1
Q
1. To reduce the possibility of security break-ins from unauthorized users, which should be implemented? A. Packet sniffers B. Firewall C. Port scanners D. Intrusion detection system
A
- B. A firewall protects a private network from unauthorized users on a public network.
2
Q
- What is the main difference between a private network and a public network?
A. In a private network, everyone has access; in a public network, only authorized users have access.
B. In a private network, only authorized users have access; in a public network, only authorized users have access.
C. In a private network, only authorized users have access; in a public network, everyone that is connected has access.
D. In a private network, everyone has access; in a public network, only the first 100 people have access.
A
- C. On a private network, only authorized users have access to the data, versus a public network where everyone connected has access to the data.
3
Q
- You have a remote user who can connect to the Internet but not to the office via their VPN client. After determining the problem, which should be your next step?
A. Have the client reboot their host.
B. Make sure the user has the correct VPN address and password.
C. Have the client reinstall their VPN software.
D. Reboot the router at the corporate office.
A
- B. After determining that the user has local network access, your next step would be to verify the VPN address and password.
4
Q
4. Which IP address should you deny into your internetwork? A. 126.10.10.0/8 B. 168.0.0.0/8 C. 128.0.0.0/8 D. 127.0.0.0/8
A
- D. To have good security on your network, deny any addresses from your internal networks, deny any local host addresses (127.0.0.0/8), deny any reserved private addresses, and deny any addresses in the IP multicast address range (224.0.0.0/4).
5
Q
5. Which of the following is a tunneling protocol? A. Layer 2 Tunneling Protocol (L2TP) B. Internet Protocol Security (IPSec) C. Secure Sockets Layer (SSL) D. All of the above
A
- D. Tunneling is encapsulating one protocol within another protocol to complete a secure transmission. Options A, B, and C are all tunneling protocols you should be aware of, as well as Secure Sockets Layer Virtual Private Network (SSL VPN) and Point-to-Point Tunneling Protocol (PPTP).
6
Q
6. Which tunneling protocol is based on RSA public-key encryption? A. SSL B. L2TP C. IPSec D. SSL VPN
A
- A. SSL is based on RSA public-key encryption and is used to provide secure Session layer connections over the Internet between a web browser and a web server.
7
Q
7. What is the minimum number of characters you should use when creating a secure password? A. 6 B. 7 C. 8 D. 15
A
- C. The minimum length should be 8, and the maximum length should be 15. A strong password is a combination of alphanumeric and special characters that is easy for you to remember but difficult for someone else to guess.
8
Q
8. Which layer of the OSI model does IPSec operate in? A. Physical B. Network C. Transport D. Application
A
- B. IPSec works at the Network layer of the OSI model (Layer 3) and secures all applications that operate above it (Layer 4 and above). Additionally, because it was designed by the IETF and designed to work with IPv4 and IPv6, it has broad industry support and is quickly becoming the standard for VPNs on the Internet.
9
Q
9. Which protocol works in both the transport mode and tunneling mode? A. SSL B. L2TP C. PPTP D. IPSec
A
- D. IPSec works in both transport mode and tunneling mode. In transport mode, a secure IP connection between two hosts is created. Data is protected by authentication or encryption (or both). Tunnel mode is used between network endpoints to protect all data going through the tunnel.
10
Q
10. Companies that want to ensure that their data is secure during transit should use which of the following? A. Firewalls B. Encryption C. Data accounting D. Routing table
A
- B. Companies that want to ensure their data is secure during transit should encrypt their data before transmission. Encryption is the process that encodes and decodes data.
11
Q
11. Which network utilities do not have the ability to encrypt passwords? (Select two.) A. FTP B. SSH C. Telnet D. SCP
A
- A, C. Some older network utilities such as FTP and Telnet don’t have the ability to encrypt passwords.
12
Q
12. To encode or read an encrypted message, what tool is necessary? A. Routing table B. Internet access C. Encryption key D. Email address
A
- C. To encode a message and decode an encrypted message, you need the proper encryption key or keys. The encryption key is the table or formula that defines which character in the data translates to which encoded character.
13
Q
- Which if the following is not an enhancement provided by TLS version1.2?
A. Improvements in the operation of the MD5-SHA-1 hashing function
B. Enhanced support for the Advanced Encryption Standard (AES)
C. Expansion of the use of TLS to VPNs
D. More flexibility in the choice of hashing and encryption algorithm
A
- C. TLS was available for use with VPNs in the earlier version of TLS.
14
Q
14. Which of the following is not a type of public-key encryption? A. Diffie-Hellman algorithm B. RSA Data Security C. Pretty Good Privacy (PGP) D. DES
A
- D. The Data Encryption Standard (DES) is not a type of public-key encryption.
15
Q
15. Which of the following VPN protocols runs over port 1723, allows encryption to be done at the data level, and allows secure access? A. RAS B. Radius C. PPPoE D. PPTP
A
- D. PPTP is a VPN protocol that was created by Microsoft and uses port 1723 to encrypt data at the Application level.
16
Q
16. At which stage of PPPoE are the MAC addresses of each of the endpoints of the connection given to each other so that a PPP connection can be made? A. Session B. Discovery C. Transport D. Final
A
- B. PPPoE has only two stages: discovery and session. In the discovery phase, the MAC addresses of each of the endpoints of the connection are given to each other so that a secure PPP connection can be made.
17
Q
17. When utilizing multifactor authentication, which of the following is an example of verifying something you are? A. Smart card B. Password C. Fingerprint D. Certificate
A
- C. A fingerprint is an example of something you are. Other examples are retina scans and facial recognition.
18
Q
18. Which of the following authentication methods allows for domain authentication on both wired and wireless networks? A. RADIUS B. TACACS+ C. PKI D. RDP
A
- A. RADIUS servers provide both authentication and encryption services and can combine these into one service. RADIUS can be used for allowing or denying access on both wired and wireless access at the domain level.
19
Q
19. Which user-client-server authentication software system combines user authentication and authorization into one central database and maintains user profiles? A. RADIUS B. TACACS+ C. Kerberos D. PKI
A
- A. RADIUS combines user authentication and authorization into one centralized database and maintains user profiles.
20
Q
20. Which of the following is not a Network Access Control method? A. CHAP B. 802.1x C. EAP D. ICA
A
- D. Independent Computing Architecture (ICA) is a protocol designed by Citrix Systems to provide communication between servers and clients. ICA is a remote-access method.
