Home > Articles > CompTIA > Network+

  • Print
  • + Share This
This chapter is from the book

Answers to Exam Prep Questions

  1. A, C. Port 110 is used for POP3 incoming mail, and port 25 is used for SMTP outgoing mail. POP3 delivers mail only, and SMTP transfers mail between servers. Answer B is incorrect because UDP uses port 139 for network sharing. Port 443 is used by HTTPS; therefore, answer D is incorrect.
  2. A, D. UDP ports 161 and 162 are used by SNMP. Answer B is incorrect because UDP uses port 139 for network sharing. Answer C is incorrect because port 138 is used to allow NetBIOS traffic for name resolution.
  3. C. An application-level gateway understands services and protocols. Answer A is too generic to be a proper answer. Answer B is incorrect because a circuit-level gateway’s decisions are based on source and destination addresses. Answer D is incorrect because SOCKS proxy is an example of a circuit-level gateway.
  4. D. In A Class C network, valid host IDs are from 192.168.0.1 to 192.168.255.254. Answer A is incorrect because it is a Class A address. Valid host IDs are from 10.0.0.1 to 10.255.255.254. Answers B and C are incorrect because they are both Class B addresses; valid host IDs are from 172.16.0.1 through 172.31.255.254.
  5. C. The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer A is incorrect because a DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer B is incorrect because a virtual private network (VPN) is a network connection that allows you access via a secure tunnel created through an Internet connection. Answer D is incorrect because NAT acts as a liaison between an internal network and the Internet.
  6. B. A DMZ is a small network between the internal network and the Internet that provides a layer of security and privacy. Answer A is incorrect. The purpose of a VLAN is to unite network nodes logically into the same broadcast domain regardless of their physical attachment to the network. Answer C is incorrect because NAT acts as a liaison between an internal network and the Internet. Answer D is incorrect because a VPN is a network connection that allows you access via a secure tunnel created through an Internet connection.
  7. B, D. Because you want to monitor both types of traffic, the IDSs should be used together. Network-based intrusion-detection systems monitor the packet flow and try to locate packets that are not allowed for one reason or another and may have gotten through the firewall. Host-based intrusion-detection systems monitor communications on a host-by-host basis and try to filter malicious data. These types of IDSs are good at detecting unauthorized file modifications and user activity. Answer A is incorrect because a router forwards information to its destination on the network or the Internet. A firewall protects computers and networks from undesired access by the outside world; therefore, answer C is incorrect.
  8. B. A null session is a connection without specifying a user name or password. Null sessions are a possible security risk because the connection is not really authenticated. Answer A is incorrect because spoofing involves modifying the source address of traffic or source of information. Answer C is incorrect because domain kiting refers to the practice of taking advantage of this AGP period to monopolize domain names without even paying for them. Answer D is incorrect because ARP poisoning allows a perpetrator to trick a device into thinking any IP is related to any MAC address.
  9. D. A ping flood is a DoS attack that attempts to block service or reduce activity on a host by sending ping requests directly to the victim using ICMP. Answer A is incorrect because spoofing involves modifying the source address of traffic or source of information. Answer B is incorrect because a man-in-the middle attack is commonly used to gather information in transit between two hosts. Answer C is incorrect because domain kiting refers to the practice of taking advantage of this AGP period to monopolize domain names without even paying for them.
  10. B. A man-in-the-middle attack is commonly used to gather information in transit between two hosts. Answer A is incorrect because spoofing involves modifying the source address of traffic or source of information. In a replay, an attacker intercepts traffic between two endpoints and retransmits or replays it later; therefore, answer C is incorrect. Because the purpose of a DoS attack is to deny use of resources or services to legitimate users, answer D is incorrect.
  • + Share This
  • 🔖 Save To Your Account