Networks (D325)

Correct Answer

C. A customer support representative views sensitive HR documents without authorization.

Explanation

A breach of confidentiality occurs when sensitive or private information is accessed, disclosed, or used without proper authorization. In this scenario, the customer support representative is accessing HR documents that they are not authorized to view, directly violating confidentiality protocols. Such breaches can lead to legal consequences and loss of trust.

Why other options are wrong

A. A network administrator accesses the server logs to monitor user activity.

This is typically part of a network administrator’s authorized duties. Monitoring logs is a common and necessary practice for maintaining system security and ensuring compliance. It does not constitute a confidentiality breach if done within the scope of the administrator’s role.

B. An employee shares their password with a colleague to help with a project.

While this is a violation of security policy and is highly discouraged, it is more accurately categorized as a breach of security or a failure in identity management rather than a direct breach of confidentiality. The employee isn’t necessarily disclosing private data, just credentials.

D. A user encrypts their files before sending them over email.

This is a security best practice and supports confidentiality, not a breach of it. Encrypting files ensures that only authorized recipients can access the data. It exemplifies protection of confidential information rather than compromising it.

Correct Answer

C. Routing is shortcut between VLANs on the same switch without a router

Explanation

Routing between VLANs requires a router or a Layer 3 switch, as VLANs are logically separate broadcast domains. A switch operating at Layer 2 cannot route traffic between VLANs without the help of a router or a Layer 3 switch. The statement in option C is incorrect because VLANs cannot route traffic between each other without a router.

Why other options are wrong

A. Allow for different ports to be assigned to different networks on the same switch

VLANs enable logical segmentation of a network, where different ports on the same switch can be assigned to different VLANs, creating separate broadcast domains. This is a fundamental feature of VLANs.

B. Spanning of the Virtual LAN (VLAN) between multiple switches using IEEE 802.1q

IEEE 802.1q is a standard for VLAN tagging, which allows VLANs to span across multiple switches. This is true for VLANs, as they can be extended beyond a single switch to multiple switches, maintaining logical separation across the network.

D. A modified Ethernet Frame type to separate VLAN tagged frames

VLAN tagging modifies the Ethernet frame to include a VLAN identifier. This enables switches to recognize and segregate traffic for different VLANs, even when transmitted across the same physical network infrastructure. This is a key feature of VLANs.

Correct Answer

A. Authentication, Authorization, Accounting

Explanation

The AAA framework stands for Authentication, Authorization, and Accounting. These are three fundamental security functions used to control access to computer resources, enforce policies, and track user activities.

Authentication verifies the identity of users or devices attempting to access a system.

Authorization determines what resources the authenticated user or device is allowed to access.

Accounting tracks the actions performed by authenticated and authorized users to ensure compliance and generate logs for auditing purposes.

Why other options are wrong

B. Access, Authentication, Accounting

This option is incorrect because while it includes two important components (Authentication and Accounting), it places "Access" in the first position instead of "Authorization." Authorization is a distinct process that follows authentication and determines access levels.

C. Authorization, Access, Accountability

This is incorrect because "Authorization" is not the first step, and "Access" is not a separate term in the AAA framework. The framework uses "Authentication" to verify identity first.

D. Authentication, Access, Accountability

This option is incorrect because "Access" and "Accountability" are not correct terms in the AAA framework. "Access" should be replaced by "Authorization," and "Accountability" refers to tracking, which is captured by "Accounting."

Correct Answer

B. Shows active TCP connections with numerical addresses

Explanation

The netstat -n command in Windows shows the active TCP and UDP connections along with their corresponding IP addresses and port numbers in numerical form, without resolving hostnames. This is helpful for troubleshooting network connections by providing more straightforward information on active network connections.

Why other options are wrong

A. Displays the current routing table

The netstat -n command does not display the routing table. To view the routing table, the route print command is used instead.

C. Lists all network interfaces

netstat -n does not list network interfaces. The ipconfig or netsh interface commands can be used to display network interfaces on Windows.

D. Displays the status of network services

netstat -n does not provide the status of network services. The netstat command provides information on network connections, but network services require tools like services.msc or sc query for status checks.

Correct Answer

C. Session layer

Explanation

The session layer is responsible for managing sessions between devices, which includes establishing, maintaining, and terminating connections. It ensures that data is properly synchronized and that communication sessions are effectively controlled.

Why other options are wrong

A. Application layer

The application layer provides services directly to the user, like email, web browsing, and file transfer, but it does not manage the establishment, management, or termination of connections between devices.

B. Network layer

The network layer is responsible for routing packets and managing the addressing of devices across networks. It handles the logical addressing (IP addresses) but does not manage the sessions or connections between devices.

D. Physical layer

The physical layer is concerned with transmitting raw bits over a physical medium, including cables and radio waves. It does not handle connections or sessions between devices, which is the role of the session layer.

Correct Answer

B. It utilizes multiple computers to respond to a single ICMP packet while spoofing the source address.

Explanation

A SMURF DDoS attack takes advantage of ICMP (Internet Control Message Protocol) packets and network vulnerabilities to amplify the attack. In this type of attack, the attacker sends a small ICMP packet to a broadcast address, which then causes all devices on the network to respond to the targeted victim's IP address. This results in an overwhelming amount of traffic being directed at the victim, effectively launching a DDoS attack. The attacker also spoofs the source address, making it appear as if the request came from the target, complicating mitigation efforts.

Why other options are wrong

A. It involves a single computer sending multiple ICMP packets to overwhelm a target.

While this describes a form of DDoS attack, it does not accurately define a SMURF attack. A SMURF attack specifically involves the use of broadcast addresses and source address spoofing to amplify the effect using multiple systems.

C. It targets only the application layer of the OSI model.

A SMURF DDoS attack targets the network layer (Layer 3), not the application layer. It focuses on overwhelming the target with traffic using ICMP, which operates at Layer 3.

D. It requires the attacker to have physical access to the network infrastructure.

A SMURF attack does not require physical access to the network. The attack is conducted remotely by exploiting the network's broadcast address, allowing an attacker to launch it from anywhere in the world.

Correct Answer

A. A Trojan horse.

Explanation

A Trojan horse is a type of malicious software that disguises itself as a legitimate program or file. It often appears harmless, but once executed, it can carry out harmful actions, such as stealing data or allowing unauthorized access to the system.

Why other options are wrong

B. A worm.

A worm is a type of malware that replicates itself and spreads across networks, often without needing to attach itself to a legitimate program. It is self-replicating and does not "hide" inside good programs like a Trojan.

C. A logic bomb.

A logic bomb is a type of malicious code that is triggered by a specific event or condition, such as a certain date or user action. It does not hide inside other programs like a Trojan horse.

D. An attachment virus.

An attachment virus is a type of malware that is often spread through email attachments. While it can be hidden within files, it is not typically disguised as a legitimate program, as a Trojan does.

Correct Answer

B. A modern block cipher that provides strong security with key lengths of 128, 192, and 256 bits.

Explanation

AES is a symmetric encryption algorithm, meaning it uses the same key for both encryption and decryption. It operates as a block cipher and offers strong security with key sizes of 128, 192, or 256 bits. AES is widely used across many applications and standards for data protection.

Why other options are wrong

A. A symmetric encryption algorithm that uses key lengths of 64, 128, and 256 bits.

This is incorrect because AES uses key lengths of 128, 192, and 256 bits, not 64 bits. A 64-bit key would typically be used in older algorithms like DES.

C. An asymmetric encryption method primarily used for secure email communication.

This is incorrect because AES is a symmetric encryption algorithm, not asymmetric. Asymmetric encryption algorithms such as RSA or PGP are used for secure email communication.

D. A hashing algorithm that converts data into a fixed-size string of characters.

This is incorrect because AES is not a hashing algorithm. It is an encryption algorithm used to secure data. Hashing algorithms, like SHA-256, are different and used to generate fixed-size strings (hashes) from data, not for encrypting/decrypting it.

Correct Answer

D. Connects access to a previously approved user ID

Explanation

Authentication in AAA protocols is the process of confirming the identity of a user or device. It ensures that access is granted only to individuals who have previously registered credentials, such as a username and password. By validating the user ID against stored records, authentication acts as the first layer of security, determining who is requesting access.

Why other options are wrong

A. Manage connection time and cost records

This description refers to the "accounting" part of the AAA framework, not authentication. Accounting tracks user activities, session durations, and resource usage, which are important for audits and billing, but it does not verify user identities.

B. The process of determining whether a user has permission

This describes "authorization," which occurs after authentication. Once the user is authenticated, authorization checks what resources or services they are allowed to access. It is a separate step in the AAA process and should not be confused with the identification step of authentication.

C. A mechanism to remotely connect clients to networks

This could refer to remote access protocols or services like VPNs, but it does not define authentication. Authentication is focused specifically on verifying identity, not on the method by which the user connects to a network. The act of remote connection is a separate technical function.