Explore topic-wise InterviewSolutions in .

Right choice is (b) DUAL

The explanation is: EIGRP USES the DUAL algorithm for finding SHORTEST path. DUAL stands for diffusing UPDATE algorithm and it is used to PREVENT routing LOOPS by recalculating routes globally.

Correct choice is (b) 170

The BEST explanation: Routers use the METRIC of administrative distance to SELECT the best path when there are different ROUTES to the same destination from two different routing protocols as it is a measure of RELIABILITY of routing protocols. Administrative distance for external EIGRP is 170.

Right answer is (a) IP default network

To explain: IP default network COMMAND is used to find the default gateway in CISCO ROUTER. If the router finds routes to the node, it considers the routes to that node for INSTALLATION as the gateway to it.

Correct option is (a) 90

For explanation: Routers use the metric of administrative distance to select the BEST path when there are DIFFERENT ROUTES to the same destination from two different routing PROTOCOLS as it is a measure of reliability of routing protocols. Administrative distance for internal EIGRP is 90.

The correct answer is (a) 5 seconds (LAN), 60 seconds (WAN)

Easy explanation: EIGRP routers broadcast the HELLO PACKETS frequently to familiarize with the NEIGHBORS. EIGRP routers send the hello MESSAGE after every 5 seconds on LAN, and every 60 seconds on WAN.

Right OPTION is (a) K-values

The EXPLANATION: EIGRP metric is K-values which are INTEGERS from 0 to 128. They are USED to calculate the overall EIGRP cost with bandwidth and delay metrics.

The correct CHOICE is (a) True

To EXPLAIN: EIGRP stands for Enhanced INTERIOR GATEWAY Routing Protocol is a routing protocol designed by Cisco. It is available only on Cisco routers.

Right answer is (d) LINK DEAD phase

The EXPLANATION: The link necessarily begins and ENDS with the link dead phase. During this phase, the LCP automata will be in the initial or its final state. The link is non-functioning or inactive during the link dead phase.

Right OPTION is (a) PPP can terminate the link at any TIME

For explanation I would say: PPP ALLOWS TERMINATION of the link at any time in any phase because it works on the data link layer which is the layer in control of the link of the communication.

Right ANSWER is (b) Are a series of independently-defined PROTOCOLS that encapsulate

The explanation is: The family of NETWORK CONTROL protocols (NCPS) is a series of independently-defined protocols that encapsulate the data flowing between the two nodes. It provides means for the network nodes to control the link traffic.

The correct choice is (a) Establishing, configuring and testing the data-link connection

Explanation: The Link Control PROTOCOL (LCP) is the part of PPP that is used for establishing, configuring and testing the data-link connection. The other TWO COMPONENTS are Network Control Protocol and Encapsulation.

Correct answer is (a) Provides for multiplexing of DIFFERENT network-layer protocols

Explanation: ENCAPSULATION is a PART of PPP which provides MEANS for multiplexing of different network-layer protocols. The other two parts of PPP are Link Control Protocol and Network Control Protocol.

Correct choice is (b) Three (encapsulating, a LINK control PROTOCOL, NCP)

Easiest explanation: PPP consists of three components namely Link Control Protocol (LCP), Network Control Protocol (NCP), and ENCAPSULATION. LCP and NCP are the PPP PROTOCOLS which provide interface for HANDLING the capabilities of the connection/link on the network and encapsulation provides for multiplexing of different network-layer protocols.

The correct answer is (a) LINK

The explanation is: PPP provides function of the link LAYER in the TCP/IP suite. It focuses on the link between two NODES that is GOING to be used by the USERS to communicate. It can use pre-installed phone line for the purpose.

Correct choice is (C) Is designed for simple LINKS which TRANSPORT packets between two peers and making an INTERNET connection over a phone line

To explain: The PPP protocol is designed for handling simple links which transport packets between two peers. It is a standard protocol that is used to make an Internet connection over phone lines.

Right OPTION is (c) Both LCP and NCP

To explain: LCP stands for Link Control Protocol and NCP stands for Network Control Protocol. LCP and NCP are the PPP PROTOCOLS which provide interface for HANDLING the capabilities of the connection/link on the network.

Right OPTION is (a) True

Easiest explanation: Both HDLC and PPP both are Data link LAYER PROTOCOL. HDLC STANDS for High level Data Link CONTROL and PPP stands for Point to Point Protocol.

Right option is (d) They scan network traffic or packets to identify matches with attack-definition files

The EXPLANATION is: They are constantly updated with attack-definition files (signatures) that describe each type of known MALICIOUS ACTIVITY. They then scan network traffic for packets that MATCH the signatures, and then raise alerts to security administrators.

Right option is (a) Crossover error rate

Easy EXPLANATION: As the sensitivity of systems may cause the false positive/negative rates to VARY, it’s critical to have some common measure that may be APPLIED across the BOARD.

Correct answer is (d) APPLICATION layer and SESSION layer

The best explanation: NEMEAN AUTOMATICALLY generates “semantics-aware” signatures based on traffic at the session and application layers. These signatures are used to ensure that no malicious operation is contained in the traffic.

The CORRECT answer is (b) Attack-definition file

For explanation I would say: IDSES work in a manner similar to modern antivirus technology. They are constantly updated with attack-definition files (signatures) that describe each type of known malicious activity. Nemean is a popular signature GENERATION method for conventional computer NETWORKS.

The correct CHOICE is (b) Mechanisms PUT in place to reenact known methods of attack and RECORD system responses

For explanation I would say: Secondary components of MECHANISM are set in place to reenact known methods of attack and to record system responses. In passive components, the system I designed just to record the system’s responses in case of an intrusion.

Right choice is (d) TRANSPORT layer and Network layer

The best explanation: Most COMMERCIAL IDSes generate signatures at the network and transport LAYERS. These signatures are used to ensure that no malicious operation is contained in the traffic. Nemean generates signature at APPLICATION and session layer.

Correct answer is (c) To randomly check suspicious traffic identified by an anomaly detection system

The best I can explain: “Shadow HONEYPOTS,” as researchers CALL them, share all the same CHARACTERISTICS of protected applications RUNNING on both the server and client side of a network and operate in conjunction with an ADS.

Correct OPTION is (a) Inside the firewall

For explanation I would say: There are legitimate political, budgetary and research REASONS to want to see all the “ATTACKS” against your connection, but GIVEN the care and feeding any IDS requires, do yourself a favor and keep your NIDS sensors on the inside of the firewall.

The CORRECT option is (d) Both An alert that indicates NEFARIOUS activity on a system that, UPON further inspection, turns out to represent LEGITIMATE network traffic or behavior and An alert that indicates nefarious activity on a system that is not running on the network

Best explanation: A FALSE positive is any alert that indicates nefarious activity on a system that, upon further inspection, turns out to represent legitimate network traffic or behavior.