(176) The countermeasure to DNS
poisoning is DNSSec. How does it work?
A. All DNS servers encrypt the data
sent back and forth between them.
B. All
DNS servers digitally sign messages between them.
C. All DNS servers authenticate to the
requesting clients.
D. All clients and DNS servers carry
out mutual authentication.
Explanation:
If DNSSEC (DNS security, which is part of the DNS Bind software) was
enabled, then when a DNS server received a response from another DNS server, it
would validate the digital signature on the message before accepting the information
to make sure that the response was from an authorized DNS server.
If DNSSEC (DNS security, which is part of the DNS Bind software) was
enabled, then when a DNS server received a response from another DNS server, it
would validate the digital signature on the message before accepting the information
to make sure that the response was from an authorized DNS server.
(177) Kathy works in an
all-Windows environment and has been told that a Unix network needs to also be
set up to support some new applications that cannot run on Windows systems. She
has read that she needs to set up an NIS server. Why would she need to set this
up?
A. To allow Windows and Unix clients to
share files through a virtual file system
B. Security purposes
C. To include a type of firewall that
works in Unix environments
D. Central
administration
Explanation:
In a Unix environment, systems use certain system configuration files,
and in a network it is usually easier if all of the systems contain identical
configuration files. Instead of maintaining these files individually for each
computer, NIS is a way to have all of these configuration files stored and
maintained locally. This allows for central administration. NIS has no real security
components.
In a Unix environment, systems use certain system configuration files,
and in a network it is usually easier if all of the systems contain identical
configuration files. Instead of maintaining these files individually for each
computer, NIS is a way to have all of these configuration files stored and
maintained locally. This allows for central administration. NIS has no real security
components.
(178) How does NIS provide
functionality like a DNS server?
A. It
has a central host table.
B. It forwards hostname to IP mapping
requests.
C. It carries out zone transfers.
D. It contains configuration files.
Explanation:
A host table is a file that contains hostname-to-IP mappings. It is
used in the same way that DNS is, but it is a file that computers can use to map a
hostname to a specific IP address instead of a technology or a product. This is why
NIS is sometimes compared to DNS, because they both provide the necessary mechanisms
for computers to be able to uncover the IP address of a system.
A host table is a file that contains hostname-to-IP mappings. It is
used in the same way that DNS is, but it is a file that computers can use to map a
hostname to a specific IP address instead of a technology or a product. This is why
NIS is sometimes compared to DNS, because they both provide the necessary mechanisms
for computers to be able to uncover the IP address of a system.
(179) Two months after Kathy set
up her NIS+ server she found out that password file had been captured and brute
forced. What most likely took place to allow this to happen?
A. Kathy accidentally chose security
level 3 when she was configuring the server.
B. The
NIS+ server was configured to be backwards compatible with NIS.
C. Unauthorized zone transfers took
place.
D. Kathy did not encrypt the password
file on the server.
Explanation:
NIS+ is backward compatible with NIS, which opens up a hole for
hackers to exploit. If a hackers system has NIS client software, and the NIS+
server is configured to be backward compatible, the NIS+ server can access files
without first having to be authenticated and authorized. So the hacker can get the
password file and start cracking away.
NIS+ is backward compatible with NIS, which opens up a hole for
hackers to exploit. If a hackers system has NIS client software, and the NIS+
server is configured to be backward compatible, the NIS+ server can access files
without first having to be authenticated and authorized. So the hacker can get the
password file and start cracking away.
(180) Which of the following
best describes the Lightweight Directory Access Protocol?
A. A
protocol designed to access directories that follow the X.500 standard
B. A protocol designed to access
directories that follow the X.400 standard
C. A protocol designed to access
directories that follow the X.509 standard
D. A protocol designed to access
directories that follow the X.300 standard
Explanation:
Lightweight Directory Access Protocol (LDAP) is a client/server
protocol used to access network directories, as in Microsofts Active Directory or
Novells Directory Services (NDS). These directories follow the X.500 standard.
Lightweight Directory Access Protocol (LDAP) is a client/server
protocol used to access network directories, as in Microsofts Active Directory or
Novells Directory Services (NDS). These directories follow the X.500 standard.
(181) Which of the following is
not an attribute of LDAP directories?
A. Uses distinguished names
B. Uses attributes
C. Uses values
D. Uses
tuples
Explanation:
The LDAP specification works with directories that organize their
database in a hierarchical tree structure. The tree has leaves (entries) with unique
distinguished names. These names are hierarchical and describe the objects place
within the tree. The entries can define network resources, computers, people,
wireless devices, and more. Each entry has an attribute and a value. A tuple is used
in a relational database, not a hierarchical database.
The LDAP specification works with directories that organize their
database in a hierarchical tree structure. The tree has leaves (entries) with unique
distinguished names. These names are hierarchical and describe the objects place
within the tree. The entries can define network resources, computers, people,
wireless devices, and more. Each entry has an attribute and a value. A tuple is used
in a relational database, not a hierarchical database.
(182) What is the purpose of an
EDI and how does it relate to a value-added network (VAN)?
A. Standardized electronic
communication. A VAN provides the necessary level of security through VLANs.
B. Standardized
electronic communication. A VAN is a service bureau that provides this type of service.
C. Technology that connects supplies
and their customers. A VAN provides the authentication piece for the
transactions.
D. Technology that connects supplies
and their customers. A VAN provides the payment gateway for the transactions.
Explanation:
Instead of using paper purchase orders, receipts, and forms, EDI is
the technology to provide all of this digitally. A value-added network (VAN) is when
a company pays another company (service bureau) to develop and maintain this EDI
infrastructure for them.
Instead of using paper purchase orders, receipts, and forms, EDI is
the technology to provide all of this digitally. A value-added network (VAN) is when
a company pays another company (service bureau) to develop and maintain this EDI
infrastructure for them.
(183) Companies can use private
IP addresses for free, instead of paying for public addresses. Which of the
following is an incorrect private IP range?
A. 10.0.0.0 to 10.255.255.255
B. 172.16.0.0 to 172.31.255.255
C. 172.16.0.0
to 172.32.255.255
D. 192.168.0.0 to 192.168.255.255
Explanation:
The following lists current private IP address ranges:
The Internet Assigned Numbers Authority (IANA) has reserved the following three
blocks of the IP address space for private internets:
10.0.0.0 to 10.255.255.255 (10/8 prefix)
172.16.0.0 to 172.31.255.255 (172.16/12 prefix)
192.168.0.0 to 192.168.255.255 (192.168/16 prefix)
The following lists current private IP address ranges:
The Internet Assigned Numbers Authority (IANA) has reserved the following three
blocks of the IP address space for private internets:
10.0.0.0 to 10.255.255.255 (10/8 prefix)
172.16.0.0 to 172.31.255.255 (172.16/12 prefix)
192.168.0.0 to 192.168.255.255 (192.168/16 prefix)
(184) Monica has a choice of
setting up static, dynamic, or port network address translation (NAT). Which of
the following is a correct mapping between the type of NAT and its
functionality?
A. Static uses a "first come
first served" functionality for the one IP address it shares between
all systems.
B. In dynamic NAT, each private address
has a public address mapped to it at all times.
C. Port NAT uses one private address
for all systems on the network.
D. Static
NAT uses more public addresses than the other types.
Explanation:
Static NAT means that one public address is always mapped to the same
private address. Dynamic NAT works under the "first come first served" method. Port
NAT provides one public IP for all systems. Static NAT uses the most IP addresses.
Static NAT means that one public address is always mapped to the same
private address. Dynamic NAT works under the "first come first served" method. Port
NAT provides one public IP for all systems. Static NAT uses the most IP addresses.
(185) Why would a hacker be
disappointed once she figured out that the network she is wanting to attack is
using NAT?
A. Internal
addresses are hidden.
B. Internal computers have another
layer of firewall protection.
C. There is only one entry to the
network.
D. NAT is harder to compromise than
most firewalls.
Explanation:
NAT is not a firewall technology. And just because NAT is being used
does not mean that there is only one entry point to a network. NAT maps private
address to public addresses. All packets leaving the network will have the address
of the NAT device, so a hacker cannot see the internal addresses.
NAT is not a firewall technology. And just because NAT is being used
does not mean that there is only one entry point to a network. NAT maps private
address to public addresses. All packets leaving the network will have the address
of the NAT device, so a hacker cannot see the internal addresses.
(186) Which of the following is true when comparing LAN and WAN
protocols?
A. WAN
environments can introduce more errors in transmission, so these protocols are
usually connection-oriented.
B. LAN environments can introduce more
errors in transmission, so these protocols are usually connection-oriented.
C. WAN protocols are usually
connectionless because they have to transverse so many different network types.
D. LAN protocols are usually
connection-oriented because of the amount of collisions that can take place on
the network.
Explanation:
Communication error rates are lower in LAN when compared to WAN
environments, which makes sense when you compare the complexity of each environment.
WAN traffic may have to travel hundreds or thousands of miles and pass through
several different types of devices, cables, and protocols. Because of this
difference, most LAN media access control protocols are connectionless and most WAN
communication protocols are connection-oriented. Connection-oriented protocols
provide reliable transmission, because they have the capability of error detection
and correction.
Communication error rates are lower in LAN when compared to WAN
environments, which makes sense when you compare the complexity of each environment.
WAN traffic may have to travel hundreds or thousands of miles and pass through
several different types of devices, cables, and protocols. Because of this
difference, most LAN media access control protocols are connectionless and most WAN
communication protocols are connection-oriented. Connection-oriented protocols
provide reliable transmission, because they have the capability of error detection
and correction.
(187) In packet-switched
environments, routers and switches will make decisions on the best route for a
packet to take. This is why different packets of a message can arrive out of
order, as they did not necessarily all follow the same path. What technology do
these types of protocols use to make the path decisions?
A.
Time Division Multiplexing
Time Division Multiplexing
B.
Carrier Sensing Multiple Access
Carrier Sensing Multiple Access
C.
Statistical Time Division Multiplexing
Statistical Time Division Multiplexing
D.
Frequency Division Multiplexing
Frequency Division Multiplexing
Explanation:
Packet switching is based on Statistical Time Division Multiplexing
(STDM), which analyzes statistics on the various possible routes to make the
decision on the best route for a packet.
Packet switching is based on Statistical Time Division Multiplexing
(STDM), which analyzes statistics on the various possible routes to make the
decision on the best route for a packet.
(188) Tom is told that his
network needs to be isochronous to meet the demands of the new application that
the company purchased. What does this mean?
A. It
needs to provide quality of service.
B. It needs to provide authentication
between the client and server portions of the new software.
C. It needs to integrate EAP and
Kerberos to support the application.
D. It needs PVCs set up through the WAN
connection.
Explanation:
Applications that are time sensitive, such as voice and video signals,
need to work over an isochronous network. This means that all of the components in
the network that are responsible for providing the necessary uniform timing work
with a common clock and are properly synchronized.
Applications that are time sensitive, such as voice and video signals,
need to work over an isochronous network. This means that all of the components in
the network that are responsible for providing the necessary uniform timing work
with a common clock and are properly synchronized.
(189) Shanes company lost their
WAN link due to severe weather conditions. The company experienced a loss of
$240,000 over the four hours their Web servers were unable to accept customer
purchases. Shane has been told to implement a backup option, so that company
will not go through this again. Which of the following would Shane implement?
A. MPLS
B. Dial-on
demand routing
C. IGMP
D. Link-state redundant point-to-point
connection
Explanation:
Dial-on Demand Routing (DDR) allows a company to send WAN data over
their existing telephone lines and use the public circuit-switched network as a
temporary type of WAN link. This technology is also implemented as a backup in case
the primary WAN link goes down. It provides redundancy and ensures that a company
will still be able to communicate if something happens to the primary WAN
communication channel.
Dial-on Demand Routing (DDR) allows a company to send WAN data over
their existing telephone lines and use the public circuit-switched network as a
temporary type of WAN link. This technology is also implemented as a backup in case
the primary WAN link goes down. It provides redundancy and ensures that a company
will still be able to communicate if something happens to the primary WAN
communication channel.
(190) Which of the following is not a characteristic of IDSL?
A.Provides up to 128 Kbps in bandwidth
B.Solution for individuals who cannot get SDSL or ADSL
C.Reaches up to 36,000 feet from a provider�s central office
D.Provides up to 384 Kbps in
bandwidth
Explanation:
IDSL provides DSL for customers who cannot get SDSL or ADSL because of
their distance from the central office. It is capable of reaching customers who are
up to 36,000 feet from the providers central office. IDSL operates at a symmetrical
speed of 128 Kbps.
IDSL provides DSL for customers who cannot get SDSL or ADSL because of
their distance from the central office. It is capable of reaching customers who are
up to 36,000 feet from the providers central office. IDSL operates at a symmetrical
speed of 128 Kbps.
(191) Which of the following technologies provides the
bandwidth that is equivalent to a T-1 line?
A. ADSL
B. HDSL
C. IDSL
D. DSL
Explanation:
HDSL (High bit rate Digital Subscriber Line) provides T-1 (1.544 Mbps)
speeds over regular copper phone wire without the use of repeaters. Requires two
twisted pairs of wires, which many voice grade UTP lines do not have.
HDSL (High bit rate Digital Subscriber Line) provides T-1 (1.544 Mbps)
speeds over regular copper phone wire without the use of repeaters. Requires two
twisted pairs of wires, which many voice grade UTP lines do not have.
(192) For two different
locations to communicate via satellite links, they must be within the
satellite’s line of sight and ______________________.
A. Area
B. Distance
C. Coverage
D. Footprint
Explanation:
Today, satellites are used to provide wireless connectivity between
different locations. For two different locations to communicate via satellite links,
they must be within the satellite’s line of sight and footprint (area covered by the
satellite). The sender of information (ground station) modulates the data onto a
radio signal that is transmitted to the satellite. A transponder on the satellite
receives this signal, amplifies it, and relays it to the receiver.
Today, satellites are used to provide wireless connectivity between
different locations. For two different locations to communicate via satellite links,
they must be within the satellite’s line of sight and footprint (area covered by the
satellite). The sender of information (ground station) modulates the data onto a
radio signal that is transmitted to the satellite. A transponder on the satellite
receives this signal, amplifies it, and relays it to the receiver.
(193) Technologies that do not
require a user to go through a dial-up procedure to connect to a service
providers central office are referred to as always-on technologies. Attackers
like these systems because they are always available to be attacked and to be
used to attack others. Which of the following is not considered an always-on
technology?
A. ADSL
B. Cable modem
C. ISDN
D. SDSL
Explanation:
ISDN emulates a dial-up connection and requires the user to go through
a dial-up procedure.
ISDN emulates a dial-up connection and requires the user to go through
a dial-up procedure.
(194) Jan has been told by the
network administrator that the VPN he set up needs provide transport adjacency.
Which of the following best describes what this means?
A. More
than one security protocol is configured for the VPN traffic.
B. PPTP needs to be configured to be
used with L2TP.
C. A PPTP tunnel needs to be configured
to go through an IPSec tunnel.
D. An ESP IPSec VPN needs to be set up.
Explanation:
IPSec can be configured to provide transport adjacency, which just
means that more than one security protocol (ESP and AH) is applied to a packet.
IPSec can be configured to provide transport adjacency, which just
means that more than one security protocol (ESP and AH) is applied to a packet.
(195) Sean has configured
different VPNs for different routes data will take. This is because data that
is traveling within the local network is considered to be at a lower risk of
being compromised when compared to when the data travels outside of the local
network. What is the term that describes what Sean has set up?
A. Transport adjacency
B. Iterated
tunneling
C. Multiple tunneling architecture
D. Multiple adjacency
Explanation:
IPSec can also be configured to provide iterated tunneling, which is
tunneling an IPSec tunnel through another IPSec tunnel. Iterated tunneling would be
used if the traffic needed different levels of protection at different junctions of
its path. For example, if the IPSec tunnel started from an internal host to an
internal border router, this may not require encryption, so only the AH protocol is
used. But when that data travels from that border router throughout the Internet to
another network, then the data requires more protection. So the first packets travel
through a semi-secure tunnel until they get ready to hit the Internet and then go
through a very secure second tunnel.
IPSec can also be configured to provide iterated tunneling, which is
tunneling an IPSec tunnel through another IPSec tunnel. Iterated tunneling would be
used if the traffic needed different levels of protection at different junctions of
its path. For example, if the IPSec tunnel started from an internal host to an
internal border router, this may not require encryption, so only the AH protocol is
used. But when that data travels from that border router throughout the Internet to
another network, then the data requires more protection. So the first packets travel
through a semi-secure tunnel until they get ready to hit the Internet and then go
through a very secure second tunnel.
(196) Spread spectrum works at
which of the following OSI layers?
A. Transport
B. Network
C. Data Link
D. Physical
Explanation:
There are different types of spread spectrum technologies. They differ in their approaches, but they are all technologies that modulate data onto frequencies. They are specifications that dictate how signaling will take place in WLAN environments.
There are different types of spread spectrum technologies. They differ in their approaches, but they are all technologies that modulate data onto frequencies. They are specifications that dictate how signaling will take place in WLAN environments.
(197) Which of the following
best describes how frequency hopping spread spectrum (FHSS) differs from direct
sequence spread spectrum (DSSS)?
A. FHSS uses a chipping sequence.
B. DSSS
provides a higher bandwidth.
C. FHSS is used in the 802.11a
standard.
D. DSSS is used in the 802.11a
standard.
Explanation:
DSSS uses a chipping sequence, provides higher bandwidth than FHSS, and is used in the 802.11b standard.
DSSS uses a chipping sequence, provides higher bandwidth than FHSS, and is used in the 802.11b standard.
(198) What is the chipping code
in DSSS used for?
A. It
is made up of sub-bits that are combined with the original bits before
transmission and provide parity protection.
B. It is made up of sub-bits that are
combined with the original bits before transmission and provide encryption
protection.
C. It is made up of new frequencies
that are combined with the original bits before transmission and provide parity
protection.
D. It is made up of new frequencies
that are combined with the original bits before transmission and provide
encryption protection.
Explanation:
DSSS takes a different approach by applying sub-bits to a message. The sub-bits are used by the sending system to generate a different format of the data before it is transmitted. The receiving end uses these bits to reassemble the signal into the original data format. The sub-bits are collectively called a chip, and the sequence of how the sub-bits are applied is referred to as the chipping code. They work as parity. If a bit is corrupted during transmission, the receiving system uses the sub-bit to rebuild the original bit.
DSSS takes a different approach by applying sub-bits to a message. The sub-bits are used by the sending system to generate a different format of the data before it is transmitted. The receiving end uses these bits to reassemble the signal into the original data format. The sub-bits are collectively called a chip, and the sequence of how the sub-bits are applied is referred to as the chipping code. They work as parity. If a bit is corrupted during transmission, the receiving system uses the sub-bit to rebuild the original bit.
(199) Why does DSSS provide more
bandwidth when compared to FHSS?
A. A
higher number frequencies is used.
B. Data travels in parallel.
C. The algorithm increase the hopping
speeds.
D. Data is compressed before being
modulated on the radio wave.
Explanation:
FHSS puts data on different frequencies. It does not use the whole
spectrum at one time, as DSSS does. DSSS sends data down all available frequencies
at one time, instead of having the data hop from one frequency to the next.
FHSS puts data on different frequencies. It does not use the whole
spectrum at one time, as DSSS does. DSSS sends data down all available frequencies
at one time, instead of having the data hop from one frequency to the next.
(200) Which of the following is
the proper mapping?
A. 802.11
uses FHSS.
B. 802.11a uses DSSS.
C. 802.11b provides up to 1 to 2 Mbps.
D. 802.11b provides up to 52 Mbps.
Explanation:
Since DSSS sends data across all frequencies at once, it has a higher data throughput than FHSS. The first WAN standard, 802.11, used FHSS, but as bandwidth requirements increased DSSS was implemented. By using FHSS, the 802.11 standard can only provide a throughput of 1 to 2 Mbps. By using DSSS instead, 802.11b provides a data throughput of up to 11 Mbps.
Since DSSS sends data across all frequencies at once, it has a higher data throughput than FHSS. The first WAN standard, 802.11, used FHSS, but as bandwidth requirements increased DSSS was implemented. By using FHSS, the 802.11 standard can only provide a throughput of 1 to 2 Mbps. By using DSSS instead, 802.11b provides a data throughput of up to 11 Mbps.
- Muhammad Idham Azhari
No comments:
Post a Comment