Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Review Questions

advertisement 
Chapter 7
Review Questions
1. Each of the following is one of the key principles of security except
a. layering
b. limiting
c. diversity
d. compatibility
2. Using several different types of security instead of just one is known as
a. limiting
b. layering
c. multi-security levels (MSL)
d. rootkits
3. Dividing a network into smaller units is called
a. segmentation
b. network division
c. domain restriction
d. device grouping
4. Networks in which devices can send packets at anytime are known as
a. non-deterministic
b. deterministic
c. resource allocation topologies (RAT)
d. managed
5. A _____ is the area that encompasses all of the network devices that can cause a
collision.
a. collision domain
b. distribution domain
c. broadcast domain
d. response area
6. Segments and subnets are identical. True or False?
7. Another name for a firewall is a packet filter. True or False?
8. A stateless packet filtering looks at the incoming packet and permits or denies it
based strictly on the rule base. True or False?
9. Stateful packet filtering keeps a record of the state of a connection between an
internal computer and an external server and then makes decisions based on the
connection as well as the rule base. True or False?
10. A demilitarized zone (DMZ) is the term used for separate network that sits
outside the secure network perimeter and is protected by a firewall. True or
False?
11. _____ replaces the sender’s actual IP address with another IP address. network
address translation (NAT)
12. Instead of giving each outgoing packet a different IP address, _____ assigns the
same IP address but a different port number. port address translation (PAT)
13. A packet that is intended for a single receiving device it is known as a(n) _____
transmission. unicast
14. A(n) _____ is a smaller logical grouping of network devices. virtual local area
network (VLAN).
15. The standard for marking VLAN packets is _____ IEEE 802.1q
16. Explain the advantages of the access point separating packets in a VLAN.
The flexibility of a wireless VLAN depends on which device separates the packets
and directs them to different networks. In some settings separating packets in a
wireless VLAN is done by the switch. Each AP is connected to a separate port on
the switch and represents a different VLAN. As packets destined for the wireless
LAN arrive at the switch the switch separates the packets and sends them to the
appropriate AP (VLAN). Yet this configuration has limitations. For example, if a
wireless user in one VLAN roams to another AP he may lose the ability to be
connected to that VLAN. A more flexible approach occurs when the access point is
responsible for separating the packets. Under this configuration a user can still
roam into different areas of coverage and be connected to the correct VLAN. The
key to this configuration is that different VLANs are transmitted by the AP on
different Service Set Identifiers (SSIDs). This enables only the clients associated
with a specific VLAN to receive those packets.
17. Why should access points not be placed above a suspended ceiling?
In buildings that have a false ceiling (sometimes called a drop or suspended ceiling),
there is a temptation to simply remove a ceiling tile, place the access point in the
space above the ceiling, and then replace the tile. However, this should not be done
unless a special enclosure surrounds the AP and its antennas. The air handling
space above drop ceilings (and sometimes even between the walls and under
structural floors) is used to circulate and otherwise handle air in a building. These
spaces are called plenums. Placing an access point in a plenum above a drop ceiling
can be a hazard. This is because if an electrical short in the access point were to
cause a fire, it would generate smoke in the plenum that would be quickly circulated
throughout the building. If it is required to place an AP in a plenum, it is important
to enclose it within a plenum-rated enclosure to meet fire safety code requirements
18. How does antispyware differ from antivirus software?
Antivirus software and antispyware software share many similarities. First,
antispyware software must be regularly updated defend against the most recent
spyware attacks. Second, antispyware can be set to provide both continuous realtime monitoring as well as perform a complete scan of the entire computer system at
one time. And like antivirus software, antispyware provides good visual tools
regarding the system scan. However, antispyware s can also provide more detailed
information and include additional tools such as system explorers, tracks erasers,
and browser restore programs.
19. What is a rootkit and how does it work?
A rootkit is a set of software tools used by an attacker to break into a computer and
obtain special operating system privileges in order to both perform unauthorized
functions and also hide all traces of its existence. A rootkit often includes several
programs designed to monitor traffic, create a back door into the computer, change
log files and attack other network devices. A rootkit itself causes no direct damage
to the computer; rather, its function is to hide the presence of other types of
malicious software. Rootkits accomplish this hiding by removing traces of log-in
records, log entries and related processes.
20. Explain how obscurity can be a valuable tool in protecting a wireless network.
In wireless information security, defending systems through obscurity can be a
valuable tool. It is important not to advertise what security is in place, the vendor of
the equipment, or any other seemingly harmless information that could be used in
an attack. For example, a wireless gateway that transmits the service set identifier
(SSID) of “Smith Family” or “ABC Corp” is providing information regarding the
location of the WLAN that an attacker may find useful. Another example is user
passwords. To predictably alter passwords when they expire (use password
SOCCER1 until it expires and then use SOCCER2 until it expires, etc.) is unwise.
Obscuring passwords by making each one unrelated to the previous password will
provide an additional level of security through obscurity.
Related documents
Warriors of the net questions 1. What three things are put on the
Warriors of the net questions 1. What three things are put on the
Northampton Community College CISC271a – CCNA 3
Northampton Community College CISC271a – CCNA 3
Algebra 1 Preparing for Success Packet
Algebra 1 Preparing for Success Packet
CCNA3 Skills Exam 2
CCNA3 Skills Exam 2
ASSIGNMENT #3
ASSIGNMENT #3
London South Bank University Title: A Three Floor
London South Bank University Title: A Three Floor
GL Announces Enhanced PC based Ethernet/IP Test Tool Welcome
GL Announces Enhanced PC based Ethernet/IP Test Tool Welcome
autoMAC: A Tool for Automating Network Moves, Adds, and Changes
autoMAC: A Tool for Automating Network Moves, Adds, and Changes
A Case Teaching Method about Network Planning and Design Xu Gongwen
A Case Teaching Method about Network Planning and Design Xu Gongwen
Download
advertisement