Top 50 Network Security Multiple Choice Questions
1. Which of the following is true regarding access lists applied to an interface?
A. You can place as many access lists as you want on any interface until you run out of memory.
B. You can apply only one access list on any interface.
C. One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
D. You can apply two access lists to any interface.
Ans: C
2. Which command would you use to apply an access list to a router interface?
A. ip access-list 101 out
B. access-list ip 101 in
C. ip access-group 101 in
D. access-group ip 101 in
Ans: C
3. Which of the following is an example of a standard IP access list?
A. access-list 110 permit host 1.1.1.1
B. access-list 1 deny 172.16.10.1 0.0.0.0
C. access-list 1 permit 172.16.10.1 255.255.0.0
D. access-list standard 1.1.1.1
Ans: B
4. You need to create an access list that will prevent hosts in the network range of 192.168.160.0 to 192.168.191.0. Which of the following lists will you use?
A. access-list 10 deny 192.168.160.0 255.255.224.0
B. access-list 10 deny 192.168.160.0 0.0.191.255
C. access-list 10 deny 192.168.160.0 0.0.31.255
D. access-list 10 deny 192.168.0.0 0.0.31.255
Ans: C
5. You are working on a router that has established privilege levels that restrict access to certain functions. You discover that you are not able to execute the commandshow running-configuration. How can you view and confirm the access lists that have been applied to the Ethernet 0 interface on your router?
A. show access-lists
B. show interface Ethernet 0
C. show ip access-lists
D. show ip interface Ethernet 0
Ans: D
6. What command will permit SMTP mail to only host 1.1.1.1?
A. access-list 10 permit smtp host 1.1.1.1
B. access-list 110 permit ip smtp host 1.1.1.1
C. access-list 10 permit tcp any host 1.1.1.1 eq smtp
D. access-list 110 permit tcp any host 1.1.1.1 eq smtp
Ans: D
7. You want to create a standard access list that denies the subnet of the following host: 172.16.50.172/20. Which of the following would you start your list with?
A. access-list 10 deny 172.16.48.0 255.255.240.0
B. access-list 10 deny 172.16.0.0 0.0.255.255
C. access-list 10 deny 172.16.64.0 0.0.31.255
D. access-list 10 deny 172.16.48.0 0.0.15.255
Ans: D
8. What router command allows you to determine whether an IP access list is enabled on a particular interface?
A. show ip port
B. show access-lists
C. show ip interface
D. show access-lists interface
Ans: C
9. You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?
A. (config)# ip access-group 110 in
B. (config-if)# ip access-group 110 in
C. (config-if)# ip access-group Blocksales in
D. (config-if)# blocksales ip access-list in
Ans: C
10. You want to create a standard access list that denies the subnet of the following host: 172.16.144.17/21. Which of the following would you start your list with?
A. access-list 10 deny 172.16.48.0 255.255.240.0
B. access-list 10 deny 172.16.144.0 0.0.7.255
C. access-list 10 deny 172.16.64.0 0.0.31.255
D. access-list 10 deny 172.16.136.0 0.0.15.255
Ans: B
11. You configure the following access list:
access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp
access-list 110 deny tcp any eq 23
int ethernet 0
ip access-group 110 out
What will the result of this access list be?
A. Email and Telnet will be allowed out E0.
B. Email and Telnet will be allowed in E0.
C. Everything but email and Telnet will be allowed out E0.
D. No IP traffic will be allowed out E0.
Ans: D
12. You want to create a standard access list that denies the subnet of the following host: 172.16.198.94/19. Which of the following would you start your list with?
A. access-list 10 deny 172.16.192.0 0.0.31.255
B. access-list 10 deny 172.16.0.0 0.0.255.255
C. access-list 10 deny 172.16.172.0 0.0.31.255
D. access-list 10 deny 172.16.188.0 0.0.15.255
Ans: A
13. If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?
A. access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
B. access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
C. access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
D. access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23
Ans: C
14. Which router command allows you to view the entire contents of all access lists?
A. Router# show interface
B. Router> show ip interface
C. Router# show access-lists
D. Router> show all access-lists
Ans: C
15. Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?
A. access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
B. access-list 10 deny tcp any 196.15.7.0 eq www
C. access-list 100 permit 196.15.7.0 0.0.0.255 eq www
D. access-list 110 permit ip any 196.15.7.0 0.0.0.255
E. access-list 110 permit www 196.15.7.0 0.0.0.255
Ans: A
16. Which of the following are valid ways to refer only to host 172.16.30.55 in an IP access list?
1. 172.16.30.55 0.0.0.255
2. 172.16.30.55 0.0.0.0
3. any 172.16.30.55
4. host 172.16.30.55
5. 0.0.0.0 172.16.30.55
6. ip any 172.16.30.55
A. 1 and 4
B. 2 and 4
C. 1, 4 and 6
D. 3 and 5
Ans: B
17. If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?
A. access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp
access-list 111 permit ip any 0.0.0.0 255.255.255.255
B. access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
C. access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
D. access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
access-list 198 permit ip any 0.0.0.0 255.255.255.255
Ans: D
18. Which of the following series of commands will restrict Telnet access to the router?
A. Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line con 0
Lab_A(config-line)#ip access-group 10 in
B. Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line vty 0 4
Lab_A(config-line)#access-class 10 out
C. Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line vty 0 4
Lab_A(config-line)#access-class 10 in
D. Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line vty 0 4
Lab_A(config-line)#ip access-group 10 in
Ans: C
19. Which of the following commands connect access list 110 inbound to interface ethernet0?
A. Router(config)# ip access-group 110 in
B. Router(config)# ip access-list 110 in
C. Router(config-if)# ip access-group 110 in
D. Router(config-if)# ip access-list 110 in
Ans: C
20. What is the standard IANA port number used for requesting web pages?
A. 80
B. 53
C. 21
D. 25
Ans: A
21. A high profile company has been receiving a high volume of attacks on their website. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. What should be implementated?
a) A DMZ (Demilitarized Zone)
b) A honey pot
c) A firewall
d) A new subnet
Ans: b
22. What Directive would you use to block access to certain domains if you are using Apache as a proxy server?
a) ProxyBlock baddomain.com
b) Block baddomain.com
c) Deny baddomain.com
d) Apache’s proxy server implementation has no mechanism to block access to a specific domain.
Ans: a
23. Wireless Application Protocol (WAP) has several layers. Which of the following is the security layer?
a) Wireless Security Layer (WSL)
b) Wireless Transport Layer (WTL)
c) Wireless Transport Layer Security (WTLS)
d) Wireless Security Layer Transport (WSLT)
Ans: c
24. Why would you configure virtual hosting with a single daemon rather than multiple daemons?
a) If the machine services large numbers of request and performance is a concern.
b) To simplify the restart process
c) To improve security
d) None of the above
Ans: b
25. Which of these is NOT a type of firewall?
a) Stateful Query
b) Application Proxy
c) Static packet filtering
d) Transparent Proxy
Ans: d
26. Are “Secure” servers really secured?
a) Yes. They are secure.
b) Yes. SSL and other technologies make Secure Servers as secure as possible?
c) No. They do not provide client security.
d) No. They provide only encryption for documents in transit.
Ans: d
27. As a security measure, you change the TCP port in FTP Site Properties to 19,960. Some users complain that they are unable to access the FTP site. What might be the cause of the problem?
a) You cannot set the TCP port to a number above 1023.
b) The users having problems are still accessing port number 21.
c) The users must access port number 80.
d) You cannot set the TCP port to an even number.
Ans: b
28. One way to limit hostile sniffing on a LAN (Local Area Network) is by installing:
a) An ethernet switch
b) A firewall
c) An ethernet hub
d) A CSU/DSU (Channel Service Unit/Data Service Unit)
Ans: a
29. What does favicon.ico in a webserver’s log indicate?
a) In MSIE v.5, when a user adds a link to his bookmarks, or drags the link to his desktop, the browser attempts to retrieve an icon for the URL.
b) Web search engines frequently give higher ranking to sites that keep icons for their service on the front page.
c) The “favicon.ico” is a hacker trinket meant to mark servers on which a hacker has “got root” for his friends.
d) Somebody has probed the webserver looking for a mis-configured FrontPage implementation.
Ans: c
30. What does “chmod 1777 ./” do?
a) Modifies all files in the current working directory so that they can be deleted.
b) Changes the directory date to 1777; commonly used by hackers to cover changes. Lets any user delete the files, but not create new ones.
c) Freezes all files in the current working directory so that they cannot be modified.
d) Sets the permissions on the current working directory to rwxrwxrwt on a Unix filesystem.
Ans: d