Inside the company
All of the above
Their own subnet
An internal LAN
A network perimeter
Time of access attempts
Access control list
Shut down Internet DNS servers
Disrupt computer-controlled industrial operations
Steal financial information
Be used by script kiddies
Allow all traffic
Block all traffic except specified types
Allow all traffic except specified types
Block all traffic
IPv6 uses DHCP for its configuration settings
IPv6 uses a 128-bit address space
IPv4 cannot support IPsec
IPv6 incorporates IPsec
Network Address Translation (NAT)
Configuring the computer to insert a fake source IP address into outgoing messages
Setting up software firewalls on all internal hosts
Broadcasting to all hosts on a subnet
Testing the local TCP/IP software implementation
Testing the local NIC
The header does not contain a checksum
The data is transmitted in clear text
It is connectionless
Routers typically drop a large number of UDP packets
Routers drop packets that are too large.
Routers bounce packets back to the sender to be resized.
Routers adjust their MTUs to accommodate the oversized packet.
Routers break packets into smaller pieces called fragments.
Multicast Listening Detection
Multicast Listener Discovery
Encrypted IP addresses, clear text
IP addresses, MAC addresses
FQDNs, IP addresses
Static addresses, DHCP
Fragments numbered 0 contain port information
Fragments numbered 1 or higher are passed through filters
Fragmented packets cannot be assembled
Fragmentation is frequently used
Sliding window size
Port number in use for the session
Attack signatures can be compared to lists of known attack signatures on the CVE Web site.
Attack signatures can be compared to current network topology.
Installing application patches can thwart a reported attack.
Current network vulnerabilites can be used to generate application patches.
Ethernet interface number
Fragments are crafted to be too large or too small
The initial packet is missing
The fragments arrive too slowly
The final fragment sent is less than 400 bytes long.
One with the SYN/ACK flags set
One with the ACK flag set
One with the SYN flag set
One with the ACK/PSH flags set
A source IP address
A destination IP address
An ICMP echo request
An established connection
An ICMP flood
A false Internet time stamp
A packet with SYN/FIN/ACK flags set
It acknowledges receipt of the previous packet in the sequence.
It acknowledges that a connection has been made.
It verifies that the source and destination IP addresses are correct.
It acknowledges the ID number the packet is using.
SYN, ACK, FIN, RST
SYN, PSH, ACK, RST
SYN, SYN/ACK, ACK
SYN, PSH, ACK, FIN
Denial of service
Ping of Death
Network Information System
Network File System
Network File Sharing
Watch your log files closely
Install additional IDPS sensors
Keep your anti-adware software updated
Keep your IDPS signature files updated.
IPv6 fragmentation occurs on IPv6-compliant routers
IPv4 is unfragmentable
IPv6 fragmentation occurs only at the source node
IPv6 maximum fragment size is larger than its IPv6 counterpart
Pseudorandom number generators
128 or 256 bits
128, 192, or 256 bits
Certificate revocation list
Certificate revocation list
The symmetric algorithm encrypts data faster than the asymmetric algorithm.
The asymmetric algorithm encrypts data faster than the symmetric algorithm.
The symmetric and asymmetric algorithms work at the same speed to encrypt data.
The faster an asymmetric algorithm works, the stronger its encryption.
IPsec is fast and supported universally.
IPsec supports IPv4 and IPv6.
IPsec is implemented at Layer 2.
IPsec can encrypt the entire packet.
Internet Key Exchange
Internet Security Association Key Management Protocol
Both the header and the data
Neither the header nor the data