network layer b. Data link layer c. Transport layer d. Session layer
B: PPTP and L2TP operate at the data link layer (layer 2).
110
110. Which of the following is the most critical configuration setting for a dual-homed host firewall? a. Disabling packet forwarding b. Using DHCP assigned IP addresses on each interface c. Using the same network technologies on each interface d. Assign both interfaces an IP address within the same subnet
A: Disabling packet forwarding is the most important configuration of a dual-homed host firewall. If this setting is not made, then traffic can easily bypass the firewall's restrictions by employing the host system's OS as a router.
111
111. Which of the following is not a benefit of NAT? a. NAT is used to hide the internal network structure from the external network b. NAT is used to grant Internet access to a larger number of internal clients than there are external Internet IP addresses c. NAT restricts traffic to request responses only d. NAT is useful against blocking e-mail born viruses
D: NAT is not useful against blocking e-mail born viruses.
112
112. What type of failure do all components of an IT infrastructure have in common? a. Virus infection b. Power loss c. Corrupted driver update d. Poor physical connection
B: Power loss is the one type of failure that all IT components share.
113
113. Why is the PAP remote access authentication protocol considered weak? a. It provides a mechanism for transmitting both the user ID and the authentication password b. It employs a one-way hash algorithm to protect logon credentials c. It transmits the authentication credentials in clear text d. It is supported exclusively by Windows operating systems
C: PAP is considered weak because it transmits credentials in clear text.
114
114. What level of RAID employs striping with interleave parity to provide fault tolerance and often supports hot swappable drives? a. RAID 0 b. RAID 1 c. RAID 3 d. RAID 5
D: RAID 5 is striping with interleave parity.
115
115. Which of the following is used primarily by non-Windows systems? a. Dynamic packet filtering firewalls b. Kernel proxy firewalls c. SOCKS firewalls d. Application gateway firewalls
C: SOCKS firewalls are used primarily by non-Windows systems. Windows systems employ WinSOCK firewalls.
116
116. What is the most common form of failure for fiber optic cabling? a. Excess length deployed b. EM interference c. Insufficient bandwidth d. Termination failure
D: Termination failure or an installation failure is the most common fault with fiber optic cabling.
117
117. Which of the following is not a common problem with backup solutions? a. The length of time required to create a backup increases over time b. The amount of backup media space required to complete a backup increases over time c. Backups offer 100% reliable forms of insurance against virus corruption d. Some data loss is always experienced when a backup is used to restore a failed server
C: Backups do not offer a 100% reliable form of insurance against virus corruption. Virus corruption can still occur, if it is not detected and manage in time, the corrupted version may be stored in the backup set. Backup restorations are not always successful.
118
118. The DNS service is used to perform what operation? a. Resolve IP addresses into MAC addresses b. Resolve domain names into IP addresses c. Resolve domain names into MAC addresses d. Resolve NetBIOS names into IP addresses
B: DNS is used to resolve domain names into IP addresses.
