answer key 1[1]

ISM4323 Information Systems Security Answer Key 1 - 1

ISM4323 Information Systems Security Instructor: Andy Wu

Multiple-Choice Quiz Answer Key For Chapters 1, 2, 5, 6, 7, 9 Chapter 1 Introduction and Security Trends

1. Which threats are characterized by possibly long periods of preparation (years is not uncommon), tremendous financial backing, a large and organized group of attackers, and attempts to subvert insiders or to plant individuals inside a potential target in advance of a planned attack?

A.) Unstructured threats B.) Structured threats C.) Highly structured threats D.) Nation-state information warfare threats

Answer: C. This is the definition of highly structured threats.

2. Which of the following is an attempt to find and attack a site that has hardware or software that is vulnerable to a specific exploit?

A.) Target of opportunity attack B.) Targeted attack C.) Vulnerability scan attack D.) Information warfare attack

Answer: A. This is the definition of a target of opportunity.

3. Which of the following threats has not grown over the last decade as a result of increasing numbers of Internet users?

A.) Viruses B.) Hackers C.) Denial-of-Service attacks D.) All of these have seen an increase over the last decade.

Answer: D. Though not much has been mentioned about Denial-of-Service attacks up to now, all of these threats are on the rise.


4. The rise of which of the following has greatly increased the number of individuals who probe organizations looking for vulnerabilities to exploit?

A.) Virus writers B.) Script kiddies C.) Hackers D.) Elite hackers

Answer: B. The text discussed how the rise in the number of script kiddies has greatly increased the number of individuals who attempt to probe networks and computer systems.

5. Which of the following is generally viewed as the first Internet worm to have caused significant damage and to have “brought the Internet down”?

A.) Melissa B.) The “Love Bug” C.) The Morris Worm D.) Code Red

Answer: C. In 1988, the Morris Worm was the first such program to cause significant damage to the Internet and basically prevented numerous users from being able to access the Internet.

6. Which of the following individuals convicted of various computer crimes was known for his ability to conduct successful social engineering attacks?

A.) Kevin Mitnick B.) Vladamir Levin C.) Timothy Lloyd D.) David Smith

Answer: A. Kevin Mitnick is one of the most infamous of computer criminals and was known for his ability to perform social engineering attacks. He at one point testified before Congress about how easy it was to obtain information from individuals using social engineering techniques.

7. According to the CSI/FBI survey, which of the following is the only statistic to have shown a decrease in 2003?

A.) The number of organizations reporting the Internet as a point of attack. B.) The number of organizations that have reported unauthorized use of their systems. C.) The average loss as a result of theft of proprietary information. D.) Both B and C

Answer: D. Both of these have shown a decrease in 2003.


8. Which virus/worm was credited with reaching global proportions in less than ten minutes?

A.) Code Red B.) The Morris Worm C.) Melissa D.) Slammer

Answer: D. The Slammer worm has been the fastest propagating worm to date, doubling the number of infected systems every 8.5 seconds.

9. The act of deliberately accessing computer systems and networks without authorization is generally known as:

A.) Computer intrusions B.) Hacking C.) Cracking D.) Probing

Answer: B. This activity is generally referred to as hacking. The term cracking has been offered by many in the security community as an alternative, but its use in the general population has not caught on.

10. What is the most common problem/threat an organization faces?

A.) Viruses/worms B.) Script kiddies C.) Hackers D.) Hacktivists

Answer: A. While the number of script kiddies (and their activities) has been greatly increasing, the biggest problem faced by organizations is viruses/worms. Script kiddie activity is generally not intrusive, but can generate a lot of wasteful network traffic.

11. Warfare conducted against the information and information processing equipment used by an adversary is known as:

A.) Hacking B.) Cyber terrorism C.) Information warfare D.) Network warfare

Answer: C. This was the definition of information warfare offered in the chapter.

12. An attacker who feels using animals to make fur coats is unethical and thus defaces the Web site of a company that sells fur coats is an example of:


A.) Information warfare B.) Hacktivisim C.) Cyber crusading D.) Elite hacking

Answer: B. This is an example of hacktivism as defined in the chapter.

13. Which of the following is not described as a critical infrastructure?

A.) Electricity (power) B.) Banking and finance C.) Telecommunications D.) Retail stores

Answer: D. All of these, except retail stores, are critical infrastructures.

14. Criminal organizations would normally be classified as what type of threat?

A.) Unstructured B.) Unstructured but hostile C.) Structured D.) Highly structured

Answer: C. Normally, criminal organizations are considered a structured threat, though in some instances they might be seen as unstructured or highly structured.

15. Elite hackers don't account for more than what percentage of individuals conducting intrusive activity on the Internet?

A.) 1–2 percent B.) 3–5 percent C.) 7–10 percent D.) 15–20 percent

Answer: A. Elite hackers are the smallest group and probably account for no more than 1–2 percent.

Chapter 2 General Security Concepts

1. What is the most common form of authentication used?

A.) Smart card B.) Tokens C.) Username/password D.) Retinal scan


Answer: C. The username/password combination is the single most common authentication mechanism in use today.

2. The CIA of security includes…

A.) Confidentiality, integrity, authentication B.) Confidentiality, integrity, availability C.) Certificates, integrity, availability D.) Confidentiality, inspection, authentication

Answer: B. Don’t forget, even though authentication was described at great length in this chapter, the A in the CIA of security represents availability, which refers to both the hardware and data being accessible when the user wants it.

3. The security principle used in the Bell-LaPadula security model that states that no subject can read from an object with a higher security classification is the…

A.) Simple Security Rule B.) Ring policy C.) Mandatory access control D.) *-property

Answer: A. This is the definition of the Simple Security Rule.

4. CHAP is the…

A.) Certificate Handling Application Program B.) Controlling Hierarchical Access Protocol C.) Confidentiality Handling Application Protocol D.) Challenge Handshake Authentication Protocol

Answer: D. This is the definition for CHAP.

5. Which of the following is true about multifactor authentication?

A.) It incorporates both access-control and authentication mechanisms into a single device.

B.) It employs more than one method to verify authenticity. C.) It allows for multiple users to utilize the same account but with different user IDs. D.) It bases access decisions on the role of the user, as opposed to using the more

common user ID/password combination.

Answer: B. Multifactor authentication refers to the use of more than one type of authentication mechanism in order to provide improved security. An example of this would


be a biometric device (something you know/something about you) and a personal identification number (something you know) in use at the same time.

6. The Bell-LaPadula security model is an example of a security model that is based on:

A.) The integrity of the data B.) The availability of the data C.) The confidentiality of the data D.) The authenticity of the data

Answer: C. Bell-LaPadula is based on data confidentiality.

7. What was described in the chapter as being essential in order to implement mandatory access controls?

A.) Smart cards B.) Certificates C.) Security classifications and labels D.) Mutual authentication mechanisms

Answer: C. Labels and Security classifications were discussed as being required for both objects and subjects in order to implement mandatory access controls. Here, D is not the correct answer, because mandatory access controls are often used to implement various levels of security classification, but they are not needed in order to implement MAC.

8. In which access control mechanism does the operating system determine the access control permissions for subjects?

A.) Mandatory B.) Role-based C.) Discretionary D.) Token-based

Answer: A. This is the definition of mandatory access control.

9. The problem with the Low-Water-Mark policy is that it…

A.) Is aimed at ensuring confidentiality and not integrity B.) Could ultimately result in all subjects having the integrity level of the least trusted

object on the system C.) Could result in the unauthorized modification of data D.) Does not adequately prevent users from viewing files they are not entitled to


Answer: B. The problem with the Low-Water-Mark policy is that it lowers the integrity level of subjects to the level of the object which will ultimately (potentially) result in subjects all having the level of trust of the lowest object on the system.

10. What was the basis for authentication used in Kerberos?

A.) Ticket B.) Token C.) Certificate D.) Biometrics

Answer: A. A ticket was described as the basis for security in Kerberos. Tickets are granted by the authentication server, which is an entity trusted by both the client and the server the client wishes to access. In the chapter, the analogy used for a ticket in the physical world was the common driver’s license.

11. The alternative proposed by some to replace the term “hacker” (a reference to individuals who attempt to gain unauthorized access to computer systems or networks) is…

A.) Lamer B.) Phreaker C.) Script kiddie D.) Cracker

Answer: D. The alternative term proposed was cracker. Script kiddie is used by individuals in the security community to refer to individuals with only marginal skills and who rely on scripts created by others to accomplish their desires. Lamer is a derogative term referring to any number of less-talented individuals.

12. The ability of a subject to interact with an object describes…

A.) Availability B.) Access C.) Integrity D.) Role-based authentication

Answer: B. This is the definition of access.

13. Information security places the focus of security efforts on:

A.) The operating system and hardware it runs on B.) The application programs interacting with the user C.) The system (or security) administrators D.) The data the systems store and process


Answer: D. Information security places the focus of security efforts on the data (information).

14. In role-based access control:

A.) The user is responsible for providing both a password and a digital certificate in order to access the system or network.

B.) A set of roles that the user may perform will be assigned to each user, thus controlling what the user can do and what information they may access.

C.) The focus is on the confidentiality of the data the system protects and not its integrity. D.) Authentication and nonrepudiation are the central focus.

Answer: B. In role-based access controls, roles are assigned to the user. Each role describes what the user can do and the data or information that can be accessed to accomplish that role.

15. The security principle whose goal it is to ensure that information is only modified by those who have authority to change it is called…

A.) Authenticity B.) Availability C.) Integrity D.) Confidentiality

Answer: C. This is the definition of integrity.

Chapter 5 Cryptography

1. What is DES being replaced with?

A.) Diffie-Hellman B.) AES C.) RC6 D.) MD5

Answer: B. AES or Advanced Encryption Standard is designed to replace the old U.S. government standard of DES.

2. What kind of encryption uses the concept of public keys?

A.) Asymmetric B.) Hash C.) Linear cryptanalysis D.) Authentication

Answer: A. Asymmetric encryption uses the concept of public keys.


3. How many bits are in a block of the SHA algorithm?

A.) 128 B.) 2048 C.) 512 D.) 56

Answer: C. 512 bits make up the blocks in SHA.

4. If a message has a hash, how does the hash protect the message in transit?

A.) If the message is edited, the hash will no longer match. B.) Hashing destroys the message so it cannot be read by anyone. C.) Hashing encrypts the message so that only the private key holder can read it. D.) The hash makes the message uneditable.

Answer: A. Hashing makes a digest unique to the message, so if the message is altered, the hash will no longer match.

5. A secure encryption key is…

A.) Easy to remember B.) Long and random C.) Long and predictable D.) Short

Answer: B. The best encryption key to have is one that is long and random, to reduce the predictability of the key.

6. What does a hash function do?

A.) Creates a secure tunnel B.) Breaks encryption by trying every possible key C.) Multiplies two very large primes D.) Creates a unique digest of a message

Answer: D. A hash compresses and encrypts the message to create a unique digest.

7. What is a shift cipher?

A.) A cipher with public and private keys B.) A cipher that cannot be broken except by hand calculations C.) One that uses the geometry of elliptical curves D.) A cipher that shifts the letters in the alphabet by a numeric amount


Answer: D. A shift cipher works by shifting the letter of plaintext to a different letter, based upon a numeric shift in the alphabet.

8. A digital signature requires what types of encryption?

A.) Hashing and asymmetric B.) Asymmetric and symmetric C.) Hashing and symmetric D.) ECC and asymmetric

Answer: A. Digital signatures use hashing and asymmetric encryption.

9. What makes symmetric encryption superior to asymmetric for larger data sets?

A.) It's more secure. B.) Speed C.) Anyone with the public key could decrypt the data. D.) It uses a hash.

Answer: B. Symmetric encryption is several times faster computationally than asymmetric encryption.

10. How is 3DES different than many other types of encryption listed here?

A.) It only encrypts the hash. B.) It hashes the message before encryption. C.) It uses three keys and multiple encryption and/or decryption sets. D.) It can display the key publicly.

Answer: C. 3DES uses multiple keys and multiple encryption or decryption rounds to improve security over regular DES.

11. What is typically necessary to perform cryptanalysis?

A.) The key B.) Large amounts of plaintext and ciphertext C.) A hash of the message D.) Computers able to guess at key values faster than a billion times per second

Answer: B. Differential cryptanalysis requires large amounts of plaintext and ciphertext.

12. What is a brute-force attack?

A.) Feeding certain plaintext into the algorithm to deduce the key B.) Capturing ciphertext with known plaintext values to deduce the key


C.) Sending every key value at the algorithm to find the correct key D.) Sending two large men to the key owner's house to retrieve the key

Answer: C. Brute forcing is the attempt to use every possible key to find the correct one.

13. What cipher was chosen to be the new AES standard?

A.) IDEA B.) RC6 C.) ECC D.) Rijndael

Answer: D. Rijndael was chosen as the new Advanced Encryption Standard.

14. When a message is sent, no matter what its format, why do we care about its integrity?

A.) To ensure proper formatting B.) To show that the encryption keys are undamaged C.) To show that a message has not been edited in transit D.) To show that no one has viewed it

Answer: C. Integrity is important for encryption to show that a message has not been edited or altered since it was created.

15. What is Diffie-Hellman most commonly used for?

A.) Symmetric encryption key exchange B.) Signing digital contracts C.) Securing e-mail D.) Storing encrypted passwords

Answer: A. Diffie-Hellman is most commonly employed to protect the exchange of keys used to create a connection with symmetric encryption. It is often used in Transport Layer Security (TLS) implementations for protecting secure Web pages.

Chapter 6 Public Key Infrastructure

1. In a peer-to-peer trust model…

A.) One CA is subordinate to another CA. B.) There is an established trusted anchor between the CAs involved. C.) One CA is not subordinate to another CA. D.) The ruling of the senior CA is used to resolve ties.


Answer: C. The term peer-to-peer is used to describe a flat management structure without subordinate relationships.

2. A hierarchical trust model is characterized by…

A.) Numerous CAs in a peer-to-peer relationship. B.) An inverted tree-type structure with a root node at the top. C.) A mesh of interconnected CAs. D.) A CA with recursive interconnects to itself.

Answer: B. A hierarchical trust model is described as one with an inverted tree structure.

3. Key escrow is…

A.) A government-backed scheme to enable government snooping. B.) A way of “backing up” encryption keys. C.) An unnecessary and archaic bureaucratic step that has been eliminated by software. D.) A method to enable key reuse throughout an organization.

Answer: B. Key escrow allows key recovery by authorized personnel, and as such it acts as a backup set of keys should the originals get lost or damaged.

4. Certificate authorities (CAs) are…

A.) Private firms assigned by the Internet Society to enable encryption use across the Internet.

B.) Software programs to enable the use of certificates on end-user client machines. C.) Government-regulated services that act as electronic identity brokers. D.) The issuers of a certificate in a PKI scheme.

Answer: D. CAs issue certificates.

5. The length of time a private key needs to remain secure is…

A.) The length of time a certificate offers validity. B.) Until a certificate has been revoked. C.) As long as the material that has been encrypted needs to remain secure. D.) Not applicable; once used, it is time invariant.

Answer: C. Encryption keys need to remain secret even after a message has been passed, because a copy of the message in transit could be decrypted at any time in the future. As long as all of the material protected is sensitive, the keys need to be secured.

6. Certificates have what form of protection to enable continuing control by the owner?


A.) Use of a certificate revocation list as part of the validation process B.) End dates for validity C.) None. Once issued, there is no way for the owner to control a certificate. D.) Certificates can be labeled on the certificate server as void, thus invalidating all

copies.

Answer: A. Certificate revocation lists provide for post-issuance “cancellation” of a certificate.

7. A Class 1 digital certificate is commonly used for?

A.) Personal e-mail signing B.) Personal Web server ssl C.) Code signing D.) Denoting an entity as a CA

Answer: A. Class 1 certificates are used by individuals to sign e-mails.

8. An item not found on a certificate is…

A.) Owner identity B.) The issuing CA C.) The expiration date D.) The private key for the certificate holder

Answer: D. Private keys are never disclosed, hence the term “private.”

9. A firm wishing to customize a certificate…

A.) Must use a Class 3 certificate. B.) Doesn't need to do anything; all certificates are expandable by the customer. C.) Must use a Class 4 certificate (that is, a Class 3 certificate modified for internal use). D.) Cannot do so; certificates are not structured to be expandable.

Answer: B. By design, certificates have expandable, customizable fields to allow flexibility.

10. To obtain a certificate, a user must contact whom?

A.) Their ISP B.) A registration authority (RA) C.) A certificate authority (CA) D.) The Internet Engineering Task force, via a X.509 request

Answer: B. The original creation of certificates is performed under an RA’s direction.

11. The hybrid trust model is characterized by…


A.) A combination of hierarchical and peer-to-peer nodes B.) A corporate intranet–based solution C.) A flat peer-to-peer network with a single common CA D.) Combining certificates from Microsoft and Netscape browsers into a cohesive

environment

Answer: A. Hybrid trust models are combinations of peer-to-peer and hierarchical models.

12. PKI adoption is hampered by…

A.) Issues surrounding users remembering large keys or sets of keys B.) A lack of industry standardization C.) Government regulation of encryption D.) A lack of business understanding of its utility

Answer: D. Business drivers are built upon the understanding of need, and as PKI is a complex topic, the maturity has not reached an acceptable level of understanding yet.

13. What is a weakness of certificate revocation lists?

A.) When establishing a connection to verify the certificate lineage, it may possibly force numerous CRL lookups.

B.) Not all certificate types can be revoked. C.) End users must manually request updated checks on each use. D.) Not all CAs use CRLs.

Answer: A. In a hierarchical trust model, each level should be verified, which can force multiple, sequential lookups.

14. PKI solutions are combinations of hardware and software to enable…

A.) SSL Web pages B.) Functional use of public key encryption technology C.) Proprietary LDAP information mechanisms to assist in Internet security D.) E-commerce vendors to track deadbeat customers

Answer: B. PKI solutions are combinations of hardware and software that enable the functional use of public key encryption technology.

15. Which is not a trust model employed in PKIs?

A.) The notary public trust model B.) The peer-to-peer trust model C.) The hybrid trust model D.) The hierarchical trust model


Answer: A. The notary model is used as an analogy only and is not an actual trust model.

Chapter 7 Standards and Protocols

1. Which organization created PKCS?

A.) OSI B.) ISO C.) RSA D.) IEEE

Answer: C. RSA Laboratories created Public Key Cryptography Standards (PKCS).

2. Which of the following is not part of a public key infrastructure?

A.) A substitution cipher B.) The certificate revocation list (CRL) C.) The certificate authority (CA) D.) Certificates

Answer: A. The substitution cipher is not a component of PKI. The substitution cipher is an elementary alphabet-based cipher.

3. Which of the following is used to grant permissions using rule-based, role-based, and rank-based access controls?

A.) A qualified certificate B.) A control certificate C.) An attribute certificate D.) An optional certificate

Answer: C. An attribute certificate is used to grant permissions using rule-based, role-based, and rank-based access controls

4. Which of the following is subject to reuse of its initialization vector?

A.) Certificate Enrollment Protocol (CEP) B.) Wireless Transport Layer Security (WTLS) C.) Wireless Access Protocol (WAP) D.) Wired Equivalency Protocol (WEP)

Answer: D. WEP is subject to reuse of its initialization vector.

5. Transport Layer Security consists of which two protocols?


A.) The TLS Record Protocol and TLS Handshake Protocol B.) The TLS Record Protocol and TLS Certificate Protocol C.) The TLS Certificate Protocol and TLS Handshake Protocol D.) The TLS Key Protocol and TLS Handshake Protocol

Answer: A. Transport Layer Security consists of the TLS Record Protocol, which provides security, and the TLS Handshake Protocol, which allows the server and client to authenticate each other.

6. Which of the following provides connection security by using common encryption methods?

A.) The TLS Certificate Protocol B.) The TLS Handshake Protocol C.) The TLS Key Protocol D.) The TLS Record Protocol and TLS Handshake Protocol

Answer: D. The TLS Record Protocol provides connection security by using common encryption methods, such as DES.

7. Which of the following provides a method for implementing a key exchange protocol?

A.) EISA B.) ISAKMP C.) ISA D.) ISAKEY

Answer: B. The Internet Security Association and Key Management Protocol (ISAKMP) provide a method for implementing a key exchange protocol and for negotiating a security policy.

8. Which of the following is a detailed standard for creating and implementing security policies?

A.) PKIX B.) ISO 17799 C.) FIPS D.) X.509

Answer: B. ISO 17799 is a detailed standard for creating and implementing security policies.

9. A relationship where two or more entities define how they will communicate securely is known as what?

A.) A three-way handshake B.) A security association C.) A three-way agreement


D.) A security agreement

Answer: B. During a security association, the client and the server will list the types of encryption they are capable of and will choose the most secure encryption standard that they have in common.

10. The entity requesting an SA sets what?

A.) The session number B.) The session ID C.) The initiator cookie D.) The process ID

Answer: C. The entity requesting a security association will request an initiator cookie.

11. What protocol is used to establish a CA?

A.) The Internet Key Exchange Protocol B.) The Secure Sockets Layer Protocol C.) The Public Key Infrastructure Protocol D.) The Certificate Management Protocol

Answer: D. The Certificate Management Protocol is used to establish a CA.

12. What is the purpose of XKMS?

A.) Extends session associations over many transport protocols B.) Encapsulates session associations over TCP/IP C.) Defines services to manage heterogeneous PKI operations via XML D.) Designed to replace SSL

Answer: C. XML Key Management Specification (XKMS) allows services to manage PKI via XML, which is interoperable across different vendor platforms.

13. Which of the following is a secure e-mail standard?

A.) POP3 B.) IMAP C.) SMTP D.) S/MIME

Answer: D. Secure/Multipurpose Internet Mail Extensions (S/MIME) is a secure e-mail standard. Other popular standards include Pretty Good Privacy (PGP) and OpenPGP.


14. Which of the following is a joint set of security processes and standards used by approved laboratories to award an Evaluation Assurance Level (EAL) from EAL1 to EAL7?

A.) Common Criteria B.) FIPS C.) ISO 17700 D.) IEEE X.509

Answer: A. Common Criteria is a joint set of security processes and standards used by approved laboratories to award an Evaluation Assurance Level (EAL) from EAL1 to EAL7.

15. Secure Sockets Layer uses what port to communicate?

A.) 53 B.) 80 C.) 143 D.) 443

Answer: C. SSL’s well-known port is 443. SSL was developed by Netscape.

Chapter 9 Network Fundamentals

1. Which of the following topologies connects all the network devices to a central point?

A.) Mixed B.) Ring C.) Bus D.) Star

Answer: D. The Star topology connects all the network devices to a central point. This creates the star-like shape for which the topology is named.

2. In this chapter, what does WAN stand for?

A.) Wide area node B.) Wide alternate network C.) Wide area network D.) Wide automated network

Answer: C. WAN is the abbreviation for wide area network.

3. What is Layer 1 of the OSI model called?

A.) The physical layer B.) The network layer


C.) The initial layer D.) The presentation layer

Answer: A. Layer 1 of the OSI model is the physical layer.

4. The UDP protocol…

A.) Provides excellent error checking algorithms B.) Is a connectionless protocol C.) Guarantees delivery of packets D.) Requires a permanent connection between source and destination

Answer: B. UDP is by definition a connectionless protocol.

5. The process that dynamically assigns an IP address to a network device is called:

A.) NAT B.) DNS C.) DHCP D.) Routing

Answer: C. The process that dynamically assigns an IP address to a network device is called DHCP.

6. What is the three-way handshake sequence used to initiate TCP connections?

A.) ACK, SYN/ACK, ACK B.) SYN, SYN/ACK, ACK C.) SYN, SYN, ACK/ACK D.) ACK, SYN/ACK, SYN

Answer: B. The three-way handshake is SYN, SYN/ACK, ACK.

7. For transmission, large amounts of data are normally broken up into smaller pieces known as:

A.) UDPs B.) ICMPs C.) Packets D.) Subnets

Answer: C. For transmission, large amounts of data are normally broken up into smaller pieces known as packets.


8. Which of the following is a control and information protocol used by network devices to determine things like a remote network's availability and length of time to reach a remote network?

A.) UDP B.) NAT C.) TCP D.) ICMP

Answer: D. The ICMP protocol is a control and information protocol used by network devices to determine things like a remote network’s availability and length of time to reach a remote network.

9. What is the name of the protocol that translates names into IP addresses?

A.) TCP B.) DNS C.) ICMP D.) DHCP

Answer: B. The protocol that translates names into IP addresses is known as Domain Name System (DNS).

10. Dividing the 32-bit IP address space into networks is called what?

A.) Translating B.) Network configuration C.) Subnetting D.) Address translation

Answer: C. Dividing the 32-bit IP address space into networks is called subnetting.

11. Which protocol translates private (non-routable) IP addresses into public (routable) IP addresses?

A.) NAT B.) DHCP C.) DNS D.) ICMP

Answer: A. The protocol that translates private (non-routable) IP addresses into public (routable) IP addresses is called Network Address Translation (NAT).

12. The TCP protocol…


A.) Is connectionless B.) Provides no error checking C.) Allows for packets to be processed in the order they were sent D.) Has no overhead

Answer: C. The TCP protocol carries sequence numbers, which allows for packets to be processed in the order they were sent.

13. What is the most widely used network protocol?

A.) SS7 B.) Token Ring C.) Ethernet D.) SNA

Answer: C. The most widely used network protocol is Ethernet.

14. Which of the following would be a valid MAC address?

A.) 00:07:e9 B.) 00:07:e9:7c:c8 C.) 00:07:e9:7c:c8:aa D.) 00:07:e9:7c:c8:aa:ba

Answer: C. The only entry that would represent a valid MAC address is 00:07:e9:7c:c8:aa. All the others are either too short or too long.

15. What is DHCP an acronym for?

A.) Dynamic Host Configuration Protocol B.) Dynamic Host Control Protocol C.) Data Hyper Compression Protocol D.) Datagram High Correction Process

Answer: A. DHCP is short for Dynamic Host Configuration Protocol.

answer key 1[1]

Documents