what information within a data packet does a router use to make forwarding decisions

CyberOps Acquaintance (Version i.0) – Modules 11 – 12: Network Infrastructure Security Group Exam

i. For which discovery mode will an AP generate the most traffic on a WLAN?

• passive mode
• mixed mode
• active manner
• open up mode

two. Which parameter is commonly used to identify a wireless network name when a dwelling house wireless AP is beingness configured?

• ad hoc
• SSID
• BESS
• ESS

iii. Which 2 protocols are considered distance vector routing protocols? (Cull two.)

• ISIS
• RIP
• BGP
• EIGRP
• OSPF

4. Which AAA component tin be established using token cards?

• authentication
• accounting
• authorization
• auditing

Explanation: The authentication component of AAA is established using username and countersign combinations, challenge and response questions, and token cards. The authorization component of AAA determines which resources the user can access and which operations the user is allowed to perform. The bookkeeping and auditing component of AAA keeps rail of how network resource are used.

5. Which statement describes a VPN?

• VPNs use open source virtualization software to create the tunnel through the Cyberspace.
• VPNs utilise dedicated physical connections to transfer information between remote users.
• VPNs utilize logical connections to create public networks through the Internet.
• VPNs utilize virtual connections to create a individual network through a public network.

Explanation: A VPN is a private network that is created over a public network. Instead of using defended physical connections, a VPN uses virtual connections routed through a public network between two network devices.

half dozen. What is an advantage of HIPS that is not provided past IDS?

• HIPS protects disquisitional organization resources and monitors operating organization processes.
• HIPS deploys sensors at network entry points and protects critical network segments.
• HIPS monitors network processes and protects critical files.
• HIPS provides quick analysis of events through detailed logging.

Explanation: Network-based IDS (NIDS) sensors are typically deployed in offline way. They practice not protect private hosts. Host-based IPS (HIPS) is software installed on a single host to monitor and clarify suspicious activeness. It tin can monitor and protect operating system and disquisitional system processes that are specific to that host. HIPS tin exist thought of as a combination of antivirus software, antimalware software, and a firewall.

vii. Which statement describes a difference between RADIUS and TACACS+?

• RADIUS separates hallmark and dominance whereas TACACS+ combines them as one process.
• RADIUS is supported by the Cisco Secure ACS software whereas TACACS+ is not.
• RADIUS uses TCP whereas TACACS+ uses UDP.
• RADIUS encrypts only the password whereas TACACS+ encrypts all communication.

viii. What are 2 disadvantages of using an IDS? (Choose two.)

• The IDS does not stop malicious traffic.
• The IDS works offline using copies of network traffic.
• The IDS has no touch on on traffic.
• The IDS analyzes actual forwarded packets.
• The IDS requires other devices to respond to attacks.

Caption: The disadvantage of operating with mirrored traffic is that the IDS cannot terminate malicious single-package attacks from reaching the target before responding to the set on. Also, an IDS oftentimes requires assistance from other networking devices, such equally routers and firewalls, to respond to an assail. An advantage of an IDS is that by working offline using mirrored traffic, it has no touch on traffic flow.

9. Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?

• An ambassador tin assign interfaces to zones, regardless of whether the zone has been configured.
• An ambassador can assign an interface to multiple security zones.
• By default, traffic is allowed to flow amongst interfaces that are members of the same zone.
• By default, traffic is immune to menstruum between a zone fellow member interface and any interface that is not a zone member.

Caption: An interface tin belong to only one zone. Creating a zone is the kickoff step in configuring a zone-based policy firewall. A zone cannot be assigned to an interface if the zone has not been created. Traffic can never flow betwixt an interface that is assigned to a zone and an interface that has not been assigned to a zone.

10. Which technique is necessary to ensure a private transfer of data using a VPN?

• encryption
• virtualization
• scalability
• authorization

Caption: Confidential and secure transfers of data with VPNs require data encryption.

11. Which two devices would normally be found at the access layer of the hierarchical enterprise LAN design model? (Choose two.)

• modular switch
• Layer iii device
• Layer ii switch
• firewall
• access point

Explanation: While some designs do road at the access layer, the two devices that should always be placed at the access layer of the hierarchical blueprint model are an access point and a Layer 2 switch. A modular switch is commonly used at the core layer. Routing by a Layer 3 device is ordinarily used in the distribution layer. The firewall is a device in the Internet border network design.

12. Which 2 statements are truthful about NTP servers in an enterprise network? (Cull ii.)

• There can only be one NTP server on an enterprise network.
• NTP servers at stratum 1 are straight connected to an authoritative time source.
• NTP servers control the mean time betwixt failures (MTBF) for key network devices.
• NTP servers ensure an accurate time postage stamp on logging and debugging information.
• All NTP servers synchronize directly to a stratum 1 time source.

Explanation: Network Time Protocol (NTP) is used to synchronize the time across all devices on the network to make certain authentic timestamping on devices for managing, securing and troubleshooting. NTP networks use a hierarchical system of time sources. Each level in this hierarchical arrangement is chosen a stratum. The stratum i devices are directly connected to the authoritative time sources.

13. In the data gathering process, which type of device will listen for traffic, but only assemble traffic statistics?

• NetFlow collector
• NMS
• SNMP agent
• syslog server

Explanation: A NetFlow collector is the device that receives traffic statistics from networking devices. NetFlow only gathers traffic statistics, unlike syslog and SNMP which can collect various network events.

14. Which two protocols are link-country routing protocols? (Cull ii.)

• ISIS
• EIGRP
• BGP
• RIP
• OSPF

xv. What is the function of the distribution layer of the iii-layer network design model?

• providing direct access to the network
• providing secure access to the Internet
• accumulation access layer connections
• providing high speed connection to the network border

Caption: The function of the distribution layer is to provide connectivity to services and to amass the access layer connections

16. What 2 components of traditional web security appliances are examples of functions integrated into a Cisco Spider web Security Appliance? (Cull ii.)

• email virus and spam filtering
• VPN connectedness
• firewall
• web reporting
• URL filtering

Explanation: The Cisco Web Security Apparatus is a secure web gateway which combines advanced malware protection, application visibility and control, acceptable use policy controls, reporting, and secure mobility functions. With traditional web security appliances, these functions are typically provided through multiple appliances. Information technology is not a firewall appliance in that information technology just filters web traffic. Information technology does not provide VPN connections, nor does it provide email virus and spam filtering; the Cisco Email Security Apparatus provides these functions.

17. What are two types of addresses establish on network end devices? (Choose 2.)

• return
• IP
• MAC
• TCP
• UDP

Explanation: Intermediary devices utilize two types of addresses when sending letters to the terminal destination device, MAC and IP addresses. TCP and UDP are protocols used at Layer four to place what port numbers are being used on the source and destination devices. A return address is used when mailing a letter, not in networking.

xviii. What is a characteristic of the WLAN passive find mode?

• The client must know the name of the SSID to brainstorm the discover process.
• The client begins the find procedure by sending a probe asking.
• The beaconing characteristic on the AP is disabled.
• The AP periodically sends beacon frames containing the SSID.

Explanation: In passive mode, the wireless clients learn what networks and APs are available. The client learns this information from beacon frames, sent by the APs, that contain the WLAN SSID, supported standards, and security settings.

nineteen. What is a characteristic of a routed port that is configured on a Cisco switch?

• It supports subinterfaces.
• It is associated with a single VLAN.
• It runs STP to prevent loops.
• Information technology is assigned an IP address.

Explanation: Routed ports on a Cisco switch acquit similarly to those on a router. They are configured with an IP address and frontward Layer 3 packets. Unlike Layer two switch interfaces, routed ports do non support STP, nor do they back up subinterfaces as routers do.

20. What activeness does an Ethernet switch take when it receives a frame with an unknown Layer 2 source address?

• It forrard the frame out all interfaces except the interface on which information technology was received.
• It forward the frame to the default gateway.
• Information technology records the source accost in the address tabular array of the switch.
• It drops the frame.

Caption: When an Ethernet switch receives a frame with an unknown Layer ii address, the switch records that address in the address table.

21.. Friction match each device to a category.

22. What is a host-based intrusion detection system (HIDS)?

• It detects and stops potential direct attacks merely does not scan for malware.
• It is an agentless organization that scans files on a host for potential malware.
• It identifies potential attacks and sends alerts just does non stop the traffic.
• It combines the functionalities of antimalware applications with firewall protection.

Explanation:Accurrent HIDS is a comprehensive security application that combines the functionalities of antimalware applications with firewall protection. An HIDS not simply detects malware simply likewise prevents information technology from executing.
Because the HIDS runs directly on the host, itis considered an agent-based organisation.

23. What type of route is created when a network administrator manually configures a route that has an active exit interface?

• directly connected
• static
• local
• dynamic

Explanation: A static road is one that is manually configured past the network ambassador.

24. Which characteristic describes a wireless client operating in active fashion?

• must be configured for security earlier attaching to an AP
• broadcasts probes that request the SSID
• power to dynamically change channels
• must know the SSID to connect to an AP

25. Which routing protocol is used to exchange routes betwixt internet service providers?

• OSPF
• EIGRP
• ISIS
• BGP
• RIP

Explanation: BGP is a path vector routing protocol and information technology is used by internet service providers to exchange routes.

26. What is the start step in the CSMA/CA process when a wireless client is attempting to communicate on the wireless network?

• The client sends an RTS message to the AP.
• The customer sends a test frame onto the channel.
• The client listens for traffic on the channel.
• The AP sends a CTS bulletin to the client.

Explanation: When a wireless customer is attempting to communicate on the network, it volition get-go listen to the channel to exist certain it is idle. Next, the client sends an RTS bulletin to the AP to request dedicated access to the network. The AP will then send a CTS message granting access to the client. The client will and then transmit data.

27. What Wi-Fi direction frame is regularly broadcast past APs to announce their presence?

• hallmark
• buoy
• probe
• clan

Explanation: Beacon frames are broadcast periodically by the AP to advertise its wireless networks to potential clients. Probing, clan, and hallmark frames are simply sent when a client is associating to the AP.

28. What are the iii parts of all Layer ii frames? (Choose three.)

• source and destination IP address
• payload
• sequence number
• frame check sequence
• fourth dimension-to-live
• header

Explanation: Layer 2 frames take iii components: the header, the payload, and a frame check sequence at the end.

29. What is the first step in the CSMA/CA process when a wireless client is attempting to communicate on the wireless network?

• The customer sends an RTS bulletin to the AP.
• The client sends a test frame onto the channel.
• The customer listens for traffic on the channel.
• The AP sends a CTS message to the customer.

Caption: When a wireless client is attempting to communicate on the network, it volition showtime heed to the channel to be certain information technology is idle. Side by side, the client sends an RTS bulletin to the AP to request dedicated access to the network. The AP will then send a CTS message granting access to the customer. The client will so transmit information.

30. In which memory location is the routing table of a router maintained?

• ROM
• flash
• NVRAM
• RAM

Explanation: The routing tabular array of a router is maintained in RAM, which is volatile memory. If a router loses power or is rebooted, the content of RAM is lost and the routing table must exist rebuilt.

31. Lightweight access points frontward data between which two devices on the network? (Cull two.)

• wireless router
• default gateway
• wireless LAN controller
• autonomous admission point
• wireless client

Explanation: In a wireless deployment that is using lightweight access points (LWAPs), the LWAP frontwards data between the wireless clients and the wireless LAN controller (WLC).

32. A Cisco router is running IOS xv. What are the two routing table entry types that will be added when a network administrator brings an interface up and assigns an IP address to the interface? (Choose ii.)

• route that is manually entered by a network administrator
• local road interface
• route that is learned via OSPF
• directly connected interface
• route that is learned via EIGRP

Explanation: A local route interface routing table entry is found when a router runs IOS 15 or higher or if IPv6 routing is enabled. Whenever an interface is addressed and enabled (made active), a directly connected interface is automatically shown in the routing tabular array.

33. Match the secunty service with the description.

34. Friction match the network security device type with the descnption.

35. What Wi-Fi management frame is regularly circulate past APs to denote their presence?

• authentication
• beacon
• probe
• association

Caption: Buoy frames are broadcast periodically by the AP to advertise its wireless networks to potential clients. Probing, association, and authentication frames are only sent when a customer is associating to the AP.

36. What is a function of SNMP?

• synchronizes the time across all devices on the network
• captures packets entering and exiting the network interface carte du jour
• provides a message format for communication betwixt network device managers and agents
• provides statistical analysis on packets flowing through a Cisco router or multilayer switch

Explanation: SNMP is an application layer protocol that allows administrators to manage devices on the network by providing a messaging format for communication between network device managers and agents.

37. What is a characteristic of a hub?

• operates at Layer 2
• regenerates signals received on ane port out all other ports
• subdivides the network into collision domains
• uses CSMA/CA to avert collisions

Explanation: A hub is a Layer 1 device that regenerates signals out all ports other than the ingress port. All ports on a hub vest to the same collision domain. Hubs utilise CSMA/CD to detect collisions on the network.

38. Match the network security device type with the description.

39. Which firewall feature is used to ensure that packets coming into a network are legitimate responses to requests initiated from internal hosts?

• application filtering
• stateful packet inspection
• packet filtering
• URL filtering

Caption: Stateful parcel inspection on a firewall checks that incoming packets are really legitimate responses to requests originating from hosts inside the network. Packet filtering can be used to allow or deny access to resources based on IP or MAC address. Awarding filtering can permit or deny access based on port number. URL filtering is used to let or deny admission based on URL or on keywords.

40. What is used on WLANs to avoid package collisions?

• SVIs
• STP
• CSMA/CA
• VLANs

Caption: WLANs are one-half-duplex networks which means that only ane client can transmit or receive at whatsoever given moment. WLANs apply carrier sense multiple access with collision abstention (CSMA/CA) to determine when to send data on the network to avert packet collisions.

41. What information within a information packet does a router utilise to make forwarding decisions?

• the destination MAC address
• the destination host name
• the destination service requested
• the destination IP address

Explanation: A Layer 3 device similar a router uses a Layer 3 destination IP address to brand a forwarding decision.

clemenswain1973.blogspot.com

Source: https://ccnasec.com/cyberops-associate-version-1-0-modules-11-12-network-infrastructure-security-group-exam.html

Share this post