?
Assessment Results Item Feedback Report
?
Introduction to Networks (Version 5.0) - ITN Chapter 11 Exam
Below is the feedback on items for which you did not receive full credit. Some interactive items may not display your response.
Subscore: 1
Which network design consideration would be more important to a large corporation than to a small business?
Correct Response
Your
Response
Internet router firewall
low port density switch
redundancy
Small businesses today do need Internet access and use an Internet router to provide this need. A switch is required to connect the two host devices and any IP phones or network devices such as a printer or a scanner. The switch may be integrated into the router. A firewall is needed to protect the business computing assets. Redundancy is not normally found in very small companies, but slightly larger small companies might use port density redundancy or have redundant Internet providers/links.
This item references content from the following areas:
Introduction to Networks
?
11.1.1 小型网络中的设备
2 Which protocol supports rapid delivery of streaming media?
Correct Response
Your
Response
SNMP TCP PoE
RTP
SNMP is a management protocol. TCP is not suitable for the rapid delivery of streaming media. PoE is not a protocol, but a standardized system that allows Ethernet cables to carry power to a device.
This item references content from the following areas: Introduction to Networks
?
11.1.2 小型网络中的协议
3
How should traffic flow be captured in order to best understand traffic patterns in a network?
Correct Response
Your
Response
during low utilization times during peak utilization times
when it is on the main network segment only
when it is from a subset of users
Capturing traffic during low utilization time will not give a good representation of the different traffic types. Because some traffic could be local to a particular segment, the capture must be done on different network segments.
This item references content from the following areas: Introduction to Networks
?
11.1.3 发展为大型网络
4
A network administrator checks the security log and notices there was unauthorized access to an internal file server over the weekend. Upon further investigation of the file system log, the administrator notices several important documents were copied to a host located outside of the company. What kind of threat is represented in this scenario?
Correct Response
Your
Response
data loss identity theft information theft
disruption of service
Information theft is the threat by which a company's internal information is accessed and copied by an unauthorized user.
This item references content from the following areas: Introduction to Networks
?
11.2.1 网络设备安全措施
5
Which two actions can be taken to prevent a successful attack on an email server account? (Choose two.)
Correct Response
Your
Response
Never send the password through the network in a clear text. Never use passwords that need the Shift key. Never allow physical access to the server console. Only permit authorized access to the server room.
Limit the number of unsuccessful attempts to log in to the server.
One of the most common types of access attack uses a packet sniffer to yield user accounts and passwords that are transmitted as clear text. Repeated attempts to log in to a server to gain unauthorized access constitute another type of access attack. Limiting the number of attempts to log in to the server and using encrypted passwords will help prevent successful logins through these types of access attack.
This item references content from the following areas: Introduction to Networks
?
11.2.2 漏洞和网络攻击
6
Which type of network attack involves the disabling or corruption of networks, systems, or services?
Correct Response
Your
Response
reconnaissance attacks access attacks
denial of service attacks
malicious code attacks
Denial of service attacks involve the disabling or corruption of networks, systems, or services. Reconnaissance attacks are the
unauthorized discovery and mapping of systems, services, or vulnerabilities. Access attacks are the unauthorized manipulation of data, system access, or user privileges. Malicious code attacks are computer programs that are created with the intention of causing data loss or damage.
This item references content from the following areas: Introduction to Networks
?
11.2.2 漏洞和网络攻击
7
A network administrator has determined that various computers on the network are
infected with a worm. Which sequence of steps should be followed to mitigate the worm attack?
Correct Response
Your
Response
inoculation, containment, quarantine, and treatment containment, quarantine, treatment, and inoculation treatment, quarantine, inoculation, and containment
containment, inoculation, quarantine, and treatment
The first step is to identify and contain all the infected systems (containment). The systems are then patched (inoculated), disconnected from the network (quarantined), and then cleaned (treatment).
This item references content from the following areas: Introduction to Networks
?
11.2.3 缓解网络攻击
8 What is a security feature of using NAT on a network?
Correct Response
Your
Response
allows external IP addresses to be concealed from internal users allows internal IP addresses to be concealed from external users
denies all packets that originate from private IP addresses
denies all internal hosts from communicating outside their own network
Network Address Translation (NAT) translates private addresses into public addresses for use on public networks. This feature prevents outside devices from seeing the actual IP addresses that are used by the internal hosts.
This item references content from the following areas: Introduction to Networks
?
11.2.3 缓解网络攻击
9
Refer to the exhibit. Baseline documentation for a small company had ping round trip time statistics of 36/97/132 between hosts H1 and H3. Today the network administrator checked connectivity by pinging between hosts H1 and H3 that resulted in a round trip time of 1458/2390/6066. What does this indicate to the network administrator?
Correct Response
Your
Response
Connectivity between H1 and H3 is fine. H3 is not connected properly to the network.
Something is causing interference between H1 and R1.
Performance between the networks is within expected parameters.
Something is causing a time delay between the networks.
Ping round trip time statistics are shown in milliseconds. The larger the number the more delay. A baseline is critical in times of slow performance. By looking at the documentation for the performance when the network is performing fine and comparing it to information when there is a problem, a network administrator can resolve problems faster.
This item references content from the following areas: Introduction to Networks
?
11.3.1 Ping
10 When should an administrator establish a network baseline?
Correct Response
Your
Response
when the traffic is at peak in the network when there is a sudden drop in traffic at the lowest point of traffic in the network
at regular intervals over a period of time
An effective network baseline can be established by monitoring the traffic at regular intervals. This allows the administrator to take note when any deviance from the established norm occurs in the network.
This item references content from the following areas: Introduction to Networks
?
11.3.1 Ping
11
Refer to the exhibit. An administrator is trying to troubleshoot connectivity between PC1 and PC2 and uses the tracert command from PC1 to do it. Based on the displayed output, where should the administrator begin troubleshooting?
Correct Response
Your
Response
PC2 R1 SW2 R2
SW1
Tracert is used to trace the path a packet takes. The only successful response was from the first device along the path on the same LAN as the sending host. The first device is the default gateway on router R1. The administrator should therefore start troubleshooting at R1.
This item references content from the following areas: Introduction to Networks
?
11.3.2 Tracert
12
A ping fails when performed from router R1 to directly connected router R2. The network administrator then proceeds to issue the show cdp neighbors command. Why would the network administrator issue this command if the ping failed between the two routers?
Correct Response
Your
Response
The network administrator suspects a virus because the ping command did not work. The network administrator wants to verify Layer 2 connectivity.
The network administrator wants to verify the IP address configured on router R2.
The network administrator wants to determine if connectivity can be established from a non-directly connected network.
The show cdp neighbors command can be used to prove that Layer 1 and Layer 2 connectivity exists between two Cisco devices. For example, if two devices have duplicate IP addresses, a ping between the devices will fail, but the output of show cdp neighborswill be successful. The show cdp neighbors detail could be used to verify the IP address of the directly connected device in case the same IP address is assigned to the two routers.
This item references content from the following areas: Introduction to Networks
?
11.3.4 主机和 IOS 命令
13 Which statement is true about CDP on a Cisco device?
Correct Response
Your
Response
The show cdp neighbor detail command will reveal the IP address of a neighbor only if there is Layer 3 connectivity.
To disable CDP globally, the no cdp enable command in interface configuration mode must be used. CDP can be disabled globally or on a specific interface.
Because it runs at the data link layer, the CDP protocol can only be implemented in switches.
CDP is a Cisco-proprietary protocol that can be disabled globally by using the no cdp run global configuration command, or disabled on a specific interface, by using the no cdp enable interface configuration command. Because CDP operates at the data link layer, two or more Cisco network devices, such as routers can learn about each other even if Layer 3 connectivity does not exist. The show cdp neighbors detail command reveals the IP address of a neighboring device regardless of whether you can ping the neighbor.
This item references content from the following areas: Introduction to Networks
?
11.3.4 主机和 IOS 命令
14
What is the purpose of issuing the commands cd nvram: then dir at the privilege exec mode of a router?
Correct Response
Your
Response
to clear the content of the NVRAM to direct all new files to the NVRAM to list the content of the NVRAM
to copy the directories from the NVRAM
To view the contents of NVRAM, the administrator needs to change the current default file system using the cd (change directory) command. The dir command lists the current directory content of a file system.
This item references content from the following areas: Introduction to Networks
?
11.4.1 路由器和交换机文件系统
15
If a configuration file is saved to a USB flash drive attached to a router, what must be done by the network administrator before the file can be used on the router?
Correct Response
Your
Response
Convert the file system from FAT32 to FAT16. Edit the configuration file with a text editor. Change the permission on the file from ro to rw.
Use the dir command from the router to remove the Windows automatic alphabetization of the files on the flash drive.
This item references content from the following areas: Introduction to Networks
?
11.4.2 配置文件备份与恢复
16 Which command will backup the configuration that is stored in NVRAM to a TFTP server?
Correct Response
Your
Response
copy running-config tftp copy tftp running-config copy startup-config tftp copy tftp startup-config
The startup configuration file is stored in NVRAM, and the running configuration is stored in RAM. The copy command is followed by the source, then the destination.
This item references content from the following areas: Introduction to Networks
?
11.4.2 配置文件备份与恢复
17 Which two statements about a service set identifier (SSID) are true? (Choose two.)
Correct Response
Your
Response
tells a wireless device to which WLAN it belongs
consists of a 32-character string and is not case sensitive responsible for determining the signal strength
all wireless devices on the same WLAN must have the same SSID used to encrypt data sent across the wireless network
This item references content from the following areas: Introduction to Networks
?
11.5.1 集成路由器
18 What do WLANs that conform to IEEE 802.11 standards allow wireless users to do?
Correct Response
Your
Response
use wireless mice and keyboards
create a one-to-many local network using infrared technology use cell phones to access remote services over very large areas connect wireless hosts to hosts or services on a wired Ethernet network
This item references content from the following areas: Introduction to Networks
?
11.5.1 集成路由器
19
Which WLAN security protocol generates a new dynamic key each time a client establishes a connection with the AP?
Correct Response
Your
Response
EAP PSK WEP WPA
This item references content from the following areas: Introduction to Networks
?
11.5.1 集成路由器
20 Which two statements characterize wireless network security? (Choose two.)
Correct Response
Your
Response
Wireless networks offer the same security features as wired networks. Some RF channels provide automatic encryption of wireless data.
With SSID broadcast disabled, an attacker must know the SSID to connect. Using the default IP address on an access point makes hacking easier.
An attacker needs physical access to at least one network device to launch an attack.
This item references content from the following areas: Introduction to Networks
? ?
11.5.1 集成路由器 11.5.2 配置集成路由器
Fill in the blank. Do not use abbreviations. The command that is issued on a router is used to verify the value of the software configuration register.
The show version command that is issued on a router displays the value of the configuration register, the Cisco IOS version being used, and the amount of flash memory on the device, among other information.
21
show versionThis item references content from the following areas: Introduction to Networks
?
11.3.3 Show 命令
Fill in the blank. VoIP22
defines the protocols and technologies that implement the transmission of voice data over an IP network.
This item references content from the following areas: Introduction to Networks
?
11.1.2 小型网络中的协议
Fill in the blank. Do not use abbreviations. The show command provides information about the amount of free nvram and flash memory with the permissions for reading or writing data.
The show file systems command lists all of the available file systems on a Cisco router. It provides useful information such as the amount of available and free memory of flash and nvram, and its access permissions that include read only (ro), write only (wo), and read and write (rw).
23
file systemsThis item references content from the following areas: Introduction to Networks
?
11.4.1 路由器和交换机文件系统
24
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
How long will a user be blocked if the user exceeds the maximum allowed number of unsuccessful login attempts?
Correct Response
Your
Response
1 minute 2 minutes 3 minutes
4 minutes
The timeout duration for login attempts is set by the login block-for 180 attempts 4 within 60 command. This command sets the login block at 180 seconds (3 minutes) after 4 incorrect attempts within a 60 second time period. This command can be viewed in the running configuration file.
This item references content from the following areas: Introduction to Networks
?
11.2.4 保护设备