15

Question 1

In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:

Answer 1

Sandboxing

Question 2

In active-active mode, load balancers distribute network traffic across:

Answer 2

All servers

Question 3

In active-passive mode, load balancers distribute network traffic across:

Answer 3

Servers marked as active

Question 4

In a round-robin load balancing method, each consecutive request is handled by: (Select best answer)

Answer 4

Next server in a cluster

Question 5

In a weighted round-robin load balancing method, each consecutive request is handled in a rotational fashion, but servers with higher specs are designated to process more workload.

Answer 5

True

Question 6

An IP address that doesn’t correspond to any actual physical network interface is called a virtual IP address (VIP/VIPA).

Answer 6

True

Question 7

What type of IP address would be assigned to a software-based load balancer to handle an Internet site hosted on several web servers, each with its own private IP address?

Answer 7

Virtual IP address

Question 8

Which of the terms listed below refers to a method that ignores the load balancing algorithm by consistently passing requests from a given client to the same server?

Answer 8

Session affinity

Question 9

A logical grouping of computers that allow computer hosts to act as if they were attached to the same broadcast domain regardless of their physical location is known as:

Answer 9

VLAN

Question 10

Which of the following answers refers to network traffic within a data center, a.k.a. server-to-server traffic?

Answer 10

East-west

Question 11

A private network’s segment made available for a trusted third party is an example of:

Answer 11

Extranet

Question 12

A type of private network for a corporation or organization accessible only to its employees or authorized members is referred to as:

Answer 12

Intranet

Question 13

The term “Zero Trust” in the context of network security means that none of the devices operating within the boundaries of a given network can be trusted by default even if they were previously verified.

Answer 13

True

Question 14

Which of the answers listed below refers to a dedicated device for managing encrypted connections established over an untrusted network, such as the Internet?

Answer 14

VPN concentrator

Question 15

The term “Always-on VPN” refers to a type of persistent VPN connection the starts automatically as soon as the computer detects a network link.

Answer 15

True

Question 16

Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by enabling utilization of both the VPN and public network links?

Answer 16

Split tunnel

Question 17

Which VPN type is used for connecting computers to a network? (Select all that apply)

Answer 17

• Remote access
• Client-to-site

Question 18

Which type of VPN enables connectivity between two networks?

Answer 18

Site-to-site

Question 19

Examples of protocols used for implementing secure VPN tunnels include: (Select all that apply)

Answer 19

• IPsec
• TLS
• L2TP

Question 20

Which of the following answers refers to a deprecated method for implementing Virtual Private Networks (VPNs)?

Answer 20

• PPTP

Question 21

An HTML5 VPN portal is an example of clientless VPN implementation where an HTML5-compliant web browser along with TLS encryption can be used instead of a dedicated VPN client software.

Answer 21

True

Question 22

Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before (pre-admission NAC) and/or after end-stations gain access to the network (post-admission NAC). NAC can be implemented with the use of agent software which can be installed on the client machine permanently (this type of software is referred to as permanent agent) or used only temporarily during checks (this type of software is known as dissolvable agent). Another implementation option is agentless NAC, where checks are performed remotely without the need for any client software agents. In agentless NAC, the client machine is checked by external security device with the use of either passive or active network discovery methods.

Answer 22

True

Question 23

In computer networking, the term “Out-of-band management” refers to a network device management technique that enables device access through a dedicated communication channel separate from the network where a given device operates. Managing access can be established either locally by installing an out-of-band management card on the device, or remotely by establishing a dedicated connection to the device with the use of a modem or console router.

Answer 23

True

Question 24

In the context of implementing secure network designs, the term “Port security” may apply to:

Answer 24

• Disabling physical ports on a device (e.g. RJ-45 device ports on a router, switch, or patch panel)
• Implementing MAC filtering
• Disabling unused logical ports (TCP/UDP)
• Implementing Port-based Network Access Control (defined in the IEEE 802.1X standard)
  All of the above

Question 25

Which of the following protocols provide protection against broadcast storms and switching loops? (Select 2 answers)

Answer 25

• STP
• RSTP