CS/IS 190 Homework #6Instructions: Answer all questions and put the answers on the excel spreadsheet which is available on my web page. Note that some questions have multiple correct answers. Print out the answer sheet or email it to me before the due deadline. Be sure to put your name on the answer sheet.

Chapter 19

Protecting Your Network

1. Which term is sometimes used to describe the people who carry out network threats?A. Worm catcherB. Threat agentC. Vulnerability analystD. Trojan horse

2. Which type of attack uses hundreds, thousands, or even millions of computers under the control of a single operator to launch a coordinated attack?A. DDoSB. Smurf attackC. PhishingD. DHCP snooping

3. Which term refers to a single computer under the control of an operator?A. DDoSB. Smurf attackC. PhishingD. Zombie

4. Which tool watches for and ignores incoming DHCP requests from unknown MAC addresses?A. TEMPESTB. DHCP snoopingC. NMapD. RF emanation

5. ARP poisoning is a common method for __________ attacks.A. DDoSB. phishingC. man in the middleD. smurf

6. Which type of attack involves the attacker tapping into communications between two systems?A. PhishingB. MalwareC. Man in the middleD. Leeching

7. Which term refers to trying every permutation of some form of data in an attempt to discover protected information?A. Brute forceB. RF emanationC. AmplificationD. Reflection

8. Installing backup power in case of electrical failure is a form of __________.A. firewallB. DMZC. redundancyD. inheritance

9. Which term describes a technology that spreads data across multiple drives?A. InheritanceB. MacroC. RAIDD. Honeypot

10. One of the first techniques that malicious users try is to probe hosts to identify any __________ ports.A. openB. closedC. blockedD. locked

11. Which term refers to the administrative account native to Linux?A. AdministratorB. AdminC. RootD. Supervisor

12. Which type of malware replicates exclusively through networks?A. RootkitB. WormC. MacroD. Trojan

13. Which type of malware looks or pretends to do one thing while, at the same time, doing something evil?A. RootkitB. WormC. MacroD. Trojan

14. Which type of malware takes advantage of very low-level operating system functions to hide itself from all but the most aggressive of anti-malware tools?A. RootkitB. WormC. MacroD. Trojan horse

15. Which term refers to a program that monitors the types of Web sites you frequent and uses that information to generate targeted advertisements, usually pop-up windows?A. SpywareB. AdwareC. MacroD. Trojan Horse

16. Which term refers to an aspect of any program that sends information about your system or your actions over the Internet?A. SpywareB. AdwareC. MacroD. Trojan Horse

17. Which type of attack is a form of social engineering?A. Denial of ServiceB. Smurf attackC. PhishingD. Zombie

18. What series of standards does the U.S National Security Agency (NSA) define to block RF emanation?A. LeechingB. HTTPSC. DMZD. TEMPEST

19. Fingerprint readers, facial recognition cameras, voice analyzers, retinal blood vessel scanners or other more exotic characteristics are all examples of __________.A. unified threat management (UTM)B. multifactor authentication C. biometric devicesD. inheritance

20. Biometric access calls for using a(n) __________ physical characteristic of a person to permit access to a controlled IT resource.A. sharedB. publicC. uniqueD. common

21. IP cameras and __________ are specific implementations of video monitoring.A. voice analyzersB. RFID chipsC. closed-circuit televisionsD. access control lists

22. Cisco uses what it calls __________ as one of its tools to implement network admission control.A. stateless inspectionB. botnetsC. posture assessmentD. persistent agent

23. What type of agent is composed of modules that perform a thorough inventory of each security-oriented element in the computer?A. Inbound agentB. Persistent agentC. Private agentD. Non-persistent agent

24. Your first and last bastion of defense for your entire infrastructure’s security is at the individual __________.A. NICsB. portsC. hostsD. user accounts

25. Which term refers to a system with very high network output?A. HostB. HoneypotC. Top talkerD. Demilitarized zone

26. What are the most common symptoms of malware on a compromised system?A. General sluggishness and random messagesB. Random messages and blank screenC. General sluggishness and random crashesD. Dropping Internet connection and intermittent blank screens

27. Which type of firewall is built into most consumer-grade routers?A. A Host-based firewallB. A Small office/home office (SOHO) firewallC. A Software-based firewallD. A Windows Firewall

28. Which type of firewall packet inspection is aware is aware of the packet’s state, as it relates to other packets?A. StatefulB. StatelessC. PortD. Filtered

29. Which type of firewall packet inspection inspects each packet fresh, with no regard to the state of the packet’s relation to any other packet?A. StatefulB. StatelessC. PortD. Filtered

30. Which technology consists of devices or software that protect an internal network from unauthorized access by acting as a filter?A. PortsB. Demilitarized zonesC. HoneypotsD. Firewalls

31. An access control list (ACL) is a rule applied to an interface that allows or denies traffic based on things like source or __________.A. destination filteringB. MAC addressesC. network address translationD. destination IP addresses

32. Which technology provides critical filtering to keep traffic flowing where it should and prohibiting traffic in areas where traffic should not flow?A. ARP cache poisoningB. Demilitarized zoneC. RF emanationD. Access control list (ACL)

33. Access control lists (ACLs) consider traffic as either __________.A. encrypted or unencryptedB. private or publicC. persistent or non-persistentD. inbound or outbound

34. A(n) __________ can consist of an external firewall and an internal firewall.A. demilitarized zone (DMZ)B. honeypotC. posture assessmentD. quarantine network

35. Which firewall comes in and sits between publicly accessible servers and the trusted network that houses all the organizations private serves and workstations?A. The external firewallB. The internal firewall C. The proxy serverD. The access control list

--- END CHAPTER 19 ---

Chapter 20

Network Monitoring

1. Which underlying protocol enables network monitoring tools to work?A. TCPB. SNMPC. UDPD. SMTP

2. The SNMP manager requests and processes information from __________ devices.A. openedB. closedC. managedD. privileged

3. Managed devices run specialized __________ called agents.A. robotsB. switchesC. dronesD. software

4. An SNMP system has up to __________ core functions (depending on the version of SNMP).A. twoB. fourC. sixD. eight

5. Which core function is sent when an SNMP manager wants to query an agent?A. SetB. GetC. ResponseD. Trap

6. Which core function is sent by the agent after the SNMP manager queries an agent with a GetRequest or GetNextRequest?A. SetB. GetC. ResponseD. Trap

7. An NMS can tell an agent to make changes to the information it queries and sends through a __________ protocol data unit (PDU).A. SetB. GetC. ResponseD. Trap

8. An agent can solicit information from an NMS with the __________ protocol data unit (PDU).A. SetB. GetC. ResponseD. Trap

9. The snmpwalk utility tells the SNMP manager to perform a series of __________ commands.A. SetB. GetC. ResponseD. Trap

10. What is the CompTIA Network+ shortened name for the snmpwalk utility?A. SnmpwkB. TripC. SwalkD. Walk

11. When an SNMP manager queries an agent, the agent sends a __________ of the requested information.A. setB. hashC. responseD. trap

12. What User Datagram Protocol (UDP) ports does SNMP use for unsecure communication?A. 61 and 62B. 610 and 612C. 161 and 162D. 10162 and 10161

13. What User Datagram Protocol (UDP) ports does SNMP use for secure communication?A. 61 and 62B. 610 and 612C. 161 and 162D. 10162 and 10161

14. On which port does the NMS receives/listen?A. 160B. 161C. 162D. 163

15. A packet sniffer is a program that queries a network interface and collects packets in a file called a __________ file.A. captureB. logC. flow cacheD. syslog

16. Packet sniffers need to capture all the packets they can so it is typical for them to connect to an interface in __________ mode.A. clear textB. closedC. promiscuousD. open

17. In the case of a switch, it is typical for packet sniffers to connect to an interface using a __________ port.A. virtualB. mirroredC. promiscuousD. closed

18. Which program is an example of a powerful and free protocol analyzer?A. WiresharkB. SyslogC. Cisco Network Assistant (CNA)D. PerfMon

19. Which filtering term does Wireshark use when creating a file that only shows DHCP packets?A. DHCPB. FilterDHCPC. bootpD. FILTER

20. Which tool was developed for packet flow monitoring and was subsequently included in Cisco routers and switches?A. NetFlowB. WiresharkC. PerfMonD. Syslog

21. In NetFlow, a single flow is a flow of __________ from one specific place to another.A. framesB. packetsC. segmentsD. cylinders

22. In NetFlow, single flows are stored in a __________.A. logB. flow cacheC. packetD. frame

23. If you want to know how hard your network is working, use a(n) __________.A. management information baseB. flow cacheC. performance managerD. interface monitor

24. Interface monitors track the quantity and utilization of traffic through a physical __________ or ports on a single device.A. network interface card (NIC)B. portC. switchD. frame

25. A port will drop a packet for one of two reasons: __________.A. an error or a discardB. a discards or a dropC. a delay or a dropD. an error or a delay

26. The cornerstone of every performance monitor are the system’s __________.A. switchesB. speed limitsC. portsD. logs

27. Which term does PerfMon use when referring to the monitored aspect of the system?A. FacilitiesB. CountersC. ModesD. Characteristics

28. What term does syslog use when referring to the monitored aspect of the system?A. FacilitiesB. CountersC. ModesD. Characteristics

29. Which common tool comes with all versions of Windows and is used to create a baseline on Windows systems?A. Performance MonitorB. CactiC. SyslogD. NetFlow

30. Which program is an example of a graphing tool that could be used show everything about specific switches?A. NetFlowB. CactiC. SyslogD. Cisco Network Assistant (CNA)

--- END CHAPTER 20 ---

Chapter 21

Network Troubleshooting

1. Which tool can be used to notify a technician where a cable break is occurring on a copper cable?A. Cable testerB. CertifierC. TDRD. OTDR

2. Which tool tests a cable to ensure that it can handle its rated amount of capacity?A. Cable testerB. CertifierC. TDRD. OTDR

3. Which tool can be used to notify a technician of a continuity problem or if a wire map is not correct?A. Cable testerB. CertifierC. TDRD. OTDR

4. Which tool can be used to notify a technician where a cable break is occurring on a fiber cable?A. Cable testerB. CertifierC. TDRD. OTDR

5. Which term is another name for an optical power meter?A. Line testerB. Light meterC. Looking glassD. Multimeter

6. A cable might experience crosstalk, where the electrical signal bleeds from one wire pair to another, creating __________.A. interferenceB. voltage spikesC. noiseD. impedance

7. __________ problems manifest themselves as intermittent problems.A. Broken cables and switchB. Broken cables and heatC. Broken cables and powerD. Heat and power

8. Which utility is categorized in the CompTIA Network+ exam as a hardware tool?A. Protocol analyzerB. Port scannerC. Packet snifferD. Throughput tester

9. Which tool will provide a technician with Application, Session, Transport, Network, and Data Link layer information from every frame traveling through the network?A. Voltage event recorderB. CertifierC. Protocol analyzerD. Cable tester

10. Which tool can be used to make unshielded twisted pair (UTP) cables?A. TDRB. Cable stripperC. OTDRD. Butt set

11. Which tool can be used to tap into a 66-block or 110-block to see if a particular line is working?A. TDRB. Cable stripperC. OTDRD. Butt set

12. Which tool positions unshielded twisted pair (UTP) wires into 66- and 110-blocks?A. TDRB. Cable stripperC. Punchdown toolD. Butt set

13. Which command can be used to diagnose where a problem lies when there are issues reaching a remote system?A. nslookupB. ipconfigC. pingD. tracert

14. Which software tool is built into operating systems?A. portscanB. snifferC. nmapD. traceroute

15. Which tool is falls into the category of a third-party software tool?A. Throughput testerB. Tone generatorC. Butt setD. Pathping

16. Which Linux command can be used to view IP settings?A. ipB. ipconfigC. ssD. config

17. Which command can be used on a Windows computer to view the IP settings?A. ipB. ssC. ipconfigD. ifconfig

18. Which ipconfig command switch would a technician use to display detailed information (such as DNS servers and MAC addresses)?A. /verboseB. /detailC. /allD. /display

19. Which command uses Internet Message Control Protocol (ICMP) packets to query by IP or by name?A. pingB. tracerouteC. nslookupD. mtr

20. Which command would a technician use to diagnose DNS problems on a Windows computer?A. nslookupB. ipconfigC. pingD. dig

21. Which command, while not available on Windows, can be used on UNIX/Linux/OS X systems to diagnose DNS problems?A. nslookupB. ipconfigC. pingD. dig

22. Which utilities are excellent examples of connectivity applications that enable a technician to determine if a connection can be made between two computers?A. wireshark and nmapB. ping and tracerouteC. nbtstat and netstatD. arp and arping

23. Microsoft has a utility called __________ that combines the functions of ping and tracert as well as add some additional functions.A. routepingB. pingtraceC. tracepingD. pathping

24. Which command is a dynamic (keeps running) equivalent to traceroute?A. mtrB. routetraceC. routeD. ping

25. Which route command switch must a technician use to see the current routing table on the computer?A. displayB. screenC. show allD. print

26. Which command shows the local NETBIOS names on a Windows system?A. nslookupB. nbtstat -nC. netstat -rD. hostname /net

27. Which command would a technician use to see any systems running Samba?A. pingB. routeC. netstatD. nbtstat

28. Which command used in Linux is faster and more powerful than netstat?A. nbstatB. ssC. statD. ip

29. Which tool intercepts and logs network packets?A. CertifierB. Packet snifferC. Throughput testerD. Port scanner

30. Which tool is an example of a packet sniffer?A. SpeakeasyB. WiresharkC. ArpD. Nmap

31. Which tool is a command line alternative to Wireshark?A. SpeakeasyB. tcpdump C. nmapD. Angry IP Scanner

32. Which tool is an example of a port scanner?A. Speakeasy B. WiresharkC. arpD. nmap

33. Which task is the first step in troubleshooting?A. Establish a theory of probable cause.B. Implement and test the solution.C. Identify the problem.D. Test the theory to determine cause.

34. Which protocol will help prevent downtime due to failures on the default gateway?A. HSRPB. BGPC. OSPFD. RIP v2

35. Which is another name for a switching loop?A. Routing loopB. Bridging loopC. ARPing loopD. Broadcast loop

--- END CHAPTER 21 ---