Chapter 3

What function does URL filtering perform within a unified threat management (UTM) security appliance?

It blocks access to certain sites based on their URL

Which of the following best describes a DoS and a DDoS attack?

A DoS attack is a service attack from a single source that attempts to disrupt the services provided by another system. A DDoS attack includes multiple computers attacking a single target.

What is the role of a PTR record in the Domain Name System (DNS)?

It enables a DNS client to query DNS with the IP address to get a name.

What is the key difference between a transparent proxy and a non-transparent proxy?

A non-transparent proxy modifies or filters requests, while a transparent proxy forwards them without modification

Based on the information in RFC 7123 about the security implications of using IPv6 on an internal network, which of the following statements is true?

Internal networks can continue to use IPv4 without issue.

What is the purpose of the DHCP Offer in the DHCP communication process?

It is the response of a DHCP server offering a lease to the client including an IP address, subnet mask, default gateway among others.

Which protocol provides connection-oriented traffic with guaranteed delivery?

TCP

What is the primary function of a router in a network?

To connect multiple networks together to create larger networks

What is the function of the AAAA-record in a Domain Name System (DNS)?

It holds the hostname and IPv6 address.

Which protocol is commonly blocked at firewalls and routers, disabling a ping response, preventing attackers from discovering devices in a network?

ICMP

What is the purpose of LDAPS (LDAP Secure) in directory services?

LDAPS uses encryption to protect LDAP transmissions.

What is the main purpose of Domain Name System Security Extensions (DNSSEC)?

To provide validation for DNS responses using digitally signed records

What is the function of an MX record in a DNS server?

 It identifies a mail server used for email.

What protocol is the most commonly used for time synchronization?

NTP

What is the purpose of caching content in a proxy server for performance enhancement?

To reduce Internet bandwidth usage

What is the major difference between a stateful and a stateless firewall?

A stateful firewall makes decisions based on traffic context or state, while a stateless firewall does not.

What does MAC filtering in port security do?

Limits each port’s connectivity to a specific device using a certain MAC address

Which protocol is commonly used for transporting voice and video over a network and provides encryption, message authentication, and integrity for RTP?

SRTP

What is the purpose of the ’route add’ command in a system’s routing table?

To add a path to a different network

In the context of Stateless Firewall Rules, what does the term ’implicit deny strategy’ refer to?

The strategy that blocks all traffic not explicitly permitted.

What does the ’route print’ command display on a computer system?

 All the paths known by the computer to other networks

What happens if a network has too many computers on a single segment?

Broadcasts can result in excessive collisions and reduce network performance

Which of the following statements about File Transfer Protocol (FTP) are correct?

FTP passive mode uses a random TCP port for data, this random port is often blocked by firewall

What is an intranet in terms of networking?

An internal network used for communication and content sharing

What is the primary purpose of a network appliance?

To fulfill a specific need

What is the purpose of the ’id_rsa’ file in an OpenSSH system?

 It is the private key that must remain private and stays on the client’s machine.

What is the main difference between an Intranet and an Extranet?

Intranet is restricted to internal users while Extranet can be accessed by authorized external entities

What function does a firewall serve in a network?

It filters incoming and outgoing traffic for a single host or between networks

What is the use of the jump server in a network environment?

To connect and manage devices in another network with a different security zone

What is one of the key features that distinguishes a next-generation firewall (NGFW) from first and second generation firewalls?

NGFW uses deep-packet inspection

What is the primary function of a Zero Trust Network?

It trusts no devices by default.

Which protocol is an implementation of FTP that uses SSH to transmit files in an encrypted format?

SFTP

What are the methods for achieving logical separation and segmentation in networking?

All of the above
Using routers and ACLs
Dividing IP address ranges with subnetting
Implementing firewalls and packet-filtering rules

What does the term ’East-West traffic’ refer to within a network?

Traffic between servers.

What is the purpose of the malware inspection component in a UTM appliance?

It scans incoming data for known malware and blocks it

What is the function of the Address Resolution Protocol (ARP)?

It resolves IPv4 addresses to media access control (MAC) addresses.

Which of the following protocols is used to transfer smaller amounts of data, such as when communicating with network devices, and uses UDP port 69?

TFTP

In computing, which TCP port does IMAP4 use for unencrypted connections, and which port for encrypted connections?

Port 143 for unencrypted, port 993 for encrypted

What functionalities does Spanning Tree Protocol (STP) or Rapid STP (RSTP) provide on a network?

 Broadcast storm prevention and loop prevention

Which of the following statements about nslookup and dig command-line tools is correct?

The dig and nslookup tools can be used to query specific records such as mail servers and the lowest number preference identifies the primary mail server when there are multiple ones

Which of the following is not true about network-based firewalls?

It is an application running on a system

What is the correct form of a private IP address according to RFC 1918 in the IPv4 protocol?

10.0.0.0 through 10.255.255.255

What is the function of the DDoS mitigator in a unified threat management (UTM) appliance?

Attempts to detect and block DDoS attacks

What is the primary purpose of physical isolation and air gaps in a network security context?

To reduce risks by completely separating one network from another

Which of the following best defines a unified threat management (UTM)?

A single solution that combines multiple security controls and aims to provide better security while also simplifying management requirements.

What does the Real-time Transport Protocol (RTP) particularly deliver over IP networks?

Audio and Video

What is the protocol number for ICMP?

1

What is the primary purpose of an A-record in the Domain Name System (DNS)?

It holds the hostname and IPv4 address and is the most commonly used record in a DNS server.

What is true about network address allocation using Dynamic Host Configuration Protocol (DHCP)?

It dynamically assigns IP addresses to hosts within a network.

What does a DHCP client do to start getting a lease from a DHCP server?

Sends a DHCP Discover message

What does the term ’Extranet’ refer to in network security?

A part of the network that can be accessed by authorized entities from outside of the network.

What does a ’Content inspection’ feature in a Unified Threat Management (UTM) system involve?

It includes a combination of different content filters and monitors incoming data streams to block malicious content.

What determines which protocols are enabled in a network?

Organizational goals and needs

How can Access Control Lists (ACLs) be utilized within a router for security?

To block traffic based on IP addresses and networks

Which statement correctly describes the User Datagram Protocol (UDP)?

UDP provides connectionless sessions and makes a best effort basis for delivery with no guarantee.

What does DHCP snooping prevent on a network?

Operation of unauthorized DHCP servers

What is the primary purpose of the Domain Name System (DNS)?

To resolve hostnames to IP addresses

Which TCP port does the Post Office Protocol v3 (POP3) use for encrypted connections?

Port 995

Which command should Maggie use to create a public/private key pair for passwordless SSH login?

ssh-keygen -t rsa

What is the purpose of the ’ssh-keygen -t rsa’ command in OpenSSH?

It creates a public/private key pair

What is the role of the Data Link layer in the Open Systems Interconnection (OSI) model?

It is responsible for ensuring that data is transmitted to specific devices on the network by formatting the data into frames and adding media access control (MAC) addresses for the source and destination devices.

What is the role of a Web Application Firewall (WAF)?

To protect a web server from various web application attacks

What does a firewall’s implicit deny strategy do?

It blocks all traffic that is not explicitly allowed.

What is one of the primary functions of the Rapid Spanning Tree Protocol (RSTP)?

It provides broadcast storm prevention and loop prevention for switches.

What are the only three IPv4 address ranges that should be allocated within a private network?

10.0.0.0 through 10.255.255.255, 172.16.0.0 through 172.31.255.255, 192.168.0.0 through 192.168.255.255

Secure Shell (SSH) is used for which of the following?

Encrypting traffic in transit, including other protocols such as FTP

Which protocol is the designated replacement for SSL and should be used instead of SSL for browsers using HTTPS?

TLS

What is a key difference between SNMPv1/v2 and SNMPv3?

SNMPv3 encrypts credentials before sending them over the network

Which protocol and port number are used by SSH for encrypting traffic in transit?

SSH, TCP port 22

What does the STARTTLS command allow in relation to SMTP?

It enables protocol to use the same port for cleartext and ciphertext.

What is the fundamental difference between a physical and a logical port in network devices?

A physical port is where the cable is plugged in a network device, while a logical port is a number in a packet that identifies services and protocols

How does the Spanning Tree Protocol (STP) or the Rapid STP (RSTP) protect a network?

By providing broadcast storm prevention and loop prevention for switches

What distinguishes FTPS from SFTP according to the provided information?

FTPS uses TLS for encryption, while SFTP uses SSH.

What command would Maggie use to initiate an SSH connection to the gcga server using the root account of the remote system?

ssh root@gcga

Which of the following commands should Maggie use to create a public and private key pair?

ssh-keygen -t rsa

What is one major benefit of Network Address Translation (NAT)?

It allows multiple users to connect to the Internet using a single public IP address

What does the ’Permission’ element in ACLs for firewalls typically indicate?

It identifies whether the traffic should be permitted or denied.

What are some common protocols used for Subscription Services Use Cases?

HTTPS and TLS

Which of the following best describes how IPv6 addresses are expressed?

They use 128-bit addresses expressed in hexadecimal format

What does the Quality of Service refer to in relation to network management?

The measure and control of different traffic types on a network

What does the ’implicit deny’ rule accomplish in an ACL?

It blocks all traffic that isn’t explicitly allowed.

What does a switch do when it turns on with no prior knowledge?

Waits for traffic to determine computer connections

Which encryption protocol is designated as the replacement for SSL and should be used instead of SSL for browsers using HTTPS?

TLS

What is the primary purpose of a screened subnet or DMZ?

To shield Internet-facing servers from direct attacks

Why is physical isolation such as an air gap important in a supervisory control and data acquisition (SCADA) system?

It reduces risks to the SCADA system by minimizing the reach of potential attackers

What can help to prevent switching loop problems and broadcast storms in a network?

Implementing Spanning Tree Protocol (STP) or Rapid STP (RSTP)

What is the function of proxy servers?

To forward requests for services from clients and restrict access to inappropriate websites.

What is the primary use case of Unicast in an IPv4 network?

One-to-one traffic. One host sends traffic to other host using a IP address

What are some elements involved in creating a secure network?

Use of various topologies and network appliances

What is the main role of a ’reverse proxy’ in a network?

It acts like a web server for clients but forwards requests to the actual web server

What is the purpose of an ’air gap’ in relation to network security?

To physically isolate one network from another

Why do organizations replace hubs with switches, according to the given passage?

Switches increase the efficiency of a network and reduce the risk of data capture by protocol analyzers

What is the main function of a host-based firewall?

Monitor traffic going in and out of a single host

What is the purpose of a CNAME record in a DNS server?

Allows a single system to have multiple names associated with a single IP address

What are the TCP ports used by SMTP, POP3, IMAP4, HTTP and HTTPS common protocols?

SMTP uses ports 25 and 587; POP3 uses 110 and 995; IMAP4 uses 143 and 993; HTTP and HTTPS 80 and 443.

What are the three primary factors used to filter packets by router ACLs?

IP addresses, ports, and protocol numbers

What is a common reason users cannot connect to systems using Remote Desktop Protocol (RDP)?

Port 3389 is blocked on a host-based or network firewall

What is layer 2 of the Open Systems Interconnection (OSI) model responsible for?

Transmitting data to specific devices on the network

What is the primary purpose of DHCP snooping?

 To prevent unauthorized DHCP servers from operating on a network.

Based on the passage, how can ACLs on a router be used to filter traffic?

All of the above
By blocking specific IP addresses
By blocking traffic on specific ports
By allowing or blocking traffic based on protocol number

What is a sniffing attack in the context of network security?

An attack where a protocol analyzer is used to capture and easily read data sent over a network if it’s in cleartext.

Why is TLS recommended over SSL?

SSL has been compromised and is not maintained or patched

What happens when the DHCP sends an ’Acknowledge’ packet?

The DHCP allocates the offered IP address to the client and won’t offer the same IP to other clients

Which of the following is the primary purpose of HTTPS?

Encrypt web traffic to ensure it is secure while in transit

What is the function of the broadcast method in IPv4 addressing of TCP/IP traffic?

Broadcasting allows one host to send data to all other hosts on the same subnet.

What does the ’Protocol’ element in an Access Control List (ACL) rule typically refer to on a firewall?

 The type of traffic that is dealt with, such as TCP, UDP, ICMP or IP

What is the function of a Bridge Protocol Data Unit (BPDU) Guard feature in a network?

It monitors edge ports for BPDU messages and disables the port if any are detected.

What is the primary advantage of using VLANs in a network?

They allow the logical grouping and separation of computers regardless of physical location

In the example provided, what command could Maggie use to connect to a server named ’gcga’ in the network while also initiating SSH connection using the root account of the remote system?

ssh root@gcga

Which of the following best describes Dynamic NAT?

A form of NAT that translates public IP addresses to private IP addresses, using multiple public IP addresses based on load

What is the purpose of a poisoning attack?

Corrupt cache with different data

What is the purpose of executing the command ’ssh-copy-id gcga’ in the context of a Linux system using OpenSSH?

To copy the public key to the remote server

What is the key feature of Static NAT?

It uses a single public IP address in a one-to-one mapping

How is the ’Source’ defined within rules implemented in ACLs by stateless firewalls?

The source IP address traffic comes from

What is the main difference between Network Time Protocol (NTP) and Simple NTP (SNTP) in terms of time synchronization?

NTP uses complex algorithms and queries multiple time servers to identify the most accurate time, while SNTP does not.

What is one of the benefits of using Network Address Translation (NAT)?

It allows multiple computers to access the Internet through one router running NAT

What is the primary function of the Session Initiation Protocol (SIP) in relation to voice, video, and messaging sessions?

It initiates, maintains, and terminates the sessions

Which of these common protocols do Google Mail uses for storing email on an email server?

IMAP4

Which protocol provides both broadcast storm prevention and loop prevention for switches?

STP or RSTP

What is the purpose of the ’Destination’ in rules within Access Control Lists (ACLs) used by firewalls?

To identify IP addresses to allow or block traffic

Which of these protocols is used for connectionless sessions without a three-way handshake?

UDP

Which of the following use cases is NOT supported by switches?

Providing secure management of network devices

What are the primary functions of the Secure Real-time Transport Protocol (SRTP)?

It provides encryption, message authentication, and integrity for RTP.

What’s one disadvantage of Network Address Translation (NAT)?

It is not compatible with IPsec.

Which of the following protocols is used for testing basic connectivity and includes tools such as ping, pathping, and tracert?

ICMP

Which of the following best describes port security as described in the passage?

All of the above
Restricting each physical port to only a single specific MAC address as an advanced method
Disabling unused ports to prevent unauthorized connections
Allowing only one or two MAC addresses to connect per port and blocking all others

Which protocol can be used to transfer encrypted files over a network and uses TCP port 22?

SSH

Which of the following protocols is NOT recommended for use when remotely administering systems, due to its lack of security?

Telnet

What is the primary function of the ’route’ command in both Windows and Linux systems?

To display or modify a system’s routing table

What is the purpose of the SOA (start of authority) record in DNS?

It includes information about the DNS zone and some of its settings

What does the ’-J’ switch in the ’ssh -J maggie@jump maggie@ca1’ command represent?

It instructs ssh to connect to the jump server and then use TCP forwarding to connect to the CA server
PreviousChapter 2NextChapter 4

Last updated