a. Peer spoofing

b. Link cutting attack

c. Malicious route injection

d. Unallocated route injection

300. b. An inherent vulnerability in routing protocols is their potential for manipulation by cutting links in the network. By removing links, either through denial-of-service or physical attacks, an attacker can divert traffic to allow for eavesdropping, blackholing, or traffic analysis. Because routing protocols are designed to find paths around broken links, these attacks are hard to defend against. Examples of countermeasures against link cutting attacks include using encryption, intrusion detection systems, and redundant backup paths, not an MD5 authentication signature option.

The other three choices use a message digest 5 (MD5) authentication signature option. The MD5 hash algorithm can be used to protect BGP sessions by creating a keyed hash for TCP message authentication. Because MD5 is a cryptographic algorithm using a 128-bit cryptographic hash (checksum), rather than a simple checksum such as CRC-32 bit, it is computationally difficult to determine the MD5 key from the hash value.

In a peer spoofing attack, the goal is to insert false information into a BGP peer’s routing tables. Examples of countermeasures against peer spoofing include using strong sequence number randomization and an MD5 authentication signature option.

In a malicious route injection attack, a malicious party could begin sending out updates with incorrect routing information. Examples of countermeasures against malicious route injection include using route filtering and an MD5 authentication signature option.

In an unallocated route injection attack, which is a variation of malicious route injection attack, routes are transmitted to unallocated prefixes. These prefixes contain a set of IP addresses that have not been assigned yet, so no traffic should be routed to them. Examples of countermeasures against unallocated route injection include dropping unallocated prefixes and using route filtering and an MD5 authentication signature option.

301. Domain name system (DNS) is a part of which of the following TCP/IP layers?

a. Applications layer

b. Transport layer

c. Network layer

d. Data link layer

301. a. DNS is a function of the application layer, along with HTTP, SMTP, FTP, and SNMP. This layer sends and receives data for particular applications.

The transport layer is incorrect because it provides connection-oriented or connectionless services for transporting application layer services between networks. The network layer is incorrect because it routes packets across networks. The data link layer is incorrect because it handles communications on the physical network components.

302. Regarding Voice over Internet Protocol (VoIP), packets loss is not resulting from which of the following?

a. Latency

b. Jitter

c. Speed

d. Bandwidth congestion

302. c. Every facet of network traversal must be completed quickly in VoIP, so speed is not an issue. The other three choices can cause packet loss. The latency often associated with tasks in data networks will not be tolerated. Jitters are caused by low-bandwidth situations, leading to bandwidth congestion.

303. A system administrator for an entertainment company is estimating the storage capacity of a video server to distribute movies on-demand for its customers. Which of the following law applies to the video servers?

a. Moore’s law

b. Zipf’s law

c. Brooke’s law

d. Pareto’s law

303. b. The Zipf’s law states that the most popular movie is seven times as popular as the number seven movie. It is assumed that most customers will order the most popular movie more frequently. The other three choices are not related to video servers.

The Moore’s law states that the number of transistors per square inch on an integrated circuit chip doubles every 18 months or the performance of a computer doubles every 18 months. The Brooke’s law states that adding more people to a late system development project (or to any project) makes the project even later. The Pareto’s law, as it applied to IT, states that 80 percent of IT-related problems are the result of 20 percent of IT-related causes.

304. Which of the following is not a security goal of a domain name system (DNS)?

a. Source authentication

b. Confidentiality

c. Integrity

d. Availability

304. b. The DNS data provided by public DNS name servers is not deemed confidential. Therefore, confidentiality is not one of the security goals of DNS. Ensuring authenticity of information and maintaining the integrity of information in transit is critical for efficient functioning of the Internet, for which DNS provides the name resolution service. The DNS is expected to provide name resolution information for any publicly available Internet resource.

305. Which of the following provides a dynamic mapping of an Internet Protocol (IP) address to a physical hardware address?

a. PPP

b. ARP

c. SLIP

d. SKIP

305. b. The address resolution protocol (ARP) provides a dynamic mapping of a 32-bit IP address to a 48-bit physical hardware address. Other protocols such as point-to-point protocol (PPP), serial line interface protocol (SLIP), and simple key management for Internet protocol (SKIP) do not fit the description.

306. Which of the following local-area network (LAN) topologies uses a central hub?

a. Star

b. Bus

c. Token ring

d. Token bus

306. a. The star topology uses a central hub connecting workstations and servers. The bus topology uses a single cable running from one end of the network to the other. The ring topology interconnects nodes in a circular fashion.

307. Which of the following is not susceptible to electronic interferences?

a. Twisted-pair wire

b. Coaxial cable

c. Fiber-optical cable

d. Copper-based cable wire

307. c. Optical fiber is relatively secured, expensive, and is not susceptible to electronic interferences. The other three choices are subject to such interferences with varying degrees.

308. Which of the following can be either an internal network or an external network?

a. Internet

b. Local-area network

c. Virtual private network

d. Wide-area network

308. c. The Internet is an example of external network. Local-area network (LAN), campus-area network (CAN), wide-area network (WAN), intranet, and extranet are examples of internal networks. The virtual private network (VPN) can be either an internal network or external network. The VPN is considered an internal network only if the end user organization establishes the VPN connection between organization-controlled endpoints and does not depend on any external network to protect the confidentiality and integrity of information transmitted across the network. In other words, the VPN is considered an internal network only when it is adequately equipped with appropriate security controls by the end user organization, and no external organization exercises control over the VPN.