R4RIN
MCQS
Computer Hardware and Networking MCQ Quiz Hub
Network Security Multiple Choice questions
Choose a topic to test your knowledge and improve your Computer Hardware and Networking skills
1. Which of the following is true regarding access lists applied to an interface?
Which of the following is true regarding access lists applied to an interface?
You can apply only one access list on any interface.
One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
You can apply two access lists to any interface.
2. Which command would you use to apply an access list to a router interface?
ip access-list 101 out
access-list ip 101 in
ip access-group 101 in
access-group ip 101 in
3. Which of the following is an example of a standard IP access list?
access-list 110 permit host 1.1.1.1
access-list 1 deny 172.16.10.1 0.0.0.0
access-list 1 permit 172.16.10.1 255.255.0.0
access-list standard 1.1.1.1
4. Which of the following is an example of a standard IP access list? A. B. C. D.
access-list 110 permit host 1.1.1.1
access-list 1 deny 172.16.10.1 0.0.0.0
access-list 1 permit 172.16.10.1 255.255.0.0
access-list standard 1.1.1.1
5. You need to create an access list that will prevent hosts in the network range of 192.168.160.0 to 192.168.191.0. Which of the following lists will you use?
access-list 10 deny 192.168.160.0 255.255.224.0
access-list 10 deny 192.168.160.0 0.0.191.255
access-list 10 deny 192.168.160.0 0.0.31.255
access-list 10 deny 192.168.0.0 0.0.31.255
6. You are working on a router that has established privilege levels that restrict access to certain functions. You discover that you are not able to execute the commandshow running-configuration. How can you view and confirm the access lists that have been applied to the Ethernet 0 interface on your router?
show access-lists
show interface Ethernet 0
show ip access-lists
show ip interface Ethernet 0
7. What command will permit SMTP mail to only host 1.1.1.1?
access-list 10 permit smtp host 1.1.1.1
access-list 110 permit ip smtp host 1.1.1.1
access-list 10 permit tcp any host 1.1.1.1 eq smtp
access-list 110 permit tcp any host 1.1.1.1 eq smtp
8. You want to create a standard access list that denies the subnet of the following host: 172.16.50.172/20. Which of the following would you start your list with?
access-list 10 deny 172.16.48.0 255.255.240.0
access-list 10 deny 172.16.0.0 0.0.255.255
access-list 10 deny 172.16.64.0 0.0.31.255
access-list 10 deny 172.16.48.0 0.0.15.255
9. What router command allows you to determine whether an IP access list is enabled on a particular interface?
show ip port
show access-lists
show ip interface
show access-lists interface
10. You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?
(config)# ip access-group 110 in
(config-if)# ip access-group 110 in
(config-if)# ip access-group Blocksales in
(config-if)# blocksales ip access-list in
11. You want to create a standard access list that denies the subnet of the following host: 172.16.144.17/21. Which of the following would you start your list with?
access-list 10 deny 172.16.48.0 255.255.240.0
access-list 10 deny 172.16.144.0 0.0.7.255
access-list 10 deny 172.16.64.0 0.0.31.255
access-list 10 deny 172.16.136.0 0.0.15.255
12. You configure the following access list: access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp access-list 110 deny tcp any eq 23 int ethernet 0 ip access-group 110 out What will the result of this access list be?
Email and Telnet will be allowed out E0.
Email and Telnet will be allowed in E0.
Everything but email and Telnet will be allowed out E0
No IP traffic will be allowed out E0.
13. You want to create a standard access list that denies the subnet of the following host: 172.16.198.94/19. Which of the following would you start your list with?
access-list 10 deny 172.16.192.0 0.0.31.255
access-list 10 deny 172.16.0.0 0.0.255.255
access-list 10 deny 172.16.172.0 0.0.31.255
access-list 10 deny 172.16.188.0 0.0.15.255
14. If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?
If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?
access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23
15. Which router command allows you to view the entire contents of all access lists?
Router# show interface
Router> show ip interface
Router# show access-lists
Router> show all access-lists
16. Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?
access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
access-list 10 deny tcp any 196.15.7.0 eq www
access-list 100 permit 196.15.7.0 0.0.0.255 eq www
access-list 110 permit ip any 196.15.7.0 0.0.0.255
17. Which of the following are valid ways to refer only to host 172.16.30.55 in an IP access list? 1. 172.16.30.55 0.0.0.255 2. 172.16.30.55 0.0.0.0 3. any 172.16.30.55 4. host 172.16.30.55 5. 0.0.0.0 172.16.30.55 6. ip any 172.16.30.55
1 and 4
2 and 4
1, 4 and 6
3 and 5
18. If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?
access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp access-list 111 permit ip any 0.0.0.0 255.255.255.255
access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp access-list 198 permit ip any 0.0.0.0 255.255.255.255
19. Which of the following series of commands will restrict Telnet access to the router?
Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line con 0 Lab_A(config-line)#ip access-group 10 in
Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 10 out
Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 10 in
Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#ip access-group 10 in
20. Which of the following commands connect access list 110 inbound to interface ethernet0?
Router(config)# ip access-group 110 in
Router(config)# ip access-list 110 in
Router(config-if)# ip access-group 110 in
Router(config-if)# ip access-list 110 in
21. What is the standard IANA port number used for requesting web pages?
80
53
21
25
22. A high profile company has been receiving a high volume of attacks on their website. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. What should be implementated?
A DMZ (Demilitarized Zone)
A honey pot
A firewall
A new subnet
23. What Directive would you use to block access to certain domains if you are using Apache as a proxy server?
ProxyBlock baddomain.com
Block baddomain.com
Deny baddomain.com
Apache’s proxy server implementation has no mechanism to block access to a specific domain.
24. Wireless Application Protocol (WAP) has several layers. Which of the following is the security layer?
Wireless Security Layer (WSL)
Wireless Transport Layer (WTL)
Wireless Transport Layer Security (WTLS)
Wireless Security Layer Transport (WSLT)
25. Why would you configure virtual hosting with a single daemon rather than multiple daemons?
If the machine services large numbers of request and performance is a concern.
To simplify the restart process
To improve security
None of the above
26. Which of these is NOT a type of firewall?
Stateful Query
Application Proxy
Static packet filtering
Transparent Proxy
27. Are “Secure” servers really secured?
Yes. They are secure.
Yes. SSL and other technologies make Secure Servers as secure as possible?
No. They do not provide client security.
No. They provide only encryption for documents in transit.
28. As a security measure, you change the TCP port in FTP Site Properties to 19,960. Some users complain that they are unable to access the FTP site. What might be the cause of the problem?
You cannot set the TCP port to a number above 1023.
The users having problems are still accessing port number 21.
The users must access port number 80
You cannot set the TCP port to an even number.
29. One way to limit hostile sniffing on a LAN (Local Area Network) is by installing:
An ethernet switch
A firewall
An ethernet hub
A CSU/DSU (Channel Service Unit/Data Service Unit)
30. What does favicon.ico in a webserver’s log indicate?
In MSIE v.5, when a user adds a link to his bookmarks, or drags the link to his desktop, the browser attempts to retrieve an icon for the URL.
Web search engines frequently give higher ranking to sites that keep icons for their service on the front page.
The “favicon.ico” is a hacker trinket meant to mark servers on which a hacker has “got root” for his friends.
Somebody has probed the webserver looking for a mis-configured FrontPage implementation.
31. What does “chmod 1777 ./” do?
Modifies all files in the current working directory so that they can be deleted.
Changes the directory date to 1777; commonly used by hackers to cover changes. Lets any user delete the files, but not create new ones.
Freezes all files in the current working directory so that they cannot be modified.
Sets the permissions on the current working directory to rwxrwxrwt on a Unix filesystem.
Submit