2.4 Network Hosted Services Flashcards
Summarize services provided by network hosts
Client devices do not store credentials that need authentication when connecting to an enterprise network. Where would these credentials be found so the system can authenticate clients when connected?
-Spam Gateway
-Syslog
-AAA server
-Switches and access points
AAA server
*An authentication, authorization, and accounting (AAA) server consolidates authentication services across multiple access devices containing directory information.
~One of the purposes of AAA is to authenticate clients as they connect to the network. However, the directory information and credentials are not stored or verified by switches and access points.
~Spam gateways verify the authenticity of mail servers, and the network administrator configures them with filters that can identify spoofed, misleading, malicious, or otherwise unwanted messages.
~Syslog is an example of a protocol and supporting software that facilitates log collection but does not store or hold information only accessed from the server.
Syslog and Simple Network Management Protocol (SNMP) configure systems and provide better information about network device statuses for security purposes. What is the reason for using both?
-The SNMP is an open format for event data and the syslog monitors all agents polling regularly for their MIBs for review.
-The SNMP communicates with switches, routers, and firewalls while syslog transmits authentication between devices.
-The SNMP manages agents maintaining a database with statistics and a syslog maintains an MIB database.
-Syslog and SNMP can centralize logs and network appliance status information.
Syslog and SNMP can centralize logs and network appliance status information
*SNMP reports operational statistics to a management server and sends a trap if a threshold for a critical value is exceeded. Syslog sends log entries to a remote server. Both types of information are required for effective monitoring.
~Syslog captures logs from different devices, and SNMP consists of a management system with agents maintaining a database holding statistics.
~Routers and switches, servers, and workstations can generate Syslog messages, and an SNMP-compatible device maintains a management information base (MIB) holding statistics relating to the device’s activity.
~Syslog provides an open format for event data. The SNMP system monitors all agents by polling them at regular intervals for information from their MIBs and displays the information for review.
A network technician is responsible for a network with multiple servers that provide the same function. What solution could manage client requests across the servers to provide quick service to client requests?
-Mail server
-Load Balancers
-Spam Gateway
-Print servers
Load Balancers
*A network technician can deploy a load balancer to distribute client requests across servers in any situation where multiple servers are providing the same function.
~Print servers enable shared access to print resources using a client/server architecture. The machine hosting the printer is the server.
~Network administrators install spam gateways as a network server to verify the authenticity of mail servers, typically configured with filters that can identify spoofed, misleading, malicious, or otherwise unwanted messages.
~Mail servers manage electronic mail and enable computer users to compose a message and send it to another user on their network or anywhere in the world via the internet.
A SCADA system takes the place of what device in a large-scale, multiple-site ICS?
-Print server
-Load balancer
-Control server
-Proxy server
Control server
*A supervisory control and data acquisition (SCADA) system takes the place of a control server or programmable logic controller (PLC) in large-scale, multiple-site incident command systems (ICSs).
~Server Message Block (SMB) is the application protocol underpinning file and printer sharing on Windows networks but does not control or monitor the server.
~A router uses network address translation (NAT) to convert between the private and public addresses through a proxy server but has no control over the server.
~A load balancer distributes client requests across server nodes in a farm or pool, such as web servers, email servers, web conferencing servers, and streaming media servers. It does not monitor or control devices on the server.
Web servers provide clients access using HyperText Transfer Protocol (HTTP) or its secure version (HTTPS). Which ports do the clients use to connect to HTTP or HTTPS servers? (Select all that apply.)
-UDP port: 53
-TCP port:443
-TCP port: 80
-UDP port 514
TCP port: 443 and TCP port: 80
*Web servers provide clients (typically web browsers) access using HTTP to request resources from the HTTP server. A client connects to the HTTP server using TCP port: 80.
*HTTPS protocols deliver secure web pages and other resources. It uses encryption to authenticate the server and protect transmitted data, communicating over TCP port: 443.
~Syslog is an effective network management tool. It is an example of a protocol and supporting software that facilitates log collection, often from different devices. Syslog collectors typically listen on UDP port: 514.
~Domain Name Service (DNS) is a global hierarchy of distributed name server databases containing information about each domain and the hosts within those domains. DNS clients communicate over UDP port: 53.
The organization’s enterprise network, connected to the internet, requires protection against malicious threats. What purpose-built internet security appliance centralizes and simplifies configuration and reporting?
-UTM
-Data leak/loss prevention (DLP)
-Fileshare
-Spam Gateway
UTM
*A unified threat management (UTM) appliance combines the work of multiple security functions, centralizing the threat management service. It provides simpler configuration and centralized reporting.
~While a spam gateway is installed as a network server to filter out unwanted messages before delivery to a user’s inbox, it does not simplify or centralize malicious threat reporting.
~Data leak/loss prevention (DLP) systems scan outgoing data and verify whether the traffic is authorized, and block it if it is not. It does not simplify or centralize malicious threat reporting.
~A Fileshare is a server disk that provides clients with shared network access. It also does not simplify or centralize malicious threat reporting.
An administrator is troubleshooting a control server, typically run as software on ordinary computers in a large-scale, multiple-site Internet Control System (ICS). What system is the administrator troubleshooting?
-Load Balancer
-Internet of Things (IoT) devices
-Embedded system
-Supervisory control and data acquisition (SCADA)
SCADA Supervisory Control and Data Acquisition
*SCADA systems typically run as software on ordinary computers, gather data, and manage plant devices with embedded systems that take the place of a control server in large-scale, multiple-site ICSs.
~The Internet of Things (IoT) describes the global network of wearable technologies, home appliances, home control systems, vehicles, and other devices equipped with sensors designed to communicate and share data.
~When deployed in a network with multiple servers that provide the same function, load balancers can distribute client requests across the servers to provide quick service to client requests.
~Embedded systems are electronic devices designed to perform a specific, dedicated function or to provide data in SCADA systems.
Vulnerability issues do not just affect PC operating systems and applications in enterprise networks. Any device or network appliance can be vulnerable to exploits from within and outside the network. With the rise of more personalized devices, the risks to embedded systems have become more evident. Which devices are considered a new and growing problem regarding these proposed risks? (Select all that apply.)
-Internet of Things (IoT)
-Any unpatched device
-Mobile devices
-New motherboard, router, adapter, or other internal devices
Internet of Things, Any unpatched device, and Mobile devices
*Many IoT devices are for home automation systems used over Wi-Fi. Unfortunately, most standards that regulate frequencies, bands, networks, or other wireless technology may not cover them, and the IOTs could have security flaws.
*Every establishment should have similar security concerns toward monitoring vulnerabilities and only allowing mobile devices on networks with authorization.
*Each establishment should monitor vulnerabilities on unpatched devices and apply patches or install a hardened configuration to those devices with access to enterprise networks to reduce security concerns.
~Any code running on a network appliance or device can also be vulnerable to exploits. However, installing new or updated hardware for internal systems will most likely have updated security measures already in place.
The system administrator recommends that a small business owner replace separate appliances with a UTM. What is the principal advantage of doing this? (Select all that apply.)
-To consolidate configuration, monitoring, and reporting multiple security functions to a single console or dashboard
-Your correct selected answer
To provide additional functionality to security protocols not currently available together, such as intrusion detection, spam filtering, and data loss prevention
-To verify the authenticity of mail servers configured with filters that can identify spoofed, misleading, malicious, or unwanted messages
-To configure NAT as a proxy to cache data that is commonly requested by multiple clients and prevent reduction in bandwidth consumption and speed up requests
To consolidate configuration, monitoring, and reporting multiple security functions to a single console or dashboard and Your correct selected answer
To provide additional functionality to security protocols not currently available together, such as intrusion detection, spam filtering, and data loss prevention
*A unified threat management (UTM) appliance consolidates the configuration, monitoring, and reporting of multiple security functions to a single console or dashboard.
*A UTM can provide additional functionality not currently available together, such as intrusion detection, spam filtering, or data loss prevention.
~A UTM does not replace a basic network address translation (NAT) function performed by a SOHO router with a device that can work as a proxy.
~Spam gateways installed on a network server use Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) to verify the authenticity of mail servers. In addition, the administrator configures them with filters to identify spoofed, misleading, malicious, or unwanted messages.
To enable printer sharing via Windows, what should the print device connect to on the Windows PC?
-To the proxy server via the Ethernet on a DSL
-To the web server via the internet on Wi-Fi or other share service
-To the file share server via the internet on a Wi-Fi link
-To the print server via the Ethernet or on a Wi-Fi link, Bluetooth, USB, or other share service
To the print server via the Ethernet or on a Wi-Fi link, Bluetooth, USB, or other share service
*Any print device can connect to a Windows print server over USB, Bluetooth, Ethernet, or Wi-Fi and must keep the Windows PC on to facilitate printing.
~A proxy server fulfills requests for internet resources and configures or converts a private address to a public address so a client can access the internet directly.
~A file share server is a server disk configured to allow clients to access resources over the enterprise network for authorized users.
~A web server provides client access using HTTP or HTTPS and would not play a part in printing.
