Chapter 2 Done

Question 1

Which of the following benefits are realized from implementing a load balancer? (Choose two.)

A. Improved app performance

B. Increased app security

C. Increased app regulatory compliance

D. Increased app availability

Answer 1

A and D. Load balancers improve app performance because a pool of backend servers is available to handle client requests instead of a single server, which means that these servers can handle the additional request load that may occur. App availability is increased because a pool of backend servers is available to service client requests. A backend server failure means client requests will be serviced by backend servers that remain up and running.

Question 2

A busy web site has not been responding well because of the large volume of HTTP requests sent to the web server. Which solution would be the most optimal to improve current and future web server performance?

A. Add more RAM to the web server.

B. Use two web servers hosting the same content. Configure a load balancer to distribute incoming HTTP connections between the two web servers.

C. Place a router between the web server and the Internet to throttle incoming HTTP connections.

D. Enable SSL on the web server.

Answer 2

B. Configuring multiple servers behind a load balancer allows for the distribution of incoming network traffic among those servers. This improves the performance of busy web applications and increases availability because more than one server is hosting the same application.

Question 3

You would like to prevent client requests from being serviced by busy backend servers hosting user sessions. Which load balancer scheduling algorithm should you configure?

A. Round robin

B. Weighted round robin

C. Random

D. Least connections

Answer 3

D. The least connections algorithm ensures that traffic is sent to the backend server with the smallest amount of active connections.

Question 4

During an IT meeting, your colleague Trinity suggests that there is a single point of failure in the single load balancer in place for the company web site ordering system. She suggests having two load balancers configured, with only one in service at a given time. What type of load balancing configuration has Trinity described?

A. Round robin

B. Active-active

C. Active-passive

D. Least connections

Answer 4

C. Active-passive configurations consist of two load balancers, one of which is active. When the active load balancer is unresponsive, the second load balancer takes over.

Question 5

An active-passive load balancer solution is configured on your network. When the standby load balancer determines that the primary load balancer is down, what attribute does it take control of?

A. Load balancer MAC address

B. Load balancer IP address

C. First backend server MAC address

D. First backend server IP address

Answer 5

B. A virtual IP address (load balancer IP address) is assigned to the active load balancer. This is the externally exposed address that the DNS names must resolve to.

Question 6

Your public cloud–based load balancer uses Linux backend servers to host a web application. Each backend Linux host is configured with only a single private IPv4 address. You need to be able to manage each Linux backend host remotely from your on-premises network without exposing each backend server directly to the Internet. Which options should you consider? (Choose two.)

A. Assign a public IP address to each backend Linux instance.

B. Assign an IPv6 address to each backend Linux instance.

C. Configure inbound NAT rules on the load balancer.

D. Configure a jump box solution.

Answer 6

C and D. Load balancer inbound NAT rules allow incoming traffic to the load balancer on a given port, such as SSH for Linux management, to be mapped to internal hosts configured with only private IP addresses. A jump box is a physical or virtual server with at least two network interfaces with routing between the interfaces disabled. One jump box interface has a connection to a public network and the second interface has a connection to an internal network. Once authenticated to the jump box, administrators can use it as a launch pad to connect to internal hosts.

Question 7

To improve application performance for a public-facing web application, you want to reduce the amount of processing for each backend Windows server configured in a load balancer backend server pool. HTTPS is currently configured on each server. HTTPS is required to protect traffic web application traffic. What should you do?

A. Enable SSL/TLS pass-through on the load balancer.

B. Configure IPSec on the load balancer.

C. Configure SSL/TLS termination at the load balancer.

D. Generate a new certificate for the load balancer DNS name.

Answer 7

C. Configuring SSL/TLS termination at the load balancer offloads this computationally expensive operation from each backend server. This means network connections to and from the load balancer are protected using HTTPS. Traffic between the load balancer and backend servers is not protected with HTTPS.

Question 8

How does an OSI layer 7 load balancer differ from a layer 4 load balancer?

A. Layer 7 load balancers can inspect IP addresses to make load balancing decisions.

B. Layer 7 load balancers can inspect URLs to make load balancing decisions.

C. Layer 7 load balancers can examine MAC addresses to make load balancing decisions.

D. Layer 7 load balancers can examine port numbers to make load balancing decisions.

Answer 8

B. Layer 7 of the OSI model, the application layer, enables access to all packet contents including the payload; therefore, URLs can be examined by the load balancer to determine which backend servers should receive the request.

Question 9

What is the primary purpose of a load balancer health probe configuration?

A. To check Internet connectivity

B. To check load balancer responsiveness

C. To check backend server responsiveness

D. To compare performance baselines to current metrics

Answer 9

C. A load balancer can be configured to test connectivity to backend servers periodically on a given port number using health probes. Unresponsive backend servers are marked as unhealthy and do not receive client app requests.

Question 10

While testing a custom load balanced application, you determine that the app depends on client devices being connected to the same backend server throughout a session. Which load balancer option should you enable to support this kind of behavior?

A. Source IP affinity

B. Health probe

C. Round robin

D. Fixed weight

Answer 10

A. Load balancer source IP affinity, also called client IP affinity, ensures that clients remain connected to the same backend host during an app session.

Question 11

IPv6 addresses consist of how many bits?

A. 8

B. 16

C. 32

D. 128

Answer 11

D. IPv6 addresses are 128 bits long, represented as eight 16-bit groups of hexadecimal characters, where each group is separated with a colon.

Question 12

You need to test to determine whether a local IPv6 stack is functioning on a Windows 10 host. Which command should you issue?

A. ping 127.0.0.1

B. ipconfig –test 127.0.0.1

C. ping 0:0:0:0:0:0:0:1

D. ipconfig –test 0:0:0:0:0:0:0:1

Answer 12

C. The Windows ping command can be used to test IPv6 functionality for the IPv6 local loopback address of 0:0:0:0:0:0:0:1, also referred to as ::1. The double colons represent a series of consecutive zeroes.

Question 13

An IT technician issues the Windows ipconfig command and is concerned after noticing an address with an FE80 prefix. What should you tell the technician?

A. IPv6 hosts always have a link-local unicast address beginning with FE80.

B. IPv6 hosts with an FE80 address are unable to communicate on the Internet.

C. FE80 is similar to an IPv4 169.254 prefix; it means the host could not reach a DHCP server.

D. The IPv4 FE80 prefix is the local loopback address.

Answer 13

A. The IPv6 FE80 prefix is used for link-local unicast addresses. IPv6 hosts always have this type of IP address, whether or not they are configured with a static IP address or are configured to use DHCP.

Question 14

Which IPv6 protocol is primarily responsible for error and status information?

A. TCP

B. ICMP

C. UDP

D. IP

Answer 14

B. The Internet Control Message Protocol (ICMP) is responsible for error and status information in IPv4 and IPv6.

Question 15

One backend server named HOST 2 is used by a load balancer in a backend pool. HOST 2 has more RAM and CPU processing power than others in the same backend pool. You need to ensure that more client requests are serviced by this powerful server. What should you do?

A. Assign a lower priority weight value to HOST 2.

B. Assign a low priority weight value to the load balancer.

C. Assign a high priority weight value to the load balancer.

D. Assign a higher priority weight value to HOST 2.

Answer 15

D. Assigning a higher priority weight value to HOST 2 as compared to other backend hosts in the same pool means HOST 2 will service more requests than other servers in the pool.

Question 16

Which load balancing scheduling algorithm treats all backend servers equally when it comes to client request processing capabilities?

A. Round robin

B. Weighted round robin

C. Random

D. Least connections

Answer 16

A. Round robin sends traffic to the first backend node, then the second, the third, back to the first, and so on. All servers are treated equally when it comes to client processing capability.

Question 17

Which of the following terms is the most closely related to a load balancer?

A. Reverse proxy

B. Forward proxy

C. Jump box

D. Content delivery network

Answer 17

A. A reverse proxy accepts clients requests and forwards them to an internal host or hosts for processing, thus hiding the true identity of the internal host(s).

Question 18

Which of the following load balancing solutions is best suited for routing incoming video-streaming requests to specific backend servers optimized for streaming?

A. Layer 4 load balancer

B. Round robin

C. Fixed weight

D. Layer 7 load balancer

Answer 18

D. OSI layer 7 (the application layer) load balancers can inspect URL requests, such as those that may include references to media, and send those requests to specific backend hosts configured to stream media.

Question 19

You are configuring a load balancer to support a backend pool of FTP servers using standard port numbers. Which TCP ports should the load balancer accept FTP requests on?

A. 20, 21

B. 21, 23

C. 21, 80

D. 80, 443

Answer 19

A. FTP normally uses TCP ports 20 and 21.

Question 20

Users complain that when they access a load balanced shopping web site, periodically the contents of their shopping cart is lost. What should you configure in the load balancer to alleviate the issue?

A. Active-passive

B. Virtual IP

C. Persistence

D. Active-active

Answer 20

C. Configuring the load balancer persistence setting ensures that client session traffic continues to the same backend server. This can be especially important when server-side storage is used for user sessions.

Question 21

You are configuring load balancer support for an HTTPS custom web application. Which of the following statements regarding this scenario are correct? (Choose two.)

A. Backend servers can listen on any port number.

B. Traffic between the load balancer and backend servers does not have to be encrypted.

C. The backend server port number must be the same as the load balancer VIP port number.

D. HTTPS requires an active-active load balancer configuration.

Answer 21

A and B. Backend web servers may be configured to listen on TCP port 400, while the load balancer VIP configuration listens on the standard HTTPS port, TCP 443. Load balancers can be configured as SSL/TLS termination points to offload the extra encryption/decryption processing from the backend servers.

Question 22

You are designing a load balancing strategy for a multi-tiered web app named APP1 that uses frontend publicly accessible web servers, application servers, and database servers. APP1 experiences a large number of requests each day. You need to ensure that the performance of each web app tier is optimized. What should you do?

A. Configure an internal load balancer in front of the web servers, an internal load balancer between web servers and app servers, and a public load balancer between app servers and database servers.

B. Configure a public load balancer in front of the web servers, an internal load balancer between web servers and app servers, and another internal load balancer between app servers and database servers.

C. Create a load balancer active-active configuration.

D. Create a load balancer active-passive configuration.

Answer 22

B. To ensure that each web app tier performs optimally, each tier should have a load balancer; a public load balancer between the Internet and the frontend web servers, an internal load balancer between web servers and apps servers, and another internal load balancer between app servers and database servers.

Question 23

Which IPv6 protocol is used to discover neighboring hosts on a local area network?

A. ARP

B. TCP

C. UDP

D. NDP

Answer 23

D. Neighbor Discovery Protocol (NDP) is used by IPv6 to discover nodes on a local are network.

Question 24

You have an active-active load balancer configuration for a web app using a backend Microsoft SQL Server database. How many SQL database instances are active concurrently?

A. None

B. One

C. Two

D. It depends on the backend pool configuration

Answer 24

D. Each backend server may have a replicated SQL database, or each backend server may refer to shared storage or a dedicated server hosting the SQL database.

Question 25

You have configured two load balancers to work together. The first load balancer routes all client traffic to backend servers, while the second load balancer is idle. What type of configuration is this?

A. Active-active

B. Active-passive

C. Active-scheduled

D. Active-persistent

Answer 25

B. An active-passive load balancer configuration links two load balancers together for high availability, but only one load balancer is active at any time.

Question 26

Your manager, Wayne, is concerned about malicious users who might compromise servers and remain undetected for a period of time. What type of threat is Wayne concerned about?

A. Insider threat

B. Hacktivist

C. Advanced persistent threat

D. State actor

Answer 26

C. An advanced persistent threat (APT) implies a compromised network or device, whereby malicious actors, such as competitors or hacking groups, retain control of the compromised system for a period time before being detected.

Question 27

Which type of malicious users or groups attempt to promote a political or ideological view?

A. Hacktivist

B. Advanced persistent threat

C. State actor

D. Insider threat

Answer 27

A. Hacktivists exploit vulnerable systems with the intention of promoting awareness of social, political, or ideological views.

Question 28

Your organization has begun quarterly lunch-and-learn sessions to educate employees about current scams and computer security threats to increase their awareness and help prevent security issues such as data leaks. To which of the following items does this initiative best apply?

A. Hacktivist

B. Advanced persistent threat

C. State actor

D. Insider threat

Answer 28

D. Insider threats result from an actor within the organization who has knowledge of internal procedures, configurations, or details that would be unknown to external users. Internal user training and awareness help protect digital assets from unintentional security breaches.

Question 29

Which type of malicious entity is most likely to launder the proceeds of illegal activities through online gambling sites?

A. State actor

B. Criminal syndicate

C. Hacktivists

D. Script kiddie

Answer 29

B. A criminal syndicate is related to organized crime, which is likely to profit through illegal means and therefore must “clean” the proceeds through laundering.

Question 30

You are part of a team that has been hired to conduct penetration tests. Which term best describes your team?

A. Unauthorized hackers

B. Semi-authorized hackers

C. Script kiddies

D. Authorized hackers

Answer 30

D. Authorized hackers are the “good guys”; they are hired to perform penetration tests to identify exploitable security weaknesses.

Question 31

You are an IT technician responsible for defining and implementing IT solutions throughout the organization. You have discovered that users in a remote branch office have configured a Wi-Fi network for use only in their location without approval from headquarters. Which term best describes this scenario?

A. Authorized hacking

B. Hacktivists

C. Hardening

D. Shadow IT

Answer 31

D. The term “shadow IT” refers to non-IT staff who install or configure networked devices without central approval from the IT department; this would include adding a Wi-Fi router to a network without approval.

Question 32

Which type of malicious actor is the most likely to have the most resources and funding?

A. Hacktivist

B. Criminal syndicate

C. State actor

D. Script kiddie

Answer 32

C. State actors are likely to have ample funding for their activities. These hacking groups are supported by nations for the purposes of intelligence gathering or computer system disruption of other nations.

Question 33

You have enabled firewall rules to allow only HTTPS connections to a web server that resides in your company’s server room. The company’s web site stores sensitive customer data in a backend database stored on the same host. Which types of potential security problems do company IT technicians present in this scenario? (Choose two.)

A. On-path attacks

B. Direct physical access

C. Phishing

D. Insider threat

Answer 33

B and D. Technicians who can gain access to the server room have direct access to the physical server and storage arrays, and physical access bypasses firewall rules. This is considered a potential insider threat.

Question 34

Your organization has deployed mission-critical applications to a public cloud service provider (CSP) platform. The CSP recently disclosed a security flaw in the underlying network switches that was exploited by malicious users. The network switches were missing a firmware update that addressed security vulnerabilities. From your organization’s perspective, what is the source of this security issue?

A. Update management

B. Network switch vendor

C. CSP organizational security policies

D. Supply chain

Answer 34

D. In this case, the cloud service provider (CSP) is a part of the supply chain, or service delivery platform (SDP), in the sense that the CSP supplies the IT services infrastructure used by the cloud customer.

Question 35

You manage an air-gapped secure network named NET1 for a utility provider. NET1 does not connect in any way to any other network. You have scheduled the automatic scanning of the network for unauthorized network devices. Recently, new malware that is active on the Internet was discovered on NET1. What is the most likely explanation for how the malware made its way to NET1?

A. A rogue Wi-Fi router introduced the malware.

B. Users on NET1 downloaded infected files from the Internet.

C. Users on NET1 clicked a malicious link on a social media site.

D. Removable media was infected.

Answer 35

D. Since NET1 has no connections to other networks, the most likely explanation is that the malware was transmitted through infected files on removable media.

Question 36

After running a vulnerability scan of your entire network because of newly reported vulnerabilities on the Internet, you notice that Linux-based honeypots on your network that are intentionally configured to appear vulnerable were not reported as vulnerable. What is the most likely cause of this behavior?

A. A credentialed scan was not run.

B. The honeypots have an OS-level firewall enabled.

C. Vulnerability scanners cannot identify vulnerabilities on Linux hosts.

D. The vulnerability database is not up-to-date.

Answer 36

D. Vulnerability scanning tools use a database of known vulnerabilities as a comparison mechanism when scanning hosts and apps. Scanning tools can be configured to subscribe to vulnerability and threat feeds for automatic updating. If this database is not kept up-to-date, newer vulnerabilities may not be detected during scanning.

Question 37

You are reviewing network analysis reports for signs that could suggest malicious activity. What are you looking for?

A. Threat map

B. Automated indicator sharing (AIS)

C. Indicators of compromise

D. Predictive analysis

Answer 37

C. Indicators of compromise (IoCs) suggest that malicious activity may be taking place or has taken place.

Question 38

You are researching potential vulnerabilities with the way that Session Initiation Protocol (SIP) Voice over IP (VoIP) calls are established over the network. Which documentation source explains the standardized inner workings of SIP VoIP calls?

A. Open source intelligence

B. RFCs

C. Vendor documentation

D. Automated indicator sharing

Answer 38

B. Requests for comment (RFCs) are publicly available technical standardization documents stemming from various international technical bodies that detail how specific types of technologies such as HTTP, DNS, or the ASCII character set work. Vendors building software and hardware products generally adhere to RFCs.

Question 39

What is the primary purpose of the Tor web browser?

A. Accessing media content in foreign countries

B. Downloading music

C. Web application vulnerability scanning

D. Accessing the Web anonymously

Answer 39

D. The Tor web browser enables anonymous connectivity to the Web.

Question 40

Which role is responsible for managing data in alignment with policies set forth by data owners?

A. Data owner

B. Data custodian

C. Data analyst

D. Data privacy officer

Answer 40

B. The data custodian, or data steward, role involves managing data assets in accordance with policies set forth by data owners. An example of a data custodian is a file server administrator that can set file system permissions.

Question 41

Which role is ultimately responsible for a data asset?

A. Data owner

B. Data custodian

C. Data analyst

D. Data privacy officer

Answer 41

A. Data owners set policies on how data will be managed; they are ultimately responsible for the data.

Question 42

Your organization collects, processes, and stores EU customer data. As a result, a Data Privacy Officer (DPO) role has been established to ensure regulatory compliance. To which European digital privacy legislation does this role apply?

A. PCI DSS

B. HIPAA

C. PIPEDA

D. GDPR

Answer 42

D. The EU GDPR is an act of legislation designed to protect sensitive EU citizen data. A data privacy officer ensures compliance with regulations such as the GDPR.

Question 43

An online retailer legally collects and stores sensitive customer data that it then sells to marketing firms. Which data role is the online retailer partaking in?

A. Data processor

B. Data privacy officer

C. Data custodian

D. Data controller

Answer 43

D. The data controller determines how data can be used, such as providing it to other parties.

Question 44

A marketing firm legally purchases sensitive customer data from a data collection agency. Which data role is the marketing firm partaking in?

A. Data processor

B. Data privacy officer

C. Data custodian

D. Data controller

Answer 44

A. The data processor role, in this example, is assumed by the marketing firm that purchases data for processing purposes, such as to enhance targeted marketing campaigns.

Question 45

Which phrase best encompasses the mapping out of specific malicious user activity from beginning to end?

A. Automated indicator sharing

B. Adversary tactics, techniques, and procedures

C. Indicator of compromise

D. Predictive analysis

Answer 45

B. Adversary tactics, techniques, and procedures (TTP) is used to define how malicious attacks are carried out.

Question 46

You are researching the potential of an employee e-mail account breach. You suspect these accounts may have been used to sign up to a variety of social media sites. After searching and viewing multiple web pages related to this issue, you become overwhelmed with information. What type of public-sourced security intelligence tool should you use to facilitate further testing of your suspicions?

A. Open source intelligence

B. Academic journals

C. File and code repositories

D. Conferences

Answer 46

A. Open source intelligence (OSINT) tools ingest cybersecurity intelligence data from various public sources to facilitate cybersecurity activities.

Question 47

Which of the following are standards related to the sharing of threat intelligence information? (Choose two.)

A. TAXII

B. OSINT

C. STIX

D. RFC

Answer 47

A and C. The Trusted Automated Exchange of Indicator Information (TAXII) standard defines how cybersecurity intelligence information is shared among entities. The Structured Threat Information eXpression (STIX) standard defines the data exchange format for cybersecurity information.

Question 48

Which statements regarding the usage of the Tor web browser are correct? (Choose two.)

A. The Tor network is an Internet overlay network.

B. The Tor network requires the use of IPv6 addresses.

C. The Tor browser host IP address is hidden.

D. Usage of the Tor network requires signing up with an account.

Answer 48

A and C. The Tor network is considered an overlay network in that it sits on the existing public Internet infrastructure; it is designed to use encryption and multiple global relay points to protect user activity from traffic analysis. As a result, using the Tor web browser for Tor network connectivity hides the IP address of the machine running the Tor web browser.

Question 49

Which of the following are normally considered potential insider threats? (Choose two.)

A. Port scanning of firewall interfaces

B. Contractors

C. Infected e-mail file attachments

D. Brute-force username and password web site attacks

Answer 49

B and C. Contractors working for an organization may have knowledge of or access to company processes and systems. Users opening infected file attachments from e-mail messages means the infection would then be on the inside. Both of these present potential insider threats.

Question 50

Which type of hacker may discover and exploit vulnerabilities, yet lacks malicious intent?

A. Authorized

B. Red hat

C. Semi-authorized

D. Unauthorized

Answer 50

C. Semi-authorized hackers discover vulnerabilities and can compromise systems, which could cross legal or ethical boundaries, but their intent is not malicious. Often Semi-authorized hackers will compromise systems and let the system owners know about the vulnerabilities.

Question 51

Which type of hacker has malicious intent and attempts to discover and exploit vulnerabilities?

A. Authorized

B. Red hat

C. Semi-authorized

D. Unauthorized

Answer 51

D. Unauthorized hackers are individuals with malicious intent that attempt to exploit systems.

Question 52

Which type of active security testing attempts to exploit discovered vulnerabilities?

A. Penetration testing

B. Vulnerability scanning

C. Port scanning

D. Network scanning

Answer 52

A. Penetration tests (pen tests) identify and attempt to exploit vulnerabilities.

Question 53

Which of the following wireless cryptographic protocols are the most vulnerable? (Choose two.)

A. WEP

B. WPA

C. WPA2

D. Default Wi-Fi router credentials

Answer 53

A and D. Wired Equivalent Privacy (WEP) is an older, deprecated wireless encryption protocol and should not be used, because many freely available tools can compromise WEP. Using default credentials always presents a security risk because these are widely known.