Chapter 10 Troubleshooting Networking & Security Issues Flashcards by Louie Hipolito

When configuring the network interface on a Windows server, what is the term used to designate the IP address of the router interface on the local subnet?

Default gateway

The term default gateway can be misleading since a gateway is now called a router. But a default gateway is the IP address on the interface on the router on the local subnet that connects to the outside world. It gives computers on one network a path to other networks.

Chapter 10 (page 292)

How well did you know this?

Not at all

Perfectly

What determines the size of a group of servers sharing the same network range?

Subnet mask

The mask determines the total number of hosts on each network. All hosts will contain this mask information to determine which network they are on. The subnet masks must exactly match, or you will have network connectivity problems with the incorrectly configures resources.

Chapter 10 (page 291)

How well did you know this?

Not at all

Perfectly

Which text-based remote access application is used to securely access Linux servers in a public cloud?

SSH

Secure Shell (SSH) is the encrypted version of the Telnet protocol and is used to access remote devices using a command-line interface.  
Use port 22 for communications.

Chapter 10 (page 305)

How well did you know this?

Not at all

Perfectly

Scott is troubleshooting a SQL access issue and wants to look at the data frames being sent and received from his network adapter card on the Linux database server. What utility would he use to collect the traces?

tcpdump

tcpdump allows Linux system to capture live network traffic and is useful in monitoring and troubleshooting. Sometimes called sniffing, tcpdump allows you to set up filters to select the traffic you are interested in capturing for troubleshooting. Think of tcpdump as a command-line network analyzer.

Chapter 10 (page 305)

How well did you know this?

Not at all

Perfectly

A remote user is unable to reach a Linux-based web server hosted in the Singapore zone of the cloud provider. The user is located in Austin, Texas. What utility can she use to verify the connection path?

traceroute

The tracert/traceroute utilities are useful for network path troubleshooting. The traceroute utility displays the routed path a packet of data takes from source to destination. You can use it to determine whether routing is working as expected or whether there is a route failure in the path.

Chapter 10 (page 306)

How well did you know this?

Not at all

Perfectly

A Cloud+ student you are mentoring asks about the mappings between the layer 2 MAC address and the gateway router’s IP address. He wants to verity that the VM has the correct network mapping information. Which utility would you tell him to use to gather this information?

ARP

Address Resolution Protocol (ARP) is the protocol that determines the mapping of the IP address to the physical MAC address on a local network.
Using ARP, all devices on the LAN build a table of IP to MAC address bindings.

Chapter 10 (page 298)

How well did you know this?

Not at all

Perfectly

You are configuring a remote out-of-band management network that connects to router and switch serial ports in a private cloud. What product would you need to install to accomplish this task?

terminal server

In a data center, devices called terminal servers are deployed that have several serial ports, each cabled to a console port on a device that is being managed. This allows you to make an SSH or a Telnet connection to the terminal server and then use the serial interfaces to access the console ports on the devices you want to connect to.

Chapter 10 (page 307)

How well did you know this?

Not at all

Perfectly

What Window server application presents the server’s graphical desktop on a remote user’s screen?

Remote Desktop Services

Remote Desktop Services (RDP) allows remote access to Windows devices. RDP is a client-server application, which means RDP has to be installed and running on both the server and the local workstation you are using to access the cloud server. The desktop application comes preinstalled on most versions of Windows.

Chapter 10 (page 309)

How well did you know this?

Not at all

Perfectly

To verify network reachability from a NoSQL database server residing in a private subnet on a public cloud to the application tier, what utility can she use as a quick connectivity test?

ping

ping is part of the TCP/IP family of protocols; it is used to verify that a device is available and reachable on the network and also to get a reading of the response time at the moment in time.

Chapter 10 (page 303)

How well did you know this?

Not at all

Perfectly

After deploying a new public website, your validation steps ask you to check the domain name to IP address mappings. What Linux and Windows utilities can be used for validation?

dig and nslookup

nslookup and dig are command-line utilities used to resolve hostnames to IP addresses using a DNS server. nslookup is the Windows variant and its Linux equivalent is called dig. If you need to learn the IP address of a domain, use these applications to resolve the DNS name to the IP address.

Chapter 10 (page 302)

How well did you know this?

Not at all

Perfectly

Sarah made an SSH connect to a remote bastion host. She needs to add an access control list rule to allow the bastion server to access a new subnet. She needs the source IP address of her host. What command can she run on the server to collect this information?

ifconfig

ifconfig on Linux and ipconfig on Windows are command-line utilities used to verify and configure the local network interfaces.

Chapter 10 (page 300)

How well did you know this?

Not at all

Perfectly

The ____ network utility is found in both Windows and Linux operating systems and is used to show what network connection are open to remote applications.

netstat

netstat is a network statistic utility found on both Windows and Linux workstation and servers. You can use netstat when troubleshooting to see which network connections are open to remote applications, to view detailed protocol information, to see addresses used both locally and remotely, and to determine which state the TCP connections are currently in on the device.

Chapter 10 (page 300)

How well did you know this?

Not at all

Perfectly

The ____ network utility is found in both Windows and Linux operating systems and is used to show what network connection are open to remote applications.

netstat

Chapter 10 (page 300)

How well did you know this?

Not at all

Perfectly

Both the Linux ____ and the Windows ____ utilities query a DNS system, giving a domain name and receiving the corresponding IP address.

dig
nslookup

nslookup is the Windows variant, and dig is the Linux equivalent, command-line utilities used to resolve hostnames to IP addresses using a DNS server. If you need to learn the IP address of a domain, use these applications to resolve the DNS name to the IP address.

Chapter 10 (page 302)

How well did you know this?

Not at all

Perfectly

Both the Linux ____ and the Windows ____ utilities query a DNS system, giving a domain name and receiving the corresponding IP address.

dig
nslookup

Chapter 10 (page 302)

How well did you know this?

Not at all

Perfectly

Social engineering is the most predominate ____ attack where someone is tricked into providing credentials or holding a door open into a secure data center, for example.

internal

Training seems to be ongoing to educate the workforce on common attacks to obtain information of access using social engineering. Use common sense and always be a bit suspicious if someone asks you to do something you do not feel comfortable with or seems out of the ordinary.

Chapter 10 (page 313)

____ ____ can be defined as a user receiving account privileges that they are not allowed to possess.

privilege escalation

Privilege escalation can be defined as a user receiving account privileges that they are not allowed to possess.

Chapter 10 (page 310)

When the cloud issue has been resolved, the final step in the troubleshooting process is to provide resolution ____.

documentation

After the issue has been resolved, it is helpful to document your findings so that, should the issue return, you have historical information on how to troubleshoot and resolve the incident.
Documentation also includes backing up the configurations if necessary. If you made any changes to a device configuration, add what was changed and why the change was made to resolve the issue in your documentation and then back up the actual configuration.

Chapter 10 (page 319)

Carrie is researching various remote access options to access her Linux servers in a public cloud. She has been asked to provide a standardized and secure solution that protects against snooping. As a Cloud+ architect, you have been asked to assist. What protocol would you advise she implement?

A.  RDP
B.  Telnet
C.  IPsec
D.  SSH
E.  Terminal server

SSH

SSH (Secure Shell) is the encrypted version of Telnet protocol and is used to access remote devices using a command-line interface. RDP is a Windows graphical interface. Telnet does not offer encryption, and terminal servers offer serial port access but may or may not support encrypted network access.

Chapter 10 (page 309)

James is troubleshooting a DNS issue and wants to look at DNS frames being sent and received from his network adapter card on a web server. What utility would he use to collect the traces?

A. dig
B. netstat
C. tcpdump
D. nslookup

tcpdump

tcpdump allows a Linux system to capture live traffic and is useful in monitoring and troubleshooting. Sometimes called sniffing, tcpdump allows you to set up filters to select the traffic you are interested in capturing for troubleshooting. Think of tcpdump as a command-line network analyzer.
dig and nslookup show DNS resolution but do not display the actual packets going across the wire.
netstat shows connection information and is not DNS related.

Chapter 10

An intern at your company is asking about the mappings between the layer 2 MAC address and the gateway router. He wants to verify that the VM has the correct network mapping information. Which utility would you tell him to use to gather this information?

A. dig
B. ipconfig
C. arp
D. netstat

ARP

ARP is the protocol that determines the mapping of an IP address to the physical MAC address on a local network. The mappings can be seen with the arp command-line utility.
dig is used for DNS resolution, ipconfig shows the network adapter parameters, and netstat shows connection.

Sharon is unable to reach her Linux-based web server hosted in the Singapore zone of the cloud. She is located in Austin, Texas. What utility can she use to verify the connection path?

A.  traceroute
B.  ipconfig
C.  arp
D.  netstat
E.  ping
F.  tcpdump
G.  route print

traceroute

The traceroute and tracert utilities are useful for network path troubleshooting. This utility shows the routed path a packet of data takes from source to destination. You can use it to determine whether routing is working as expected or whether there is a route failure in the path. The other answers were all incorrect as they do not provide network path data

Connie is documenting different methods that her remote operations center can use to access the Calgary fleet of servers operating in a community cloud. Which of the following are not viable methods? (Choose two.)

A.  RDP
B.  Telnet
C.  IDS/IPS
D.  Terminal server
E.  DNS
F.  HTTP

IDS/IPS
DNS

Common remote access tools include RDP, SSH, and terminal servers. IDS/IPS are for intrusion detection and DNS is for domain name to IP address mappings and is not for utility for remote access.

Allison is in the process of migrating graphical vendor management utilities away from locally installed applications on her desktop and to an approach that does not require any local installations and will be easier to implement and use. What approach would meet these requirements?

A.  Java
B.  CSS
C.  Web
D.  RDP
E.  SSH

Web

Of the options given, the web approach does not require any local application installations and offers a graphical systems management interface.

The remote disaster recovery location follows the warm site model. To configure the network switches, routers, and firewalls remotely, Mark will need serial port access from his company's operation center. He has 14 serial ports currently but needs to be prepared for any unplanned expansion requirements during a disaster recover cutover. What device would you recommend he implement at the warm site? ``` A. RDP B. Telnet C. IPsec D. SSH E. Terminal server ```

Terminal server In a data center, terminal servers are deployed and have several serial ports, each cabled to a console port on a device that is being managed. This allows you to make an SSH of a Telnet connection to the terminal server and then use the serial interfaces to access the console ports on the devices you want to connect to. The other options given do not provide serial port connections. Console ports are common in networking environments and are used to configure switches and routers from a command-line (CLI). Linux servers also use the console or serial ports for CLI access. Chapter 10 (page 307)

Sarah manages user accounts for her company's cloud presence. She has a trouble ticket open with Jill to assist her in accessing an SSD storage volume in the San Paulo region of the public cloud. What kind of user issue is she investigating? A. Authentication B. Authorization C. Federation D. SSO

Authorization The question is asking about being able to access a specific cloud service. This would concern Jill having authorization to access the storage volume. Authentication and SSO are login systems and not rights to services. A federation links user databases.

Harold is getting alarms from the public cloud's application load balancer about security failures. Harold reviews his problem resolution documentation to investigate, and there have been no troubles reported in the past year. The load balancer has been configured to offload port 443 web traffic from the backend fleet of web servers. As a Cloud+ consultant brought in to assist, what should be the focus of the investigation? ``` A. HTTPS B. Certificates C. IPsec D. RDP E. ssldump F. netstat ```

Certificates The question shows that the load balancer is terminating SSL/TLS traffic from the web. SSL certificates have expiration dates and so, as part of the troubleshooting approach, security certificate expirations need to be investigated. The other options do not accomplish this requirement.

Multiple users are complaining that they cannot access cloud-based collaboration system. The operations center has been investigating and has, so far, verified that the MFA applications are operational. What user system are they troubleshooting? A. Authentication B. Authorization C. Federation D. SSO

Authentication Logging into systems is referred to as authentication. Also, the question references multifaction authentication (MFA) as part of the system. Authorization is the access of services after the authentication process, federations interconnect external user accounts to the cloud, and a single sign-on (SSO) allows a user to authenticate one time to access all resources in the cloud.

The backend fleet of web servers is intermittently failing load balancer health checks and dropping out of the pool. You are involved in troubleshooting and begin your investigation by making sure the web application is operational. What approach are you undertaking? ``` A. Top down B. Bottom up C. Divide and conquer D. Evaluation E. Validation ```

Top down The top-down approach references the OSI model; it starts at the application layer and works downward until the problem is identified. The application is checked first, and if that is operational, you continue to work down the network stack until you identify the problem.

Your web servers have lost communications to the SQL backend database on your e-commerce public website. You have been brought in to assist in resolving the problem. After reviewing the log files and the monitoring system, you suspect it may be a network related issue. You devise a series of tests that start with checking the server's connection to the database. What troubleshooting approach are you implementing? ``` A. Top down B. Bottom up C. Divide and conquer D. Evaluation E. Validation ```

Bottom up The bottom-up approach starts at the lowest level of the ISO model with the physical network connections, such as cabling, and works upward by investigating VLANs, IP addressing, and so on, until the issue is located.

A middleware application running in the cloud is reporting session drops in its log files. You need to quickly resolve the issue and get the server back online. You decide to run ping and traceroute tests on the server as your first line of troubleshooting. What approach are you using? ``` A. Top down B. Bottom up C. Divide and conquer D. Evaluation E. Validation ```

Divide and conquer The divide-and-conquer troubleshooting approach starts in the middle of the OSI network stack and, depending on the result, directs future tests. In this case the troubleshooter began at the network layer, which is in the middle of the OSI model. This is the divide-and conquer approach.

What are common troubleshooting steps? (Choose all that apply.) ``` A. Gather information B. Distill the issue C. Research D. Create a plan of action E. Test and verify ```

``` Gather information Distill the issue Research Create a plan of action Test and verify ``` All of the answers given are common troubleshooting steps.

Your cloud provider's data center is in an industrial park with no company signage, extensive video cameras in the parking lot, and biometrics at the guard shack. What type of security is the provider implementing? A. Building B. Device C. Infrastructure D. Tunneling

Infrastructure Infrastructure security is the hardening of the facility and includes the steps outlined in the question including nondescript facilities, video surveillance, and biometric access.

Kelly has picked up a trouble ticket that shows the connection between the Toledo field office and the Detroit cloud edge location has dropped. She confirms it is a secure Internet based access solution. What type of connection is this? ``` A. Direct peering B. IDS C. VPN D. AES-256 E. RDP ```

VPN A secure Internet-based connection would be a VPN.

Nick is setting up a new fleet of IIS web servers in his IaaS e-commerce site. The company has elected to use a hybrid approach and desires graphical connections to the Windows bastion hosts. What traffic must he permit through the external-facing firewall to the host? A. SSH B. RDP C. DNS D. IPS

RDP The Windows Remote Desktop Protocol (RDP) allows for remote connections to a Windows graphical user desktop.

Jill logs into her NoSQL server residing in a private subnet on a public cloud. She needs to verify network connectivity with the application tier. What utility can she uses as a quick connectivity test? A. arproute B. netstat C. tcpdump D. ping

ping The ping utility verifies end-to-end network connectivity and is the correct answer. The other options offered either do not apply such as tcpdump and netstat are not valid utilities such as arproute.

After deploying a new public website, your validation steps ask you to check the domain name to IP address mapping. What utility can you use for validation? (Choose two.) ``` A. RDP B. dig C. SSH D. nslookup E. IPsec F. IPS ```

dig nslookup nslookup is a Windows command-line utility for resolving domain names to IP addressing. The Linux equivalent is the dig utility. The other answers offered are not valid for the solution in the question.

Donna logged into her cloud bastion host by making an SSH connection from her operations center desktop. She uses the Linux host to connect to other systems in the private cloud. She needs to add an access control list rule to allow the bastion server to access a new subnet. She need to source IP address of her host. What command can she run on the server to collect this information? A. curl /localhost/metadata/global/interface B. ipconfig C. ifconfig D. netstat

ifconfig The Linux command ifconfig will display all network-related configuration information for that computer and is the correct answer. ipconfig is the Windows equivalent and is not relevant to the question. netstat and the query string are not applicable to the question.