Guide To Network Defense And Countermeasures 3rd Edition by Randy Weaver – Test Bank
To Purchase this Complete Test Bank with Answers Click the link Below
If face any problem or
Further information contact us At tbzuiqe@gmail.com
Sample Questions
Chapter 4 – Routing Fundamentals
TRUE/FALSE
1. To
determine best path, routers use metrics such as the value of the first octet
of the destination IP address.
ANS:
F
PTS:
1
REF: 120
2. A
rollover cable is wired similarly to an Ethernet cable except that pins 7 and 8
are crossed.
ANS:
F
PTS: 1
REF: 122
3. Current
Microsoft OSs include IPv6, but to use it, you must enable it first.
ANS:
F
PTS:
1
REF: 127
4. Cisco
routers support both numbered and named ACLs, starting with IOS version 11.2.
ANS:
T
PTS:
1
REF: 132
5. Some
methods of attacking a Cisco router do not require knowledge of the IOS
version, so software patching is recommended.
ANS:
T
PTS: 1
REF: 144
MULTIPLE CHOICE
1. Which
of the following types of traffic does NOT travel through routers?
|
a. |
DNS zone transfers |
c. |
SNMP status information |
|
b. |
ARP requests |
d. |
network route information |
ANS: B
PTS:
1
REF: 120
2. Which
of the following is a metric routers can use to determine best path?
|
a. |
datagram size |
c. |
link state |
|
b. |
packet TTL |
d. |
network protocol |
ANS:
C
PTS: 1
REF: 120
3. What
is contained in ARP tables?
|
a. |
IP address, MAC address |
c. |
NetBIOS name, IP address |
|
b. |
DNS name, IP address |
d. |
MAC address, TCP port |
ANS:
A
PTS:
1
REF: 121
4. To
what type of port on a Cisco router do you connect a rollover cable?
|
a. |
auxiliary |
c. |
Frame Relay |
|
b. |
console |
d. |
Ethernet |
ANS:
B
PTS:
1
REF: 122
5. Which
of the following is NOT a type of entry found in a routing table?
|
a. |
default routes |
c. |
dynamic routes |
|
b. |
static routes |
d. |
backup routes |
ANS:
D
PTS:
1
REF: 122
6. Which
of the following is true about static routes?
|
a. |
the metric is higher than a dynamic route |
c. |
they are used for stub networks |
|
b. |
they are created by routing protocols |
d. |
they change automatically as the
network changes |
ANS:
C
PTS:
1
REF: 122
7. What
uses mathematical calculations to compare routes based on some measurement of
distance?
|
a. |
route summarization |
c. |
routing metrics |
|
b. |
link-state routing protocols |
d. |
distance-vector routing protocols |
ANS:
D
PTS:
1
REF: 124
8. Which
of the following makes routing tables more efficient?
|
a. |
route summarization |
c. |
CIDR |
|
b. |
VLSM |
d. |
host routing |
ANS:
A
PTS:
1
REF: 126
9. What
feature does RIPng support that is not supported by RIP?
|
a. |
gigabit Ethernet |
c. |
IPv6 |
|
b. |
supernetting |
d. |
32-bit addresses |
ANS:
C
PTS:
1
REF: 127
10.
Which feature of a router provides traffic flow and enhances
network security?
|
a. |
VLSMs |
c. |
TCP |
|
b. |
ACLs |
d. |
CIDR |
ANS: B
PTS:
1
REF: 129
11.
Which of the following is true about ACLs on Cisco routers?
|
a. |
there is an implicit deny any statement
at the end of the ACL |
c. |
ACLs are processed in reverse order so
place high priority statements last |
|
b. |
there is an explicit permit any
statement at the beginning of the ACL |
d. |
ACLs bound to an interface apply to
inbound and outbound traffic by default |
ANS:
A
PTS:
1
REF: 129
12.
Which of the following is true about standard IP ACLs?
|
a. |
they can filter on source and
destination IP address |
c. |
a 0.0.0.0 inverse mask means all bits
are significant |
|
b. |
they automatically apply to all active
interfaces |
d. |
they can filter on IP address and port |
ANS:
C
PTS:
1
REF: 130
13.
Which of the following is true about extended IP ACLs?
|
a. |
the ‘established’ keyword is not
available except on standard ACLs |
c. |
the default inverse mask for the source
is 0.0.0.0 |
|
b. |
you can apply multiple outbound ACLs on
a single interface |
d. |
they should be applied to an interface
close to the traffic source |
ANS:
D
PTS:
1
REF: 132
14.
What should you set up if you want to store router system log
files on a server?
|
a. |
AAA server |
c. |
TTY connection |
|
b. |
syslog server |
d. |
buffered logging |
ANS:
B
PTS:
1
REF: 134
15.
Which of the following is a command you would find in an antispoofing
ACL for network 172.31.0.0/16?
|
a. |
permit ip any 172.31.0.0
0.0.255.255 log |
c. |
deny ip 172.31.0.0 0.0.255.255 any log |
|
b. |
deny TCP 172.31.0.0 0.0.0.0 any log |
d. |
permit icmp any any redirect |
ANS:
C
PTS: 1
REF: 135
16.
Which of the following is an open standard used for
authentication on Cisco routers?
|
a. |
RADIUS |
c. |
CHAP |
|
b. |
ATM |
d. |
ACE |
ANS:
A
PTS:
1
REF: 136-137
17.
Which of the following types of password prevents a user from
accessing privileged exec mode on a Cisco router?
|
a. |
console |
c. |
enable |
|
b. |
AUX |
d. |
TTY |
ANS:
C
PTS:
1
REF: 137
18.
What remote shell program should you use if security is a
consideration?
|
a. |
rlogin |
c. |
rcp |
|
b. |
ssh |
d. |
rsh |
ANS:
B
PTS:
1
REF: 140
19.
What Cisco router command encrypts all passwords on the router?
|
a. |
enable secret password |
c. |
crypto key passwords |
|
b. |
secure passwords enable |
d. |
service password-encryption |
ANS:
D
PTS:
1
REF: 138
20.
Which protocol that runs on Cisco routers shares information
between Cisco devices?
|
a. |
CDP |
c. |
bootp |
|
b. |
TCP |
d. |
SSH |
ANS:
A
PTS:
1
REF: 143
COMPLETION
1. During
the routing process, the router strips off ______________________ layer header
information and then examines the Network layer address.
ANS: Data Link
PTS: 1
REF: 120
2. An
ARP broadcast is sent to the local subnet in an attempt to discover the
destination computer’s ______________ address.
ANS:
MAC
Media Access Control
PTS:
1
REF: 121
3. ____________
routes are manually configured routes that direct all packets not specifically
configured in the routing table.
ANS: Default
PTS:
1
REF: 122
4. Rather
than using classful routing, ________________ subnet masks allow you to divide
your network into different sizes to make better use of available addresses.
ANS: variable length
PTS:
1
REF: 126
5. The
enable ___________ password uses type 5 encryption and overrides the enable
password.
ANS: secret
PTS: 1
REF: 137
MATCHING
|
a. |
ACE |
f. |
inverse mask |
|
b. |
ARP table |
g. |
metrics |
|
c. |
banner |
h. |
routing |
|
d. |
console port |
i. |
stub router |
|
e. |
convergence |
j. |
virtual terminal |
1. the
port on a Cisco device that permits direct physical access from a nearby
computer using the serial RS-232 protocol
2. cost
values that help routers assess the desirability of a link
3. virtual
session access points for simultaneous access to a Cisco device
4. a
state in which all routers on a network have up-to-date routing tables
5. a
router that connects a stub network to the larger network
6. a
network system tool that lists the MAC and IP address resolutions of other
devices on the network, making the resolution process more
efficient
7. the
number in an access control list that specifies which part of an IP address is
considered significant
8. an
individual rule in an ACL
9. the
process of transporting packets of information across a network from the
source node to the destination node
10.
a message, usually a warning about appropriate use, presented to
users of a digital system before authentication
1. ANS:
D
PTS:
1
REF: 145,122
2. ANS:
G
PTS:
1
REF: 146,124
3. ANS:
J
PTS:
1
REF: 146,133
4. ANS:
E
PTS:
1
REF: 145,124
5. ANS:
I
PTS:
1
REF: 146,122
6. ANS:
B
PTS: 1
REF: 145,121
7. ANS:
F
PTS:
1
REF: 146,130
8. ANS:
A
PTS:
1
REF: 145,136
9. ANS:
H
PTS:
1
REF: 146,120
10.
ANS:
C
PTS:
1
REF: 145,139
SHORT ANSWER
1. Describe
how a computer uses its ARP table and the ARP protocol when preparing to
transmit a packet to the local network.
ANS:
When a computer prepares to transmit a packet to a destination
on the local network, it checks its ARP table for an IP-to-MAC address
resolution for the destination node. If the computer finds the address
resolution, the source computer uses the information to create the Data Link
header with the source and destination MAC addresses. The packet is then sent
directly to the destination node on the local network.
If the source computer does not find an entry for the
destination computer’s IP address in its ARP table, it sends an ARP broadcast
to the local subnet in an attempt to discover the destination computer’s MAC
address. Because the destination address in this discovery packet is a
broadcast (FF-FF-FF-FF-FF-FF), every host on the local subnet must process the
packet to determine if it is “of interest.” When the packet reaches the Network
layer, where ARP is processed, the host can determine if its own IP address is
being specified in the ARP broadcast packet. Only the correct host responds;
the others discard the packet. The host that discovers its IP address in the
broadcast packet responds to the source computer’s ARP request by providing its
MAC address.
PTS:
1
REF: 121
2. What
is a dynamic route?
ANS:
Dynamic routes are routes in a routing table that are populated
automatically by routing protocols and routing algorithms that the router uses
to calculate the best path.
PTS:
1
REF: 122
3. What
is a stub router and where would you find one?
ANS:
A router with only one route is called a stub router. A stub
router is usually found at the end of the network line and is connected to only
one other router. Stub networks are generally found at the network’s edge and
are considered dead-end segments.
PTS:
1
REF: 123
4. What
is a distance-vector routing protocol? Give one example.
ANS:
A distance-vector routing protocol uses mathematical
calculations to compare routes based on some measurement of distance, such as
hops. This protocol requires routers to send full or partial routing table
updates periodically to neighboring routers. RIP is an example.
PTS:
1
REF: 124
5. Define
metric and give three examples of common metrics that routers use.
ANS:
Metrics are cost values that help routers assess the
desirability of a link. Common metrics include hop count, load, bandwidth,
delay, and reliability of links.
PTS:
1
REF: 124
6. Define
route summarization.
ANS:
Route summarization (also called supernetting) allows service
providers to assign addresses in a classless fashion and make more efficient
use of available Internet addresses.
PTS:
1
REF: 125
7. Describe
ACLs.
ANS:
Router access control lists (ACLs) are permit or deny statements
that filter traffic based on the source and destination address, source or
destination port number, and protocol in the packet header. ACLs provide
traffic-flow control and enhance network security. They can also be used to
fine-tune performance and control client access to sensitive network segments.
PTS:
1
REF: 129
8. Where
in an internetwork should extended ACLs be applied?
ANS:
Extended IP ACLs should be applied to an interface as close to
the traffic source as possible.
PTS: 1
REF: 132
9. Describe
antispoofing logging and how you can prevent it with ACLs.
ANS:
Antispoofing is a way to prevent spoofing and ensure that no
packets arrive at your security perimeter with a source address of your
internal network or certain well-known or reserved addresses. Antispoofing is
accomplished by using ACLs.
Your ACL should instruct the router to deny any inbound packet
with a source address that matches your internal network, broadcast, and
loopback addresses; illegal addresses, such as all 0s or all 1s; and multicast
or experimental address classes. At the end of each rule in the ACL, specify
that packets matching these conditions will be logged
PTS:
1
REF: 135
10.
List the five types of Cisco router passwords.
ANS:
Enable
Enable secret
AUX
VTY
Console
PTS:
1
REF: 137
Chapter 7 – Understanding Wireless Security
TRUE/FALSE
1. Wireless
networks are essentially the same as wired networks when it comes to the
security threats each faces.
ANS:
F
PTS:
1
REF: 228
2. A RTS
frame is the first step of the two-way handshake before sending a data frame.
ANS:
T
PTS:
1
REF: 230
3. Wireless
networks use the CSMA/CD media access method.
ANS:
F
PTS:
1
REF: 234
4. Wireless
networks are inherently secure because the original IEEE 802.11 standard
addressed strong authentication and encryption.
ANS:
F
PTS:
1
REF: 244
5. SNMP
requires the installation of an SNMP agent on the device you want to monitor.
ANS:
T
PTS:
1
REF: 250
MULTIPLE CHOICE
1. Which
layer does wireless communication rely heavily upon?
|
a. |
MAC sublayer of the Network layer |
c. |
LLC sublayer of the Data Link layer |
|
b. |
MAC sublayer of the Data Link layer |
d. |
LLC sublayer of the Transport layer |
ANS:
B
PTS: 1
REF: 228
2. Which
of the following is performed by the MAC sublayer?
|
a. |
joining the wireless network |
c. |
resolving names to IP addresses |
|
b. |
resolving IP address to MAC address |
d. |
determining best path |
ANS: A
PTS:
1
REF: 229
3. Which
of the following is NOT part of a wireless MAC frame?
|
a. |
802.11 protocol version |
c. |
FCS |
|
b. |
source MAC address |
d. |
TTL |
ANS:
D
PTS: 1
REF: 229
4. Which
management frame type is sent by a station wanting to terminate the connection?
|
a. |
Deauthentication |
c. |
Reassociation request |
|
b. |
Disassociation |
d. |
Probe response |
ANS:
B
PTS: 1
REF: 230
5. Which
type of frame advertises services or information on a wireless network?
|
a. |
Probe request |
c. |
Beacon |
|
b. |
Association response |
d. |
Probe response |
ANS:
C
PTS: 1
REF: 230
6. Which
type of control frame does a station send to let the AP know is can transmit
buffered frames?
|
a. |
CTS |
c. |
RTS |
|
b. |
ACK |
d. |
PS-Poll |
ANS:
D
PTS:
1
REF: 231
7. Which
of the following is NOT a field in a control frame?
|
a. |
Duration |
c. |
Frame control |
|
b. |
Sequence control |
d. |
Frame check sequence |
ANS:
B
PTS:
1
REF: 231
8. Which
of the following is true about the SSID?
|
a. |
they can be Null |
c. |
they are not found in beacon frames |
|
b. |
they are registered |
d. |
they are found in control frames |
ANS:
A
PTS:
1
REF: 232
9. What
is a WNIC’s equivalent of a NIC’s promiscuous mode?
|
a. |
active scan mode |
c. |
passive attack mode |
|
b. |
RF monitor mode |
d. |
auto-capture mode |
ANS:
B
PTS:
1
REF: 232
10.
In which type of wireless attack does the attacker cause valid
users to lose their connections by sending a forged deauthentication frame to
their stations?
|
a. |
association flood |
c. |
session hijacking |
|
b. |
jamming |
d. |
MAC address spoofing |
ANS:
C
PTS:
1
REF: 233
11.
Which of the following is true about wardriving?
|
a. |
attackers use RF monitor mode |
c. |
the software is very expensive |
|
b. |
the hardware is very expensive |
d. |
their goal is simply to hijack a
connection |
ANS:
A
PTS:
1
REF: 234
12.
In which type of attack do attackers intercept the transmissions
of two communicating nodes without the user’s knowledge?
|
a. |
rogue device |
c. |
man-in-the-middle |
|
b. |
wardriver |
d. |
brute force |
ANS:
C
PTS:
1
REF: 235
13.
Which of the following is true about the association process?
|
a. |
it is a three-step process |
c. |
a station first send an association
request |
|
b. |
a station first listens for beacons |
d. |
the AP transmits an invitation to
associate |
ANS: B
PTS:
1
REF: 236
14.
What function does a RADIUS server provide to a wireless
network?
|
a. |
association |
c. |
decryption |
|
b. |
encryption |
d. |
authentication |
ANS:
D
PTS: 1
REF: 236
15.
What is considered to be one of the biggest weaknesses of WEP?
|
a. |
24-bit initialization vector |
c. |
128-bit key |
|
b. |
RC4 encryption |
d. |
Kerberos authentication |
ANS:
A
PTS: 1
REF: 238
16.
Which of the following is true about MAC addresses in a wireless
network?
|
a. |
MAC address filtering will stop a
determined attacker |
c. |
you need to configure the MAC address
before you use the WNIC |
|
b. |
MAC addresses are Network layer
identities |
d. |
you can change a WNICs MAC address with
software |
ANS:
D
PTS:
1
REF: 240
17.
Which of the following is NOT a suggested practice before using
a newly configured wireless network?
|
a. |
change the administrator password |
c. |
use the default encryption method |
|
b. |
change the manufacturer’s default key |
d. |
alter the default channel |
ANS:
C
PTS:
1
REF: 244
18.
Which EAP protocol requires digital certificates to validate
supplicants?
|
a. |
EAP-TLS |
c. |
LEAP |
|
b. |
EAP-TTLS |
d. |
FAST |
ANS:
A
PTS:
1
REF: 245
19.
Which of the following is true about IEEE 802.11i?
|
a. |
it uses WEP2 for authentication and
encryption |
c. |
temporal key integrity protocol is used
for encryption |
|
b. |
it uses a symmetric block cipher for
encryption |
d. |
it uses PMK to generate data encryption
keys |
ANS:
B
PTS:
1
REF: 246
20.
Which popular wireless sniffer is an IDS that is passive and
undetectable in operation?
|
a. |
Kismet |
c. |
AirSnort |
|
b. |
NetStumbler |
d. |
Aircrack-ng |
ANS:
A
PTS:
1
REF: 250
COMPLETION
1. Each
access point has a(n) ______________ that essentially functions as the name of
the network.
ANS:
SSID
service set identifier
PTS:
1
REF: 229
2. A
____________ response is sent by a station in response to a request frame and
indicates capabilities, supported data rates, and other information.
ANS: probe
PTS:
1
REF: 230
3. A
_____________ device is a wireless device that employees connect and use
without authorization or verified configurations.
ANS: rogue
PTS: 1
REF: 234
Comments
Post a Comment