Network Technologies And Tools Quiz!
-
Your organization’s security policy requires that PII data-in-transit must be encrypted. Which of the following protocols would BEST meet this requirement?
-
FTP
-
SSH
-
SMTP
-
HTTP
-
About This Quiz
The 'Network Technologies and Tools Quiz!' assesses knowledge on securing network communication and managing network devices. It covers encryption of PII, secure network protocols like SSH, SNMPv3, and SRTP, and network stability protocols such as STP and RSTP. This quiz is essential for professionals aiming to enhance network security and management skills.
(183).jpg "Network Technologies And Tools Quiz! - Quiz")
Quiz Preview
- 2.
Marge needs to collect network device configuration information and network statistics from devices on the network. She wants to protect the confidentiality of credentials used to connect to these devices. Which of the following protocols would BEST meet this need?
-
SSH
-
FTPS
-
SNMPv3
-
TLS
Correct Answer
A. SNMPv3Explanation
Simple Network Management Protocol version 3 (SNMPv3) is a secure protocol that can monitor and collect information from network devices. It includes strong authentication mechanisms to protect the confidentiality of credentials. None of the other protocols listed are used to monitor network devices. Secure Shell (SSH) provides a secure method of connecting to devices but does not monitor them. File Transfer Protocol Secure (FTPS) is useful for encrypting large files in transit, using Transport Layer Security (TLS). TLS is commonly used to secure transmissions but doesn’t include methods to monitor devices.Rate this question:
-
- 3.
Lisa is enabling NTP on some servers within the DMZ. Which of the following use cases is she MOST likely supporting this action?
-
Support voice and video transmissions
-
Provide time synchronization
-
Enable email usage
-
Encrypt data-in-transit
Correct Answer
A. Provide time synchronizationExplanation
The Network Time Protocol (NTP) provides time synchronization services, so enabling NTP on servers would meet this use case. The Real-time Transport Protocol (RTP) delivers audio and video over IP networks and Secure RTP (SRTP) provides encryption, message authentication, and integrity for RTP. Protocols such as Simple Mail Transfer Protocol (SMTP), Post Office Protocol v3 (POP3), and Internet Message Access Protocol version 4 (IMAP4) are used for email. Encrypting data isn’t relevant to time synchronization services provided by NTP.Rate this question:
-
- 4.
Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal?
-
SMTP
-
TLS
-
SFTP
-
SRTP
Correct Answer
A. SRTPExplanation
The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for Voice over Internet Protocol(VoIP), video teleconferencing, and other streaming media applications. None of the other answers are directly related to VoIP or video teleconferencing. Simple Mail Transfer Protocol (SMTP) transfers email. The Transport Layer Security (TLS) protocol is used to encrypt data-in-transit but isn’t the best choice for streaming media. Secure File Transfer Protocol (SFTP) is a secure implementation of FTP to transfer files.Rate this question:
-
- 5.
Management within your organization wants to ensure that switches are not susceptible to switching loop problems. Which of the following protocols is the BEST choice to meet this need?
-
Flood guard
-
SNMPv3
-
SRTP
-
RSTP
Correct Answer
A. RSTPExplanation
Rapid STP (RSTP) prevents switching loop problems and should be enabled on the switches to meet this need. A flood guard on a switch helps prevent a media access control (MAC) flood attack. Simple Network Management Protocol version 3 (SNMPv3) is used to manage and monitor network devices. The Secure Real-time Transport Protocol (SRTP) provides encryption, message authentication, and integrity for video and voice data.Rate this question:
-
- 6.
A network technician incorrectly wired the switch connections in your organization’s network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. Which of the following should be done to prevent this situation in the future?
-
Install an IDS.
-
Only use Layer 2 switches.
-
Install SNMPv3 on the switches.
-
Implement STP or RSTP.
Correct Answer
A. Implement STP or RSTP.Explanation
Spanning Tree Protocol (STP) and Rapid STP (RSTP) both prevent switching loop problems. It’s rare for a wiring error to take down a switch. However, if two ports on a switch are connected to each other, it creates a switching loop and effectively disables the switch. An intrusion detection system (IDS) will not prevent a switching loop. Layer 2 switches are susceptible to this problem. Administrators use Simple Network Management Protocol version 3 (SNMPv3) to manage and monitor devices, but it doesn’t prevent switching loops.Rate this question:
-
- 7.
Developers recently configured a new service on ServerA. ServerA is in a DMZ and accessed by internal users and via the Internet. Network administrators modified firewall rules to access the service. Testing shows the service works when accessed from internal systems. However, it does not work when accessed from the Internet. Which of the following is MOST likely configured incorrectly?
-
The new service
-
An ACL
-
ServerA
-
The VLAN
Correct Answer
A. An ACLExplanation
The most likely problem of the available choices is that an access control list (ACL) is configured incorrectly. The server is in a demilitarized zone (DMZ) and the most likely problem is an incorrectly configured ACL on the border firewall. The service is operating when accessed from internal clients, so it isn’t likely that it is the problem. Also, the server works for internal systems indicating it is working correctly. There isn’t any indication a virtual local area network (VLAN) is in use.Rate this question:
-
- 8.
You manage a Linux computer used for security within your network. You plan to use it to inspect and handle network-based traffic using iptables. Which of the following network devices can this replace?
-
Wireless access point
-
Firewall
-
Layer 2 switch
-
Bridge
Correct Answer
A. FirewallExplanation
Iptables include settings used by the Linux Kernel firewall and can be used to replace a firewall. While it’s possible to implement iptables on a wireless access point (assuming it is Linux-based), iptables still function as a firewall, not a wireless access point. A Layer 2 switch routes traffic based on the destination media access control (MAC) address, but iptables focus on IP addresses. A network bridge connects multiple networks together.Rate this question:
-
- 9.
You need to implement antispoofing on a border router. Which one of the following choices will BEST meet this goal?
-
Create rules to block all outgoing traffic from a private IP address.
-
Implement a flood guard on switches.
-
Add a web application firewall.
-
Create rules to block all incoming traffic from a private IP address.
Correct Answer
A. Create rules to block all incoming traffic from a private IP address.Explanation
You would create rules to block all incoming traffic from private IP addresses. The border router is between the internal network and the Internet and any traffic coming from the Internet with a private IP address is a spoofed source IP address. All outgoing traffic will typically use a private IP address, so you shouldn’t block this outgoing traffic. A flood guard on a switch protects against media access control (MAC) flood attacks and is unrelated to this question. A web application firewall protects a web application and is unrelated to antispoofing.Rate this question:
-
- 10.
An organization has recently had several attacks against servers within a DMZ. Security administrators discovered that many of these attacks are using TCP, but they did not start with a three-way handshake. Which of the following devices provides the BEST solution?
-
Stateless firewall
-
Stateful firewall
-
Network firewall
-
Application-based firewall
Correct Answer
A. Stateful firewallExplanation
A stateful firewall filters traffic based on the state of the packet within a session. It would filter a packet that isn’t part of a TCP three-way handshake. A stateless firewall filters traffic based on the IP address, port, or protocol ID. While it’s appropriate to place a network firewall in a demilitarized zone (DMZ), a network firewall could be either a stateless firewall or a stateful firewall. An application-based firewall is typically only protecting a host, not a network.Rate this question:
-
- 11.
Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?
-
DMZ
-
VLAN
-
Firewall
-
WAF
Correct Answer
A. DMZExplanation
A demilitarized zone (DMZ) is a buffered zone between a private network and the Internet, and it will separate the web server’s web-facing traffic from the internal network. You can use a virtual local area network (VLAN) to group computers together based on job function or some other administrative need, but it is created on switches in the internal network. A firewall does provide protection for the web server, but doesn’t necessarily separate the web-facing traffic from the internal network. A web application firewall (WAF) protects a web server from incoming attacks, but it does not necessarily separate Internet and internal network traffic.Rate this question:
-
- 12.
Management at your organization wants to prevent employees from accessing social media sites using company-owned computers. Which of the following devices would you implement?
-
Transparent proxy
-
Reverse proxy
-
Nontransparent proxy
-
Caching proxy
Correct Answer
A. Nontransparent proxyExplanation
A nontransparent proxy includes the ability to filter traffic based on the URL and is the best choice. A transparent proxy doesn’t modify or filter requests. A reverse proxy is used for incoming traffic to an internal firewall, not traffic going out of the network. Proxy servers are caching proxy servers, but won’t block outgoing traffic.Rate this question:
-
- 13.
You need to configure a UTM security appliance to restrict traffic going to social media sites. Which of the following are you MOST likely to configure?
-
Content inspection
-
Malware inspection
-
URL filter
-
DDoS mitigator
Correct Answer
A. URL filterExplanation
You would most likely configure the Uniform Resource Locator (URL) filter on the unified threat management (UTM) security appliance. This would block access to the peer-to-peer sites based on their URL. Content inspection and malware inspection focus on inspecting the data as it passes through the UTM, but they do not block access to sites. A distributed denial-of-service (DDoS) mitigator will attempt to block incoming DDoS attack traffic.Rate this question:
-
- 14.
Your organization recently purchased a sophisticated security appliance that includes a DDoS mitigator. Where should you place this device?
-
Within the DMZ
-
At the border of the network, between the intranet and the DMZ
-
At the border of the network, between the private network and the Internet
-
In the internal network
Correct Answer
A. At the border of the network, between the private network and the InternetExplanation
A distributed denial-of-service (DDoS) mitigator attempts to block DDoS attacks and should be placed at the border of the network, between the private network and the Internet. If the network includes a demilitarized zone (DMZ), the appliance should be placed at the border of the DMZ and the Internet. Placing it in the DMZ or the internal network doesn’t ensure it will block incoming traffic.Rate this question:
-
Quiz Review Timeline (Updated): Mar 21, 2023 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
Oct 06, 2018Quiz Created by
Marlon Ramos
Back to top