QUESTION 1 1. Suppose a company devises a security policy which specifies that only HR personnel are authorized to see payroll files. What type of mechanism is needed to implement the policy? Separate database of payroll files Access control list Authentication mechanism to identify the identity of requestors All of the above A and B above only B and C above only

2.5 points

QUESTION 2 1. ARP only permits address resolution to occur on a single network. Does it make sense to send an ARP request to a remote server in an IP datagram? Why or why not? Yes, ARP is not restricted to IP addresses or specific hardware addresses in theory, the protocol can be used to bind an arbitrary high-level address to an arbitrary hardware address, as ARP allows datagrams to transition across the Internet and enters all known entries into cache No, although the ARP message format is sufficiently general to allow arbitrary protocol and hardware addresses, ARP is almost always used to bind an IP address to a 48-bit Ethernet address 2.5 points

QUESTION 3 1. Originally, separate protocols were used to obtain each of the configuration parameters needed at startup. The Dynamic Host Configuration Protocol (DHCP) extends which protocol to allow a host to obtain all necessary information with a single request? Bootstrapping Protocol (BOOTP) Transmission Control Protocol (TCP) Address Resolution Protocol (ARP) Internet Control Message Protocol (ICMP)

2.5 points

QUESTION 4 1. Why is deriving a security policy for an organization complex? Network and computer security must be related to human behavior The information to be protected must be evaluated to determine its value

Policies involve computer and network facilities and other factors All of the above A and B above only B and C above only

2.5 points

QUESTION 5 1. Explain its purpose and the difference between a Layer 3 versus a Layer 2 Switch for VLANs and how they work. Layer 3 is used to intelligently forward (route) packets while Layer 2 switches cant route packets based upon IP addresses Layer 3 switches can logically segment a network into two or more VLANs, while Layer 2 switches easily retrieve packets and forward them very quickly (at near wire speed) Layer 3 is less expensive than Layer 2 switches, both do the same job All of the above A and B above only B and C above only

2.5 points

QUESTION 6 1. If a datagram has an incorrect value in one of the header fields, which ICMP error message will be received? 3 Dest. Unreachable; Datagram could not be delivered 5 Redirect; Host must change a route 11 Time Exceeded; TTL expired or fragments timed out 12 Parameter Problem; IP header is incorrect

2.5 points

QUESTION 7 1. When a VPN uses IP-in- IP tunneling, what prevents an attacker from reading the header of the original datagram? The encrypted frame is placed in a datagram The datagram is encrypted and placed in a second

datagram The frame is encrypted and placed in a second frame The header is encrypted and sent as a separate fragment

2.5 points

QUESTION 8 1. Many NAT devices choose the 10.0.0.0/8 address block because it provides the most generality. Explain why. 10.0.0.0/8 is the Class A private address block, offering the largest number of addresses for devices. 10.0.0.0/8 is the Class B private address block, offering the least number of addresses for devices. Both A and B above None of the above

2.5 points

QUESTION 9 1. To what does cryptography refer? A fundamental tool in security Encryption of information to guarantee data confidentiality A technique for controlling the ACL All of the above A and B above only B and C above only

2.5 points

QUESTION 10 1. Suppose a computer receives two ARP replies for a single request. The first reply claims that the MAC address is M1, and the second reply claims that the MAC address is M2. How does ARP handle the replies? ARP places both MAC addresses in cache and sends future messages to both ARP updates cache allowing/updating only the last entry to be recorded ARP will resend the request until only a single reply is attained

2.5 points

QUESTION 11 1. If a routing loop exists, which ICMP error message will be sent? 3 Dest. Unreachable; Datagram could not be delivered 5 Redirect; Host must change a route 11 Time Exceeded; TTL expired or fragments timed out 12 Parameter Problem; IP header is incorrect

2.5 points

QUESTION 12 1. What is Stuxnet and why is it significant to cybersecurity? A worm that infected Irans nuclear facility, it was the first precision cyberattack A virus that infected Irans nuclear facility, it destroyed nuclear warheads A Trojan that infected Indias nuclear facility, it led to world-wide nuclear disarmament Malware that infected Indias nuclear missiles, it was Russias first cyberattack against India

2.5 points

QUESTION 13 1. Which of the following are NOT major security problems on the Internet? Loss of data Loss of control Denial of service Misrepresentation All of the above are major security problems

2.5 points

QUESTION 14 1. Some network applications defer configuration until a service is needed. For example, a computer can wait until a user attempts to print a document before the software searches for available printers. What is the chief advantage of deferred configuration? The chief disadvantage? Advantage: faster load times; Disadvantage: process delays as applications configure when needed

Advantage: lower cost in time and resources (bandwidth); Disadvantage: Higher deferred costs All of the above None of the above

2.5 points

QUESTION 15 1. Name three wireless PAN technologies. GSM, CDMA, TDMA WiMAX, GSM, ISM ISM, InfraRed, Bluetooth WiMAX InfraRed, Bluetooth

2.5 points

QUESTION 16 1. What benefit does dynamic routing offer? Lower cost Faster transfer Optimal routes All of the above A and B above only B and C above only

2.5 points

QUESTION 17 1. The most basic form of NAT, Replaces the MAC address in datagrams passing from the site to the Internet Replaces the IP address in datagrams passing from the site to the Internet Replaces the TCP address in the frame passing from the site to the Internet

Replaces the UDP address in the frame passing from the site to the Internet

2.5 points

QUESTION 18 1. What is the chief purpose of NAT? Allow multiple computers at a site to share a single, globally valid IP address Provide transparent communications, as the host appears to have normal Internet connections Allow private addresses to become valid Internet addresses. All of the above A and B above

2.5 points

QUESTION 19 1. What term is used to describe the mapping between a protocol address and a hardware address? Virtual Private Network Protocol Virtual Local Area Network Protocol Trunking Address Protocol Address Resolution Protocol

2.5 points

QUESTION 20 1. If 4 computers are on a network, how many responses does a computer expect to receive when it broadcasts an ARP request? One Two Thre e Four

2.5 points

QUESTION 21 1. What are the three ways a VPN can encrypt data for transmission across the Internet? Payload encryption, IP-in- IP tunneling, IP-in- TCP tunneling

Payload encryption, IP-in- IP tunneling, Latency tunneling IP-in- TCP tunneling, Latency tunneling, Header encryption IP-in- IP tunneling, Header encryption, Payload encryption

2.5 points

QUESTION 22 1. How does a computer know whether an arriving frame contains an IP datagram or an ARP message? The Ethernet frame format type field Datagram Prefix Datagram Message Header It does not know and must broadcast the frame to all computers on the network

2.5 points

QUESTION 23 1. Name the specific technique used in security attacks to deny service to TCP. Spoofing Packet interception SYN Flooding Distributed denial of service attacks

2.5 points

QUESTION 24 1. The underlying mechanism used to build a firewall is? Router Packet Filter Switch TCP/IP fabric

2.5 points

QUESTION 25 1. What is the difference between a PAN, LAN, and WAN?

Size Transfer media are different Redundancy Latency

2.5 points

QUESTION 26 1. When a router uses a forwarding table to look up a next-hop address, the result is an IP address. What must happen before the datagram can be sent? Destination address is extracted from the packet Address is given a packet switch number (P) and computer identification (C) Packet switch number (P) is compared to computer identification (C) If the packet number is same as the computer identification, it is sent to local destination If the packet number is different than the packet switch, it goes to the next hop All of the above None of the above

2.5 points

QUESTION 27 1. In some VPN systems, a sender adds a random number of zero bits to a datagram before encrypting, and the receiver discards the extra bits after the datagram has been decrypted. Thus, the only effect of the random padding is to make the length of the encrypted datagram independent of the length of the unencrypted version. Why is datagram length important? An observer may be able to deduce the packet payload The length of the datagram is NOT important as the datagram is encrypted The longer the datagram the more transmission costs increase The ultimate length of the datagram is maintained at 32-bytes

2.5 points

QUESTION 28 1. What are the two goals of a VPN system? Connect geographically remote areas at low-cost

Transfer data among sites while denying access by outsiders Hide the IP address of incoming/outgoing packets and provide security Provide privacy to the user while reducing costs A and B above A and C above B and D above C and D above

2.5 points

QUESTION 29 1. What is an access control list (ACL), and how is an ACL used? An ACL consists of parity bits, checksums and cyclic redundancy to prevent unauthorized access to packets An ACL is a secret key for encryption to make the data safe for transmission An ACL is a binding to connect the three elements of a packet (datagram) for secure transmission An ACL identifies who is allowed to access specific information

2.5 points

QUESTION 30 1. If an ISP has assigned one IP address to you as a business user at your site and you are using NAT, which device would have this assigned address? The NAT device (wireless router) Each device on the network behind the NAT device would have this specific address as its designated address This address would be only for the host specific private address behind the NAT device

2.5 points

QUESTION 31 1. In the evolution of the Internet protocols, a single protocol was invented to allow a host to obtain multiple parameters with a single request. Known as the Bootstrap Protocol (BOOTP), the mechanism provided the computers IP address, the address mask to use, and the address of a default router. True False

2.5 points

QUESTION 32

1. Explain the concept of Dynamic Host Configuration Protocol. What does it do? Allows a computer to move to a new network and obtain configuration information without requiring an administrator. Allows a compiled binary image to run on multiple computers in a variety of networks. Allows message errors and informational messages to report problems through ICMP.

2.5 points

QUESTION 33 1. Which of the following would most likely occur as a result of a man-in- the-middle attack? Modifying packets Wiretapping Spoofing Impersonating a server All of the above None of the above

2.5 points

QUESTION 34 1. Four of the eight basic security techniques are, Hashing, Encryption, Digital Certificates, Spoofing Hashing, Encryption, Virtual Private Networks, Deep Packet Inspection Encryption, Digital signatures, Firewalls, Virtual Local Area Networks Virtual Private Networks, Virtual Local Area Networks, Trunking, Firewalls

2.5 points

QUESTION 35 1. What is the Wi-Fi Alliance? A group of vendors A non-profit organization to test and certify wireless equipment An IEEE standards committee A United Nations organization

2.5 points

QUESTION 36 1. To optimize reassembly, some versions of the Linux operating system send the last fragment of an IP datagram first, and then send the remaining fragments in order. Explain why sending the last fragment first does not work well with NAPT. The last fragment does not have port numbers used by NAPT to transmit the packets The NAT translation table is built automatically through outgoing traffic, not incoming fragments Fragments are specific to multiple servers, so NAT cannot know which server owns the fragment The last fragment first cannot occur on the Internet as all packets and fragments are numbered and arrive in sequence

2.5 points

QUESTION 37 1. What is a firewall and where is a firewall installed? A technology that helps protect an organizations computers and networks from unwanted Internet traffic, placed between the Internet and your devices A device used to route Internet traffic, placed between the Internet and your devices A device that connects Internet segments All of the above None of the above

2.5 points

QUESTION 38 1. What crucial information used by NAPT is not available in most IP fragments? TTL (time to live) Protocol port numbers The unique server ID The Fragment number

2.5 points

QUESTION 39 1. NAT is especially useful at a residence or small business because, It separates all devices on a network by assigning a prefix to the IP address

It provides security measures to prevent others from reading the MAC addresses of individual devices It allows a set of computers to share the connection without additional purchases of IP addresses It is plug-and- play, thereby reducing cost of ownership and expands limited bandwidth

2.5 points

QUESTION 40 1. Can ARP be used on a network that does not provide broadcast? Why or why not? Yes, if the ARP response has already been received and/or programmed in cache Yes, this process is automatically completed by the router without LAN broadcast No, ARP requires all incoming messages to be broadcast to determine routing No, if the ARP response is not already in cache Both a and d None of the above