Ccna certification Practice Tests

of the data via certificate signing. This would prevent tampering of the data end to end. 

Access control lists (ACLs) are used to control traffic by either allowing, denying, or 

logging traffic depending on specific conditions. Spoofing mitigation is the action of 

inspecting the source IP addresses of a packet to block packets from outside the network 

spoofing internal addresses. Encryption of the data alone will not prevent tampering; SSL 

provides encryption and authentication.

 11.  D.  This attack is called a man in the middle attack. The attacker sits in the middle of 

communications and relays it back while capturing it and possibly modifying it. A Smurf 

attack is an attack where a number of computers are told to respond to a victim IP 

address via a spoofed packet. A compromised key attack involves a key pair that has been 

tampered with or copied, such as SSL or SSH key pairs. A sniffer attack is a passive attack 

where an attacker will collect packets with a network sniffer for later playback or analysis.

from outside the trusted network. ACLs are used to control traffic by either allowing, 

denying, or logging traffic depending on specific conditions. An intrusion detection system 

(IDS) can be used to notify you if it detects an attack, but it will not prevent an attack. 

Secure Sockets Layer (SSL) communications offer both encryption and authentication of 

the data via certificate signing. This would prevent tampering of the data end to end, but 

it will not prevent spoofing. A host intrusion detection system (HIDS) is an application 

that runs on a host to detect intrusions. A HIDS is similar to an IDS, but it is all software 

based and resides on the host it is to protect.

 13.  A.  A requirement of DHCP snooping is that the device is on the VLAN that DHCP 

snooping is monitoring. There is nothing that requires the DHCP server to run on a layer 

2 switch. The device that is being protected must be on a layer 2 switched port on the 

same VLAN and not a layer 3 routed port. DHCP snooping does not require a dedicated 

IP address to be configured for its operations.

 14.  D.  Any service that allows the user to create a connection or access to information can be 

used as an attack vector. In the case of DHCP, the attacker will set the gateway to their IP 

address. In the case of DNS, the attacker could spoof a request to redirect the traffic. In 

the case of wireless, the attacker can spoof the Service Set Identifier (SSID).

will tag the native VLAN on a frame and then tag another inside that frame for the 

VLAN that the attacker intends to compromise. When the switch receives the first frame, 

it removes the default VLAN tag and forwards it to other switches via a trunk port. When 

the other switch receives the frame with the second VLAN tag, it forwards it to the VLAN 

the attacker is targeting. VLAN traversal is not an attack; it is a term to describe a VLAN 

traversing a trunk link between two switches. Trunk popping is not a valid attack; it is not 

a term used in networking, and therefore, it is an invalid answer. A denial of service (DoS) 

attack is an attack in which an attempt to exhaust services resources is launched to knock 

a service offline.

Download 8,04 Mb.

Do'stlaringiz bilan baham: