Midterm Practice Exam

What encryption method is used by WPA for wireless networks?
TKIP

WPA uses TKIP for encryption. TKIP uses rotating encryption keys for added security over WEP.
AES encryption is used with WPA2. WEP is a security method for wireless networks that provides encryption through the use of a shared encryption key (the WEP key).
IPsec is an encryption method that is used for VPN tunneling; while it can be used on a wireless network, it is used in addition to encryption provided by either WEP, WPA, or WPA2. 802.1x is an authentication method for wired and wireless networks.

You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall.
Which tool should you use?
Packet sniffer

A packet sniffer is special software that captures (records) frames that are transmitted on the network. Use a packet sniffer to:
•View packet contents.
•Identify the types of traffic on a network.
•View the exchange of packets between communicating devices. For example, you can capture frames related to DNS and view the exact exchange of packets for a specific name resolution request.
•Analyze packets sent to and from a specific device.
A load tester simulates a load on a server or service. A throughput tester measures the amount of data that can be transferred through a network or processed by a device (such as the amount of data that can be retrieved from disk in a specific period of time). System and event logs record what has happened on a device, but do not record individual frames or packets.

You are concerned about the amount of traffic that passed through a router on your network. You want to see how the amount of traffic has changed over time.
Which document would help in identifying past average network traffic?
Baseline

A baseline is a snapshot of the performance statistics of the network or devices. The baseline is used as a logical basis for future comparison. Baselines enable you to effectively monitor the performance of your system to determine when changes negatively impact performance or when systems need upgrading or replacing. It is important to measure network performance at subsequent intervals to see how your server is performing compared to the baseline.
Logs contain a record of events that have happened on a system. Logging capabilities are built into operating systems, services, and applications. Log entries are generated in response to configuration changes, changes in system state, or in response to network conditions.
A network diagram shows the logical and/or physical layout of your network. The network diagram could be a collection of diagrams showing the location and IP addresses of hubs, switches, routers, and firewalls.

Which of the following is an example of an internal threat?
A user accidentally deletes the new product designs

Internal threats are intentional or accidental acts by employees including:
•Malicious acts such as theft, fraud, or sabotage.
•Intentional or unintentional actions that destroy or alter data.
•Disclosing sensitive information through snooping or espionage.
External threats are those events originating outside of the organization that typically focus on compromising the organization’s information assets. Examples are hackers, fraud perpetrators, and viruses. Natural events are those events that may reasonably be expected to occur over time. Examples are a fire or a broken water pipe.

Which of the following are differences between RADIUS and TACACS+?
RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.

TACACS+ provides three protocols, one each for authentication, authorization, and accounting. This allows each service to be provided by a different server. In addition, TACACS+:
•Uses TCP.
•Encrypts the entire packet contents.
•Supports more protocol suites than RADIUS.

Which process reduces the size of the routing table by advertising a single route as the destination for a group of contiguous subnets?
Route summarization

Route summarization optimizes routing by grouping contiguous networks that use the same routing path and advertising a single route as the destination for the grouped subnets. Keep in mind that summarization:
•Reduces the size of the routing table. A single route to the summarized network takes the place of multiple routes to individual subnets.
•Speeds convergence. The accessibility of each subnet address is indicated by the accessibility of the summarized address.
•Retains all necessary routing information, so all networks are still reachable after summarization.
Route redistribution is the process of learning routes from one routing protocol and advertising them as another routing protocol (e.g., learning routes from OSPF and advertising them as RIP). First Hop Redundancy Protocol (FHRP) is used to allow hosts to dynamically switch between a main router and one or more redundant routers, should an outage occur. EIGRP is a routing protocol method used to exchange routing information in an autonomous system.

Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis (typically monthly)?
Hotfix

A hotfix is an operating system patch that corrects a specific known problem. Microsoft typically releases hotfixes monthly.
Service packs include a collection of hotfixes and other system updates. Service packs are not released as often, but contain all hotfixes released to that time

Which of the following defines an Acceptable Use Agreement?
An agreement which identifies the employee’s rights to use company property such as Internet access and computer equipment for personal use.

The acceptable use agreement identifies the employee’s rights to use company property such as Internet access and computer equipment for personal use.
The non-compete agreement prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization. The employee monitoring agreement outlines the organization’s monitoring activities. The non-disclosure agreement is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization’s confidential information.

You have implemented an ad-hoc wireless network that doesn’t employ a wireless access point. Every wireless network card can communicate directly with any other wireless network card on the network.
What type of physical network topology has been implemented in this type of network?
Mesh

This type of network uses a physical mesh topology. The key characteristics of a mesh topology are:
•There’s no central connecting point.
•Any host can communicate directly with any other host on the network.
A mesh network, such as this one, is usually impractical on a wired network. Each host would have to have a separate, dedicated network interface and cable for each host on the network. However, a mesh topology can be implemented with relative ease on a wireless network due to the lack of wires.

You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which camera type should you choose?
PTZ

A Pan Tilt Zoom (PTZ) camera lets you dynamically move the camera and zoom in on specific areas to monitor (cameras without PTZ capabilities are manually set looking a specific direction). Automatic PTZ mode automatically moves the camera between several preset locations; manual PTZ lets an operator remotely control the position of the camera.
A bullet camera has a built-in lens and is long and round in shape. Most bullet cameras can be used indoor or outdoor. A c-mount camera has interchangeable lenses and is typically rectangle in shape with the lens on the end. Most c-mount cameras require a special housing to be used outdoors. A dome camera is a camera protected with a plastic or glass dome. These cameras are more vandal-resistant than other cameras.
PTZ cameras can be bullet, c-mount, or dome cameras.

Which IEEE standard describes wireless communication?
One IEEE standard for wireless is 802.11b
You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches have been installed.
Which solution should you use?
NAC

Network Access Control (NAC) controls access to the network by not allowing computers to access network resources unless they meet certain predefined security requirements. Conditions that can be part of the connection requirements include requiring that computers have:
•Anti-virus software with up-to-date definition files.

•An active personal firewall.

•Specific operating system critical updates and patches.

A client that is determined by the NAC agent to be healthy is given access to the network. An unhealthy client, who has not met all the checklist requirements, is either denied access or can be given restricted access to a remediation network, where remediation servers can be contacted to help the client to become compliant.
A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the Internet). A virtual LAN (VLAN) is a logical grouping of computers based on switch port. VLAN membership is configured by assigning a switch port to a VLAN. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A network-based IDS (NIDS) scans network traffic looking for intrusion attempts.
Network Address Translation (NAT) modifies the IP addresses in packets as they travel from one network (such as a private network) to another (such as the Internet). NAT allows you to connect a private network to the Internet without obtaining registered addresses for every host. Hosts on the private network share the registered IP addresses.

Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
ACL

When you configure a router as a firewall, you configure the access control list (ACL) with statements that identify traffic characteristics, such as the direction of traffic (inbound or outbound), the source or destination IP address, and the port number. ACL statements include an action to either allow or deny the traffic specified by the ACL statement.
IPsec is a protocol for encrypting packets. RDP and VNC are remote desktop protocols used for remotely accessing a computer’s desktop. PPP is a protocol for establishing a remote access connection over a dial-up link.

You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the website. The two hashes match. What do you know about the file?
Your copy is the same as the copy posted on the website.

A hash is a function that takes a variable-length string (message) and compresses and transforms it into a fixed-length value. Hashes ensure the data integrity of files and messages in transit. The sender and the receiver use the same hashing algorithm on the original data. If the hashes match, then the data can be assumed to be unmodified.
Hashes do not ensure confidentiality (in other words, hashes are not used to encrypt data). Non-repudiation proves the source of a file, and is accomplished using digital signatures.

Which of the following describes a logic bomb?
A program that performs a malicious activity at a specific time or after a triggering event

A logic bomb is a program that performs a malicious activity at a specific time or after a triggering event. Logic bombs can be planted by a virus, a Trojan horse, or by an intruder. Logic bombs may perform their malicious activity at a specific time and date or when a specific event occurs on the system, such as logging in, accessing an online bank account, or encrypting a file.
A type of malicious code, similar to a virus, who’s primary purpose is to duplicate itself and spread, while not necessarily intentionally damaging or destroying resources is a worm. A program that appears to be a legitimate application, utility, game, or screensaver which performs malicious activities surreptitiously is a Trojan horse. A program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found is a virus.

A host has the address 100.55.177.99/16. Which of the following is the broadcast address for the subnet?
100.55.255.255

The broadcast address for the subnet is the last address on the subnet. In this example, the address uses 16 bits in the subnet mask (255.255.0.0), meaning that the first two octets indicate the subnet address (100.55.0.0), and the last two octets are used for host addresses. The last possible address on this subnet is 100.55.255.255.

Your organization recently opened a branch office. You contracted with a WAN service provider to connect the branch office network to your home office network.
Recently, your CEO conducted a video conference with the employees at the branch office. The employees complained that the video was choppy and that the audio was frequently out of sync with the video.
What is the most likely cause of this poor WAN performance?
The WAN provider is throttling bandwidth on the link.

In this scenario, its possible that the WAN service provider is the cause of the problem. You should check the contract with the service provider to make sure they aren’t throttling the bandwidth of the WAN link. It’s not uncommon for service providers to impose bandwidth or utilization caps that could be hampering communications.
Because connectivity exists between the home and branch office networks in this scenario, the following are very unlikely to be the cause of the problem:
•A disabled WAN interface
•A protocol mismatch
•An authentication mismatch
•An IP address misconfiguration

You connect your computer to a wireless network available at the local library. You find that you can access all websites you want on the Internet except for two.
What might be causing the problem?
A proxy server is blocking access to the websites.

A proxy server can be configured to block Internet access based on website or URL. Many schools and public networks use proxy servers to prevent access to websites with objectionable content.
Ports 80 and 443 are used by HTTP to retrieve all Web content. If a firewall were blocking these ports, access would be denied to all websites. Port forwarding directs incoming connections to a host on the private network. Port triggering dynamically opens firewall ports based on applications that initiate contact from the private network.

Which of the following is the best device to deploy to protect your private network from a public untrusted network?
Firewall

A firewall is the best device to deploy to protect your private network from a public untrusted network. Firewalls are used to control traffic entering and leaving your trusted network environment. Firewalls can manage traffic based on source or destination IP address, port number, service protocol, application or service type, user account, and even traffic content.
Routers offer some packet-based access control, but not as extensive as that of a full fledged firewall. Hubs and gateways are not sufficient for managing the interface between a trusted and an untrusted network.

You are implementing a DHCP server for your segment. Your segment’s IP address is
192.168.1.0. Your default gateway address is 192.168.1.254. Your DNS server address is
192.168.1.1. Your default gateway is configured as a NAT router to translate addresses between network segments.
You configured the 03 Router option on your DHCP server so it can deliver the IP address of the default gateway to workstations. After configuring your workstations to get their IP addressing information dynamically, your users complain that they are unable to access websites on the Internet.
How can you resolve this problem?
You must configure your DHCP server with an option that delivers the IP address of the DNS server (Option 06).

In this scenario, the DHCP server hasn’t been configured to deliver the IP address of the DNS server to the workstations. When users try to access websites with a browser, they receive an error message because their workstations can’t resolve URLs into IP addresses.
To fix this, you must enable option 06 Domain Name Server on the DHCP server and configure it with the IP address of your DNS server.
You could statically configure APIPA on each workstation with the IP address of the DNS server. However, this would defeat the purpose of implementing a DHCP server in the first place.

Mary calls to tell you that she can’t connect to an intranet server called WebSrv1. From her computer, you ping the server’s IP address. The ping test is successful. Which tool would you use on her workstation next to troubleshoot the problem?
nslookup

Use nslookup to troubleshoot name resolution problems. Because the ping test was successful, you know that both the client and the server can communicate using TCP/IP with IP addresses. This tells you that the problem is related to name resolution.

Which of the following network strategies connects multiple servers together such that if one server fails, the others immediately take over its tasks, preventing a disruption in service?
Clustering

Clustering connects multiple servers together using special software. If one of the servers in the cluster fails, the other servers immediately take over the tasks the failed server was working on; resulting in no downtime for the end user.
Adapter bonding increases fault tolerance of a single server system by implementing multiple network boards in the system that function as a single adapter. Mirroring also increases fault tolerance by creating a mirror copy of the server hard drive on one or more other hard drives. Storage area networks are usually used in conjunction with clustering to provide a common disk system that all servers in the cluster share.

You are implementing a wireless network inside a local office. You require a wireless link to connect a laptop in the administrator’s office directly to a system in the sales department. In the default configuration, the wireless AP uses a 360-dispersed RF wave design. After installed, the signal between the two systems is weak as many obstacles interfere with the signal.
Which of the following strategies could you try to increase signal strength?
Replace the Omni-directional antenna with a directional antenna

A directional antenna is designed to create a narrow, focused signal in a particular direction. This focused signal provides greater signal strength between two points and increases the distance that the signal can travel. Because directional antennas provide a stronger point-to-point connection, they are better equipped to handle obstacles that may be in the way of the signal.
The default antenna used with this configuration is an omni-directional antenna that disperses the RF wave in an equal 360-degree pattern. This antenna is commonly used to provide access to many clients in a radius.

You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches.
Which feature allows the switches to pass VLAN traffic between the switches?
Trunking
A healthcare organization provides mobile clinics throughout the world. Which network technology should you select to transfer patient statistical data to a central database via the Internet to ensure network connectivity for any clinic located anywhere in the world, even remote areas?
Satellite

Satellite capability is available even in areas that do not have a local network infrastructure. Satellite requires a local portable transmitter with an antenna directed skywards to a satellite. Satellite service providers offer nearly 100% global network coverage by maintaining a series of satellites circling the earth in geosynchronous orbit.
Dialup, ISDN and cable modem, require a local network infrastructure provided by either the telephone company or cable television company.

You are troubleshooting a client connectivity problem on an Ethernet network. The client system has intermittent connectivity to the network. You discover that the UTP patch cable is run 75 feet from the wall outlet, passes though the ceiling and over several florescent light fixtures before reaching the client system.
Which of the following may be a cause of the connectivity problem?
EMI interference

In this case, the most likely cause of the problem is electromagnetic interference (EMI) from the florescent lights. Cables run near air conditioners, lights, or other large electronic devices can create interference for data traveling through the cable.
UTP cables have a recommended segment cable length of 100 feet. Distances beyond this length may require signal regeneration. Devices such as Ethernet switches provide signal regeneration. Attenuation describes the process of signal degradation as it passes through network media. As mentioned, UTP cable can be run 100 feet before attenuation becomes a significant problem. Crosstalk refers to the interference caused by overlapping signals when cables are run in close proximity to each other.

Which type of Denial of Service (DoS) attack occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses?
DNS poisoning

DNS poisoning occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses. In a DNS poisoning attack:
•Incorrect DNS data is introduced into a primary DNS server.
•The incorrect mapping is made available to client applications through the resolver.
•Traffic is directed to incorrect sites.

ARP poisoning corrupts the ARP cache or sends incorrect ARP data that spoofs MAC addresses, causing devices to send frames to the wrong host or an unreachable host. Spam sent in such great amounts can consume bandwidth or fill a mailbox, leaving no room for legitimate traffic. The SYN flood exploits the TCP threeway handshake.

You are implementing a SOHO network for a local business. The ISP has already installed and connected a cable modem in the business.
The business has four computers that need to communicate with each other and the Internet. The ISP’s cable modem has only one RJ45 port. You need to set up the network with the following in mind:
•Spend as little money as possible.
•Do not purchase unnecessary equipment.
•Computers need to have a gigabit connection to the network.
•New devices should not require management or configuration.

You examine each computer and notice only one of the four computers has a wireless NIC; they all have Ethernet NICs.
What should you purchase?

An unmanaged switch and CAT5e cabling.

You should purchase an unmanaged switch and CAT5e cabling. Switches offer guaranteed bandwidth to each switch port and fullduplex communication. Unmanaged switches are autonomous in their function, requiring no port management or configuration. CAT5e cabling supports transfer speeds up to 1000 Gbps.
Purchasing a new cable modem with a builtin switch would be more expensive than an unmanaged switch. Additionally, CAT6a cabling is unnecessary for this type of network. Because all of the computers already have wired NICs, purchasing a wireless AP and three new wireless NICs would introduce new costs. The wireless AP would also require additional management and configuration. Hubs suffer from collisions, so only halfduplex communication is possible. This wouldn’t support 1000 Gbps speeds. A small business with four computers doesn’t need the additional features that a managed switch provides.

What information does the next hop entry in a routing table identify?
The first router in the path to the destination network.

The next hop router is the first (or next) router in the path to the destination network. Each router looks at the destination network in the packet, then consults the routing table to identify the next hop router to the destination network.
The hop count identifies the number of routers in the path to the destination network. A default gateway router is a router that is used for packets used to external networks. Most routers do not have a default gateway setting, but instead use a default route setting which identifies a next hop router for all unknown networks.

Which of the following protocols has a limit of 15 hops between any two networks?
RIP

Explanation
RIP networks are limited in size to a maximum of 15 hops between any two networks. A network with a hop count of 16 indicates an unreachable network.
The other routing protocols do not use the hop count as the metric. EIGRP uses bandwidth and delay for the metric. OSPF and ISIS use a relative link cost. BGP uses paths, rules, and policies for the metric

You need to add security for your wireless network. You would like to use the most secure method. Which method should you implement?
WPA2

WiFi Protected Access 2 (WPA2) is currently the most secure wireless security specification. WPA2 includes specifications for both encryption and authentication.
WPA was an earlier implementation of security specified by the 802.11i committee. WEP was the original security method for wireless networks. WPA is more secure than WEP, but less secure than WPA2.
Kerberos is an authentication method, not a wireless security method.

You have a series of WAN links that connects your site to multiple other sites. Each remote site is connected to your site using a dedicated link.
What type of connection is being used?
Point to point

A pointtopoint circuit is established between two locations. Each destination requires a separate circuit.
A pointtomultipoint circuit is a single circuit that can be used to reach multiple locations. A packet switched network allows data to be broken up into packets. Packets are transmitted along the most efficient route to the destination. A hybrid topology combines multiple different topologies.

Which of the following is a good reason to install a firewall?
To prevent hackers from accessing your network

Firewalls prevent unauthorized users from accessing private networks connected to the Internet. You should never allow public access to your DHCP server. A proxy server caches web pages. A NAT router or ICS translates Web addresses to private IP addresses. A proxy server and NAT software might be implemented on the same device as your firewall, but they are different concepts.

Users are complaining that sometimes network communications are slow. You use a protocol analyzer and find that packets are being corrupted as they pass through a switch. You also notice that this only seems to happen when the elevator is running.
What should you do?
Install shielded cables near the elevator

Interference is a signal that corrupts or destroys regular networking signals. Interference affects the availability of a network because normal communications are not possible. Sources of interference include elevators, generators, motors, and fluorescent lights.
Use a UPS or a dedicated power circuit to ensure that devices have constant power. Use a dedicated A/C unit to keep a server room or closet cool.

When duplicating a drive for forensic investigative purposes, which of the following copying methods is most appropriate?
Bitlevel cloning

Only bitlevel cloning is recognized as a sufficient method for duplicating hard drives for forensic investigative purposes.
Filebyfile copying, active sector cloning, and drive mirroring are all insufficient copying methods for forensic investigative purposes. These methods fail to duplicate data that has been deleted or which is stored in the slack space of the drive.

Which of the following is a standard for sending log messages to a central logging server?
Syslog

Syslog is a protocol that defines how log messages are sent from one device to a logging server on an IP network. The sending device sends a small text message to the syslog receiver (the logging server).
The Open Vulnerability and Assessment Language (OVAL) is an international standard for testing, analyzing, and reporting the security vulnerabilities of a system. LC4 (previously called LOphtcrack) is a password cracking tool. Nmap is a network mapping tool that performs ping and port scans.

You have a network that uses a logical bus topology. How do messages travel through the network?
Messages are broadcast to all devices connected to the network.

Messages sent using a physical bus topology are broadcast to all devices in the network. The device in the middle of the star (typically a hub), receives the message and forwards it on to all other devices.

Which of the following protocols stores email on the mail server and gives users a choice to download mail or keep it on the server?
IMAP4

IMAP4 allows a mail server to hold messages for a client. A POP3 server requires the user to download his or her email. SMTP allows a user to send email to a server. The NTP protocol synchronizes the clocks of all computers on a network.

Which type of documentation would you consult to find the location of RJ45 wall jacks and their endpoints in the intermediate distribution closet?
Wiring schematic

A wiring schematic is a type of network diagram that focuses on the physical connections between devices. The wiring diagram typically shows:
•The location of drop cables and ports within offices or cubicles.
•The path that wires take between wiring closets and offices.
•A labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punchdown block locations.
A baseline is a record that shows normal network statistics. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but may not necessarily define how the goal is to be reached. A procedure is a stepbystep process outlining how to implement a specific action. The design of a procedure is guided by goals defined in a policy, but go beyond the policy by identifying specific steps that are to be implemented.

While configuring a new 802.11g wireless network, you discover another wireless network within range that uses the same channel ID that you intend to use. Which of the following strategies are you most likely to adopt in order to avoid a conflict between the networks?
Use a different Channel ID.

Overlapping wireless networks should use different channels to ensure that they do not conflict with each other.
Even though you should use a different Service Set Identifier anyway, you would also need to configure a different channel for each of the wireless networks. Using 802.11b instead of 802.11g would not avoid a conflict between the networks, and would limit the speed of the wireless network to 11Mbps as opposed to 54Mbps available with 802.11g. Using Wired Equivalent Privacy (WEP) is a prudent security measure; however, it does not prevent the conflicts that can occur with overlapping wireless networks that use the same channel ID.

You want to connect your small company network to the Internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of Network Address Translation (NAT) should you implement?
Dynamic

Use dynamic NAT to share public addresses with multiple private hosts. Dynamic NAT allows private hosts to access the Internet, but does not allow Internet hosts to initiate contact with private hosts.

All of the 802.11 standards for wireless networking support which type of communication path sharing technology?
CSMA/CA

802.11x standards for wireless networking all support the CSMA/CA (carrier sense multiple access with collision avoidance) type of communication path sharing technology. This CSMA/CA allows for multiple baseband clients to share the same communication medium.

Your computer is sharing information with a remote computer using the TCP/IP protocol. Suddenly, the connection stops working and appears to hang.
Which command can you use to check the TCP connection status?
netstat

Use the netstat command to check the status of a TCP connection.

Which type of device is required to implement port authentication through a switch?
RADIUS server

Port authentication is provided by the 802.1x protocol, and allows only authenticated devices to connect to the LAN through the switch. 802.1x requires a RADIUS server (also called an AAA server) to validate the authentication credentials.
A router or a Layer 3 switch are required to enable communication between VLANs. A proxy server controls access based on URL or other upperlayer information.

Which of the following connectors is used with Ethernet 10BaseT networks?
RJ-45

RJ-45 connectors are used with Ethernet 10BaseT networks.

Examine the following output.
Reply from 64.78.193.84: bytes=32 time=86ms TTL=115
Reply from 64.78.193.84: bytes=32 time=43ms TTL=115
Reply from 64.78.193.84: bytes=32 time=44ms TTL=115
Reply from 64.78.193.84: bytes=32 time=47ms TTL=115
Reply from 64.78.193.84: bytes=32 time=44ms TTL=115
Reply from 64.78.193.84: bytes=32 time=44ms TTL=115
Reply from 64.78.193.84: bytes=32 time=73ms TTL=115
Reply from 64.78.193.84: bytes=32 time=46ms TTL=115
Which of the following utilities produced this output?
ping

The output shown was produced by the ping utility. Specifically, the information output was created using theping t command. The t switch causes packets to be sent to the remote host continuously until stopped manually. ping is a useful tool for testing connectivity between devices on a network. Using the t switch with ping can be useful in determining whether the network is congested, as such a condition will cause sporadic failures in the ping stream.
tracert is similar to ping in that it tests connectivity between two hosts on the network. The difference is that tracert reports information on all intermediate devices between the host system and the target system. ping, on the other hand, does not report information on intermediate devices.
nslookup is a tool provided on Linux, Unix and Windows systems that allows manual name resolution requests to be made to a DNS server. This can be useful when troubleshooting name resolution problems. ifconfig is a tool used on Unix, Linux and Macintosh systems to view the configuration of network interfaces, including TCP/IP network settings.

Which of the following authentication methods uses tickets to provide single signon?
Kerberos

Kerberos grants tickets (also called a security token) to authenticated users and to authorized resources. Kerberos uses the following components:
•An authentication server (AS) accepts and processes authentication requests.
•A service server (SS) is a server that provides or holds network resources.
•A ticket granting server (TGS) grants tickets that are valid for specific resources on specific servers.
802.1x is an authentication mechanism for controlling port access. 802.1x uses RADIUS/TACACS+ servers. MSCHAP is Microsoft’s proprietary method used for remote access connections. MSCHAP uses a threeway handshake (challenge/response) to perform authentication using a hashed form of a shared secret (password). A Public Key Infrastructure (PKI) is a system of certificate authorities that issue certificates, but is not a mechanism used for authentication.

The outside sales reps from your company use notebook computers, tablets, and phones to connect to the internal company network. While traveling, they connect their devices to the Internet using airport and hotel networks.
You are concerned that these devices will pick up viruses that could spread to your private network. You would like to implement a solution that prevents devices from connecting to your network unless antivirus software and the latest operating system patches have been installed.
When a host tries to connect to the network, the host should be scanned to verify its health. If the host is not healthy, then it should be placed on a quarantine network where it can be remediated. Once healthy, the host can then connect to the production network.
Which solution should you use?
NAC

Network Access Control (NAC) prevents devices from accessing network resources unless they meet certain predefined security requirements. Conditions that can be part of the connection requirements include requiring that computers have:
•Antivirus software with uptodate definition files.
•An active personal firewall.
•Specific operating system critical updates and patches.
A client that is determined by the NAC agent to be healthy is given access to the network. An unhealthy client who has not met all the checklist requirements is either denied access or can be given restricted access to a quarantine network, where remediation servers can be contacted to help the client to become compliant.
A demilitarized zone (DMZ) is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the Internet). A virtual LAN (VLAN) is a logical grouping of computers based on switch ports. VLAN membership is configured by assigning a switch port to a VLAN. An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity. A networkbased IDS (NIDS) scans network traffic looking for intrusion attempts. Network Address Translation (NAT) modifies the IP addresses in packets as they travel
from one network (such as a private network) to another (such as the Internet).

You have decided to perform a double blind penetration test. Which of the following actions would you perform first?
Inform senior management

Before starting a penetration test (also called a pen test) it is important to define the Rules of Engagement (ROE), or the boundaries of the test. Important actions to take include:
•Obtain a written and signed authorization from the highest possible senior management.
•Delegate personnel who are experts in the areas being tested.
•Gain approval from the Internet provider to perform the penetration test.
•Make sure that all tools or programs used in the testing are legal and ethical.
•Establish the scope and timeline.
•Identify systems that will not be included in the test.

Performing reconnaissance, social engineering, or system scanning are all actions performed during a penetration test. However, no actions should be taken before approval to conduct the test is obtained.

You have two switches that you need to connect using their uplink ports. The switches do not support autoMDI.
Which type of cable should you use?
Crossover

Use a crossover cable to connect two switches through their uplink ports, or to connect the two switches through regular ports. Use a straightthrough cable to connect the uplink port on one switch to a regular port on another switch. Use a rollover cable to connect a workstation to the console port of the switch. Use a loopback plug connected to a single port for troubleshooting.

You are reviewing the output of the show interfaces command for the Gi0/1 interface on a switch.
Which interface statistic displays the number of collisions that occurred after the 64th byte of the frame was transmitted?
Late collisions

In the output of the show interfaces command, the late collisions statistic displays the number of collisions that occurred after the 64th byte of the frame was transmitted. This may be caused by mismatched duplex settings.
Runts are frames that are too small. Giants are frames that are too big. CRC errors are frames that did not pass the FCS check.

At which OSI layer does Class of Service (COS) occur?
Layer 2

Class of Service (COS) marks and classifies individual frames at Layer 2. Frames are assigned a priority value between 0 and 7 to the 3-bit COS field.

What is the primary security feature that can be designed into a network’s infrastructure to protect and support availability?
Redundancy

Redundancy is the primary security feature that can be designed into a network’s infrastructure to protect and support availability since it identifies single points of failure.
Periodic backups are better than no backups, but real-time and off-site backups are better protections for availability. Fiber optic cables are not a real protection for a network’s availability, as they only provide the security benefit of eavesdropping protection. Switches are better than hubs, but there are infrastructure security measures that provide more significant protections for availability.

You manage a network that has multiple internal subnets. You connect a workstation to the 192.168.1.0/24 subnet.
This workstation can communicate with some hosts on the private network, but not with other hosts. You run ipconfig /all and see the following:
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.local
Description . . . . . . . : Broadcom network adapter
Physical Address. . . . . . : 00-AA-BB-CC-74-EF DHCP Enabled . . . . . . . : No Autoconfiguration Enabled. . . : Yes
IPv4 Address . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . : 255.255.255.0
Default Gateway. . . . . . . . . : 192.168.2.1 DNS Servers. . . . . . . . . . . : 192.168.2.20

What is the most likely cause of the problem?

Incorrect default gateway

In this example, the default gateway address is incorrect. The default gateway address must be on the same subnet as the IP address for the host. The host address is on the 192.168.1.0/24 subnet, but the default gateway address is on the 192.168.2.0 subnet.

Your organization recently purchased 18 iPad tablets for use by the organization’s management team. These devices have iOS pre-installed on them.
To increase the security of these devices, you want to apply a default set of security-related configuration settings.
What is the best approach to take to accomplish this? (Select two. Each option is a part of a complete solution.)
Require users to install the configuration profile.
Enroll the devices in a mobile device management system.

A mobile device management (MDM) solution can be implemented that pushes security policies directly to each tablet device over a network connection. This option enables policies to be remotely enforced and updated without any action by the end user. The tablet devices must be enrolled in the MDM system before the policy settings can be applied.
One of the key problems associated with managing mobile devices is the fact that they can’t be joined to a Windows domain. This means Group Policy can’t be used to automatically push security settings to mobile devices. For devices running Apple’s iOS operating system, security settings can be distributed in a configuration profile. The profile can be defined such that only an administrator can delete the profile, or you can lock the profile to the device so that it cannot be removed without completely erasing the device. However, this option relies on the end user to install the profile, which can be problematic. It’s also not a dynamic strategy; making even the smallest change to your mobile device security policies would require a great deal of effort to implement.

What is the purpose of using Ethernet bonding? (Select two.)
Increases network performance

Provides a failover solution for network adapters

Which of the following are functions of the MAC sublayer? (Select two.)
Defining a unique hardware address for each device on the network

Letting devices on the network have access to the LAN

The MAC sublayer defines a unique MAC or data-link address for each device on the network. This address is usually assigned by the manufacturer. The MAC sublayer also provides devices with access to the network media.