Deck 10: Security in Network Design

A) Squid
B) BIND
C) Snort
D) Apache

A) ipf
B) modfire
C) iptables
D) netwall

A) set max-mac
B) set total-macs
C) mac-address limit
D) mac-limit

A) It is an advanced intrusion protection system with a GUI-frontend.
B) It is a system used to evaluate data from security devices and generate alerts.
C) It is an intellectual property protection software that prevents data links, and generates alerts.
D) It is a system that monitors security device hardware availability.

A) BPDU filter
B) BPDU guard
C) root guard
D) BPDU drop

A) STP must first select the root bridge, or master bridge.
B) STP examines the possible paths between all other bridges.
C) STP disables links that are not part of a shortest path.
D) STP begins to block BPDUs on non-designated ports.

A) The Network layer protocol used for the packet.
B) The Transport layer protocol used for the packet.
C) The source or destination TCP/UDP port number in the packet.
D) The operating system used by the source or destination device.

A) 0.0.0.0
B) 255.255.255.255
C) 255.255.0.0
D) 0.0.255.255

A) Rapid Spanning Tree Protocol (RSTP)
B) Transparent Interconnection of Lots of Links (TRILL)
C) Shortest Path Bridging (SPB)
D) Multiple Spanning Tree Protocol (MSTP)

A) Transparent Interconnection of Lots of Links (TRILL)
B) Shortest Path Bridging (SPB)
C) Rapid Spanning Tree Protocol (RSTP)
D) Multiple Spanning Tree Protocol (MSTP)

A) geohashing
B) geofencing
C) geolocating
D) geolocking

A) secpol.msc
B) gpedit.msc
C) grouppol.msc
D) grppol.msc

A) You wish to block BPDUs on an access port serving network hosts.
B) You wish to disable STP on a port connected to a partnered company's switch.
C) You wish to prevent switches beyond a certain port from becoming the root bridge, but still wish to use STP.
D) You wish to prevent a rogue switch or computer from hijacking the network's STP paths.

A) authentication
B) authorization
C) accounting
D) accessibility

A) Use the switchport port-security command to enable MAC filtering.
B) Use the mac-limit command to prevent more than one MAC from being accepted.
C) Use the allowed-mac command to filter by MAC address.
D) Use the secure port mac-address command to limit the port to learned addresses only.

A) file integrity monitoring (FIM)
B) file change management (FCM)
C) file access auditing (FAA)
D) file checksum watching (FCW)

A) 802.11i
B) 802.11h
C) 802.1X
D) 802.11j

A) RBAC allows a network administrator to base privileges and permissions around a detailed description of a user's roles or jobs.
B) RBAC allows users to decide for themselves who has access to that user's resources.
C) RBAC organizes resources into hierarchical classifications, such as "confidential" or "top secret".
D) RBAC is the most restrictive method of access control.

A) Google Authenticator
B) RADIUS
C) TACACS+
D) Kerberos

A) Only one root port, which is the bridge's port that is closest to the root bridge, can forward.
B) Only one root port, which is the bridge's port that is furthest from the root bridge, can forward.
C) All ports can forward frames to the root bridge, provided they are not in a down state.
D) All ports will forward frames to the root bridge, unless a BPDU is received back on that same port.

A) The client sends a pre-shared key along with the access point's SSID.
B) The client requests an encrypted tunnel, after which, the client's MAC serves as the authentication.
C) The access point forces the client to authenticate via a captive portal, after which all communication is encrypted.
D) The client "authenticates" using only the SSID name. In other words, no real authentication occurs.

A) It did not allow the use of a password for access to the network.
B) It provided no encryption for traffic sent over the air.
C) It used a shared encryption key for all clients, and the key might never change.
D) It only encrypted the initial connection authentication, but did not encrypt subsequent traffic.

A) A stateless firewall manages each incoming packet as a stand-alone entity, without regard to currently active connections.
B) A stateless firewall inspects each incoming packet to determine whether it belongs to a currently active connection.
C) A stateless firewall blocks designated types of traffic based on application data contained within packets.
D) A stateless firewall filters packets based on source and destination IP addresses.

A) port supertrunking
B) port mirroring
C) port shadowing
D) port lurking

A) Password Authentication Protocol (PAP)
B) Challenge Handshake Authentication Protocol (CHAP)
C) Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
D) Microsoft Challenge Handshake Authentication Protocol, version 2 (MS-CHAPv2)

A) Local authentication provides the most security.
B) Local authentication is scalable for large networks.
C) Local authentication is network and server failure tolerant.
D) Local authentication does not allow for strong enough passwords.

A) It is the name for a Kerberos client or user.
B) It is a key used by the client to gain access to services that are protected by the key on the network.
C) It is a temporary set of credentials that a client uses to prove to other servers that its identity has been validated.
D) It is the event that is generated when auditing a resource and unauthorized access is attempted.

A) EAP-TLS
B) Protected EAP (PEAP)
C) EAP-FAST
D) LEAP

A) Advanced Encryption Standard (AES)
B) Rivest Cipher 4 (RC4)
C) Blowfish
D) Data Encryption Standard (DES)