Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
189 Cards in this Set
- Front
- Back
|
Different types of organizations have similar levels of network security risks. T/F
|
net sec False |
|
|
What feature on some network switches can be used to detect faked arp messages?
|
Dynamic ARP
|
|
|
The simplest type of firewall is a content filtering firewall. T/F
|
firewal False |
|
|
Describe some of the characteristics of malware that make it difficult to detect.
|
encryption stealth polyporphism |
|
|
At what layer of the OSI model do firewalls operate?
|
Network?
|
|
|
The process in which a person attempts to glean access for authentication information by posing as someone who needs that information is known as what option below?
|
phishing
|
|
|
Which virus below combines polymorphism and stealth techniques to create a very destructive virus?
|
Natas
|
|
|
Which two viruses below are examples of boot sector viruses?
|
stoned michelangelo |
|
|
Which software below combines known scanning techniques and exploits to allow for hybrid exploits?
|
metasploit
|
|
|
If multiple honeypots are connected to form a larger network, what term is used to describe the network?
|
honeynet
|
|
|
Describe two different implementations of IDS that can be deployed on a network.
|
host based intrusion detection system Network bases intrusion detection system |
|
|
A SOHO wireless router typically acts as a fireall and may include packet filtering options.T/F
|
True SOHO |
|
|
Programs that run independently and travel between computers and across networks, such as by e-mail attachment or virtually any kind of file transfer, are known as which option below?
|
worms
|
|
|
Which two terms can be used to describe a decoy system that is purposely vulnerable for the sake of attracting attackers?
|
honeypot lure |
|
|
What type of virus are dormant until a specific condition is met, such as the changing of a file or a match of the current date?
|
logic bomb
|
|
|
What two types of agents are used to check compliance with network security policies?
|
persistent agent dissolvable agent |
|
|
An attack in which hackers transmit bogus requests for connection to servers or applications in order to harvest useful information to guide their attack efforts is known as what option below?
|
banner-grabbing attack
|
|
|
A reflective attack can be increased in intensity by combining it with what type of attack?
|
amplification attack
|
|
|
Networks that use ________________, such as T-1 or DSL connections to the Internet, are vulnerable to eavesdropping at a building’ s demarc (demarcation point), at a remote switching facility, or in a central office.
|
leased public lines
|
|
|
An attack that involves a person redirecting or capturing secure transmissions as they occur is known as what type of attack?
|
man-in-the middle attack
|
|
|
In ACL statements, the any keyword is equivalent to using what wildcard mask below?
|
0.0.0.0
|
|
|
A type of intrusion detection that protects an entire network and is situated at the edge of the network or in a network’s protective perimeter, known as the DMZ (demilitarized zone). Here, it can detect many types of suspicious traffic patterns.
|
NIDS (network-based intrusion detection system)
|
|
|
A program that runs independently and travels between computers and across networks. Although worms do not alter other programs as viruses do, they can carry viruses.
|
worm
|
|
|
A software security flaw that can allow unauthorized users to gain access to a system. Legacy systems are particularly notorious for leaving these kinds of gaps in a network’s overall security net.
|
backdoor
|
|
|
A type of intrusion prevention that runs on a single computer, such as a client or server, to intercept and help prevent attacks against that one host.
|
HIPS (host-based intrusion prevention system)
|
|
|
A portion of the security policy that explains to users what they can and cannot do, and penalties for violations. It might also describe how these measures protect the network’s security.
|
acceptable use policy AUP
|
|
|
A type of intrusion detection that runs on a single computer, such as a client or server, to alert about attacks against that one host.
|
HIDS hose based intrusion detection system
|
|
|
A software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic and providing one address to the outside world, instead of revealing the addresses of internal LAN devices.
|
proxy server
|
|
|
A program that replicates itself to infect more computers, either through network connections when it piggybacks on other files or through exchange of external storage devices, such as USB drives, passed among users.
|
virus
|
|
|
A specification created by the NSA to define protection standards against RF emanation, which when implemented are called EmSec (emission security).
|
TEMPEST
|
|
|
A threat to networked hosts in which the host is flooded with broadcast ping messages. A smurf attack is a type of denial-of-service attack.
|
smurf attack
|
|
|
The ________________ utility is a Windows console that is used to control what users do and how the system can be used.
|
?
|
|
|
The term malware is derived from a combination of the words malicious and software. T/F |
True malware |
|
|
Which option below is a standard created by the NSA that defines protections against radio frequency emanations?
|
Tempest
|
|
|
A ______________ on a device attempts to alter management interfaces within the hardware to the point where the device is irreparable.
|
physical attack
|
|
|
What mode setting on a firewall makes the firewall transparent to surrounding nodes as if it's just part of the wire?
|
virtual wire mode
|
|
|
A firewall typically involves a combination of hardware and software. T?F
|
firewall combo True |
|
|
What characteristic of viruses make it possible for a virus to potentially change its characteristics (such as file size, and internal instructions) to avoid detection?
|
polymorphism
|
|
|
Define what a file-infector virus is.
|
attached to .exe file
|
|
|
What kind of attack involves a flood of broadcast ping messages, with the originating source address being spoofed to appear as a host on the network?
|
smurf attack
|
|
|
What two terms describe a network of compromised computers that are then used to perform coordinated DDoS attacks without their owners' knowledge or consent?
|
botnet zombie army |
|
|
A proxy that provides Internet clients access to services on its own network is known as what type of proxy?
|
reverse proxy
|
|
|
Which software below serves as the firewall for Linux systems?
|
iptables ?
|
|
|
What two options below are IDS implementations used to provide additional security on a network?
|
HIDS NIDS |
|
|
A _________________ form is a document that is used to ensure that employees are aware of the fact that their use of company equipment and accounts will be monitored and reviewed as needed for security purposes.
|
??
|
|
|
Botnets often make use of what chat protocol in order to receive commands?
|
irc
|
|
|
A system that is capable of collecting and analyzing information generated by firewalls, IDS, and IPS systems is known as which term below?
|
SIEM system
|
|
|
The _____________ proxy server software is available for use on the UNIX / Linux platform.
|
squid
|
|
|
What two terms below are used to describe an analog-to-digital voice conversion device that accepts and interprets both analog and digital voice signals?
|
IP Pbx digital PBX |
|
|
What percentage of Internet traffic, as estimated by Cisco Systems, will be devoted to video traffic by 2018?
|
79%
|
|
|
__________________ is the detection and signaling of device, link, or component faults.
|
fault management
|
|
|
Most UNIX and Linux desktop operating systems provide a GUI application for easily viewing and filtering the information in system logs. T/F |
UNIX True |
|
|
TCP is preferred over UDP for real time services.
|
161
|
|
|
When using SIP, what term is used to describe end-user devices, which may include workstations, tablet computers, smartphones, or IP phones?
|
user agent client
|
|
|
Which element of H.323 is a device that provides translation between network devices running the H.323 signaling protocols and devices running other types of signaling protocols?
|
H.323 gatekeeper
|
|
|
Packets that exceed the medium's maximum packet size are known by what term?
|
giants
|
|
|
Describe the Communications Assistance for Law Enforcement Act (CALEA).
|
Requires telecommunications carriers and equipment manufactures to provide for surveillance capabilities to FED
|
|
|
A highly available server is available what percentage of the time?
|
99.99%
|
|
|
In order for gateways to exchange and translate signaling and control information with each other so that voice and video packets are properly routed through a network, what intermediate device is needed?
|
media gateway controller
|
|
|
A computer that provides support for multiple H.323 terminals and manages communication between them is known as what term below?
|
MCU
|
|
|
A server running the SIP protocol listens on what TCP/UDP port for unsecured communications?
|
5060
|
|
|
One aspect of the __________________ regulation addresses the security and privacy of medical records, including those stored or transmitted electronically.
|
HIPPA
|
|
|
CALEA requires telecommunications carriers and equipment manufacturers to provide for surveillance capabilities. T/F
|
CALEA True |
|
|
Packets that are smaller than a medium's minimum packet size are known by what term below?
|
runts
|
|
|
What are the minimum functions supported by all network monitoring tools?
|
Collects data frmultiple networked devices are regular intervals or polling
|
|
|
SNMP messages can be secured with ________, in which case agents receive requests on port UDP 10161, and the NMS receives responses and traps on UDP 10162.
|
tls
|
|
|
When a device handles electrical signals improperly, usually resulting from a bad NIC, it is referred to by what term below?
|
jabber
|
|
|
The Priority Code Point field in a frame consists of how many bits?
|
3 bits
|
|
|
In a VoIP call, what method of transmission is used between two IP phones?
|
unicast
|
|
|
Describe the PCI DSS (Payment Card Industry Data Security Standard).
|
Protects credit card data and transactions, required network segments as part of security controls
|
|
|
________________ are frames that are not actually data frames, but aberrations caused by a device misinterpreting stray voltage on the wire.
|
ghost
|
|
|
The SNMP version 3 protocol introduces authentication, validation, and encryption for messages exchanged between devices and the network management console. t/f
|
True snmp |
|
|
Which of the following is not a requirement in order to use a softphone?
|
a wireless carrier to handle the voice path
|
|
|
A dropped layer is often referred to as a _____________.
|
disgard
|
|
|
When using DiffServ, what type of forwarding utilizes a minimum departure rate from a given node, which is then assigned to each data stream?
|
expedited forwarding
|
|
|
What protocol enables multiple types of f 3 protocols to travel over any one of several connection-oriented Layer 2 protocols?
|
MPLS
|
|
|
What component of SIP is a server that responds to user agent clients' requests for session initiation and termination?
|
user agent server
|
|
|
What security standard below was created to protect credit card data and transactions, requiring network segmentation as part of security controls?
|
PCI DSS
|
|
|
Wireshark or any other monitoring software running on a single computer connected to a switch doesn't see all the traffic on a network, but only the traffic the switch sends to it, which includes broadcast traffic and traffic specifically addressed to the computer. t/f
|
wireshark True |
|
|
What two terms below describe the process of manipulating certain characteristics of packets, data streams, or connections to manage the type and amount of traffic traversing a network or interface at any moment?
|
packet shaping
|
|
|
On circuit switched portions of a PSTN, what set of standards established by the ITU is used to handle call signaling?
|
SS7
|
|
|
What is the Health Insurance Portability and Accountability Act (HIPAA)?
|
Regulation that address security and privacy of medical records including digital.
|
|
|
What two log files are used by older versions of Unix and newer version of Linux to store log information?
|
var/log/syslog var/log/messages |
|
|
What two terms below describe a network device with three ports, two of which send and receive all traffic, and the third port mirrors the traffic?
|
network tap packet snifer |
|
|
Provide detail on the three different versions of SNMP.
|
SNPv1- original version 1988, limited features rarely used now SNMPv2 – improved over v1 increased performance, slightly better security SNMPv3 adds authentication, validation and encryption for message exchange between managed devices and NMC |
|
|
What two terms below are used to describe a telephone switch that connects and manages calls within a private organization?
|
pbx private branch exchange |
|
|
A type of link aggregation in which two or more NICs work in tandem to handle traffic to and from a single node.
|
nic teaming |
|
|
One of two DiffServ forwarding specifications. It allows routers to assign data streams one of several prioritization levels, but it provides no guarantee that, on a busy network, messages will arrive on time or in sequence. It is specified in the DiffServ field in an IPv4 packet.
|
as assured forwarding
|
|
|
The distribution of traffic over multiple components or links to optimize performance and fault tolerance.
|
load balancing
|
|
|
The network of lines and carrier equipment that provides telephone service to most homes and businesses.
|
PSTN public switch telephone network
|
|
|
One of two DiffServ forwarding specifications. It assigns each data stream a minimum departure rate from a given node. This technique circumvents delays that slow normal data from reaching its destination on time and in sequence.
|
EF expedited forwarding
|
|
|
A software-based tool that monitors traffic on the network from a server or workstation attached to the network. It can typically interpret up to Layer 3 of the OSI model.
|
|
|
|
A broadcast that is delayed by a few minutes to allow for editing processes and licensing concerns.
|
tiem-shifted video
|
|
|
A set of standards established by the ITU for handling call signaling on circuit-switched portions of the PSTN (Public Switched Telephone Network).
|
SS7 signaling system 7
|
|
|
A streaming video, either on demand or live, that is delivered via the Web.
|
time shifted video
|
|
|
A U.S. federal regulation that requires telecommunications carriers and equipment manufacturers to provide for surveillance capabilities. It was passed by Congress in 1994 after pressure from the FBI, which worried that networks relying solely on digital communications would circumvent traditional wiretapping strategies.
|
CALEA communictions assistance for law enforcement act
|
|
|
The Spanning Tree Protocol stipulates that on any bridge, only one root port, which is the bridge's port that is closest to the root bridge, can forward frames toward the root bridge. T/F |
Spanning Tree True |
|
|
In an IPv6 address, the first 64 bits of the address are known as what?
|
prefix mask
|
|
|
What two standards below have been developed to replace the Spanning Tree Protocol?
|
SPB TRILL |
|
|
Which network type allows a vNIC to access a network directly using the host machine's NIC?
|
bridged mode
|
|
|
Which two standards below represent newer versions of STP?
|
802.1w
|
|
|
Which of the following is not a valid reason for using virtualization?
|
increase performance
|
|
|
A centrally managed DHCP server can provide DHCP to multiple VLANs by configuring a _________________.
|
DHCP relay agent
|
|
|
Provide three reasons why a network administrator might separate traffic.
|
enhanced security improved performance simplify troubleshooting |
|
|
A switch is typically preconfigured with one _______________ that includes all its ports.
|
default vlan
|
|
|
Telnet and SSH are known as what type of management system?
|
in-band
|
|
|
STP selects the root bridge based on what option below?
|
bridge ID BID
|
|
|
What two items below make up a Bridge ID?
|
Mac address 2 byte priority field |
|
|
Network segmentation decreases both performance and security on a network. T?F |
segmentation False |
|
|
A network with the subnet mask 255.255.255.0 would have what CIDR block?
|
/24
|
|
|
What protocol is used to provide a common language between virtualized service applications and a network's physical devices?
|
openFlow
|
|
|
A CIDR block of /26 is equivalent to what subnet mask below?
|
255.255.255.192
|
|
|
The Shortest Path Bridging protocol is defined in what IEEE standard?
|
802.11aq
|
|
|
How does STP work?
|
it selects a root bridge to provide the basis for all subsequent path calculations
|
|
|
What IEEE standard specifies how VLAN information appears in frames and how switches interpret that information?
|
802.1Q
|
|
|
In ______________, a vNIC relies on the host machine to act as a NAT device.
|
NAT mode
|
|
|
How can VLAN hopping attacks be prevented on a network?
|
Disable auto trunking and move native VLANS to unused VLANs
|
|
|
Because Layer 2 switches use MAC addresses for communication, and each port is assigned a MAC address, VLANs are considered a Layer 2 solution for segmenting a network.T/F
|
VLAN True |
|
|
A single switch can manage traffic belonging to several VLANs on a single interface, by configuring the interface as what option below?
|
trunk port
|
|
|
The first iteration of STP was defined in what IEEE standard below?
|
802.1d
|
|
|
A software configuration that can be used to disable STP on specific ports, such as the port leading to the network’s demarc. It prevents access to network links that should not be considered when plotting STP paths in a network.
|
BPDU filter
|
|
|
A server that exists as a virtual machine, created and managed by virtualization software on a host, or physical, computer.
|
virtual server
|
|
|
A standard that assigns a virtual IP address to a group of routers. At first, messages routed to the virtual IP address are handled by the master router. If the master router fails, backup routers stand in line to take over responsibility for the virtual IP address.
|
VRRP virtual router redundancy protocol
|
|
|
An attack in which the attacker generates transmissions that appear, to the switch, to belong to a protected VLAN.
|
VLAN hopping attack
|
|
|
The virtualization of network services in which a network controller manages these services instead of the services being directly managed by the hardware devices involved.
|
software defined networking (SDN)
|
|
|
Cisco’s proprietary standard, similar to VRRP, that assigns a virtual IP address to a group of routers. At first, messages routed to the virtual IP address are handled by the active router. If the active router fails, standby routers stand in line to take over responsibility for the virtual IP address.
|
HSRP (hot standby routing protocol
|
|
|
The interface on a switch capable of managing traffic from multiple VLANs. A trunk is a link configured between two switches’ trunk ports.
|
trunk port
|
|
|
An untagged VLAN on a switch that will automatically receive all untagged frames. Options for native VLANs vary according to the switch manufacturer and model.
|
native VLAN
|
|
|
In CIDR notation, the forward slash plus the number of bits used for the network ID. For example, the CIDR block for 199.34.89.0/22 is /22.
|
CIDR block
|
|
|
The interface on a switch used for an end node. Devices connected to access ports are unaware of VLAN information.
|
access port
|
|
|
To eliminate the possibility of traffic loops on switches and bridges, the ________________ is used.
|
STP spanning Tree protocol
|
|
|
What type of VLAN automatically receives all untagged frames?
|
native VLAN
|
|
|
Only Class B and Class C networks can be subnetted.
|
SAID security association identifier |
|
|
Which supernet mask below would allow an organization to cover the following networks with one routing entry: 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24?
|
|
|
|
The use of virtualization allows for isolation of each guest system such that problems on one system do not affect another system. T/F
|
virtualization True |
|
|
Which virtual network type allows VMs to communicate with each other on the same host, but disallows communication with other nodes on the network?
|
host-only mode
|
|
|
Which virtual network type allows VMs to communicate with each other on the same host, but disallows communication with other nodes on the network?
|
stack master
|
|
|
What two options below describe a router protocol that is used to assign a 80 IP address to a group of routers so that the routers function as a group?
|
HSRP VRRP |
|
|
What is the difference between a default VLAN and a native VLAN?
|
default VLAN- is typically preconfigured with all its portsnative VLAN-automaticly recieved all untagged frames |
|
|
The management option that can provide on-site infrastructure access when the network is down or complete remote access in cases of connectivity failures on the network, such as via a cellular signal, is known as?
|
out-of-band management
|
|
|
In order to allow communication between VLANs for exchange of data, what must be used?
|
router
|
|
|
A _________________ occurs when an attacker generates transmissions that appear, to the switch, to belong to a protected VLAN.
|
VLAN hoping attack
|
|
|
A network with 6 bits remaining for the host portion will have how many usable hosts?
|
62
|
|
|
What xDSL standard is the most popular?
|
ADSL
|
|
|
In a PON setup, the system is considered passive because no repeaters or other devices intervene between the carrier and the customer. T/F
|
True P |
|
|
The carrier's endpoint on a WAN is called the Data Communication Equipment T/F
|
wa True |
|
|
The customer's endpoint device on the WAN is called the __________________.
|
Terminal Equipment
|
|
|
What Layer 3 technology is employed by distance-vector routing protocols in which a router knows which of its interfaces a routing update and will not retransmit, or advertise, that same update on the same interface?
|
split horizon
|
|
|
In what type of topology is each site connected to two other sites, providing redundancy?
|
ring topology
|
|
|
In ATM, a packet is called a _____________ and always consists of 48 bytes of data plus a 5 byte header.
|
cell
|
|
|
What version of xDSL is the most popular?
|
ADSL
|
|
|
The best 802.11n signal can travel approximately how far?
|
1/4 mile
|
|
|
When using frame relay, what is the name of the identifier that routers use to determine which circuit to send frames to?
|
data link connection identifer
|
|
|
A MAN connection is also known as which two terms below?
|
Ethernet MAN Metro Ethernet |
|
|
A bus topology WAN is often the best option for an organization with only a few sites and the capability to use dedicated circuits. T/F
|
True wa |
|
|
What is the maximum throughput of a DS3 connection?
|
44,736
|
|
|
When copper cabling is used to carry T-1 traffic, what kind of connector is used?
|
RJ-48
|
|
|
What OC level is primarily used as a regional ISP backbone, and occasionally by very large hospitals, universities, or other major enterprises?
|
OC-48
|
|
|
What is the size of an ATM packet?
|
53 bytes
|
|
|
Frame relay relies on what two different types of virtual circuits?
|
PVC SVC |
|
|
If the line between the carrier and the customer experiences significant errors on a T-1, a ____________ will report this fact to the carrier.
|
smart Jack
|
|
|
What two competing standards exist for cell phone networks?
|
GSM CDMA |
|
|
WANs connect nodes, such as workstations, servers, printers, and other devices, in a small geographical area on a single network. T/F
|
False wan |
|
|
In metro settings, end-to-end, carrier-grade Ethernet networks can be established via what protocol?
|
carrier Ethernet transport
|
|
|
Which version of DOCSIS provides 38 Mbps per channel and requires a minimum of 4 channels to be used?
|
DOCSIS 3
|
|
|
The ________________ distributes signals to multiple endpoints via fiber-optic cable, in the case of FTTP, or via copper or coax cable.
|
optical network unit
|
|
|
In an ISDN connection, what is the size throughput did a single B channel provide?
|
64-Kbs
|
|
|
T-1 cables cannot utilize straight through cables using the same wiring scheme as LAN patch cables. T/F
|
t False |
|
|
What two network protocols below rely on virtual circuits?
|
frame relay atm |
|
|
Multiplexing enables a single ____________ circuit to carry 24 channels, each capable of 64 Kbps throughput.
|
T-1
|
|
|
Which option below is an advantage of leasing a frame relay circuit over leasing a dedicated circuit?
|
you pay only for the bandwidth you've used
|
|
|
A special case of geosynchronous orbit in which the satellite stays directly above the equator and appears stationary from Earth. These satellites are the type used to provide satellite Internet access.
|
geostationary orbit
|
|
|
A WAN technology functioning primarily at Layer 2 (although its protocols can also reach Layers 1 and 3) that was originally conceived in the early 1980s at Bell Labs and standardized by the ITU in the mid-1990s.
|
ATM asynchronous Transfer mode |
|
|
A 4G cellular network technology that, in its latest version (called LTE-Advanced), achieves downlink data rates of up to 3 Gbps and uplink rates of up to 1.5 Gbps. AT&T and Verizon have adopted LTE for their high-speed wireless data networks.
|
LTE long term evolution |
|
|
A variety of ISDN that uses two 64-Kbps bearer channels and one 16-Kbps data channel, as summarized by the notation 2BþD.
|
BRI basic rate Interface |
|
|
A connectivity device located at a telecommunications carrier’s office that aggregates multiple DSL subscriber lines and connects them to a larger carrier or to the Internet backbone.
|
DSLAM DLS access mulitplexer |
|
|
The equipment on a satellite that receives an uplinked signal from Earth, amplifies the signal, modifies its frequency, then retransmits it (in a downlink) to an antenna on Earth.
|
transponder
|
|
|
An intelligent type of NIU located at the customer’s demarc that can provide diagnostic information about the interface.
|
smart jack
|
|
|
A type of WAN in which each site is connected to two other sites so that the entire WAN forms a ring pattern.
|
ring topology WAN
|
|
|
The guaranteed minimum amount of bandwidth selected when leasing a frame relay circuit. Frame relay costs are partially based on this.
|
CIR committed information rate
|
|
|
A WAN technology that sends Ethernet traffic across MAN connections.
|
Metro Ethernet
|
|
|
How many channels exist in a T1 connection?
|
24
|
|
|
What protocol is commonly used to aggregate / bond T-1 / T-3 lines?
|
MLPPP
|
|
|
In a PON system, an OLT contains a splitter that splits each port into how many logical channels?
|
32
|
|
|
The DTE or endpoint device for a leased line is known as which device below?
|
CSU/DSU
|
|
|
At what two layers of the OSI model are LAN and WAN protocols likely to differ?
|
Layer 1 Layer 2 |
|
|
What is the frequency range of the C-band that is used by satellites?
|
3.4 -6.7 GHz
|
|
|
What is the maximum amount of throughput provided by an OC-12?
|
622.08 Mbps
|
|
|
|
|
