Chapter 7 Flashcards
Share
An enterprise-wide VPN can include elements of both the client-to-site and site-to site models.
True
False
True
After L2TP establishing a VPN tunnel, GRE is used to transmit L2TP data frames through the tunnel.
True
False
False
PPP can support several types of Network layer protocols that might use the connection.
True
False
True
A community cloud is a service shared between multiple organizations, but not available publicly.
True
False
True
A Type 2 hypervisor installs on a computer before any OS, and is therefore called a bare-metal hypervisor.
True
False
False
Office 365 is an example of an SaaS implementation with a subscription model
True
False
True
Digital certificates are issued, maintained, and validated by an organization called a certificate authority (CA).
True
False
True
The HTTPS (HTTP Secure) protocol utilizes the same TCP port as HTTP, port 80.
True
False
False
FTPS (FTP Security or FTP Secure) and SFTP (Secure FTP) are two names for the same protocol.
True
False
False
The Virtual Network Computing (VNC) application uses the cross-platform remote frame buffer (RFB) protocol.
True
False
True
Which type of cloud service model involves hardware services that are provided virtually, including network infrastructure devices such as virtual servers?
IaaS
PaaS
SaaS
XaaS
IaaS
What cloud service model involves providing applications through an online user interface, providing for compatibility with a multitude of different operating systems and devices?
IaaS
PaaS
SaaS
XaaS
SaaS
What type of scenario would be best served by using a Platform as a Service (PaaS)
cloud model?
A group of developers needs access to multiple operating
systems and the runtime libraries that the OS provides
An organization wishes to gain access to applications through
an online user interface, while maintaining compatibility across
operating systems
An organization needs to have a hosted virtual network
infrastructure for their services, which are run on virtual
machines
A small organization needs to have high availability for their web
server
A group of developers needs access to multiple operating systems and the runtime libraries that the OS provides
When using public and private keys to connect to an SSH server from a Linux device, where must your public key be placed before you can connect?
In an authorization file under your home directory on your
computer
In an authorization file on the host where the SSH server is
In the /etc/ssh/keys folder
In the /var/run/ssh/public folder
In an authorization file on the host where the SSH server is
The combination of a public key and a private key are known by what term below?
key set
key team
key pair
key tie
key pair
What security encryption protocol requires regular re-establishment of a connection and can be used with any type of TCP/IP transmission?
L2TP
TLS
IPsec
SSL
IPsec
At what layer of the OSI model does the IPsec encryption protocol operate?
Physical layer
Network layer
Transport layer
Application layer
Network layer
The PPP headers and trailers used to create a PPP frame that encapsulates Network layer packets vary between 8 and 10 bytes in size due to what field?
priority
FCS
FEC
encryption
FCS
When using a site-to-site VPN, what type of device sits at the edge of the LAN and establishes the connection between sites?
VPN proxy
VPN server
VPN transport
VPN gateway
VPN gateway
Amazon and Rackspace both utilize what virtualization software below to create their cloud environments?
VMware vSphere
Oracle VirtualBox
Parallels
Citrix Xen
Citrix Xen
What open-source VPN protocol utilizes OpenSSL for encryption and has the ability
to possibly cross firewalls where IPsec might be blocked?
Layer 2 Tunneling Protocol (L2TP)
Point-to-Point Tunneling Protocol (PPTP)
Generic Routing Encapsulation (GRE)
OpenVPN
OpenVPN
VMware Player and Linux KVM are both examples of what type of hypervisor?
Type 1 hypervisor
Type 2 hypervisor
barebones hypervisor
bare-metal hypervisor
Type 2 hypervisor
Which statement regarding the use of a bridged mode vNIC is accurate?
The vNIC will its own IP address on the physical LAN
The vNIC will be assigned a NAT-ed IP address
The vNIC will only be able to communicate across the bridge to
the host PC
The vNIC will utilize the host PC’s IP address.
The vNIC will its own IP address on the physical LAN
When is it appropriate to utilize the NAT network connection type?
Only when the VM requires an IP address on the physical LAN
Whenever the VM does not need to be access at a known
address by other network nodes
Only if the VM does not need to communicate with the host PC
Only if the VM is intended for VM-to-host communications.
Whenever the VM does not need to be access at a known address by other network nodes.
By default, what network connection type is selected when creating a VM in VMware, VirtualBox, or KVM?
host-only mode
bridged mode
NAT mode
lockdown mode
NAT mode
Which statement regarding the IKEv2 tunneling protocol is accurate?
IKEv2 is an older, Layer 2 protocol developed by Microsoft that
encapsulates VPN data frames
IKEv2 is based on technology developed by Cisco and
standardized by the IETF
IKEv2 is an open-source VPN protocol that utilizes OpenSSL for
encryption
IKEv2 offers fast throughput and good stability when moving
between wireless hotspots
IKEv2 offers fast throughput and good stability when moving between wireless hotspots
The use of certificate authorities to associate public keys with certain users is known by what term?
public-key organization
certified infrastructure
public-key infrastructure
symmetric identification
public-key infrastructure
What is NOT a potential disadvantage of utilizing virtualization?
Multiple virtual machines contending for finite resources can
compromise performance
Increased complexity and administrative burden can result from
the use of virtual machines
Licensing costs can be high due to every instance of
commercial software requiring a separate license
Virtualization software increases the complexity of backups,
making creation of usable backups difficult
Virtualization software increases the complexity of backups, making creation of usable backups difficult
A vSwitch (virtual switch) or bridge is a logically defined device that operates at what layer of the OSI model?
Layer 1
Layer 2
Layer 4
Layer 7
Layer 2
Which of the following virtualization products is an example of a bare-metal hypervisor?
Citrix XenServer
VirtualBox
VMware Player
Linux KVM
Citrix XenServer
In a software defined network, what is responsible for controlling the flow of data?
flow director
vRouter
SDN controller
SDN switch
SDN controller
What term is used to describe a space that is rented at a data center facility by a service provider?
point of presence (PoP)
service location (SL)
central service point (CSP)
locally exchanged data point (ledp)
point of presence (PoP)
Which of the following statements regarding the Point-to-Point (PPP) protocol is NOT accurate?
PPP can negotiate and establish a connection between two
endpoints
PPP can utilize an authentication protocol, such as MS-CHAPv2
or EAP to authenticate a client
PPP can support several Network layer protocols, such as IP,
that might use the connection
PPP can support strong encryption, such as AH or ESP
PPP can support strong encryption, such as AH or ESP
Why is the telnet utility a poor choice for remote access to a device?
It provides no mechanism for authentication
It does not allow for control of a computer remotely
It cannot be used over a public WAN connection
It provides poor authentication and no encryption
It provides poor authentication and no encryption
What statement regarding the SSH (Secure Shell) collection of protocols is accurate?
SSH provides a graphical view of the remote computer
SSH does not protect against DNS spoofing
SSH does not protect against IP spoofing
SSH supports port forwarding
SSH supports port forwarding
In order to generate a public and private key for use with SSH, what command line utility should you use?
ssh-keygen
key-generate
ssh-newkey
gpg –ssh
ssh-keygen
Regarding VNC (Virtual Network Computing or Virtual Network Connection), what statement is accurate?
VNC is faster than Remote Desktop, and requires less network
bandwidth
VNC is open source, allowing companies to develop their own
software based on VNC
VNC uses the Remote Desktop Protocol (RDP)
VNC is a standard developed by Microsoft and used by
Windows Remote Desktop
VNC is open source, allowing companies to develop their own software based on VNC
Which file transfer protocol has no authentication or security for transferring files, uses UDP, and requires very little memory to use?
File Transfer Protocol (FTP)
FTP Secure (FTPS)
Secure FTP (SFTP)
Trivial FTP (TFTP)
Trivial FTP (TFTP)
What special enterprise VPN supported by Cisco devices creates VPN tunnels between branch locations as needed rather than requiring constant, static tunnels?
Dynamic Multipoint VPN
Dynamic SmartVPN
Symmetric VPN Autodial
Auto Switched VPN Service
Dynamic Multipoint VPN
Which of the following is NOT a task that a VPN concentrator is responsible for?
A VPN concentrator authenticates VPN clients
A VPN concentrator establishes tunnels for VPN connections
A VPN concentrator shuts down established connections when
malicious traffic occurs
A VPN concentrator manages encryption for VPN transmissions
A VPN concentrator shuts down established connections with malicious traffic occurs
