Network+ Flashcards
(133 cards)
1
Q
Computers need to know only the IP address of a destination computer in order to communicate
with it across a network.
A. True
B. False
A
B. False
Explanation: Computers must know both the IP address and MAC address in order to
communicate across a network.
2
Q
The acronym ARP means \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_. A. Address Reservation Protocol B. Abbreviated Routing Protocol C. Addressable Routed Packet D. Address Resolution Protocol
A
D. Address Resolution Protocol
Explanation: ARP is the Address Resolution Protocol.
3
Q
ARP is used to find the MAC address of a host when the IP address is known.
A. True
B. False
A
A. True
Explanation: ARP is used to find the MAC address of a host when the IP address is known.
Another way to say this is that ARP is used to resolve IP Addresses into MAC addresses.
4
Q
An ARP table (or ARP cache) contains a list of known IP address and MAC address relationships.
A. True
B. False
A
A. True
Explanation: The ARP cache is a table that is kept on computers which contains all the IP address
and MAC address relationships that the computer has learned about. This way if the computer
needs to communicate with a specific IP address it is able to build a Frame with the associated
MAC address as it communicates out onto the network. Otherwise, the computer must first
send out an ARP request to learn the MAC address which it will then place into the ARP cache.
5
Q
The term Malware includes viruses, worms, trojan horses, spyware, adware, ransomware and other
types of malicious software written specifically to harm and infect a host system.
A. True
B. False
A
A. True
Explanation: The term Malware encompasses all malicious software designed to harm and infect
a host system. If a network node becomes infected with any form of Malware it is called a
“compromised system”. Compromised systems can give away the fact that they are compromised
by generating traffic on the network that is abnormal and otherwise unexplainable.
6
Q
When a server or system is attacked in such a way that it is flooded with traffic and unable to respond
to legitimate requests is referred to as a _______________ attack
A. Session Hijacking
B. Brute Force
C. Main-in-the-middle
D. Denial of Service
A
D. Denial of Service
Explanation: A Denial of Service (DoS) attack is an attack that overburdens the target with a flood
of traffic/requests until all of its resources are completely tapped out and it becomes unable to
respond to legitimate traffic.
7
Q
Which of the following is a type of man-in-the-middle attack in which the communicating devices on a
company LAN have their layer 2 frames redirected to the attacker who also resides on the same LAN.
A. VLAN Hopping
B. ARP Poisoning
C. Session Hijacking
D. Smurf Attack
A
B. ARP Poisoning
Explanation: In an ARP Poisoning attack the attacker must be on the same network as the targets.
This is because the attacker uses forged ARP messages to poison the target computer’s ARP
cache with the MAC address of the attacker. After the ARP cache has bee poisoned all future
communications (layer 2 frames) will be sent to the attacker’s computer instead of to the
intended destination.
8
Q
Which of the following types of attacks is a type of Denial of Service attack in which spoofed ICMP
messages are sent as an IP directed broadcast to flood a target host with ICMP traffic?
A. VLAN Hopping
B. ARP Poisoning
C. Session Hijacking
D. Smurf Attack
A
D. Smurf Attack
Explanation: Smurf attacks were a very common type of attack until router manufacturers started
disabling the IP directed broadcast feature on routers by default. With IP directed broadcast
turned on a simple ping message can be sent through a router and it will enter the network as a
broadcast message in which all the hosts who receive the broadcasted ping would reply to it. In
this case the smurfed victim’s IP address is known and is spoofed (forged) into the ping packets
making it seem like the pings came from the victim. This causes all the hosts that received the IP
directed broadcast ping to reply to the ping sending large amounts of ICMP traffic to the victim
all at the same time effectively taking it offline.
9
Q
End User Awareness training is the worst way for a company to defend against social engineering
attacks.
A. True
B. False
A
B. False
Explanation: Because people/employees/end users are the targets of social engineering attacks
the best way to defend against them is to make sure users are properly trained in User/Security
Awareness. If users understand the different ways they can be manipulated by social engineering
then they will be more aware of the events when they manifest and much more likely not to fall
for them.
10
Q
One major vulnerability in networks is the usage of unsecure protocols such as Telnet and SNMPv2.
A. True
B. False
A
A. True
Explanation: Unsecure protocols like Telnet and SNMPv2 send information in clear text and don’t
require password challenges or message digests. In these cases organizations should be sure to
use the secure versions of these protocols such as SSH and SNMPv3.
11
Q
It’s okay to have well known ports such as TCP 80 opened up from the outside of a firewall to the inside
of the network.
A. True
B. False
A
B. False
Explanation: Unnecessary open TCP ports are a huge vulnerability and the network perimeter
devices such as firewalls must be managed meticulously to make sure the network edge is secure
and there are no ports opened in a such a way that it exposes the internal network to the
Internet.
12
Q
How many bits are in a Byte? A. 32 B. 8 C. 48 D. 12
A
B. 8
Explanation: There are 8 bits in a Byte.
13
Q
Select the correct short form of representing the data rate of 1 bit per second A. 1 MB B. 1Bps C. 1 bit D. 1bps
A
D. 1bps
Explanation: the short form a bits per second is bps. When you see a lowercase “b” is always
means bits. When you see an upper case “B” is always represents Bytes.
14
Q
Bytes use a lower-case b in the shorthand notation.
A. True
B. False
A
B. False
Explanation: bits uses the lowercase “b” while Bytes uses the uppercase “B”.
15
Q
An ordinary Frame payload is how many Bytes in length? A. 1500 B. 9000 C. 1000 D. 500
A
A. 1500
Explanation: The standard maximum payload of an Ethernet Frame is 1500 Bytes. With
overhead such as the MAC Header, VLAN tag and CRC a standard Frame can exceed 1500 Bytes,
however the actual payload (which contains the data) is still a maximum of1500 Bytes.
16
Q
Frames are created in the Network Interface Card (NIC).
A. True
B. False
A
A. True
Explanation: The Network Interface Card is where Frames are assembled before being placed
on the network media and disassembled after being retrieved from the network media.
17
Q
How many bits are there in 512 Bytes. A. 1024b B. 2048b C. 4096b D. 8192b
A
C. 4096
Explanation: To find the number of bits in a certain number of Bytes simply multiply the number
of Bytes times eight (512 * 8 = 4096). To perform the reverse is to find the number bytes in a
certain number of bits. In that case simply divide the number of bits by eight (4096 bits / 8 = 512
Bytes)
18
Q
A unicast is sent from a single sender to multiple receivers.
A. True
B. False
A
B. False
Explanation: A Unicast is sent from a single sender to a single receiver while a Multicast is sent
from either a single sender or multiple senders to multiple receivers.
19
Q
What does a MAC Broadcast Address look like in hexadecimal format? A. FF-FF-FF-FF-FF-FF B. EE-EE-EE-EE-EE-EE C. AA-AA-AA-AA-AA-AA D. 00-00-00-00-00-00
A
A. FF-FF-FF-FF-FF-FF
Explanation: A MAC address destination of all Fs is a message to all hosts which is also known as
a Broadcast. All Fs in the hexadecimal notation of a MAC address is also the equivalent of all 1s
in the 48 bit binary format( 111111111111111111111111-111111111111111111111111)
20
Q
Routers separate Broadcast Domains.
A. True
B. False
A
A. True
Explanation: Routers keep broadcast domains separated from each other. One default router
interface (without VLANs) is the equivalent to one broadcast domain or network
21
Q
By default routers pass Broadcast traffic from one network to another network.
A. True
B. False
A
B. False
Explanation: Routers do not pass Broadcast traffic by default. If routers did pass normal
Broadcast traffic then that Broadcast traffic would have the potential to spread around the
entire global internet without restriction. We can see how this would be a problem! Broadcast
traffic is intended to stay within a local network which is also know as a Broadcast Domain.
22
Q
A software company uses a hosted service to build a web application in the cloud. The hosting
provider maintains all the hardware that the web application is built on and the software
company can simply build their web application without worrying about anything else. This is an
example of ___________.
A. IaaS
B. PaaS
C. SaaS
D. Private Cloud
A
B. PaaS
Explanation: PaaS (Platform as a Service) providers take care of everything that’s needed to
build software in the cloud so that companies can easily build web applications and other
software in the cloud without needing to maintain any of their own servers and hardware.
23
Q
A company hosts a portion of their network infrastructure in the cloud which it accesses via VPN.
The company is able to move workloads and servers between their on-premise private network
and their network in the cloud creating a Hybrid cloud environment. What type of cloud service is
this referring to?
A. IaaS
B. PaaS
C. SaaS
D. Private Cloud
A
A. IaaS
Explanation: IaaS (Infrastructure as a Service) providers offer complete network infrastructures
in the cloud where companies can set up their own servers and network storage and only pay
for the resources that are used on a monthly basis.
24
Q
Any type of software that is hosted in the cloud and accessed as a service via the internet by customers refers to \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_. A. Hybrid IaaS B. Private SaaS C. Hybrid Cloud D. Public SaaS
A
D. Public SaaS
Explanation: Public SaaS (Software as a Service) is a software offering that runs in the public
cloud and is accessed by customers over the Internet. Public SaaS is available to anyone who
wishes to use or pay for the software as a monthly recurring service. Some companies build
Private SaaS within their own private cloud which would be a software applications strictly used
by the internal employees and would not be available to the public or accessible via a public
cloud.
25
A virtualized network and network infrastructure that is hosted privately, publicly, or both, but is
shared amongst multipole organizations that have similar interests and compliance requirements
is called a ______________.
A. Private Cloud
B. Public Cloud
C. Community Cloud
D. Hybrid Cloud
C. Community Cloud
26
```
What is the command used to display the system IP address and MAC address on a Windows
computer?
A. ipconfig
B. ipconfig /all
C. ipconfig /mac
D. ipconfig /ip
```
B. ipconfig /all
Explanation: From Windows command prompt the “ipconfig /all” command will reveal all of the
IP settings and the MAC address. If only “ipconfig” is used it will only reveal the IP address,
subnet mask, and default gateway.
27
```
What is the command we can use on any system to test IP reachability status to a network node?
A. arp
B. nslookup
C. netstat
D. ping
```
D. ping
Explanation: ping is a universal command/application that can be used on any bash terminal or
windows command prompt to test IP reachability status to another node.
28
```
To check the layer 3 routing hops from a Windows computer to a remote destination which
command can you use?
A. nslookup
B. nbtstat
C. tracert
D. ping
```
C. tracert
Explanation: From a Windows computer the “tracert” command reports back each individual
layer 3 hop on the way from the source to the destination. On other systems such and MAC OS
X and Linux as well as on routers and switches the command is “traceroute”. Only in Windows is
the command “tracert”.
29
```
This command is similar to traceroute, but it shows even more statistics about each hop.
A. ping
B. ipconfig
C. pathping
D. tracert
```
C. pathping
Explanation: In addition to tracing the route from source to destination, “pathping” also
calculates a percentage of packet loss and latency of each hop. Pathping is really a combination
of both the traceroute and ping utilities and the packet loss percentage is gathered by sending
multiple pings to each hop in the path.
30
```
To check the domain name to ip address resolution from a computer which command can be
used?
A. nslookup
B. nbtstat
C. netstat
D. arp
```
A. nslookup
Explanation: The “nslookup” command performs a domain name server (DNS) lookup on a
hostname to find the ip address. The same command can be used to perform a reverse lookup
which is done by inputting the ip address after the nslookup command rather than the
hostname.
31
```
The following protocols allow for command line access to network devices. (choose all that apply)
A. ICMP
B. SSH
C. RDP
D. Telnet
```
B. (SSH), D. (Telnet)
Explanation: SSH (Secure Shell) and Telnet are both protocols for remote access to the
command line interface of network devices. SSH uses encryption while Telnet does not; all
Telnet traffic is completely clear text. SSH or Telnet could be used to access a remote router,
firewall, or switch to make configuration changes from a remote location.
32
Telnet should be used instead of SSH for security purposes.
A. True
B. False
B. False
Explanation: Using Telnet is a security concern for companies because all communications over
Telnet are in clear text, even usernames and passwords. SSH should be used instead in order to
increase security with remote access to network devices.
33
```
Which of the following TCP ports are used by SSH. (choose all that apply)
A. 20
B. 21
C. 22
D. 23
```
C. 22
| Explanation: SSH (Secure Shell) uses TCP port 22
34
```
Which of the following TCP ports are used by Telnet. (choose all that apply)
A. 20
B. 21
C. 22
D. 23
```
D. 23
| Explanation: Telnet uses TCP port 23.
35
```
______________ is the protocol responsible for ping and traceroute.
A. ICMP
B. RDP
C. TFTP
D. Ping
```
A. ICMP
Explanation: ICMP (Internet Control Message Protocol) is used by applications such as Ping and
Traceroute to produce IP based reachability outputs. With the Ping application in particular the
ICMP Echo and ICMP Echo reply are used to check IP reachability status of a network node.
36
```
Which of the following TCP ports are used by FTP. (choose all that apply)
A. 20
B. 21
C. 22
D. 23
```
A. (20), B. (21)
Explanation: FTP (File Transfer Protocol) uses TCP port 20 (FTP data transfer) & 21 (FTP control).
Port 21 use used to manage the FTP sessions and port 20 is the port which the data actually
transfers over during the file transfer.
37
Trivial File Transfer Protocol (TFTP) uses UDP port 69 and is considered to be connectionoriented.
A. True
B. False
B. False
Explanation: TFTP (Trivial File Transfer Protocol) does use UDP port 69, but because it uses UDP
is considered to be connection-less. FTP on the other hand uses TCP and is connection-oriented.
38
```
Which DNS record needs to be setup to point the outside world to a company’s E-Mail server?
A. An A Record
B. NS Record
C. CNAME
D. MX Record
```
D. MX Record
| Explanation: MX records are Mail Exchanger records which are used for Mail servers.
39
A user is having problems accessing websites. You step in to troubleshoot and you are able to
send pings to the default gateway and out to public internet IP addresses just fine. However,
when you try to ping to a Fully Qualified Domain Name (FQDN) such as www.google.com it does
not go through and says “could not find host www.google.com”. Also, when you attempt to
browse to a website using a web browser you get an error stating the site can’t be reach and the
DNS address could not be found. What is most likely the cause of this problem?
A. The DNS Server is down
B. The user has an incorrect IP address in TCP/IP settings
C. The user has an incorrect DNS server address in TCP/IP settings
D. DHCP Server is down
C. The user has an incorrect DNS server address in TCP/IP settings
Explanation: When an bad DNS entry has been input into the TCP/IP settings of a computer it
will not be able to perform DNS lookups. It will seem to the user as if the connection to the
internet is down, but in reality the computer just can’t perform DNS lookups. To correct this a
valid DNS server should be input into the TCP/IP settings of the computer.
40
The Domain Name System provides translation from Fully Qualified Domain Names (FQDNs) into
IP addresses.
A. True
B. False
A. True
Explanation: The purpose of DNS is to make things like web services and server addresses much
easier to manage. It’s not easy to remember IP addresses (even for techs and engineers) and
also, what if we need the IP addresses to change? Then, everyone would need to remember a
new number! DNS allows us to use names instead of IP addresses and assists with making
management of public and even private servers much easier. With DNS we can always keep the
same names for our websites and servers and simply translate those names into whatever IP
addresses we need to. DNS resolves FQDNs into IP addresses and vice versa.
41
```
A FQDN (Fully Qualified Domain Name) contains the following levels. (choose all that apply)
A. Root Domain
B. Top-level Domain
C. Second-level Domain
D. Host
```
A. (Root Domain), B. (Top-level Domain), C. (Second-level Domain), D. (Host)
Explanation: FQDNs are made up of all of the above. For example in the FQDN
www.google.com, www is the Host, .google is the Second-level, .com is the Top-leve, and the
Root Domain is an invisible “.” at the end of the FQDN.
42
```
This type of service allows once to use a dynamically assigned public IP address with a public DNS
record.
A. SOA
B. DHCP
C. SRV
D. DDNS
```
D. DDNS
Explanation: DDNS (Dynamic DNS) is a service that allows you to publish a public DNS record
even if you have a dynamically assigned public IP address from your service provider. Most
companies use static IP addresses on their internet gateways and use their own DNS, so in those
situations DDNS is not necessary. However, for home users or SOHO companies that don’t have
a static IP address DDNS is a good option for setting a standard public DNS name that doesn’t
change and will always translate to your public IP address even when it changes.
43
Which of the following is a physical piece of hardware installed on the edge of a network that protects the
network by permitting or denying traffic that attempts to enter or leave it?
A. Host-based firewall
B. Network-based firewall
C. VPN Concentrator
D. Anti-malware
B. Network-based firewall
Explanation: A network-based firewall is a physical hardware device while a host-based firewall is
software that is installed on an individual host computer. Network-based firewalls are able to provide
security for an entire network by being placed in-line at the edge between the private network and the
public internet connection.
44
Which of the following is a list of rules on layer 3 switches, routers and firewalls that is used to permit
and/or deny traffic based on where the traffic is coming from and where it is going to?
A. ACL
B. UTM
C. GRE
D. VPN
A. ACL
Explanation: An ACL (Access Control List) is a list created to match specific criteria such as the protocol
(IP), source address/network, destination address/network, and the TCP/UP port number. Once an ACL is
created it can be applied to an interface on a layer 3 switch, router, or firewall to permit or deny inbound
or outbound traffic that passes through the interface.
45
This type of firewall keeps track of connections that originate from inside the network and go out to the
internet. It tracks the outgoing connection and allows legitimate return traffic to enter the network while
still blocking non-legitimate traffic from the outside.
A. Stateful host-based firewall
B. Stateless network-based firewall
C. Stateless host-based firewall
D. Stateful network-based firewall
D. Stateful network-based firewall
Explanation: Stateful hardware firewalls perform Stateful packet inspection which allows them to keep
track of connections that are leaving the firewall and going out to the internet. The purpose of this is to
allow the return traffic associated with the the outgoing connection as it is legitimate traffic. However,
the firewall will still block other non-legitimate connections that come from the internet. This is different
from Stateless packet inspection as Stateless inspection does not keep track of the outgoing connections
and simple permits or denies traffic based on the criteria found in the ACLs (Access Control Lists) that are
applied to the device.
46
Most modern firewalls are either stateful or stateless, but never both.
A. True
B. False
B. False
Explanation: Most modern firewalls use Access Control Lists for permitting or denying traffic in a
stateless manner and also track connections in a stateful manner. In this way, most modern firewalls use
both stateful and stateless packet inspection.
47
```
This type of firewall is able to perform deep-packet inspection and inspect traffic that passes through it up
to OSI layer 7.
A. Stateful firewall
B. VPN Concentrator
C. Application aware firewall
D. Stateless firewall
```
C. Application aware firewall
Explanation: Application aware firewalls (aka context aware firewalls) are able to inspect traffic up to the
Application layer and make decisions based on the context of the layer 7 traffic.
48
UTM firewalls provide multiple security services and in addition to stateless and stateful firewalling can
also provide things like VPN services, Anti-malware and Content Filtering. The term UTM means
___________________.
A. Unmanaged Tactical Monitoring
B. Unlimited Tactical Mitigation
C. Unilateral Trojan Monitoring
D. Unified Threat Management
D. Unified Threat Management
Explanation: Unified Threat Management Firewalls (or UTM Firewalls) include multiple security services
and act as a strong safeguard for many types of network security threats.
49
```
This type of VPN (Virtual Private Network) connects one location to another location via an encrypted
tunnel over the internet.
A. Host-to-Site VPN
B. PPTP VPN
C. IPSec Site-to-Site VPN
D. Remote VPN
```
C. IPSec Site-to-Site VPN
Explanation: A Site-to-Site VPN is a VPN tunnel that connects two locations over a private tunnel. VPN
tunnels are encrypted with protocols such as IPSec or SSL to make them secure and viable over the
internet. In some instances a site-to-site VPN can be the primary connection for a location to connect
into the private network, but in other instances a site-to-site VPN may be used as a back-up or alternate
connection to the primary private WAN. Another type of VPN is a Host-to-Site VPN which is also referred
to as a Remote VPN. A Host-to-Site VPN connects a single host into the main network with an encrypted
IPSec or SSL VPN tunnel and is established by using client software on a computer or an SSL vpn webportal.
50
```
IPSec provides the following encryption algorithms. (choose all that apply)
A. DES
B. 3DES
C. Blowfish
D. AES
```
A. (DES), B. (3DES), C. (Blowfish), D. (AES).
Explanation: IPSec includes all of the above algorithms by default and IPSec tunnels use the 3DES
algorithm by default. However, most network engineers prefer to use the stronger AES encryption to
encrypt the traffic in IPSec VPN tunnels.
51
A VPN Concentrator is a device that is designed specifically to handle many VPN connections. As it’s sole
function.
A. True
B. False
A. True
52
An IDS is a device that is placed on the edge of the network.
A. True
B. False
B. False
Explanation: Firewalls run on the edge of a network whereas IDS and IPS devices run from inside
the network to identify and prevent unauthorized traffic that makes it through the firewall.
53
```
A ______________ actively defends a network by both detecting and preventing attacks.
A. Host-based IDS
B. Network-based IDS
C. Host-based IPS
D. Network-based IPS
```
D. Network-based IPS
Explanation: Switches learn the MAC address of connected hosts and keep them stored in the
MAC address table.
54
The main difference between an IDS and an IPS is that an IDS only performs intrusion detection
and alerting, while an IPS performs detection, alerting, and prevention.
A. True
B. False
A. True
Explanation: An IDS (Intrusion Detection System) only does detection and alerting while an IPS
(Intrusion Prevention System) performs detection, alerting, and also stops attacks.
55
An IPS is only security device needed to actively protect a network.
A. True
B. False
B. False
Explanation: While an IPS is a strong addition to the security of a network it cannot be used
alone. IDS and IPS must be integrated into an overall network security solution that also
includes things like firewalls, anti-malware, secure authentication mechanisms, router and
switch security, secure networking protocols, network access control, and physical security.
56
IP (Internet Protocol) provides a logical addressing scheme.
A. True
B. False
A. True
Explanation: IP addresses are logical addresses that can be easily changed at any time while
MAC addresses are physical addresses that are “burned in” to the NIC hardware of a device.
57
```
An IPv4 address is comprised of how many binary bits?
A. 8
B. 12
C. 32
D. 48
```
C. 32
| Explanation: IP version 4 addresses are made up of 4 sets of 8 bits equaling a total of 32 bits.
58
An IP address defines that a device is part of a particular network.
A. True
B. False
A. True
Explanation: An IP address determines the IP network that a host or device belongs to and in
combination with a MAC address defines it’s exact location on the network.
59
```
Internet Protocol is included as part of which protocol stack?
A. Ethernet
B. The OSI Model
C. Broadcast stack
D. TCP/IP
```
D. TCP/IP
Explanation: The TCP/IP protocol stack includes IP (Internet Protocol). Ethernet is a family of
protocols, works below IP and does not include IP. The OSI Model is not a stack of specific
protocols, but rather a model for interpreting and managing protocols, applications, hardware,
and systems. Broadcast stack is not a real thing and conveys no intended meaning.
60
```
An IP router is used to route IP Packets from one network to _______________________.
A. Another network
B. The OSI Model
C. A Frame
D. An Access Point
```
A. Another Network
Explanation: Routers look at the destination IP addresses inside IP Packets and reference their
routing tables to make decisions on how to correctly route the IP traffic to the destination
network. In this way IP routers are used to route traffic from one network to another network.
61
IP by itself is a connection-oriented protocol.
A. True
B. False
B. False
Explanation: By itself, IP is connection-less. In order to become connection-oriented it must be
combined with a connection-oriented protocol from the Transport layer of the OSI model such
as TCP.
62
```
Before being sent out onto the network IP Packets are first encapsulated inside of a___________.
A. Datagram
B. Frame
C. LAN
D. IP Packet
```
B. Frame
Explanation: An IP Packet or Datagram resides at the OSI Network Layer and is encapsulated
inside of a Frame as it moves down to the OSI Data Link Layer. The Frame is then placed on the
physical medium as bits (ones and zeros).
63
```
The IPv4 Networks 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are examples of what type of
IPv4 addressing?
A. Public
B. Hybrid
C. Private
D. Connection-oriented
```
C. Private
Explanation: The RFC 1918 network IDs are used for private networks are not routable on the
public internet. These ranges are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
64
```
To interface with the IPv4 internet what type of IPv4 addressing must be used on the internet
facing device?
A. Public
B. Hybrid
C. Private
D. Connection-oriented
```
A. Public
Explanation: Public IPv4 networks are assigned to the global internet registries by IANA. These
public networks are routable on the public internet where as the RFC 1918 private network
ranges are not routable on the public internet.
65
```
An IPv6 address is comprised of how many total hexadecimal digits?
A. 128
B. 64
C. 32
D. 12
```
C. 32
Explanation: An IPv6 address is represented as eight groups of four hexadecimal digits. Each
group represents 16 bits which is sometimes called a hextet. The groups (or hextets) are
separated by colons. An example of an IPv6 address is:
2001:0BD8:C003:0001:0000:0000:0000:F00C
66
```
When an IPv6 address is converted from hexadecimal into binary how many total binary digits are
there?
A. 128
B. 64
C. 32
D. 8
```
A. 128
Explanation: Each group of four hexadecimal digits in an IPv6 address represents 16 bits. There
are a total of eight groups each separated by a colon. Eight groups multiplied by 16 bits equals
128 total bits.
67
IPv6 was created to eventually replace IPv4.
A. True
B. False
A. True
Explanation: IPv6 was created to allow for more public IP addresses and easier allocation of IP
networks across the globe. IPv6 has the capacity to completely replace IPv6, however it is
merely speculation as to how long that would actually take. As long as there are systems that
still require IPv4 and have not been migrated to IPv6 then IPv4 will still remain. For the
foreseeable future it will be a hybrid IPv4/IPv6 world. However, IPv6 was designed to
supplement and eventually replace IPv4.
68
IPv6 uses traditional Broadcast messages just like IPv4 does.
A. True
B. False
B. False
Explanation: Unlike IPv4 IPv6 does not use traditional IP Broadcasts. Instead, IPv6 uses improved
Multicasts and a new transmission method called Anycast.
69
```
What is the default subnet prefix that you would find on an IPv6 address assigned to a
workstation/host computer?
A. /32
B. /128
C. /48
D. /64
```
D. /64
Explanation: The last 64 bits are the unique IPv6 identifier for the host computer. This portion
of the IPv6 address is called the Interface ID. A /64 mask means the first 64 bits are used for the
Network/subnet and the last 64 bits are used for the host.v
70
```
6. Identify the proper abbreviation of the IPv6 Loopback address.
A. 2001::127
B. 127:0:0:0:0:0:0:1
C. 127::1
D. ::1
```
D. ::1
Explanation: The full IPv6 loopback address is 0000:0000:0000:0000:0000:0000:0000:0001
which can be abbreviated as 0000:0000:0000:0000:0000:0000:0000:1, or 0:0:0:0:0:0:0:1, or ::1 as
the shortest abbreviation.
71
```
Which IPv6 prefix defines a link-local IPv6 address?
A. FE80::/64
B. FC00::/7
C. 2001::/16
D. ::1
```
A. FE80::/64
Explanation: Link-local IPv6 addresses are automatically generated for the network interface
and use a predefined prefix of FE80::/64.
72
This type of network hardening system performs a posture assessment on hosts that connect to
the network to check for criteria such as allowed MAC addresses, operating systems, and if the
host has anti-malware software installed. If the host fails the posture assessment it is placed into
a black-hole Quarantine network.
A. NAC
B. 802.1x
C. DMZ
D. Man Trap
A. NAC
Explanation: NAC (Network Access Control) is a network security system that checks every host
as it connects to the network to confirm that it meets the required criteria before allowing it to
fully connect to the production network.
73
This type of anti-malware runs on firewalls or other devices that are inline with the internet
connection and check traffic for malware as it passes through.
A. Host-based
B. Cloud-based
C. Network-based
D. All of the above
C. Network-based
Explanation: Network-based antimalware runs on devices like advanced firewalls or proxy
servers and scans all traffic for malware as the traffic passes through the device. Host-based
antimalware runs directly on a host computer and cloud-based antimalware is centrally via a
cloud-based service. It’s important to note that a combination of all the types of antimalware is
the best way to defend against malware.
74
```
Which of the following are network hardening techniques that can be found on switches. (choose
all that apply)
A. ARP Inspection
B. DHCP Snooping
C. Single Sign On
D. Port Security
```
A. (ARP Inspection), B. (DHCP Snooping), D. (Port Security)
Explanation: Dynamic ARP Inspection allows switches to check ARP request and replies and
drop them if spoofing is detected. DHCP Snooping allows switches to inspect DHCP traffic and
only allow DHCP traffic to pass if it is associated with trusted DHCP servers. Port Security allows
for port-based MAC address security and if an invalid MAC address is connected to a switch port
the switch will shut the port down.
75
```
Which of the following are secure forms of networking protocols? (choose all that apply)
A. Telnet
B. SNMPv3
C. SFTP
D. PPTP
E. IPSEC
```
B. (SNMPv3), C. (SFTP), E. (IPSec)
Explanation: SNMPv3 is for secure network management traffic, SFTP is for secure file transfers,
and IPSec is for encrypted VPN tunnels. Telnet is a clear text remote terminal application and
SSH should be used instead of Telnet. PPTP is an unencrypted VPN technology and generally
should not be used at all.
76
Two-factor Authentication is a form of Multi-factor Authentication that adds an additional layer
to authentication such as a security question, a one-time password texted to a phone, or an
additional PIN.
A. True
B. False
A. True
Explanation: Multifactor Authentication is a great tool for authentication security. More and
more applications and systems are now using multifactor authentication with two-factor
authentication being the most prevalent.
77
Physical security is not as important as security software features on network devices.
A. True
B. False
B. False
Explanation: Physical Security is just as important if not more important than the security
features that are available on network devices. However, it’s the combination of both that truly
make an impact on network security. Without physical security people would have free access
to the systems that house our data. It always important to consider the benefit of things that
may seem insignificant such as using locks on equipment racks and restricting access to
communications and equipment rooms
78
VLANs are a poor tool for creating segmentation in our networks.
A. True
B. False
B. False
Explanation: In fact, VLANs are one of the best tools we have for creating segmentation in our
network. VLANs can be used to create segmentation down to layer 2 of the OSI model and
allow us to create logically separated areas of the network where we can apply security rules on
a per-VLAN basis.
79
```
Which of the following can be configured on a VLAN gateway to add layer 3 security to the
VLAN?
A. NAC
B. 802.1x
C. ACL
D. DMZ
```
C. ACL
Explanation: Access Control Lists (ACLs) can be applied to any layer 3 interface to add layer 3
security to a network. In the case of VLANs a VLAN interface (aka VLAN gateway) is needed in
order to allow the VLAN to communicate with other networks. When a VLAN interface is
configured as a VLAN Gateway is has no security until an Access Control List is applied to the
VLAN interface.
80
Testing Labs are good for testing things such as device updates, patches and new configurations
before deploying them onto the live production network. Testing Labs should be connected to
the live production network.
A. True
B. False
B. False
Explanation: Testing labs are truly great for testing things before implementing them in the live
production network. However, since testing labs are sometimes used for testing systems that
may have malicious data such as malware, a testing lab should never ever be connected to the
live production network. Testing labs should be physically segmented from the production
network so there is no chance that data can get from the Testing Lab into the live production
network.
81
Which of the following is a private network “neutral zone” that sites between a private LAN and
the public internet which is used to expose certain servers to the internet (such as web-servers
and mail-servers) without exposing the actual private LAN.
A. DMZ
B. Honeypot
C. Honeynet
D. Quarantine Network
A. DMZ
Explanation: The DMZ (De-Militarized Zone) an area of the network that is segmented away
from the main LAN and sits between the main LAN and the internet. Servers that need
exposure to the internet are placed in the DMZ for security purposes so that the main internal
LAN does not have to be opened up to the wild, wild west of the internet.
82
Which of the following is an entire network made to mimic a live production network that is
usually built with weak security and is used to monitor the activities of malicious attackers.
A. DMZ
B. Honeypot
C. Honeynet
D. Quarantine Network
C. Honeynet
Explanation: Honeynets are networks created specifically for the purpose of inviting and
monitoring malicious attacker activities. Honeynets are always segmented away from the live
production network similar to a DMZ, but with no possible access back to the internal network.
83
LANs cover smaller geographic regions than WANs.
A. TRUE
B. FALSE
A. True
Explanation: Local Area Networks (LANs) are small networks that are local to a house, office, or
small group of buildings. Wide Area Networks (WANs) are the long haul networks that connect
LANs to other LANs. WANs can span across entire cities and countries and therefore cover a
much larger geographic region than LANs do.
84
```
What is the smallest type of network that traditionally uses short range wireless technology such
as Bluetooth.
A. CAN
B. LAN
C. MAN
D. PAN
```
D. PAN
Explanation: The Personal Are Network (PAN) covers the area around a person, typically uses
shortrange wireless and is the smallest of all the network types.
85
```
The WLAN, WWAN and PAN are similar in that all three types of networks use this type/category
of media.
A. Wireless
B. Fiber Optics
C. Wired
D. Copper
```
A. Wireless
Explanation: Wireless LANs (WLANs) use WiFi for wireless access to the local network, Wireless
WANs (WWANs)use long haul wireless technology such as cellular to wirelessly connect over
long distances, and Personal Area Networks (PANs) use shortrange wireless such as Bluetooth
to connect peripherals to a host computer
86
This type of network is usually comprised of multiple LANs and describes the switched network
infrastructure of a school, institution, or military base.
A. MAN
B. CAN
C. SAN
D. PAN
B. CAN
Explanation: Campus Area Networks (CANs) describe a networks in which multiple LANs share
the same geographic area and are usually inter-connected via high speed switches. Campus
Area Networks are much larger than regular LANs the term is normally assigned to the swtiched
networks of institutions or college campuses.
87
```
This type of network is composed of both LANs and WANs.
A. MAN
B. CAN
C. SAN
D. PAN
```
A. MAN
Explanation: Metropolitan Area Networks (MANs) span across multiple city blocks and even
between cities connecting geographically separated LANs so they can function as one cohesive
network. A good example of a MAN is the network of a local city government.
88
```
This type of network can span across cities and countries.
A. DAN
B. FRAN
C. WAN
D. WLAN
```
C. WAN
Explanation: Wide Area Networks (WANs) are the long haul networks that connect LANs to
other LANs. WANs can span across entire cities and countries.
89
A network technician needs to connect a user's PC to the wired Ethernet network. What is the
BEST device the technician should use to connect the PC into the wired network?
A. Server
B. Hub
C. Switch
D. Wireless Access Point
C. Switch
Explanation: Switches and Hubs are used to connect wired nodes to the network. Switches are
intelligent devices that learn MAC addresses and have better performance than hubs. Therefore
a switch should always be used as the best option over a hub.
90
Switches make intelligent switching decisions by learning which devices are connected to them.
Which of the following types of addresses does a switch learn about from connected hosts?
A. Layer 3 Address
B. MAC Address
C. Unicast Address
D. IP Address
B. MAC Address
Explanation: Switches learn the MAC address of connected hosts and keep them stored in the
MAC address table.
91
```
The physical connections between network devices, either wired or wireless, are known as the
network ______________.
A. Access
B. Media
C. Hub
D. Cable
```
B. Media
Explanation: The connections between devices are collectively referred to as network media
and individually referred to as a network medium.
92
```
This type of device uses IP addresses to determine where to send network traffic.
A. Router
B. Hub
C. WAP
D. Server
```
A. Router
Explanation: Routers make decisions to send traffic from one network to another network
based on the destination IP address in the IP packet. The IP address of a host determines which
network it belongs to and using this information the Router can determine which local interface
or neighboring router to route the traffic to.
93
```
This type of device serves as the gateway (aka default gateway) for IP traffic to leave the LAN.
A. Router
B. Hub
C. WAP
D. Server
```
A. Router
Explanation: The device that a host must send traffic to for leaving the local LAN and talking to
another network is referred to as a gateway or a default gateway. Since routers are the devices
that are capable of sending traffic from one network to another network they are also the
default gateway for a LAN.
94
```
This type of device is a workstation used by an end user which provides the user with access to
the network.
A. Switch
B. LAN
C. WAN
D. Client
```
D. Client
| Explanation: The hosts or end-user devices on a network are referred to as Clients.
95
```
This Type of device provides a client with network access over wireless media.
A. Wireless Access Point
B. Hub
C. Wired Access Point
D. Switch
```
A. Wireless Access Point
Explanation: Wireless Access Points, also knowns as WAPs, APs, Access Points, or Wireless APs
are the devices that wireless hosts connect to for access to the network.
96
This type of device can be local to the network or in a remote location and provides services to
clients such as sharing of resources and files.
A. Router
B. Client
C. Server
D. Switch
C. Server
Explanation: Servers are the computers on networks that provide services to Clients. Servers
can reside on the local network (such as local file servers) or on a remote network (such as web
servers that host websites).
97
Hubs should be used instead of switches because hubs provide for better network performance
than switches.
A. True
B. False
B. False
Explanation: Switches provide much better performance than that of hubs and should always
be used instead of a hubs. Hubs can still be used, but are rarely seen in larger enterprise
networks due to their poor performance in comparison with switches.
98
You’ve been asked to allow access from the internet on a non-standard port to an internal device
on HTTPS port 443. This is an example of port forwarding.
A. True
B. False
A. True
Explanation: Port Forwarding is a useful tool available even on home routers, but also used in
SOHO and corporate environments. Port Forwarding allows for the forwarding of any port on
the outside of a network to a specific IP address and port on the inside of the network. Port
Forwarding can be a security concern and it is always best to use a non-standard port on the
outside and restrict which public IP addresses are able to access the port forwarding rule.
99
If someone asks you to set up a port forwarding rule there’s no reason to confirm what it is for
and if it is truly needed.
A. True
B. False
B. False
Explanation: It is always necessary to confirm what a port forwarding rule is needed for. In many
cases needs can be met without adding a port forwarding rule, but sometimes they are truly
needed for things like vendor access to a particular device. It’s also best to confirm if it is
needed permanently or just temporarily. It is not good to keep building in lot’s of port
forwarding rules because of the security risk. It’s preferable to use an encrypted VPN tunnel
instead when possible.
100
It is a security risk to forward HTTP port 80 directly to the inside of the network to HTTP port 80.
A. True
B. False
A. True
Explanation: HTTP port 80 should never be opened directly to the inside of the network. If HTTP
port 80 on the outside is opened to the inside it will likely be attacked. And will most definitely
be attacked if it is allowed from any source. In most networks port 80 is opened to a web server
in the DMZ (De-Militarized Zone) and never to the inside network. Any time we punch holes in
our internet facing router or firewall we must be very security conscious. Be careful with port
forwarding!
101
A TCP or UDP port specifies a particular service or application
A. True
B. False
A. True
Explanation: In order for applications and protocols to use the network they must be attached
to a TCP or UDP port. In this way the port number being used specifies the application or
protocol which uses that specific port.
102
```
What port number is used for HTTPS (Hyper Text Transfer Protocol Secure)?
A. 80
B. 23
C. 22
D. 443
```
D. 443
| Explanation: 443 is the well known port for HTTPS which is Hyper Text Transfer Protocol Secure.
103
```
A common web server hosting an unsecure website would be listening on which TCP port?
A. 80
B. 23
C. 22
D. 443
```
A. 80
Explanation: 80 is the well known port for HTTP which is Hyper Text Transfer Protocol without
security.
104
The range of ports from 0 to 1023 are reserved for specific protocols and applications that are
widely used. These ports are known as ___________________.
A. Basic Ports
B. Registered Ports
C. Well Known Ports
D. Private Ports
C. Well Known Ports
Explanation: The ports in the range of 0 – 1023 are the Well Known Ports. These are mapped to
specific protocols that are widely used and the port numbers cannot be changed
105
```
Transmission Control Protocol (TCP) uses which method to establish a connection-oriented
session?
A. 1-way Handshake
B. 2-way Handshake
C. 3-way Handshake
D. 4-way Milkshake
```
C. 3-way Handshake
Explanation: The 3-way Handshake is how TCP sets up a connection-oriented session. It’s called
a 3-way Handshake because it includes 3 messages that set up the connection: a SYN, a
SYN+ACK, and then an ACK.
106
```
Which TCP port number is used by SSH (Secure Shell)?
A. 20
B. 22
C. 23
D. 443
```
B. 22
Explanation: Secure Shell is the most popular secure remote terminal session protocol and uses
TCP port 22.
107
```
Which TCP port number is used by Telnet?
A. 20
B. 21
C. 23
D. 143
```
C. 23
Explanation: Telnet is the most popular unsecure remote terminal session protocol and uses
TCP port 23. *In most scenarios Telnet should not be used and SSH should be used instead.
108
File Transfer Protocol (FTP) uses two port number to setup an FTP connection and transfer files.
The ports used by FTP are ports 21 and ____.
A. 20
B. 21
C. 31
D. 143
A. 20
| Explanation: FTP uses ports 20 (FTP data transfer) and 21 (FTP control).
109
```
Which command can be used on a computer to check the TCP and UDP sessions currently open
on the computer?
A. telnet
B. netstat
C. netshell
D. network
```
B. netstat
Explanation: The “netstat” command lists all ports currently open on a computer and the
common switches are –a, -b, -n, -o, and –r.
110
```
Which layer of the OSI Model is layer 3?
A. Data Link
B. Physical
C. Presentation
D. Network
```
D. Network
Explanation: Layer 3 is the Network Layer which contains functionality such as routing,
protocols such as IP, and devices such as routers.
111
Network media such as cables and connectors reside on the Data Link Layer of the OSI Model.
A. True
B. False
B. False
Explanation: The Physical Layer (layer 1) is where all cables and media are referenced in the OSI
Model. The Data Link Layer is where devices such as Switches operate.
112
```
TCP and UDP reside at this layer of the OSI Model.
A. Layer 3
B. Layer 2
C. Layer 7
D. Layer 4
```
D. Layer 4
| Explanation: Layer 4 of the OSI Model is the Transport Layer where TCP and UDP operate.
113
```
Which layer is the Data Link Layer of the OSI Model?
A. Layer 3
B. Layer 2
C. Layer 6
D. Layer 1
```
B. Layer 2
Explanation: The Data Link Layer is the layer just above the Physical Layer (layer 1). The Data
Links Layer is layer 2 which contains the MAC and LLC sub-layers and is where switches and MAC
addresses reside.
114
```
This layer of the OSI Model is a reference point for IP routing and routers.
A. Network
B. Data Link
C. Transport
D. Presentation
```
A. Network
Explanation: The Network Layer is layer 3 which references logical addressing and the protocols
and devices (such as routers) that make it possible to route traffic from one network to another
network
115
```
What is the protocol data unit (PDU) at layer 2 of the OSI model?
A. Packet
B. Bits
C. Data
D. Frame
```
D. Frame
Explanation: Frames represent encapsulation (the packaging of information) at the Data Link
layer. The Frame is the last form of encapsulation before the information is placed onto the
physical medium as ones and zeros.
116
```
What is the protocol data unit (PDU) at layer 3 of the OSI model?
A. Packet
B. Bits
C. Data
D. Segment
```
A. Packet
Explanation: When information arrives at the Network Layer (layer 3) it includes logical
addressing added to it such as the source and destination IP address. When this happens we
call it most commonly a Packet, such as an IP Packet. However, it can also be called a datagram if
it’s a connection-less transmission.
117
```
What is the protocol data unit (PDU) at layer 4 of the OSI model?
A. Transport
B. Bits
C. Segment
D. Data
```
C. Segment
Explanation: When information arrives at the Transport Layer it includes port based information
to define the protocol or application that the information is for. When information is referenced
with a TCP port number it is called a Segment.
118
```
What is the protocol data unit (PDU) at layer 1 of the OSI model?
A. Transport
B. Bits
C. Segment
D. Data
```
B. Bits
Explanation: When information is ready to be placed onto the wired or wireless transmission
medium it is performed by signaling a series of ons and offs similar to a flash light turning on
and then off again in repetition. These ons and offs equate to ones and zeros in the world of
computing and are called bits. This is the reason why we call the information bits when is it at
the physical Layer of the OSI Model (layer 1).
119
The protocol data unit for the top three layers of the OSI Model (layers 5 – 7) is the same.
A. True
B. False
A. True
Explanation: Layer 5 – 7 of the OSI Model are the Session Layer, Presentation Layer and
Application Layer respectively. These layers all have the same PDU which is simply called Data.
120
```
A Host computer works at which layer(s) of the OSI Model.
A. Layers 5-7
B. No layers
C. Layers 1-4
D. All layers
```
D. All layers
Explanation: Host computers run applications that access network resources. This is the entire
reason why we need networks in the first place – so that an application on a computer can send
data to an application on another computer. So, host computers work at the Application Layer
and process information all the way down the OSI model encapsulating the Data into Segments,
Packets, Frames, and then placing it onto the medium as bits via the network interface card.
121
The TCP/IP Model includes 7 layers.
A. True
B. False
B. False
| Explanation: The TCP/IP Model has only 4 layers while the OSI Model has 7 layers.
122
The TCP/IP Network Interface Layer (aka Link Layer) corresponds to the OSI Model Physical and
Data Link Layers.
A. True
B. False
A. True
Explanation: The layers of the TCP/IP Model correspond to certain layers of the OSI model. Since
there are only 4 layers in the TCP/IP Model some of them will correspond to multiple layers of
the OSI Model. Layer 1 of TCP/IP corresponds to Layers 1 and 2 of the OSI Model. Layer 2 of the
TCP/IP Model corresponds directly to Layer 3 of the OSI Model. Layer 3 of the TCP/IP Model
corresponds directly to layer 4 of the OSI Model. Layer 4 of the TCP/IP Model corresponds to
Layers 5 – 7 of the OSI Model.
123
The TCP/IP Model is a representation of the TCP/IP stack of protocols.
A. True
B. False
A. True
| Explanation: The TCP/IP Model represents the TCP/IP stack of protocols that already exist.
124
```
Layer 2 of the TCP/IP Model is known as the ______________ Layer.
A. Network Interface
B. Application
C. Internet
D. Transport
```
C. Internet Layer
Explanation: The second layer of the TCP/IP Model is the Internet Layer which handles routing
and the IP protocol.
125
```
The TCP/IP Network Interface Layer is also known as the ________________.
A. Network Layer
B. Link Layer
C. Application Layer
D. Transport Layer
```
B. Link Layer
Explanation: Layer 1 of the TCP/IP Model technically has two names. It can be called either the
Network Interface Layer or the Link Layer.
126
Virtualization allows us to use a single systems hardware to run multiple “virtual machines” or
virtualized computers within it and the software that enables virtualization is called a Hypervisor.
Which type of Hypervisor is installed directly on the bare metal hardware of a server?
A. Type 1 Hypervisor
B. Type 2 Hypervisor
A. Type 1 Hypervisor
Explanation: A Type 1 Hypervisor is called a “Bare Metal” Hypervisor because it is installed
directly onto the bare metal hardware of a system. This means that a Type 1 Hypervisor serves
as the main Operating System running all the hardware and is not installed under a separate
operating system. VMWare vSphere/ESXi, Microsoft Hyper-V and Citrix XenServer are examples
of Type 1 Hypervisors and are used to run virtualization environments inside companies and
data centers. Type 2 Hypervisors are referred to as “Hosted” Hypervisors and are installed
directly under a host Operating System such as Windows, Mac OSX, or Ubuntu. With Type 2
Hypervisors the Hypervisor is an application running within the Host OS.
127
Type 2 Hypervisors are for running virtual machines on a local/personal computer, while Type 1
Hypervisors are used to deploy large scale virtualization environments inside companies and data
centers.
A. True
B. False
A. True
Explanation: Type 1 Hypervisors are used inside data centers while Type 2 Hypervisors are used
to set up virtual machines on a local computer.
128
```
Virtual machines use a ______________ to connect to the virtualized switching environment.
A. Virtual Router
B. Virtual Firewall
C. Virtual NIC
D. Virtual Server
```
C. Virtual NIC
Explanation: Just like regular computers need a physical Network Interface Card to connect to
the network, virtual machines use a virtual Network Interface Card to connect to the network.
129
```
To configure VLANs inside of a virtualized environment which device is used?
A. Virtual Server
B. Virtual Firewall
C. Virtual Router
D. Virtual Switch
```
D. Virtual Switch
Explanation: Virtual Switches are necessary components within a virtualized environment for
connecting virtual machines into the network. Just as you would set up VLANs on a regular
switch, the same can be done with virtual Switches for setting up VLANs inside a virtual
environment.
130
```
The main benefits of virtualization are. (choose all that apply)
A. Better use of hardware resources
B. Power savings and reduced footprint
C. Recovery
D. Flexibility
```
A. (Better use of hardware resources), B. (Power savings and reduced footprint) C. (Recovery), D.
(Flexibility)
Explanation: All of the above are benefits of implementing virtualization.
131
```
Which of the following are Wireless LAN security measures? (choose all that apply)
A. Network Authentication
B. Client Isolation
C. Disable SSID Broadcast
D. MAC Filtering
```
A. (Network Authentication) B. (Client Isolation), C. (Disable SSID Broadcast), D. (MAC Filtering)
Explanation: All the mentioned answers are methods for implementing WLAN Security
132
```
Which of the following WLAN encryption standards is the most secure?
A. WEP
B. WPA
C. WPA2
D. WPS
```
C. WAP2
Explanation: WPA2 is an enhancement to WPA and uses AES Encryption. WPA2 is the strongest
of the WLAN encryption standards using the strongest available encryption.
133
A Rogue Access Point can be any access point or home wireless router that has been installed on
a company network without approval.
A. True
B. False
A. True
Explanation: A Rogue access point is really any access point on a network that has been
connected without approval. Rogue access points and home routers connected to a corporate
network can at time remain unnoticed, cause security breaches and interfere with existing
wireless channels. Rogue APs should always be identified and taken down as fast as possible. An
Evil Twin is the worst-case scenario with Rogue APs as Evil Twins are set up specifically for the
purpose of mimicking a real production network and duping users into connecting to it for the
purpose of intercepting and stealing data.
