Ch 10: Security in Network Design

Question 1

Which of the following is an example of proxy server software?

Answer 1

Squid

Question 2

What is NOT a variable that an network access control list can filter traffic with?

Answer 2

The operating system used by the source or destination device.

Question 3

In ACL statements, using the “any” keyword is equivalent to using a wildcard mask of what value?

Answer 3

255.255.255.255

Question 4

What kind of firewall can block designated types of traffic based on application data contained within packets?

Answer 4

content-filtering firewall

Question 5

On a Linux system, which command allows you to modify settings used by the built-in packet filtering firewall?

Answer 5

iptables

Question 6

What is a SIEM (Security Information and Event Management) system utilized for?

Answer 6

It is a system used to evaluate data from security devices and generate alerts.

Question 7

When using Spanning Tree Protocol, what is the first step in selecting paths through a network?

Answer 7

STP must first select the root bridge, or master bridge.

Question 8

In order to prevent ports that are serving network hosts from being considered as best paths, what should be enabled to block BPDUs?

Answer 8

BPDU guard

Question 9

Which protocol designed to replace STP operates at Layer 3 of the OSI model?

Answer 9

Shortest Path Bridging (SPB)

Question 10

You have been tasked with the configuration of a Juniper switch, and have been told to restrict the number of MAC addresses allowed in the MAC address table. What command should you use?

Answer 10

mac-limit

Question 11

Enforcing a virtual security perimeter using a client’s geographic location is known by what term?

Answer 11

geofencing

Question 12

When using Kerberos, what is the purpose of a ticket?

Answer 12

It is a temporary set of credentials that a client uses to prove to other servers that its identity has been validated.

Question 13

Which legacy authentication protocol requires mutual authentication?

Answer 13

Microsoft Challenge Handshake Authentication Protocol, version 2 (MS-CHAPv2)

Question 14

By far the most popular AAA service, what open-source service runs in the Application layer and can use UDP or TCP in the Transport layer?

Answer 14

RADIUS

Question 15

Which adaptation of EAP utilizes EAP-MSCHAPv2 inside of an encrypted TLS tunnel?

Answer 15

Protected EAP (PEAP)

Question 16

What IEEE standard includes an encryption key generation and management scheme known as TKIP?

Answer 16

802.11i

Question 17

What descendant of the Spanning Tree Protocol is defined by the IEEE 802.1W standard, and can detect as well as correct for link failures in milliseconds?

Answer 17

Rapid Spanning Tree Protocol (RSTP)

Question 18

You have been asked by your superior to configure all Cisco network switches to allow only acceptable MAC addresses through switch access ports. How is this accomplished?

Answer 18

Use the switchport port-security command to enable MAC filtering.

Question 19

What aspect of AAA is responsible for determining what a user can and cannot do with network resources?

Answer 19

authorization

Question 20

What statement regarding role-based access control is accurate?

Answer 20

RBAC allows a network administrator to base privileges and permissions around a detailed description of a user’s roles or jobs.

Question 21

Which encryption standard was originally utilized with WPA’s TKIP?

Answer 21

Rivest Cipher 4 (RC4)

Question 22

The Wired Equivalent Privacy standard had what significant disadvantage?

Answer 22

It used a shared encryption key for all clients, and the key might never change.

Question 23

In Open System Authentication, how does authentication occur?

Answer 23

The client “authenticates” using only the SSID name. In other words, no real authentication occurs.

Question 24

The Group Policy utility can be opened by typing what name into a Run box?

Answer 24

gpedit.msc

Question 25

When using Spanning Tree Protocol, which port on non-root bridges can forward traffic toward the root bridge?

Answer 25

Only one root port, which is the bridge’s port that is closest to the root bridge, can forward.

Question 26

Which of the following terms is used to describe the configuration of a port to copy all traffic passing through the switch to the device at the other end of the port?

Answer 26

port mirroring

Question 27

In regards to the use of local authentication, what statement is accurate?

Answer 27

Local authentication is network and server failure tolerant.

Question 28

What scenario might be ideal for the use of root guard in configuring a switch?

Answer 28

You wish to prevent switches beyond a certain port from becoming the root bridge, but still wish to use STP

Question 29

When using a host-based intrusion detection system, what additional feature might be available to alert the system of any changes made to files that shouldn’t change?

Answer 29

file integrity monitoring (FIM)

Question 30

What statement correctly describes a stateless firewall?

Answer 30

A stateless firewall manages each incoming packet as a stand-alone entity, without regard to currently active connections.