Chapter 9 Flashcards

1
Q

Your company hosts its own web server, and it allows consumers to make purchases via the server. The help line has been getting complaints that users are unable to access the secure portion of the website. You open the site and it seems fine, although the secure portion where transactions are completed is inaccessible. What is the most likely cause?

The firewall is blocking TCP port 80.
The firewall is blocking TCP port 443.
The security module of the web server is malfunctioning.
The web server is down.

A

B. For secure transactions, the web server should be using HTTPS, which uses port 443. If non-secure portions of the website work, then the server is fine. It’s most likely that the firewall is blocking inbound traffic on port 443.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your manager wants you to install a networked Internet appliance that prevents network traffic–based attacks and includes anti-malware and anti-spam software. What should you install?

NIPS
NIDS
UTM
Endpoint management system

A

C. It sounds like the manager wants a unified threat management (UTM) device. They are designed to be one-stop network protection devices. Networked intrusion detection and prevention systems will detect network attacks but do not have anti-malware or anti-spam capabilities. An endpoint management system is not a security appliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You are installing a file server for the accounting department. Where should this file server be located on the network?

Outside of the firewall
In the DMZ
In the secure network
On the router

A

C. If the data on the server does not need to be accessed via the Internet, then the server should be in the most secure place possible, which is inside the firewall(s) in the secure network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have been asked to identify the right type of cloud service to help the team of developers to provide programming elements such as runtime environments. Which service do you recommend?

PaaS
IaaS
SaaS
DaaS

A

A. Platform as a Service (PaaS) is probably the right level of service for the developer team. It provides infrastructure, like IaaS, and also supplies needed programming elements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following are services that a print server should provide? (Choose two.)

Accepting print jobs from clients
Turning off printers on demand
Providing clients with the appropriate printer driver during installation
Notifying users when the print job is complete

A

A, C. Print servers should make printers available to clients and accept print jobs. They also process print jobs and manage print priorities. Finally, they provide client computers with the right print drivers when the clients attempt to install the printer. They do not turn printers off on demand nor provide notification that a job has printed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You are setting up a cloud contract with a provider. Your team needs the ability to increase capacity without intervention from the provider. What do you request?

Rapid elasticity
On-demand self-service
Resource pooling
Measured service

A

B. The ability to expand services without provider intervention is called on-demand self-service. Rapid elasticity means you can quickly increase capacity, but it usually requires supplier intervention. Resource pooling is taking resources from multiple machines and making them available as one pool. Measured service is how many suppliers track usage and charge accordingly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of server is responsible for preventing users from accessing websites with objectionable content?

Proxy
Web
DHCP
DNS

A

A. A proxy server can be configured to block access to websites that contain potentially dangerous or inflammatory material. Web servers host web pages, some of which may have objectionable content. DHCP servers provide clients with IP addresses, and DNS servers resolve host names to IP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your company wants to move to a cloud provider to be able to scale resources quickly, but it is concerned about the security of confidential information. Which of the following types of cloud models might be the most appropriate for your company?

Public
Private
Community
Hybrid

A

D. A hybrid cloud provides the best of public and private clouds. You get the scalability and cost effectiveness of a public cloud but the security that you need for important files on the private portion of the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does a DHCP server need to be configured with to operate properly?

DNS server
Scope
Range
DHCP relay agent

A

B. Every DHCP server needs to have a scope, which is the range of addresses available to clients, as well as other options that it can give to client computers. A DHCP server can optionally provide clients with the address of a DNS server. There is no DHCP range. A DHCP relay agent is a system configured on a subnet with no DHCP server that relays DHCP requests to the DHCP server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have been asked to advise a group of several universities that want to combine research efforts and store data in the cloud. Which type of cloud solution might be best for them?

Public
Private
Community
Hybrid

A

C. When multiple organizations with similar objectives want to combine efforts in a cloud, the best choice is generally a community cloud. This allows for the flexibility and scalability normally found in a public cloud, but it also limits the number of users to a smaller, trusted group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When configuring a DNS server, administrators must create which of the following?

Zone file
Hosts file
Scope file
DNS proxy

A

A. DNS server records are contained in the zone file, which must be configured by administrators. A hosts file is an alternative to using DNS (but that does not work well when scaling to the Internet). A scope is created on DHCP servers. There is no DNS proxy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Your manager wants to use the cloud because everyone seems to be talking about it. What should you include when you are listing the benefits of using the cloud? (Choose all that apply.)

Increased security
Increased scalability
Lower cost
Improved reliability

A

B, C, D. Cloud solutions are great for enhancing scalability and reliability while generally lowering costs. The biggest issue with cloud computing is security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You are configuring two email servers on your company’s network. Which network protocol do the servers use to transfer mail to each other?

POP3
IMAP4
SNMP
SMTP

A

D. Simple Mail Transfer Protocol (SMTP) is used to transfer email between servers. POP3 and IMAP4 are used to download email. SNMP is Simple Network Management Protocol and not related to email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have been asked to configure a client-side virtualization solution with three guest OSs. Each one needs Internet access. How should you configure the solution in the most cost-effective way?

Three physical NICs
One physical NIC, three virtual NICs, and one virtual switch
One physical NIC, one virtual NIC, and three virtual switches
One physical NIC, three virtual NICs, and three virtual switches

A

B. Each virtual machine will use its own virtual NIC. The virtual NICs will communicate with a virtual switch managed by the hypervisor. The virtual switch will communicate with the physical NIC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which record type on a DNS server represents an IPv6 host?

A
MX
CNAME
AAAA

A

D. The AAAA (quad A) record is used to represent IPv6 hosts. IPv4 hosts need an A record. The CNAME record is used if one host has alias (multiple) names. MX is for a mail server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have been asked to install Linux in a VM on a Windows 10 client. The Windows 10 client needs 4 GB RAM, and Linux needs 2 GB RAM. How much RAM does the system need at a minimum?

4 GB
6 GB
8 GB
Unable to determine from the question

A

B. There needs to be enough RAM to support both OSs, so the answer is 6 GB. More is better, though!

17
Q

A computer using which of the following would be considered a legacy device? (Choose all that apply.)

A 386 processor
The IPX/SPX protocol
An application developed in 1983
Only 1 GB RAM

A

A, B, C. Legacy systems are ones that use older hardware, software, or network protocols that are not commonly used today. A system with only 1 GB RAM might be underpowered, but that in and of itself does not make it a legacy system.

18
Q

You have been asked to set up client-side virtualization on an office computer. The host OS is Windows 7, and there will be three Windows 7 guest OSs. Which of the following is true about the need for antivirus security?

The host OS needs an antivirus program, but virtual machines can’t be affected by viruses.
The host OS antivirus software will also protect the guest OSs on the VMs.
Installing antivirus software on the virtual switch will protect all guest OSs.
The host OS and each guest OS need their own antivirus software installed.

A

D. Each instance of the OS you are running requires its own security software.

19
Q

You have been asked by your manager to brief the group on security appliances. What is the difference between IDS and IPS?

IDS is active, whereas IPS is passive.
IDS is passive, whereas IPS is active.
IDS monitors internal network traffic, whereas IPS monitors traffic coming from the Internet.
IDS monitors traffic coming from the Internet, whereas IPS monitors internal network traffic.

A

B. IDS devices are passive. They will detect, log, and perhaps send an alert, but that’s it. An IPS can take active steps to shut down an attack if it detects one. Both devices will monitor internal network traffic as well as incoming traffic.

20
Q

You have been asked to set up client-side virtualization on a computer at work. The manager asks for a Type 2 hypervisor. What is the disadvantage of using that type of hypervisor?

The guest OS will compete for resources with the host OS.
The guest OS will be forced to a lower priortity with the CPU than the host OS.
The guest OS will be forced to use less RAM than the host OS.
The virtual guest OS will not be able to get on the physical network.

A

A. A Type 2 hypervisor sits on top of an existing OS, meaning that OSs installed in VMs will compete for resources with the host OS. The amount of resources available to a guest OS can be configured. Virtual OSs can get on the physical network if configured properly.