CCNA Discovery 2: DsmbISP Chapter 8 Exam Answers v4.0

1. Which AAA service reduces IT operating costs by providing detailed reporting and monitoring of network user behavior, and also by keeping a record of every access connection and device configuration change across the network?

  • accreditation
  • authentication
  • accounting
  • authorization

2. A hacker has gained access to sensitive network files. In analyzing the attack, it is found that the hacker gained access over a wireless segment of the network. It is further discovered that the only security measure in place on the wireless network is MAC Address Filtering. How is it likely that the hacker gained access to the network?

  • The attacker mounted a denial of service attack to overwhelm the firewall before penetrating the wireless LAN.
  • The hacker gained wireless access to the MAC address database and added his own MAC address to the list of permitted addresses.
  • The hacker used a software tool to crack the shared hexadecimal wireless key.
  • The hacker obtained the MAC address of a permitted host, and cloned it on his wireless laptop NIC.

3. A network administrator is assigning network permissions to new groups of users and employing the principle of least privilege. Which two actions should the administrator take? (Choose two.)

  • Remove all permissions from the users and grant permissions as they are requested.
  • Allow users to decide how much permission they need to accomplish their job tasks.
  • Provide users with only the access to resources required to do their jobs.
  • Provide the minimum level of permissions required for users to do their jobs.
  • Provide full access to the users and gradually remove privileges over time.

4. A company wants to configure a firewall to monitor all channels of communication and allow only traffic that is part of a known connection. Which firewall configuration should be deployed?

  • proxy
  • stateful packet inspection
  • packet filtering
  • stateless packet inspection

5. A server log includes this entry: User student accessed host server ABC using Telnet yesterday for 10 minutes. What type of log entry is this?

  • accounting
  • authentication
  • authorization
  • accessing

Explanation: Accounting records what users do and when they do it, including what is accessed, the amount of time the resource is accessed, and any changes that were made. Accounting keeps track of how network resources are used.

6. What two measures help to verify that server backups have been reliably completed? (Choose two.)

  • reviewing backup logs
  • performing full backups only
  • replacing tape backup with hard disk-based backup
  • performing trial backups
  • using an autoloader when backups require more than one tape

7. Which means of communication does an SNMP network agent use to provide a network management station with important but unsolicited information?

  • ICMP ping
  • trap
  • poll
  • query
  • broadcast

8. What network layer security protocol can secure any application layer protocol used for communication?

  • IMAP
  • FTPS
  • TLS

9. Which three items are normally included when a log message is generated by a syslog client and forwarded to a syslog server? (Choose three.)

  • length of message
  • message ID
  • checksum field
  • date and time of message
  • ID of sending device
  • community ID

10. What is the advantage of using WPA to secure a wireless network?

  • It uses an advanced encryption key that is never transmitted between host and access point.
  • It is supported on older wireless hardware, thus providing maximum compatibility with enterprise equipment.
  • It uses a 128-bit pre-shared hexadecimal key to prevent unauthorized wireless access.
  • It requires the MAC address of a network device that is requesting wireless access to be on a list of approved MAC addresses.

11. Which three protocols are used for in-band management? (Choose three.)

  • SNMP
  • Telnet
  • FTP
  • HTTP
  • TFTP
  • DHCP

12. What is the term for the public network between the boundary router and the firewall?

  • DMZ
  • extranet
  • “clean” LAN
  • intranet

13. Which three protocols describe methods that can be used to secure user data for transmission across the internet? (Choose three.)

  • SMTP
  • FTP
  • TFTP
  • SSL

14. Which benefit does SSH offer over Telnet when remotely managing a router?

  • authorization
  • connection using six VTY lines
  • encryption
  • TCP usage

15. Before a technician upgrades a server, it is necessary to back up all data. Which type of backup is necessary to ensure that all data is backed up?

  • daily
  • incremental
  • differential
  • full
  • partial

16. What are two potential problems with using tape media to back up server data? (Choose two.)

  • Data tapes are prone to failure and must be replaced often.
  • Tape drives require regular cleaning to maintain reliability.
  • Tape is not a cost-effective means of backing up data.
  • Data tapes are difficult to store offsite.
  • Backup logs are not available with tape backup solutions.

17. What AAA component assigns varying levels of rights to users of network resources?

  • auditing
  • authentication
  • acknowledgement
  • accounting
  • authorization
  • access control

18. Which of the following does SNMP use to hold information collected about the network?

  • network management station
  • database information agent
  • network management database
  • management information base

19. When is the use of out-of-band network management necessary?

  • when enhanced monitoring features are required to gain an overall view of the entire network
  • when a server needs to be monitored across the network
  • when the management interface of a device is not reachable across the network
  • when it is desirable to use the information that is provided by SNMP

20. Which two characteristics of network traffic are being monitored if a network technician configures the company firewall to operate as a packet filter? (Choose two.)

  • physical addresses
  • packet size
  • ports
  • applications
  • protocols

Explanation: Hardware firewalls can be configured as packet filters, application layer firewalls, or proxies. Application layer firewalls read all of the traffic data and look for unwanted traffic. Proxies act as relays, scanning traffic and allowing or denying traffic based on established rules. Packet filters only concern themselves with port data, IP address data, and destination services.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x