Network Basics 2

Question 1

What do you call the process of transferring VLAN traffic between two or more switches?

Answer 1

Trunking

Question 2

What is a trunk port on a switch?

Answer 2

A port configured to carry all traffic, regardless of VLAN number, between all switches in a LAN.

Question 3

What is the IEEE trunking protocol used in VLANS that enable you to connect switches from different manufacturers?

Answer 3

802.1Q

Question 4

A static VLAN assigns VLANS to ____.

Answer 4

ports

Question 5

A dynamic VLAN assigns VLANS to ____.

Answer 5

MAC addresses

Question 6

A network vulnerability that lets the attacker access VLANs they should not be able to access is called:

Answer 6

double-tagging attack

Question 7

The process of passing traffic between two VLANs using a router (using one or more ports) is called:

Answer 7

inter-VLAN routing

Question 8

What type of VLAN only allows traffic from private ports to be switched to the uplink trunk port, isolating hosts from each other at Layer 2?

Answer 8

A private VLAN

Question 9

You can configure any port on a multilayer switch to act as a ____ port or a ____ port.

Answer 9

switch; router

Question 10

Making multiple servers look like a single server, creating a server cluster, and evenly distributing requests to these servers is called ____.

Answer 10

load balancing

Question 11

When a computer comes to the DNS server for resolution, the server responds with all the “A” records for a FQDN. Then the next time DNS is queried, all the “A” records for a FQDN are returned again but in a different order. This is known as ____.

Answer 11

round robin

This is how DNS performs load balancing by having each Web server gets its own public IP address and each DNS server for the domain has multiple “A” records, each with the same fully qualified domain name (FQDN).

Question 12

Hardware and software tools that filter traffic based on various criteria, such as port number, IP address, or protocol are called ____.

Answer 12

firewalls

Question 13

An application that inspects packets, looking for active intrusions and functions inside the network is called a/an ____.

Answer 13

IDS or Intrusion Detection System

Question 14

Similar to an IDS, a/an ____ sits directly in the flow of network traffic and can stop an attack while it is happening.

Answer 14

IPS or Intrusion Prevention System

Question 15

Copying data from any or all physical ports on a switch to a single physical port is called ____.

Answer 15

port mirroring

Question 16

What standalone multi-port hardware device copies all of the bits it sees and sends them out on a separate port for monitoring and is used for non-obtrusive data collection?

Answer 16

A network tap

Question 17

What sits between clients and external servers, pocketing the requests from the clients for external server resources and making those requests itself?

Answer 17

A proxy server

Question 18

Whom does a forward proxy server act on behalf of?

Answer 18

Clients, getting information from various sources and handing that info to the clients.

Question 19

Whom does a reverse proxy server act on behalf of?

Answer 19

Servers

Clients contact the reverse proxy server, which gathers info from its associated server(s) and hands the info to the clients.

Question 20

802.1X is an example of ____.

Answer 20

port-based authentication

Question 21

Define: IPv6 Address

Answer 21

A 128-bit address consisting of eight sets of four hexadecimal numbers, each number being a value between 0000 and ffff, using a colon to separate the numbers.

Question 22

What two parts are IPv6 addresses generally split into?

Answer 22

A 64-bit network prefix used for routing and a 64-bit interface ID, the user portion.

Question 23

The network prefix of an IPv6 address gets split into what two parts?

Answer 23

A routing prefix and a subnet ID.

Question 24

What are the IPv6 shorthand notation rules?

Answer 24

Leading zeroes can be dropped and only one group of contiguous zeroes can be represented by a double colon (::).

Question 25

What does the IPv6 “/x” prefix length naming convention specify?

Answer 25

The number of bits in the network ID.

Question 26

What is the IPv6 loopback address?

Answer 26

::1

Question 27

What is a link-local address and what is it used for?

Answer 27

The address that a computer running IPv6 gives itself after first booting. It is used for communicating on a local network.

Question 28

What is the IPv6 link-local address?

Answer 28

The first 64 bits are always fe80::/64 (fe80:0000:0000:0000)

Question 29

What address type does a client need to access IPv6 content on the Internet

Answer 29

A global unicast address

Question 30

Does IPv6 use broadcast addresses or multicast addresses?

Answer 30

Multicast addresses

Question 31

What is the all-nodes IPv6 multicast address?

Answer 31

ff02::1

The 2 (scope) indicates the local network segment.
The 1 (group) indicates all nodes within the scope.

Question 32

What is the all-routers IPv6 multicast address?

Answer 32

ff02::2

The first 2 (scope) indicates the local network segment.
The second 2 (group) indicates all routers within the scope.

Question 33

What is the Ethernet address (MAC address) for IPv6 multicast traffic?

Answer 33

33-33-xx-xx-xx-xx

Question 34

What is the solicited-node IPv6 multicast address?

Answer 34

ff02::1:ffxx:xxxx (The last six digits equal the last six digits of the corresponding unicast address).

Question 35

Define: IPv6 Anycast Address

Answer 35

A single IP address shared by multiple hosts.

Routers are configured to direct traffic destined for that single address to the closest system based on what routing metrics were chosen.

Question 36

The ____ is an IPv6 protocol that performs the same functions as ARP in IPv4 and plays a role in features such as stateless address autoconfiguration (SLAAC).

Answer 36

NDP or Neighbor Discovery Protocol

Question 37

Hosts use ____ messages to request the MAC address of a target system, to inform the target system of their own MAC address, and to verify a system is still reachable. They also help IPv6 hosts detect duplicate addresses on the local network.

Answer 37

neighbor solicitation

Question 38

What is the neighbor discovery cache in IPv6?

Answer 38

A host’s list of known MAC addresses.

Question 39

What are NDP’s (Neighbor Discovery Protocol’s) five control message types?

Answer 39

Neighbor solicitation
Neighbor advertisement
Router solicitation
Router advertisement
Redirect

Question 40

Routers use ____ messages in an IPv6 network to send out important information such as their MAC and link-local addresses (default gateway), how hosts on the network should get a global unicast address, whether to use DHCP, and DNS server addresses.

Answer 40

router advertisement

Question 41

What are router solicitation messages used for in IPv6?

Answer 41

Nodes on the network send them to find any routers on the network.

These packets are always sent to the all-router multicast address.

Question 42

What are neighbor advertisement messages used for in IPv6?

Answer 42

To respond to neighbor solicitation messages with the host’s MAC address and to let the requesting system know that it is reachable.

These packets are sent via unicast addresses.

Question 43

What are redirect messages used for in IPv6?

Answer 43

They enable a router to tell a host that there is a better router to use for traffic to a given destination when multiple routers are available for a host to use.

Question 44

What does a DHCPv6 server in stateful mode do?

Answer 44

It tells the host the full 128-bit address it should use and keeps track of the addresses it has passed out. It also gives out other information.

Question 45

What does a DHCPv6 server in stateless mode do?

Answer 45

It lets hosts pick out their own IPv6 addresses using SLAAC (stateless address autoconfiguration) and gives out other information.

Question 46

As you get to the top of the Internet, the Tier 1 routers that connect to other Tier 1 routers can’t have any default route. These no-default routers make up the ____.

Answer 46

default-free zone (DFZ)

Question 47

What is aggregation in IPv6?

Answer 47

Where every router underneath one router always uses a subset of that router’s existing routes.

Question 48

What is the 6in4 IPv6 tunneling protocol?

Answer 48

It is one of only two IPv6 tunneling protocols that can go through IPv4 NAT (called NAT traversal).

Question 49

What is NAT64?

Answer 49

A transition mechanism that attaches the bytes of an IPv4 address onto the end of an IPv6 address for network traversal.

Question 50

Downstream routers may, in theory, do what if their upstream router suddenly changes the IPv6 prefix it delegates to them?

Answer 50

Send an all-nodes router advertisement so that clients can renumber.

Question 51

A router feature that labels certain data to use a desired connection, and works with any type of packet switching to force certain types of data to use a certain path is called ____.

Answer 51

MPLS or Multiprotocol Label Switching

Question 52

What is a metro Ethernet network?

Answer 52

A secure, private network within a city using fiber-optic cabling. This is also called a metropolitan area network (MAN).

Question 53

A business that leases direct connections to the Internet and in turn provides a public on-ramp (provider links) to the Internet is called a/an ____.

Answer 53

ISP or Internet Service Provider

Question 54

A/An ____ is a high-speed Internet connection technology that uses a modem and a regular telephone line for connectivity.

Answer 54

DSL or Digital Subscriber Line

Question 55

For DSL and a plain old telephone service (POTS) to coexist, you need a ____ for the phone line installed.

Answer 55

DSL POTS filter

Question 56

What protocol do cable modems use?

Answer 56

DOCSIS or Data Over Cable Service Interface Specification

Question 57

Satellite access comes in two types:

Answer 57

one-way (download via satellite, upload via PSTN/dial-up)

two-way (download and upload via satellite)

Question 58

Which last mile architecture enables fiber-to-the-home to connect the neighborhood switch to the premises?

Answer 58

PON (Passive Optical Network)

Question 59

What do all remote terminal programs require?

Answer 59

A server (the computer to be controlled) and a client.

Question 60

What two important things do VPNs (Virtual Private Networks) need to function?

Answer 60

Endpoints and the same network ID for the computers on both sides.

Question 61

What is SONET (Synchronous Optical Network) used for?

Answer 61

Long-distance, high-speed, fiber optic transmission.

Question 62

What VPN technology enables direct connections between satellite/multiple locations?

Answer 62

DMVPN or Dynamic Multipoint VPN

Question 63

What protocol is commonly used with today’s VPNs?

Answer 63

IPsec

Question 64

The ____ standard defines both how wireless devices communicate and how to secure that communication.

Answer 64

802.11

Question 65

What is the 802.11 network operation mode where two or more devices communicate directly without any other intermediary hardware?

Answer 65

ad hoc mode

Question 66

What is the 802.11 network operation mode that uses one or more WAPs?

Answer 66

infrastructure mode

Question 67

Two or more wireless nodes communicating in ad hoc mode form a/an ____.

Answer 67

IBSS (Independent Basic Service Set)

Question 68

A single WAP servicing a given area is called a/an ____.

Answer 68

BSS (Basic Service Set)

Question 69

Multiple WAPs servicing an area is called a/an ____.

Answer 69

ESS (Extended Service Set)

Question 70

What is a 32-bit identification string, sometimes called a network name, that’s inserted into the header of each data packet processed by a WAP (wireless access point)?

Answer 70

Service Set Identifier (SSID)

Question 71

A spread-spectrum broadcasting method defined in the 802.11 standard that sends data out on different frequencies at the same time is called ____.

Answer 71

Direct-Sequence Spread-Spectrum (DSSS)

Question 72

A spread-spectrum broadcasting method defined in the 802.11 standard that sends data on one frequency at a time, constantly shifting (or hopping) frequencies is called ____.

Answer 72

Frequency-Hopping Spread-Spectrum (FHSS)

Question 73

A spread-spectrum broadcasting method defined in the 802.11 standard that combines the multiple frequencies of DSSS with FHSS’s hopping capability is called ____.

Answer 73

Orthogonal frequency-division multiplexing (OFDM)

Question 74

For the ____GHz band, the 802.11 standard defines 14 channels (US limits it to channels 1-11) of 20 MHz each.

Answer 74

2.4 GHz

Question 75

What three channels in the 2.4 GHz band should be used on WAPs to avoid overlap?

Answer 75

1, 6, and 11

Question 76

The versions of 802.11 that use the ____GHz and ____GHz bands use automatic channel switching and in general have around 40 different channels in the spectrums.

Answer 76

5.0 GHz, 6.0 GHz

Question 77

Wi-Fi networks use carrier-sense multiple access with ____ (CSMA/____)?

Answer 77

collision avoidance (CSMA/CA)

Question 78

802.11b
Frequency
Spectrum
Speed
Range

Answer 78

Frequency: 2.4 GHz
Spectrum: DSSS
Speed: 11 Mbps
Range: ~300 feet

Question 79

802.11a
Frequency
Spectrum
Speed
Range

Answer 79

Frequency: 5.0 GHz
Spectrum: OFDM
Speed: 54 Mbps
Range: ~150 feet

Question 80

802.11g
Frequency
Spectrum
Speed
Range

Answer 80

Frequency: 2.4 GHz
Spectrum: OFDM
Speed: 54 Mbps
Range: ~300 feet

Question 81

802.11n (Wi-Fi 4)
Frequency
Spectrum
Speed
Range

Answer 81

Frequency: 2.4 GHz
Spectrum: OFDM (QAM)
Speed: 100+ Mbps
Range: ~300 feet

Question 82

____ is a feature in 802.11n and later WAPs that enables them to make multiple simultaneous connections called streams.

Answer 82

Multiple Input/Multiple Output (MIMO)

Question 83

____ is a multiple-antenna technology in 802.11n WAPs that helps get rid of dead spots.

Answer 83

Transmit beamforming

Question 84

802.11ac (Wi-Fi 5)
Frequency
Spectrum
Speed
Range

Answer 84

Frequency: 5.0 GHz
Spectrum: OFDM (QAM)
Speed: Up to 1 Gbps
Range: ~300 feet

Question 85

____ is a feature of 802.11ac and later networking that enables a WAP to broadcast to multiple users simultaneously.

Answer 85

Multi-User MIMO (MU-MIMO)

Question 86

802.11ax (Wi-Fi 6/6E)
Frequency
Spectrum
Speed
Range

Answer 86

Frequency: 2.4 GHz, 5.0 GHz, 6.0 GHz
Spectrum: OFDMA (1024 QAM)
Speed: Up to 10 Gbps
Range: ~300

Question 87

____ is an early wireless security protocol for Wi-Fi that uses the RC4 encryption algorithm and is no longer used due to major security vulnerabilities.

Answer 87

WEP or Wired Equivalent Privacy

Question 88

____ is a wireless security protocol that addresses weaknesses and acts as an upgrade to WEP. It also supports authentication using EAP.

Answer 88

WPA or Wi-Fi Protected Access

Question 89

____ is an authentication wrapper that ___-compliant applications can use to accept one of many types of authentication. It is a general-purpose authentication wrapper mainly used in wireless networks.

Answer 89

EAP or Extensible Authentication Protocol

Question 90

____ is a port-based authentication network access control mechanism for networks. It’s a complete authentication standard designed to force devices to go through a full AAA process to get anywhere past the interface on a network connection device such as a WAP (aka. network access server or NAS).

Answer 90

802.1X

Question 91

____ is the consumer name for the IEEE 802.11i standard and the replacement for the WPA protocol. It uses the AES (Advanced Encryption Standard) algorithm.

Answer 91

WPA2

Question 92

A switch that’s designed to handle a number of WAPs simultaneously and does the job of configuring them is called a/an ____.

Answer 92

wireless LAN controllers

Question 93

____ is a method to load-balance wireless network clients associated with a single SSID. It distributes clients across many VLANs to avoid excessive levels of broadcast traffic.

Answer 93

VLAN pooling

Question 94

____ are flat, plate-shaped antennas that generate a half-sphere beam and are placed on walls.

Answer 94

Patch antennas

Question 95

Wi-Fi ____ is the loss of packets due to an overworked WAP.

Answer 95

jitter

Question 96

What are the three physical problems that cause attenuation in Wi-Fi networks, the progressive loss of radio signal strength as the radio wave passes through different mediums?

Answer 96

Absorption
Reflection
Refraction

Question 97

A ____ is a Wi-Fi network implementation used in some public facilities that directs attempts to connect to the network to an internal Web page for that facility; generally used to force terms of service on users.

Answer 97

captive portal

Question 98

When setting up WPA2-PSK on your wireless network, you have the option to choose TKIP or AES. Which should you implement?

Answer 98

AES

Question 99

What type of server supports EAP-encrypted passwords in accordance with the 802.1X standard?

Answer 99

RADIUS server

Question 100

A ____ hypervisor is installed on the system in lieu of an operating system.

Answer 100

Type 1

Question 101

A ____ hypervisor is installed on top of the operating system.

Answer 101

Type 2

Question 102

Infrastructure as a Service (IaaS) providers enable you to:

Answer 102

set up and tear down infrastructure, such as servers, switches, and routers, on demand.

Question 103

The ____ cloud service model provides a complete deployment and management system with all the tools needed to administer and maintain a Web application.

Answer 103

PaaS or Platform as a Service

Question 104

The ____ cloud service model replaces applications once distributed and licensed via physical media with subscriptions to equivalent applications from online servers.

Answer 104

SaaS or Software as a Service

Question 105

____ is the practice of increasing the capacity of a service or application deployed in a private cloud by adding extra instances in a public cloud.

Answer 105

Cloud bursting

Question 106

____ is an automation philosophy that defines the infrastructure (servers and network components) an application or service requires in configuration files or scripts well enough that it is easy to create identical copies of the needed infrastructure.

Answer 106

IaC or Infrastructure as Code

Question 107

____ is programming that allows a master controller to determine how network components will move traffic through the network and is used in virtualization.

Answer 107

SDN or Software-Defined Networking

Question 108

____ is a cloud computing service that enables a user or organization to virtualize user workstations and manage them as flexibly as other cloud resources.

Answer 108

DaaS or Desktop as a Service

Question 109

A/An ____ can establish a permanent tunnel (often using IPsec) between a local network and a virtual network in the cloud.

Answer 109

site-to-site VPN

Question 110

What are the three layers that make up the three-tiered architecture for traditional data centers?

Answer 110

1. Access/edge layer
2. Distribution/aggregation layer
3. Core layer

Question 111

A ____ is a server that can take a pool of hard disks and present them over the network as any number of logical disks. The interface it presents to a client computer pretends to be a hard disk and enables the client’s operating system to read and write blocks over a network.

Answer 111

SAN or Storage Area Network

Question 112

A process in which an organization places its own server hardware in a public, third-party data center is called ____.

Answer 112

co-location

Question 113

What is the spine-and-leaf architecture in data centers?

Answer 113

Where every spine switch connects with every leaf switch in a two-tiered mesh network.

Question 114

What protocol provides load balancing in a spine-and-leaf data center?

Answer 114

ECPM or Equal-Cost Multipath

Question 115

____ means to have multiple pieces of interconnected equipment, such as servers, appear to the network as a single (logical) device.

Answer 115

Clustering

Question 116

Clustering solutions are an example of ____ high availability (HA) in that all members of the cluster are active at the same time.

Answer 116

active-active

Question 117

____ is an open standard protocol that enables redundant routers to appear as a single virtual router with a single virtual IP (VIP) address for high availability.

Answer 117

VRRP or Virtual Router Redundancy Protocol

Question 118

____ is a Cisco proprietary protocol that enables redundant routers to appear as a single virtual router with a single virtual IP (VIP) address for high availability.

Answer 118

HSRP or Hot Standby Router Protocol

Question 119

VRRP (Virtual Router Redundancy Protocol) and HSRP (Hot Standby Router Protocol) are examples of ____ high availability (HA) in that only one router is active at a time. All other routers are passive until the active router fails.

Answer 119

active-passive

Question 120

What document contains details about all the hardware and software installed in a data center and provides the foundation for future upgrades?

Answer 120

Baseline configuration

Question 121

Devices using the proprietary ____ protocol form a mesh network using the 908 MHz and 916 MHz band.

Answer 121

Z-Wave

Question 122

Devices using the open source ____ protocol form a mesh network using either the 2.4 GHz or 915 MHz band.

Answer 122

Zigbee

Question 123

Virtually all VoIP (Voice over IP) systems use what two protocols?

Answer 123

SIP or Session Initiation Protocol
RTP or Real-time Transport Protocol

Question 124

____ is a complete VoIP or video presentation connection and session controller protocol.

Answer 124

MGCP or Media Gateway Control Protocol

Question 125

The overall system that monitors and controls machines today is called a/an ____.

Answer 125

ICS or Industrial Control System

Question 126

A/An ____ is a computer that controls a machine according to a set of ordered steps.

Answer 126

PLC or Programmable Logic Controller

Question 127

____ is a system that has the basic components of a distributed control system (DCS), yet is designed for large-scale, distributed processes and functions with the idea that remote devices may or may not have ongoing communication with the central control.

Answer 127

SCADA or Supervisory Control And Data Acquisition

Question 128

A ____ consists of small controllers added directly to a machine used to distribute the computing load. Each of the local controllers connects to a centralized controller, the ICS server, where global changes can be managed.

Answer 128

DCS or Distributed Control System

Question 129

In a/an ____ deployment model, the corporation owns all the mobile devices and issues them to employees. The corporation is solely responsible for the maintenance of the devices, the applications, and the data. Nothing but company approved software is used on the issued mobile devices.

Answer 129

COBO or Corporate Owned, Business Only

Question 130

In a/an ____ deployment model, the organization issues mobile devices and employees are presented with a whitelist of pre-approved applications that they may install.

Answer 130

COPE or Corporate Owned, Personally Enabled

Question 131

An organization offering ____ options provides employees free choice within a catalog of mobile devices. The organization retains complete control and ownership over the mobile devices, although the employees can install their own apps on the mobile devices.

Answer 131

CYOD or Choose Your Own Device

Question 132

A/An ____ is a document between a customer and a service provider that defines the scope, quality, and terms of service to be provided. ____ requirements are a common part of business continuity and disaster recovery.

Answer 132

SLA or Service Level Agreement
SLA

Question 133

A/An ____ is a document that defines an agreement between two parties in situations where a legal contract wouldn’t be appropriate. It defines the duties the parties commit to perform for each other and a time frame for the ____.

Answer 133

MOU or Memorandum Of Understanding
MOU

Question 134

A/An ____ is a legal contract between a vendor and a customer that defines the services and products the vendor agrees to supply and the time frames in which to supply them.

Answer 134

SOW or Statement Of Work

Question 135

A/An ____ will inspect a huge number of potential vulnerabilities and create a report for an organization to then act upon.

Answer 135

vulnerability scanner

Question 136

A/An ____ covers all the various threats and risks to which a company is exposed and includes the cost of negative events in both money and time.

Answer 136

posture assessment

Question 137

A/An ____ examines all aspects of a third party’s security controls, processes, procurement, labor policies, and more to see what risks that third party poses to the organization.

Answer 137

vendor risk assessment

Question 138

Incidents that take place within the organization that can be stopped, contained, and remedied without outside resources are handled by ____ planning.

Answer 138

incident response

Question 139

If an incident can no longer be contained, causing significant damage or danger to the immediate infrastructure, it is covered under ____.

Answer 139

disaster recovery

Question 140

If the disaster requires actions offsite from the primary infrastructure, it is under the jurisdiction of ____.

Answer 140

business continuity

Question 141

A/An ____ sets an upper limit to how much lost data the organization can tolerate if it must restore from a backup, effectively dictating how frequently backups must be taken.

Answer 141

RPO or Recovery Point Objective

Question 142

The ____ sets an upper limit to how long the organization can tolerate an outage before full functionality must be restored.

Answer 142

RTO or Recovery Time Objective

Question 143

A/An ____ details risks to critical systems, cost to replace or repair such systems, and how to make those replacements or repairs happen in a timely fashion.

Answer 143

BCP or Business Continuity Plan

Question 144

____ is identifying people who can take over certain positions (usually on a temporary basis) in case the people holding those critical positions are incapacitated or lost in an incident or disaster.

Answer 144

Succession planning

Question 145

In general, when you are in a situation where you are the first responder, you need to do the following three things:

Answer 145

1. Secure the area
2. Document the scene
3. Collect evidence

Question 146

A/An ____ is the process of an organization preserving and organizing data in anticipation of or in reaction to a pending legal issue.

Answer 146

legal hold

Question 147

Through what mechanism is a change to the IT structure initiated?

Answer 147

Users submit a change request to the change management team.

Question 148

What is the job of a first responder?

Answer 148

To react to the notification of a computer crime.

Question 149

The best way to know the vulnerabilities of an IT infrastructure is to run what?

Answer 149

A vulnerability scanner

Question 150

The three goals of security, the CIA triad, are:

Answer 150

1. Confidentiality
2. Integrity
3. Availability

Question 151

In ____, an attacker alters a DNS server’s cache to point clients to an evil Web server instead of the correct one.

Answer 151

DNS poisoning

Question 152

To prevent DNS cache poisoning, the typical use case scenario is to add ____ for domain name resolutions.

Answer 152

DNSSEC or DNS Security Extensions

Question 153

____ is a switch process that monitors DHCP traffic, filtering out DHCP messages from untrusted sources. Typically it’s used to block attacks that use a rogue DHCP server.

Answer 153

DHCP snooping

Question 154

In IPv6 networks, ____ enables the switch to block router advertisements and router redirect messages that are not sent from trusted ports or don’t match a policy.

Answer 154

RA-Guard or Router Advertisement Guard

Question 155

____ attacks target ARP caches on hosts and MAC address tables on switches.

Answer 155

ARP cache poisoning

Question 156

What tool uses the DHCP snooping binding database to prevent ARP cache poisoning?

Answer 156

DAI or Dynamic ARP Inspection (Cisco)

Question 157

Implementing Dynamic ARP Inspection (DAI) and DHCP snooping enhances ____, a key network hardening technique.

Answer 157

switch port protection

Question 158

Used in DDoS attacks, ____ is where the attacker sends requests to normal servers with the target’s IP address spoofed as the source. The normal servers respond to the spoofed IP address (the target system), overwhelming it with reflected traffic without identifying the true initiator.

Answer 158

reflection

Question 159

A/An ____ DoS attack sends a small amount of traffic to a server, which produces a much larger response from the server that is sent to a spoofed IP address, overwhelming a victim machine.

Answer 159

amplified

Question 160

A/An ____ is a form of DoS attack that targets 802.11 WiFi networks specifically by sending out a frame that kicks a wireless client off its current WAP connection. A rogue WAP nearby presents a stronger signal, which the client will prefer. The rogue WAP connects the client to the Internet and then proceeds to intercept communications to and from that client.

Answer 160

deauthentication (deauth) attack

Question 161

A/An ____ attack is where an attacker takes advantage of DHCP scope exhaustion by spoofing packets to the DHCP server, tricking it into giving away all of its leases and therefore running out of open addresses. It is a technique used to encourage clients to switch to a rogue DHCP server that the attacker controls.

Answer 161

DHCP starvation

Question 162

In an ____, an attacker taps into the communications between two systems, covertly intercepting traffic thought to be only between those systems, reading or in some cases even changing the data and then sending the data on.

Answer 162

on-path attack (aka. man-in-the-middle)

Question 163

____ tries to intercept a valid computer session to get authentication information.

Answer 163

Session hijacking

Question 164

____ is a Layer 2 attack that enables an attacker to access hosts on a VLAN the attacker is not a part of. The mechanism behind the attack is to take a system that’s connected to one VLAN and, by abusing VLAN commands to the switch, convince the switch to change your switch port connection to a trunk line.

Answer 164

VLAN hopping

Question 165

____ uses some form of encryption to lock a user out of a system, usually by encrypting the boot drive.

Answer 165

Crypto-malware

Question 166

A ____ is a malware program that replicates and activates. It only replicates to other applications on a drive or to other drives, and does not replicate across networks. It is not a stand-alone program, but rather something attached to a host file. They carry some payload that may or may not do something malicious when activated.

Answer 166

virus

Question 167

A/An ____ replicates exclusively through networks by sending copies of itself to any other computers it can locate on the network. They can exploit inherent vulnerabilities in program code, attacking programs, operating systems, protocols, and more.

Answer 167

worm

Question 168

A/An ____ is code written to execute when certain conditions are met, usually with malicious intent.

Answer 168

logic bomb

Question 169

A/An ____ is a piece of malware that looks or pretends to do one thing while, at the same time, doing something evil. They do not replicate.

Answer 169

Trojan horse

Question 170

A/An ____ is a type of malware that takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools.

Answer 170

rootkit

Question 171

____ is a social engineering technique where the attacker poses as a trusted source and tries to inspire the victim to act based on a false premise (usually communicated via e-mail, phone, or SMS). A successful attack typically obtains confidential information or introduces malware into the network.

Answer 171

phishing

Question 172

To lock a Windows computer, press the ____ combination.

Answer 172

WINDOWS KEY-L

Question 173

An unauthorized person attempting to follow an authorized person into a secure area without the authorized person’s consent or even realization is called ____.

Answer 173

tailgating

Question 174

An authorized person helping an unauthorized person follow them into a secure area is called ____.

Answer 174

piggybacking

Question 175

A/An ____, is an entryway with two successive locked doors and a small space between them providing one-way entry or exit.

Answer 175

access control vestibule (aka. mantrap)

Question 176

A/An ____ is a sensor that detects and reads a token that comes within range. The polled information is used to determine the access level of the person carrying the token.

Answer 176

proximity reader

Question 177

A device (such as a credit card) that you insert into your PC or use on a door pad for authentication is called a/an ____.

Answer 177

smart card

Question 178

In all network operating systems, the permissions of the groups are combined, and the result is what is called the ____ the user has to access a given resource.

Answer 178

effective permissions

Question 179

____ is a standardized approach to verify that a node meets certain criteria before it is allowed to connect to a network.

Answer 179

NAC or Network Access Control

Question 180

In terms of posture assessment, a/an ____ refers to software that runs within a client and reports the client’s security characteristics to an access control server to be approved or denied entry to a system.

Answer 180

agent

Question 181

Attackers can use ____, excessive or malformed packets, to conduct DoS attacks on networks and hosts, targeting vulnerable switches through their switch ports.

Answer 181

traffic floods

Question 182

A/An ____ is a network segment carved out by firewalls to provide a special place (a zone) on the network for any servers that need to be publicly accessible from the Internet.

Answer 182

screened subnet (aka. a DMZ or demilitarized zone)

Question 183

A/An ____ is a network containing one or more honeypots created to lure in hackers.

Answer 183

honeynet

Question 184

Which Windows utility displays open ports on a host?

Answer 184

netstat

Question 185

The NSA’s TEMPEST security standards are used to combat which risk?

Answer 185

RF emanation using enclosures, shielding, and even paint.

Question 186

A DoS attacker using ____ would focus on sending the smallest amount of traffic possible.

Answer 186

amplification

Question 187

An SNMP (Simple Network Management Protocol) system, which creates a managed network, consists of at least three components:

Answer 187

1. Managed devices
2. SNMP manager aka. a NMS (Network Management System
3. SNMP agent

Question 188

SNMP uses ____ to categorize the data that can be queried.

Answer 188

MIBs or Management Information Bases

Question 189

SNMP managers use UDP ports:

Answer 189

162 or 10162 (with TLS)

Question 190

SNMP agents use UDP ports:

Answer 190

161 or 10161 (with TLS)

Question 191

A/An ____ is a program that queries a network interface and collects (captures) packets in a file. They need to capture all the packets they can, so it’s typical for them to connect to an interface in promiscuous mode or, in the case of a switch, a mirrored port.

Answer 191

packet sniffer

Question 192

A/An ____ is a program that processes capture files from packet sniffers and analyzes them based on our monitoring needs.

Answer 192

protocol analyzer

Question 193

A/An ____ tool tracks traffic flowing between specific source and destination devices.

Answer 193

packet flow monitoring

Question 194

The default destination port for syslog is UDP port ____.

Answer 194

514