Chpt 6 perimeter defense

Which of the following best describes the purpose of using subnets
Subnets divide an IP network address into multiple Network addresses
Which of the following is not a reason to use subnets on a network
Combine different media type onto the same subnet
Which of the following IPv6 addresses is equivalent to the ipv4 loopback address of 127. 0. 0. 1
:: 1
Which of the following describes an IPv6 address
8 hexadecimal quartets and 128-bit address
Which of the following correctly describes the most common format for expressing IPv6 addresses
32 numbers grouped using colons and hexadecimal numbers
Which of the following are valid IPv6 addresses
6384: 1319: 7700: 7631: 4468: 5511: 8940: 2552

141: 0: 0: 0: 15: 0: 0: 1

Which of the following is a valid IPv6 address
FEC 0::AB: 9007
Routers operate at what level of the open system interconnect model
Network layer
You’ve decided to use a subnet mask of 255. 255. 192. 0 on the 172. 17. 0. 0 Network to create for separate subnets which network IDs will be assigned to these subnets in the configuration
172. 17. 0. 0 and 172. 17. 128. 0
You have been using SNMP on your network for monitoring and management you are concerned about the security of this configuration what should you do
Implement version 3 of SNMP
You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name which protocol should you implement
DNS
Which of the following protocols allows hosts to exchange messages to indicate problems with packet delivery
Icmp
You are configuring a network firewall to allow SMTP outbound email traffic and POP3 inbound email traffic which of the following TCP / IP port should you open on the firewall
25 + 1 10
Which port number is used by SNMP
161
Which of the following ports does FTP used to establish sessions and manage traffic
20 + 21
Using the Nets at command you notice that the remote system has made a connection to your Windows Server 2008 system using TCP / ip port 21 which of the following actions is the remote system most likely to be performing
Downloading a file
To increase Security on your company’s internal network administrator has disabled as many points as possible now however though you can browse the internet you are unable to perform secured credit card transactions which Port needs to be enabled to allow
443
Which of the following Network Services or protocols uses TCP /ip Port 22
SSH
Drag each IP port number on the left to its Associated service on the right be aware that some sport numbers may be used more than once
SNMP equals 61 SSH equals 22 tftp equals 69 SCP equals 22 telnet equals 23 https equals 44 3 HTTP equals 80 ft P equals 20 SMTP equals 25 EO P3 equals 110
Which two of the following lists accurately describes TCP and UDP
TCP: connection oriented, reliable, sequence, High overhead

UDP: connection list, unreliable, unsequenced, low overhead

You are an application developer creating applications for a wide variety of customers in which two of the following situations would you select a connectionless protocol
A gaming company wants to create a network to version of its latest game communication speed and reducing packet overhead or more important than error free delivery

A company connect to networks through an expensive WAN link the communication media is reliable but very expensive they want to minimize connection times

You want to maintain tight security on your internal Network so you restrict access to the network do certain port numbers if you want to allow users to continue to use DNS which pork should you enable
53
Your company’s Network provides HTTP, https, and SSH access to remote employees which ports must be opened on the firewall to allow this traffic to pass
80, 443, 22
Your networks recently experienced this series of attacks aimed at the telnet and FTP Services you have Rewritten the security policies to abolish the unsecured services and now you must secure the network using your firewall and routers which ports must be close to prevent traffic directed to the these two services
23, 21
Which of the following is the main difference between a Dos attack and a DDOS attack
The DDOS attack uses zombie computers
An attacker sets up a hundred drone computers that flood a DNS server with invalid request this is an example of which kind of attack
DDOS
You suspect that an Xmas tree attack is occurring on a system which of the following could result if you do not stop the attack
The threat agent will obtain information about open ports on the system and the system will unavailable to respond to legitimate request
You need to enumerate the devices on your network and display the configuration details of the network which of the following utilities should you use
Nmap
An attacker is conducting passive reconnaissance on a targeted company which of the following could he be doing
Browsing the organization’s website
Which type of active scan turns off all Flags in a TCP header
Null
Which of the following denial-of-service attacks uses icmp packets it will only be successful if the victim has less bandwidth than the attacker
Ping flood
In which of the following denial-of-service attacks does the victim’s system rebuild invalid UDP packets causing the system to crash or reboot
Teardrop
I send package is received by a server the same packet has the exact same address for both the sender and receiver addresses which is the address of the server this is an example of what type of
Land attack
Which of the following is a form of denial service attack that subvert the TCP 3-way handshake process by attempting to open numerous sessions on a victim server but intentionally failing to complete the session by not sending the final required packet
Syn flood
Which of the following is a form of denial of service attack that uses spoofed icmp packets to flood a victim with Echo request using a bounce/ amplification Network
Smurf
A Synattack or a Syn flood exploits or altars which element of the TCP 3-way handshake
Ack
When a syn flood is altered so that the Syn and packet are spoofed in order to define the source and destination address as a single victim IP the attack is now called what
Land attack
A Smurf attack requires all but which of the following elements to be implemented
Padded cell
Which of the following best describes the Ping of death
An icmp packet that is larger than 65536 bites
Which of the following is the best countermeasure against man-in-the-middle
IPsec
What is modified in the most common form of spoofing on a typical IP packet
Source address
Which type of denial of service attack occurs when a name server receives malicious or misleading data that incorrectly maps hostnames and IP addresses
DNS poisoning
Which of the following describes a man-in-the-middle attack
… a full server intercepts communication from a client by impersonating the intended
Capturing packets as they travel from one host to another with intent of altering the contents of the package is a form of which security concern
Man in the middle
When the TCP /ip session state is manipulated so that a third party is able to insert alternate packets into the communication stream what type of attack has occurred
Hijacking
What is the goal of TCP slash IP hijacking attack
Executing commands or accessing resources on the system the attacker does not otherwise have authorization to access
Which of the following is not a protection against session hijacking
DHCP reservations
Which of the following is most effective protection against IP packet spoofing on a private Network
Ingress and egress filters
While using the internet you type the URL of one of your favorite sites in the browser instead of going to the correct site however the browser displays a completely different website when you use the IP address of the web server the correct site is displayed what type of attack has likely occurred
DNS poisoning
Which of the following attacks tries to associate an incorrect Mac address with a known IP address
ARP poisoning
What are the most common Network traffic packets captured and used in a reply attack
Authentication
When a malicious user captures altercation traffic and replace it against the network later what is the security problem you are most concerned about
An unauthorized user gaining access to sensitive resources
A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received on internet-facing interface this is an example of what form of attack
Spoofing
An attacker uses and exploit to push a modified hosts file to client systems this host file redirects traffic from legitimate tax preparation sites to malicious sites together personal and financial information what kind of exploit has been used in this scenario
DNS poisoning
Pharming
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
Extranet
You are the office manager of a small financial credit business. Your company handles personal, financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records, but budget is an issue.
Which item would provide the best security for this situation?
all-in-one security appliance
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the internet form the library’s computers. The students will use the computers to search the internet for research paper content. The school budget is limited
Which content filtering option would you choose?
Restrict content based on content categories.
Match the application-aware network device on the right with the appropriate description on the left.
Application-aware proxy:
Improves application performance

Application-aware firewall:
Enforce security rules based on the application that is generating network traffic, instead of the traditional port and protocol.

Application-aware IDS:
Analyzes network packets to detect malicious payloads targeted at application-layer services.