Chapter Summary

1.  

Correct answer = A

The minimum cable type needed to support 10BaseT is Category3. An RJ-11 phone connector is used for earlier categories of UTP to connect a modem to a typical phone jack or your phone to a phone jack. Catagory4 and Category5 cable types do support 10Baset Ethernet specifications. However, they are not the minimum category type needed to support 10BaseT.

2.  

Correct answer = C

802.3 is concerned with Carrier-Sense Multiple Access with Collision detection in local area Ethernet networks. The 802.5 specification is for Token Ring LANs. 802.11 is an IEEE specification for wireless communications.

3.  

Correct answer = D

Fiber- optic cable is much more difficult to tap into than other types of network cable. Special equipment and skilled hands are required to carry out such a task. This is not the case with twisted pair, shielded twist pair, and coaxial types of cable.

4.  

Correct answer = B

Properly configured firewalls will protect an internal network from an external network. An antivirus program and updated operating system service packs would be used to protect your internal network from a virus that resides on workstations on your internal network. Firewalls do not provide protection through dial-up modem connections nor do they protect against natural disasters.

5.  

Correct answers = A, B, and C

Answers A, B, and C are all true statements regarding FDDI rings. Option D is a sort of a trick. FDDI uses fiber cable, which as you are already aware is more difficult to tap into than most other cable types. FDDI uses token passing technology not CSMA/CD (Carrier-Sense Multiple Access with Collision Detection.) CSMA/CD is used in Ethernet networks.

6.  

Correct answer = B

A circuit gateway forms a sort of tunnel through a firewall allowing two specified hosts to interact. Packet filters examine UDP, TCP ports, and packet header information. They can identify good from bad packet information. Application proxies (or gateways) are concerned more with specific applications and actual data. FDDI is a network topology standard that utilizes dual fiber-optic rings.

7.  

Correct answer = B

CHAP uses a secret one-way hash value that is generated by the requester and sent to the server. PAP is a basic type of authentication where a username and password are transmitted unencrypted across a network to an authenticating host. PPP is a full-duplex serial communication protocol that operates at the Data Link layer of the OSI reference model. Serial Line Internet Protocol (SLIP) is an older TCP/IP communications protocol used to connect two computer systems.

8.  

Correct answers = A, B, D, and E

The only incorrect answer to this question is C. If you chose answer C, please read the entire chapter again. If you disable (stop) all services and unbind all protocols on all internal network workstations, your workstations will not connect to a network and your operating system will not function.

9.  

Correct answer = D

Address Resolution Protocol (ARP) is a protocol used to map an IP (Internet Protocol) address at the network layer of the OSI model to a physical hardware address at the MAC (Media access Control) sublayer. HyperText Transport Protocol Secure (HTTPS) is a secure protocol used to transmit messages over the Internet. SDLC is based on a primary/secondary communications model where a secure connection is established between a mainframe (host) and a client. High Level Data Link Control (HDLC) is a transmission protocol that operates at the Data Link layer (layer 2) of the OSI model.

10.  

Correct answer = B

Network Address Translation (NAT) is an Internet standard most often used with routers to provide firewall security by hiding an internal private networks range of IP addresses from outside networks. Address Resolution Protocol (ARP) is a protocol used to map an IP (Internet Protocol) address at the Network layer of the OSI mode, to a physical hardware address at the MAC (Media access Control) sublayer. Password Authentication Protocol (PAP) is a basic type of authentication where a username and password are transmitted unencrypted across a network to an authenticating host. Secure Remote Procedure Call (RPC) is essentially a protocol that is used to allow a client-side application program to execute or request a service from a server computer without being concerned with network intricacies or server procedures.

11.  

Correct answer = B

A router operates at the Network layer of the OSI reference model and has the ability to forward information based on a network or individual computer's TCP/IP address. A router has the ability to filter out broadcast traffic. Bridges are limited in their capabilities. They forward packet information based on MAC addresses. A bridge proliferates or broadcasts ( passes traffic) to all network segments. This can often result in a broadcast storm that can slow or take down a network. A hub is a simple connection device that sends all data packets to all connected systems. A repeater is used to boost or regenerate the signals placed on a 10base2 or bus network. Adding a repeater to your bus can extend the length of your entire bus network.

12.  

Correct answer = D

HTTP traffic uses TCP port 80. FTP uses TCP port 21. SMTP uses TCP port 25. DNS uses UDP port 53. Please refer to Table 4.2.

13.  

Correct answer = B

The main goal of a honey pot or 'mouse trap' if you will, is to trap, track, and record the trails of a possible attacker. A false positive is simply a report or an alert from an IDS that details something other than an attack. A false negative error occurs when an IDS completely misses legitimate misuse of or an attack on a system or resource mistaking it for normal activity. A Demilitarized Zone (DMZ) is a neutral area between an internal network and the Internet that typically contains one host system or a small network of systems.

14.  

Correct answer = D

When part of an internal network or intranet has been made accessible to outside sources, that part of the internal network is referred to as an extranet. Ethernet is a LAN architecture technology developed by Xerox that supports CSMA/CD. You should have learned this as a prerequisite to studying for Security+. An intranet is a network that is considered private and separate from the outside world. It exists to connect the workings of an internal network. Ignorantnet is an invalid selection.

15.  

Correct answer = B

A smart card is a small plastic card that contains a microchip. It can be used for data storage and memory purposes as well as a security authentication device. A CD-R is an optical storage disk capable of storing large amounts of data. Intelligent token is an invalid selection. Although a tape cartridge is often used for data storage, it is not an authentication device nor is it used for memory purposes.

16.  

Correct answer = D

IPv6 allows for IP addresses to be lengthened from the IPv4 limitation of 32 bits to 128 bits. IPv6 also allows for better authentication, privacy, and improved data delivery assurance. All other choices are invalid.

17.  

Correct answer = C

The DMZ sits between a private and a public network and can be made up of one or several systems that house Web pages and non-critical company data that can be accessed from outside an intranet or LAN. BNC and BNC barrel connectors are typically used to attach or connect a bus cable to a device or connect one piece of the bus cable to another. Answers B and D are invalid.

18.  

Correct answer = D

IPv6 allows for IP addresses to be lengthened from the IPv4 limitation of 32 bits to 128 bits. IPv6 also allows for better authentication, privacy, and improved data delivery assurance. All other choices are invalid.

19.  

Correct answer = B

FTP uses TCP ports 20 and 21. SMTP uses TCP port 25. Telnet uses TCP port 23. HTTP uses TCP port 80. You'd better know this for any security exam!