Chapt 8 Flashcards
Your company hosts its own web server, and it allows consumers to make purchases via the server. The help line has been getting complaints that users are unable to access the website. You open the site from an internal workstation and it seems fine. What is the most likely cause?
A) The firewall is blocking TCP port 23.
B) The firewall is blocking TCP port 443.
C) The security module of the web server is malfunctioning.
D) The web server is down.
The firewall is blocking TCP port 443.
For secure transactions, the web server will be using HTTPS, which uses port 443. If the website works from an internal workstation, then the server is fine. It’s most likely that the firewall is blocking inbound traffic on port 443. Port 23 is Telnet.
Your manager wants you to install a networked Internet appliance that prevents network traffic–based attacks and includes antimalware and antispam software. What should you install?
Spam gateway, Load balancer, UTM, Proxy server
UTM.
It sounds like the manager wants a unified threat management (UTM) device. They are designed to be one‐stop network protection devices. Spam gateways help with spam email but not with other malware. A load balancer spreads work around to multiple servers. A proxy server fulfills requests for clients.
You are installing a file server for the accounting department. Where should this file server be located on the network?
A) Outside of the firewall
B) In the screened subnet
C) In the secure network
D) On the router
In the secure network.
If the data on the server does not need to be accessed via the Internet, then the server should be in the most secure place possible, which is inside the firewall(s) in the secure network.
You have been asked to identify the right type of cloud service to help the team of developers to provide programming elements such as runtime environments. Which service do you recommend?
PaaS, IaaS, SaaS, DaaS
PaaS.
Platform as a service (PaaS) is probably the right level of service for the developer team. It provides infrastructure, like IaaS, and also supplies needed programming elements. Infrastructure as a service doesn’t provide runtime environments; think of it as hardware. Software as a service provides apps and is too high a service for what’s needed here. There is no current DaaS on the exam objectives.
Which of the following are services that a print server should provide? (Choose two.)
A) Accepting print jobs from clients
B) Turning off printers on demand
C) Providing clients with the appropriate printer driver during installation
D) Notifying users when the print job is complete
A) Accepting print jobs from clients
C) Providing clients with the appropriate printer driver during installation.
Print servers should make printers available to clients and accept print jobs. They also process print jobs and manage print priorities. Finally, they provide client computers with the right print drivers when the clients attempt to install the printer. They do not turn printers off on demand or provide notification that a job has printed.
You are setting up a cloud contract with a provider. Your team needs the ability to quickly increase capacity to meet peak demands. What do you request?
Rapid elasticity, High availability, Resource pooling, Metered utilization
Rapid elasticity.
The ability to expand services quickly means rapid elasticity. High availability guarantees uptime for services. All cloud services use resource pooling. Metered utilization is how many suppliers track usage and charge accordingly.
Which type of server is responsible for preventing users from accessing websites with objectionable content?
Proxy, Web, DHCP, DNS
Proxy.
A proxy server can be configured to block access to websites that contain potentially dangerous or inflammatory material. Web servers host web pages, some of which may have objectionable content. DHCP servers provide clients with IP addresses, and DNS servers resolve hostnames to IP addresses.
Your company wants to move to a cloud provider to be able to scale resources quickly, but it is concerned about the security of confidential information. Which of the following types of cloud models might be the most appropriate for your company?
Public, Private, Community, Hybrid
Hybrid.
A hybrid cloud provides the best of public and private clouds. You get the scalability and cost effectiveness of a public cloud but also the security that you need for important files on the private portion of the cloud.
What does a DHCP server need to be configured with to operate properly?
DNS server, Scope, Range, DHCP relay agent
Scope.
Every DHCP server needs to have a scope, which is the range of addresses available to clients, as well as other options that it can give to client computers. A DHCP server can optionally provide clients with the address of a DNS server. There is no DHCP range. A DHCP relay agent is a system configured on a subnet with no DHCP server that relays DHCP requests to the DHCP server.
You have been asked to advise a group of several universities that want to combine research efforts and store data in the cloud. Which type of cloud solution might be best for them?
Public, Private, Community, Hybrid
Community.
When multiple organizations with similar objectives want to combine efforts in a cloud, the best choice is generally a community cloud. This allows for the flexibility and scalability normally found in a public cloud, but it also limits the number of users to a smaller, trusted group.
When configuring a DNS server, administrators must create which of the following?
Zone file, Hosts file, Scope file, DNS proxy
Zone file.
DNS server records are contained in the zone file, which must be configured by administrators. A hosts file is an alternative to using DNS (but that does not work well when scaling to the Internet). A scope is created on DHCP servers. There is no DNS proxy.
Your manager wants to use the cloud because everyone seems to be talking about it. What should you include when you are listing the benefits of using the cloud? (Choose all that apply.)
Increased security, Increased scalability, Lower cost, Improved reliability
Increased scalability, Lower cost, Improved reliability.
Cloud solutions are great for enhancing scalability and reliability while generally lowering costs. Security could be an issue with cloud computing, depending on your organization’s needs, because the resources aren’t locally controlled and managed.
You are configuring two email servers on your company’s network. Which network protocol do the servers use to transfer mail to each other?
POP3, IMAP4, SNMP, SMTP
SMTP.
Simple Mail Transfer Protocol (SMTP) is used to transfer (send) email between servers. POP3 and IMAP4 are used to download (receive) email. SNMP is Simple Network Management Protocol and not related to email.
You have been asked to configure a client-side virtualization solution with three guest OSs. Each one needs Internet access. How should you configure the solution in the most cost-effective way?
A) Three physical NICs
B) One physical NIC, three virtual NICs, and one virtual switch
C) One physical NIC, one virtual NIC, and three virtual switches
D) One physical NIC, three virtual NIC, and three virtual switches
B. Each virtual machine will use its own virtual NIC, so you need three virtual NICs. The virtual NICs will communicate with one virtual switch managed by the hypervisor. The virtual switch will communicate with one physical NIC on the host system.
You have five web servers that manage requests for online purchases. An administrator notices that one of the servers is always busy while another is idle, and the company is getting some online complaints about the slow website. Which of the following servers will help fix this?
DNS, DHCP, Proxy, Load balancer
Load balancer.
A load balancer can spread the work around to multiple servers. It accepts the inbound request and then sends it to the most appropriate web server. DNS resolves hostnames to IP addresses. DHCP provides IP configuration information. A proxy makes requests (usually outbound) on behalf of clients.
you have been asked to install Linux in a VM on a Windows 10 client. The Windows 10 client needs 4 GB of RAM, and Linux needs 2 GB of RAM. How much RAM does the system need at a minimum?
4 GB, 6 GB, 8 GB, Unable to determine from the question
6 GB.
There needs to be enough RAM to support both OSs, so the answer is 6 GB. More is better, though!
A computer using which of the following would be considered a legacy device? (Choose all that apply.)
A) A 386 processor
B) The IPX/SPX protocol
C) An application developed in 1983
D) 1 GB of RAM
A, B, C. Legacy systems are ones that use older hardware, software, or network protocols that are not commonly used today. A system with only 1 GB of RAM might be woefully underpowered, but that in and of itself does not make it a legacy system.
You have been asked to set up client-side virtualization on an office computer. The host OS is Windows 10, and there will be three Windows 10 guest OSs. Which of the following is true about the need for antivirus security?
A) The host OS needs an antivirus program, but virtual machines can’t be affected by viruses.
B) The host OS antivirus software will also protect the guest OSs on the VMs.
C) Installing antivirus software on the virtual switch will protect all guest OSs.
D) The host OS and each guest OS need their own antivirus software installed.
D. Each instance of the OS you are running requires its own security software.
You need to set up a temporary operating system environment to quickly test a piece of software your manager wants to install on the network. Which should you use?
AAA server, Sandbox, SCADA, Application virtualization
Sandbox.
A sandbox is a temporary operating system environment, kind of like a “lite” version of a virtual machine. It’s ideal for testing software such as this. An AAA server is for authentication, authorization, and accounting of security. SCADA is a legacy hardware and/or software environment used to control industrial systems. Application virtualization is used for legacy apps or cross‐platform virtualization.
You have been asked to set up client-side virtualization on a computer at work. The manager asks for a Type 2 hypervisor. What is the disadvantage of using that type of hypervisor?
A) The guest OS will compete for resources with the host OS.
B) The guest OS will be forced to a lower priortity with the CPU than the host OS.
C) The guest OS will be forced to use less RAM than the host OS.
D) The virtual guest OS will not be able to get on the physical network.
A.
A Type 2 hypervisor sits on top of an existing OS, meaning that OSs installed in VMs will compete for resources with the host OS. The amount of resources available to a guest OS can be configured. Virtual OSs can get on the physical network if configured properly.
a demilitarized zone [DMZ] is also called a ?
screened subnet = demilitarized zone [DMZ]
? servers resolve hostnames to IP addresses
DNS
Each DNS server has a database, called a _____, which maintains records of hostname to IP address mappings.
zone file
DHCP servers are configured with a _____, which contains the information that the server can provide to clients
scope
a ____ is a device primarily used for storage on a network
fileshare (or FileServer)
what is a configured range of available IP addresses on a DHCP (Dynamic Host Configuration Protocol) server called?
scope
DNS (domain name system) server records for IPv4 and IPv6 hosts are ___ and ____
A, AAAA (authentication, authorization, accounting and auditing)
DHCP (dynamic host configuration protocol uses ports _____ and _____
UDP 67 and UDP 68
a _____ server can block objectionable content from users
proxy
a RADIUS (Remote Authentication Dial-in User Service) server is an example of what type of server?
authentication
a device that combines firewall, IPS (intrusion prevention system) and anti malware software in one is called what ?
UTM (Unified Threat Management)
what is a name for a legacy system that manages industrial processes such as manufacturing or HVAC?
SCADA (supervisory control and data acquisition)
a ________ server receives print jobs and manages printers on a network
a server that manages and audits security on a network is a _____ server
AAA (authentication, authorization and accounting)
what type of server examines user credentials and grants them access to network resources?
authentication
mail servers use which protocol and port to transfer mail between themselves?
SMTP 25
what type of internet appliance helps spread out the work for web servers?
load balancer
which type of server is used to collect messages, such as error codes or security events, from devices on the network?
Syslog
what is the term for cloud service where the provider offers applications
SaaS (software as a service)
what type of cloud is completely owned by a company like Google but used by business clients?
public
the ability to access extra cloud resources quickly is called what?
rapid elasticity
what type of hyper visor is also referred to as a bare metal hypervisor?
type 1
what is the term for cloud service where the provider offers storage only?
Iaas (infrastructure as a service)
what is the name of the software that allows for multiple VMs on a client computer?
hypervisor
what type of cloud is owned and used by an individual company?
private
the ability of a cloud provider to bundle multiple physical servers together to appear as one set of resources to the client is called what ?
resource pooling
hypervisors manage VM network traffic and communicate to the physical NIC (network interface card) by using what ?
virtual switch
____ servers resolve hostnames to IP addresses
DNS
Each DNS server has a database, called a _____, which maintains records of hostname to IP address mappings.
zone file
DHCP servers are configured with a _____, which contains the information that the server can provide to clients.
scope
Sending email and transferring email between mail servers is what protocol and port?
SMTP 25
receiving email is what port and protocol?
Pop3 110
Imap4 143
Syslog uses what port?
UDP 514
User ______ happens when the system being logged into validates that the user has proper credentials
authentication
Once it’s determined who the user is, the next step in access control is determining what the user can do. This is called _____
authorization
This states that users should be granted only the least amount of access required to perform their jobs, and no more
principle of least privilege
____ seeks to keep a record of who accessed what and when, and the actions they performed.
Accounting
A ____ ______ is an appliance that blocks malicious emails from entering a network
spam gateway
An ____ is a passive device. It watches network traffic, and it can detect anomalies that might represent an attack.
intrusion Detection System IDS
_____ is an active device. It too monitors network traffic, but when it detects an anomaly, it can take actions to attempt to stop the attack.
intrusion prevention system IPS
The goal of ____ ____ ____ is to centralize security management, allowing administrators to manage all their security-related hardware and software through a single device or interface
unified threat management (UTM)
A ___ ____ makes requests for resources on behalf of a client
proxy server
SCADA
supervisory control and data acquisition
Let’s say that a company needs extra network capacity, including processing power, storage, and networking services (such as firewalls) but doesn’t have the money to buy more network hardware. they would get what service?
Infrastructure as a Service
The best _____(service) solutions allow for the client to export their developed programs and run them in an environment other than where they were developed
PaaS
______, which is a temporary, isolated desktop environment for testing apps
sandbox
Which of the following functions are handled by print servers? Choose all that apply.
A) accepting print requests
B) managing print copies ( in the print queue)
C) making printers available on the network
D) in some cases, updating print jobs
Accepting print requests
Making printers available on the network
Print servers handle the following important functions:
-Making printers available on the network
-Accepting print requests
-Managing print requests (in the print queue)
-In some cases, processing and storing print jobs
Which of the following areas is not covered under Legacy systems?
A) network protocols
B) hardware
C) internet
D) software
Internet
Internet is not covered under Legacy systems. These systems are defined as the ones using the old technology and one or more of the following areas:
Hardware, software ( applications or operating system ), Network protocols
Which of these are the required elements for a cloud computing service according to NIST?
A) resource pooling
B) hypervisor
C) on demand self-service
D) elasticity
Resource pooling
On demand self service
Elasticity
NIST National Institute of Standards and technology defined the following five elements, which a cloud computing service must have:
- on demand self service
- broad network access
- resource pooling
- rapid elasticity
- measured service
You work as an IT director for a company. Your company has various partners, and you want to share common information with them using the cloud without compromising security. Which type of cloud model will you use?
A) community
B) hybrid
C) private
D) public
Community
A private cloud is a cloud computing method where the cloud infrastructure is operated solely for a single organization.
Which of the following are not examples of common IoT devices? Choose all that apply.
A) security camera
B) virtual assistant
C) proxy server
D) SCADA
Proxy server
SCADA
Which of the following cloud types is a combination of two or more clouds that remain distinct but are bound together?
A) public
B) private
C) community
D) hybrid
Hybrid
A hybrid cloud is a combination of two or more clouds that remain distinct but are bound together, offering the benefits of multiple deployment models. It uses a mix of on-premises, private cloud, and third-party public cloud services with orchestration between the two platforms.
Which of these is a common way to load balance the incoming requests?
A) to split up Banks of clients for handling specific types of requests
B) to split up Banks of servers for handling all types of requests
C) to split up Banks of clients for handling all types of requests
D) to split up Banks of servers for handling specific types of requests
To split up Banks of servers for handling specific types of requests
For example, one group of servers could handle web requests, while a second set hosts streaming video, and a third set manages downloads.
Heroku is an example of which cloud service?
A) HaaS
B) SaaS
C) PaaS
D) CaaS
PaaS
Your company wants to move to a cloud provider to be able to scale resources quickly, but it is concerned about the security of confidential information. Which of the following types of cloud models might be the most appropriate for your company?
A) hybrid
B) community
C) private
D) public
Hybrid
A hybrid Cloud provides the best capabilities of public and private clouds. You get the scalability and cost effectiveness of a public Cloud but also the security that you need for important files on the private portion of the cloud.
Which of the following syslog severity levels describes a panic condition when the system is unusable?
A) warning
B) critical
C) information
D) emergency
Emergency
0 emergency - a panic condition when the system is unusable
1 alert - immediate action needed
2 critical- major errors in the system
3 error - normal error conditions
4 warning Dash warning conditions, usually not as urgent as errors
5 notice - normal operation but a condition has been met
6 information- provides general information
7 debug - information used to help debug programs
Your manager wants to use the cloud because everyone seems to be talking about it. What should you include when you are listing the benefits of using the cloud? Choose all that apply.
A) increased scalability
B) lower cost
C) improved reliability
D) increased security
A, B, C
Increased scalability
lower cost
Improved reliability
Which Cloud term refers to the process by which a provider charges for the resources used?
A) metered utilization
B) resource pooling
C) High availability
D) rapid elasticity
Metered utilization
Which of the following cloud types is a cloud infrastructure operated solely for a single organization?
A) community
B) private
C) hybrid
D) public
Private
_____ is a system that monitors Network traffic and restricts or alerts when unacceptable traffic is seen in a system?
NIDS
Network intrusion detection system
If a DNS server is unable to resolve and name, what will it do?
A) query the root DNS server
B) query the bottom level DNS server
C) check it’s cache file
D) query the top level DNS server
Query the root DNS server
If a DNS server is unable to resolve a name (and it checks it s cache after it checks its Zone file) , it will query the root DNS server.
Which of the following statements is true about a DHCP server?
A) it is configured with a scope, which contains the information that the clients can provide to the server.
B) it is configured with a variable, which contains the information that the server can provide to the clients.
C) it is configured with a variable, which contains the information that the clients can provide to the server.
D) it is configured with a scope, which contains the information that the server can provide to the clients.
It is configured with a scope, which contains the information that the server can provide to the clients.
DHCP servers need at least one scope, but they can also have more than one.
Which of the following internet appliances helps protect against malicious email? Choose all that apply.
A) proxy server
B) spam Gateway
C) unified threat management
D) load balancer
Spam Gateway
unified threat management
Load balancers help spread the workload and proxy servers make requests on behalf of clients
Which of the following Services should a print server provide? Choose two.
A) accepting print jobs from clients
B) turning off printers on demand
C) providing clients with the appropriate printer driver during installation
D) notifying users when the print job is complete
Accepting print jobs from clients
providing clients with the appropriate printer driver during installation
What does a DHCP server need to be configured with to operate properly?
A) zone file
B) DNS server
C) scope
D) range
E) DHCP relay agent
Scope
Every Dynamic host configuration protocol server needs to have a scope, which is the range of addresses available to clients, as well as other options that it can give to client computers. A DHCP server can optionally provide clients with the address of a DNS server. There is no DHCP range. A DHCP relay agent is a system configured on a subnet with no DHCP server that relays DHCP requests to the DHCP server
When configuring a DNS server, administrators must create which of the following?
A) scope file
B) hosts file
C) zone file
D) DNS proxy
E) range file
Zone file
Domain name system server records are contained in the zone file, which must be configured by administrators
You are installing a file server for the accounting department. Where should this file server be located on the network?
A) in the screened subnet
B) outside of the firewall
C) on the router
D) in the secure network
In the secure network
If the data on the server does not need to be accessed via the internet, then the server should be in the most secure place possible, which is inside the firewall in the secure network
Your network has two subnets separated by a router. To make Network Administration easier, you install a DHCP server on subnet A. Clients on subnet B are not getting IP addresses automatically. What is the best way to resolve this?
A) configure the router to forward broadcast messages
B) install a DHCP relay agent on subnet A
C) install a DHCP relay agent on subnet B
D) install a second DHCP server on subnet B
Install a DHCP relay agent on subnet B
Dynamic host configuration protocol requests are made via broadcast and will not travel through the router. It is never a good idea to allow routers to forward broadcasts. You could install a second DHCP server, but that is inefficient.
Which statement is true about the anti-spam gateway?
A) it can be located in two places, on the cloud or on an internal Network
B) it can be located in two places, on the cloud or on an external network
C) it can be located on the cloud only
D) it can be located on an internal Network only
It can be located in two places, on the cloud or on an internal Network
Which Port does syslog use by default? UDP or TCP?
UDP 514
Which of these are forms of application virtualization? Choose all that apply.
A) virtualizing glass Construction
B) virtualizing Legacy software
C) faster virtualization times than SSDs
D) cross platform virtualization
Virtualizing Legacy software
cross platform virtualization
You are configuring two email servers on your company’s network. Which network protocol should the servers use to transfer mail to each other?
SMTP
Which type of hypervisor is also called a bare metal hypervisor?
Type 1
