You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55.199/16. You have a single public address that is shared by all hosts on your private network. |
Static NAT |
You are the network admin for a small company that implements NAT to access the internet. However, you recently acquired file servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new serves, but you dont want the public to access these servers directly. you want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these serves? |
Static NAT |
You want to connect your small company network to the internet. Your ISP provides you with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. what type of network address translation (NAT) should you implement. |
Dynamic |
Which of the following is not one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT Server |
169.254.0.0 – 169.254.255.255 |
Which of the following networking devices or services prevent the use of IPsec in most cases? |
NAT |
Which of the following is NOT a benefit of NAT? |
Improving the throughput rate of traffic |
A group of salesman would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. |
VPN concentrator |
A VPN is primarily used for what purpose? |
Support secured communications over an untrusted network |
Which VPN protocol typically employs IPSEC as its data encryption mechanism? |
LWTP (Layer 2 Tunneling Protocol) |
Which statement best describes IPsec when used in tunnel mode? |
The entire data packet, including headers, is encapsulated |
which IPsec subprotocol provides data encryption |
ESP |
Which is the best countermeasure for someone attempting to view your network traffic? |
VPN |
PPTP is quickly becoming obsolete because of which VPN protocol? |
L2TP Layer 2 transport protocol |
What is the primary use of tunneling |
Supporting private traffic through a public communication medium |
In addition to Authentication Header (AH), IPsec is comprised of what other service? |
ESP Encapsulating Security Payload |
A salesperson travel a ton you know she should VPN |
Configure the browser to send Https requests through the VPN connection Configure the VPN to use IPsec |
Which of the following is a valid security measure to protect email from viruses |
Use Blockers on Email gateways |
Which of the following prevents access based on website rating and classifications? |
Content Filter |
You are investigating the use of the website and URL content filtering to prevent users from listing certain websites. |
Enforcement of the organizations internet usage policy an increase in bandwidth availability |
Which of the following are functions of gateway email spam blockers? |
Blocks email from specific senders Filters messages containing specific content. |
You have a company network with a single switch. All Devices connect to the network through the switch. you want to control which devices are able to connect to your network. For device that do not have the latest OS patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download |
802.1x authentication Remediation servers |
Which step is required to configure NAP on a Remote Desktop (RD) gateway server |
edit the properties for the server and select REQUEST CLIENTS TO SEND A STATEMENT OF HEALTH |
In a NAP system, what is the function fo the System Health Validator? |
Compare the statement of health submitted by the client to the health requirements |
How does IPsec NAP enforcement differ from other NAP enforcement methods? |
Clients must be issued a valid certificate before a connection to the private network is allowed. |
Your organization’s security policy requires you to restrict network access to allow only clients that have their firewall enabled. |
NAP, NAC Network access protection network access control |
Which of the following specifications identify security that can be added to wireless network? (select two) |
802.1x 802.11i |
Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients? |
WEP, WPA Personal, WPA2 Personal |
Which of the following offers the WEAKEST form of encryption for an 802.11 wireless network? |
WEP Wired Equivalent Privacy |
What encryption method is used by WPA for wireless networks? |
TKIP |
Which of the following features are supplied by WPA2 on a wireless network? |
Encryption |
You need to configure a wireless network. You want to use WPA2 Enterprise. which of the following components |
802.1x AES encryption |
You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption. |
Configure the connection to use WPA2-Enterprise |
Which of the following are typically used for encrypting data on a wireless network? |
TKIP AES |
You want to connect a laptop computer running windows to a wireless network. |
Configure the connection with a pre-shared key and AES encryption |
Which of the following is used on a wireless network to identify the network name? |
SSID |
Which of the following are true about WI-FI protected access 2 (WPA2)? (select 2) |
Upgrading from a network using WEP typically requires installing new hardware. WPA2 uses AES for encryption and CBC-MAC for data integrity |
WIMax is an implementation of which IEEE committee? |
802.16 |
You have a small wireless network that uses multiple access points. the network uses WPA and broadcasts the SSID. WPA2 is not supported by the wireless access points. You want to connect a laptop computer to the wireless network. which of the following parameters will you need to configure on the laptop? (select two) |
TKIP Pre-shared key |
Your Company security policy states that wireless networks are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the network in his office. what type of security risk is this? |
Rogue access point |
Which of the following best describes Bluesnarfing? |
Viewing calendar, emails, and messages on a mobile device without authorization |
Which of the following sends unsolicited business cards and messages to a bluetooth device |
BlueJacking |
Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol? |
Disable Bluetooth on the phone |
You are troubleshooting a wireless connectivity issue in a small office. you determine that the 2.4ghz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing interference, which of the following wireless standards could the network be using. |
Bluetooth 802.11g Both run on 2.4GHz |
Your organization uses an 802.11g wireless network. Recently other tenants installed the following equipment in your building. Wireless tv @2.4GHZ, wireless phone @5.8GHz Which one is causing interference? |
2.4GHZ Wireless TV |
Which of the following best describes an evil twin? |
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information. |
Network packet sniffing is often used to gain the information necessary to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing? |
Encryption |
Which of the following common network monitoring or diagnostic activities can be used as a passive malicious attack? |
Sniffing |
An attacker has hidden an NFC reader behind an NFC-based kiosk in an airport. The attacker uses the device to capture NFC data in transit between end user devices and the reader in the kiosk. |
NFC relay attack |
You are implementing a wireless network in a dentist’s office. the dentist’s practice is small so you choose to use an inexpensive consumer-grade access point. While reading the documentation, you notice that the access point supports Wi-Fi Protected Setup (WPS) |
Disable WPS in the access point’s configuration |
You are concerned that wireless access points may have been deployed within your organization without authorization. |
Conduct a site survey Check the MAC addresses of devices connected to your wired switch. |
Which of the following locations contributes the greatest amount of interference for a wireless access point? (select two) |
Near backup generators Near cordless phones |
Which of the following network protection methods prevents the wireless network name from being broadcast? |
SSID Broadcast |
Which of the following do switches and wireless access points use to control access through the device? |
MAC address filtering |
You have physically added a wireless access point to your network and installed a wireless networking card in two laptops that run windows. Neither laptop can find the network. You have com to the conclusion that you must manually configure the wireless access point (AP). Which of the following values uniquely identifies the network AP? |
SSID |
You want to implement 802.1x authentication on your wireless network. Which of the following will be required. |
Radius |
You are the wireless network administrator for your organization. As the size of the organization has grown, you have decided to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. You have decided to use LEAP to authenticate wireless clients. To do this, you configured a Cisco RADIUS server and installed the necessary Cisco client software on each RADIUS client. |
The system is vulnerable because LEAP is susceptible to dictionary attacks. |
You are the wireless network administrator for your organization. As the size of the organization has grown, you have decided to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. To do this, you need to configure a RADIUS server and RADIUS clients. You want the server and the clients to mutually authenticate with each other. |
Configure the RADIUS server with a server certificate Configure the wireless access points with client certificates |
You need to place a wireless access point in your two-story building. while trying to avoid interference, which of the following is the best location for the access point? |
On the top floor |
Which of the following recommendations should you follow when placing access points to provide wireless access for users within your company building? |
place access points above where most clients are. |
The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. What should you do? |
Implement a captive portal |
You are replacing a wired business network with an 802.11g wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network will have multiple wireless access points. you want to use WPA2 on the network. What should you do to configure the wireless network? (select two) |
Install a RADIUS server and use 802.1x authentication Configure devices to run in infrastructure mode. |
Which of the following features on a wireless network allows or rejects client connections based on the hardware address? |
MAC address filtering |
A customer has called and indicated that he thinks his neighbor is connecting to his wireless access point (AP) to use his high-speed internet connection. Which of the following will resolve this issue? |
Implement Mac address filters Disable SSID broadcast on the AP |
You have installed a wireless access point (AP) for your organizations network. You know that the radio signals used but the AP extend beyond your organization’s building and are concerned that unauthorizes users outside may be able to access your internal network. What can you do to protect the wireless network? (select two) |
Disable DHCP on the AP Configure the AP to filter out unauthorized MAC addresses |
You are concerned about sniffing attacks on your wireless network. which of the following implementation offers the best countermeasure to sniffing? |
WPA2 with AES |
Security + Chapter 5 second half
Share This
Unfinished tasks keep piling up?
Let us complete them for you. Quickly and professionally.
Check Price