Network Security & Database Vulnerabilities All Quiz Answer | Basics of IP Addressing and the OSI Model

Basics of IP Addressing ( Practice Quiz )

Q1) The binary (base 2) number "0101" is how much in decimal (base 10) ?

Q2) The IP address range goes from 0.0.0.0 to 255.255.255.255 and is known as the "four octets". Why are these 4 numbers called octets ?

The number 255 in decimal takes up 8 digits in binary.

Q3) How many octets are used to define the network portion of the IP address in a Class C network ?

Q4) True or False: A routable protocol is a protocol whose packets may leave your network, pass through your router, and be delivered to a remote network.

True

Q5) True or False: The destination address is defined in the packet header but the source address is in the packet footer.

False

Q6) Which network mask belongs to a Class A network ?

255.0.0.0

Q7) IPv6 changes the IP address from a 32 bit address used in IPv4 to a 128 bit address. This results in which of the following ?

Many billions of times as many possible IP addresses.

Q8) Which IPv4 addressing schema would you use to send a message to select group systems on the network ?

Multicast

TCP/IP Layer 4, Transport Layer Overview ( Practice Quiz )

Q1) True or False: Utilities such as TFTP, DNS and SNMP utilize the UDP transport protocol.

True

Q2) True or False: The UDP transport protocol is faster than the TCP transport protocol.

True

Q3) Which four (4) of these are characteristic of the UDP transport protocol ?

Unreliable
Unordered data; duplicates possible
Connectionless
No flow control

TCP/IP Layer 5, Application Layer Overview ( Practice Quiz )

Q1) What is the primary function of DNS ?

To translate domain names to IP addresses and vice versa.

Q2) How does a new endpoint know the address of the DHCP server ?

The endpoint sends a DHCP Discover broadcast request to all endpoints on the local network.

Q3) Which Syslog layer contains the actual message contents ?

Syslog Content

Q4) True or False: Setting the correct Syslog Severity Level on systems helps keep the Syslog server from being flooded by the millions of messages that could be generated by these systems.

True

Q5) True or False: The Syslog message typically includes the severity level, facility code, originator process ID, a time stamp, and the hostname or IP address of the originator device.

True

Q6) Why is port mirroring used ?

To provide a stream of all data entering or leaving a specific port for debugging or analysis work.

Firewalls, Intrusion Detection and Intrusion Prevention Systems ( Practice Quiz )

Q1) What is the main difference between a Next Generation Firewall (NGFW) and a traditional firewall ?

NGFW use sessions.

Q2) True or False: Unlike traditional stateful firewalls, next-generation firewalls drill into traffic to identify the applications traversing the network.

True

Q3) What are the two (2) primary methods used by Intrusion Prevention Systems (IPS) to discover an exploit ?

Statistical anomaly-based detection.
Signature-based detection.

Q4) If your nontechnical manager told you that you must configure your traditional second-generation firewalls to block all users on your network from posting messages on Facebook from their office computers, how would you carry out this request ?

You would have to block any IP addresses used by Facebook.

Clustering and High Availability Systems ( Practice Quiz )

Q1) Which condition should apply in order to achieve effective clustering and failover among your firewalls ?

All of the above.

Basics of IP Addressing and the OSI Model ( Main Quiz )

Q1) How would you express 15 in binary (base 2) ?

01111

Q2) How many octets are used to define the network portion of the IP address in a Class A network ?

Q3) The device used to separate the network portion of an IP address from the host portion is called what ?

The subnet mask.

Q4) The IP header contains a time-to-live (TTL) value. How is this value expressed ?

The number of Layer 3 devices (hubs, routers, etc.) the packet is allowed to pass through before it is dropped.

Q5) Which is the host portion of this IP address 192.168.52.3/24 ?

Q6) Which network mask belongs to a Class C network ?

255.255.255.0

Q7) Which IPv4 addressing schema would you use to send a message to all systems on the network ?

Broadcast

Q8) Which three (3) of the following are legitimate IPv6 addressing schemas ?

Multicast
Unicast
Anycast

Q9) True or False: Utilities such as TFTP, DNS and SNMP utilize the TCP transport protocol.

False

Q10) Which two (2) of these fields are included in a UDP header ?

Source Port
Destination Port

Q11) Which four (4) of these are characteristic of the TCP transport protocol ?

Connection-oriented
Ordered data; duplicate detection
Reliable
Flow control

Q12) How does an endpoint know the address of the DNS server ?

It is manually configured in the network settings by the administrator or obtained from the DHCP server.

Q13) What is the primary function of DHCP ?

To automatically assign IP addresses to systems.

Q14) Which Syslog layer would handles the routing and storage of a Syslog message ?

Syslog Application

Q15) Which of the following flow data are gathered by utilities such as NetFlow ?

All of the above.

Q16) When a network interface card in operating in promiscuous mode, what action does it take ?

The NIC sends all packets to the CPU for processing instead of only those packets indicated for its MAC address.

Q17) If a packet is allowed to pass through a NGFW based upon the established firewall rules and a new session is established, how does the NGFW treat the next packet it encounters from the same session ?

Subsequent packets of the same session are automatically allowed.

Q18) If your nontechnical manager told you that you must configure your next generation firewalls (NGFW) to block all users on your network from posting messages on Facebook from their office computers, what would be the consequence of carrying out his order ?

No serious consequence, application-level inspection and blocking can be configured.

Q19) Monitoring network traffic and comparing it against an established baseline for normal use is an example of which form of intrusion detection ?